JP2007293774A - Authentication unit and authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication unit and an authentication system having a lock function in which the authentication for using a computer device is not performed even when the computer device or the authentication unit is stolen. <P>SOLUTION: The authentication system consists of an apparatus to be locked 20 and an authentication unit 10 having a lock function capable of sending the authentication key to the apparatus to be locked 20 and using the apparatus to be locked 20. The authentication unit 10 is provided with a pattern registering means 19 which registers the information related to the positional information showing the position where the apparatus to be locked 20 is used normally, and an authentication key generation means 14. The authentication key generation means 14 performs the authentication by generating the authentication key based on the information related to the positional information registered in the pattern registration means 19 and sending it to the apparatus to be locked 20. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an authentication unit and an authentication system for preventing a theft of a hard disk device built in a computer device and unauthorized access to the computer device or various resources from the computer device via a network. In particular, the present invention relates to an authentication unit and an authentication system in which an authentication key is generated and authenticated based on position information for specifying a regular use place (position) where a lock target device is used.

  A computer device currently used by many users installs a processor chip, an OS startup program, and an OS (operating system / calculation / control program) on a hard disk built in the computer device, and the OS is started by the OS startup program. When activated, the processor chip is configured to control various resources in the computer device according to the OS and perform arithmetic operations.

  The hard disk device is divided into an area managed and used by the OS and an area used by the user, and application programs necessary for the user to use the computer device are installed in the user used area of the hard disk device under the management of the OS. , Operating under the control of the OS. In addition, data created by the user operating the computer device (starting a desired application) can also be stored in the user use area of the hard disk device.

  In addition, when a computer device is placed in a network environment, it accesses resources such as various servers and shared file devices in the network according to the network environment conditions set for the network and the user's computer device. Data permitted in the computer device can be acquired or the data can be rewritten.

  Further, when the computer device is placed in a network environment where an external network can be accessed from the LAN (local area network) via the Internet, various resources such as an external WEB server accessible via the Internet network. Can also be used.

  Such a computer device is also used for creating and storing highly confidential information in a company or the like. Therefore, the computer device is used by a third party who is not allowed to steal or originally use the computer device. There is a risk that confidential information may be leaked. In order to prevent such a situation, security measures for the computer apparatus and the network are required.

  Various methods have been proposed as security measures for computer devices, and many methods are actually applied. Generally, there is a method in which a personal authentication function is installed in the OS startup program, the password set by the original user is input when the OS is started, and the OS is started by checking the set password. In this method, if the password is stolen or the password is taught to another person, the original security function cannot be achieved, and it cannot be said that it is an advanced security measure.

  Also, there is an authentication unit that uses a USB memory connected to a computer device via a USB port, and stores authentication information such as a personal ID, a computer device ID, an authentication code for starting the computer, and authentication key information in the USB memory. Commonly used. Whether the user of the computer device is a valid user based on the authentication information stored in the USB memory by connecting the USB memory issued to the user to the computer device when using the computer device Authenticate When the authentication is normally performed, the OS of the computer apparatus is activated, and the user can use the computer apparatus.

  When such an authentication unit including a USB memory is used, as long as personal management of the authentication unit is strictly performed, the computer device cannot be used unless an authorized user authentication unit is connected to the computer device. , Improve safety. However, in the case of such an authentication unit, the authentication unit may be misplaced on the desk on which the computer device is installed, and the authentication unit may be illegally used by a third party. When the computer device is a portable notebook PC or the like, the notebook PC and the authentication unit may be paired and stolen.

  As a security measure for a computer device using a USB memory, for example, the following Patent Document 1 (Japanese Patent Laid-Open No. 2002-341957) discloses a method for starting a computer using a removable unit such as a flash memory. Yes. In this computer startup method disclosed in Patent Document 1, a removable unit that is detachable from a computer main body includes a general data recording unit and a user code recording unit made of a flash memory, and can be used as an MP3 player. The BIOS-ROM includes a unit code recording unit, an interface unit to which the removable unit is connected, and a control unit that allows the system to be activated when the user code matches the unit code.

  When the computer user starts the computer, the removable unit is connected to the computer main body. The user code is sent from the removable unit to the computer via the interface, and the controller of the computer compares the contents of the user code with the contents of the unit code. If they match, the system is allowed to start. If they do not match, system startup is not permitted. By doing so, it is possible to start up the computer only when the correct removable unit is connected by simply connecting the removable unit to the computer body without using a password.

  According to this method, as long as the removable unit is properly managed by the user, an operation such as password entry is unnecessary and convenient, but the removable unit is stolen or lent to a third party. If this happens, you will not be able to perform the security function, which is not much different from using a password.

  To solve this problem, if a server room with security is provided and a system in which the client does not have a hard disk is built, access via the network is relatively easy even though the hard disk can be taken out or stolen. Easily possible.

  Furthermore, the following Patent Document 2 (Japanese Patent Laid-Open No. 2004-265166) discloses an IC card reader / writer using biometric authentication by fingerprint. This IC card reader / writer uses an IC card reader / writer connected to a computer device by USB to read an IC card for personal authentication and performs authentication. At that time, fingerprint authentication is added. This improves the security function.

  In other words, this IC card reader / writer has a terminal board conforming to the ISO 7816 standard, a USB socket, an IC card R / W unit that reads by inserting an IC card, and a unit base that has a USB receiving socket. The IC card R / W unit can be used as an IC card reader / writer in a state in which the IC card R / W unit is fitted to the unit base, and the IC card can be used without using the unit base. An IC card reader / writer that can be used as a single IC R / W unit and also as an IC card R / W. The unit base includes a fingerprint sensor and a USB hub device.

Japanese Patent Laying-Open No. 2002-341957 (FIG. 3) JP 2004-265166 A (FIG. 1)

  However, in the method using the removable unit disclosed in Patent Document 1 as an authentication unit, as long as the authentication unit is strictly managed as described above, the authentication unit of a legitimate user is a computer. Unless connected to the device, the computer device cannot be used, and safety is improved. However, in the case of such an authentication unit, it may be left on the desk on which the computer device is installed, and there is a problem that the authentication unit may be illegally used by a third party during this time. In particular, when the computer device is a portable notebook PC or the like, there is a problem that the notebook PC and the authentication unit may be stolen.

  According to the authentication method using IC card reader / writer and fingerprint authentication disclosed in Patent Document 2, the security function can be improved because biometric authentication is used, but the fingerprint authentication device is expensive. There is a point. In addition, the biometric authentication means has a problem that the authentication accuracy is affected by the state of the biometric. For example, in fingerprint authentication, the fingerprint data read by the fingerprint sensor differs between when the palm is sweating and when it is not, and it does not match the authentication data even though the person's fingerprint is read The case where becomes. If the resolution of the authentication data is lowered and the authentication accuracy is relaxed, even fingerprints other than the person will pass the authentication.

  Furthermore, in the biometric authentication, there is a problem that there is no means to prevent this when the person is restricted by illegal means and the authentication operation is forced. For example, in fingerprint authentication, it is only necessary for the fingerprint sensor to read the fingerprint of the person, and it is not possible to determine whether or not the reading of the fingerprint is forced against the intention of the person. In fingerprint authentication, multiple fingerprints are registered for authentication, and when some of them are authenticated, there are various methods such as passing authentication, changing the finger used for authentication periodically, etc. However, in this case, there are problems that the processing time required for authentication increases and the cost of the authentication device further increases.

  As a result of various studies to solve the above problems, the inventor of the present application has found that a computer device or the like has been illegally used at or near the place where the computer device was properly used. If the location information related to the location that identifies the location where the computer device has been properly used is recorded in the authentication unit and authentication is not possible at other locations, the above-mentioned The present invention has been completed by conceiving that problems can be solved.

  The information for identifying the place where the computer device has been used normally receives radio waves from a plurality of transmitting stations that are installed at predetermined positions and transmit radio waves, and identifies the location by the receiving station and the reception pattern of the received radio waves. Although used as information, it may be position information specified by other means such as GPS positioning means.

  That is, an object of the present invention is to provide an authentication unit and an authentication system in which authentication for using the computer device is not performed even if the computer device or the authentication unit is stolen.

In order to solve the above-mentioned problem, the invention according to claim 1 of the present application is
In an authentication system comprising: a lock target device; and an authentication unit having a lock function that sends an authentication key to the lock target device so that the lock target device can be used.
The authentication unit includes a pattern registration unit for registering information related to position information indicating a place where the lock target device is normally used, and an authentication key generation unit.
The authentication key generation unit generates an authentication key based on information related to the position information registered in the pattern registration unit, and sends the authentication key to the lock target device.

The invention according to claim 2 of the present application is the authentication system according to claim 1,
The authentication unit further includes a receiving unit that receives radio waves from surrounding transmitting stations, a receiving information analyzing unit that analyzes the receiving sensitivity of each transmitting station and the received radio waves, and a reception sensitivity pattern that is analyzed by the receiving information analyzing unit. Pattern registration means for registration, wherein the information related to the position information is a reception sensitivity pattern registered in the pattern registration means, and the authentication key generation means generates an authentication key based on the reception sensitivity pattern It is characterized by doing.

  The invention according to claim 3 of the present application is characterized in that, in the authentication system according to claim 2, the reception sensitivity pattern is determined by a predetermined number of transmission stations and reception sensitivity of the transmission radio wave in order of good reception sensitivity. To do.

  The invention according to claim 4 of the present application is the authentication system according to claim 3, wherein the reception sensitivity pattern is registered in the pattern registration unit so that the reception sensitivity analyzed by the reception information analysis unit has a predetermined allowable range. It is characterized by being.

  The invention according to claim 5 of the present application is the authentication system according to any one of claims 2 to 4, wherein the pattern registration means is configured to be able to register a plurality of reception sensitivity patterns registered at different locations. It is characterized by that.

The invention according to claim 6 of the present application is
In an authentication unit having a lock function for sending an authentication key to a lock target device and making the lock target device available, the authentication unit registers information related to position information indicating a place where the lock target device is used normally A registration means and an authentication key generation means,
The authentication key generation unit generates an authentication key based on information related to the position information registered in the pattern registration unit, and sends the authentication key to the lock target device.

The invention according to claim 7 of the present application is the authentication unit according to claim 6,
The authentication unit further includes a receiving unit that receives radio waves from surrounding transmitting stations, a receiving information analyzing unit that analyzes the receiving sensitivity of each transmitting station and the received radio waves, and a reception sensitivity pattern that is analyzed by the receiving information analyzing unit. Pattern registration means for registration, wherein the information related to the position information is a reception sensitivity pattern registered in the pattern registration means, and the authentication key generation means generates an authentication key based on the reception sensitivity pattern It is characterized by doing.

  The invention according to claim 8 of the present application is characterized in that, in the authentication unit according to claim 7, the reception sensitivity pattern is determined by a predetermined number of transmission stations and reception sensitivity of the transmission radio wave in order of good reception sensitivity. To do.

  The invention according to claim 9 of the present application is the authentication unit according to claim 8, wherein the reception sensitivity pattern is registered in the pattern registration unit so that the reception sensitivity analyzed by the reception information analysis unit has a predetermined allowable range. It is characterized by being.

  The invention according to claim 10 of the present application is configured such that, in the authentication unit according to any one of claims 7 to 9, the pattern registration means can register a plurality of reception sensitivity patterns registered at different locations. It is characterized by that.

  In the invention according to claim 1, the authentication unit includes pattern registration means for registering information related to position information indicating a place where the lock target device is properly used, and an authentication key generation means, and the authentication unit The key generation unit generates an authentication key based on information related to the position information registered in the pattern registration unit, and sends the authentication key to the lock target device.

  According to such a configuration, an authentication key corresponding to an authorized location is generated, and authentication can be performed only in the case of an authentication process performed at an authorized location. Therefore, the lock target device and the authentication unit are stolen. However, it cannot be used outside the authorized place and cannot be used illegally. For this reason, security can be improved.

  According to a second aspect of the present invention, in the authentication system according to the first aspect, the authentication unit further includes a receiving unit that receives radio waves of surrounding transmitting stations, and a receiving unit that analyzes each transmitting station and reception sensitivity of the received radio waves. An information analysis means; and a pattern registration means for registering the reception sensitivity pattern analyzed by the reception information analysis means, wherein the information related to the position information is a reception sensitivity pattern registered in the pattern registration means. The authentication key generating means generates an authentication key based on the reception sensitivity pattern.

  According to such a configuration, since the reception sensitivity pattern of the received radio wave from the transmitting station determined by the location is used as position information for specifying the regular use location, the function of registering the radio wave receiving means and the reception sensitivity pattern in the authentication unit Position information for easily specifying the position can be obtained simply by adding. In addition, any transmission station can be used as long as the position of the transmission station can be specified, such as a base station of a mobile phone of various communication systems such as PHS, GSM, PDC, and CDMA, or a transmission station of a broadcasting station. It may be a simple transmitting station, and an existing infrastructure can be used. This eliminates the need for capital investment. Further, since the authentication unit is used exclusively for receiving radio waves, it can be freely manufactured without legal restrictions.

  According to a third aspect of the present invention, in the authentication system according to the second aspect, the reception sensitivity pattern is determined by a predetermined number of transmission stations and reception sensitivity of the transmission radio waves in order of good reception sensitivity. .

  According to such a configuration, it is possible to obtain accurate position information for specifying a location by specifying several transmitting stations in order of good reception sensitivity and registering reception sensitivity patterns.

  In the invention according to claim 4, in the authentication system according to claim 3, the reception sensitivity pattern is registered in the pattern registration unit so that the reception sensitivity analyzed by the reception information analysis unit has a predetermined allowable range. .

  According to such a configuration, even if there is a variation in reception sensitivity depending on the reception environment of radio waves, it is possible to correctly obtain position information that specifies a regular use place. In addition, since it is possible to specify a place within a certain range of reception sensitivity without pinpointing a regular use place, not only a work place in the building but also a conference room with a different place can be used properly. It becomes possible to authenticate as a place.

  According to a fifth aspect of the present invention, in the authentication system according to any one of the second to fourth aspects, the pattern registration means is configured to be able to register a plurality of reception sensitivity patterns registered at different locations. .

  According to such a configuration, it is possible to register reception sensitivity patterns of radio waves received at multiple locations as regular usage locations in the same authentication unit, so the user can use the device to be locked at multiple regular usage locations. In this case, the authentication unit can be used at each location.

  In the inventions according to claims 6 to 10, it is possible to provide authentication units constituting the authentication system according to claims 1 to 5, respectively.

  Hereinafter, specific examples of the present invention will be described in detail with reference to examples and drawings. However, the embodiment shown below exemplifies an authentication unit and an authentication system having a lock function for embodying the technical idea of the present invention, and the present invention is specified to the authentication unit and the authentication system. And is equally applicable to authentication units and authentication systems of other embodiments that fall within the scope of the claims.

  FIG. 1 is a diagram illustrating a configuration of an authentication system including an authentication unit 10 according to an embodiment of the present invention and a lock target device 20 such as a computer device. In this embodiment, the authentication unit 10 is composed of a USB memory which is a removable memory, and the lock target device 20 is provided with a USB port for connecting the authentication unit 10 as will be described later.

  The authentication unit 10 includes an antenna 11, a receiving unit 12, a pattern registration unit 19, an authentication key generation unit 14, an input unit that receives radio waves transmitted from a predetermined installation position such as a transmission station installed in a mobile phone base station or broadcasting station. An output unit 13 is provided. First, the user receives transmission radio waves from a plurality of peripheral transmission stations CSa to CSn at a regular use place of the lock target device 20, for example, a predetermined business office. Since the transmission radio wave includes a transmission station ID, each transmission station ID is associated with radio wave reception sensitivity, reception sensitivity patterns of a plurality of transmission stations are specified, and registered in the pattern registration means 19.

  Since the radio wave reception sensitivity depends on the transmission station and the reception location, if the radio wave reception sensitivity of a plurality of transmission stations CSa to CSn that can be received at a specific business site is patterned, the location for specifying the location of the business site It can be information. In other words, if the location where radio waves are received differs, the pattern of radio wave reception sensitivity that can be received from a plurality of transmission stations that can be received at that location will be different, and the reception location can be specified by the pattern of the transmission station and reception sensitivity. .

  The authentication unit 10 registers the reception sensitivity pattern of the radio wave from the transmission station received at the regular place as described above in the pattern registration means 19 and authenticates in the authentication key generation means 14 based on the registered pattern. A key is generated, and this authentication key is sent to the lock target device 20 and stored as authentication information. When this processing is completed, thereafter, when the lock target device 20 is used, the authentication unit 10 is connected to the lock target device 20, and the authentication unit 10 receives radio waves from each transmitting station each time and receives the reception sensitivity pattern. And is compared with the reception sensitivity pattern registered in the pattern registration means 19.

  If the collation results match, it can be seen that the lock target device 20 and the authentication unit 10 are connected at a regular predetermined place, so the authentication key generating means 19 uses an authentication key based on the registered reception sensitivity pattern. It is generated and sent to the lock target device 20, and the lock target device 20 receives the authentication key and collates it with the stored authentication information to release the lock. As a result, the lock target device 20 can be used. In addition to the information generated based on the reception sensitivity pattern, the authentication key may be added with the personal ID or registered password of the authorized user of the lock target device 20. Further, the authentication key may be encrypted by applying a known encryption method.

  According to such a configuration, since the reception sensitivity pattern of the received radio wave from the transmitting station determined by the location is used as the positional information for specifying the regular use location, the reception unit 12 that receives the radio wave to the authentication unit 10 and the reception sensitivity pattern It is possible to easily obtain position information for specifying the position simply by adding a function for registering the. The transmitting station can use an existing infrastructure such as a mobile phone base station or a broadcasting station transmitting station, so there is no need for capital investment, and the authentication unit 10 is used exclusively for receiving radio waves. Therefore, it can be manufactured freely without legal restrictions.

  FIG. 2 is a block diagram showing a detailed configuration of the authentication unit and the authentication system of FIG. In FIG. 2, the lock target device is the computer device 20, and the authentication unit 10 is a USB memory. The computer device 20 includes an OS 21, a display unit 22, an input unit 23, an OS activation unit 24, an authentication unit 25, and a USB port 26, similar to a normal computer device.

  The computer device 20 unlocks the computer device 20 as follows when the authentication means 25 performs authentication processing and authentication is obtained. That is, when the authentication is obtained, the authentication unit 25 permits the operation of the OS activation unit 24, and the OS activation unit 24 activates the OS 21 to be in a usable state. The authentication process will be described later.

  The authentication unit 10 is configured by a USB memory. Unlike a general USB memory, the authentication unit 10 receives radio waves transmitted from a transmitting station such as a mobile phone base station or broadcasting station in addition to the USB controller 15 and the input / output unit 13. An antenna 11, a receiving unit 12, a received information analyzing unit 17, and an authentication key generating unit 14. Radio waves received from the surrounding transmitting stations are received by the receiving unit 12, and the reception information analyzing means 17 analyzes the ID and reception sensitivity of the transmitting station of the received radio waves. Then, a predetermined number, for example, 4 to 5 transmitting stations are specified in the order of good receiving sensitivity, and the pattern registration means uses the ID of the specified transmitting station and the receiving sensitivity of the radio wave received from the transmitting station as a receiving sensitivity pattern. 19 is registered.

  The authentication key generation unit 14 generates an authentication key based on the reception sensitivity pattern registered in the pattern registration unit 19. The authentication key generated by the authentication key generation means 14 is sent to the computer device 20 and stored as authentication verification data in the authentication means 25.

  When unlocking the computer device 20, the user connects the authentication unit 10 to the computer device 20 and receives radio waves from surrounding transmitting stations in the same manner as when the reception sensitivity pattern is registered. Similarly to the reception sensitivity pattern registration, the reception sensitivity and pattern of each radio wave at that location are analyzed and collated with the reception sensitivity pattern registered in the pattern registration means 19. If the reception sensitivity patterns match, the operation is performed at a predetermined location, and the authentication key generated by the authentication key generation unit 14 is sent to the computer device 20.

  The computer device 20 collates the authentication key sent from the authentication unit 10 with the previously stored authentication key, and when the authentication is successful, the lock is released and the OS activation means is activated to activate the OS 21. As a result, the computer device 20 can be used.

  FIG. 3 is a diagram showing the data structure of the reception sensitivity pattern registered in the pattern registration means 19. As shown in FIG. 3, it is assumed that the reception information analysis unit 17 specifies four transmission stations in order of good reception sensitivity and registers reception sensitivity patterns. In the pattern PTa, four transmission stations CSa to CSd are specified, and the reception sensitivity of radio waves received from the respective transmission stations is registered in association with each other. In other words, the radio wave reception sensitivity of the transmission station CSa is 43 dbu, and similarly, the radio station reception sensitivity of the transmission station CSd is 65 dbu.

  Even if the reception location is the same, the radio wave reception sensitivity varies depending on various conditions during reception. Therefore, the allowable value of the reception sensitivity is set to a certain width for the value of the reception sensitivity, for example, 10% in the pattern PTa of FIG. Therefore, when determining the reception sensitivity pattern, it is determined that the radio wave from each transmitting station is received at the same position if the allowable value is not within the range.

  In this way, by setting an allowable value with a certain width in the reception sensitivity pattern, even if the reception location is slightly changed, it can be determined as a regular location. In the case of a notebook PC or the like, there is a case where it is used in a conference room after moving from a desk which is a predetermined use place. In such a case, if the reception sensitivity pattern is registered strictly, there is a risk that even a slight movement of the place may determine that the place is not a regular place of use, but a permissible value is given as described above. Such inconvenience can be avoided.

  In the example of FIG. 3, the pattern registration unit 19 is configured to register a plurality of reception sensitivity patterns. That is, when the user of the authentication unit 10 is in an environment where he / she works in the head office, sales office, branch office, etc., the reception sensitivity pattern can be registered at each location. Since the reception sensitivity patterns registered at this time are different at each location, as shown in FIG. 3, the reception sensitivity pattern PTa at the head office, the reception sensitivity pattern PTb at the sales office, and the reception sensitivity PTc at the branch office. Register with.

  In this way, the computer device 20 can be used in different places with the same authentication unit 10. The computer device 20 to be locked may be the same for a plurality of locations (in the case of a mobile device such as a notebook PC), and may be a different computer device (in the case of a desktop PC or the like) at each location. Also good.

  When the same computer device such as a notebook PC is targeted, a plurality of authentication keys based on the reception sensitivity pattern registered by the authentication unit at each location are registered as authentication verification data in the same PC. In this way, the notebook PC and the authentication unit can be moved and the same notebook PC can be used at each location. Further, an authentication key generated based on the reception sensitivity pattern registered at the installation location may be registered in the computer devices 20 installed at different locations. In this way, authentication can be performed in different computer devices 20 installed at different locations by the same authentication unit 10.

  Next, an authentication processing procedure of the authentication system according to the present invention will be described. FIG. 4 is a flowchart showing a processing procedure for registering a reception sensitivity pattern at a predetermined use place, and FIG. 5 is a flowchart showing a processing procedure when a lock target device is used.

  In the flowchart of FIG. 4, first, in the process of step S11, the user receives transmission radio waves from a plurality of transmission stations CSa to CSn in the vicinity of the regular use place of the lock target device 20, for example, a predetermined office. 12 receives. Since the transmission radio wave includes the transmission station ID, the reception information analysis unit 17 associates each transmission station ID with the radio wave reception sensitivity in the process of step S12, specifies the reception sensitivity pattern of a plurality of transmission stations, and In step S13, registration is performed in the pattern registration means 19.

  Next, the authentication unit 10 generates and registers an authentication key in the authentication key generation unit 14 based on the pattern registered in the pattern registration unit 19 in the process of step S14.

  As described above, since the radio wave reception sensitivity depends on the transmission station and the reception location, if the radio wave reception sensitivities of a plurality of transmission stations CSa to CSn that can be received at a specific business site are patterned, the business It is possible to use positional information that identifies the location of the place. In other words, if the location where radio waves are received differs, the pattern of radio wave reception sensitivity that can be received from a plurality of transmission stations that can be received at that location will be different, and the reception location can be specified by the pattern of the transmission station and reception sensitivity. .

  When the user uses the computer device 20, as shown in the flowchart of FIG. 5, the authentication unit 10 is connected to the computer device 20 in step S21, and the reception is performed in the process of step S22 in the same manner as when the reception sensitivity pattern is registered. The unit 12 receives radio waves from surrounding transmitting stations. Similarly to the reception sensitivity pattern registration, the reception information analysis means 17 analyzes the reception sensitivity and pattern of each radio wave at the place in the process of step S23, and the reception registered in the pattern registration means 19 in the process of step S24. Match the sensitivity pattern. If the reception sensitivity patterns match, the operation is performed at a predetermined location. Therefore, the process proceeds to step S25, and the authentication key generated by the authentication key generation unit 14 is sent to the computer device 20.

  In the process of step S26, the computer device 20 compares the authentication key sent from the authentication unit 10 with the previously stored authentication key, and when the authentication is successful, the lock is released and the OS booting unit operates. The OS 21 is started. As a result, the computer device 20 can be used. If it does not match the registered pattern, an authentication warning is output in the processing of step S27 and the process is terminated.

  In the embodiment described above, the example in which the transmission station of the received radio wave and the pattern of the reception sensitivity are used as the positional information for specifying the location where the radio wave is received is described. It is also possible to obtain by this method. Further, the authentication unit is not limited to the USB memory, and a mobile phone or the like can be used. For example, if the authentication unit 10 is a mobile phone equipped with GPS positioning means, a method of receiving a GPS satellite signal and specifying the position can be used. When considering an underground shopping area that cannot receive GPS satellite signals, a method of acquiring a location information from an information distribution server such as a map distribution server by setting a specific place of use in a mobile phone as an authentication unit. Is also possible.

  According to the present invention, the authentication key is generated based on the position information for specifying the regular use place. Therefore, it is possible to cope with theft of a computer device or the like and to suppress theft. In addition, unauthorized use of computer equipment and the like can be prevented, and security can be improved: useful.

1 is a system configuration diagram showing a schematic configuration of an authentication unit and an authentication system having a lock function according to an embodiment of the present invention. It is a block diagram which shows the detailed structure of the authentication unit and authentication system of FIG. It is a figure which shows the structure of the registration pattern of the information which specifies the regular use place registered into an authentication unit. It is a schematic flowchart which shows the operation | movement procedure which registers the pattern of the information which specifies a regular use place in an authentication unit, and produces | generates an authentication code. It is a flowchart which shows the operation | movement procedure which performs an authentication process between lock target apparatuses using an authentication unit.

Explanation of symbols

10 .... Authentication unit 11 ... Antenna 12 ... Receiving unit 13 ... I / O unit 14 ... Authentication key generation means 15 ... USB controller 17 ... Reception Information analysis unit 19... Pattern registration means 20... Lock target device (computer device)
21 ... OS
22 .... Display means 23 ... Input means 24 ... OS activation means 25 ... Authentication means 26 ... USB port

Claims (10)

In an authentication system comprising: a lock target device; and an authentication unit having a lock function that sends an authentication key to the lock target device so that the lock target device can be used.
The authentication unit includes a pattern registration unit for registering information related to position information indicating a place where the lock target device is normally used, and an authentication key generation unit.
The authentication system, wherein the authentication key generation unit generates an authentication key based on information related to the position information registered in the pattern registration unit and sends the authentication key to the lock target device.   The authentication unit further includes a receiving unit that receives radio waves from surrounding transmitting stations, a receiving information analyzing unit that analyzes the receiving sensitivity of each transmitting station and the received radio waves, and a reception sensitivity pattern that is analyzed by the receiving information analyzing unit. Pattern registration means for registration, wherein the information related to the position information is a reception sensitivity pattern registered in the pattern registration means, and the authentication key generation means generates an authentication key based on the reception sensitivity pattern The authentication system according to claim 1, wherein:   3. The authentication system according to claim 2, wherein the reception sensitivity pattern is determined by a predetermined number of transmission stations and reception sensitivity of the transmission radio wave in order of good reception sensitivity.   The authentication system according to claim 3, wherein the reception sensitivity pattern is registered in the pattern registration unit so that the reception sensitivity analyzed by the reception information analysis unit has a predetermined allowable range.   The authentication system according to any one of claims 2 to 4, wherein the pattern registration unit is configured to be able to register a plurality of reception sensitivity patterns registered at different locations. In the authentication unit having a lock function that sends the authentication key to the lock target device and makes the lock target device available,
The authentication unit includes a pattern registration unit for registering information related to position information indicating a place where the lock target device is normally used, and an authentication key generation unit.
The authentication unit is characterized in that the authentication key generation means generates an authentication key based on information related to the position information registered in the pattern registration means and sends it to the lock target device.   The authentication unit further includes a receiving unit that receives radio waves from surrounding transmitting stations, a receiving information analyzing unit that analyzes the receiving sensitivity of each transmitting station and the received radio waves, and a reception sensitivity pattern that is analyzed by the receiving information analyzing unit. Pattern registration means for registration, wherein the information related to the position information is a reception sensitivity pattern registered in the pattern registration means, and the authentication key generation means generates an authentication key based on the reception sensitivity pattern The authentication unit according to claim 6, wherein:   8. The authentication unit according to claim 7, wherein the reception sensitivity pattern is determined by a predetermined number of transmitting stations and reception sensitivity of transmission radio waves in order of good reception sensitivity.   9. The authentication unit according to claim 8, wherein the reception sensitivity pattern is registered in the pattern registration unit so that the reception sensitivity analyzed by the reception information analysis unit has a predetermined allowable range.   The authentication unit according to any one of claims 7 to 9, wherein the pattern registration unit is configured to be able to register a plurality of reception sensitivity patterns registered at different locations.

Images