JP2008066804A - Video telephone device, communication system, and communication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication system for confirming that another video television device has taken measures for prevention against abuse of communication contents. <P>SOLUTION: A terminal 5 is configured so as to select communication information to be transmitted to another terminal based upon an electronic certificate sent from the other terminal when starting communication with the other terminal. Such an electronic certificate is generated by an authentication station 3, and with certificate information thereof, the terminal 5 can obtain information regarding functions that the other terminal has. When the other has an undesirable function, that can be recognized from the electronic certificate, so communication information to be transmitted can be limited based upon the electronic certificate, so that an operator can prevent the communication information to be transmitted from undesirably being used by the other terminal. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a communication system including a videophone device and another videophone device and a communication method thereof.

  A videophone device according to the prior art is characterized in that a caller's image can be picked up by an image pickup means, and images of communication partners can be visually recognized with each other (for example, see Patent Document 1). However, depending on the situation of the caller, there is a case where the other party does not want to see his / her own image. In order to solve such a problem, the video phone according to the first conventional technique is configured to process a captured image into a blurred image and transmit the blurred image to the other party ( For example, see Patent Document 2).

  In addition, in the second conventional technology videophone, a videophone that can inform the other party of his / her state without violating privacy is disclosed. This video phone is configured to change the size of a captured image to a desired size and transmit the image whose size has been changed to the other party. Therefore, by processing the captured image to be small, it becomes difficult for the other party to see the details of the image. As a result, privacy can be protected and the user's own image can be transmitted to the other party (see, for example, Patent Document 3).

  Further, when a telephone call is made using a videophone device, if the display means for displaying the other party is viewed by a third party, the other party's privacy may be infringed. In order to solve such a problem, the display device of the third conventional technique includes a surface light source, two polarizing plates, and a twisted nematic liquid crystal cell sandwiched between the polarizing plates. With this configuration, light emitted radially from the surface light source is converted into linear light by passing through the two polarizing plates and the twisted nematic liquid crystal cell. Therefore, the image displayed by the display device can be viewed only from a specific direction. Therefore, an image displayed on the display device can be prevented from being undesirably removed from a third party (see, for example, Patent Document 4).

JP 2004-165949 A JP 2001-169257 A Japanese Patent Laid-Open No. 2003-143666 Japanese Patent Laid-Open No. 5-108023

  In the conventional videophone apparatus as described above, even if the image information and audio information transmitted to the communication partner are encrypted on the call path, the encrypted data is decrypted and reproduced at the partner terminal. Will be. Therefore, if the counterpart terminal is not provided with any countermeasure, the contents of the call may be easily recorded and undesirably disclosed to a third party.

  Further, there is a possibility that a third party performs some kind of device on the other party terminal, and the contents of the call are recorded without the knowledge of the other party, which can be abused. In such a case, even if the caller is careful, there is a risk that he / she may suffer damage due to negligence and carelessness of the other party.

  In order to mitigate such damage, as described above, protection technology has been disclosed in which call information is blurred and a part of one's own information is concealed and transmitted to the other party. If the protective function is always used during a call, the original convenience of the videophone that sends your image and voice to the other party will be significantly impaired, and such a protective function will be activated only when necessary. However, there is no standard for the caller to determine when the protection function should be activated.

  Accordingly, an object of the present invention is to provide a videophone device, a communication system, and a communication method for confirming that other videophone devices are taking measures to prevent abuse of the contents of a call.

The present invention is a communication system including a videophone device capable of communicating communication information including at least image information and audio information with another videophone device, and an authentication device for authenticating the other videophone device,
The authentication device includes a generation unit that generates authentication information corresponding to a function of another videophone device,
The videophone device includes:
Communication means for communicating authentication information and communication information with other videophone devices;
Selection means for selecting communication information to be transmitted to another videophone device based on authentication information transmitted from the other videophone device when communication with the other videophone device is started;
And a control unit that controls the communication unit to transmit the communication information selected by the selection unit to another videophone device.

In the present invention, the authentication device comprises:
An authentication communication means for transmitting information relating to the authentication information to the videophone device;
The videophone device includes:
Further comprising authentication means for authenticating authentication information transmitted from another videophone device based on information relating to authentication information transmitted from the authentication device;
The communication means can communicate with an authentication device;
The selection unit selects communication information to be transmitted to another videophone device based on an authentication result of the authentication unit.

Furthermore, the present invention is characterized in that the authentication information includes a public key.
Furthermore, the present invention is the videophone device described above,
The selection means includes a processing unit that processes image information or audio information transmitted to another videophone device,
The selection means is a videophone device that selects information processed by the processing unit as communication information to be transmitted to another videophone device.

  Furthermore, the present invention is characterized in that the communication information includes command information for commanding an operation of another videophone device.

Furthermore, the present invention is a communication method between a videophone device and another videophone device,
A step of generating authentication information corresponding to the function of another videophone device;
When the videophone device and another videophone device start communication, the videophone device receives authentication information from the other videophone device; and
And a step of selecting communication information to be transmitted from the videophone device to another videophone device based on the received authentication information.

  According to the present invention, when starting a communication with another videophone device, the videophone device selects communication information to be transmitted to the other videophone device based on the authentication information transmitted from the other videophone device. Configured to do. Such authentication information is generated by the authentication device, and the video phone device can acquire information related to the functions of other video phone devices based on the authentication information. Therefore, when another videophone device has an undesired function, it can be recognized based on the authentication information, so that communication information to be transmitted based on the authentication information can be limited. As a result, the operator can prevent the communication information to be transmitted from being undesirably used by another videophone device.

  According to the present invention, the authentication device can transmit information related to authentication information to the videophone device. The videophone device authenticates the authentication information transmitted from another videophone device based on the information related to the authentication information transmitted from the authentication device, and selects the communication information based on the authentication result. Therefore, even if the authentication information of another videophone device is processed undesirably, the videophone device can authenticate whether or not it is processed, so that the reliability of the authentication information can be improved. it can. Accordingly, the videophone device can select communication information to be communicated based on authentication information with high reliability.

  Further, according to the present invention, since the authentication information includes the public key, the authentication information can be encrypted with the public key and decrypted with the corresponding private key. This can prevent the authentication information from being undesirably leaked to a third party on the communication path.

  Further, according to the present invention, the selection means selects information processed by the processing unit as communication information, so that the processed information is transmitted to other videophone devices. Thus, the operator can easily prevent the communication information to be transmitted from being undesirably used by another videophone device.

  Further, according to the present invention, since the communication information includes command information for commanding the operation of another videophone device, the operator can command the operation of the other videophone device. As a result, other videophone devices can be remotely operated, so that it is possible to reliably prevent the communication information transmitted by the operator from being used undesirably by other videophone devices. .

  Further, according to the present invention, when the videophone device and another videophone device start communication, the videophone device transmits to the other videophone device based on the authentication information transmitted from the other videophone device. Select the communication information to be used. Since such authentication information is information related to the functions of other videophone devices, if the other videophone devices have an undesired function, they can be recognized based on the authentication information. Therefore, communication information to be transmitted can be limited based on the authentication information. As a result, the operator can prevent the communication information to be transmitted from being undesirably used by another videophone device.

  Hereinafter, a plurality of embodiments for carrying out the present invention will be described with reference to the drawings. Portions corresponding to the matters described in the preceding forms in each embodiment are denoted by the same reference numerals, and overlapping description may be omitted. When only a part of the configuration is described, the other parts of the configuration are the same as those described in the preceding section. Not only the combination of the parts specifically described in each embodiment, but also the embodiments can be partially combined as long as the combination does not hinder. The start condition of each flowchart is not necessarily limited to the described start condition.

  FIG. 1 is a simplified block diagram showing a communication system 1 according to an embodiment of the present invention. The communication system 1 includes an authorized organization 2, a certificate authority 3, and a videophone terminal manufacturer 4. A videophone terminal manufacturer (hereinafter sometimes referred to as “maker”) 4 manufactures a videophone terminal (hereinafter also referred to as “terminal”) 5. The manufacturer 4 is realized by three first to third videophone terminal manufacturers 4a to 4c in the present embodiment. The first manufacturer 4a manufactures the first videophone terminal 5a, the second manufacturer 4b manufactures the second videophone terminal 5b, and the third manufacturer 4c manufactures the third videophone terminal 5c. Each manufacturer 4a to 4c receives the certification from the certification body 2 for the safety of the video phone terminals 5a to 5c that it manufactures, and as a result, the electronic certificate as the authentication information issued from the certificate authority 3 is received from the video phone terminals 5a to 5c. It is mounted and manufactured so as to be built in each 5c.

  Each of the videophone terminals 5a to 5c is configured to be able to communicate with other communication devices having a videophone function, such as other videophone terminals 5a to 5c, at least communication information including image information and audio information. In each of the videophone terminals 5a to 5c, an electronic certificate issued by the certificate authority 3 and a corresponding private key are embedded.

  Each of the video phone terminals 5a to 5c is certified by the certification body 2 for the safety of the communication content abuse prevention function in addition to the configuration for the video phone function, and the electronic certificate issued from the certification authority 3 according to the certification. Is built into the main unit. The incorporation of an electronic certificate in the main body means that the public key is digitally signed by the certificate authority 3 for the public key and private key pair by the public key cryptosystem, and the private key and the digitally signed public key are It is to be recorded on a non-volatile memory chip constituting the terminals 5a to 5c so that it can be used for digital authentication processing.

  The authentication station 3 includes authentication communication means and can communicate with the videophone terminals 5a to 5c. The certificate authority 3 issues and manages an electronic certificate that certifies the result of the authorization. The certificate authority 3 receives a request from the certification authority 2, applies a digital signature to the requested public key, and issues the digital certificate to each manufacturer 4a to 4c. In addition, when the terminals 5a to 5c actually make a call, the certificate authority 3 verifies whether the public key transmitted from the partner terminal is a fake, based on the digital signature, and the issued certificate is revoked. It is used to check if it is not. The certificate authority 3 is information related to the electronic certificate, and can transmit a public key corresponding to the secret key used for the digital signature by the certificate authority 3 to each of the terminals 5a to 5c upon request.

  The accreditation body 2 functions as a generating means for generating an electronic certificate corresponding to the function of each of the video phone terminals 5a to 5c manufactured by each manufacturer 4a to 4c, and is equipped with functions such as certain abuse prevention measures. Are guaranteed by the manufacturers 4a to 4c. The certification authority 2 issues an electronic certificate issued by the certificate authority 3 for each of the video phone terminals 5a to 5c manufactured by each manufacturer 4a to 4c based on an application from each manufacturer 4a to 4c. Therefore, the certification body 2 has a function as an authentication device for authenticating the videophone terminal 5.

  The accreditation body 2 is entrusted by the manufacturer 4 and determines the terminal 5 manufactured by the manufacturer 4 according to a predetermined standard regarding the safety against the abuse prevention function of the content of the call, and the terminal 5 is safe. When it is certified, it requests the certificate authority 3 to issue an electronic certificate to the manufacturer 4. For example, the following criteria can be considered as a standard for the certification authority 2 to determine that the terminal 5 is safe against abuse of the call content.

  (1) Whether or not a function for transmitting the detailed specifications of the device of the terminal 5 on the own side to the partner terminal 5 is installed so that the partner can know what kind of terminal 5 the user is talking on.

  (2) Whether or not the terminal 5 is provided with a terminal for outputting images and sounds to the outside. In other words, whether video and audio can be recorded by connecting to an external recording device.

  (3) Whether or not the terminal 5 is provided with an external output terminal for images and sounds, but is equipped with a function that the output signal is encrypted and can be reproduced only by a specific device. Or? Or whether the copy guard signal is superimposed on the output signal and cannot be recorded.

  (4) A wide-angle camera that captures images around the terminal 5 is mounted on the main body, and the captured video can be transmitted to the other party's videophone terminal. When there is a suspicious person around, the other party can determine Whether such functions are installed.

  (5) Information related to the volume of the sound output from the terminal 5 can be transmitted to the other party's videophone terminal, and can be determined by the other party when it is output at a volume that can be heard around. Whether such functions are installed.

  (6) Whether or not a function for limiting the viewing angle is mounted on a display for displaying an image so that a caller cannot view the call image.

  (7) Whether or not the user can easily modify the device after the terminal 5 is manufactured or whether a function capable of detecting the modification is installed.

  When videophone communication is performed between the videophone terminals 5a to 5c of the manufacturers 4a to 4c according to these criteria, the certification authority 2 exchanges the electronic certificate and confirms the signature of the certificate authority 3 prior to the call. You can start a call after confirming that you are certified.

Next, the videophone terminal 5 manufactured by the manufacturer 4 constituting the communication system 1 will be described. FIG. 2 is a block diagram showing an electrical configuration of the videophone terminal 5 and a simplified block diagram showing a communication network including the videophone terminal 5. The videophone terminal 5 shown in FIG. 2 is a configuration of the videophone terminal 5 used in an Internet videophone system configured on an IP network, for example. Each videophone terminal 5 is connected to the Internet via a line termination device 6. Various servers are connected to the Internet according to the purpose. In this embodiment, a session initiation protocol (Session Initiation Protocol) is used.
: SIP) server 7 is connected.

The line termination device 6 is a device for connecting each videophone terminal 5 to a network. The SIP server 7 is a server on the Internet used when the terminal 5 performs call control by SIP. The SIP server 7 is pre-registered with information of each terminal 5 and is used for specifying the connection partner terminal 5 on the network. The videophone terminal 5 includes an input unit 8, an output unit 9, an operation unit 10, a cryptographic processor 11, a network controller 12, a tamper sensor 13, a storage unit 14, and a main central processing unit (Central
Processing Unit (abbreviated as CPU) 15 is configured.

  The input unit 8 includes an imaging unit that captures an image, a sound acquisition unit that acquires surrounding sounds, and an encoder 16 that encodes information acquired by each unit. The input unit 8 is electrically connected to each unit such as the main CPU 15 via the bus 17 and gives input information to the main CPU 15. The imaging means is realized by the camera 18 and the auxiliary camera 19, for example. The camera 18 captures an image of the caller. The auxiliary camera 19 images the periphery of the terminal 5, for example. The auxiliary camera 19 can capture an image for the connection partner terminal user to check whether there is no suspicious person around the terminal 5 or whether there is a suspicious device installation state. Therefore, the auxiliary camera 19 can capture an image of the periphery at a wide angle with the terminal 5 main body as the center, and is realized by a panorama camera module or the like that can capture the entire periphery of 360 degrees at a time. The sound acquisition means is realized by the microphone 20, for example. The microphone 20 acquires the voice uttered by the caller.

  The encoder 16 is a processor that compresses and encodes an input image and sound and converts it into an image and sound stream. In this embodiment, a configuration using a high-performance single processor that directly processes image input and audio input to generate a stream is considered. In practice, this compression encoding processing is performed by software in the main CPU 15, or image and audio are processed. Only packetization processing for generating a stream may be performed by software in the main CPU 15.

The output unit 9 includes an audio output unit that outputs audio, an image output unit that outputs an image, and a decoder 21 that decodes information provided from each unit. The output unit 9 is electrically connected to each unit such as the main CPU 15 via the bus 17 and outputs information stored in the storage unit 14. The decoder 21 is a processor that decodes the compression-coded video / audio stream received from the counterpart terminal 5 and outputs the video and audio to the video output signal and voice output means, respectively. In this embodiment, image output and audio output are directly output to an output device, and in addition to a call image, a graphical user interface for terminal operation (
Consider a configuration that uses a single processor with a high function that has a frame buffer that displays Graphical User Interface (GUI) (abbreviation GUI) and can superimpose it, but in reality, these functions can be configured with separate processors. The main CPU 15 may perform software processing.

  The image output means is realized by the built-in display 22, the image external output terminal 23, and the external display 24. The built-in display 22 displays an image from the counterpart terminal or displays a GUI for a user to perform an operation. The image external output terminal 23 is an output terminal for outputting an image output signal from the decoder 21 to an external device. The image external output terminal 23 is realized by, for example, a digital signal output terminal when an encrypted digital image signal is output from the decoder 21 and an analog signal output terminal when an analog image signal is output from the decoder 21. . The external display 24 can be connected to the image external output terminal 23 with a cable or the like, and displays an image based on a given image signal.

  The sound output means is realized by the built-in speaker 25, the sound external output terminal 26, and the external speaker 27. The built-in speaker 25 outputs sound from the counterpart terminal. The audio external output terminal 26 is an output terminal for outputting an audio output signal from the decoder 21 to an external device. The audio external output terminal 26 is realized by, for example, a digital signal output terminal when an encrypted digital audio signal is output from the decoder 21 and an analog signal output terminal when an analog audio signal is output from the decoder 21. . The external speaker 27 can be connected to the audio external output terminal 26 with a cable or the like, and outputs audio based on a given audio signal.

  The operation unit 10 can input information for instructing the operation of each unit when operated by the user, and provides the input operation information to the main CPU 15 via the bus 17. The operation unit 10 includes an operation button 28 and a remote control light receiving unit 29. When the user presses the operation button 28, for example, the telephone number of the partner terminal can be dialed, and the operation cursor displayed on the GUI screen can be moved and determined. The remote control light receiving unit 29 receives infrared rays from the remote control when the main body operation is performed using a remote control device (not shown) attached to the terminal 5 without using the operation buttons 28. The remote control light receiving unit 29 gives operation information based on the received infrared rays to the main CPU 15.

  The network controller 12 is a communication unit that communicates with other terminals various information such as electronic certificate, audio information, and image information via the network, and is a physical interface for connecting to the network. Device. The network controller 12 is realized by, for example, a network controller connected to the Ether net and a wireless LAN controller connected to the wireless LAN. The tamper sensor 13 is a sensor for detecting the disassembly of the casing and the like and detecting that the device has been tampered with. The tamper sensor 13 provides the detected information to the main CPU 15 via the bus 17.

  The storage unit 14 is a storage unit that stores various types of information, and includes a program storage memory 30, a work memory 31, and a setting information storage nonvolatile memory 32. The program storage memory 30 is connected to each unit via the bus 17 and stores programs executed by the main CPU 15. The program storage memory 30 is realized by a nonvolatile storage device such as a flash memory and a hard disk drive (abbreviated as HDD). The program storage memory 30 stores a setting program 33, a call connection procedure processing program 33, a device control program 35, an image / sound processing program 36, and a videophone application program 37.

  The setting program 33 is a database program for setting individual setting information for each user and connection information of the other party. Information set by the setting program 33 is written and stored in the setting information storage nonvolatile memory 32. The call connection procedure processing program 33 is a program for performing call control such as outgoing and incoming calls. In the Internet videophone system, call control is performed by performing communication processing according to a protocol such as SIP.

  The device control program 35 controls each device connected to the main CPU 15. For example, the device control program 35 controls the encoder 16 and the decoder 21, controls the network controller 12, outputs the OSD screen to the display, and detects the tamper sensor 13 based on operation information from the operation buttons 28 and the remote control light receiving unit 29. I do. The device control program 35 also collects and generates device information to be sent to the other party. Device information to be sent to the other party may be written in advance in the nonvolatile memory 32 for storing setting information in the setting information storage nonvolatile memory 32 and read and used when communicating with the other party terminal. The connected devices may be collected each time a call is made and the information may be sent to the partner terminal. At this time, the device information read from the I / O through the bus 17 is preferably not encrypted as it is, but is encrypted between the main CPU 15 to be read and the device to be read. By configuring in this way, it is possible to prevent the terminal 5 from being abused by modifying the device at the component level. Collecting device information and sending it to the partner terminal 5 is detected not only at the start of the call but also in real time during the call, and if the device configuration changes during the call, the device configuration is changed to the partner terminal 5 at that time By notifying the fact that it has been made and the new device configuration, it is possible to cope with a case where the device configuration is changed maliciously after the call is started, which is highly convenient.

  The image / sound processing program 36 has a function as a processing unit, and processes the image information and sound information transmitted to the partner terminal 5 to make the image unclear or superimpose the partner's personal information on the image. This is a program for making it difficult for the terminal 5 to abuse the contents of the call. Such processing is not necessarily performed by software, and for example, a processor that performs equivalent processing may be provided in the apparatus.

  The videophone application program 37 integrates the above-described programs and operates as the videophone terminal 5 as a whole, and executes auxiliary applications such as a telephone book application when making a call and a setting application when setting the terminal 5 for user operation. It is a program that performs screen switching and GUI display accordingly.

  The work memory 31 is a temporary memory that is used as a work area when executing each program or temporarily buffers data that has been encoded and decoded. The setting information storage non-volatile memory 32 is a non-volatile memory that stores user-specific setting information, connection information of a connection partner, and the like. The setting information storage nonvolatile memory 32 stores the electronic certificate. Therefore, the setting information storage nonvolatile memory 32 stores a secret key corresponding to the public key that has been signed by the certificate authority 3.

  The cryptographic processor 11 is an authentication unit that authenticates the electronic certificate transmitted from the counterpart terminal based on the public key transmitted from the certificate authority 3. The cryptographic processor 11 decrypts the encrypted information encrypted using the public key, using the secret key stored in the setting information storing nonvolatile memory 32. The cryptographic processor 11 is electrically connected to each part such as the main CPU 15 via the bus 17 and provides the decrypted information to the main CPU 15 and the like.

  The main CPU 15 controls each connected unit by executing a program stored in the program storage memory 30. Further, the main CPU 15 has a function as a selection unit, and selects communication information to be transmitted to another terminal based on an electronic certificate transmitted from the other terminal when communication with the other terminal is started. Here, selection of communication information means selection of presence or absence of transmission of, for example, image information and audio information included in the communication information, or selection of processed information. Further, the main CPU 15 has a function as a control unit, and controls the network controller 12 to transmit selected communication information to another terminal.

  Next, the operation of the videophone terminal 5 will be described using a flowchart. The operation of each flowchart is performed by the main CPU 15. FIG. 3A is a flowchart showing call control processing by the CPU of the first videophone terminal 5. FIG. 3B is a flowchart showing call control processing by the CPU of the second videophone terminal 5. In this flowchart, the first videophone terminal 5 (hereinafter also referred to as “terminal A”) is the videophone terminal 5 equipped with the abuse prevention function, and the second videophone terminal 5 (hereinafter referred to as “terminal A”). Terminal B ”may be a videophone terminal 5 that confirms the abuse prevention function of the communication partner. In this flow, a description will be given by distinguishing between the terminal A on which the abuse prevention function is installed and the terminal B on the side that confirms the other party's abuse prevention function, but in reality one terminal 5 has both functions. It does not matter.

  This flow is started in step a1 and step b1. Step a1 and step b1 are steps for performing call control processing. In this embodiment, SIP is used as a call control protocol. Either terminal A or terminal B is the caller, and the other is the callee. The videophone terminal 5 on the outgoing side performs outgoing call processing according to the call connection procedure processing program 33 stored in the program storage memory 30 for the incoming side. The receiving terminal 5 that has received a connection via the SIP server 7 performs an incoming call process according to the call connection procedure processing program 33 stored in the program storage memory 30, and the connection between the terminals 5 is established. When the connection is established, the process proceeds to step a2 and step b2, respectively.

  Steps a2 and b2 are steps in which the terminal B confirms that the terminal A is a terminal that has been certified by the certification body 2. In step a2, terminal A transmits the public key and the electronic certificate signed by certificate authority 3 to terminal B, and proceeds to step a3. In step b2, terminal B receives the public key and the electronic certificate, and proceeds to step b3. In step b3, the terminal B confirms the signature with the public key of the certificate authority 3 that has separately obtained the received electronic certificate, and confirms that the electronic certificate is definitely signed by the certificate authority 3. If it is a regular electronic certificate, the process proceeds to step b4. If it is not a regular electronic certificate, the process proceeds to step b10. When authenticating in step b3, for example, the public key of the certificate authority 3 may be obtained from the repository server each time, the certificate may be verified with the obtained key, and the public key of the certificate authority 3 may be obtained in advance. The electronic certificate may be verified with the public key stored in the terminal B.

  In step b4, since the electronic certificate is legitimate, terminal B encrypts the random information generated by its own terminal 5 with the public key of terminal A, and proceeds to step b5. In step b5, the encrypted encryption information is transmitted to terminal A, and the process proceeds to step b6. In step a3, the terminal A receives the encryption information from the terminal B, and proceeds to step a4. In step a4, the received encryption information is decrypted by the cryptographic processor 11 using the secret key, and the process proceeds to step a5. In step a5, the decrypted information is transmitted to terminal B again, and the process proceeds to step a6.

  In step b6, the terminal B receives the decoding information from the terminal A, and moves to step b7. In step b7, it is determined whether or not the terminal B originally matches the random information generated in step b4. If they match, the process proceeds to step b8. If they match, it can be confirmed that the terminal A is a legitimate owner of the public key holding the secret key. If they do not match, the terminal A of the call partner is not recognized as a valid terminal, and the process moves to step b10.

  Step a6 is a step of confirming whether the terminal A has been tampered with. In step a6, the terminal A electrically detects that the casing of the terminal A has been disassembled in the past based on the information detected by the tamper sensor 13, and proceeds to step a7. By this step a7, the user of the terminal A can be prevented from improperly modifying the terminal 5 and transmitting false information to the terminal B.

  In step a7, the terminal A transmits information to the terminal B for reference to the other party regarding the abuse prevention of the call for the terminal A, and then proceeds to step a8. In step b8, the information regarding the prevention of abuse transmitted from the terminal A is received, and the process proceeds to step b9.

  In step b9, the information of the partner terminal A received from the terminal A is displayed on the built-in display 22 of the terminal B, and the process proceeds to step b10. FIG. 4 is a diagram illustrating an example of the image displayed in step b9. As shown in FIG. 4, detailed information of each part is displayed. The user of terminal B looks at this display content and determines whether or not the call with partner terminal A is safe.

Various information regarding the prevention of misuse transmitted from the terminal A to the terminal B in step a7 can be considered. For example, there is the following information.
(A) Information relating to the image display device of the terminal A (b) Information relating to the audio output device of the terminal A (c) If the terminal A includes the image external output terminal 23, information relating to its output format (d) Information regarding the output format when the audio external output terminal 26 is provided (e) Information regarding the output volume being output by the terminal A

  Among these pieces of information, as information related to the image display device of terminal A in (a), for example, terminal A is a display-integrated type, or a display separation type in which an image is displayed on external display 24 by image external output terminal 23. There is information about whether there is. This is because, in the case of the display separation type, the positional relationship at the time of installation of the device can be freely set compared to the display integrated type, so that the state of the image on the terminal A side for the speaker of the terminal B who is the call partner This is important information because it is difficult to determine whether the call is displayed and there is anxiety about the safety that the content of the call is not abused. When the display is a separation type, the display model ID may be acquired via the connection cable for the external display 24 connected to the image external output terminal 23, and the display information may be obtained based on this.

  Another example is the screen size of the display. As for the screen size of the display, when the screen is large, the detailed image is clearly displayed because the own image is greatly enlarged and displayed for the speaker of the terminal B who is the call partner. In addition, it is easy to look into the surrounding people, or to install a video camera at a position where the speaker of the terminal A cannot be seen by the speaker of the terminal B and record while hiding the display screen. This is therefore important information.

  As yet another example, there is information on whether or not the built-in display 22 of the terminal A has display viewing angle control. If the built-in display 22 has a viewing angle control function, this is important information because it is easy to limit the viewing angle of a call so that the screen cannot be viewed by anyone other than the calling party. Further, when the external display 24 is connected to the terminal A, information on the presence / absence of the viewing angle control function can be given as in the built-in display 22.

  As information regarding the audio output device of terminal A in (b), for example, the audio output of a call is output from the built-in speaker 22 or output from headphones or an external speaker 27 connected to the audio external output terminal 26. Information. When the signal is output from the external speaker 27, it is impossible for the speaker of the terminal B who is the communication partner to determine at what position the speaker is installed on the partner side, This is important information because there is a possibility that it is installed in a position where it can be heard by a third party, and there is concern about the safety of the contents of the call not being abused.

  In the case where the terminal A in (c) is provided with the image external output terminal 23, the information regarding the output format includes, for example, information indicating whether the output signal has a security technique such as encryption. If no measures are taken on the output signal, the call contents may be easily recorded by connecting the output as it is to a commercially available recording device or the like. If the output signal is a digital image signal that has been encrypted with the external display 24, or if it is an analog image signal on which a copy protection signal is superimposed, there is some relief for the terminal B speaker. This information is important.

  In the case where the terminal A in (d) includes the audio external output terminal 26, the information regarding the output format includes, for example, information on whether the audio signal to be output has a security technique such as encryption. If no measures are taken on the audio signal, there is a possibility that the content of the call can be easily recorded by connecting the output to a commercially available recording device as it is. If the audio signal is a digital audio signal that has been encrypted with an external playback device, it is somewhat safe for the speaker at terminal B and this information is important.

  As an example of the information related to the output volume being output by the terminal A in (e), information on the output volume at the terminal A can be cited. If the output volume is set to a large value, the speaker at terminal B may be speaking at a low volume, but the other party may be able to output at a loud volume that can be heard by the people around him. Is important.

  Referring to FIG. 3 again, in step b10, when it is determined in step b3 and step b7 described above that the electronic certificate is not authentic, and based on the information displayed in step b9, The user of terminal B is prompted to determine whether or not to continue the connection. FIG. 5 is a diagram illustrating an example of an image displayed in step b10. When it is determined that the counterpart terminal A that is going to make a call is a terminal 5 that has not been certified by the certification body 2, an example of a user confirmation GUI screen is displayed on the screen of the terminal B. Here, when the user selects “No” by operating the main body button or the remote control button, the connection process is interrupted, and this flow is terminated without making a call with the partner terminal 5. If the user selects “Yes”, the process proceeds to step b11. When the connection is interrupted by selecting “No”, an image indicating that the connection is rejected by the terminal B can be displayed on the built-in display 22 of the terminal A. FIG. 6 is a diagram illustrating an example of an image displayed on the terminal A when the connection is interrupted.

  FIG. 7 is a diagram showing another example of the image displayed in step b10. Since the information of the partner terminal A received from the terminal A in step b9 is displayed on the built-in display 22 of the terminal B, in step b10, the user of the terminal B is prompted to determine whether or not to continue the connection. When continuing, it moves to step b11, and when interrupting connection, this flow is complete | finished. If the user of terminal B is suspicious of counterpart terminal A in the content of information transmitted from terminal A (see FIG. 4), the connection can be interrupted at this stage by selecting “No”.

  In step b11, the terminal B transmits a command for controlling the viewing angle of the built-in display 22 of the terminal A, and the process proceeds to step b12. Accordingly, in step b11, the communication information includes command information for commanding the operation of the terminal A, and command information for controlling the viewing angle is transmitted. FIG. 8 is a diagram illustrating an example of an operation image for viewing angle control displayed in step b11. Based on the operation image shown in FIG. 8, the user of the terminal B inputs information for operating and specifying the viewing angle to the terminal B, and the input information is transmitted to the terminal A. The terminal B can specify the viewing angle of the built-in display 22 on the terminal B side when the user finds that the built-in display 22 has the viewing angle control function from the information of the terminal A received in step b9. . In step a8, when information specifying the viewing angle is received, the viewing angle of the built-in display 22 is set according to the received information, and the process proceeds to step a9. The viewing angle setting at the terminal A is performed by controlling the built-in display 22 with the device control program 35 stored in the program storage memory 30 of the terminal A. If the viewing angle of the external display 24 can be designated, the viewing angle is controlled to be designated by the terminal B as with the built-in display 22.

  In step b12, the terminal B collates the information of the partner terminal A received from the terminal A with a predetermined condition, and if the condition is met, the image information and audio information transmitted from the terminal B to the terminal A are This is a step of automatically setting the mode so that transmission is performed after performing the processing that is the appropriate protective measure. For example, when making a call with the terminal 5 having the image external output terminal 23, the user sets in advance so as to blur the image of the call image before the call, and when the call is received from the partner terminal 5, or the partner terminal When it is determined that the counterpart terminal 5 matches this when calling 5, the mode is set so that the image is automatically smeared and transmitted at the time of image transmission. When the processing mode is set in step b12, the process proceeds to step b13. In step a7 and step b13, a connection for image and voice communication is established, and this flow ends.

  Thus, when the terminal B starts communication with the terminal A, communication information to be transmitted to the terminal A is selected in step b12 based on the electronic certificate transmitted from the terminal A. The main CPU 15 controls the network controller 12 to transmit the communication information selected in step b12 to the terminal A.

  FIG. 9 is a diagram illustrating an example of a mode setting image. In the above-described step b12, for example, when a call is made to a terminal without a call abuse prevention function, it is assumed that the call image and sound from here can be abused. As shown in FIG. The presence or absence of blurring and partner information superimposition is individually set to prevent misuse. Further, for example, in the case of an individual terminal such as a terminal having a recordable image output terminal, the above-described protective measures can be individually set. Therefore, when it is determined that the counterpart terminal has the image external output terminal 23, the user can select and set a protective measure corresponding to the possibility that the call image may be recorded on the counterpart side. .

After such a protective measure is taken, the call is started in step a9 and step b13 as described above, so the call image and sound transmitted from terminal B to terminal A are automatically set in step b12. Processing is performed and transmitted based on the mode for the protective action taken. Alternatively, regardless of the automatically set mode, the user may be able to manually switch on or off the application of the processing process at an arbitrary timing by operating the operation button 28 and the remote control button of the terminal B.
Examples of such protective measures for the call image and voice include (i) blurring of the call image (ii) blurring of the call voice (iii) superimposition of arbitrary information on the call image.

  Among these protective measures, (i) as a call image blurring, for example, an image filter that performs mosaic processing on the image in block units of a certain size is passed and this blurry image is transmitted to the partner terminal. Protect the privacy of those who FIG. 10 is a diagram illustrating an example of a normal call image that has not been processed such as blurring. As shown in FIG. 10, hereinafter, in the figure showing the call image, the image of the caller or the receiver is simplified and shown in a diagram for easy understanding. FIG. 11 is a diagram illustrating an example of a call image obtained by performing mosaic processing on the call image of FIG. As shown in FIG. 10, when a call is established between the terminal A and the terminal B in step a9 and step b13, if no protective measures need to be taken, the image captured by the terminal B is directly transmitted to the terminal A. The image of the speaker of the terminal B is displayed on the built-in display 22 of the terminal A.

  If it is necessary to take protective measures at step a9 and step b13, when a call is established between terminal A and terminal B, it is stored in the program storage memory 30 on the terminal B side as shown in FIG. The image that has been subjected to the call image blurring process by the image / sound protection processing program 36 is transmitted to the terminal A, and is displayed on the built-in display 22 of the terminal A. If the image to be transmitted is subjected to mosaic processing and is blurred, for example, even if the content of the call may be misused by the other party, it is transmitted to the other party in a state where information such as his / her personal phase cannot be specified. Therefore, it is possible to prevent the user's own image from being undesirably leaked to a third party.

  (Ii) As the call voice is smeared, the voice of the frequency component of the voice is passed through a voice filter so that the voice of the speaker cannot be specified and transmitted to the partner terminal, thereby protecting the speaker's privacy. In the case of processed voice, for example, even if the content of a call may be misused by the other party, it is transmitted to the other party with information that cannot identify who the voice is. It is possible to prevent leakage to three parties.

  (Iii) As the superimposition of arbitrary information on the call image, it is effective for preventing misuse of the call to transmit the call partner's identity information superimposed on the call image. FIG. 12 is a diagram illustrating an example of an image in which information of a call recipient is superimposed on a call image. As shown in FIG. 12, when an image from the terminal B is sent to the terminal A, the identity information of the calling party is converted into the calling image by the image / sound protection processing program 36 stored in the program storage memory 30 on the terminal B side. The superimposition process is performed, and the image is transmitted to the terminal A and displayed on the built-in display 22 of the terminal A.

  FIG. 13 is a diagram illustrating an example of an image in which an image of a call recipient is superimposed on a call image. As shown in FIG. 13, the arbitrary information to be superimposed is a call image from the other party. The identity information as shown in FIG. 12 is valid only when the identity information of the other party is known in advance, but if a call image from the other party is used, the other party's face is used as a substitute for the identity information to prevent abuse. Can be power. The real-time image of the other party during the call may be superimposed, or the moment when the face is clearly reflected may be manually captured as a still image and the image superimposed.

  FIG. 14 is a diagram illustrating an example of an image in which a map indicating the current position of the call recipient is superimposed on the call image. As shown in FIG. 14, the arbitrary information to be superimposed is the position information of the terminal of the other party. Such position information can be realized when a position identification function such as a Global Positioning System (abbreviated as GPS) is installed in the counterpart terminal. Even if such position information is superimposed and transmitted, it is effective as a deterrent to image abuse. In this case, since the location information is not spoofed by the other party, it is necessary to perform authentication by public key cryptography and device alteration detection together with other information.

  By superimposing such arbitrary information, for example, even if the content of the call is recorded and leaked and disclosed to a third party, the identity information of the other party will also be released at the same time. This is a deterrent to the other party against misusing the contents of the call. These protective measures may be set in advance according to information from the counterpart terminal 5, and the information of the counterpart terminal 5 may be confirmed at the time of connection and automatically applied.

  Further, when the identity information is displayed on the other party's built-in display 22 as described above, the content to be displayed can be input by the user of the terminal B using a character input device such as the operation button 28 and the remote control button. Is preferred. FIG. 15 is a diagram illustrating an example of an image in which information to be displayed to the other party is set. As shown in FIG. 15, the content displayed on the other party display can be input using terminal B. FIG. 16 is a diagram showing an example of an image showing a telephone directory of the videophone application program 37 stored in the program storage memory 30. As shown in FIG. As shown in FIG. 16, the user of the terminal B can easily select one of the phone book data registered in advance by the user at the time of outgoing call, but can send the detailed information registered at this time to the other party. The content may be displayed on the side display. Thus, when a call with the terminal A is established, information extracted from the registration data of the phone book application is displayed on the built-in display 22 of the terminal A.

  FIG. 17 is a diagram illustrating an example of a screen for setting contents to be displayed on the counterpart display. As shown in FIG. 17, the content displayed on the other party's display is different from the information in the phone book, and the user can freely register some candidates in advance and which can be displayed at the time of establishment of the call You may make it selectable.

  When it is determined in step b8 described above that the auxiliary terminal 19 is equipped with the auxiliary camera 19, the auxiliary camera 19 is displayed on the screen of the terminal B together with the image taken by the main camera 18 of the opponent terminal A. It is recommended to display the images taken with. FIG. 18 is a diagram illustrating an example of an image displayed when the auxiliary camera 19 is mounted. As shown in FIG. 18, the auxiliary camera 19 is preferably a camera that can shoot at a wide angle, preferably a panoramic camera that can simultaneously shoot 360 ° around the terminal 5, and the user confirms the image from the auxiliary camera 19 to confirm the other party. The periphery of the terminal 5 can be visually recognized. As a result, if there is a suspicious person around the counterpart terminal 5 or a suspicious device is installed, the call can be interrupted, or the call can be continued by manually applying the above-mentioned protective measures to the call image and voice. .

  When the sound transmitted from the speaker of terminal B is output from the speaker of terminal A, it is picked up by the microphone 20 on the terminal A side, the volume is measured, and the information is transmitted to terminal B. You may comprise so that a level display (refer FIG. 18) may be carried out on a display screen. This is convenient for the speaker of the terminal B to know how loud his / her voice is being output at the partner terminal A and to check whether the call has been heard around. At this time, if the volume of the other speaker's voice is also measured with the microphone 20 on the other party's terminal A side, and the volume information is similarly transmitted to the terminal B and displayed on the screen of the terminal B, Can be compared with the volume at which the other terminal A is playing back, and the output volume at the other terminal A can be grasped intuitively. This makes it possible to intuitively determine the volume of the voice that the user utters when talking about content that the surroundings do not want to be known.

  When the device configuration of the terminal A changes during a call, the terminal B may be notified of the change of the device configuration and the new device configuration. These processes can be realized by the same processes as the above-described step a6 and steps b8 to b10. By detecting the change in the device configuration even after the call is established in this way, it is possible to detect a malicious modification after the start of the call.

  When a physical modification of the own terminal 5 is detected in step a6, the detected information is controlled to be transmitted to the terminal B. However, the present invention is not limited to this, and the modification is periodically detected to detect the modification. Then, when the call control process is started, the modified terminal may perform control so as not to transmit the electronic certificate to the call partner terminal. Since the modified terminal is handled in the same manner as a terminal that is not authenticated by the other party's terminal, communication from the other party terminal 5 can be automatically rejected. Thereby, the safety of the communication partner terminal 5 can be ensured.

  As described above, in the communication system 1 according to the present embodiment, when the terminal 5 starts communication with another terminal, the communication transmitted to the other terminal based on the electronic certificate transmitted from the other terminal. Configured to select information. Such an electronic certificate is generated by the certificate authority 3, and the terminal 5 can obtain information on functions provided to other terminals by this authentication information. Therefore, when another terminal has an undesired function, it can be recognized based on the electronic certificate, so that communication information to be transmitted based on the electronic certificate can be limited. Thereby, the operator can prevent the communication information to be transmitted from being undesirably used by another terminal.

  In the present embodiment, the certificate authority 3 can communicate with the terminal 5 and can transmit a public key corresponding to the electronic certificate to the terminal 5. The terminal 5 authenticates the electronic certificate based on the public key transmitted from the certificate authority 3, and selects communication information based on the authentication result. Therefore, even if the electronic certificate of another terminal is processed undesirably, the terminal 5 can authenticate whether or not the electronic certificate is processed, so that the reliability of the electronic certificate can be improved. . As a result, the terminal 5 can select communication information to be communicated based on a highly reliable electronic certificate.

  Furthermore, in the present embodiment, since the electronic certificate includes a public key, the electronic certificate can be encrypted with the public key and decrypted with the corresponding private key. This can prevent the electronic certificate from leaking undesirably to a third party on the communication path.

  Further, in the present embodiment, since the terminal 5 can send commands for controlling the operation of other terminals, for example, command information for controlling the viewing angle and controlling the volume, the operator commands the operation of the other terminals. Can do. As a result, other terminals can be operated remotely, so to speak, it is possible to reliably prevent the communication information transmitted by the operator from being used undesirably by other terminals.

  In the above-described embodiment, the videophone device of the present invention is realized by the videophone terminal 5, but the present invention is not limited to this, and any device that can transmit communication information including voice information and image information is possible. Often, for example, an information processing terminal with a video calling function, a mobile phone with a videophone function, a mobile terminal with a videophone function, a videophone set-top box that displays an image on a home TV screen, and a public videophone It may be realized by a service.

  In the above-described embodiment, as described with reference to FIG. 3, when it is determined in step b3 and step b7 that the electronic certificate is not authentic, the user continues to connect to the user in step b10. It is determined whether or not to perform the connection, but the processing may be automatically canceled without performing such processing. As a result, the terminal 5 is automatically disconnected from the unauthenticated terminal, so that safety can be ensured.

  In the above-described embodiment, the authentication information is realized by an electronic certificate using the public key cryptosystem. However, the authentication information is not limited to the electronic certificate, and can be authenticated by other encryption methods. If it is.

  The communication system 1 according to the above-described embodiment is an example of the present invention, and may be a communication system 1A used in a public place, for example. FIG. 19 is a simplified block diagram showing a communication system 1A according to another embodiment of the present embodiment. The communication system 1A according to the present embodiment is a communication system 1A in which a videophone terminal 5A is installed in a public place or a semi-public place, and an unspecified user opens and uses the videophone terminal 5A. The communication system 1A includes a public videophone operating organization 40 in addition to the communication system 1A of the above-described embodiment.

  The public videophone operating organization 40 installs the videophone terminal 5A at a predetermined location, and opens the videophone terminal 5A to unspecified users so that it can be used according to the price. The public videophone operating organization 40 installs the videophone terminal 5A in a public place and a semi-public place such as a hotel room. The public videophone operating organization 40 maintains and manages the installation state of the terminal 5A so that the installed videophone terminal 5A cannot be easily misused by others, for example, device modification, voyeurism, and measures to prevent eavesdropping And the accreditation body 2 is accredited for the safety of the service operation status. As a result, the public videophone operating organization 40 entrusts the manufacturer 4 to manufacture the videophone terminal 5A with the built-in electronic certificate issued by the certificate authority 3, and operates the service with the manufactured terminal 5A.

  The authorized organization 2 audits the service operation status of the public videophone operating organization 40 and ensures that the content of the call on the installed videophone terminal 5A is maintained so as not to be abused. Specifically, the accreditation body 2 is entrusted by the public videophone operating organization 40, and the safety of the service operating state of the public videophone operating organization 40, for example, the installation state and the management state of the terminal 5A can be easily set by others. It is determined according to a predetermined standard whether or not it is guaranteed that the content of the call is not abused. Based on the result of the determination, the accreditation body 2 requests the certification authority 3 to issue an electronic certificate to the public videophone operating body 40 when the terminal 5A is authorized to be safe.

  As a result, when performing videophone communication with the videophone terminal 5A operated by the public videophone management organization 40, the certification organization 2 receives the certification by receiving the electronic certificate and confirming the signature of the certification authority 3 prior to the call. You can start a call after confirming that Therefore, the same operation and effect as the above-described embodiment can be achieved.

  Moreover, the terminal 5 which comprises the communication system 1 of above-mentioned embodiment is an example of this invention, Comprising: It is not limited to this. FIG. 20 is a block diagram showing the electrical configuration of another form of videophone terminal 5B and a simplified block diagram showing a communication network including the videophone terminal 5B. The terminal 5B of the present embodiment is realized by the remaining configuration excluding the auxiliary camera 19, the image external output terminal 23, and the audio external output terminal 26 from the terminal 5 constituting the above-described embodiment. Therefore, terminal 5B according to the present embodiment does not have a function of outputting images and sounds to the outside. Even with such a configuration, the same operations and effects as those of the above-described embodiment can be achieved.

1 is a block diagram schematically showing a communication system 1 according to an embodiment of the present invention. FIG. 2 is a block diagram showing an electrical configuration of the videophone terminal 5 and a simplified block diagram showing a communication network including the videophone terminal 5. 4 is a flowchart showing call control processing by the CPUs of the first and second videophone terminals 5. It is a figure which shows an example of the image displayed in step b9. It is a figure which shows an example of the image displayed at step b10. 6 is a diagram illustrating an example of an image displayed on a terminal A when connection is interrupted. FIG. It is a figure which shows the other example of the image displayed in step b10. It is a figure which shows an example of the operation image of the viewing angle control displayed at step b11. It is a figure which shows an example of the image of a mode setting. It is a figure which shows an example of the normal call image which has not carried out processes, such as blurring. It is a figure which shows an example of the call image which performed the mosaic process. It is a figure which shows an example of the image which superimposed the information of the receiver of the call on the call image. It is a figure which shows an example of the image which superimposed the image of the receiver of the call on the call image. It is a figure which shows an example of the image which superimposed the map which shows the present position of the receiver of a call on the call image. It is a figure which shows an example of the image which has set the information displayed on the other party. It is a figure which shows an example of the image which shows the telephone directory of the videophone application program 37 stored in the memory 30 for program storage. It is a figure which shows an example of the screen which sets the content displayed on the other party display. It is a figure which shows an example of the image displayed when the auxiliary camera 19 is mounted. It is a block diagram which simplifies and shows the communication system 1A of the other form of this Embodiment. It is the block diagram which shows the electric structure of the videophone terminal 5B of another form, and the block diagram which simplifies and shows the communication network containing the videophone terminal 5B.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Communication system 2 Authorized organization 3 Certification authority 4 Videophone terminal maker 5 Videophone terminal 8 Input part 9 Output part 11 Cryptographic processor 14 Storage part 15 CPU

Claims (6)

A communication system including a videophone device capable of communicating at least communication information including image information and audio information with another videophone device, and an authentication device for authenticating the other videophone device,
The authentication device includes a generation unit that generates authentication information corresponding to a function of another videophone device,
The videophone device includes:
Communication means for communicating authentication information and communication information with other videophone devices;
Selection means for selecting communication information to be transmitted to another videophone device based on authentication information transmitted from the other videophone device when communication with the other videophone device is started;
And a control means for controlling the communication means so as to transmit the communication information selected by the selection means to another videophone device. The authentication device
An authentication communication means for transmitting information relating to the authentication information to the videophone device;
The videophone device includes:
Further comprising authentication means for authenticating authentication information transmitted from another videophone device based on information relating to authentication information transmitted from the authentication device;
The communication means can communicate with an authentication device;
The communication system according to claim 1, wherein the selection unit selects communication information to be transmitted to another videophone device based on an authentication result of the authentication unit.   The communication system according to claim 1, wherein the authentication information includes a public key. The videophone device according to any one of claims 1 to 3, wherein
The selection means includes a processing unit that processes image information or audio information transmitted to another videophone device,
The selecting unit selects information processed by the processing unit as communication information to be transmitted to another videophone device.   5. The videophone device according to claim 4, wherein the communication information includes command information for commanding an operation of another videophone device. A communication method between a videophone device and another videophone device,
A step of generating authentication information corresponding to the function of another videophone device;
When the videophone device and another videophone device start communication, the videophone device receives authentication information from the other videophone device; and
And a step of selecting communication information to be transmitted from the videophone device to another videophone device based on the received authentication information.

Images