JP2007272618A - Security system, authentication device, and communication terminal - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable to realize under environment in which a communication circuit cannot be prepared a series of authentication work such as acquisition of an authentication key or collation of the authentication key. <P>SOLUTION: The security system is composed of a communication terminal having application executed at the communication terminal, a storage domain which stores a telephone number read by the application, and an interface which performs output of data, and an authentication device having an interface which performs input of data and a storage domain which stores an authentication key; and has a means by which the telephone number stored in the storage domain of the communication terminal is transmitted and received as data through the interface, and the transmitted and received telephone number is used as the authentication key which performs release action of the authentication device. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a security system using an authentication key and a communication terminal used in the security system. In particular, the present invention can be used only for specific recipients or prior registrants, such as delivery of goods, browsing management of confidential information, and entrance / exit to restricted facilities, etc. The present invention relates to a security system and a communication terminal that can be applied to all uses that require user authentication.

  In a conventional security system, an authentication key is generally used. In this method, an authentication key is registered in advance in a management server or the like, and use is permitted when the user has a correct authentication key. An example of a specific conventional authentication system is described in Patent Document 1. FIG. 6 is a diagram for explaining the authentication procedure of the authentication system. The procedure is as follows.

When the user 1 applies for a service using the mobile phone device 4a to which the external device 4b is connected, the authentication reception server 3 transmits an authentication reception notification to the mobile phone device 4a. In response to this instruction, the external device 4b transmits authentication information from the mobile phone device 4a. If the authentication receiving server 3 determines that the authentication information is correct, it requests the key issuing server 5 to issue a use key. The key issuing server 5 issues a common usage key to the mobile phone device 4a and the service providing server 2. The external device 4b transmits the use key from the mobile phone device 4a to the service providing server 2 and makes a use application. On the other hand, the service providing server 2 provides a service to the user 1 who transmits the same usage key issued from the server. Thus, it is possible to prevent unauthorized use with reliable authentication while simplifying the operation for authentication.
As described above, in the system disclosed in Patent Document 1, it is necessary to connect to the management server via the communication line each time in order to obtain a key for authentication.

Japanese Patent Application No. 2001-579169 External device and authentication system

  In conventional systems, authentication keys are collated by a management server. Therefore, it has been necessary to transmit and receive the authentication key through the communication line. Therefore, there is a problem that it cannot be used in an environment where a communication line cannot be prepared, and in addition, a communication line usage cost is incurred every time an authentication operation is performed.

  An object of the present invention is to enable a series of authentication operations such as acquisition of an authentication key or verification of an authentication key even in an environment where a communication line cannot be prepared. This is to realize both high safety and convenience.

  A security system using a mobile phone number as a key of the present invention includes a communication terminal including a first storage unit that stores a predetermined application and a phone number read by the application, and a first communication unit; A second communication unit connected to the first communication unit, a second storage unit for storing the authentication key, and a telephone number stored in the first storage unit of the communication terminal from the first communication unit to the second communication unit. An authentication device including a release unit that performs a release operation of the authentication device based on the telephone number and the authentication key.

  An authentication device in a security system using a mobile phone number as a key of the present invention is an authentication device of a security system using an authentication key, and a storage area of a communication terminal into which data is input via short-range communication means including wired means Means for using the telephone number stored in the authentication key as an authentication key for performing the releasing operation of the authentication device.

  A communication terminal in a security system using a mobile phone number as a key of the present invention is a communication terminal used in a security system by an authentication device using a telephone number as an authentication key, and is an application stored and executed in the communication terminal. The telephone number is stored as an authentication key in the storage area of the communication terminal, and the authentication key stored in the storage area has means for outputting data via short-range communication means including wired means.

  A program in a security system using a mobile phone number as a key of the present invention is a program stored in a communication terminal used in a security system by an authentication device using a phone number as an authentication key, and authenticates the phone number of the communication terminal. Means for storing data as a key in the storage area of the communication terminal and outputting the authentication key stored in the storage area via short-range communication means including wired means.

  In the security system, authentication device, communication terminal, and program using the mobile phone number as a key of the present invention, the key is verified by the authentication device alone without using the management server, so that the key can be exchanged even in an environment where a communication line cannot be prepared. It becomes possible. Therefore, since key verification can be processed only by the authentication device, there is no need to access the management server, and a pay communication line is not particularly required. Further, it has a feature that a mobile phone number as a key is stored in advance, and there is an effect that it is not necessary to input a password each time the authentication registration is canceled.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram showing a first embodiment of the security system of the present invention.

  The communication terminal 110 includes a control unit 111 that controls each part, a storage unit 112 that stores various information and applications, a display unit 113 that performs display, and a first communication unit that serves as a data transmission / reception port with an external device. An interface (I / F) 114, a transmission / reception wireless unit 115 for transmitting / receiving a radio signal, a transmission / reception unit 116 for transmitting / receiving a voice signal, and an operation unit 117 for inputting numbers and characters using a numeric keypad, etc. And an authentication unit 118 that cancels the use restriction of the communication terminal 110 by means such as fingerprint or face authentication. On the other hand, the authentication device 120 includes a control unit 121 that controls each part, a storage unit 122 that stores various types of information and applications, a display unit 123 that performs display, and a second data transmission / reception port that serves as an external device. It includes an interface (I / F) 124 as communication means and a release unit 129 that executes various release functions when the authentication keys match. Data transmission / reception between the communication terminal 110 and the authentication device 120 is performed between the I / F 114 of the communication terminal 110 and the I / F 124 of the authentication device 120 via the cable 130.

  FIG. 2 is a diagram for explaining the outline of the embodiment of the security system according to the present invention. (A) is advance preparation by a user, (b) is authentication registration by a registration worker, and (c) is a user. It is deregistration by. The outline of the embodiment of the present invention will be described first with reference to FIGS.

(Advance preparation)
The user communication terminal 110 downloads a communication terminal application dedicated to this system from the Internet or the like and stores it in the storage unit 112 of the communication terminal 110. After storage, the communication terminal 110 reads this dedicated application from the storage area 112 and activates the dedicated application. The activated dedicated application reads the telephone number, which is unique information of the communication terminal 110, and stores the telephone number in a specific address accessible only by the dedicated application in the storage unit 112. The stored telephone number is used as “key 1” for authentication.

(Certification registration)
The communication terminal 100 of the registered worker (assuming that it has the configuration shown in FIG. 1 as with the communication terminal 110) is connected to the authentication device 120 via the cable 130. Subsequently, the dedicated application (assumed to be downloaded in advance) stored in the storage unit 112 of the communication terminal 100 is activated in the “registration mode”. Here, it is assumed that the security in the activation in the “registration mode” is maintained so that only the registration worker can perform. The registration worker inputs the telephone number of the communication terminal (for example, communication terminal 110) to be registered from the operation unit 117 by key operation as an authentication key for deregistration. The activated dedicated application transfers the input telephone number to the authentication device 120. The authentication device 120 that has received the telephone number stores the telephone number in the storage unit 122. The stored telephone number is registered as “key 2”, and the authentication registration is completed.

(Unregister)
The user connects the communication terminal 110 and the authentication device 120 with the cable 130. The communication terminal 110 activates the dedicated application stored in the storage unit 112 this time in the “release mode”. The activated dedicated application transfers the telephone number (key 1) stored in the storage unit 112 of the communication terminal 110 to the authentication device 120. At this time, the user does not need to input an authentication key. Upon receiving the telephone number (key 1), the authentication device 120 compares it with the telephone number (key 2) stored in the storage unit 122. When the comparison results match, the registration is canceled, and a cancellation command is issued to the cancellation unit 129 to perform various cancellation operations. Finally, the dedicated application deletes the telephone number (key 2) stored in the storage unit 122. As a result, the authentication key is invalidated and the key is used only once for deregistration.

  Next, the operation of the embodiment of the security system according to the present invention will be described in detail with reference to FIG.

  FIG. 5 is a flowchart showing the operation of the embodiment of the security system according to the present invention.

  First, the user (registration canceller) connects the communication terminal 110 and the authentication device 120 using the cable 130 (S111). This connection is notified to the control unit 11 via the I / F 114. Subsequently, when the system is operated for the first time, the user needs to obtain a communication terminal application dedicated to the system. The control unit 111 determines whether the dedicated application is stored in the storage unit 112 of the communication terminal 110 (S112). If not stored, the control unit 111 of the communication terminal 110 connects the wireless unit 115 to a wireless LAN or mobile line, downloads a dedicated application, and stores it in the storage unit 112 (S113). In addition, as a method for obtaining the dedicated application 11A, in addition to the download method, it may be obtained from the authentication device 120 via the cable 130. However, in this case, the authentication apparatus 120 needs to store a dedicated application. Alternatively, in the embodiment of the present invention, the dedicated application may be built in the communication terminal 11 in advance.

  Next, the control unit 111 reads the downloaded application dedicated to this system from the storage unit 112 and activates it (S114). However, the user can start up when “cancel mode” is designated on the operation unit 117. When the dedicated application is activated for the first time (S115), the dedicated application executed under the control of the control unit 111 reads the telephone number, which is unique information of the communication terminal 110, from the communication terminal 110 (S116), and specifies the storage unit 112. (S117).

  As described above, the automatic reading of the telephone number and the writing operation to the specific address in the storage unit 112 are performed only when the dedicated application is activated for the first time. The telephone number stored in the specific address of the storage unit 112 that can be accessed only from the dedicated application is used as the “key 1” for authentication. In addition, the dedicated application can be activated only in the release mode for general users. That is, only a specific registrant can activate the “registration mode” described later. The advance preparation is now complete.

  Subsequently, authentication registration by the registrant is performed.

  The registration worker connects the communication terminal 100 of the registration worker and the authentication device 120 with the cable 130 (S101). This connection is notified to the control unit 11 via the I / F 114. Subsequently, the registration worker activates the dedicated application stored in the storage unit 112 of the communication terminal 100 in the “registration mode” (S102). This activation is assumed to be activated based on the control of the control unit 111 while maintaining security by the authentication unit 118. Here, it is assumed that the communication terminal 100 owned by the user and the communication terminal 110 owned by the registered worker are different terminals. The reason is that the user (registration canceller) and the registration worker may not be in the same place or may be different persons even in the same place. Here, a description will be given below using the communication terminal 100 of the registered worker.

  The registration worker inputs a mobile phone number to be used as an authentication key from the registration worker's communication terminal 100 by means that are not automatically read (such as key input from the operation unit 107) (S103). That is, even if there is no communication terminal having a telephone number that is to be used as an authentication key, authentication registration can be performed if the registration worker knows the telephone number that is to be used as an authentication key for deregistration. The activated dedicated application transfers the input telephone number to the authentication device 120 via the I / F 114 (S104). The authentication device 120 that has received the telephone number stores the telephone number in the storage unit 122. The stored telephone number is used as “key 2”. This completes the authentication registration.

  What should be noted in the authentication registration step described above is that only the registration worker is permitted to start the registration mode for the dedicated application and can perform the registration work. The use of the registered worker is permitted by the authentication unit 108 by means such as fingerprint, voiceprint, face authentication. This prevents the communication terminal from being used maliciously by a third party. When the registration worker and the user are the same person, there is no need to particularly distinguish between the communication terminal 100 used for registration work and the communication terminal 110 used for service use.

  Subsequently, the registration is canceled to start using the service.

  A user who wants to receive a service (registration canceller) connects the communication terminal 110 and the authentication device 120 with the cable 130 (S111). Since the advance preparation has been completed, the control unit 111 skips the dedicated application download operation (S113) and the telephone number read / write operation (S116 to S117).

  The user activates the dedicated application stored in the storage unit 112 of the communication terminal 110 in the “release mode” (S114). The dedicated application activated under the control of the control unit 11 transfers the telephone number (key 1) stored in the storage unit 112 of the communication terminal 110 from the I / F 114 to the authentication device 120 (S118). Upon receiving the telephone number (key 1) (S123), the control unit 121 of the authentication device 120 compares the telephone number (key 2) stored in the storage unit 122 (S124). If the comparison results match, the controller 121 cancels the registration, issues a cancel command to the cancel unit 129, and performs various cancel operations (S125). Finally, the control unit 121 deletes the telephone number (key 2) stored in the storage unit 122 (S126). As a result, the authentication key is invalidated and the key is used only once for deregistration. On the other hand, if the key 1 and the key 2 do not match in the comparison in S124, the process shifts to waiting for reception of the telephone number (key 1) (S123). That is, in this case, the registration is not canceled and the service cannot be used.

  What should be noted in the above deregistration step is that the telephone number which is the unique information of the communication terminal 110 is used as the authentication key 1, and the telephone number to be used as the authentication key for cancellation is: It is a point that cannot be input by a key operation or the like from the operation unit 117. In other words, the reading of the telephone number (key 1) written in the specific address of the storage unit 112 of the communication terminal 110 and the transfer of the telephone number to be used as the authentication key to the authentication device 120 are performed by a dedicated application. Can only be executed. That is, only a telephone number unique to the communication terminal can be transferred from the user's communication terminal to the authentication device 120, and an arbitrary telephone number cannot be transferred.

  Therefore, registration can be canceled only for communication terminals whose telephone numbers are registered in advance as authentication keys, and a highly secure security system can be realized. Further, it is not necessary to input a password each time when canceling the registration, and it is possible to realize a high convenience that the registration can be canceled if a predetermined communication terminal is possessed.

  In this embodiment, an example in which a registration function and a cancellation function are realized by using two different modes (registration mode and cancellation mode) separately in one dedicated application is shown. On the other hand, it goes without saying that even a method of using a separate application for each function is included in the scope of the features of the present invention.

  As explained above, even if the registered worker and the user (unregistered person) are not in the same place, or even if they are in the same place and are different people, the registered worker is authenticated and registered. If the user knows the telephone number of the communication terminal possessed by the user, the authentication registration can be performed even if the communication terminal possessed by the user is not present. On the other hand, when the user cancels the registration, the user does not need to input a password each time. If the user has a communication terminal whose telephone number is registered in advance as an authentication key, the user can immediately cancel the registration.

  Next, another embodiment of the security system according to the present invention will be described.

  FIG. 3 is a schematic block diagram showing a second embodiment of the security system according to the present invention. 3, the communication terminal 210 includes an infrared I / F 214 instead of the I / F 114 of the communication terminal 110 of FIG. 1, and the authentication device 220 is also replaced with the I / F 124 of the authentication device 120 of FIG. An infrared interface that performs short-range wireless communication is mounted as the interface 224. Other configurations are the same as those in FIG. With this configuration, it is possible to transmit and receive data between the communication terminal 210 and the authentication device 220 without the need for passing through the cable 130.

  FIG. 4 is a schematic block diagram showing a third embodiment of the security system according to the present invention. In FIG. 4, the communication terminal 310 is equipped with FeliCa, which is a non-contact IC card technology, and the authentication device 320 also has the configuration of FIG. 1 except that a non-contact IC card reader / writer is installed as an interface 324. The same. With this configuration, a non-wired connection can be made as in the second embodiment. Further, the following configuration may be added.

  That is, the control unit 111 of the communication terminal 310 uses the storage unit 312 of the non-contact IC card as a storage destination of the key 1 created when the dedicated application stored in the storage unit 112 is activated for the first time. The storage location of the key 1 is the storage unit 312 of the non-contact IC card, and data communication (cyber) using the communication function in the mobile FeliCa is performed to start a dedicated application on the communication terminal when performing registration cancellation. There is no need. This is because the storage unit 312 of the contactless IC card can be accessed on the communication terminal regardless of the activation state of the dedicated application. Furthermore, the effect that convenience increases can be expected.

  As described above, the embodiment according to the present invention is a security system using a mobile phone number as a key, and does not require access to a server in authentication work when using the system. That is, the authentication work is completed only by local processing between the communication terminal and the authentication device. Therefore, no communication processing time or cost is required for authentication. With regard to the infrastructure, the communication line equipment is completely unnecessary in the authentication apparatus, and the use of the communication line is limited to the first time that the application is downloaded in the communication terminal. In situations where the use of communication lines is limited, the superiority of this system stands out and has a significant effect.

  The second effect is that authentication registration is possible even when the registration worker and the user (unregistered person) are not in the same place, or even if they are in the same place and are different people. The system is very convenient to use. That is, when performing authentication registration, authentication registration can be performed if the registration operator knows the telephone number even if the user has no communication terminal.

  The third effect is that when the user cancels registration, it is not necessary to input a password each time. In the embodiment of the present invention, a telephone number that is unique to a communication terminal is used as an authentication key, and is stored in advance in a specific storage unit in the communication terminal. Therefore, communication in which the telephone number is registered as an authentication key in advance. If you have a terminal, you can cancel registration without entering a password.

  The fourth effect is that an authentication key unique to the authentication device is not required. In the embodiment of the present invention, since the key 2 is input every time authentication registration is performed, the key can be changed in correspondence with the communication terminal that performs registration cancellation. That is, since the authentication key is not fixed, it has high security against the accident of leakage of the authentication key and crime.

  It can be said that the effect of providing such a security system having both high safety and convenience is extremely large in the industry.

It is a block diagram which shows 1st Embodiment of the security system by this invention. It is explanatory drawing explaining the outline | summary of embodiment of the security system by this invention. It is a schematic block diagram which shows 2nd Embodiment of the security system by this invention. It is a schematic block diagram which shows 3rd Embodiment of the security system by this invention. It is a flowchart showing operation | movement of embodiment of the security system by this invention. It is explanatory drawing explaining the authentication procedure of the conventional security system.

Explanation of symbols

100 Communication terminal 110, 210, 310 Communication terminal 120, 220, 320 Authentication device 130 Cable 112, 312 Storage unit 122 Storage unit 111 Control unit 121 Control unit 114, 214, 314 I / F
124, 224, 324 I / F

Claims (9)

A communication terminal including a first storage unit that stores a predetermined application and a telephone number read by the application; and a first communication unit;
A second communication unit connected to the first communication unit; a second storage unit for storing an authentication key; and the telephone number stored in the first storage unit of the communication terminal. An authentication device including release means for performing a release operation of the authentication device based on the telephone number and the authentication key when sent and received from the communication means via the second communication means;
Including security system. A communication terminal including a first storage unit that stores a predetermined application and a telephone number read by the application; and a first communication unit;
A second communication unit connected to the first communication unit; a second storage unit for storing an authentication key; and the telephone number stored in the first storage unit of the communication terminal. An authentication device including release means for releasing the authentication key based on the telephone number and the authentication key when sent and received from the communication means via the second communication means;
The phone number of the first communication terminal used as an authentication key for deregistration is stored in advance in the storage unit of the authentication device, and the second communication terminal used for deregistration when deregistration is performed. A telephone number is transmitted and received from the storage unit of the second communication terminal to the storage unit of the authentication device from the first communication unit via the second communication unit, and the telephone number of the first communication terminal and the A security system in which the authentication key is released when the telephone number of the second communication terminal matches. The security system according to claim 1 or 2, wherein the first and second communication means are wired communication means. The security system according to claim 1 or 2, wherein the first and second communication means are short-range communication means. 3. The security system according to claim 1, wherein the first and second communication means are a non-contact IC card and a non-contact IC card reader / writer, respectively. 6. The security system according to claim 5, wherein the storage area for storing the telephone number is a memory area of the contactless IC card. An authentication device for a security system using an authentication key,
A communication means for receiving a telephone number unique to the communication terminal from the communication terminal;
A storage unit for storing the telephone number received via the communication means;
A control unit for determining whether the telephone number is the same as a pre-registered authentication key;
A release unit that performs a predetermined release when the telephone number and the authentication key match,
Authentication device including A security system communication terminal using an authentication key,
A storage unit for storing the application;
A control unit for executing an application that reads out from the communication terminal a telephone number unique to the communication terminal as the authentication key and writes it in the storage unit;
Communication means for outputting the authentication key written in the storage unit;
Including communication terminals. A program executed on a communication terminal of a security system using an authentication key,
A program for storing a telephone number of the communication terminal as an authentication key in a storage area of the communication terminal, and outputting the authentication key stored in the storage area by wired communication means or near field communication means.

Images