JP2003178032A - Authentication apparatus and method therefor, and person registering method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent an improper authentication processing. <P>SOLUTION: A passive entry authentication part 13 compares a identification signal 33a transmitted from a portable machine 2 with a identification signal 14a stored in a storing part 14 in advance, a biometric authentication part 103 compares the user's biometric information inputted from a sensor part 101 with the biometric information registered in the biometric database 104, and a control part 11 identifies the normal user when both of a result of the comparison of the authentication signals and a result of the comparison of the biometric information are agreed with each other, and controls a lock system 12 to open a door lock of an automobile 1. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication device, an authentication method, and a method of registering a person in an authentication device or device using the authentication method, which includes means for preventing unauthorized authentication processing.

[0002]

2. Description of the Related Art As a method used for door locks of automobiles, etc., a user has a portable device in the form of a key folder,
A door lock system, which is so-called a smart entry system, in which a user unlocks when approaching an automobile in response to an identification signal emitted from the portable device, is becoming popular.

FIG. 1 is a diagram for explaining a conventional smart entry type locking system. Control unit 11 of automobile 1
Is a CPU (Central Processing Unit), RAM (Random Ac
This is a so-called microcomputer composed of cessMemory) and ROM (Read Only Memory).
The U develops the program stored in the ROM into the RAM and executes the program to control the entire operation of the automobile 1. Note that, in FIG. 1, only the configuration for mainly controlling the automobile 1 is displayed, and, for example, illustration of the drive system and the like is omitted.

The lock system 12 is controlled by the control unit 11 and manages unlocking or locking of the door lock of the automobile. The passive entry authentication unit 13 has a communication unit 15
The inquiry signal is transmitted to the portable device 2 via the, and the corresponding identification signal 33a from the portable device 2 and the identification signal 14a previously stored in the storage unit 14 are compared, and the comparison result is controlled by the control unit. Output to 11.

The control unit 31 of the portable device 2 is a so-called microcomputer composed of a CPU, a ROM and a RAM, and the portable device 2 develops the program stored in the ROM in the RAM and executes the program. Control the overall behavior of. The control unit 31 controls the communication unit 32 to transmit the identification signal 33a stored in advance in the memory 33 in response to the inquiry signal transmitted from the automobile 1.

Next, the operation of the smart entry system shown in FIG. 1 will be described.

The control unit 11 controls the communication unit 15 to detect when the portable device 2 approaches within a distance, and controls the passive entry authentication unit 13 to send an inquiry signal via the communication unit 15. To be transmitted to the portable device 2. Upon receiving the inquiry signal from the automobile 1 via the communication unit 32, the control unit 31 of the portable device 2 reads the identification signal 33a stored in advance in the memory 33, controls the communication unit 32, and causes the automobile 1 to operate. Send it.

When the control unit 11 of the automobile 1 recognizes that the identification signal 33a is received via the communication unit 15, the control unit 11 causes the passive entry 13 to output the signal. The passive entry authentication unit 13 uses the identification signal 33 transmitted from the mobile device 12.
a is compared with the identification signal 14a stored in the storage unit 14 in advance, and the comparison result is output to the control unit 11. For example, when the comparison results match, the user who owns the portable device 12
Assuming that the user is an authorized user of the automobile 1, the lock system 12 is controlled to unlock the lock. If the comparison results do not match, it is considered that the user carrying the portable device 12 is not an authorized user of the automobile 1 and the lock system 12
Keep the locked state without operating.

As described above, by using the smart entry system, if the authorized user has the portable device 12 and approaches the vehicle 1 within a predetermined distance, he / she does not need to be aware of the door lock unlocking operation. It can be unlocked, and the locked state can be maintained for unauthorized users.

[0010]

However, in the above-mentioned smart entry system, the owner of the automobile 1 can listen to the inquiry signal and the identification signal of the automobile 1 and the portable device 2 by a method called a relay team attack. There is a risk of being unlocked by an unauthorized user.

The relay team attack is, as shown in FIG.
1, 52 are respectively possessed, one approaches the automobile 1 and the other approaches the authorized user. The repeaters 51 and 52 are provided with communication units 72 and 82 controlled by the control units 71 and 81, respectively, and the operation unit 7
When 3, 83 are operated, the inquiry signal and the identification signal can be illegally exchanged.

That is, when the unauthorized user A carries the repeater 51 and approaches the automobile 1 (at a short distance), the passive entry authentication unit 13 of the automobile 1 transmits an inquiry signal via the communication unit 15. The relay device 51 relays this inquiry signal and is near a regular user who is distant from the automobile 1 (which is distant from the ordinary automobile 1 by a medium or long distance beyond the distance at which the portable device 2 can be detected). It is transmitted to the repeater 52 possessed by the unauthorized user B (who is in a close range).

The relay device 52 relays the inquiry signal transmitted from the relay device 51 and transmits it to the portable device 2. Then, the portable device 2 transmits the identification signal 33a as if the portable device 2 approaches the automobile 1. The repeater 52 relays this identification signal 33a and transmits it to the repeater 51.
The relay 51 relays the identification signal 33a transmitted from the relay 52 and transmits it to the automobile 1.

Passive entry authentication unit 13 of automobile 1
Compares the identification signal 33 a relayed from the relay device 51 with the identification signal 14 a previously stored in the storage unit 14, and outputs the comparison result to the control unit 11. At this time, since the identification signal 33a is transmitted from the portable device 2 owned by the authorized user, the comparison results are in agreement.

Therefore, it is the unauthorized user A who is approaching the automobile 1, and the control unit 11 controls the lock system to control the automobile 1 even though the authorized user is away from the automobile 1. Unlock the lock.

As a result, the unauthorized users A and B possess the relays 51 and 52, respectively, and approach the vehicle 1 and the authorized user, so that the unauthorized users A and B unlock the vehicle 1 without being noticed by the authorized user. It can be locked.

As described above, according to the relay team attack method, there has been a problem that an unauthorized user performs an unauthorized authentication process, and an automobile door lock is unlocked.

The present invention has been made in view of such circumstances, and it is possible to prevent unauthorized use of the smart entry system.

[0019]

The authentication device and the authentication method of the present invention include an identification signal of a portable device transmitted from a portable device (for example, a remote controller transmitter in a keyless entry system of an automobile) and an authentication device main body (this). Authenticates with the identification signal stored in (for example, it may be built in a car). On the other hand, the input biometrics information (fingerprint, face image, voiceprint, retina pattern, human face, etc.) is compared with prestored biometrics information to perform person authentication. If the two authentication results match, the final authentication is made.

As a result, the authentication based on the identification of the portable device,
A double check with the authentication based on the biometrics information is performed, so that the illegal authentication process can be prevented with higher accuracy.

In a preferred embodiment, the biometrics information is stored in association with the person authentication number when the information is stored, and when the identification number is transmitted from the portable machine, the person identification number built in the portable machine is also stored. Send. Then, at the time of person authentication, the biometrics information corresponding to the received person identification number is called and compared with the input biometrics information.

The effect of the present embodiment when an authentication apparatus having a person authentication function is installed in a vehicle will be further described. Since the temperature inside a vehicle often becomes high, the arithmetic processing unit (CPU) incorporated in the authentication device needs to have a certain heat resistance in order for the authentication device mounted on the vehicle to operate normally. However, a CPU having a certain heat resistance does not have a high processing speed. As an example, a result obtained by experiments by the inventors of the present invention is that it takes 1.5 seconds to collate one input fingerprint data and one pre-stored fingerprint data by using a heat-resistant CPU. Was given. Furthermore, considering the case where the fingerprint data for four fingers is stored as the data for one person and the authentication processing is performed by comparing them with one input fingerprint data, the data for one person is used. Even if only verification / authentication is performed, it takes four times 1.5 seconds, that is, 6 seconds.

Therefore, it is important to perform a person authentication process by making some selection from the biometrics information stored in advance, particularly in an authentication process in a place where heat resistance is required of the authentication device such as an automobile. . In the present embodiment, since the selection is performed based on the received personal identification number, the authentication process is not prolonged and is practical.

[0024] In a further preferred embodiment, the person identification number is divided into a first type and a second type. What is the first-class personal identification number?
For example, the owner of the automobile having the identification device built therein is identified, and the second type person identification number identifies, for example, a user who drives the automobile other than the owner. Then, in order to register the person identified by the second type person identification number (user other than the owner), the person identified by the first type person identification number is registered in advance, and the bio The metric information needs to be authenticated.

As a result, the person identified by the first-class person identification number can prevent the user from registering the user without his knowledge, and the effect of preventing unauthorized authentication processing is further enhanced.

In a further preferred embodiment, when the person identified by the first type person identification number is newly registered, all the second type person identification number and the biometrics information corresponding thereto which have been stored are deleted. It is that.

As a result, when the person identified by the first-type person identification number, for example, the owner of the automobile having the identification device built therein is registered newly, the user of the previous automobile owner permits the user registration. Will not be able to drive this car, so you can prevent it from being stolen illegally.

[0028]

FIG. 3 is a diagram showing the configuration of an embodiment of a smart entry system according to the present invention.
Note that, in FIG. 3 and subsequent figures, portions corresponding to those in the conventional drawings are denoted by the same reference numerals, and description thereof will be omitted as appropriate. Further, in this embodiment, the biometrics information refers to a fingerprint.

The configuration of the automobile 1 shown in FIG. 3 differs from that of the conventional automobile shown in FIG. 1 in that the sensor unit 101, the input unit 102, the biometrics authentication unit 103, the biometrics database 104, the storage unit 105, and the engine immobilizer. 106 and a storage unit 107 are provided. Further, a timer (not shown) is built in the control unit 11, and the timer is driven to assist the control in various controls involving time measurement.

When the sensor section 101 is controlled by the control section 11 and instructed to operate, the biometrics information of the authorized user is input by requesting the user to input biometrics information through a speaker or the like (not shown). Then, the information is converted into digital information and output to the biometrics authentication unit 103. Since the biometrics information is a fingerprint here, the sensor unit 101 has a CCD (Char
ge Coupled Device) that uses a fingerprint input device. At this time, the sensor unit 101 can be installed on the outside of the vehicle, but if it is installed on the dashboard of the driver's seat in the vehicle, the usability is improved.

The input unit 102 is operated when the user tries to execute a predetermined process, and outputs a signal according to the operation to the control unit 11. Although a specific configuration can be made up of a tablet button, a keyboard, etc., it can be made up of a mode changeover switch 102a, a ten-key pad 102b, and a card reader 102c as shown in FIG. 4, for example.

The mode selector switch 102a switches between an authentication mode for authenticating a user to lock or unlock the lock system 12 and a registration mode for registering biometrics information such as a fingerprint. The ten-key pad 102b is used to input numerical values such as numbers. The card reader 102c accepts a secret card necessary for initial registration of the car owner and reads the data in the card. An initializing code number for initial registration of the owner is printed on the surface of the secret card and recorded as magnetic data. However, some secret cards have only one of printing and data recording.

The input unit 102 may be installed anywhere in the vehicle, but if the input unit 102 is installed side by side with the above-mentioned sensor unit 101 on the dashboard of the driver's seat in the vehicle, the usability will be improved.

The biometrics authentication unit 103 stores the biometrics information of the authorized user input to the sensor unit 101 at the time of registration in the biometrics database 104. When authenticating the user, the biometrics information input from the sensor unit 101 is stored. It compares with the metrics information and outputs the comparison result to the control unit 11. In addition, when registering biometrics information, the biometrics authentication unit 103 uses PIN (Personal Identifier Num) as corresponding digital information.
ber: identification number of biometrics information) is set and registered, and this PIN is further encrypted, and the communication unit 1
5, the information is transmitted to the portable device 2 owned by each authorized user, and is stored in association with each biometrics information as shown in FIG.

There are various forms of storing the PIN and the biometrics information in association with each other. Here, the biometrics information is a fingerprint, so as shown in FIG.
And biometrics information for four fingers are associated and stored. The reason for this is to prepare for a case where one or two fingers become unsuitable for fingerprint recognition due to finger stains or external damage. However, 1-3 or 5 for one PIN
Of course, the above biometrics information may be stored in association with each other.

The PIN of the car owner (owner P
IN) and PINs of other users (user PINs) are to be distinguished. The owner of a car has a strong authority, for example, the permission (authentication) of the owner is required for other users to register.

There are many possible methods for distinguishing the owner PIN from the user PIN. As an example, the PIN is a four-digit number, the owner PIN is the first digit of 1, and the user PIN is the first digit. There is a method such as 2. The lower three digits of both PINs are randomly generated using random numbers or the like.

When the encrypted PIN is transmitted from the portable device 2 together with the biometrics information at the time of authentication, the biometrics authentication unit 103 inputs the biometrics information corresponding to the PIN to the sensor unit 101. Compare the biometrics information provided. By this processing, the biometrics authentication unit 103 receives the input biometrics information and the biometrics database 1
It is possible to avoid the comparison processing with a plurality of biometrics information stored in advance in 04, and it is only necessary to execute the comparison processing necessary for the authentication, so that it is possible to improve the authentication processing speed.

The storage unit 105 stores a keyless entry ID 105a registered in advance for each portable device 2. The keyless entry ID 105a is pressed when a user who has not registered biometrics information in advance borrows the portable device 2 from an authorized user to unlock the door of the automobile 1. The lock system 12 compares the keyless entry ID 33c transmitted when the keyless entry button 121 of the portable device 2 is pressed with the keyless entry ID 105a registered in advance, and the control unit 11
When they match, the lock system 12 is controlled to unlock the door.

The engine immobilizer 106 is the portable device 2
The immobilizer ID 33d stored in advance in the memory 33 transmitted from the memory 33 is compared with the immobilizer ID 107a stored in the storage unit 107, and ON / OFF (engine lock) of the engine ignition is controlled depending on whether they match. . When the engine immobilizer 106 controls the engine to be turned on, the engine of the automobile 1 is controlled to be electrically started when an operation to start the engine is performed, and when the engine is controlled to be turned off, the engine is electrically controlled. Control to a state that cannot be started. Therefore, in the unlikely event that the lock system 12 is illegally operated,
Even if an unauthorized user can invade the automobile 1, the engine cannot be started unless the engine immobilizer 106 can be turned on (release the engine lock).

Next, the portable device 2 will be described.

Compared to the portable device 2 of FIG. 1, in the portable device 2 to which the present invention is applied, the PIN 33b, the immobilizer ID 33d, and the keyless entry ID 33c are stored in the memory 33 in advance, and further, the keyless entry button 121.
Is provided.

The PIN 33b is received in the encrypted state and stored in the memory 33 when the biometrics information is registered in the automobile 1 as described above. Here, for one portable device, one owner PIN and one user PI
N1 persons can be input and stored. One car is designated as one owner, and the owner PIN can only store one car. However, regarding the user PIN, the specification may be such that the storage capacity of the memory 33 is increased and then the user PINs for two or more persons are stored.

The keyless entry ID 33c and the immobilizer ID 33d are stored together with the keyless entry ID 105a stored in the storage unit 105 of the automobile 1 and the immobilizer ID 107a stored in the storage unit 107 at the time of manufacturing. The immobilizer ID 33d, the keyless entry ID 33c, the keyless entry ID 105a,
Also, the immobilizer ID 107a may be configured to be changeable as necessary.

Next, the biometrics information registration process will be described with reference to the flowcharts of FIGS.

In step S1 of FIG. 6, the control unit 11 of the automobile 1 determines whether or not the mode changeover switch 102a is in the registration mode, and if it is in the registration mode, the process proceeds to step S2. If not, the above determination is repeated again at regular intervals.

In step S2, the control unit 11 controls the passive entry authentication unit 13 and the communication unit 15 to send an inquiry signal for registration to the portable device 2.

In step S11, the control unit 31 of the portable device 2 controls the communication unit 32 to determine whether the inquiry signal for registration has been received, and if so, the process proceeds to step S22. If not, the above determination is repeated at regular intervals.

In step S12, the control section 31
The communication unit 32 is controlled to transmit the portable machine identification signal 33a to the automobile 1.

In step S3, the control unit 11 controls the communication unit 15 to determine whether or not the identification signal of the portable device has been received. If it has been received, then the passive entry authentication unit 13 is controlled so that the received identification signal 33a of the portable device is stored in the storage unit 14 in advance.
It is determined whether or not it matches a. If they match, the process proceeds to step S4. If a signal matching the identification signal 14a is not received within a predetermined time after the inquiry signal is transmitted in step S2, the process ends.

In step S4, the control unit 11 refers to the biometrics database 104 and confirms whether or not the data of the owner of the automobile has been registered. If registered, proceed to step S5, and if not registered, jump to (A1).

In step S5, the user is prompted to enter owner registration or user registration. Specifically, a speaker (not shown) gives an instruction to press "1" on the ten-key pad 102b for owner registration and "2" for user registration.

In step S6, it is determined whether or not the ten key 1 is pressed within a fixed time after the instruction is issued.
If 1 is pressed, jump to (A1), and if not, step S
Proceed to 7.

In step S7, it is determined whether or not the numeric keypad 2 is pressed within a fixed time after the instruction is issued.
If 2 is pressed, the process proceeds to (A2), and if not, the process ends.

FIG. 7 is a flow chart when performing owner registration.

In step S21, the initialization code number of the secret card is input. The input may be read by inserting the secret card into the card reader 102c, or the initialization code number written on the surface of the secret card may be read on the ten-key pad 102.
You may enter it with b.

In step S22, it is determined whether or not the input initialization code number is correct. Specifically, the initialization code number recording unit (not shown) in the automobile is referred to, and the control unit 11 collates with the input number. If both numbers match, step S2
The process proceeds to step 3, and if they do not match, the process ends.

In step S23, i is set to an initial value of 1. In step S24, it is confirmed whether or not 3 minutes have elapsed from the start of registration. If 3 minutes have elapsed, the process ends, and if not, the process proceeds to step S25. Note that 3 minutes is a value that limits the time until the biometrics information (fingerprint) registration for 4 fingers is completed, and the value may be appropriately specified even if it is not 3 minutes.

In step S25, the biometrics information of the i-th finger is registered. Since the initial value is i = 1, registration is started from the first finger. The specific work of registration is to apply the fingerprint portion of the finger to the sensor unit 101 and read it. It is up to the owner to register with which finger to start registration.

In step S26, it is confirmed whether or not the biometrics information could be read normally. If it is read normally, the process proceeds to step S27, and if not, step S27
Return to 25 and read again.

In step S27, the value of i is incremented by 1. If the biometrics information registration of the first finger is completed (i = 1), i is incremented by 1 to 2 and then 2
The biometrics information of the first finger will be registered. Similarly, if biometrics registration of four fingers is completed (i = 4), i
= 5.

In step S28, it is determined whether i is 5 or more. If the registration of biometrics information for four fingers is completed and i = 5, the process proceeds to step S29, and if not, it means that the registration for four fingers is not completed yet, so the process returns to step S24. .

In step S29, an owner PIN is generated, and the owner PIN and biometrics information for four fingers are stored in the biometrics database 104.

In step S30, the owner PIN is encrypted and then sent to the portable device. And step S31
Then, the portable device receives the encrypted owner PIN and stores it in the memory 33.

When the new owner PIN is generated by newly performing the owner registration, the registration contents of the other users (the set of the user PIN and the fingerprint data) are all deleted.

FIG. 8 is a flowchart for user registration.

In step S201, the biometrics database 104 is checked to see if additional user registration can be made for the portable device 2. In this example, the portable device 2 can register for one user PIN, but if 1
If another user PIN is registered, additional registration cannot be performed.

If additional user registration is possible, the process proceeds to step S202, and if not, the process ends. In addition, when ending the processing here, for example, a speaker (not shown) indicates that "No more user registration is possible. Please delete the existing user registration before registering."
The operator can be alerted by playing a voice such as.

In step S202, owner authentication for user registration is performed. Owner authentication is performed to prove that the new registration of the user is performed with the consent of the owner. As a specific procedure, the owner's finger is applied to the sensor unit 101 and the input fingerprint is If the owner is registered in the biometrics database 104 in advance, user registration is permitted.

In step S203, it is confirmed whether or not the owner has been authenticated, and if the owner has been authenticated, step S204.
If not, the process ends.

Steps S204 to S209 are steps S23 to S2 in the owner registration procedure of FIG.
The same as up to 8. The biometrics information for four fingers of the user is sequentially registered, and when the registration for four fingers is completed, the process proceeds to step S210.

In step S 210, the user PIN is generated and stored in the biometrics database 104.
The biometrics information for IN and four fingers is stored.

In step S211, the user PIN is encrypted and then sent to the portable device. And step S21
In 2, the portable device receives the encrypted user PIN and stores it in the memory 33.

By the way, existing user registration (user PI
A procedure for deleting N and a set of biometrics information for four fingers) can be separately determined. As an example, in the state where the mode change switch 102a is in the registration mode, the "0" on the numeric keypad 102b is pressed twice, and then the owner authentication is performed in the same procedure as in steps S202 and S203 described above. Enter “9” on the numeric keypad 102b to 2
Press twice. With the operation procedure as in this example, the user registration can be deleted under the condition that the owner is authenticated, as in the case of the user registration.

Through the above processing, the biometrics information is registered in the biometrics database 104 of the automobile 1 together with the PIN, and the PIN is encrypted and stored in the portable device 2.

Next, while the registration of the biometrics information of FIG. 5 is completed, the user carries the portable device 2 and
Entry processing for unlocking the door lock of the automobile 1 will be described with reference to the flowchart in FIG.

In step S41, the control unit 11 of the automobile 1 controls the communication unit 15 to determine whether or not the portable device 2 is detected within a predetermined range. In this case, since the entry processing is performed, when the user enters the vehicle 1 within a range of, for example, 1 m, that is, the portable device 2
It is assumed that the communication unit 15 senses the portable device 2 when the vehicle 1 approaches a range within 1 m from the vehicle 1. Control unit 1
1 indicates that the user has a portable device 2 and is 1 m from the car 1.
The communication unit 15 is similarly controlled until it is detected that the distance is within the range of 1 m, and if it is detected that the distance is within the range of 1 m, the process proceeds to step S42. It should be noted that the range in which the automobile 1 detects the portable device 2 does not have to be 1 m, but it is usually about 2 to 5 m, and when a person walks and approaches the car, the approach can be detected and unlocked. It only needs to be a distance that can secure time.

In step S42, the passive entry authentication unit 13 controls the communication unit 15 to transmit the inquiry signal for passive entry authentication to the portable device 2.

In step S71, the control unit 31 of the portable device 2 controls the communication unit to determine whether or not the inquiry signal is received, and repeats the processing until the inquiry signal is received. When it is determined that the inquiry signal is received by the processing of S42,
The process proceeds to step S72.

In step S72, the control section 31
The identification signal 33a and the PIN 33b are read out from the memory 33, and the communication unit 32 is controlled to be transmitted to the automobile 1. When sending the PIN 33b, the owner P
Both IN and user PIN are transmitted, but only one of them may be selectively transmitted. Specifically, the keyless entry button 121 of the portable device 2
Press twice to send only the owner PIN, press three times continuously to send only the user PIN,
It is possible to set such as.

In step S43, the control section 11
The communication unit 15 is controlled to determine whether the identification signal and the PIN have been received from the portable device 2. For example, step S72
When it is determined that the identification signal 33a and the PIN 33b have been received by the processing of step, the processing proceeds to step S44.

In step S44, the passive entry authentication unit 13 outputs the received identification signal 33a to the storage unit 1.
It is determined whether or not it is the identification signal 14a previously stored in No. 4. For example, when it is determined that the received identification signal 33a is the previously registered identification signal 14a (the same), the process proceeds to step S45.

In step S45, the control section 11
The sensor 101 is controlled to enter biometrics information or request a keyless entry ID. That is, in effect, requesting biometrics information to a user who has biometrics information registered, and pressing the keyless entry button 121 to a user who does not have biometrics information registered. You will have to request.

In step S46, the control section 11
The sensor 101 is controlled to determine whether biometrics information is input. For example, when the user who has the portable device 2 inputs biometrics information, the process proceeds to step S47.

In step S47, the biometrics authentication unit 103 compares the biometrics information input into the sensor 101 and digitized with the biometrics information corresponding to the PIN and registered in advance in the biometrics database 104. .

In step S 48, the biometrics authentication unit 103 determines whether the comparison results match and outputs the determination result to the control unit 11. For example, when it is determined that the comparison results match, the process proceeds to step S49, and the control unit 11 causes the lock system 1
Control 2 to unlock the door.

In the above processing, the biometrics information is input and the keyless entry button 121 is not pressed in step S46. Therefore, in step S73, the keyless entry button 121 is pressed.
Is determined not to be pressed, and the process of step S74 is
The process is skipped and the process ends.

In step S43, the identification signal 33a
When it is determined that the PIN 33b and the PIN 33b are not received, the control unit 11 determines in step S50 whether or not a predetermined time or more has passed. If it is determined that the predetermined time or more has not passed, the process is step S43. If it is determined that the predetermined time or more has elapsed, the process ends.
That is, the fact that the identification signal and the PIN are not received means that it is not the legitimate portable device 2 that has sensed within the predetermined range near the automobile 1, and the process ends.

In step S44, if the identification signal 33a transmitted from the portable device 2 is not the previously registered identification signal 14a, it is considered that the authorized user does not have the portable device 2 and the process ends. To be done.

When it is determined in step S46 that biometrics information is not input, step S5
At 1, it is determined whether a keyless entry ID has been received. For example, the keyless entry button 121 of the portable device 2 is pressed, and in step S73, the portable device 2
If it is determined that the keyless entry button 121 has been pressed, the control unit 31 controls the communication unit 32 so that the keyless entry ID is stored in the memory 33 in step S74.
33c is read out and transmitted to the automobile 1. At this time, the automobile 1 receives the keyless entry ID 33c, so that it is determined in step S51 that the keyless entry ID 33c has been received. Then, in step S52, the control unit 11 causes the lock system 12 to operate.
And the received keyless entry ID 33c and the keyless entry ID 105a stored in the storage unit 105.
Then, in step S53, it is determined whether or not the received keyless entry ID 33c matches the previously stored keyless entry ID 105a. When it is determined in step S53 that both the keyless entry ID 105a and the keyless entry ID 33a match, the control unit 11 determines that the portable device 2 owned by the user is owned by the authorized user, and The process proceeds to step S49.

If it is determined in step S53 that the keyless entry ID 105a and the keyless entry ID 33a do not match each other, the portable device 2 is not a legitimately registered one, so it is considered that it is not an authorized user who possesses it. , The process ends. That is, the door lock is not released.

If it is determined in step S48 that the input biometrics information is not previously registered in the biometrics database 104,
The user considers that he is not a legitimate user, and the process is
Will be terminated.

If it is determined in step S51 that the keyless entry ID has not been received, step S51
At 54, it is determined whether or not a predetermined time or more has elapsed, and when it is determined that the predetermined time or more has not elapsed,
The process returns to step S46, and the processes of steps S46, S51, and S54 are repeated until a predetermined time elapses. When it is determined in step S54 that the predetermined time or more has elapsed, the user inputs biometrics information. It is considered that there is no intention to do this or to press the keyless entry button 121, and the processing ends.

As described above, the lock system 12 unlocks the door lock of the automobile 1 based on the identification signal for identifying the portable device 2 owned by the user and the biometrics information of the user. Even if a method such as attack is used, the door lock cannot be unlocked illegally, and the authorized user can unlock the door lock only by a simple input operation of biometrics information.

Furthermore, if the engine immobilizer 106 controls the engine lock in the same manner, it becomes possible to prevent theft of the automobile 1 by an unauthorized user with higher accuracy.

Now, the process of unlocking the engine lock of the engine immobilizer 106 will be described with reference to the flowchart of FIG.

In step S91, the control unit 11 of the automobile 1 controls the communication unit 15 to determine whether or not the portable device 2 is detected within a predetermined range. In the present case, since it is the unlocking process of the engine lock of the engine immobilizer, it is premised that the user is operating in the car 1, and furthermore, it is normal that the user is sitting near the driver's seat. For example, the communication unit 15 detects the portable device 2 when the portable device 2 enters a range within 50 cm with respect to the steering in the vehicle, that is, when the portable device 2 approaches a range within 50 cm with respect to the steering. It shall be. The control unit 11 similarly controls the communication unit 15 until the user carries the portable device 2 and senses that the user approaches the distance within 50 cm from the steering wheel of the automobile 1. For example, the control unit 11 approaches the distance within 50 cm from the steering wheel. If it is sensed, the process proceeds to step S92. It should be noted that the range in which the automobile 1 detects the portable device 2 does not have to be within 50 cm from the steering wheel, and may be any distance at which the user can recognize that the user has boarded the automobile.

In step S92, the passive entry authentication section 13 controls the communication section 15 to transmit an inquiry signal for passive entry authentication to the portable device 2.

In step S121, the control unit 31 of the portable device 2 controls the communication unit to determine whether or not the inquiry signal is received, and repeats the processing until the inquiry signal is received. If it is determined by the process of S92 that the inquiry signal has been received, the process proceeds to step S122.

In step S122, the controller 31
Reads the identification signal 33a and the PIN 33b from the memory 33 and controls the communication unit 32 to transmit the identification signal 33a and the PIN 33b to the automobile 1. When sending the PIN 33b, the owner P
Although both the IN and the user PIN are transmitted, it is also possible to selectively transmit only one of the PINs by the method described in the description of step S72 in FIG.

In step S93, the control section 11
The communication unit 15 is controlled to determine whether the identification signal and the PIN have been received from the portable device 2. For example, step S12
When it is determined by the process of 2 that the identification signal 33a and the PIN 33b are received, the process proceeds to step S94.

In step S94, the passive entry authentication unit 13 sends the received identification signal 33a to the storage unit 1.
It is determined whether or not it is the identification signal 14a previously stored in No. 4. For example, when it is determined that the received identification signal 33a is the pre-registered identification signal 14a (the same), the process proceeds to step S95.

In step S95, the control section 11
The sensor 101 is controlled to request either input of biometrics information or placing the portable device 2 at a predetermined position. That is, the biometrics information is requested to the user whose biometrics information is registered, and the portable device 2 is placed at a predetermined position to the user whose biometrics information is not registered. To do.

At step S96, the control section 11
The sensor 101 is controlled to determine whether biometrics information is input. For example, when the user who has the portable device 2 inputs the biometrics information, the process proceeds to step S97.

In step S97, the biometrics authentication unit 103 decrypts the biometrics information digitized and encrypted by the sensor 101, and registers it in the biometrics database 104 corresponding to the PIN in advance. Compare with existing biometrics information.

In step S98, the biometrics authentication unit 103 determines whether the comparison results match and outputs the determination result to the control unit 11. For example, when it is determined that the comparison results match, the process proceeds to step S99, and the control unit 11 controls the engine immobilizer 106 to unlock the engine lock.

In the above processing, in step S96, whether biometrics information has not been input,
Alternatively, since the portable device 2 is not placed at the predetermined position, it is determined in step S123 that the portable device 2 is not placed at the predetermined position, and step S12
The processing of No. 4 is skipped and the processing ends.

In step S93, the identification signal 33a
If it is determined that the PIN 33b and the PIN 33b are not received, the control unit 11 determines in step S100 whether or not a predetermined time or more has elapsed, and if it is determined that the predetermined time or more has not elapsed, the process is step S93. If it is determined that the predetermined time or more has elapsed, the process ends. That is, the fact that the identification signal and the PIN are not received means that it is not the legitimate portable device 2 that has sensed within the predetermined range near the automobile 1, and the process ends.

In step S94, if the identification signal 33a transmitted from the portable device 2 is not the previously registered identification signal 14a, it is considered that the authorized user does not have the portable device 2 and the process ends. To be done.

When it is determined in step S96 that biometrics information is not input, step S1
At 01, it is determined whether the immobilizer ID is received. For example, when the portable device 2 is placed in a predetermined position and it is determined in step S123 that the portable device 2 is placed in the predetermined position, the control unit 31 controls the communication unit 32 in step S124. And memory 33
The immobilizer ID 33d thus read out is transmitted to the automobile 1. Whether or not the portable device 2 is placed at a predetermined position is determined by, for example, providing a dedicated tray having the same shape as the portable device 2 and mechanically indicating that the portable device 2 is placed on the tray.
Alternatively, it may be configured to detect by electric type.

At this time, since the immobilizer ID 33d is received via the communication section 15, it is determined in step S101 that the immobilizer ID 33d has been received.
Further, in step S102, the lock system 1
2 receives the immobilizer ID 33d and the storage unit 107
Compared with the immobilizer ID 107a stored in
Immobilizer ID received in step S103
It is determined whether or not 33d matches the immobilizer ID 107a stored in advance. When it is determined in step S103 that both the immobilizer ID 105a and the immobilizer ID 33a match, the control unit 11 determines that the portable device 2 owned by the user is owned by an authorized user, and the processing thereof is performed. Proceeds to step S99.

In step S103, the immobilizer
If it is determined that the ID 107a and the immobilizer ID 33a do not match, the portable device 2 is not a legally registered one, so the user who possesses it is considered not to be an authorized user, and the process ends. That is, the engine lock is not released.

When it is determined in step S98 that the input biometrics information is not previously registered in the biometrics database 104,
The user considers that he is not a legitimate user, and the process is
finish.

In step S101, the immobilizer
If it is determined that the ID has not been received, step S1
In 04, it is determined whether or not a predetermined time or more has elapsed, and when it is determined that the predetermined time or more has not elapsed,
The process returns to step S96, and the processes of steps S96, S101, and S104 are repeated until a predetermined time elapses, and when it is determined in step S104 that the predetermined time or more has elapsed, the user inputs biometrics information. The processing ends, assuming that there is no intention to do so and that there is no intention to place the portable device 2 in a predetermined position.

As described above, the lock system 12 unlocks the engine lock of the automobile 1 on the basis of the identification signal for identifying the portable device 2 owned by the user and the biometrics information of the user. Even if the door lock is unlocked, the engine lock cannot be unlocked, and the authorized user can unlock the door lock and the engine lock with a simple operation.

According to the above, the authentication processing performed between the devices used for authentication (in the above example, the automobile 1 and the portable device 2),
By combining the authentication processing based on the biometrics information of the authorized user, it is possible to prevent unauthorized authentication at a high angle.

In the above embodiments, an example in which only one owner PIN and one user PIN can be registered has been mainly introduced, but by increasing the capacity of the memory 33 in the portable device 2, A plurality of PINs can be registered, and the biometrics database 104 in the automobile 1 can also store user PINs and biometrics information (fingerprints, etc.) for the number of people who can be registered in the portable device. Furthermore, since the number of portable devices 2 that can be used for one automobile 1 can be increased as needed, a large number of sets of user PINs and biometrics information are stored in the biometrics data 104. Sometimes At this time, by operating the keyless entry button 121 of the portable device 2 as appropriate, the specific owner PIN or user PI
If only N is sent to the car 1, the PIN sent from the portable device 2 is used for the authentication of the owner or the user.
By calling only the biometrics information corresponding to the above from the biometrics database 104, the time required for authentication (particularly, matching of biometrics information) can be shortened.

In addition to this, the sensor unit 101 has a fingerprint reading function as well as a living body detection function, and if the finger placed on the sensor unit is a "fake product made of rubber or the like", authentication of the owner or the user is required. Embodiments of discontinuing are also conceivable.

Further, although many hotels have a service called "valley parking" in which employees drive cars and store them in a predetermined parking lot, hotel employees who have not registered fingerprints can use the present invention. It is not possible to drive a car equipped with. For this, the following measures can be taken so that the employee can drive temporarily.

First, while the mode change switch 102a is in the operation mode, a predetermined numerical value (such as "5963") is input from the ten-key pad 102b, and then the sensor unit 101 reads the fingerprint of the owner or the user. .
This gives hotel employees a certain amount of time (eg 15 minutes)
Only give the authority to drive the car and have the car stored in the parking lot within a certain time. After a certain period of time, the lock system 12 in the automobile 1 operates to lock the door of the automobile.

In the above description of the embodiments, the biometrics information is the fingerprint, but biometrics information other than the fingerprint can be used. At that time, if image data obtained by photographing a part or all of the human body such as a face image, a retina pattern, and a human face is adopted as biometrics information, a sensor capable of photographing a still image or a moving image is used as the sensor unit 101. use. If a voiceprint is adopted as biometrics information, a microphone is used as the sensor unit 101.

The series of processes described above can be executed by hardware, but can also be executed by software. When a series of processes is executed by software, various functions can be executed by installing a computer in which a program configuring the software is incorporated in dedicated hardware or various programs. It is installed from a recording medium into a possible general-purpose personal computer or the like.

11 and 12 show the configuration of an embodiment of a personal computer when the control portion of the automobile 1 and the portable device 2 are realized by software. The CPUs 501 and 601 of the personal computer control the entire operation of the personal computer. Also, CPU
When a user inputs a command from the input units 506 and 606 including a keyboard and a mouse via the buses 504 and 604 and the input / output interfaces 505 and 605, the 501 and 601 correspond to a ROM (Read Only Memo).
ry) 502, 602 executes the program recorded. Alternatively, the CPUs 501, 601 may use the magnetic disks 511, 61 connected to the drives 510, 610.
1, optical disks 512 and 612, magneto-optical disk 51
3, 613 or the programs read from the semiconductor memory 514 or 614 and installed in the storage units 508 and 608 are stored in the RAM (Random Access Memory) 503.
Load it to 603 and execute. As a result, the control part of the automobile 1 and the function of the portable device 2 described above are realized by software. Furthermore, CPU 501,6
01 controls the communication units 509 and 609 to communicate with the outside and exchange data.

The recording medium on which the program is recorded is
As shown in FIGS. 11 and 12, separately from the computer,
A magnetic disk 511 or 611 storing a program, which is distributed to provide the program to the user.
(Including flexible disk), optical disk 512,
612 (CD-ROM (Compact Disc-Read Only Memory), DVD
(Including Digital Versatile Disc), magneto-optical discs 513, 613 (including MD (Mini-Disc)), or package media including semiconductor memories 514, 614, etc. ROMs 502 and 602 in which programs are recorded and storage unit 50 that is provided to the user in the closed state
8, 608 and the like included in the hard disk.

In the present specification, the steps for writing the program recorded in the recording medium are not limited to the processing performed in time series in the order described, but not necessarily in time series. , Which include processes executed in parallel or individually.

In this specification, the system means
It represents the entire apparatus composed of a plurality of devices.

[0127]

As described above, according to the present invention, the double check of the authentication based on the identification of the portable device and the authentication based on the biometrics information is performed, so that the illegal authentication process can be prevented with higher accuracy.

Further, at the time of person authentication, if the biometrics information corresponding to the received personal identification number is called and compared with the input biometrics information,
The authentication process can be performed efficiently without prolonging it.

[Brief description of drawings]

FIG. 1 is a diagram showing a configuration of a conventional smart entry system.

FIG. 2 is a diagram showing a configuration of an embodiment of a semiconductor device to which the present invention is applied.

FIG. 3 is a diagram showing a configuration of a smart entry system to which the present invention is applied.

FIG. 4 is a diagram showing a configuration of an input unit of FIG.

FIG. 5 is a diagram showing a relationship between a PIN and biometrics information.

FIG. 6 is a flowchart illustrating a biometrics registration process.

FIG. 7 is a flowchart illustrating an owner registration process.

FIG. 8 is a flowchart illustrating a user registration process.

FIG. 9 is a flowchart illustrating an entry process.

FIG. 10 is a flowchart illustrating an engine lock release process.

FIG. 11 is a diagram illustrating an example of a case where a control part of an automobile is configured by a personal computer.

FIG. 12 is a diagram illustrating an example of a case where the portable device is configured by a personal computer.

[Explanation of symbols] 1 car 2 portable 11 Control unit 12 Lock system 13 Passive entry authentication section 15 Communication 31 Control unit 32 Communications Department 33 memory 33a identification signal 33b PIN 33c Immobilizer ID 33d Keyless entry ID 101 sensor 102 Input section 103 Biometrics Authentication Department 104 Biometrics database 106 engine immobilizer

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04L 9/32 H04L 9/00 673B H04Q 7/38 673D H04B 7/26 109S F term (reference) 2E250 AA21 BB05 BB08 BB21 BB46 BB59 BB65 CC11 CC12 CC16 CC19 CC20 CC26 CC30 DD03 DD04 DD06 DD08 DD09 DD10 EE02 EE03 EE10 EE20 FF05 FF03 FF05 FF33 AE05 SS25 JJ00 LL01 SS23 BC01 BE01 BG07 5J104 AA07 KA01 KA02 KA14 KA16 KA17 NA05 PA16 5K067 AA32 DD17 EE02 HH22 HH23 HH24 HH36

Claims (8)

[Claims] 1. A receiver for receiving an identification signal of a portable device, which is transmitted by wireless communication from a portable device, and an identification signal storage unit for storing one or more identification signals of a portable device registered in advance. The identification signal stored in the personal digital assistant is compared with the stored identification signal to confirm whether the identification signals match, an information input section for inputting biometrics information, and Biometrics information 1
An information storage unit that stores more than one person, a person authentication unit that compares the input biometrics information and the stored biometrics information, and confirms whether or not both biometrics information match, the portable device An authentication device, comprising: a determination unit that determines whether or not the authentication results of the authentication unit and the person authentication unit are both identical authentication results. 2. The authentication device according to claim 1, wherein the information storage unit stores biometrics information of the previously registered person and a unique person identification number corresponding to the biometrics information. The portable device stores the unique person identification signal together with the identification signal, and the receiving unit receives the unique person identification number together with the identification signal by wireless communication from the portable device. The person authentication unit calls biometrics information corresponding to the unique person identification number received by the receiving unit from the previous term information storage unit, and the called biometrics information and the input biometrics information. An authentication device characterized by performing person authentication by comparing with information. 3. The authentication device according to claim 2, wherein the person identification number is a type 1 person identification number indicating that the person is the owner of the authentication apparatus or a device having the authentication apparatus built therein, and an owner. A second type person identification number indicating that the user is other than the above, and a registration control section that controls the information input section and the previous term information storage section in order to register the biometrics information and the person identification number. Further, the registration control unit, the first type person identification number and the biometrics information is registered in advance in association with each other, and the biometrics information corresponding to the first type person identification number is stored in advance. After confirming that the second type personal identification number and biometrics information are associated with each other, the authentication device is controlled to be registered. 4. The authentication apparatus according to claim 3, wherein the registration control unit stores the first type person identification number and the biometrics information in association with each other when the second type is already stored. An authentication device, characterized in that control is performed to delete all species identification numbers and biometrics information corresponding thereto from the information storage unit. 5. An identification signal of the portable device, which is transmitted from the portable device through wireless communication, is received, the received identification signal is compared with a previously registered identification signal, and whether or not both identification numbers match. By confirming, the mobile device is authenticated, while the input of biometrics information is accepted, the input biometrics information is compared with the preregistered biometrics information, and both biometrics information matches. Authentication is performed by confirming whether or not the authentication of the person is performed, and the authentication result of the portable device and the authentication result of the person are both determined. Method. 6. The authentication method according to claim 5, wherein the biometrics information registered in advance is stored together with a unique personal identification number corresponding to the biometrics information, while being transmitted from the portable device. By wireless communication, the identification signal and the unique person identification number stored inside the portable device are received, and in authenticating the person, a biometric corresponding to the unique person identification number obtained by the reception. An authentication method characterized by calling up metric information and comparing it with the input biometrics information to authenticate a person. 7. A person registration method for registering a person in an authentication apparatus or device using the authentication method according to claim 6, wherein the person identification number is an owner of the authentication apparatus or device. It is divided into a first-type personal identification number that represents it and a second-type personal identification number that represents a user other than the owner, and the first-type personal identification number and biometrics information are registered in advance in association with each other. Have been done, and first in advance
A person registration method, characterized in that after confirming that biometrics information corresponding to a species person identification number is input, the second species person identification number and biometrics information are registered in association with each other. 8. The person registration method according to claim 7, wherein when the first type person identification number and the biometrics information are registered in association with each other, the second type person identification number and A person registration method characterized by deleting all biometrics information corresponding to this.