WO2017073448A1 - Mutual authentication device and mutual authentication method - Google Patents

Mutual authentication device and mutual authentication method Download PDF

Info

Publication number
WO2017073448A1
WO2017073448A1 PCT/JP2016/081085 JP2016081085W WO2017073448A1 WO 2017073448 A1 WO2017073448 A1 WO 2017073448A1 JP 2016081085 W JP2016081085 W JP 2016081085W WO 2017073448 A1 WO2017073448 A1 WO 2017073448A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
digital signal
authentication information
unit
analog signal
Prior art date
Application number
PCT/JP2016/081085
Other languages
French (fr)
Japanese (ja)
Inventor
史彦 赤羽
Original Assignee
日本電産サンキョー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電産サンキョー株式会社 filed Critical 日本電産サンキョー株式会社
Priority to CN201680063127.5A priority Critical patent/CN108351934A/en
Publication of WO2017073448A1 publication Critical patent/WO2017073448A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation

Definitions

  • the present invention relates to a mutual authentication device and a mutual authentication method, and more particularly to a mutual authentication device and a mutual authentication method for performing mutual authentication between a higher-level device and a lower-level device.
  • Such a card reader is configured to perform mutual authentication with a computer such as an ATM (Automated Teller Machine), which is a host device, in order to improve security.
  • a computer such as an ATM (Automated Teller Machine), which is a host device
  • Patent Document 1 as an example of such a card reader, in a mutual authentication system in which a higher-level device and a lower-level device mutually authenticate, even when the lower-level device has a plurality of subordinate devices, it is easy to construct a mutual authentication system A mutual authentication system and a mutual authentication method are described.
  • a control unit that controls the entire card reader, an encryption magnetic head that is a subordinate device arranged in the card reader, and a host device perform mutual authentication.
  • Patent Document 1 has a complicated configuration related to encryption / decryption. That is, unless a circuit having a complicated configuration is mounted, it is not possible to detect replacement with an unauthorized device.
  • An object of the present invention has been made in view of such a situation, and is to provide a mutual authentication device that can easily detect replacement with an unauthorized device even if the configuration is simplified.
  • the problem of the present invention has been made in view of such a situation, and by providing a mutual authentication method capable of easily detecting replacement with an unauthorized device even if the configuration is simplified. is there.
  • the mutual authentication apparatus performs mutual authentication between an A / D conversion unit that receives an analog signal having a continuous waveform in time series from another apparatus and converts it into a received digital signal, and the other apparatus.
  • Authentication information storage means for storing authentication information for authentication, and authentication for verifying the displacement pattern of the received digital signal converted by the A / D converter with the authentication information stored in the authentication information storage means
  • the authentication information includes a period for verifying the analog signal, a sampling period, and verification data for verifying the displacement pattern.
  • the mutual authentication apparatus of the present invention further includes an authentication information resetting unit that resets the authentication information at a specific timing, and the transmission digital signal creation unit is configured to reset the authentication information reset by the authentication information resetting unit.
  • the transmission digital signal is generated based on information, and the D / A converter converts the transmission digital signal corresponding to the reset authentication information generated by the transmission digital signal generation unit into an analog signal. And transmitting to the other apparatus.
  • the mutual authentication method of the present invention receives an analog signal that is a time-series continuous waveform from another device, converts it into a received digital signal, and performs authentication for mutual authentication with the other device. And the converted displacement pattern of the received digital signal is authenticated by comparing the stored authentication information, and if the authentication is successful, the transmission digital of the displacement pattern corresponding to the stored authentication information A signal is generated, the generated transmission digital signal is converted into an analog signal, and transmitted to the other device.
  • a mutual authentication device that easily converts an unauthorized device even if simplified by digitally converting an analog signal transmitted from another device and verifying the displacement pattern by collating them.
  • the analog signal transmitted from another device is digitally converted, and this displacement pattern is collated and authenticated, so that it is possible to easily detect a change to an unauthorized device even if simplified.
  • a method can be provided.
  • FIG. 1 is a block diagram showing a system configuration of a mutual authentication system X according to an embodiment of the present invention.
  • the mutual authentication system X is an ATM having a card issuing function.
  • Kiosk terminals In addition to this ATM, Kiosk terminals, transportation ticket issuing systems, point card issuing systems such as convenience stores, member card issuing systems for retail stores, card issuing / payment systems for gaming machines, entrance / exit management It may be a system or the like.
  • the mutual authentication system X includes a card 3 for reading and writing, a writing card reader 1 (mutual authentication device), and a host device 2.
  • the card reader 1 is a motor reader type card reader / writer device.
  • the card reader 1 is connected to the host device 2 and executes various processes according to commands from the host device 2. Examples of the card reader include a magnetic card reader, a contact type IC card reader, and a non-contact type IC card reader. The detailed configuration of the card reader 1 will be described later.
  • the host device 2 is an embedded PC for ATM or the like.
  • the host device 2 includes a control unit, a storage unit, various interfaces, and the like, and controls the card reader 1.
  • the card 3 is a contact type or non-contact type IC card and / or a magnetic card.
  • the card 3 is a plastic card such as rectangular vinyl chloride having a thickness of about 0.7 to 0.8 mm.
  • an integrated circuit chip (IC chip) is embedded in the plastic substrate of the card 3 and an IC terminal is disposed on the surface.
  • an IC chip and an antenna coil are embedded in the plastic substrate.
  • a magnetic card a magnetic stripe for recording magnetic data is formed on the surface.
  • the card may be a PET (polyethylene terephthalate) card having a thickness of about 0.18 to 0.36 mm, a paper card having a predetermined thickness, or the like.
  • the card stores information such as user information and money value information.
  • the mutual authentication system X is a scanner that reads photos and characters on the card surface, a crusher that crushes the collected card, a card collection and return module that collects the card, and prints on the card surface.
  • a card printer or the like may be provided.
  • FIG. 1 the system configuration related to mutual authentication of the card reader 1 and the host device 2 is described with particular attention.
  • the card reader 1 and the host device 2 can execute the same mutual authentication process. Therefore, in the following, the configuration related to mutual authentication of the card reader 1 will be described with particular attention.
  • the card reader 1 includes a control unit 10, an A / D conversion unit 20, a storage unit 30 (authentication information storage unit), a D / A conversion unit 40, and an interface unit 50.
  • the control unit 10 is a control calculation means such as a CPU (Central Processing Unit).
  • the control unit 10 controls reading and writing of information on the card 3.
  • the card reader 1 can also encrypt and decrypt information read or written by the card 3.
  • the A / D converter 20 receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal that is a digital signal that can be handled by the controller 10 or the like. For this reason, the A / D conversion unit 20 is connected to the D / A conversion unit 41 of the host device 2 by a dedicated wiring or the like.
  • the analog signal input by the A / D conversion unit 20 is expressed by, for example, a continuous and temporal voltage change. In addition, a specific bias or the like is applied to this voltage. For example, if the number of quantization bits is 8 bits, the minimum value is 0 to the maximum value 255, and if it is 16 bits, the minimum value is 0 to the maximum value 65535.
  • the A / D conversion unit 20 acquires the received digital signal at a sampling frequency of 11 kHz to 48 kHz, for example.
  • the A / D converter 20 may store the received digital signal in a buffer or the like of the storage unit 30 using DMA (Direct Memory Access) or the like.
  • the storage unit 30 is a non-temporary recording medium such as a RAM (Random Access Memory), a ROM (Read Only Memory), or a flash memory.
  • the storage unit 30 controls the entire card reader 1, communicates with the host device 2, and displays a control program for executing various processes, an OS (Operating System), temporary data of each process, and various states. Stores status information, setting information indicating various settings, and the like.
  • the D / A converter 40 converts a digital signal into an analog signal according to an instruction from the controller.
  • the D / A conversion unit 40 is connected to the A / D conversion unit 21 of the host device 2 by a dedicated wiring or the like.
  • the interface unit 50 includes various interface circuits and physical layers for connecting to communication lines such as USB (Universal Serial Bus), RS-232C, and LAN (Local Area Network).
  • the interface unit 50 transmits and receives various kinds of information to and from the host device 2 via a communication line.
  • the various information includes various commands including an authentication start trigger and an authentication information reset trigger described later.
  • Each unit including the A / D conversion unit 20 and the D / A conversion unit 41 may be configured as a System On Chip or the like built in the control unit 10.
  • the card reader 1 conveys the card 3, a sensor of a mechanical type, an optical type, a magnetic type or the like that detects insertion of the card 3 or a position in the conveyance path, a sensor circuit that acquires this state, and the like.
  • a transport mechanism including a motor, a roller and the like, a motor circuit for driving the transport mechanism, a magnetic head for reading information on the card 3 inserted in the transport path, and writing information on the card,
  • a Read / Write circuit and a demodulation circuit for controlling the magnetic head are included.
  • the control unit 10 includes an authentication processing unit 100, a transmission digital signal creation unit 110, and an authentication information resetting unit 120 as functional configurations. These functional units can be realized by the control unit 10 expanding and executing the OS and the control program stored in the storage unit 30. Moreover, the control part 10 becomes a hardware resource for implement
  • the authentication processing unit 100 stores in the storage unit 30 a displacement pattern of a digital signal (hereinafter referred to as “received digital signal”) obtained by converting the analog signal received from the host device 2 or the like by the A / D conversion unit 20.
  • the authentication information 300 thus verified is verified.
  • the authentication processing unit 100 collates the displacement pattern of the received digital signal with the displacement pattern corresponding to the authentication information 300, and determines that the authentication is successful if the displacement pattern matches. Judge as failure.
  • the transmission digital signal creation unit 110 creates a digital signal (hereinafter referred to as “transmission digital signal”) to be transmitted to the higher-level device 2 and the like based on the displacement pattern corresponding to the authentication information 300 stored in the storage unit 30. .
  • the transmission digital signal creation unit 110 may process the transmission digital signal by specific conversion including inversion of the signal when creating the transmission digital signal.
  • the transmission digital signal creation unit 110 starts authentication in response to the authentication start trigger from the higher-level device 2.
  • This authentication start trigger is a command indicating the start of authentication.
  • the transmission digital signal creation unit 110 creates a transmission digital signal corresponding to the displacement pattern corresponding to the authentication information 300 when the host device 2 is requested to authenticate.
  • the authentication information resetting unit 120 resets the authentication information 300 in the storage unit 30 at a specific timing. This specific timing is when the time specified by the standard has elapsed for the card reader 1, when a situation such as repair or replacement occurs due to damage or failure, or when a specific instruction from the user is received. .
  • the authentication information resetting unit 120 resets the period, the sampling period, and the verification data for verifying the analog signal of the authentication information resetting unit 120 using a random number generator or the like.
  • the authentication information resetting unit 120 transmits an authentication information resetting trigger to the higher-level device 2.
  • the authentication information reset trigger is a command indicating resetting of the authentication information 300 and / or the authentication information 301.
  • the authentication information resetting unit 120 causes the transmission digital signal creation unit 110 to create a transmission digital signal based on the reset authentication information 300.
  • the authentication information resetting unit 120 converts the transmission digital signal corresponding to the reset authentication information 300 into an analog signal by the D / A conversion unit 40 and transmits the analog signal to the host device 2.
  • the host device 2 can also create authentication information 301 corresponding to the reset authentication information 300 and store it in the storage unit 31.
  • the authentication information 300 includes, for example, a period during which an analog signal transmitted from the host device 2 is collated, a sampling cycle, and collation data.
  • the period for verifying the analog signal is information indicating how long the analog signal is received from the time of transmission of the host device 2 of the authentication start trigger. .
  • This time can be set in units of several microseconds to several seconds.
  • This verification time includes “delay” which is the time from the authentication start trigger until the analog signal is actually started to be transmitted.
  • the verification time may include a time during which an analog signal is actually output. When the time when the analog signal is actually output and the verification time are different, the analog signal is output for a time longer or shorter than the verification period.
  • the sampling period is a value indicating a period for acquiring time series data from the received digital signal. That is, the value corresponds to the period of acquisition (monitoring) for comparison of analog signals. For example, a period longer than the actual sampling frequency when the analog signal is converted into a received digital signal by the A / D converter 20 can be designated as the sampling period.
  • This sampling cycle can be changed by designation from the host device 2.
  • the structure which uses an irregular period according to a specific numerical sequence etc. may be sufficient instead of a fixed space
  • the collation data is data such as an array (matrix, array) for collating the time-division displacement pattern of the analog signal received from the host device 2.
  • the verification data is configured, for example, as displacement pattern data of time-series data acquired at the above-described sampling period within the verification period from the received digital signal. It is also possible to retain the received digital signal acquired from the previous host device 2 as the verification data as it is.
  • the transmission digital signal creation unit 111 of the host device 2 is configured to create transmission digital data in which time series data is embedded in random digital waveform data, for example, every time authentication is started. With this configuration, it is possible to compare whether or not the received digital signal of the card reader 1 is the same as the previously received digital signal, and to detect the presence or absence of hacking.
  • the authentication information 300 may include information on the number of quantization bits of the A / D conversion unit 20, information on an allowable range of quantization errors, and the like.
  • the host device 2 includes a control unit 11 similar to the control unit 10 of the card reader 1, an A / D conversion unit 21 similar to the A / D conversion unit 20, and a storage unit 30 in the mutual authentication process and configuration of the present embodiment.
  • a similar storage unit 31, a D / A conversion unit 41 similar to the D / A conversion unit 40, and an interface unit 51 similar to the interface unit 50 are included.
  • the control unit 11 of the host device 2 includes an authentication processing unit 101 similar to the authentication processing unit 100 related to the functional configuration of the control unit 10 of the card reader 1, a transmission digital signal generation unit 111 similar to the transmission digital signal generation unit 110, and An authentication information resetting unit 121 similar to the authentication information resetting unit 120 is included.
  • the storage unit 31 of the host device 2 includes authentication information 301 corresponding to the authentication information stored in the storage unit 30 of the card reader 1.
  • the host device 2 is another device and the card reader 1 is its own device, but conversely even if the host device 2 is its own device and the card reader 1 is another device. Good.
  • FIG. 2 is a flowchart of the mutual authentication process according to the embodiment of the present invention.
  • FIG. 3 is a conceptual diagram showing a specific example of the mutual authentication process shown in FIG.
  • the mutual authentication system X according to the mutual authentication process of the present embodiment includes the host device 2 and the card reader 1 as the lower device, and outputs analog signals from the card reader 1 and analogs of the card reader 1. A signal input or an analog signal output from the host device 2 and an analog signal input of the card reader 1 are connected. For this reason, the card reader 1 which is the lower device accepts the authentication by the authentication start trigger from the higher device 2.
  • the output side converts the transmission digital signal into an analog signal via the D / A converters 40 and 41 and outputs the analog signal
  • the input side converts the analog amount into the reception digital via the A / D converters 20 and 21. replace.
  • the output side and the input side mutually input and output analog signals that are displaced with time. That is, the output side and the input side authenticate each other using an analog signal as a medium. Therefore, the authentication information 300 and 301 are stored in common, the analog signal is converted into a digital signal, the mutual displacement patterns are collated (compared), and the authenticity between the host device 2 and the card reader 1 is confirmed. meet.
  • the time (period) for outputting the analog signal is a specific time.
  • control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
  • Step S201 The authentication information resetting unit 121 of the higher-level device 2 performs an authentication start trigger process.
  • the authentication information resetting unit 121 transmits an authentication start trigger to the card reader 1 via the interface unit 51 (timing T201).
  • Step S202 The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process.
  • the transmission digital signal creation unit 111 creates a transmission digital signal having a displacement pattern based on the authentication information 301 and transmits it from the D / A conversion unit 41 to the card reader 1 (timing T202).
  • the transmission digital signal creation unit 111 creates random but continuous digital waveform data as an example of the transmission digital signal, and then refers to the authentication information 301.
  • the time-series data of the sampling period s of the verification period L is embedded in this digital waveform data.
  • the data at the sampling period s is data used for verification by the card reader 1.
  • the transmission digital signal creation unit 111 creates a transmission digital signal having a length corresponding to the output time of the analog signal. That is, the transmission digital signal creation unit 111 may create a transmission digital signal that is output longer than the verification period L, as shown in FIG. Further, the transmission digital signal creation unit 111 may not create all the transmission digital signals at once, but may sequentially create them and perform D / A conversion for transmission.
  • Step S101 The A / D converter 20 of the card reader 1 performs an analog signal reception process.
  • the A / D converter 20 receives an analog signal from the host device 2 and performs A / D conversion into a received digital signal.
  • Step S102 The authentication processing unit 100 of the card reader 1 performs an authentication process.
  • the authentication processing unit 100 performs authentication by collating the displacement pattern of the received digital signal converted by the A / D conversion unit 20 with the authentication information 300 stored in the storage unit 30.
  • the authentication processing unit 100 acquires and collates data with a sampling period s after the delay d during the collation period L in the received digital signal.
  • the authentication processing unit 100 determines that the displacement angle or the like (displacement pattern) of the data acquired at the sampling period s is within a specific error range from the verification data in the authentication information 300. Collation is performed based on whether or not they are the same. By collating with the data displacement pattern in this way, errors due to level fluctuations, noise, and the like can be suppressed. Further, the authentication processing unit 100 can compare whether the received digital signal is exactly the same as the previously received digital signal with reference to the buffer of the storage unit 30.
  • Step S103 The authentication processing unit 100 of the card reader 1 determines whether the authentication is successful. If the displacement pattern is the same within a specific error range, the authentication processing unit 100 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 100 advances a process to step S104. On the other hand, when the displacement pattern does not match within a specific error range, the authentication processing unit 100 determines No as an unauthorized device. In No, the authentication process part 100 advances a process to step S107. As a result, authentication is not performed by a method in which an analog signal is recorded and reproduced by a digital recorder or the like, and security can be improved. If the received digital signal is the same as the previously received digital signal, the authentication processing unit 100 may determine No as abnormal data because it is an abnormal data.
  • Step S104 When authentication is successful (in the case of Yes), the transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing.
  • the transmission digital signal creation unit 110 creates, for example, a signal obtained by inverting the reception digital signal as a transmission digital signal as a displacement pattern corresponding to the authentication information 300.
  • the transmission digital signal creation unit 110 can generate a signal obtained by inverting the reception digital signal as it is.
  • the transmission digital signal generation unit 110 may generate random but continuous digital waveform data and embed data obtained by inverting the time-series data of the sampling period s of the verification period L of the authentication information 301. .
  • Step S105 The D / A converter 40 of the card reader 1 performs an analog signal return process.
  • the D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits it to the host device 2 (timing T101).
  • Step S106 The authentication processing unit 100 of the card reader 1 performs normal operation start processing. Since the authentication is successful, the authentication processing unit 100 starts normal operation of the card reader 1. Thereby, reading / writing of the card
  • Step S107 If the authentication fails (No), the authentication processing unit 100 of the card reader 1 performs an operation stop process.
  • the authentication processing unit 100 puts the card reader 1 in a stopped state or the like, assuming that it is an abnormal signal. Thereby, the process for the card reader 1 of the mutual authentication process is completed. At this time, the card 3 may be stored in the card reader 1. Further, the authentication processing unit 100 may store information indicating that it has been stopped in the storage unit 30 as a log (not shown).
  • the host device 2 receives the transmitted return analog signal in step S105 of the card reader 1 (timing T101).
  • Step S203 The A / D converter 21 performs a return analog signal reception process.
  • the A / D converter 21 receives an analog signal output from the D / A converter 40 of the card reader 1 for a specific time, regardless of whether the authentication is successful or unsuccessful, and converts it into a received digital signal.
  • Step S204 The authentication processing unit 101 of the higher-level device 2 performs an authentication result verification process.
  • the authentication processing unit 101 converts the amplitude of the received digital signal converted by the A / D conversion unit 21 by inverting it. Then, the authentication processing unit 101 performs authentication by comparing with the authentication information 301 in the storage unit 31 in the same manner as the authentication processing in step S102 of the card reader 1 described above.
  • Step S205 The authentication processing unit 101 of the host device 2 determines whether the authentication result is normal. If the displacement patterns collated using the authentication information 301 are the same within a specific error range, the authentication processing unit 101 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 101 complete
  • Step S206 If the authentication fails (No), the authentication processing unit 101 performs an operation stop process.
  • the authentication processing unit 101 notifies an error with a display unit, an LED, or the like (not shown) of the host device 2 and stops the operation. Thereby, the process of the upper level apparatus 2 of the mutual authentication process is completed. At this time, the fact that the authentication result is abnormal may be recorded in a log (not shown) of the storage unit 31. Thus, the mutual authentication process according to the embodiment of the present invention is completed.
  • FIG. 4 is a flowchart of authentication information resetting processing according to the embodiment of the present invention.
  • the authentication information 300 of the card reader 1 and / or the authentication information 301 of the host device 2 according to the embodiment of the present invention is set at the time of factory shipment or the like. For this reason, normally, the initial verification information 300 and 301 verification period, sampling cycle, and verification data displacement pattern are adjusted to match at the time of shipment. However, it may be necessary to update these at a specific timing.
  • the authentication information resetting unit 121 of the host device 2 resets the authentication information 301, and at that time, the authentication information reset trigger and a part of the reset authentication information 301 are transferred to the card reader 1.
  • the transmission digital signal of the authentication information 301 that has been transmitted and reset is D / A converted by the creation D / A conversion unit 41 and transmitted to the card reader 1. This is received by the card reader 1, the time and analog amount displacement are recorded, and the authentication information 300 is updated.
  • control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
  • the authentication information resetting unit 121 of the host device 2 performs an authentication information resetting trigger process. 121 updates the authentication information 301 in the storage unit 30 and transmits an authentication information reset trigger (timing T211). In this process, when the above-mentioned specific timing is reached, a user such as an administrator such as ATM performs a switch or button operation on an input unit (not shown) of the host device 2 or a timer (not shown). Etc.) is transmitted. The authentication information resetting unit 121 receives these and updates the authentication information 301 in the storage unit 30.
  • the authentication information resetting unit 121 creates verification data for the authentication information 301 using a random number generator or the like. Further, the authentication information resetting unit 121 can update the verification period and the sampling cycle of the authentication information 301 with a random number generator or the like. For example, according to the example of FIG. 3A, the authentication information resetting unit 121 can also reset the delay d, the verification period L, the sampling period s, and the like related to the authentication information 301.
  • the authentication information resetting unit 121 transmits an authentication information resetting trigger to the card reader 1 via the interface unit 51 after resetting the authentication information 301. At this time, the authentication information resetting unit 121 may transmit a verification period including the reset delay, a sampling period, and the like from the interface unit 51. Encryption or the like may be used for these transmissions.
  • Step S212 The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process.
  • the transmission digital signal creation unit 111 creates a transmission digital signal based on the authentication information 301, converts it into an analog signal by the D / A conversion unit 41, and transmits it to the card reader 1 (timing T212). This process is performed in the same manner as step S202 in FIG.
  • Step S111 The A / D converter 20 of the card reader 1 performs an analog signal reception process. This process is performed in the same manner as step S101 in FIG.
  • the authentication information resetting unit 120 of the card reader 1 performs authentication information storage processing.
  • the authentication information resetting unit 120 creates updated authentication information 300 based on the received authentication information reset trigger and the received digital signal converted by the A / D conversion unit 20 and stores the updated authentication information 300 in the storage unit 30.
  • the authentication information resetting unit 120 may store the verification period including the reset delay, the sampling period, and the like as a part of the updated authentication information 300.
  • Step S113 The transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing.
  • the transmission digital signal creation unit 110 creates a transmission digital signal for returning the updated authentication information 300. This process is also performed in the same manner as step S104 in FIG.
  • Step S114 The D / A converter 40 of the card reader 1 performs an analog signal return process.
  • the D / A conversion unit 40 converts the transmission digital signal into an analog signal and transmits the analog signal to the host device 2 (timing T111). This process is also the same as step S105 in FIG.
  • the host device 2 receives the transmitted return analog signal in step S114 of the card reader 1 (timing T111).
  • Step S213 The A / D converter 21 performs a return analog signal reception process.
  • the A / D conversion unit 21 acquires an analog signal output from the D / A conversion unit 40 of the card reader 1 for a specific time, and converts it into a received digital signal.
  • Step S214 The authentication information resetting unit 120 performs reply authentication information storage processing.
  • the authentication information resetting unit 120 acquires the received digital signal and stores it in a buffer (not shown) of the storage unit 31.
  • the authentication information resetting unit 120 may verify whether the received digital signal is abnormal data as in the authentication result verification process in step S204 of FIG. Thus, the authentication information resetting process according to the embodiment of the present invention is completed.
  • the card reader 1 may reset the authentication information 300 and transmit it to the host device 2 to perform the same processing.
  • the card reader 1 receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal, and the host device 2.
  • a D / A conversion unit 40 that converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits the analog signal to the host device 2 is provided.
  • the host device 2 receives an analog signal having a continuous waveform in time series from the card reader 1 and converts it into a received digital signal, and a card reader.
  • a storage unit 31 that stores authentication information 301 for mutual authentication with the authentication unit 1, and an authentication information 301 that stores a displacement pattern of the received digital signal converted by the A / D conversion unit 21 in the storage unit 31.
  • An authentication processing unit 101 that verifies and authenticates and a transmission digital signal generation unit 111 that generates a transmission digital signal of a displacement pattern corresponding to the authentication information 301 stored in the storage unit 31 when the authentication processing unit 101 succeeds in authentication.
  • a D / A conversion unit 41 that converts the transmission digital signal created by the transmission digital signal creation unit 111 into an analog signal and transmits the analog signal to the card reader 1.
  • the input side compares the stored displacement pattern of the analog signal with the displacement pattern of the received analog signal. It is determined that the device is normal. If they do not match, it is determined that the device is abnormal. With this configuration, even if the configuration is simplified, it is possible to easily detect replacement with an unauthorized device. That is, it is possible to reliably determine whether the relationship between the host device 2 and the card reader 1 is a correct combination while having a simple configuration as compared with the technique described in the conventional patent document 1, and the replacement with an unauthorized device is possible. Can be detected.
  • the card reader 1 and the host device 2 of the present embodiment have a simplified configuration, it is possible to reduce the manufacturing cost by reducing the scale of the circuit related to mutual authentication.
  • cost can be reduced. That is, the mutual authentication function can be realized with the minimum necessary hardware.
  • the card reader 1 and the host device 2 of the present embodiment do not use digital encryption or the like that is restricted for reasons such as defense or confidentiality. This eliminates the need for export procedures and reduces costs.
  • a complete digital is obtained by attaching a measuring instrument or the like to the communication unit of the upper device and the lower device and monitoring. It is possible to acquire a signal. In the case of such a digital signal, there is a possibility that the encryption key may be deciphered by detailed analysis of the monitor, and there is no security risk.
  • the analog signals of the card reader 1 and the host device 2 of this embodiment do not include a digital encryption key or the like even if the analog signals themselves are acquired, security risks can be reduced.
  • an authentication method using a conventional analog signal there has been an authentication method in which an image such as a sound waveform or a fingerprint is acquired and converted into data. These are characterized by the image itself such as the waveform of the user's voice and the fingerprint that needs to be authenticated.
  • it is necessary to select a location that is a feature of the authentication method in the card reader 1 and the host device 2 of the present embodiment, a general waveform can be used, and even if it is stolen, there is no problem. Further, it is not necessary to select a location that is a specific feature.
  • the authentication information 300 of the card reader 1 and the authentication information 301 of the host device 2 include a period for collating analog signals, a sampling cycle, and collation data for collating displacement patterns. It is characterized by.
  • noise and the like are of a certain degree even if the A / D conversion and D / A conversion accuracy of the host device and the lower device are not high. Even if it is mixed only, it is possible to reliably collate the received digital signal after A / D conversion and the displacement pattern of the authentication information. For this reason, it is possible to deal with combinations of products that require a certain level of security, and it is also possible to apply to combinations of products that do not require a high level of security. Further, the present invention can be applied to products that are low in cost and do not have high accuracy in A / D conversion and D / A conversion.
  • the card reader 1 of the present embodiment includes an authentication information resetting unit 120 that resets the authentication information 300 at a specific timing, and the transmission digital signal creation unit is an authentication reset by the authentication information resetting unit 120.
  • the transmission digital signal is created from the information 300, and the D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit and corresponding to the reset authentication information 300 into an analog signal and converts it to an upper level. It transmits to the apparatus 2, It is characterized by the above-mentioned.
  • the host device 2 of this embodiment includes an authentication information resetting unit 121 that resets the authentication information 301 at a specific timing, and the transmission digital signal creation unit is reset by the authentication information resetting unit 121.
  • the D / A converter 41 converts the transmission digital signal corresponding to the reset authentication information 301 generated by the transmission digital signal generator into an analog signal.
  • the present invention can be similarly used for an apparatus that reads or writes information on another information medium that handles monetary value information.
  • the present invention can be applied to a device that reads or writes magnetic information with respect to a passbook in which a magnetic stripe is formed. With this configuration, it is possible to easily perform mutual authentication for an apparatus that performs processing on an information medium.
  • the waveform of the analog signal is collated by the displacement angle or the like (displacement pattern) has been described.
  • a configuration is also possible in which the waveform of the received digital signal itself is compared with the waveform of the received digital signal received previously.
  • the auto-correlation and the like are calculated using the received digital signal obtained by previously acquiring the waveform of the received digital signal obtained by A / D converting the analog signal from the host device 2 and stored in the buffer as the authentication information 300. Compare. With this configuration, the configuration can be simplified and mounting becomes easy.
  • the example is described in which the host device 2 and the card reader 1 include the A / D conversion units 20 and 21 and the D / A conversion units 40 and 41, respectively.
  • a combination in which the output side / input side is fixed as in the upper apparatus / lower apparatus may be used. That is, the host device 2 includes the D / A conversion unit 41 and does not include the A / D conversion unit 21, and the card reader 1 includes the A / D conversion unit 20 and does not include the D / A conversion unit 40, or The host device 2 includes the A / D converter 21 and does not include the D / A converter 41, and the card reader 1 includes the D / A converter 40 and does not include the A / D converter 20. May be.
  • two of the A / D converters 20 and 21 and the D / A converters 40 and 41 can be reduced, and the cost can be reduced.
  • the authentication information resetting process can be configured to be performed only at the time of factory shipment. Thereby, security can be improved. That is, in order to further improve security, it is possible to make it impossible to reset the authentication information 300 and 301 at the installation location.
  • an authentication start trigger and an authentication information reset trigger may be transmitted by outputting a specific burst signal or the like from the D / A converters 40 and 41.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

The present patent application provides a mutual authentication device capable of easily detecting a replacement with an unauthorized device even when the configuration of the mutual authentication device is simplified. For example, an A/D conversion part 20 of a card reader 1 receives an analog signal, that is, a time-series continuous waveform, from a host device 2 and converts the analog signal into a digital signal. A storage unit 30 stores authentication information 300 to be used for mutual authentication with the host device 2. An authentication processing part 100 authenticates a displacement pattern of the received digital signal, which has been converted by the A/D conversion part 20, against the authentication information 300 stored in the storage unit 30. When the authentication by the authentication processing part 100 is successful, a transmission digital signal generation part 110 generates a transmission digital signal having a displacement pattern corresponding to the authentication information 300 stored in the storage unit 30. A D/A conversion part 40 converts the transmission digital signal generated by the transmission digital signal generation part 110 into an analog signal and transmits the analog signal to the host device 2.

Description

相互認証装置及び相互認証方法Mutual authentication device and mutual authentication method
 本発明は、相互認証装置及び相互認証方法に係り、特に上位装置と下位装置との間で相互認証を行う相互認証装置及び相互認証方法に関する。 The present invention relates to a mutual authentication device and a mutual authentication method, and more particularly to a mutual authentication device and a mutual authentication method for performing mutual authentication between a higher-level device and a lower-level device.
 従来から、情報が記録されたカード状媒体等(情報媒体)に対して、情報の読み出し又は書き込みを行うカードリーダ等(相互認証装置)が存在する。 2. Description of the Related Art Conventionally, there are card readers (mutual authentication devices) that read or write information on a card-like medium (information medium) on which information is recorded.
 このようなカードリーダは、セキュリティ性を高めるため、上位装置であるATM(Automated Teller Machine)等のコンピュータとの間で、相互認証を行うように構成されている。たとえば、特許文献1に、このようなカードリーダの一例として、上位装置と下位装置が相互に認証を行う相互認証システムにおいて、下位装置が複数の従属デバイスを有する場合でも、相互認証システム構築が容易な相互認証システム及び相互認証方法が記載されている。特許文献1の技術では、カードリーダ全体を制御する制御部と、カードリーダ内に配置された従属デバイスである暗号磁気ヘッドと、上位装置とがそれぞれ相互認証を行っている。 Such a card reader is configured to perform mutual authentication with a computer such as an ATM (Automated Teller Machine), which is a host device, in order to improve security. For example, in Patent Document 1, as an example of such a card reader, in a mutual authentication system in which a higher-level device and a lower-level device mutually authenticate, even when the lower-level device has a plurality of subordinate devices, it is easy to construct a mutual authentication system A mutual authentication system and a mutual authentication method are described. In the technique of Patent Document 1, a control unit that controls the entire card reader, an encryption magnetic head that is a subordinate device arranged in the card reader, and a host device perform mutual authentication.
特開2013-109554号公報JP 2013-109554 A
 しかしながら、特許文献1に記載されたカードリーダは、暗号化復号化に係る構成が複雑であった。すなわち、複雑な構成の回路等を実装しないと不正な装置へのすり替えを検出することができなかった。 However, the card reader described in Patent Document 1 has a complicated configuration related to encryption / decryption. That is, unless a circuit having a complicated configuration is mounted, it is not possible to detect replacement with an unauthorized device.
 本発明の課題は、このような状況に鑑みてなされたものであり、構成を簡易化しても不正な装置へのすり替えを容易に検出することが可能な相互認証装置を提供することである。また、本発明の課題は、このような状況に鑑みてなされたものであり、構成を簡易化しても不正な装置へのすり替えを容易に検出することが可能な相互認証方法を提供することである。 An object of the present invention has been made in view of such a situation, and is to provide a mutual authentication device that can easily detect replacement with an unauthorized device even if the configuration is simplified. In addition, the problem of the present invention has been made in view of such a situation, and by providing a mutual authentication method capable of easily detecting replacement with an unauthorized device even if the configuration is simplified. is there.
 本発明の相互認証装置は、時系列的に連続した波形であるアナログ信号を他装置から受信し、受信デジタル信号に変換するA/D変換部と、前記他装置との間で相互認証を行うための認証情報を記憶する認証情報記憶手段と、前記A/D変換部で変換された前記受信デジタル信号の変位パターンを前記認証情報記憶手段に記憶された前記認証情報と照合して認証する認証処理部と、前記認証処理部で認証が成功した場合、前記認証情報記憶手段に記憶された前記認証情報に対応する変位パターンの送信デジタル信号を作成する送信デジタル信号作成部と、前記送信デジタル信号作成部により作成された前記送信デジタル信号をアナログ信号に変換し、前記他装置に送信するD/A変換部とを備えることを特徴とする。このように構成することで、簡易化した構成であっても不正な装置へのすり替えを容易に検出することができる。 The mutual authentication apparatus according to the present invention performs mutual authentication between an A / D conversion unit that receives an analog signal having a continuous waveform in time series from another apparatus and converts it into a received digital signal, and the other apparatus. Authentication information storage means for storing authentication information for authentication, and authentication for verifying the displacement pattern of the received digital signal converted by the A / D converter with the authentication information stored in the authentication information storage means A processor, a transmission digital signal generator for generating a transmission digital signal of a displacement pattern corresponding to the authentication information stored in the authentication information storage means when authentication is successful in the authentication processor, and the transmission digital signal A D / A converter that converts the transmission digital signal created by the creation unit into an analog signal and transmits the analog signal to the other device. With this configuration, even if the configuration is simplified, it is possible to easily detect replacement with an unauthorized device.
 また、本発明の相互認証装置は、前記認証情報は、前記アナログ信号を照合する期間並びにサンプリング周期、及び前記変位パターンを照合するための照合用データを含むことを特徴とする。このように構成することで、アナログ信号を受信し、認証情報の変位パターンを確実に照合することができる。 In the mutual authentication device of the present invention, the authentication information includes a period for verifying the analog signal, a sampling period, and verification data for verifying the displacement pattern. By comprising in this way, an analog signal can be received and the displacement pattern of authentication information can be collated reliably.
 また、本発明の相互認証装置は、特定のタイミングで前記認証情報を再設定する認証情報再設定部を備え、前記送信デジタル信号作成部は、前記認証情報再設定部により再設定された前記認証情報により前記送信デジタル信号を作成し、前記D/A変換部は、前記送信デジタル信号作成部により作成された、再設定された前記認証情報に対応する前記送信デジタル信号を、アナログ信号に変換して前記他装置に送信することを特徴とする。このように構成することで、事故や故障やユーザの指示等で認証情報を再設定することができる。 The mutual authentication apparatus of the present invention further includes an authentication information resetting unit that resets the authentication information at a specific timing, and the transmission digital signal creation unit is configured to reset the authentication information reset by the authentication information resetting unit. The transmission digital signal is generated based on information, and the D / A converter converts the transmission digital signal corresponding to the reset authentication information generated by the transmission digital signal generation unit into an analog signal. And transmitting to the other apparatus. With this configuration, authentication information can be reset according to an accident, failure, user instruction, or the like.
 また、本発明の相互認証方法は、時系列的に連続した波形であるアナログ信号を他装置から受信し、受信デジタル信号に変換し、前記他装置との間で相互認証を行うための認証情報を記憶し、変換された前記受信デジタル信号の変位パターンと、記憶された前記認証情報とを照合して認証し、認証が成功した場合、記憶された前記認証情報に対応する変位パターンの送信デジタル信号を作成し、作成された前記送信デジタル信号をアナログ信号に変換し、前記他装置に送信することを特徴とする。このように構成することで、簡易化した構成であっても不正な装置へのすり替えを容易に検出することができる。 In addition, the mutual authentication method of the present invention receives an analog signal that is a time-series continuous waveform from another device, converts it into a received digital signal, and performs authentication for mutual authentication with the other device. And the converted displacement pattern of the received digital signal is authenticated by comparing the stored authentication information, and if the authentication is successful, the transmission digital of the displacement pattern corresponding to the stored authentication information A signal is generated, the generated transmission digital signal is converted into an analog signal, and transmitted to the other device. With this configuration, even if the configuration is simplified, it is possible to easily detect replacement with an unauthorized device.
 本発明によれば、他装置から送信されたアナログ信号をデジタル変換し、この変位パターンを照合して認証することで、簡易化しても不正な装置へのすり替えを容易に検出する相互認証装置を提供することができる。また、本発明によれば、他装置から送信されたアナログ信号をデジタル変換し、この変位パターンを照合して認証することで、簡易化しても不正な装置へのすり替えを容易に検出する相互認証方法を提供することができる。 According to the present invention, there is provided a mutual authentication device that easily converts an unauthorized device even if simplified by digitally converting an analog signal transmitted from another device and verifying the displacement pattern by collating them. Can be provided. In addition, according to the present invention, the analog signal transmitted from another device is digitally converted, and this displacement pattern is collated and authenticated, so that it is possible to easily detect a change to an unauthorized device even if simplified. A method can be provided.
本発明の実施の形態に係る相互認証システムのシステム構成を示すブロック図である。It is a block diagram which shows the system configuration | structure of the mutual authentication system which concerns on embodiment of this invention. 本発明の実施の形態に係る相互認証処理のフローチャートである。It is a flowchart of the mutual authentication process which concerns on embodiment of this invention. 図2に示す相互認証処理の具体例を示す概念図である。It is a conceptual diagram which shows the specific example of the mutual authentication process shown in FIG. 本発明の実施の形態に係る認証情報再設定処理のフローチャートである。It is a flowchart of the authentication information reset process which concerns on embodiment of this invention.
<実施の形態>
〔相互認証システムXの構成〕
 図1は、本発明の実施の形態に係る相互認証システムXのシステム構成を示すブロック図である。
 相互認証システムXは、本実施形態においては、カード発行機能を備えたATMである。なお、このATM以外に、キオスク(Kiosk)の端末、交通機関のチケット発行システム、コンビニエンスストア等のポイントカード発行システム、小売店のメンバーカード発行システム、遊技機のカード発行/支払システム、入退場管理システム等であってもよい。 <Embodiment>
[Configuration of mutual authentication system X]
FIG. 1 is a block diagram showing a system configuration of a mutual authentication system X according to an embodiment of the present invention.
In the present embodiment, the mutual authentication system X is an ATM having a card issuing function. In addition to this ATM, Kiosk terminals, transportation ticket issuing systems, point card issuing systems such as convenience stores, member card issuing systems for retail stores, card issuing / payment systems for gaming machines, entrance / exit management It may be a system or the like.
 相互認証システムXは、カード3を読み出し、書き込みカードリーダ1(相互認証装置)と、上位装置2とを備えている。 The mutual authentication system X includes a card 3 for reading and writing, a writing card reader 1 (mutual authentication device), and a host device 2.
 カードリーダ1は、モータ搬送式等のカードリーダ/ライタ装置である。カードリーダ1は、上位装置2に接続され、上位装置2からの指令により各種処理を実行する。このカードリーダとしては、磁気カードリーダ、接触型ICカードリーダ、非接触型ICカードリーダ等が存在する。カードリーダ1の詳細構成については後述する。 The card reader 1 is a motor reader type card reader / writer device. The card reader 1 is connected to the host device 2 and executes various processes according to commands from the host device 2. Examples of the card reader include a magnetic card reader, a contact type IC card reader, and a non-contact type IC card reader. The detailed configuration of the card reader 1 will be described later.
 上位装置2は、ATM等用の組み込みPC等である。上位装置2は、制御部、記憶部、各種インタフェース等を備えており、カードリーダ1を制御する。 The host device 2 is an embedded PC for ATM or the like. The host device 2 includes a control unit, a storage unit, various interfaces, and the like, and controls the card reader 1.
 カード3は、接触型又は非接触型のICカードおよび/または磁気カードである。カード3は、例えば、厚さが0.7~0.8mm程度の矩形状の塩化ビニール等のプラスチック製のカードである。カード3が接触型のICカードの場合、カード3のプラスチック基板内部には、集積回路チップ(ICチップ)が埋設されるとともに、表面にIC端子が配置される。また、カード3が非接触型のICカードの場合、プラスチック基板内部にICチップとアンテナコイルが埋設される。また、カード3が磁気カードの場合、表面に磁気データを記録する磁気ストライプが形成される。なお、カードは、厚さが0.18~0.36mm程度のPET(ポリエチレンテレフタレート)カードや、所定の厚さの紙カード等であってもよい。カードには、ユーザの情報や貨幣価値情報等の情報が記憶されている。 The card 3 is a contact type or non-contact type IC card and / or a magnetic card. The card 3 is a plastic card such as rectangular vinyl chloride having a thickness of about 0.7 to 0.8 mm. When the card 3 is a contact type IC card, an integrated circuit chip (IC chip) is embedded in the plastic substrate of the card 3 and an IC terminal is disposed on the surface. When the card 3 is a non-contact type IC card, an IC chip and an antenna coil are embedded in the plastic substrate. When the card 3 is a magnetic card, a magnetic stripe for recording magnetic data is formed on the surface. The card may be a PET (polyethylene terephthalate) card having a thickness of about 0.18 to 0.36 mm, a paper card having a predetermined thickness, or the like. The card stores information such as user information and money value information.
 なお、相互認証システムXは、他の情報処理装置として、カードの表面の写真や文字等を読み取るスキャナ、回収したカードを粉砕する粉砕機、カードを回収するカード回収返却モジュール、カードの表面に印刷を行うカードプリンタ等を備えていてもよい。 In addition, the mutual authentication system X is a scanner that reads photos and characters on the card surface, a crusher that crushes the collected card, a card collection and return module that collects the card, and prints on the card surface. A card printer or the like may be provided.
 図1においては、カードリーダ1および上位装置2の相互認証に関するシステム構成について特に注目して記載している。ここで、本実施形態においては、カードリーダ1および上位装置2において同様の相互認証処理を実行することが可能である。このため、下記において、カードリーダ1の相互認証に関する構成について特に注目して説明する。 In FIG. 1, the system configuration related to mutual authentication of the card reader 1 and the host device 2 is described with particular attention. Here, in the present embodiment, the card reader 1 and the host device 2 can execute the same mutual authentication process. Therefore, in the following, the configuration related to mutual authentication of the card reader 1 will be described with particular attention.
 カードリーダ1は、制御部10、A/D変換部20、記憶部30(認証情報記憶手段)、D/A変換部40、およびインタフェース部50を含んでいる。 The card reader 1 includes a control unit 10, an A / D conversion unit 20, a storage unit 30 (authentication information storage unit), a D / A conversion unit 40, and an interface unit 50.
 制御部10は、CPU(Central Processing Unit)等の制御演算手段である。制御部10は、カード3の情報の読み出しや書き込みを制御する。また、カードリーダ1は、カード3で読み出しまたは書き込みされる情報を暗号化したり復号化したりすることも可能である。 The control unit 10 is a control calculation means such as a CPU (Central Processing Unit). The control unit 10 controls reading and writing of information on the card 3. The card reader 1 can also encrypt and decrypt information read or written by the card 3.
 A/D変換部20は、時系列的に連続した波形であるアナログ信号を上位装置2から受信し、制御部10等で取り扱い可能なデジタル信号である受信デジタル信号に変換する。このため、A/D変換部20は、専用の配線等で上位装置2のD/A変換部41と接続されている。A/D変換部20が入力するアナログ信号は、例えば、連続的、経時的な電圧の変化で表現される。また、この電圧には特定のバイアス等がかけられた上で、例えば、量子化ビット数が8ビットであれば最小値0~最大値255、16ビットであれば最小値0~最大値65535のような値のデジタル信号に変換される。また、A/D変換部20は、例えば、サンプリング周波数11kHz~48kHzで受信デジタル信号を取得する。A/D変換部20は、DMA(Direct Memory Access)等を利用して、この受信デジタル信号を記憶部30のバッファ等に記憶させてもよい。 The A / D converter 20 receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal that is a digital signal that can be handled by the controller 10 or the like. For this reason, the A / D conversion unit 20 is connected to the D / A conversion unit 41 of the host device 2 by a dedicated wiring or the like. The analog signal input by the A / D conversion unit 20 is expressed by, for example, a continuous and temporal voltage change. In addition, a specific bias or the like is applied to this voltage. For example, if the number of quantization bits is 8 bits, the minimum value is 0 to the maximum value 255, and if it is 16 bits, the minimum value is 0 to the maximum value 65535. It is converted into a digital signal with such a value. In addition, the A / D conversion unit 20 acquires the received digital signal at a sampling frequency of 11 kHz to 48 kHz, for example. The A / D converter 20 may store the received digital signal in a buffer or the like of the storage unit 30 using DMA (Direct Memory Access) or the like.
 記憶部30は、RAM(Random Access Memory)、ROM(Read Only Memory)、フラッシュメモリ等の一時的でない記録媒体である。記憶部30は、カードリーダ1の全体を制御し、上位装置2と通信し、各種処理を実行するための制御プログラム、OS(Operating System)、各処理の一時的なデータと、各種状態を示す状態情報、各種設定を示す設定情報等が格納されている。 The storage unit 30 is a non-temporary recording medium such as a RAM (Random Access Memory), a ROM (Read Only Memory), or a flash memory. The storage unit 30 controls the entire card reader 1, communicates with the host device 2, and displays a control program for executing various processes, an OS (Operating System), temporary data of each process, and various states. Stores status information, setting information indicating various settings, and the like.
 D/A変換部40は、制御部の指示によりデジタル信号をアナログ信号に変換する。D/A変換部40は、専用の配線等で上位装置2のA/D変換部21と接続されている。 The D / A converter 40 converts a digital signal into an analog signal according to an instruction from the controller. The D / A conversion unit 40 is connected to the A / D conversion unit 21 of the host device 2 by a dedicated wiring or the like.
 インタフェース部50は、USB(Universal Serial Bus)、RS-232C、LAN(Local Area Network)等の通信ラインに接続するための各種インタフェース回路や物理層等である。インタフェース部50は、上位装置2との間で、通信ラインを介し、各種情報を送受信する。この各種情報には、後述する認証開始トリガや認証情報再設定トリガ等を含む各種指令が含まれる。 The interface unit 50 includes various interface circuits and physical layers for connecting to communication lines such as USB (Universal Serial Bus), RS-232C, and LAN (Local Area Network). The interface unit 50 transmits and receives various kinds of information to and from the host device 2 via a communication line. The various information includes various commands including an authentication start trigger and an authentication information reset trigger described later.
 なお、A/D変換部20、D/A変換部41を含む各部は、制御部10に内蔵されたSystem On Chip等として構成されていてもよい。カードリーダ1は、この他にも、カード3の挿入や搬送路内の位置等を検出する機械式、光学式、磁気式等の方式のセンサとこの状態を取得するセンサ回路、カード3を搬送するためのモータとローラ等とを含む搬送機構とこの搬送機構を駆動するためのモータ回路、搬送路内に挿入されたカード3の情報を読み取ったり、そのカードに情報を書き込んだりする磁気ヘッドとこの磁気ヘッドを制御するRead/Write回路や復調回路等を含んでいる。 Each unit including the A / D conversion unit 20 and the D / A conversion unit 41 may be configured as a System On Chip or the like built in the control unit 10. In addition to this, the card reader 1 conveys the card 3, a sensor of a mechanical type, an optical type, a magnetic type or the like that detects insertion of the card 3 or a position in the conveyance path, a sensor circuit that acquires this state, and the like. A transport mechanism including a motor, a roller and the like, a motor circuit for driving the transport mechanism, a magnetic head for reading information on the card 3 inserted in the transport path, and writing information on the card, A Read / Write circuit and a demodulation circuit for controlling the magnetic head are included.
 制御部10は、機能構成として、認証処理部100、送信デジタル信号作成部110、及び認証情報再設定部120を含んでいる。これらの機能構成単位は、制御部10が、記憶部30に記憶されたOS及び制御プログラムを展開して実行することで実現可能である。また、制御部10は、本発明の実施の形態に係る相互認証方法を実現するためのハードウェア資源となる。 The control unit 10 includes an authentication processing unit 100, a transmission digital signal creation unit 110, and an authentication information resetting unit 120 as functional configurations. These functional units can be realized by the control unit 10 expanding and executing the OS and the control program stored in the storage unit 30. Moreover, the control part 10 becomes a hardware resource for implement | achieving the mutual authentication method which concerns on embodiment of this invention.
 認証処理部100は、上位装置2等から受信されたアナログ信号がA/D変換部20で変換されたデジタル信号(以下、「受信デジタル信号」という。)の変位パターンと、記憶部30に記憶された認証情報300とを照合して認証する。具体的には、認証処理部100は、受信デジタル信号の変位パターンと認証情報300に対応した変位パターンとを照合し、この変位パターンが一致していれば認証成功と判断し、一致しなければ失敗と判断する。 The authentication processing unit 100 stores in the storage unit 30 a displacement pattern of a digital signal (hereinafter referred to as “received digital signal”) obtained by converting the analog signal received from the host device 2 or the like by the A / D conversion unit 20. The authentication information 300 thus verified is verified. Specifically, the authentication processing unit 100 collates the displacement pattern of the received digital signal with the displacement pattern corresponding to the authentication information 300, and determines that the authentication is successful if the displacement pattern matches. Judge as failure.
 送信デジタル信号作成部110は、記憶部30に記憶された認証情報300に対応した変位パターンに基づいて、上位装置2等へ送信するデジタル信号(以下、「送信デジタル信号」という。)を作成する。送信デジタル信号作成部110は、この送信デジタル信号を作成する際、信号の反転を含む特定の変換等により加工してもよい。送信デジタル信号作成部110は、上位装置2からの認証開始トリガに対して認証を開始する。この認証開始トリガは、認証の開始を示す指令である。認証処理部100で認証が成功した場合、例えば、受信デジタル信号を反転した信号等を送信デジタル信号として作成する。また、逆に、送信デジタル信号作成部110は、上位装置2に対して認証を求める場合に、認証情報300に対応した変位パターンに対応する送信デジタル信号として作成する。 The transmission digital signal creation unit 110 creates a digital signal (hereinafter referred to as “transmission digital signal”) to be transmitted to the higher-level device 2 and the like based on the displacement pattern corresponding to the authentication information 300 stored in the storage unit 30. . The transmission digital signal creation unit 110 may process the transmission digital signal by specific conversion including inversion of the signal when creating the transmission digital signal. The transmission digital signal creation unit 110 starts authentication in response to the authentication start trigger from the higher-level device 2. This authentication start trigger is a command indicating the start of authentication. When the authentication processing unit 100 succeeds in authentication, for example, a signal obtained by inverting the received digital signal is created as a transmission digital signal. Conversely, the transmission digital signal creation unit 110 creates a transmission digital signal corresponding to the displacement pattern corresponding to the authentication information 300 when the host device 2 is requested to authenticate.
 認証情報再設定部120は、特定のタイミングで記憶部30の認証情報300を再設定する。この特定のタイミングは、カードリーダ1について、標準規格で規定された時間が経過した場合、破損や故障により修理や交換等の状況が発生した場合、ユーザによる特定の指示を受信した場合等である。認証情報再設定部120は、認証情報再設定部120のアナログ信号を照合する期間、サンプリング周期、及び照合用データを、乱数発生器等により再設定する。 The authentication information resetting unit 120 resets the authentication information 300 in the storage unit 30 at a specific timing. This specific timing is when the time specified by the standard has elapsed for the card reader 1, when a situation such as repair or replacement occurs due to damage or failure, or when a specific instruction from the user is received. . The authentication information resetting unit 120 resets the period, the sampling period, and the verification data for verifying the analog signal of the authentication information resetting unit 120 using a random number generator or the like.
 この再設定の際に、認証情報再設定部120は、上位装置2へ認証情報再設定トリガを送信する。認証情報再設定トリガは、認証情報300および/または認証情報301の再設定を示す指令である。その後、認証情報再設定部120は、送信デジタル信号作成部110に再設定された認証情報300に基づいた送信デジタル信号を作成させる。この上で、認証情報再設定部120は、この再設定された認証情報300に対応する送信デジタル信号を、D/A変換部40によりアナログ信号に変換させ、上位装置2に送信させる。これにより、後述するように、上位装置2も、再設定された認証情報300に対応した認証情報301を作成して記憶部31に保存することが可能である。 At the time of this resetting, the authentication information resetting unit 120 transmits an authentication information resetting trigger to the higher-level device 2. The authentication information reset trigger is a command indicating resetting of the authentication information 300 and / or the authentication information 301. Thereafter, the authentication information resetting unit 120 causes the transmission digital signal creation unit 110 to create a transmission digital signal based on the reset authentication information 300. Then, the authentication information resetting unit 120 converts the transmission digital signal corresponding to the reset authentication information 300 into an analog signal by the D / A conversion unit 40 and transmits the analog signal to the host device 2. As a result, as will be described later, the host device 2 can also create authentication information 301 corresponding to the reset authentication information 300 and store it in the storage unit 31.
 記憶部30には、認証情報300が記憶されている。認証情報300は、例えば、上位装置2から送信されたアナログ信号を照合する期間、サンプリング周期、及び照合用データが含まれている。 In the storage unit 30, authentication information 300 is stored. The authentication information 300 includes, for example, a period during which an analog signal transmitted from the host device 2 is collated, a sampling cycle, and collation data.
 このうち、アナログ信号を照合する期間(以下、「照合期間」と呼ぶ。)は、認証開始トリガの上位装置2の送信の時点から、どのくらいの時間、アナログ信号を受信するかについて示す情報である。この時間は数μ秒~数秒単位で設定可能である。この照合時間は、認証開始トリガから実際にアナログ信号が送信開始されるまでの時間である「ディレイ」についても含まれている。また、照合時間には、実際にアナログ信号が出力される時間を含めてもよい。実際にアナログ信号が出力される時間と照合時間とが異なる場合、照合期間よりも長い時間または短い時間、アナログ信号が出力される。 Among these, the period for verifying the analog signal (hereinafter referred to as “verification period”) is information indicating how long the analog signal is received from the time of transmission of the host device 2 of the authentication start trigger. . This time can be set in units of several microseconds to several seconds. This verification time includes “delay” which is the time from the authentication start trigger until the analog signal is actually started to be transmitted. In addition, the verification time may include a time during which an analog signal is actually output. When the time when the analog signal is actually output and the verification time are different, the analog signal is output for a time longer or shorter than the verification period.
 サンプリング周期は、受信デジタル信号から時系列データを取得する周期を示す値である。すなわち、アナログ信号の比較用の取得(モニタ)の周期に対応する値である。このサンプリング周期は、例えば、A/D変換部20にてアナログ信号を受信デジタル信号に変換する際の実際のサンプリング周波数より長い周期を指定可能である。このサンプリング周期は、上位装置2からの指定により、変更可能である。なお、このサンプリング周期について、一定の間隔ではなく、特定の数列等に従った不定期の周期を用いるような構成であってもよい。 The sampling period is a value indicating a period for acquiring time series data from the received digital signal. That is, the value corresponds to the period of acquisition (monitoring) for comparison of analog signals. For example, a period longer than the actual sampling frequency when the analog signal is converted into a received digital signal by the A / D converter 20 can be designated as the sampling period. This sampling cycle can be changed by designation from the host device 2. In addition, about this sampling period, the structure which uses an irregular period according to a specific numerical sequence etc. may be sufficient instead of a fixed space | interval.
 照合用データは、上位装置2から受信したアナログ信号の時分割での変位パターンを照合するための配列(マトリクス、アレイ)等のデータである。照合用データは、例えば、受信デジタル信号からの照合期間内に上述のサンプリング周期で取得された時系列データの変位パターンのデータとして構成される。照合用データとして、前回上位装置2から取得した受信デジタル信号を、そのまま保持しておくことも可能である。この場合、上位装置2の送信デジタル信号作成部111は、認証開始の際に、例えば、毎回、ランダムなデジタル波形データに時系列データを埋め込んだ送信デジタルデータを作成するように構成する。このように構成することにより、カードリーダ1の受信デジタル信号が前回受信された受信デジタル信号と同じか否かを比較し、ハッキングの有無等を検出可能となる。 The collation data is data such as an array (matrix, array) for collating the time-division displacement pattern of the analog signal received from the host device 2. The verification data is configured, for example, as displacement pattern data of time-series data acquired at the above-described sampling period within the verification period from the received digital signal. It is also possible to retain the received digital signal acquired from the previous host device 2 as the verification data as it is. In this case, the transmission digital signal creation unit 111 of the host device 2 is configured to create transmission digital data in which time series data is embedded in random digital waveform data, for example, every time authentication is started. With this configuration, it is possible to compare whether or not the received digital signal of the card reader 1 is the same as the previously received digital signal, and to detect the presence or absence of hacking.
 なお、認証情報300は、A/D変換部20の量子化ビット数、量子化誤差の許容範囲の情報等についても含んでいてもよい。 Note that the authentication information 300 may include information on the number of quantization bits of the A / D conversion unit 20, information on an allowable range of quantization errors, and the like.
 上位装置2は、本実施形態の相互認証の処理および構成においてカードリーダ1の制御部10と同様の制御部11、A/D変換部20と同様のA/D変換部21、記憶部30と同様の記憶部31、D/A変換部40と同様のD/A変換部41、およびインタフェース部50と同様のインタフェース部51を含んでいる。上位装置2の制御部11は、カードリーダ1の制御部10の機能構成に係る認証処理部100と同様の認証処理部101、送信デジタル信号作成部110と同様の送信デジタル信号作成部111、および認証情報再設定部120と同様の認証情報再設定部121を含んでいる。上位装置2の記憶部31には、カードリーダ1の記憶部30に記憶された認証情報に対応する認証情報301が含まれている。 The host device 2 includes a control unit 11 similar to the control unit 10 of the card reader 1, an A / D conversion unit 21 similar to the A / D conversion unit 20, and a storage unit 30 in the mutual authentication process and configuration of the present embodiment. A similar storage unit 31, a D / A conversion unit 41 similar to the D / A conversion unit 40, and an interface unit 51 similar to the interface unit 50 are included. The control unit 11 of the host device 2 includes an authentication processing unit 101 similar to the authentication processing unit 100 related to the functional configuration of the control unit 10 of the card reader 1, a transmission digital signal generation unit 111 similar to the transmission digital signal generation unit 110, and An authentication information resetting unit 121 similar to the authentication information resetting unit 120 is included. The storage unit 31 of the host device 2 includes authentication information 301 corresponding to the authentication information stored in the storage unit 30 of the card reader 1.
 なお、以下の実施の形態においては、上位装置2が他装置、カードリーダ1が自装置である例について記載するものの、逆に上位装置2が自装置、カードリーダ1が他装置であってもよい。 In the following embodiments, an example is described in which the host device 2 is another device and the card reader 1 is its own device, but conversely even if the host device 2 is its own device and the card reader 1 is another device. Good.
〔相互認証処理〕
 次に、図2、図3により、本発明の実施の形態に係る相互認証処理の説明を行う。
図2は、本発明の実施の形態に係る相互認証処理のフローチャートである。図3は、図2に示す相互認証処理の具体例を示す概念図である。
 本実施形態の相互認証処理に係る相互認証システムXは、上述したように、上位装置2と下位装置であるカードリーダ1が存在し、カードリーダ1からのアナログ信号の出力とカードリーダ1のアナログ信号の入力、若しくは上位装置2からのアナログ信号の出力とカードリーダ1のアナログ信号の入力が接続されている。このため、上位装置2からの認証開始トリガにより下位装置であるカードリーダ1が認証を受け付ける。この際、出力側は送信デジタル信号をD/A変換部40、41を介してアナログ信号に変換して出力し、入力側はそのアナログ量をA/D変換部20、21を介し受信デジタルに置き換える。このように、本実施形態の相互認証処理では、出力側と入力側がお互いに、時間で変位するアナログ信号を入出力する。すなわち、出力側と入力側がお互いに、アナログ信号を媒介として認証を行う。このため、認証情報300、301を共通に記憶しておき、アナログ信号をデジタル信号にして、お互いの変位パターンを照合(比較)し、上位装置2とカードリーダ1との真偽性を確認しあう。なお、そのアナログ信号を出力する時間(期間)は、特定の時間である。
 以下で、図2のフローチャートを参照して、本実施形態の相互認証処理の詳細をステップ毎に説明する。 [Mutual authentication processing]
Next, the mutual authentication processing according to the embodiment of the present invention will be described with reference to FIGS.
FIG. 2 is a flowchart of the mutual authentication process according to the embodiment of the present invention. FIG. 3 is a conceptual diagram showing a specific example of the mutual authentication process shown in FIG.
As described above, the mutual authentication system X according to the mutual authentication process of the present embodiment includes the host device 2 and the card reader 1 as the lower device, and outputs analog signals from the card reader 1 and analogs of the card reader 1. A signal input or an analog signal output from the host device 2 and an analog signal input of the card reader 1 are connected. For this reason, the card reader 1 which is the lower device accepts the authentication by the authentication start trigger from the higher device 2. At this time, the output side converts the transmission digital signal into an analog signal via the D / A converters 40 and 41 and outputs the analog signal, and the input side converts the analog amount into the reception digital via the A / D converters 20 and 21. replace. As described above, in the mutual authentication processing according to the present embodiment, the output side and the input side mutually input and output analog signals that are displaced with time. That is, the output side and the input side authenticate each other using an analog signal as a medium. Therefore, the authentication information 300 and 301 are stored in common, the analog signal is converted into a digital signal, the mutual displacement patterns are collated (compared), and the authenticity between the host device 2 and the card reader 1 is confirmed. meet. The time (period) for outputting the analog signal is a specific time.
Hereinafter, the details of the mutual authentication processing of this embodiment will be described step by step with reference to the flowchart of FIG.
 なお、以下のステップは、カードリーダ1の制御部10が記憶部30に記憶された制御プログラムを、ハードウェア資源を用いて実行し、上位装置2の制御部11が記憶部31に記憶された制御プログラムを、ハードウェア資源を用いて実行することで実現できる。 In the following steps, the control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
 上位装置2の処理について説明する。
(ステップS201)
 上位装置2の認証情報再設定部121が、認証開始トリガ処理を行う。認証情報再設定部121は、認証開始トリガを、インタフェース部51を介して、カードリーダ1に送信する(タイミングT201)。 The processing of the host device 2 will be described.
(Step S201)
The authentication information resetting unit 121 of the higher-level device 2 performs an authentication start trigger process. The authentication information resetting unit 121 transmits an authentication start trigger to the card reader 1 via the interface unit 51 (timing T201).
(ステップS202)
 上位装置2の送信デジタル信号作成部111およびD/A変換部41が、アナログ信号送信処理を行う。送信デジタル信号作成部111は、認証情報301に基づいた変位パターンの送信デジタル信号を作成して、D/A変換部41からカードリーダ1へ送信する(タイミングT202)。 (Step S202)
The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process. The transmission digital signal creation unit 111 creates a transmission digital signal having a displacement pattern based on the authentication information 301 and transmits it from the D / A conversion unit 41 to the card reader 1 (timing T202).
 図3(a)により、具体例として説明すると、送信デジタル信号作成部111は、送信デジタル信号の例として、ランダムであるものの連続的なデジタル波形データを作成した上で、認証情報301を参照して、このデジタル波形データに照合期間Lのサンプリング周期sの時系列データを埋め込む。すなわち、サンプリング周期sの箇所のデータが、カードリーダ1での照合に用いられるデータとなる。なお、送信デジタル信号作成部111は、アナログ信号の出力する時間に対応した長さの送信デジタル信号を作成する。すなわち、送信デジタル信号作成部111は、図3(a)のように、照合期間Lよりも長い出力される送信デジタル信号を作成してもよい。また、送信デジタル信号作成部111は、一度に送信デジタル信号をすべて作成せず、逐次、作成してD/A変換させて送信させてもよい。 As a specific example with reference to FIG. 3A, the transmission digital signal creation unit 111 creates random but continuous digital waveform data as an example of the transmission digital signal, and then refers to the authentication information 301. Thus, the time-series data of the sampling period s of the verification period L is embedded in this digital waveform data. In other words, the data at the sampling period s is data used for verification by the card reader 1. The transmission digital signal creation unit 111 creates a transmission digital signal having a length corresponding to the output time of the analog signal. That is, the transmission digital signal creation unit 111 may create a transmission digital signal that is output longer than the verification period L, as shown in FIG. Further, the transmission digital signal creation unit 111 may not create all the transmission digital signals at once, but may sequentially create them and perform D / A conversion for transmission.
 つぎに、カードリーダ1の処理について説明する。
(ステップS101)
 カードリーダ1のA/D変換部20がアナログ信号受信処理を行う。A/D変換部20は、上位装置2からのアナログ信号を受信して、受信デジタル信号にA/D変換する。 Next, processing of the card reader 1 will be described.
(Step S101)
The A / D converter 20 of the card reader 1 performs an analog signal reception process. The A / D converter 20 receives an analog signal from the host device 2 and performs A / D conversion into a received digital signal.
(ステップS102)
 カードリーダ1の認証処理部100が、認証処理を行う。認証処理部100は、A/D変換部20で変換された受信デジタル信号の変位パターンと、記憶部30に記憶された認証情報300とを照合して認証する。 (Step S102)
The authentication processing unit 100 of the card reader 1 performs an authentication process. The authentication processing unit 100 performs authentication by collating the displacement pattern of the received digital signal converted by the A / D conversion unit 20 with the authentication information 300 stored in the storage unit 30.
 図3(a)の具体例で説明すると、認証処理部100は、受信デジタル信号のうち、照合期間Lの間で、ディレイdの後、サンプリング周期sでデータを取得して照合する。そして、図3(b)の例の場合、認証処理部100は、サンプリング周期sで取得したデータの変位の角度等(変位パターン)が認証情報300の照合用データと特定の誤差の範囲内で同じか否かにより照合を行う。このようにデータの変位パターンで照合することで、レベル変動やノイズ等による誤差を抑えることができる。また、認証処理部100は、記憶部30のバッファを参照して、以前に受信した受信デジタル信号とまったく同じであったかについても比較することが可能である。 3A, the authentication processing unit 100 acquires and collates data with a sampling period s after the delay d during the collation period L in the received digital signal. In the case of the example in FIG. 3B, the authentication processing unit 100 determines that the displacement angle or the like (displacement pattern) of the data acquired at the sampling period s is within a specific error range from the verification data in the authentication information 300. Collation is performed based on whether or not they are the same. By collating with the data displacement pattern in this way, errors due to level fluctuations, noise, and the like can be suppressed. Further, the authentication processing unit 100 can compare whether the received digital signal is exactly the same as the previously received digital signal with reference to the buffer of the storage unit 30.
(ステップS103)
 カードリーダ1の認証処理部100が、認証が成功したか否かを判定する。認証処理部100は、変位パターンが特定の誤差の範囲で同じであった場合、認証が成功であるとして、Yesと判定する。Yesの場合、認証処理部100は、処理をステップS104に進める。
 これに対して、認証処理部100は、変位パターンが特定の誤差の範囲で一致しなかった場合、不正な装置であるとして、Noと判定する。Noの場合、認証処理部100は、処理をステップS107に進める。
 これにより、デジタルレコーダ等によりアナログ信号を録音して再生されるといった方法で認証されることがなくなり、セキュリティ性を向上できる。
 なお、認証処理部100は、受信デジタル信号が、以前に受信した受信デジタル信号と同じであった場合、異常データであり不正な装置として、Noと判定するようにしてもよい。 (Step S103)
The authentication processing unit 100 of the card reader 1 determines whether the authentication is successful. If the displacement pattern is the same within a specific error range, the authentication processing unit 100 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 100 advances a process to step S104.
On the other hand, when the displacement pattern does not match within a specific error range, the authentication processing unit 100 determines No as an unauthorized device. In No, the authentication process part 100 advances a process to step S107.
As a result, authentication is not performed by a method in which an analog signal is recorded and reproduced by a digital recorder or the like, and security can be improved.
If the received digital signal is the same as the previously received digital signal, the authentication processing unit 100 may determine No as abnormal data because it is an abnormal data.
(ステップS104)
 認証に成功した場合(Yesの場合)、カードリーダ1の送信デジタル信号作成部110が、送信デジタル信号作成処理を行う。送信デジタル信号作成部110は、認証情報300に対応する変位パターンとして、例えば、受信デジタル信号を反転した信号等を送信デジタル信号として作成する。この場合、送信デジタル信号作成部110は、受信デジタル信号をそのまま反転した信号を生成することが可能である。なお、送信デジタル信号作成部110は、ランダムであるものの連続的なデジタル波形データを作成し、認証情報301の照合期間Lのサンプリング周期sの時系列データを反転したデータを埋め込むようにしてもよい。 (Step S104)
When authentication is successful (in the case of Yes), the transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing. The transmission digital signal creation unit 110 creates, for example, a signal obtained by inverting the reception digital signal as a transmission digital signal as a displacement pattern corresponding to the authentication information 300. In this case, the transmission digital signal creation unit 110 can generate a signal obtained by inverting the reception digital signal as it is. The transmission digital signal generation unit 110 may generate random but continuous digital waveform data and embed data obtained by inverting the time-series data of the sampling period s of the verification period L of the authentication information 301. .
(ステップS105)
 カードリーダ1のD/A変換部40が、アナログ信号返信処理を行う。D/A変換部40は、送信デジタル信号作成部110により作成された送信デジタル信号をアナログ信号に変換し、上位装置2に送信する(タイミングT101)。 (Step S105)
The D / A converter 40 of the card reader 1 performs an analog signal return process. The D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits it to the host device 2 (timing T101).
(ステップS106)
 カードリーダ1の認証処理部100が、正常動作開始処理を行う。認証が成功したため、認証処理部100は、カードリーダ1の正常動作を開始させる。これにより、上位装置2の他の指令等に対応して、カード3の読み書き等が可能となる。これにより、相互認証処理のカードリーダ1に対する処理を終了する。 (Step S106)
The authentication processing unit 100 of the card reader 1 performs normal operation start processing. Since the authentication is successful, the authentication processing unit 100 starts normal operation of the card reader 1. Thereby, reading / writing of the card | curd 3 etc. are attained corresponding to the other command etc. of the high-order apparatus 2. FIG. Thereby, the process for the card reader 1 of the mutual authentication process is completed.
(ステップS107)
 認証に失敗した場合(Noの場合)、カードリーダ1の認証処理部100が、動作停止処理を行う。認証処理部100は、異常信号であったとして、カードリーダ1を停止等の状態にする。これにより、相互認証処理のカードリーダ1に対する処理を終了する。この際、カードリーダ1内には、カード3が収納されたままとなっていてもよい。また、認証処理部100は停止したことを示す情報を、図示しないログとして記憶部30に記憶してもよい。 (Step S107)
If the authentication fails (No), the authentication processing unit 100 of the card reader 1 performs an operation stop process. The authentication processing unit 100 puts the card reader 1 in a stopped state or the like, assuming that it is an abnormal signal. Thereby, the process for the card reader 1 of the mutual authentication process is completed. At this time, the card 3 may be stored in the card reader 1. Further, the authentication processing unit 100 may store information indicating that it has been stopped in the storage unit 30 as a log (not shown).
 再び、上位装置2の処理について説明する。図2に示すように、上位装置2は、カードリーダ1のステップS105で、送信された返信アナログ信号を受信する(タイミングT101)。
(ステップS203)
 A/D変換部21が、返信アナログ信号受信処理を行う。A/D変換部21は、認証に成功したか失敗したかにかかわらず、特定時間、カードリーダ1のD/A変換部40から出力されるアナログ信号を受信し、受信デジタル信号に変換する。 Again, the process of the high-order apparatus 2 is demonstrated. As shown in FIG. 2, the host device 2 receives the transmitted return analog signal in step S105 of the card reader 1 (timing T101).
(Step S203)
The A / D converter 21 performs a return analog signal reception process. The A / D converter 21 receives an analog signal output from the D / A converter 40 of the card reader 1 for a specific time, regardless of whether the authentication is successful or unsuccessful, and converts it into a received digital signal.
(ステップS204)
 上位装置2の認証処理部101が、認証結果検証処理を行う。認証処理部101は、A/D変換部21で変換された受信デジタル信号の振幅を反転等して変換する。この上で、認証処理部101は、上述のカードリーダ1のステップS102の認証処理と同様に、記憶部31の認証情報301と照合して認証する。 (Step S204)
The authentication processing unit 101 of the higher-level device 2 performs an authentication result verification process. The authentication processing unit 101 converts the amplitude of the received digital signal converted by the A / D conversion unit 21 by inverting it. Then, the authentication processing unit 101 performs authentication by comparing with the authentication information 301 in the storage unit 31 in the same manner as the authentication processing in step S102 of the card reader 1 described above.
(ステップS205)
 上位装置2の認証処理部101が、認証結果が正常か否かを判定する。認証処理部101は、認証情報301を用いて照合された変位パターンが特定の誤差の範囲で同じであった場合、認証が成功であるとして、Yesと判定する。Yesの場合、認証処理部101は、相互認証処理の上位装置2の処理を終了する。この際、認証結果が正常であった旨を記憶部31の図示しないログ等に記録してもよい。
 これに対して、認証処理部101は、変位パターンが一致しなかった場合、認証が失敗であるとして、Noと判定する。Noの場合、認証処理部101は、処理をステップS206に進める。なお、認証処理部101は、そもそもアナログ信号を取得できなかった場合も、Noと判定するようにしてもよい。 (Step S205)
The authentication processing unit 101 of the host device 2 determines whether the authentication result is normal. If the displacement patterns collated using the authentication information 301 are the same within a specific error range, the authentication processing unit 101 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 101 complete | finishes the process of the high-order apparatus 2 of a mutual authentication process. At this time, the fact that the authentication result is normal may be recorded in a log (not shown) of the storage unit 31.
On the other hand, if the displacement patterns do not match, the authentication processing unit 101 determines that the authentication has failed and determines No. In No, the authentication process part 101 advances a process to step S206. Note that the authentication processing unit 101 may determine No even when an analog signal cannot be acquired in the first place.
(ステップS206)
 認証に失敗した場合(Noの場合)、認証処理部101は、動作停止処理を行う。認証処理部101は、上位装置2の図示しない表示部やLED等でエラーを通知して、動作を停止する。これにより、相互認証処理の上位装置2の処理を終了する。この際、認証結果が異常であった旨を、記憶部31の図示しないログ等に記録してもよい。
 以上により、本発明の実施の形態に係る相互認証処理を終了する。 (Step S206)
If the authentication fails (No), the authentication processing unit 101 performs an operation stop process. The authentication processing unit 101 notifies an error with a display unit, an LED, or the like (not shown) of the host device 2 and stops the operation. Thereby, the process of the upper level apparatus 2 of the mutual authentication process is completed. At this time, the fact that the authentication result is abnormal may be recorded in a log (not shown) of the storage unit 31.
Thus, the mutual authentication process according to the embodiment of the present invention is completed.
 なお、上述の相互認証処理では、上位装置2からの認証開始トリガにより下位装置であるカードリーダ1が認証を受け付けた例について記載した。しかしながら、逆に、下位装置であるカードリーダ1からの認証開始トリガにより、上位装置2が認証を受け付けて、上述の相互認証処理と同様の処理を実行することも可能である。 In the above-described mutual authentication process, an example in which the card reader 1 which is a lower-level device accepts authentication by an authentication start trigger from the higher-level device 2 has been described. However, conversely, it is also possible for the host device 2 to accept authentication by an authentication start trigger from the card reader 1 which is a lower device, and to execute processing similar to the above-described mutual authentication processing.
〔認証情報再設定処理〕
 次に、図4により、本発明の実施の形態に係る認証情報再設定処理の説明を行う。図4は、本発明の実施の形態に係る認証情報再設定処理のフローチャートである。ここで、本発明の実施の形態に係るカードリーダ1の認証情報300、および/または上位装置2の認証情報301は、工場出荷時等に設定される。このため、通常、出荷時にこの初期的な認証情報300、301の照合期間やサンプリング周期や照合用データの変位パターンは一致するように調整されている。しかしながら、これらについて、特定のタイミングで更新することが必要となる場合がある。 [Authentication information reset process]
Next, the authentication information resetting process according to the embodiment of the present invention will be described with reference to FIG. FIG. 4 is a flowchart of authentication information resetting processing according to the embodiment of the present invention. Here, the authentication information 300 of the card reader 1 and / or the authentication information 301 of the host device 2 according to the embodiment of the present invention is set at the time of factory shipment or the like. For this reason, normally, the initial verification information 300 and 301 verification period, sampling cycle, and verification data displacement pattern are adjusted to match at the time of shipment. However, it may be necessary to update these at a specific timing.
 このため、本実施形態の認証情報再設定処理では、このような認証情報300、301の更新を行う。本実施形態においては、上位装置2の認証情報再設定部121が認証情報301を再設定し、その際に、認証情報再設定トリガと再設定された認証情報301の一部をカードリーダ1に送信し、再設定された認証情報301の送信デジタル信号を作成D/A変換部41によりD/A変換してカードリーダ1に送信する。これをカードリーダ1で受信して、時間とアナログ量の変位を記録し、認証情報300を更新する。
 以下で、図4のフローチャートにより、本実施形態に係る認証情報再設定処理の詳細をステップ毎に説明する。 For this reason, in the authentication information resetting process of the present embodiment, such authentication information 300 and 301 are updated. In the present embodiment, the authentication information resetting unit 121 of the host device 2 resets the authentication information 301, and at that time, the authentication information reset trigger and a part of the reset authentication information 301 are transferred to the card reader 1. The transmission digital signal of the authentication information 301 that has been transmitted and reset is D / A converted by the creation D / A conversion unit 41 and transmitted to the card reader 1. This is received by the card reader 1, the time and analog amount displacement are recorded, and the authentication information 300 is updated.
Hereinafter, details of the authentication information resetting process according to the present embodiment will be described step by step with reference to the flowchart of FIG. 4.
 なお、以下のステップは、カードリーダ1の制御部10が記憶部30に記憶された制御プログラムを、ハードウェア資源を用いて実行し、上位装置2の制御部11が記憶部31に記憶された制御プログラムを、ハードウェア資源を用いて実行することによって実現できる。 In the following steps, the control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
 上位装置2の処理について説明する。
(ステップS211)
 上位装置2の認証情報再設定部121が、認証情報再設定トリガ処理を行う。121は、記憶部30の認証情報301を更新し、認証情報再設定トリガを送信する(タイミングT211)。
 この処理においては、上述したような特定のタイミングになった場合、ATM等の管理者等のユーザが上位装置2の入力部(図示せず)のスイッチやボタン操作を行い、またはタイマ(図示せず)等による指令を発信する等が行われる。認証情報再設定部121は、これらを受け付けて、記憶部30の認証情報301を更新する。 The processing of the host device 2 will be described.
(Step S211)
The authentication information resetting unit 121 of the host device 2 performs an authentication information resetting trigger process. 121 updates the authentication information 301 in the storage unit 30 and transmits an authentication information reset trigger (timing T211).
In this process, when the above-mentioned specific timing is reached, a user such as an administrator such as ATM performs a switch or button operation on an input unit (not shown) of the host device 2 or a timer (not shown). Etc.) is transmitted. The authentication information resetting unit 121 receives these and updates the authentication information 301 in the storage unit 30.
 具体的に説明すると、認証情報再設定部121は、認証情報301の照合用データを、乱数発生器等により作成する。また、認証情報再設定部121は、認証情報301の照合期間とサンプリング周期についても、乱数発生器等で更新可能である。たとえば、図3(a)の例によれば、認証情報再設定部121は、認証情報301に係るディレイd、照合期間L、サンプリング周期s等も再設定することが可能である。 More specifically, the authentication information resetting unit 121 creates verification data for the authentication information 301 using a random number generator or the like. Further, the authentication information resetting unit 121 can update the verification period and the sampling cycle of the authentication information 301 with a random number generator or the like. For example, according to the example of FIG. 3A, the authentication information resetting unit 121 can also reset the delay d, the verification period L, the sampling period s, and the like related to the authentication information 301.
 認証情報再設定部121は、認証情報301の再設定後、インタフェース部51を介して、認証情報再設定トリガをカードリーダ1へ送信する。この際に、認証情報再設定部121は、再設定されたディレイを含む照合期間、サンプリング周期等をインタフェース部51から送信してもよい。これらの送信の際に、暗号化等を使用してもよい。 The authentication information resetting unit 121 transmits an authentication information resetting trigger to the card reader 1 via the interface unit 51 after resetting the authentication information 301. At this time, the authentication information resetting unit 121 may transmit a verification period including the reset delay, a sampling period, and the like from the interface unit 51. Encryption or the like may be used for these transmissions.
(ステップS212)
 上位装置2の送信デジタル信号作成部111およびD/A変換部41が、アナログ信号送信処理を行う。送信デジタル信号作成部111は、認証情報301に基づいて送信デジタル信号を作成して、D/A変換部41によりアナログ信号に変換させて、カードリーダ1へ送信する(タイミングT212)。この処理は、上述の図2のステップS202と同様に行う。 (Step S212)
The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process. The transmission digital signal creation unit 111 creates a transmission digital signal based on the authentication information 301, converts it into an analog signal by the D / A conversion unit 41, and transmits it to the card reader 1 (timing T212). This process is performed in the same manner as step S202 in FIG.
 つぎに、カードリーダ1の処理について説明する。
(ステップS111)
 カードリーダ1のA/D変換部20が、アナログ信号受信処理を行う。この処理は、図2のステップS101と同様に行う。 Next, processing of the card reader 1 will be described.
(Step S111)
The A / D converter 20 of the card reader 1 performs an analog signal reception process. This process is performed in the same manner as step S101 in FIG.
(ステップS112)
 カードリーダ1の認証情報再設定部120が、認証情報記憶処理を行う。認証情報再設定部120は、受信された認証情報再設定トリガおよびA/D変換部20により変換された受信デジタル信号により、更新された認証情報300を作成して記憶部30に記憶する。この際、認証情報再設定部120は、再設定されたディレイを含む照合期間、サンプリング周期等についても、更新された認証情報300の一部として記憶するようにしてもよい。 (Step S112)
The authentication information resetting unit 120 of the card reader 1 performs authentication information storage processing. The authentication information resetting unit 120 creates updated authentication information 300 based on the received authentication information reset trigger and the received digital signal converted by the A / D conversion unit 20 and stores the updated authentication information 300 in the storage unit 30. At this time, the authentication information resetting unit 120 may store the verification period including the reset delay, the sampling period, and the like as a part of the updated authentication information 300.
(ステップS113)
 カードリーダ1の送信デジタル信号作成部110が、送信デジタル信号作成処理を行う。送信デジタル信号作成部110は、更新された認証情報300の返信用の送信デジタル信号を作成する。この処理も、図2のステップS104と同様に行う。 (Step S113)
The transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing. The transmission digital signal creation unit 110 creates a transmission digital signal for returning the updated authentication information 300. This process is also performed in the same manner as step S104 in FIG.
(ステップS114)
 カードリーダ1のD/A変換部40が、アナログ信号返信処理を行う。D/A変換部40は、送信デジタル信号をアナログ信号に変換し、上位装置2に送信する(タイミングT111)。この処理にも、図2のステップS105と同様である。 (Step S114)
The D / A converter 40 of the card reader 1 performs an analog signal return process. The D / A conversion unit 40 converts the transmission digital signal into an analog signal and transmits the analog signal to the host device 2 (timing T111). This process is also the same as step S105 in FIG.
 再び、上位装置2の処理について説明する。
 図4に示すように、上位装置2は、カードリーダ1のステップS114で、送信された返信アナログ信号を受信する(タイミングT111)。
(ステップS213)
 A/D変換部21が、返信アナログ信号受信処理を行う。
 A/D変換部21は、特定時間、カードリーダ1のD/A変換部40から出力されるアナログ信号を取得し、受信デジタル信号に変換する。 Again, the process of the high-order apparatus 2 is demonstrated.
As shown in FIG. 4, the host device 2 receives the transmitted return analog signal in step S114 of the card reader 1 (timing T111).
(Step S213)
The A / D converter 21 performs a return analog signal reception process.
The A / D conversion unit 21 acquires an analog signal output from the D / A conversion unit 40 of the card reader 1 for a specific time, and converts it into a received digital signal.
(ステップS214)
 認証情報再設定部120が、返信認証情報記憶処理を行う。
 認証情報再設定部120は、受信デジタル信号を取得して、記憶部31の図示しないバッファに記憶しておく。なお、認証情報再設定部120は、図2のステップS204の認証結果検証処理と同様に、受信デジタル信号について、異常データでないかを検証してもよい。
 以上により、本発明の実施の形態に係る認証情報再設定処理を終了する。 (Step S214)
The authentication information resetting unit 120 performs reply authentication information storage processing.
The authentication information resetting unit 120 acquires the received digital signal and stores it in a buffer (not shown) of the storage unit 31. Note that the authentication information resetting unit 120 may verify whether the received digital signal is abnormal data as in the authentication result verification process in step S204 of FIG.
Thus, the authentication information resetting process according to the embodiment of the present invention is completed.
 なお、上述の実施形態に係る認証情報再設定処理では、上位装置2が認証情報301を再設定しカードリーダ1に認証情報再設定トリガを送信する例について示した。しかしながら、カードリーダ1が認証情報300を再設定して上位装置2に送信して同様の処理を行うようにしてもよい In the authentication information reset process according to the above-described embodiment, an example in which the host device 2 resets the authentication information 301 and transmits an authentication information reset trigger to the card reader 1 has been described. However, the card reader 1 may reset the authentication information 300 and transmit it to the host device 2 to perform the same processing.
〔本実施形態の主な効果〕
 以上のように構成することで、以下のような効果を得ることができる。
 本発明の実施の形態に係るカードリーダ1は、時系列的に連続した波形であるアナログ信号を上位装置2から受信し、受信デジタル信号に変換するA/D変換部20と、上位装置2との間で相互認証を行うための認証情報300を記憶する記憶部30と、A/D変換部20で変換された受信デジタル信号の変位パターンを記憶部30に記憶された認証情報300と照合して認証する認証処理部100と、認証処理部100で認証が成功した場合、記憶部30に記憶された認証情報300に対応する変位パターンの送信デジタル信号を作成する送信デジタル信号作成部110と、送信デジタル信号作成部110により作成された送信デジタル信号をアナログ信号に変換し、上位装置2に送信するD/A変換部40とを備えることを特徴とする。 [Main effects of this embodiment]
With the configuration described above, the following effects can be obtained.
The card reader 1 according to the embodiment of the present invention receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal, and the host device 2. Between the storage unit 30 for storing the authentication information 300 for performing mutual authentication and the displacement pattern of the received digital signal converted by the A / D conversion unit 20 with the authentication information 300 stored in the storage unit 30 The authentication processing unit 100 that authenticates and the transmission processing unit 100 that generates a transmission digital signal of a displacement pattern corresponding to the authentication information 300 stored in the storage unit 30 when the authentication processing unit 100 succeeds in authentication, A D / A conversion unit 40 that converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits the analog signal to the host device 2 is provided.
 また、本発明の実施の形態に係る上位装置2は、時系列的に連続した波形であるアナログ信号をカードリーダ1から受信し、受信デジタル信号に変換するA/D変換部21と、カードリーダ1との間で相互認証を行うための認証情報301を記憶する記憶部31と、A/D変換部21で変換された受信デジタル信号の変位パターンを記憶部31に記憶された認証情報301と照合して認証する認証処理部101と、認証処理部101で認証が成功した場合、記憶部31に記憶された認証情報301に対応する変位パターンの送信デジタル信号を作成する送信デジタル信号作成部111と、送信デジタル信号作成部111により作成された送信デジタル信号をアナログ信号に変換し、カードリーダ1に送信するD/A変換部41とを備えることを特徴とする。 In addition, the host device 2 according to the embodiment of the present invention receives an analog signal having a continuous waveform in time series from the card reader 1 and converts it into a received digital signal, and a card reader. A storage unit 31 that stores authentication information 301 for mutual authentication with the authentication unit 1, and an authentication information 301 that stores a displacement pattern of the received digital signal converted by the A / D conversion unit 21 in the storage unit 31. An authentication processing unit 101 that verifies and authenticates and a transmission digital signal generation unit 111 that generates a transmission digital signal of a displacement pattern corresponding to the authentication information 301 stored in the storage unit 31 when the authentication processing unit 101 succeeds in authentication. And a D / A conversion unit 41 that converts the transmission digital signal created by the transmission digital signal creation unit 111 into an analog signal and transmits the analog signal to the card reader 1. The features.
 すなわち、本実施形態では、入力側は記憶しているアナログ信号の変位パターンと、受信したアナログ信号の変位パターンとを比較し、一致している場合は相手は上位装置2およびカードリーダ1は相互に正常な装置だと判断する。一致していない場合は異常な装置だと判断する。
 このように構成することで、簡易化した構成であっても不正な装置へのすり替えを容易に検出することが可能となる。すなわち、従来の特許文献1に記載の技術等に比べて、簡単な構成でありながら、上位装置2とカードリーダ1との関係が正しい組み合わせであるか確実に判別でき、不正な装置へのすり替えを検出することが可能である。 That is, in the present embodiment, the input side compares the stored displacement pattern of the analog signal with the displacement pattern of the received analog signal. It is determined that the device is normal. If they do not match, it is determined that the device is abnormal.
With this configuration, even if the configuration is simplified, it is possible to easily detect replacement with an unauthorized device. That is, it is possible to reliably determine whether the relationship between the host device 2 and the card reader 1 is a correct combination while having a simple configuration as compared with the technique described in the conventional patent document 1, and the replacement with an unauthorized device is possible. Can be detected.
 また、本実施形態のカードリーダ1および上位装置2は、簡易化した構成であるため相互認証に係る回路の規模を小さくして、製造コストを削減できる。特に、近年では、A/D変換器やD/A変換器を内蔵しているCPU等が存在し、その場合は、外付けのA/D変換器やD/A変換器を使用しないことで更にコストを削減できる。すなわち、必要最小限のハードウェアで相互認証の機能を実現することが可能となる。
 また、本実施形態のカードリーダ1および上位装置2は、防衛または秘密保持等の理由で制限があるようなデジタルの暗号等を使用しない。このため、輸出時の手続き等が不要となり、コストを削減できる。 In addition, since the card reader 1 and the host device 2 of the present embodiment have a simplified configuration, it is possible to reduce the manufacturing cost by reducing the scale of the circuit related to mutual authentication. In particular, in recent years, there are CPUs or the like that have built-in A / D converters and D / A converters, in which case an external A / D converter or D / A converter is not used. Furthermore, cost can be reduced. That is, the mutual authentication function can be realized with the minimum necessary hardware.
Further, the card reader 1 and the host device 2 of the present embodiment do not use digital encryption or the like that is restricted for reasons such as defense or confidentiality. This eliminates the need for export procedures and reduces costs.
 また、従来のようにデジタルの暗号鍵によりデータの交換を行い、その交換によって相互認証する構成の場合、上位装置と下位装置の通信部に測定器具などを装着し、モニタすることによって完全なデジタル信号を取得することが可能である。このようなデジタル信号の場合は、モニタの詳細な解析等によって、暗号鍵が解読されてしまう可能性もあり、セキュリティ上のリスクが皆無ではなかった。
 これに対して、本実施形態のカードリーダ1および上位装置2のアナログ信号は、アナログ信号そのものを取得しても、デジタルの暗号鍵等は含まれていないため、セキュリティ上のリスクを低減できる。 Also, in the case of a configuration in which data is exchanged using a digital encryption key as in the past and mutual authentication is performed by the exchange, a complete digital is obtained by attaching a measuring instrument or the like to the communication unit of the upper device and the lower device and monitoring. It is possible to acquire a signal. In the case of such a digital signal, there is a possibility that the encryption key may be deciphered by detailed analysis of the monitor, and there is no security risk.
On the other hand, since the analog signals of the card reader 1 and the host device 2 of this embodiment do not include a digital encryption key or the like even if the analog signals themselves are acquired, security risks can be reduced.
 また、従来のアナログ信号を利用した認証方式として、音声の波形や指紋等の画像を取得してデータ化して認証するものが存在した。これらは、それぞれの認証する必要があるユーザの音声の波形や指紋等の画像自体に特徴があった。また、このような従来の認証方式では、その特徴となる箇所を選択する必要があった。
 これに対して、本実施形態のカードリーダ1および上位装置2では、波形は一般的なものを用いることができ、たとえ盗まれても問題とならない。また、特定の特徴となる箇所を選択する必要もなくなる。 Further, as an authentication method using a conventional analog signal, there has been an authentication method in which an image such as a sound waveform or a fingerprint is acquired and converted into data. These are characterized by the image itself such as the waveform of the user's voice and the fingerprint that needs to be authenticated. In addition, in such a conventional authentication method, it is necessary to select a location that is a feature of the authentication method.
On the other hand, in the card reader 1 and the host device 2 of the present embodiment, a general waveform can be used, and even if it is stolen, there is no problem. Further, it is not necessary to select a location that is a specific feature.
 また、単なるアナログの波形信号を用いた場合には、上位装置と下位装置との間で、A/D変換やD/A変換の精度やノイズ等の影響により、確実に信号を照合することが難しかった。
 これに対して、本実施形態のカードリーダ1の認証情報300および上位装置2の認証情報301は、アナログ信号を照合する期間ならびにサンプリング周期、および変位パターンを照合するための照合用データを含むことを特徴とする。 In addition, when a simple analog waveform signal is used, signals can be reliably verified between the upper device and the lower device due to the effects of A / D conversion, D / A conversion accuracy, noise, and the like. was difficult.
On the other hand, the authentication information 300 of the card reader 1 and the authentication information 301 of the host device 2 according to the present embodiment include a period for collating analog signals, a sampling cycle, and collation data for collating displacement patterns. It is characterized by.
 このように構成することで、本実施形態のカードリーダ1及び上位装置2では、上位装置及び下位装置のA/D変換やD/A変換の精度が高くなくても、ノイズ等が特定の程度だけ混入しても、A/D変換した受信デジタル信号と認証情報の変位パターンとを確実に照合することが可能となる。
 このため、ある程度のセキュリティ性の必要な製品の組み合わせに対応でき、また、それほど高度なセキュリティ性を要さない製品の組み合わせにも適用することが可能となる。また、コストが安くA/D変換やD/A変換の精度が高くない製品にも適用することができる。 With this configuration, in the card reader 1 and the host device 2 of the present embodiment, noise and the like are of a certain degree even if the A / D conversion and D / A conversion accuracy of the host device and the lower device are not high. Even if it is mixed only, it is possible to reliably collate the received digital signal after A / D conversion and the displacement pattern of the authentication information.
For this reason, it is possible to deal with combinations of products that require a certain level of security, and it is also possible to apply to combinations of products that do not require a high level of security. Further, the present invention can be applied to products that are low in cost and do not have high accuracy in A / D conversion and D / A conversion.
 また、本実施形態のカードリーダ1は、特定のタイミングで認証情報300を再設定する認証情報再設定部120を備え、送信デジタル信号作成部は、認証情報再設定部120により再設定された認証情報300により送信デジタル信号を作成し、D/A変換部40は、送信デジタル信号作成部により作成された、再設定された認証情報300に対応する送信デジタル信号を、アナログ信号に変換して上位装置2に送信することを特徴とする。 また、同様に、本実施形態の上位装置2は、特定のタイミングで認証情報301を再設定する認証情報再設定部121を備え、送信デジタル信号作成部は、認証情報再設定部121により再設定された認証情報301により送信デジタル信号を作成し、D/A変換部41は、送信デジタル信号作成部により作成された、再設定された認証情報301に対応する送信デジタル信号を、アナログ信号に変換してカードリーダ1に送信する。 Further, the card reader 1 of the present embodiment includes an authentication information resetting unit 120 that resets the authentication information 300 at a specific timing, and the transmission digital signal creation unit is an authentication reset by the authentication information resetting unit 120. The transmission digital signal is created from the information 300, and the D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit and corresponding to the reset authentication information 300 into an analog signal and converts it to an upper level. It transmits to the apparatus 2, It is characterized by the above-mentioned. Similarly, the host device 2 of this embodiment includes an authentication information resetting unit 121 that resets the authentication information 301 at a specific timing, and the transmission digital signal creation unit is reset by the authentication information resetting unit 121. The D / A converter 41 converts the transmission digital signal corresponding to the reset authentication information 301 generated by the transmission digital signal generator into an analog signal. To the card reader 1.
 すなわち、変位させるアナログ信号を特定のタイミングで再設定し、その再設定のタイミングで新しいアナログ信号を出力し、その状態を入力側がモニタし、次回の認証時にはその新しい変位パターンを使うことが可能である。
 このように構成することで、事故や故障やユーザの指示がある等の場合に、認証情報300、301を容易に再設定することが可能となる。よって、メンテナンス性を高めることができる。 In other words, it is possible to reset the analog signal to be displaced at a specific timing, output a new analog signal at the reset timing, monitor the state on the input side, and use the new displacement pattern at the next authentication. is there.
With this configuration, it is possible to easily reset the authentication information 300 and 301 in the event of an accident, failure, or user instruction. Therefore, maintainability can be improved.
〔他の実施の形態〕
 なお、上述の実施の形態においては、ATM等に組み込まれたカードリーダ1と上位装置2との間での相互認証を行う例について記載した。
 これに対して、カードリーダ内の制御部と暗号磁気ヘッド等のように、カードリーダ内部の各デバイス間で、本実施形態の相互認証を行うことも可能である。
 このように構成することで、デバイス構成等に柔軟に対応することができる。また、本実施形態の相互認証方式では、追加回路等を少なくできるため、従来は認証を行うことができなかったような構成のデバイス同士でも相互認証を行うことができる。 [Other Embodiments]
In the above-described embodiment, an example in which mutual authentication is performed between the card reader 1 incorporated in an ATM or the like and the host device 2 has been described.
On the other hand, mutual authentication according to the present embodiment can be performed between devices in the card reader, such as a control unit in the card reader and an encryption magnetic head.
With this configuration, it is possible to flexibly cope with a device configuration and the like. In the mutual authentication method of the present embodiment, since additional circuits and the like can be reduced, mutual authentication can be performed even between devices having a configuration that cannot be authenticated conventionally.
 また、上述の実施の形態においては、カードリーダ1として、接触式ICカードリーダ、非接触式ICカードリーダ、および磁気カードリーダを用いる例について記載した。
 しかしながら、本発明の他の実施の形態として、例えば、貨幣価値情報を扱う他の情報媒体に情報を読み込み又は書き出しする装置にも同様に用いることができる。たとえば、磁気ストライプが形成されている通帳に対して、磁気情報の読み出しまたは書き込みを行う装置等についても適用可能である。
 このように構成することで、情報媒体への処理を行うような装置について、容易に相互認証することが可能となる。 Further, in the above-described embodiment, an example in which a contact IC card reader, a non-contact IC card reader, and a magnetic card reader are used as the card reader 1 has been described.
However, as another embodiment of the present invention, for example, the present invention can be similarly used for an apparatus that reads or writes information on another information medium that handles monetary value information. For example, the present invention can be applied to a device that reads or writes magnetic information with respect to a passbook in which a magnetic stripe is formed.
With this configuration, it is possible to easily perform mutual authentication for an apparatus that performs processing on an information medium.
 また、上述の実施の形態においては、上位装置2の認証開始トリガにより下位装置であるカードリーダ1との認証を行う一例を示した。しかしながら、下位装置であるカードリーダ1の認証開始トリガにより上位装置2の認証を行って、真偽性を確認することも可能である。このため、上位装置2とカードリーダ1とで、状況によって、認証開始トリガをそれぞれ切り換えて送信してもよい。
 これにより、真偽性を相互に確認し合うことが可能となり、セキュリティが向上し、信頼性を高めることができる。 In the above-described embodiment, an example is shown in which authentication with the card reader 1 that is a lower-level device is performed by the authentication start trigger of the higher-level device 2. However, it is also possible to authenticate the host device 2 by the authentication start trigger of the card reader 1, which is a lower device, and confirm the authenticity. For this reason, the authentication start trigger may be switched and transmitted depending on the situation between the host device 2 and the card reader 1.
Thereby, authenticity can be mutually confirmed, security can be improved, and reliability can be enhanced.
 また、上述の実施の形態では、アナログ信号の波形について、変位の角度等(変位パターン)により照合する例について説明した。しかしながら、受信デジタル信号の波形そのものを以前に受信した受信デジタル信号の波形と比較するような構成も可能である。この場合、アナログ信号をA/D変換した受信デジタル信号の波形を、上位装置2から以前に取得してバッファに保存しておいた受信デジタル信号を認証情報300として、自己相関等を算出して比較する。このように構成することで、構成を簡単にすることができ、実装が容易になる。
 また、そもそも波形を比較するのではなく、サイン波や方形波の振幅や周期等により照合するような構成も可能である。また、受信デジタル信号にFFT(Fast Fourier Transform)等の処理を行って、特定の周波数成分の比率等で比較、照合するような構成も可能である。
 このように構成することで、単に波形の比較をするよりも、セキュリティを向上させることができる。 Further, in the above-described embodiment, the example in which the waveform of the analog signal is collated by the displacement angle or the like (displacement pattern) has been described. However, a configuration is also possible in which the waveform of the received digital signal itself is compared with the waveform of the received digital signal received previously. In this case, the auto-correlation and the like are calculated using the received digital signal obtained by previously acquiring the waveform of the received digital signal obtained by A / D converting the analog signal from the host device 2 and stored in the buffer as the authentication information 300. Compare. With this configuration, the configuration can be simplified and mounting becomes easy.
In addition, it is possible to employ a configuration in which the waveforms are not compared in the first place but are collated based on the amplitude or period of a sine wave or square wave. In addition, a configuration in which processing such as FFT (Fast Fourier Transform) is performed on the received digital signal to compare and collate with a ratio of a specific frequency component or the like is possible.
By configuring in this way, security can be improved rather than simply comparing waveforms.
 また、上述の実施の形態においては、上位装置2及びカードリーダ1が、それぞれA/D変換部20、21、およびD/A変換部40、41を備える例について記載した。しかしながら、出力側/入力側を上位装置/下位装置のように固定した組み合わせとしてもよい。すなわち、上位装置2はD/A変換部41を備えてA/D変換部21を備えず、カードリーダ1はA/D変換部20を備えてD/A変換部40を備えない構成、または、上位装置2はA/D変換部21を備えてD/A変換部41を備えず、カードリーダ1はD/A変換部40を備えてA/D変換部20を備えないといった構成であってもよい。このようにすることで、A/D変換部20、21、およびD/A変換部40、41のうち二つを削減することができ、コストを削減できる。 Further, in the above-described embodiment, the example is described in which the host device 2 and the card reader 1 include the A / D conversion units 20 and 21 and the D / A conversion units 40 and 41, respectively. However, a combination in which the output side / input side is fixed as in the upper apparatus / lower apparatus may be used. That is, the host device 2 includes the D / A conversion unit 41 and does not include the A / D conversion unit 21, and the card reader 1 includes the A / D conversion unit 20 and does not include the D / A conversion unit 40, or The host device 2 includes the A / D converter 21 and does not include the D / A converter 41, and the card reader 1 includes the D / A converter 40 and does not include the A / D converter 20. May be. By doing in this way, two of the A / D converters 20 and 21 and the D / A converters 40 and 41 can be reduced, and the cost can be reduced.
 また、上述の実施の形態においては、特定のタイミングで認証情報再設定処理を行う例について記載した。しかしながら、認証情報再設定処理は、工場出荷時以外にはできないように構成することも可能である。これにより、セキュリティを向上させられる。すなわち、よりセキュリティ性を高めるために、設置場所等での認証情報300、301の再設定は不可能としておくことも可能である。 Moreover, in the above-described embodiment, an example in which the authentication information resetting process is performed at a specific timing has been described. However, the authentication information resetting process can be configured to be performed only at the time of factory shipment. Thereby, security can be improved. That is, in order to further improve security, it is possible to make it impossible to reset the authentication information 300 and 301 at the installation location.
 また、上述の実施の形態においては、インタフェース部50、51からの認証開始トリガ及び認証情報再設定トリガにより、他装置での処理を開始するように記載した。
 しかしながら、D/A変換部40、41から、特定のバースト信号等を出力することで、認証開始トリガ及び認証情報再設定トリガを送信するように構成してもよい。
 このように構成することで、制御プログラムの指令等の送信等に係る処理を作成、変更する必要がなくなり、コストを削減することができる。 Further, in the above-described embodiment, it is described that the processing in the other apparatus is started by the authentication start trigger and the authentication information reset trigger from the interface units 50 and 51.
However, an authentication start trigger and an authentication information reset trigger may be transmitted by outputting a specific burst signal or the like from the D / A converters 40 and 41.
With this configuration, it is not necessary to create or change a process related to transmission of a control program command or the like, and costs can be reduced.
 なお、上記実施の形態の構成および動作は例であって、本発明の趣旨を逸脱しない範囲で適宜変更して実行することができることは言うまでもない。 It should be noted that the configuration and operation of the above-described embodiment are examples, and it is needless to say that the configuration and operation can be appropriately changed and executed without departing from the spirit of the present invention.
1 カードリーダ
2 上位装置
3 カード
10、11 制御部
20、21 A/D変換部
30、31 記憶部
40、41 D/A変換部
50、51 インタフェース部
100、101 認証処理部
110、111 送信デジタル信号作成部
120、121 認証情報再設定部
300、301 認証情報
X 相互認証システム DESCRIPTION OF SYMBOLS 1 Card reader 2 Host apparatus 3 Card 10, 11 Control part 20, 21 A / D conversion part 30, 31 Storage part 40, 41 D / A conversion part 50, 51 Interface part 100, 101 Authentication processing part 110, 111 Transmission digital Signal generators 120 and 121 Authentication information resetting units 300 and 301 Authentication information X Mutual authentication system

Claims (4)

  1.  時系列的に連続した波形であるアナログ信号を他装置から受信し、受信デジタル信号に変換するA/D変換部と、
     前記他装置との間で相互認証を行うための認証情報を記憶する認証情報記憶手段と、
     前記A/D変換部で変換された前記受信デジタル信号の変位パターンを前記認証情報記憶手段に記憶された前記認証情報と照合して認証する認証処理部と、
     前記認証処理部で認証が成功した場合、前記認証情報記憶手段に記憶された前記認証情報に対応する変位パターンの送信デジタル信号を作成する送信デジタル信号作成部と、
     前記送信デジタル信号作成部により作成された前記送信デジタル信号をアナログ信号に変換し、前記他装置に送信するD/A変換部とを備えることを特徴とする相互認証装置。     An A / D converter that receives an analog signal that is a continuous waveform in time series from another device and converts the analog signal into a received digital signal;
    Authentication information storage means for storing authentication information for mutual authentication with the other device;
    An authentication processing unit that authenticates by comparing the displacement pattern of the received digital signal converted by the A / D conversion unit with the authentication information stored in the authentication information storage unit;
    When authentication is successful in the authentication processing unit, a transmission digital signal creation unit that creates a transmission digital signal of a displacement pattern corresponding to the authentication information stored in the authentication information storage unit;
    A mutual authentication apparatus comprising: a D / A conversion unit that converts the transmission digital signal created by the transmission digital signal creation unit into an analog signal and transmits the analog signal to the other device.
  2.  前記認証情報は、前記アナログ信号を照合する期間並びにサンプリング周期、及び前記変位パターンを照合するための照合用データを含むことを特徴とする請求項1に記載の相互認証装置。 2. The mutual authentication apparatus according to claim 1, wherein the authentication information includes a period for verifying the analog signal, a sampling period, and verification data for verifying the displacement pattern.
  3.  前記認証情報を再設定する認証情報再設定部を備え、
     前記送信デジタル信号作成部は、前記認証情報再設定部により再設定された前記認証情報により前記送信デジタル信号を作成し、
     前記D/A変換部は、前記送信デジタル信号作成部により作成された、再設定された前記認証情報に対応する前記送信デジタル信号を、アナログ信号に変換して前記他装置に送信することを特徴とする請求項1又は2に記載の相互認証装置。     An authentication information resetting unit for resetting the authentication information;
    The transmission digital signal creation unit creates the transmission digital signal from the authentication information reset by the authentication information resetting unit,
    The D / A conversion unit converts the transmission digital signal corresponding to the reset authentication information created by the transmission digital signal creation unit into an analog signal and transmits the analog signal to the other device. The mutual authentication device according to claim 1 or 2.
  4.  時系列的に連続した波形であるアナログ信号を他装置から受信し、受信デジタル信号に変換し、
     前記他装置との間で相互認証を行うための認証情報を記憶し、
     変換された前記受信デジタル信号の変位パターンと、記憶された前記認証情報とを照合して認証し、
     認証が成功した場合、記憶された前記認証情報に対応する変位パターンの送信デジタル信号を作成し、
     作成された前記送信デジタル信号をアナログ信号に変換し、前記他装置に送信することを特徴とする相互認証方法。     Receives an analog signal that is a continuous waveform in time series from another device, converts it into a received digital signal,
    Storing authentication information for mutual authentication with the other device;
    Authenticate by comparing the converted displacement pattern of the received digital signal with the stored authentication information,
    When the authentication is successful, a transmission digital signal of a displacement pattern corresponding to the stored authentication information is created,
    A mutual authentication method, wherein the created transmission digital signal is converted into an analog signal and transmitted to the other device.
PCT/JP2016/081085 2015-10-30 2016-10-20 Mutual authentication device and mutual authentication method WO2017073448A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201680063127.5A CN108351934A (en) 2015-10-30 2016-10-20 It is mutually authenticated device and inter-authentication method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015214828A JP6453202B2 (en) 2015-10-30 2015-10-30 Mutual authentication device and mutual authentication method
JP2015-214828 2015-10-30

Publications (1)

Publication Number Publication Date
WO2017073448A1 true WO2017073448A1 (en) 2017-05-04

Family

ID=58630144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/081085 WO2017073448A1 (en) 2015-10-30 2016-10-20 Mutual authentication device and mutual authentication method

Country Status (3)

Country Link
JP (1) JP6453202B2 (en)
CN (1) CN108351934A (en)
WO (1) WO2017073448A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021044475A1 (en) * 2019-09-02 2021-03-11 アイマトリックスホールディングス株式会社 Text analysis system, and characteristic evaluation system for message exchange using said system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000307567A (en) * 1998-10-16 2000-11-02 Matsushita Electric Ind Co Ltd Digitally written work protecting system
JP2000330872A (en) * 1999-03-15 2000-11-30 Sony Corp Data processor, data processing system and method
JP2015008490A (en) * 2014-08-06 2015-01-15 日立コンシューマエレクトロニクス株式会社 Content distribution system and content distribution method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549490A (en) * 2003-05-12 2004-11-24 四川大学 Method and apparatus for conducting identification and speech signal secret communication
JP4919690B2 (en) * 2006-04-19 2012-04-18 シーイエス エレクトロニカ インダストリア エ コメルスィオ リミタダ Magnetic card reading system
US8068533B2 (en) * 2008-02-02 2011-11-29 Zanio, Inc. Receiver for GPS-like signals
CN102289618A (en) * 2011-07-19 2011-12-21 中山大学深圳研究院 Electrocardiosignal-based identity recognition method and device
US20130187764A1 (en) * 2012-01-20 2013-07-25 Alien Technology Corporation Dynamic analog authentication
CN103929311B (en) * 2014-04-28 2015-09-09 无锡北斗星通信息科技有限公司 A kind of challenge type dynamic password authentication method based on brain wave wave character

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000307567A (en) * 1998-10-16 2000-11-02 Matsushita Electric Ind Co Ltd Digitally written work protecting system
JP2000330872A (en) * 1999-03-15 2000-11-30 Sony Corp Data processor, data processing system and method
JP2015008490A (en) * 2014-08-06 2015-01-15 日立コンシューマエレクトロニクス株式会社 Content distribution system and content distribution method

Also Published As

Publication number Publication date
CN108351934A (en) 2018-07-31
JP2017084281A (en) 2017-05-18
JP6453202B2 (en) 2019-01-16

Similar Documents

Publication Publication Date Title
US8322608B2 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
US20050061875A1 (en) Method and apparatus for a secure RFID system
US8332915B2 (en) Information processing system, information processing apparatus, mobile terminal and access control method
US9118643B2 (en) Authentication and data integrity protection of token
EP3537337B1 (en) User authentication system and method for enrolling fingerprint reference data
US20080086645A1 (en) Authentication system and method thereof
JP2008181178A (en) Network output system, authentication information registration method, and authentication information registration program
US20150128258A1 (en) Authentication mode reporting
JP2003091704A (en) Storage unit with non-volatile memory and information processing device with freely detachable storage unit
JP5736689B2 (en) Security management system and security management method
JP5183517B2 (en) Information processing apparatus and program
JP2003030613A (en) Storage device and data processor provided with the storage device
JP6453202B2 (en) Mutual authentication device and mutual authentication method
JP4185680B2 (en) Storage device
CN108229202A (en) A kind of automatic full inspection method and device of smart card, computer installation, storage medium
WO2001026046A1 (en) Ic card, ic card issuing device, ic card issuing system, and ic card issuing method
US20200004608A1 (en) Information processing device and information processing method
JP5322788B2 (en) Information processing apparatus, information processing method, and program
US11777746B2 (en) Mutual authentication system and mutual authentication method
CN109889372A (en) Obtain method, apparatus, equipment and the storage medium of configuration information
EP3072094B1 (en) Biometric authentication system and biometric authentication method
JP5386860B2 (en) Payment system, payment processing apparatus, validity verification apparatus, validity verification request processing program, validity verification processing program, and validity verification method
JP5740644B2 (en) Electronic device apparatus, pairing processing method thereof and pairing monitoring method
JP6129489B2 (en) Biometric information acquisition apparatus, biometric authentication system, and biometric information acquisition method
JP2010128510A (en) Biological information authentication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859678

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859678

Country of ref document: EP

Kind code of ref document: A1