JP2006325080A - Terminal authentication device, information terminal, and terminal authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To use a wireless communication network installed in a cabin without setting authentication information by a driver or user for an information terminal that is carried into the cabin by the user. <P>SOLUTION: The system comprises a terminal authentication device 300 installed in a cabin 101, and an information terminal 400 which measures the surrounding environment of its own and transmits the data about the surrounding environment that is measured to the terminal authentication device 300. The terminal authentication device 300 comprises an environment measuring unit 301 which measures the environment in the cabin 101, an environment analyzer 303 which generates environment analysis information using the measurement result, an environment data receiver 305 which receives data about the surrounding environment that is transmitted from the information terminal 400, and an authentication part 306 which authenticates the information terminal 400 using the generated environment analysis information and the data about surrounding environment that is received. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for authenticating an information processing terminal, and more particularly to a technique for authenticating an information processing terminal performed by a terminal authentication device installed in a vehicle interior.

  In recent years, needs for dynamic cooperation between in-vehicle devices are increasing. For example, a portable music player is connected to an in-vehicle audio device, content in the portable music player is played on the in-vehicle audio device, a mobile phone and an in-vehicle speaker are connected, and a hands-free call system is built in the vehicle. ing. In this type of in-vehicle device linkage, a LAN (Local Area Network) that uses wired cables such as MOST (Media Oriented Systems Transport) and IEEE1394 is installed mainly in European and US vehicles as a communication medium for connecting devices. It has been proposed to be used in some vehicles.

  However, in-vehicle LAN equipment using a wired cable has a problem in that the total weight of the vehicle is increased. Further, when connecting a terminal newly brought in by the user, it is necessary to wire a cable, and the setting work of the terminal is troublesome. Therefore, it is desired to utilize wireless LAN technology such as IEEE802.11 (b / a / g) and wireless communication technology such as Bluetooth, which have been rapidly spreading in recent years. In such wireless communication, unlike wired communication, any terminal can access a wireless communication network in a vehicle cabin in an area where wireless radio waves can be received. Therefore, when using wireless communication, it is necessary to restrict accessible terminals.

  2. Description of the Related Art Conventionally, as a wireless communication access restriction technique, a technique for setting authentication information common to all terminals such as a WEP (Wired Equivalent Privacy) key in a wireless LAN and a PIN code in Bluetooth is known. Also, techniques such as MAC address filtering for setting the MAC address of an accessible terminal in a wireless base station and IEEE 802.1x for registering terminal authentication information in an authentication server are also used (for example, non- Patent Document 1).

  In addition, in-vehicle authentication devices take account of reasons such as not wanting the other party to know the authentication information, and use a third-party authentication organization such as PKI (Public Key Infrastructure) to connect the terminal. Authentication methods have also been proposed. However, since such third party authentication cannot be used in a situation where the communication line between the road and the vehicle is disconnected, the terminal may not be authenticated. In order to solve this problem, in a vehicle-mounted authentication device that uses a third-party certification organization, when road-to-vehicle communication is disconnected, a message for requesting terminal authentication is displayed on the screen of the car navigation system, etc. A method has been proposed in which a driver permits access as a person in charge of a wireless communication network (for example, Patent Document 1).

B. Potter, B.M. By Fleck (translated by Natsume) "802.11 Security" Ohmsha 2003 JP 2004-252752 A

  However, Non-Patent Document 1 and Patent Document 1 have the following problems. Specifically, in the technique of Non-Patent Document 1, a network user needs to set authentication information such as a WEP key and a PIN code in order to perform communication. This authentication information setting operation is difficult for a user who is not used to handling wireless communication. Further, as described above, there is a problem in that there are many users who are not preferable to easily provide authentication information in an automobile. For example, automobile users include friends, acquaintances, etc., in addition to the drivers themselves and their families. And it may not be preferable to easily provide authentication information to friends, acquaintances, and the like. Also, in buses and taxis, it is often not desirable to give passengers authentication information.

  Further, the above-mentioned Patent Document 1 has a problem that the driver himself / herself is burdened with an authentication work as to whether or not to permit access. In particular, the authentication operation during traveling is not preferable because it can be considered to distract the driver's attention from the driving operation.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to authenticate an information processing terminal without imposing a burden on the user.

  The present invention pays attention to the fact that the environmental information in the vehicle interior cannot be easily estimated from the outside, and the environmental information measured by both the terminal authentication device installed in the vehicle interior and the information terminal requiring authentication is similar. In this case, it is assumed that the information terminal is present in the passenger compartment and entry into the wireless communication network is permitted.

  In order to solve the above problems, one embodiment of the present invention is applied to a terminal authentication device that is installed in a vehicle interior and authenticates an information terminal. Here, it is assumed that the information terminal is configured to measure its own surrounding environment and transmit data related to the measured surrounding environment to the terminal authentication device.

  The terminal authentication device includes: an environment measurement unit that measures an environment in a vehicle interior; an environment analysis unit that generates environment analysis information using a measurement result measured by the environment measurement unit; and a surrounding that the information terminal transmits A receiving unit that receives data related to the environment; and an authentication unit that authenticates the information terminal using the generated environment analysis information and the received data related to the surrounding environment from the information terminal.

  As described above, according to the present invention, the terminal authentication device uses the data related to the surrounding environment obtained by measurement by the information terminal and the environment analysis information obtained by measuring the environment in the vehicle interior by the terminal authentication device. The terminal is authenticated. Therefore, according to the present invention, it is not necessary to previously set information (for example, authentication information such as a PIN code) used for authentication in the terminal authentication device and the information terminal. That is, according to the present invention, it is not necessary to perform a setting operation in advance for authentication, and it is not necessary to notify the information terminal user of information used for authentication. Further, according to the present invention, the user of the terminal authentication device does not need to perform an operation for authentication processing.

  Therefore, by using the present invention, it is possible to authenticate the information processing terminal without imposing a burden on the user.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
<< First Embodiment >>
First, a schematic configuration of an authentication system to which the first embodiment of the present invention is applied will be described with reference to FIG. In the present embodiment, the case where the terminal authentication device 300 connected to the wireless communication network 200 provided in the vehicle 100 authenticates the information terminal 400 connected via the wireless communication network 200 is taken as an example. .

  FIG. 1 is a diagram for explaining a schematic configuration of an authentication system according to the first embodiment of the present invention. As shown in the figure, the authentication system of the present embodiment includes a terminal authentication device 300 connected to a wireless communication network 200 provided in the vehicle 100 and an information terminal 400 connectable to the wireless communication network 200. The terminal authentication device 300 is installed in the passenger compartment 101 of the vehicle 100. In the passenger compartment 101, an audio output device 500 such as a car audio is installed. Then, the authentication device 300 receives an authentication request from the information terminal 400 and performs an authentication process on the information terminal 400. In the present embodiment, a case where a wireless LAN (Local Area Network) is used as a wireless communication network is taken as an example, but this is only an example.

  Specifically, in the authentication system of the first embodiment, the terminal authentication device 300 and the information terminal 400 each measure their surrounding environment. The terminal authentication device 300 compares the data (environment information) indicating the ambient environment measured by each, and determines whether or not the information terminal 400 exists in the same passenger compartment 101. If the terminal authentication device 300 determines that the information terminal 400 exists in the same passenger compartment 101, the terminal authentication device 300 determines “authentication is established” and permits access from the information terminal 400. On the other hand, when it is determined that the information terminal 400 does not exist in the same passenger compartment 101, the terminal authentication device 300 determines “authentication not established”.

  In the description of the first embodiment, a case where audio data such as music output from the audio output device 500 is used as “environment information” used for authentication is taken as an example. The reason why the audio data is used in this way is as follows. That is, the vehicle is provided with an absorbent for a specific frequency constituting the sound wave in order to prevent noise pollution and optimize the audio output. With this absorbent, the frequency spectrum of the audio output is different between the vehicle interior and the exterior of the vehicle except for a specific vehicle type such as an open car. The first embodiment focuses on the property that the frequency spectrum of the audio output is different between the interior of the vehicle interior 101 and the exterior of the vehicle interior. Then, the terminal authentication device 300 and the information terminal 400 cause the terminal authentication device 300 and the information terminal 400 to measure the voice data as “environment information” and compare the measured “environment information”. It is determined whether or not it exists in the same passenger compartment 101.

  Next, the functional configuration of the authentication system according to the first embodiment will be described with reference to FIG. FIG. 2 is a diagram for explaining a functional configuration of the authentication system according to the first embodiment.

  The terminal authentication device 300 includes an environment measurement unit 301, a recording unit 302, an environment analysis unit 303, a communication unit 304, an authentication data reception unit 305, and an authentication unit 306. The environment measurement unit 301 measures audio data output from the audio output device 500. The recording unit 302 records the audio data measured by the environment measurement unit 301. The environment analysis unit 303 performs analysis processing using the audio data recorded in the recording unit 302 to generate “environment analysis data”. The communication unit 304 performs wireless communication with the information terminal 400 via the wireless communication network 200. The authentication data receiving unit 305 receives authentication data from the information terminal 400 via the communication unit 304. The authentication unit 306 performs authentication using the received “authentication data” and the generated “environment analysis data”. The authentication unit 306 transmits the authentication result to the information terminal 400.

  The information terminal 400 includes an environment measurement unit 401, a recording unit 402, an environment analysis unit 403, and a communication unit 404 having functions similar to those of the terminal authentication device 300, and authentication data for transmitting authentication data to the terminal authentication device 300. A transmission unit 405 and an input unit 406 that receives an instruction to start authentication from the user.

  Next, the hardware configuration of the authentication system according to the first embodiment will be described with reference to FIG.

  FIG. 10 is a diagram for explaining the hardware configuration of the authentication system according to the first embodiment of this invention.

  As shown in the figure, the terminal authentication device 300 includes a microphone 320 for collecting voice data output from the voice output device 500, and A / D conversion for converting analog voice data collected by the microphone into digital data. A device 310, a CPU 310 that executes various processes, a memory 311, and a LAN I / F 312 that communicates with the information terminal 400 via the wireless communication network 200. The memory 311 includes programs (environment measurement program, environment analysis program, communication program) for realizing the functions of the environment measurement unit 301, environment analysis unit 303, communication unit 304, authentication data reception unit 305, and authentication unit 306 described above. A program, an authentication data receiving program, and an authentication program). The functions of the environment measuring unit 301, the environment analyzing unit 303, the communication unit 304, the authentication data receiving unit 305, and the authentication unit 306 are the functions of the CPU 310 described above (environment measuring program, environment analyzing program, communication program, authentication data receiving). This is realized by executing a program and an authentication program. Further, the recording unit 302 described above is provided in a predetermined area of the memory 311.

  In addition, the information terminal 400 includes a microphone 420 that collects audio data output from the audio output device 500, an A / D converter 413 that converts analog audio data collected by the microphone 320 into digital data, and , A CPU 410 that executes various processes, a memory 411, and a LAN I / F 412 that communicates with the terminal authentication device 300 via the wireless communication network 200. The memory 411 stores programs (environment measurement program, environment analysis program, communication program) for realizing the functions of the environment measurement unit 401, environment analysis unit 403, communication unit 404, authentication data transmission unit 405, and input unit 406 described above. , An authentication data transmission program, and an input program) are stored. The functions of the environment measurement unit 401, the environment analysis unit 403, the communication unit 404, the authentication data transmission unit 405, and the input unit 406 are controlled by the CPU 410 with each program (environment measurement program, environment analysis program, communication program, authentication data transmission program). , And an input program). Further, the recording unit 402 described above is provided in a predetermined area of the memory 411.

  In the description of the first embodiment, the function of each unit of the terminal authentication device 300 and the information terminal 400 is realized by a program executed by the CPU. However, the present invention is not particularly limited to this. For example, the functions of the environment measurement unit 301, the environment analysis unit 303, the communication unit 304, the authentication data reception unit 305, and the authentication unit 306 included in the terminal authentication device 300 may be realized by dedicated hardware logic. Similarly, the functions of the environment measurement unit 401, the environment analysis unit 403, the communication unit 404, the authentication data transmission unit 405, and the input unit 406 included in the information terminal 400 may be realized by dedicated hardware logic.

  Subsequently, processing performed by the terminal authentication device 300 and the information terminal 400 according to the first embodiment will be described with reference to FIGS. 3 and 4. FIG. 3 is a diagram for explaining a flow of authentication request processing performed by the information terminal 400 of the present embodiment. FIG. 4 is a diagram for explaining a flow of processing for authenticating the information terminal performed by the terminal authentication device 300 of the present embodiment.

  First, the process performed by the information terminal 400 of this embodiment will be described. As shown in FIG. 3, the authentication request process by the information terminal 400 is started when the user inputs an authentication instruction request to the information terminal 400.

  Specifically, first, the input unit 406 of the information terminal 400 accepts an authentication instruction input by the user and outputs it to the authentication data transmission unit 405 (S31). The authentication instruction input by the user is performed, for example, when the user presses an authentication start button from an operation screen (not shown) of the information terminal 400.

  Subsequently, the authentication data transmission unit 405 transmits an authentication processing start request to the terminal authentication device 300 via the communication unit 404 (S32). Next, the information terminal 400 receives an authentication start response from the terminal authentication device 300 (S33). In addition, the information terminal 400 waits until it receives the authentication start response from the terminal authentication device 300 after S32. The authentication start response from the terminal authentication device 300 includes “measurement instruction data” for measuring voice data. The “measurement instruction data” includes “sampling setting (data indicating sampling frequency, frequency region to be measured, etc.)”, “recording start time”, and “recording end time”.

  After the authentication data transmission unit 405 receives the response from the terminal authentication device 300, the environment measurement unit 401 follows the “sampling setting”, “recording start time”, and “recording end time” included in the “measurement instruction data”. The audio data output from the audio output device 500 is measured and recorded in the recording unit 402 (S34).

  In the first embodiment, it is assumed that audio data such as music and radio broadcast is output from the audio output device 500. The voice output device 50 may start outputting voice data by accepting an operation from a user (anyone who is in the vehicle) or from the terminal authentication device 300. Output of audio data may be started by an instruction. When outputting voice data in response to an instruction from the terminal authentication device 300, for example, the terminal authentication device 300 has a function of controlling the voice output device 500 (for example, a function of turning on a radio switch “ON”, a music CD, etc. A function for instructing reproduction). When the terminal authentication device 300 receives a request to start authentication processing from the information terminal 400, the terminal authentication device 300 instructs the audio output device 500 to start outputting audio data.

  After the audio data recording process of S34 is completed, the process proceeds to the process of the environment analysis unit 403. The environment analysis unit 403 analyzes the audio data recorded in the recording unit 402 (step S35). For this analysis, for example, a known analysis method such as Fourier transform or wavelet transform is used. Below, the method by Fourier transformation is illustrated. In general, when a signal x (t) that changes with time is Fourier-transformed, a spectrum X (ω) with respect to the frequency ω is obtained.

  After the process of S35, the authentication data transmission unit 405 extracts the spectrum X (ω) on the information terminal 400 side at a specific time t, and transmits the extracted spectrum X (ω) as authentication data to the terminal authentication device 300 ( S36). After the transmission process of S36, the information terminal 400 waits until receiving the authentication result from the terminal authentication device 300 (S37).

  Next, processing performed by the terminal authentication device 300 according to the present embodiment will be described. Hereinafter, the spectrum X (ω) at time t is denoted as X (ω, t), the spectrum at the information terminal 400 is denoted as Xc, and the spectrum at the terminal authentication device 300 is denoted as Xs.

  As shown in FIG. 4, the authentication process of the terminal authentication device 300 is started when the terminal authentication device 300 receives the authentication start request transmitted by the information terminal 400 in S32 described above. Specifically, when the authentication data transmission / reception unit 305 of the terminal authentication device 300 receives the authentication start request from the information terminal 400 (S41), the terminal authentication device 300 starts the certification process.

  Subsequently, the authentication data receiving unit 305 of the terminal authentication device 300 creates “measurement instruction data”. Specifically, the authentication data receiving unit 305 creates “sampling setting (data indicating sampling frequency, frequency region to be measured, etc.)”, “recording start time”, and “recording end time” as “measurement instruction data”. To do. The authentication data receiving unit 305 transmits an authentication start response including the created “measurement instruction data” to the information terminal 400 (S42). The authentication data receiving unit 305 also transmits “measurement instruction data” transmitted to the information terminal 400 to the environment measuring unit 301.

  After transmitting the authentication start response, the environment measurement unit 301 measures the audio data according to the “sampling setting”, “recording start time”, and “recording end time” included in the “measurement instruction data” from the authentication data receiving unit 305. Then, it is recorded in the recording unit 302 (S43). Through this step and S34 in FIG. 3 described above, the terminal authentication device 300 and the information terminal 400 measure the audio data at the same timing.

  After the recording, the environment analysis unit 303 analyzes the voice data recorded by the same procedure as S35 described above (S44), and generates environment analysis information. Next, the authentication data receiving unit 305 receives the authentication data transmitted by the authentication data transmitting unit 405 in S36 (S45). After receiving the authentication data, the similarity between the frequency spectrum Xc (ω, t) included in the authentication data and the frequency spectrum Xs (ω, t) at the same time included in the analysis result (environmental analysis information) in step S44 is calculated. Verification is performed (S46). The similarity verification method will be described later with reference to FIG.

  Subsequently, the authentication unit 303 transmits the authentication result of S46 to the information terminal 400 via the communication unit 304 (S47). Specifically, if similarity is recognized in S46, authentication unit 306 grants access permission to information terminal 400, assuming that information terminal 400 exists in the same vehicle interior as terminal authentication device 300. Although a specific method for permitting access is not particularly limited, for example, authentication information used by the information terminal 400 for authentication, such as a WEP key, may be included in the response message in S47. On the other hand, if the similarity is not recognized in S46, the authentication unit 306 estimates that the information terminal 400 does not exist in the same passenger compartment as the terminal authentication device 300, and rejects the access request from the information terminal 400.

  Next, the similarity verification process of S46 performed by the terminal authentication device 300 will be specifically described with reference to FIG. FIG. 5 is a diagram for explaining a flow of similarity verification processing performed by the terminal authentication device 300 of the first embodiment.

  In the first embodiment, as a criterion for determining similarity, a sum of squares of a difference in signal intensity at each frequency j in the frequency spectrum is obtained, and if this is equal to or less than a specific threshold D, it is determined that they are the same (S51 to S52). . This will be specifically described below.

  In S51, the authentication unit 306 of the terminal authentication device 300 acquires the authentication data (the authentication data “Xc = Xc (ω, t)” received in S45) from the authentication data receiving unit 305. Further, the authentication unit 306 acquires the authentication data “Xc = Xc (ω, t)” from the information terminal 400 and the frequency spectrum “Xs = Xs (ω, t)” at the same time t from the environment analysis unit 303.

  Then, the authentication unit 306 compares the authentication data “Xc = Xc (ω, t)” from the information terminal 400 with the frequency spectrum “Xs = Xs (ω, t)” analyzed by the environment analysis unit 303. . The authentication unit 306 obtains the square sum d of the difference in signal strength at each frequency j in the frequency spectrum using, for example, the following (Equation 1) (S51).

  Then, the authentication unit 306 determines whether or not the difference value “d” obtained in S51 is smaller than a threshold value “D” held in advance (S52). If the difference value “d” is smaller than the threshold value “D”, the authentication unit 306 determines that authentication is established. On the other hand, when the difference value “d” is larger than the threshold value “D”, the authentication unit 463 determines that authentication is not established.

  In general, the frequency spectrum X (ω, t) has a large instantaneous fluctuation, so that comparison using instantaneous values is not always effective. Therefore, for example, a peak value near the time t may be used as a comparison target. Alternatively, an average in the vicinity of time t may be calculated and used as a comparison target. For reference, FIGS. 6, 7 and 8 show measurement data of the frequency spectrum of the audio output assumed as the authentication data in this embodiment. 6 to 8 measure the instantaneous values 610a to 610c at specific times and the peak values 600a to 600c in the vicinity of the same output at the front seat, the rear seat and the outside of the passenger compartment, respectively. Shows the results.

  In the first embodiment, frequency spectra at a plurality of times may be used to improve authentication accuracy. In this case, in S36 described above, the information terminal 400 extracts the spectrum at a plurality of times, and transmits the extracted spectrum to the terminal authentication apparatus 300. The terminal authentication device 300 acquires, from the environment analysis unit 303, a plurality of frequency spectra at the same time as the frequency spectra at the plurality of times from the information terminal 400. The terminal authentication device 300 may authenticate if similarity is recognized at all or any of the plurality of times. In addition, in an environment having a complicated shape such as a passenger compartment, in addition to the direct wave from the audio output device 500, it is affected by a reflected wave from the wall of the passenger compartment or an osmotic wave transmitted through the seat. Therefore, in the similarity verification process of S46, in consideration of this influence, a frequency spectrum similar to the frequency spectrum transmitted at time T from the information terminal 400 is present in the vicinity of time T in the terminal authentication apparatus 300. Authentication may be established. In consideration of the contents described above, an example in which the similarity verification process in the terminal authentication apparatus 300 shown in FIG. 5 is extended will be described with reference to FIG.

  FIG. 9 is a flowchart of extended processing of similarity verification processing of the terminal authentication device 300 according to the first embodiment of this invention. Note that the authentication unit 306 of the terminal authentication device 300 acquires the spectrum Xc at a plurality of times from the information terminal 400. Further, it is assumed that the authentication unit 306 has acquired a plurality of frequency spectra “Xs = Xs (ω, t)” from the environment analysis unit 303.

  First, the authentication unit 306 of the terminal authentication device 300 sets a variable “i” used for similarity verification processing to “0” (S91).

  Next, the authentication unit 306 sets the value of Xc as the frequency spectrum Xc (ω, Ti) at time Ti in the information terminal 400 (S92). Here, it is assumed that N times selected between the recording start time and the recording end time of the audio data are set in the authentication unit 306 as Ti (i = 0... N−1). . Note that Ti may be selected at random from N times, or may be selected by equally dividing the range from the recording start time to the recording end time into N.

  Subsequently, the authentication unit 306 sets the variable t to “Ti−α” (S93). Here, “α” is a value for time correction in consideration of the influence of the reflected wave or the permeation wave, and may be any value (“α” is set in the authentication unit 306). . In the present embodiment, it is assumed that “α” is “about 0.5 seconds”.

  Next, the authentication unit 306 sets the value of Xs as the frequency spectrum Xs (ω, t) at time t in the terminal authentication device 300 (S94).

  With respect to Xc and Xs set as described above, the difference between Xc and Xs is calculated according to the flowchart shown in FIG. 5, and it is determined whether authentication is established or not (S95). Note that if it is determined that the authentication is established if similarity is recognized at any of a plurality of times, the process is terminated when the authentication is established in this step. In addition, when it is determined that the authentication is established if similarity at a predetermined number of times or more is recognized among a plurality of times, the number of times the authentication is established is counted when the authentication is established in this step. Then, if the number of authentication establishment is greater than or equal to the predetermined number, the process is terminated as the authentication has been established.

  On the other hand, if authentication is not established in S95, the minute time “θ” is added to “t” (S96), and if “t” is less than “Ti + β”, the process returns to S94 (S97). .

When “t” as a result of repeating S94 to S97 is equal to or greater than “Ti + β”, the similarity is not recognized in the frequency spectrum at the time Ti. Therefore, “1” is added to “i” (step S98), and if “i” is less than “N”, the process returns to S92 (S99). In S99, if “i” becomes “N” or more, the authentication is not established. For example, in S95, if it is determined that the authentication is successful if similarity is recognized at any of a plurality of times, if “i” becomes “N” or more, Ti (i = 0... N−1) This means that no similarity is recognized at any time. Further, for example, in S95, when it is determined that the authentication is successful if similarity at a predetermined number of times or more among a plurality of times is recognized, if “i” becomes “N” or more, Ti (i = 0) That is, a predetermined number or more of similarities are not recognized in the time of (N-1). By the above processing, similarity verification in consideration of reflected waves and penetrating waves in the passenger compartment becomes possible. The terminal authentication device 300 and the information terminal 400 usually have different times (CMOS time or OS time). In consideration of such time difference, the time difference may be calculated by a known time synchronization method such as NTP (Network Time Protocol), and this time difference may be reflected in the processing shown in FIG. As an example, the authentication start request transmission time of S32 is “ts0”, the authentication start request reception time of S41 is “ts1”, the authentication start response transmission time of S42 is “ts2”, and the authentication start response reception time of S33 is Let it be “ts3”. In this case, the minimum and maximum values that can be considered as the time difference between the terminal authentication device 300 and the information terminal 400 are “A = min (ts1−ts0, ts2−ts3)” and “B = max (ts1−ts0, ts2-ts3) ".

  Here, min is a function that returns a small value of the two specified arguments, and max is a function that returns a large value of the two specified arguments. Using these values, the setting of “t” in S93 is “t = T−α + A”, and the conditional expression in S97 is “t <Ti + β + B”, so that the time between the information terminal 400 and the terminal authentication device 300 is Processing in consideration of the difference is possible.

  Thus, in the first embodiment, the terminal authentication device 300 that performs authentication and the information terminal 400 that receives authentication each measure the surrounding environment (here, voice data), and use the measurement result, It is determined whether the terminal authentication device 300 and the information terminal 400 are in the same vehicle interior. When it is determined that the terminal authentication device 300 and the information terminal 400 are in the same vehicle compartment, the terminal authentication device 300 allows the information terminal 400 to access.

  Therefore, in the first embodiment, it is not necessary to set authentication information in advance for the authentication process, and no operation for the authentication process is required. Therefore, according to the present invention, the wireless communication network installed in the vehicle can be used without setting authentication information by the driver or the user for the information terminal brought into the passenger compartment by the user. In particular, according to the present embodiment, it is not necessary to perform an operation for authentication processing during driving, which is preferable from the viewpoint of safety.

  In the above description, the case where the audio data output from the audio output device 500 such as a car audio device is measured and the authentication process is performed using the measurement data is described as an example, but the present invention is not particularly limited thereto. For example, the terminal authentication apparatus 300 may be provided with a function of outputting voice data (for example, a beep sound), and the voice data output from the terminal authentication apparatus 300 may be measured instead of the voice output apparatus 500. The terminal authentication device 300 outputs audio data for a predetermined time only when an authentication request is received from the information terminal 400. The terminal authentication device 300 and the information terminal 400 measure the voice data output from the terminal authentication device 300 and perform authentication processing using the measurement result.

  By configuring in this way, it is possible to reliably generate environment information used for authentication even when there is no playback media such as CD or MD in the car audio. Moreover, environmental information used for authentication can be reliably generated even when music cannot be output from car audio or the like due to consideration for passengers, such as taxis.

In the above description, the information terminal 400 performs the analysis process (S35 in FIG. 3). However, the present invention is not particularly limited to this. This is because the information terminal 400 needs to have a certain processing capability in order for the information terminal 400 to perform analysis processing. Therefore, if the processing capability of the terminal authentication device 300 is sufficiently high, the recorded voice data may be transmitted as it is to the terminal authentication device 300 and the analysis processing may be performed in the terminal authentication device 300. Alternatively, a method may be used in which received data is transmitted to the authentication device 300 and analyzed without recording voice data in the information terminal 400.
<< Second Embodiment >>
Subsequently, a second embodiment of the present invention will be described. In the second embodiment of the present invention, an authentication status notification unit that notifies the user of the terminal authentication device 300 of the status of authentication processing is added to the terminal authentication device 300 of the first embodiment described above. Since a malicious user may send fake authentication data to the terminal authentication device 300 and attempt to enter the wireless communication network 200, the user of the terminal authentication device 300 is notified of the authentication. . Note that the configuration of the second embodiment is the same as that of the first embodiment described above, except for an authentication status notification unit that notifies the status of authentication processing. For this reason, the description of the second embodiment will be focused on the differences from the first embodiment.

  In addition to the environment measurement unit 301, the recording unit 302, the environment analysis unit 303, the communication unit 304, the authentication data reception unit 305, and the authentication unit 306 described in FIG. It has an authentication status notification section (not shown). In addition, a display device such as a liquid crystal display is connected to the terminal authentication device 300 of the second embodiment.

  In the second embodiment, when the authentication unit 306 determines that authentication is established, the authentication unit 306 includes data relating to the information terminal 400 that permits authentication establishment and access (for example, a mobile phone number or an IP address of the information terminal 400). “Authentication establishment information” is transmitted to the authentication status notification section.

  When the authentication status notification unit receives the “authentication establishment information” from the authentication unit 306, for example, the authentication status notification unit displays the display screen 1100 illustrated in FIG. 11 on the display device and confirms that the access request from the information terminal 400 has been accepted. Notify users. As shown in FIG. 11, the display screen 1100 is provided with a display area 1101 indicating data indicating that access is permitted to the information terminal 400 and data regarding the information terminal 400.

  As described above, the function of the authentication status notification unit allows the user to confirm that the terminal authentication device 300 has accepted the access request from the information terminal 400. For example, when the screen 1100 is displayed on the display device even though there is no passenger in the passenger compartment 101, the user can determine that there is a possibility that the user has been accessed by a malicious person. .

  Further, the authentication status notification unit may have a function of displaying a reject button for rejecting access from the information terminal 400 on the screen 1100 and a function of accepting selection of the reject button from the user. The authentication status notification unit cancels the access permission when the user selects the reject button. In this way, when the user determines that there is a possibility of unauthorized access, the user can cancel the access.

  In the above description, the authentication status notification unit notifies the authentication status using image data. However, the present invention is not limited to this. For example, the authentication status notification unit may notify the user that access to the information terminal 400 is permitted by voice data.

  The present invention is not limited to the first and second embodiments described above, and various modifications can be made within the scope of the gist of the present invention. For example, in addition to the functions of the first embodiment or the second embodiment, the terminal authentication apparatus 300 may further include a reception stop instruction unit that stops reception of an authentication request from the information terminal 400. In this case, the reception stop instruction unit receives an instruction “stop reception of authentication request” from the user. Then, the reception stop instruction unit stops receiving the authentication request from the information terminal 400 when receiving the instruction “stop receiving the authentication request”. The reason for this configuration is to make it possible to cope with the case where the driver does not want to permit the passenger's information terminal to enter the wireless communication network.

  In both the first embodiment and the second embodiment, the case where the “frequency spectrum” obtained by analyzing the measured voice data is used as the information used for the authentication process has been shown, but this is only an example. Absent. For example, the strength (db) of voice data measured as information used for authentication processing may be used.

  Further, as the environment information, other information than voice data may be used. The terminal authentication device 300 and the information terminal 400 are data that can be measured by each, and it is only necessary to determine whether the terminal authentication device 300 and the information terminal 400 are in the same vehicle interior 101 using the data. For example, as environment information, the radio wave intensity of a wireless LAN may be measured instead of voice data, and the authentication process may be performed by comparing the measured radio wave intensity.

  Moreover, you may make it utilize the image data currently displayed on the display apparatus provided in the vehicle interior 101 as environmental information. In this case, a display device is connected to the terminal authentication device 300. In addition, the environment measurement unit 401 of the information terminal 400 is provided with a function for taking an image (for example, a camera). Then, the information terminal 400 is caused to photograph the screen of the display device. The information terminal 400 transmits the captured image data to the terminal authentication device 300 as data related to the environment. On the other hand, the terminal authentication device 300 compares the image data output to the connected display device with the image data from the information terminal 400, so that the terminal authentication device 300 and the information terminal 400 have the same vehicle interior 101. It is determined whether or not.

In the above description of the embodiment, the terminal authentication device 300 has been described as a single device that authenticates the information terminal 400, but this is merely an example. For example, the terminal authentication device 300 may be incorporated in an in-vehicle navigation device and function as a part of the navigation device. In addition, the terminal authentication device 300 may be incorporated in the car audio device and function as a part of the car audio device. In the present embodiment, the terminal authentication device 300 is applied to an in-vehicle system installed in the vehicle interior 101. However, the present invention is not limited to this example. The present invention employs a method of granting access permission only to terminals existing in the vicinity of the terminal authentication device in wireless communication. Therefore, in addition to the case where the space is completely sealed as in the case of the above-described first and second embodiments, it is only necessary that the terminal exists in the vicinity, for example, file sharing among meeting attendees. The present invention can also be applied to cases.

It is a figure for demonstrating schematic structure of the authentication system of 1st Embodiment of this invention. It is a figure for demonstrating the function structure of the authentication system of 1st Embodiment of this invention. It is a figure for demonstrating the flow of the authentication request | requirement process which the information terminal 400 of 1st Embodiment of this invention performs. It is a figure for demonstrating the flow of the process which authenticates the information terminal 400 which the terminal authentication apparatus 300 of 1st Embodiment of this invention performs. It is a figure for demonstrating the flow of the similarity verification process which the terminal authentication device 300 of 1st Embodiment of this invention performs. It is an example of the frequency spectrum in the terminal authentication apparatus in a vehicle interior. It is an example of the frequency spectrum in the terminal authentication apparatus in a vehicle interior. It is an example of the frequency spectrum in the information terminal outside a vehicle compartment. It is a flowchart of the extended process of the similarity verification process of the terminal authentication device 300 of 1st Embodiment of this invention. It is a figure for demonstrating the hardware constitutions of the authentication system of 1st Embodiment of this invention. It is the figure which illustrated the screen which announces the authentication situation which terminal authentication device 300 of a 2nd embodiment of the present invention displays.

Explanation of symbols

DESCRIPTION OF SYMBOLS 200 ... Wireless communication network, 300 ... Terminal authentication apparatus, 301 ... Environment measurement part, 302 ... Recording part, 303 ... Environment analysis part, 304 ... Communication part, 305 ... Authentication data receiving part, 306 ... Authentication part, 310 ... CPU, 311 ... Memory, 312 ... LAN I / F, 313 ... A / D converter, 320 ... Microphone, 400 ... Information terminal, 401 ... Environment measurement unit, 402 ... Recording unit, 403 ... Environment analysis unit, 404 ... Communication unit, 405 ... Authentication data transmission unit, 406 ... Input unit, 410 ... CPU, 411 ... Memory, 412 ... LAN I / F, 413 ... A / D converter, 500 ... Audio output device

Claims (6)

A terminal authentication device that is installed in a passenger compartment and authenticates an information terminal,
The information terminal is configured to measure its surrounding environment and transmit data related to the measured surrounding environment to the terminal authentication device,
An environment measurement unit for measuring the environment in the passenger compartment;
An environment analysis unit that generates environment analysis information using a measurement result measured by the environment measurement unit;
A receiving unit for receiving data related to the surrounding environment transmitted by the information terminal;
A terminal authentication apparatus, comprising: an authentication unit that authenticates the information terminal using the generated environment analysis information and the received data related to the surrounding environment from the information terminal. The terminal authentication device according to claim 1,
The terminal authentication apparatus, wherein the environment measurement unit measures a sound generated in the vehicle interior as an environment in the vehicle interior. The terminal authentication device according to claim 1, wherein
The terminal authentication apparatus, wherein the environment analysis information is information obtained by analyzing a frequency characteristic of the measurement result. In the terminal authentication device according to any one of claims 1 to 2,
The terminal authentication apparatus, wherein the environment analysis information is a result of calculating a signal intensity of the environment measurement information. An information terminal connected to a terminal authentication device in a vehicle cabin via a communication network,
An environment measurement unit that measures the environment around itself;
An environment analysis unit that analyzes the measurement result and generates environment analysis information;
An information terminal comprising: an authentication data transmission unit configured to transmit the environment analysis information to the terminal authentication device. A terminal authentication system having a terminal authentication device installed in a passenger compartment and an information terminal connected to the terminal authentication device via a communication network,
The information terminal
A first environment analysis unit that measures the environment around itself and analyzes the measurement results to generate first environment analysis information;
An authentication data transmission unit that transmits the first environmental analysis information to the terminal authentication device;
The terminal authentication device measures the environment in the vehicle interior, analyzes the measurement result, and generates second environment measurement information;
A receiving unit for receiving the first environmental analysis information from the information terminal;
A terminal authentication system comprising: an authentication unit that compares the first environment analysis information and the second environment analysis information and authenticates the information terminal using the comparison result.

Images