JP2008199530A - Radio wave broadcast verification apparatus and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent fake attacks and resend attach without using a two-way communication and to verify the validity of location information. <P>SOLUTION: A mobile terminal 10 uses unidirectional communication, and an authentication code verification section 17 verifies an authentication code, included in received information to prevent fake attacks. If optimal location information of the present device is contained in a triangular inside region, constituted of three broadcast station location information items among broadcast station location information on respective broadcast stations, the optimal location information which is calculated by using broadcast time information, broadcast station location information, time information of an internal clock, in a tamper-resistant protection region within the present device and an upper limit value of a positioning error determined, while taking into account the measured results, and the like, beforehand, and an inclusive error for the optimal location information is estimated within a preset error allowable range, a location information verification section 19 determines that a radio wave broadcast is not resent to prevent the resend attack. Accordingly, solution is obtained. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a radio broadcast verification apparatus and program mounted on a device whose position is indefinite, such as a mobile terminal or an RFID tag. For example, it is possible to prevent forgery attacks and replay attacks without using two-way communication. The present invention relates to a radio broadcast verification apparatus and a program capable of verifying the legitimacy of a program.

  A GPS (Global Positioning System) is a representative example of a position information system using electromagnetic waves. The GPS receives the position and transmission time of the satellite itself broadcast by four or more GPS satellites, and calculates the position and reception time of the receiving terminal.

  However, since the position information obtained by GPS can be easily forged, altered, or misappropriated by the receiving terminal user or a malicious third party, safety cannot be guaranteed. For this reason, there is a problem that the obtained position information cannot be used as evidence indicating the validity of the position information. Also, existing location information distribution services other than GPS have the same problem, and the terminal devices are directly monitored and dealt with by a reliable person or organization in order to guarantee safety. Currently.

  On the other hand, in recent years, two methods have been proposed that can verify the validity of location information of a mobile terminal without directly checking the location information in a face-to-face manner (see, for example, Non-Patent Documents 1 and 2). In both methods, an authenticator is added to the transmitted signal to prevent forgery attacks, and (i) the physics axiom that the information transmission speed does not exceed the speed of light, and (ii) the spatial propagation time of the electromagnetic wave Based on the two basic facts (i) and (ii) of the geometrical characteristics of the spatial arrangement formed by the base station and the mobile terminal that measure the distance, the retransmission attack is prevented.

  However, according to the inventor's study, both methods perform distance positioning using two-way communication of electromagnetic waves, so that when the terminal user acquires position information that can be verified later, the base station must always Position information is obtained, and it is difficult to protect the privacy related to the position information of the terminal user.

  In both systems, it is necessary for the terminal to instantaneously calculate and respond to an appropriate value for the signal obtained from the base station, but such an instantaneous process is very difficult to implement.

Furthermore, in both systems, when the terminal moves at a high speed, the positional accuracy peculiar to bidirectional communication always occurs. In addition, when the battery output of the terminal is low, the area area that can be covered for each base station becomes narrow, and thus a large number of base stations are required to cover a wide area outdoors. In addition, as a related description, for example, the usage scene is described in 1.1 2nd paragraph of Non-Patent Document 1, and it is assumed that the coverage area of the base station is small in 1.1 4th paragraph. It is stated that
BR Waters and EW Felten, “Secure, private proofs of location,” Princeton Univ., Tech. Rep., [Online]. Available: http://www.cs.princeton.edu/research/techreps/TR-667- 03, Jan. 2003. S. Capkun and J.-P. Hubaux, “Secure positioning in wireless networks,” IEEE J. Sel. Areas Commun., Vol. 24, no. 2, Feb. 2006, pp. 221-232.

  As described above, the methods described in Non-Patent Documents 1 and 2 perform, according to the inventor's study, problems that make it difficult to protect privacy due to responses during bidirectional communication, and instantaneous calculations and responses. There are problems that the processing is difficult to implement, deterioration of position accuracy due to high-speed movement during two-way communication, and a problem that a large number of base stations are required when the battery output at the time of response is low. These problems are considered to be caused by using two-way communication for verifying the validity of position information.

  The present invention has been made in view of the above circumstances, and provides a radio broadcast verification apparatus and program that can prevent forgery attacks and replay attacks without using two-way communication and can verify the legitimacy of radio broadcasts. Objective.

  According to a first aspect of the present invention, there is provided receiving means for receiving radio broadcasts including scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator from three broadcast stations performing unidirectional communication, based on the authenticator. , Forgery verification means for verifying the presence or absence of forgery of the radio broadcast, an internal clock device for providing internal time information, and reception time acquisition for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device Three broadcast stations based on means, three scheduled broadcast time information obtained from radio broadcasts of the three broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error. Based on distance upper limit calculation means for calculating the upper limit of three distances between each of the mobile station and the own apparatus, and the three broadcast station position information corresponding to the three distance upper limit values and the distance upper limit values. Numerical optimization By means of the above, the optimum position information included in the triangular area having the vertexes of the values of the three broadcast station position information and the optimum position calculation means for calculating the optimum position information of the own device and the inclusion error relating to the optimum position information Position verification means for verifying whether the error is included, error detection means for verifying whether the error information about the optimum position information is within a preset allowable error range, and forgery by the counterfeit verification means When the absence is verified, the optimum position verification means verifies that the optimum position information is included, and the inclusion error verification means verifies that the error is within the allowable error range, the optimum position information is accepted. It is a radio wave broadcast verification apparatus provided with an optimum position acceptance means.

  According to a second aspect of the present invention, there is provided receiving means for receiving radio broadcasts including scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator from four broadcast stations performing unidirectional communication, based on the authenticator. , Forgery verification means for verifying the presence or absence of forgery of the radio broadcast, an internal clock device for providing internal time information, and reception time acquisition for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device Four broadcast stations based on means, four scheduled broadcast time information obtained from radio broadcasts of the four broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error. Based on distance upper limit calculation means for calculating the upper limit of four distances between each of the mobile stations and the own apparatus, and the four broadcast station position information corresponding to the four upper limit distances and the respective upper limit distances, Numerical optimization The optimum position information of the device itself and the optimum position calculation means for calculating the error information relating to the optimum position information, and the optimum position information in the tetrahedron region whose vertex is the value of the four broadcast station position information. Includes: an optimum position verifying unit that verifies whether or not included error information relating to the optimum position information is within a preset allowable error range, and the forgery verification. Means for verifying that there is no forgery, verifying that the optimal position information is included by the optimal position verification means, and verifying that the error is within an allowable error range by the included error verification means, It is a radio wave broadcasting verification apparatus provided with an optimal position acceptance means for accepting.

  Although the first and second inventions are expressed as “devices”, the present invention is not limited thereto, and may be expressed as “programs”, “computer-readable storage media storing programs”, or “methods”. it can.

(Function)
In the first and second inventions, in the radio wave broadcast verification apparatus using unidirectional communication, the forgery verification means prevents the forgery attack by verifying the authenticator, and the optimum position information verification means is a triangle having each broadcast station as a vertex. Alternatively, it is verified that the calculated position information is included in the tetrahedron region, and the retransmission attack is prevented by verifying that the error including the calculated optimum position information is within the allowable error range. Forgery attacks and retransmission attacks can be prevented without using directed communication, and the validity of radio broadcast can be verified.

  As described above, according to the present invention, forgery attacks and retransmission attacks can be prevented without using two-way communication, and the validity of position information can be verified.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings, but before that, an outline of the present invention will be described.

(Outline of the present invention)
FIG. 7 is a schematic diagram showing distribution of position information by unidirectional communication of electromagnetic waves for explaining the outline of the present invention. Broadcasting station S _i to trusted prepares a material obtained by adding its own precise position coordinates and authenticator anti-counterfeit the scheduled broadcast time as broadcast content, these at the scheduled broadcast time indicated in the broadcast content To broadcast. Authenticator may as long as it is generated based on the broadcast station S _i-specific secret key, for example, a digital signature or message authentication codes: may either (Message Authentication Code MAC).

The verification module M in the mobile terminal (mobile terminal) receives the broadcast from the broadcasting station S _i and acquires the reception time using an internal clock. Note that both the verification module M and the internal clock are incorporated in a tamper-resistant protection area where unauthorized operation is prohibited in the mobile terminal.

Here, the exact position of the broadcast station S _i is (x _i , y _i , z _i ), the broadcast time is t _i , the reception time of the verification module M is t _m , and the speed of light in vacuum is c. At this time, even if an arbitrary attacker including the user of the mobile terminal attempts a forgery attack or a replay attack, the position of the verification module M of the mobile terminal and the position of the broadcasting station S _i (x _i , y _i , z It can be seen that the upper limit of the distance to _i ) is c (t _m −t _i ). The reason for this will be described below.

A counterfeit attack is an arbitrary form in which an attacker presumes broadcast content and generates “new” broadcast content including arbitrary location information, or alters part or all of the past broadcast content. By generating broadcast content including specific location information, it is defined as an attack that attempts to deceive the verification module M with respect to the location information of the mobile terminal against the mobile terminal in an environment where the legitimate broadcast is blocked. Such forgery attacks, unless computational security authenticator broadcasters S _i generated is maintained, can be prevented to verify the authenticator. Specifically, the verification module M verifies the consistency between the broadcast content (x _i , y _i , z _i , t _i ) and the authenticator sign _ki (x _i , y _i , z _i , t _i ). Then, it can be confirmed that (x _i , y _i , z _i , t _i ) is not illegally forged information. For example, if the authenticator is the digital signature, verification module M performs a verification algorithm using the valid verification public key of the broadcaster S _i, may be verified digital signature. Further, if the authenticator is a message authentication code, perform verification algorithm using the common secret key of the broadcaster S _i the verification module M is beforehand held, it may be verified message authentication codes.

Next, the replay attack is a verification module M for verifying the location information of the mobile terminal against the mobile terminal in an environment where the legitimate broadcast is blocked by retransmitting the past broadcast content as it is without changing by the attacker. Is defined as an attack that attempts to deceive. For the replay attack, on the assumption that the forgery attack described above is prevented, when the verification module M obtains the broadcast time t _i and the reception time t _m , the attacker executes the replay attack from any position Even so, it can be said that the verification module M of the mobile terminal is included in the boundary and the inside of the sphere having the radius c (t _m −t _i ) from the broadcasting station S _i (when limited to a two-dimensional plane, the radius c (T _m -t _i ) circle boundary and included from the boundary inside). Because the past broadcast contents retransmitted without forgery are restricted by the physics axiom that "the information transmission speed can never exceed the speed of light in vacuum." Since the verification module M cannot be reached beyond the speed (the speed of light in a vacuum), the attacker makes the distance from the verification module M to the broadcasting station S _i “more distant” than the verification module M. Because it can only be camouflaged.

The above is the reason why the upper limit value of the distance between the verification module M of the mobile terminal and the broadcasting station S _i is c (t _m −t _i ).

However, in reality, since the broadcasting station S _i and the verification module M are in the atmosphere, the transmission speed of a valid broadcast by the broadcasting station S _i is slightly smaller than the speed of light in the vacuum (average light in the atmosphere). The phase velocity of this is about 99.7% of the speed of light in a vacuum). In addition, the influence on the transmission speed of electromagnetic waves due to fluctuations in the composition density of the atmosphere cannot be ignored in some cases. Furthermore, the time error of the internal clock of the broadcasting station S _i and the mobile terminal is also an important factor causing the position error.

Therefore, in order to prevent retransmission attacks, it is necessary to consider inevitable position errors that occur in these actual use environments. Although it is difficult with the current state of the art, an attacker can use a replay attack to block and store a legitimate broadcast within the range allowed by these spontaneous position errors, and then retransmit it at an appropriate time. This is because it is possible in principle to disguise the distance from M to the broadcasting station S _i "closer" than the actual distance.

Along with this, the error between the verification module M and the broadcasting station S _i is also taken into account so that the attacker can disguise the distance from the verification module M to the broadcasting station S _i only “farther” by a replay attack. Consider redefining the upper limit of the distance between. In an actual usage environment, let c _{air be} the transmission speed of electromagnetic waves in the atmosphere, and ε be the maximum absolute value of the sum of position errors caused by the maximum time error of the internal clock of the broadcasting station S _i and the mobile terminal. Since c ≧ c _air always holds for any transmission speed c _air , the upper limit value of the distance may be defined as c (t _m −t _i ) + ε (a position error caused by the maximum time error of the watch) Does not depend on the measurement times t _i and t _m ). These relationships are shown in FIG.

Mobile terminal - of an error of the upper limit _{d = c (t m -t i} ) + ε of the distance between the broadcast station S _i is maximum, the mobile terminal - legitimate from S _i on the straight line connecting the station S _i This is a case where there is no attacker who blocks the broadcast. Therefore, the maximum error value Δd of the distance upper limit value is expressed by the following equation.

Δd≡ (c−c _air ) (t _m −t _i ) + ε
Then, using the measurements of the upper limit of the distance from the broadcast station S _i by one-way communication of such electromagnetic waves, safety against counterfeiting attacks and replay attacks, describes a position calculating method of a mobile terminal. For the sake of simplicity, first of all, consideration will be given to position authentication on a two-dimensional plane as shown in FIG.

Each of the three broadcasting stations S _{1 to} S ₃ and one mobile terminal has a clock synchronized with high accuracy and acquires time information with high accuracy. Each broadcasting station S _i is added to its accurate position coordinates and anti-counterfeit authenticator scheduled broadcast time to create a broadcast content to broadcast the broadcast content scheduled broadcast time. The verification module M in the mobile terminal receives the broadcast content and acquires the reception time from the internal clock. Hereinafter, according to the measurement method described above, the verification module M can obtain the upper limit value d = c (t _m −t _i ) + ε of the distance between the mobile terminal and each of the broadcast stations S ₁ , S ₂ , S ₃ .

Here, if the mobile terminal is located in a triangular area having the _three broadcasting stations S _{1 to} S ₃ as vertices, the above-described measurement method does not include the spontaneous error ε, and the transmission speed of the broadcast is reduced in vacuum. In the ideal case where the speed of light c can be considered, the coordinates that simultaneously satisfy all three upper limit values from the broadcasting station S _i are determined to be only one point.

Therefore, only when the calculated position of the mobile terminal based on the upper limit value d of the distance from each broadcasting station S _i is included in a triangular area having each of the broadcasting stations S _{1 to} S ₃ as vertices, the calculated position is determined as the validity of the mobile terminal. If the received position information is rejected when the calculated position is out of the region, the received position information is always safe against forgery attacks and retransmission attacks.

The principle of ensuring this safety will be explained intuitively with yet another expression. When the forgery is prevented by the authenticator, as described above, since any information transmission speed does not exceed the speed of light (physics axiom), the attacker can detect the broadcast station S viewed from the mobile terminal by any re-transmission attack. The distance to _i can only be shown “larger” than the true distance. Here, using the idea of the apostal method, it is assumed that the calculated position of the mobile terminal included in the triangle having vertices of the broadcasting stations S _{1 to} S ₃ is false position information due to the retransmission attack. At this time, regardless of the point on the plane where the true position of the mobile terminal is inside or outside the triangle, when moving from the true position to the false calculation position, _one of the broadcasting stations S _{1 to} S ₃ You must get close to at least one.

However, as described above, the attacker can never show "smaller" the true distance to the broadcasting stations S _i from the mobile terminal by any replay attack. Therefore, the assumption is wrong, and if the forgery attack is prevented by the authenticator, if the calculated position of the mobile terminal is included in the side of the triangle having the broadcast stations S _{1 to} S ₃ as vertices or inside, The calculated position is guaranteed to be the true position of the mobile terminal in the sense that it cannot be obtained by any retransmission attack.

For the above triangular region determination, an ideal case in which no error occurs is assumed. However, as described in FIG. 8, in reality, the distance evaluation by measuring the electromagnetic wave transmission time is mainly due to fluctuations in the electromagnetic wave transmission speed and the time error of the clocks held by the broadcasting station _Si and the mobile terminal. Usually accompanied by some error ε. Such a spontaneous error ε, which is difficult to avoid, is in principle indistinguishable from a position shift intentionally caused by a replay attack by an attacker. Therefore, since the evaluation of the error of the position information generated spontaneously and the evaluation of the deviation of the position information generated by the retransmission attack cannot be performed independently, the same evaluation algorithm is used in the verification module M. It is realistic and efficient to simultaneously evaluate both spontaneous errors and positional shifts due to attacks by means.

Therefore, error evaluation and retransmission attack prevention are simultaneously performed using the above-described distance upper limit value c (t _m −t _i ) + ε from the broadcasting station S _i to the mobile terminal in consideration of the error. The value of the error epsilon within a distance limit value, since the conditions such as electromagnetic wave transmission status and time synchronization accuracy for each broadcast station S _i is varied, be considered as an error epsilon _i for each broadcast station S _i preferable. Thus, the following gives more generally, the upper limit of the predetermined positioning error Based on experimental results or the like for receiving information from a broadcast station S _i, as a constant epsilon _i, respectively. Here, according to the index of the numerical optimization method to be applied, the position coordinate that is optimal from the viewpoint of error evaluation is calculated and used as true position information, and the maximum potential error of the obtained position coordinates is calculated at the same time. . An example of the numerical optimization method is a least square method often used in regression analysis or the like. According to the least square method, when the variance of the distance upper limit value d _i from the mobile terminal to each broadcasting station S _i is denoted as σ _i ² ,

To supplement, the optimal position _{^{(x m 0, y m 0}} ) of formula A in which the sum sigma ² expressions dispersion was partially differentiated by x _m is zero, and the same sigma ² expression was partially differentiating y _m It is obtained as x _m , y _m (= x _m ⁰ , y _m ⁰ ) as a result of solving the simultaneous equations of the expressions A and B under the condition that the expression B is zero.

Also it includes error ^{_{σ i (x m 0, y}} m 0) , by substituting the obtained optimal position _{^{(x m 0, y m 0}} ) in the equation of the variance sigma _i ^2, has been demanded.

  However, although the least square method is an appropriate method when the error characteristics follow a normal distribution, the error characteristics may not follow the normal distribution depending on the factors. It is more desirable to select a numerical optimization method suitable for the above.

Here, an appropriate distance upper limit value c (t _m −t _i ) + ε _{i including} an error is determined based on the definitions of c, t _m , t _i , and ε _i. Always greater than the distance between _i . Therefore, as indicated by the hatched portion in FIG. 10, the true position coordinates of the mobile terminal are three circles C ₁ having a radius c (t _m −t _i ) + ε _i centered on the broadcasting stations S _{1 to} S _3. It will be included in a region where all -C ₃ overlap.

  Based on this premise, the verification module M executes a series of processing procedures shown in FIG. 2 described later, and verifies the validity of the position coordinates of the mobile terminal. First, as described above, it is confirmed that the received broadcast includes three or more stations necessary for position authentication, and then it is verified that this is not forged. Next, the optimum position in the region is calculated based on the adopted numerical optimization, the inclusion error of the optimum position is calculated, and whether the inclusion error is within a preset appropriate error range (error allowable range). Determine whether. If the inclusion error is within the range of the appropriate error, the verification module M accepts the optimum position in the area obtained based on the numerical optimization as the true position coordinates of the mobile terminal. If the included error is outside the range of the appropriate error, the verification module M regards the optimum position as an invalid position coordinate that is highly likely to be manipulated by an attacker, and rejects it.

  If accepted as the true position coordinate of the mobile terminal, the verification module M securely stores this position coordinate in a storage device in the tamper-resistant area, and the verifier then reads the position coordinate directly by physical contact. It is also good. Alternatively, after acceptance, an authenticator corresponding to the true position coordinate is generated and added based on the secret key protected by the tamper-resistant protection area in the mobile terminal, and this authenticator is It may be stored together with the position coordinates in an unprotected normal storage device in the mobile terminal. When the authenticator is a digital signature, the verifier verifies the digital signature with a public verification key corresponding to the private key of the mobile terminal. If the authenticator is a message authenticator, the verifier verifies the message authenticator with a common secret key with the mobile terminal. In any case, when using an authenticator, the verifier can safely verify with the submitted position coordinates and authenticator as long as the tamper-resistant area in the mobile terminal is valid, even if the verifier is physically away from the mobile terminal. Can be executed.

  As described above, for the sake of simplicity, the description is limited to the position authentication on the two-dimensional plane. However, the same concept can be applied not only to the position authentication on the two-dimensional plane but also to the position authentication in the three-dimensional space. This is the same in both an ideal case without spontaneous error and an actual case with spontaneous error.

However, in the case of a three-dimensional space, the degree of freedom of coordinates is increased by 1. Therefore, in the specific area determination, as shown in FIG. 11, the calculated optimal position of the mobile terminal is three broadcasting stations S _{1 to} S. It is verified that it is included in the boundary and inside of a tetrahedron having _four broadcasting stations S _{1 to} S ₄ as vertices instead of triangles having vertices as ₃ vertices. The optimum positions calculated at this time are four spheres having _four broadcast stations S _{1 to} S ₄ as the center and having a radius of an upper limit distance d _i = c (t _m −t _i ) + ε _i considering the error. It will be included in the space area surrounded by.

As described above, according to the least square method, when the variance of the distance upper limit value d _i from the mobile terminal to each broadcasting station S _i is denoted as σ _i ² ,

  Also in the flowchart of the specific process, instead of the triangular area determination in FIG. 2, tetrahedral area determination is used as shown in FIG.

  The above is the outline of the present invention. Subsequently, a description will be given of a specific embodiment of the present invention.

(First embodiment)
FIG. 1 is a schematic diagram showing the configuration of a mobile terminal incorporating a radio broadcast verification apparatus according to the first embodiment of the present invention. The mobile terminal 10 is a mobile phone with a camera, and includes an internal clock 11, an internal clock update time information storage unit 12, a tamper resistance guarantee parameter storage unit 13, a reception unit 14, a reception information storage unit 15, a demodulation unit 16, a time / Authenticator verification unit 17, position information calculation unit 18, position information verification unit 19, time information storage unit 20, switch 21, timing control unit 22, shutter 23, image sensor 24, electronic file generation unit 25, hash value generation unit 26, a digital signature generation unit 27, a signed electronic file storage unit 28, and a tamper resistant protection area 29. The switch 21, the electronic file generation unit 25, and the signed electronic file storage unit 28 mainly correspond to the camera, and the other elements 11 to 20 mainly correspond to the radio wave broadcast verification apparatus. Reference numeral 28 corresponds to a time position authentication apparatus mainly using a radio wave broadcast verification apparatus. The time position authentication apparatus is an apparatus that authenticates the time information and position information of the mobile terminal 10 and the validity of the time information and position information added to the electronic file generated by the mobile terminal 10. The time / authenticator verification unit 17, the location information calculation unit 18, and the location information verification unit 19 correspond to the verification module M described above.

  The mobile terminal 10 is realized as a hardware configuration for realizing each function or a combination configuration of hardware and software. The software is installed from a storage medium or a network in advance, and includes a program for realizing the function. Elements that can be realized by software include, for example, a demodulation unit 16, a time / authenticator verification unit 17, a location information calculation unit 18, a location information verification unit 19, an electronic file generation unit 25, a hash value generation unit 26, and a digital signature generation. Part 27 is cited.

Here, the internal clock 11 is a highly accurate clock that operates within the tamper-resistant protection area 29 and is synchronized with the clock of each broadcasting station _Si , and has a function of providing the internal time information to the time information storage unit 20. It has a function to stop normal operation as soon as an unauthorized operation is detected. Note that the operation of the internal clock 11 by the user is prohibited. The broadcasting station _Si may be a ground base station or a mobile station on board. That is, the broadcast station _Si is a reliable broadcast station and can be a broadcast station that moves at the speed of a vehicle such as a ship or a car as long as the broadcast station position information at the scheduled broadcast time is accurate. Good. The broadcasting station S _i may move because the present embodiment is premised on unidirectional communication. The broadcast station _Si may be any broadcast station that transmits scheduled broadcast time information and broadcast station position information, and an authenticator using a MAC (Message Authentication Code) or a digital signature method. Authenticator by MAC is generated based on the common secret key and a hash function between the broadcast station S _i and the mobile terminal 10. Authenticator by the digital signature scheme is generated based on the signature key of a broadcast station S _i and the public verification key.

  The internal clock update time information storage unit 12 is a memory that is regularly or irregularly updated and stored by a management center (not shown), and holds synchronization time information indicating the time when the management center synchronizes the internal clock 11 and an expiration date. For each shooting, it has a function of sending the synchronization time information and the expiration date to the digital signature generation unit 27 and the electronic file storage unit with signature 28, respectively.

  The tamper resistance guarantee parameter storage unit 13 is provided in the tamper resistance protection area 29 and stores a tamper resistance guarantee parameter. When an unauthorized operation is performed on the tamper resistance protection area 29 from the outside, It has a function to immediately set the tamper resistance guarantee parameter to zero.

The receiving unit 14 includes scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator transmitted wirelessly from three broadcast stations S _i (where i = 1, 2, 3) performing unidirectional communication. It has a function of generating reception information by receiving radio broadcasts including, specifically, a high-sensitivity receiving circuit for wireless standard broadcasting and correction broadcasting.

  Here, the standard broadcast refers to a radio broadcast including two pieces of high-accuracy “position information of a broadcasting station” and “scheduled broadcast time information”, such as transmission information of a GPS positioning satellite. Further, in order to identify the broadcast station of the transmission information and guarantee its validity, an authenticator unique to the broadcast station, such as a digital signature reflecting the broadcast content, is added.

  The reception information storage unit 15 has a function of acquiring and storing reception information from the reception unit 14 immediately upon receiving a request from the timing control unit 22.

  The demodulation unit 16 has a function of demodulating the reception information in the reception information storage unit 15 into a readable data format and sending the reception information to the time / authenticator verification unit 17.

  The time / authenticator verification unit 17 executes verification based on the time information and verification based on the authenticator for the reception information received from the demodulation unit 16. For verification based on time information, the time / authenticator verification unit 17 compares the scheduled broadcast time information included in the reception information with the internal time information (reception time information) acquired by the time information storage unit 20, and receives the reception time. It has a function of verifying whether the information is later than all scheduled broadcast time information.

In the later case of this verification, the time / authenticator verification unit 17 has a function of determining the presence / absence of forgery of radio broadcast based on the authenticator included in the received information. on the received information, or is from the standard broadcast station S _i, or not tampered in the propagation path, is verified using the authentication code with respect to two points. Here, as a specific example, first, consider a case where the authenticator is a digital signature based on a public key cryptosystem. Each broadcasting station _Si uses a private key that is unique to each broadcasting station to generate a digital signature by decrypting the hash value of the transmission information, and adds this digital signature as an authenticator to the message portion of the transmission information. The time / authenticator verification unit 17 encrypts the authenticator included in the reception information by using the legitimate public key of each broadcasting station S _i held in advance, and the obtained encrypted authenticator and the message of the reception information If the two are equal, the received information is accepted as valid.

Position information calculator 18, and three scheduled broadcast time information and the broadcast station position information included in the received information of the standard broadcast three broadcast stations S _i, which is justified by the time / authenticator verification section 17, clock information A function of calculating three upper limit values of distance between each of the three broadcasting stations and the own apparatus based on the internal time information acquired by the storage unit 20 and the upper limit value of the included positioning error appropriately determined in advance. And the optimal position of the mobile terminal 10 based on the three distance upper limit values and the three broadcast station position information corresponding to the distance upper limit values, under appropriate numerical optimization processing according to the error characteristics of the received information. Information and the reception information from each broadcasting station are used to calculate the error included in the optimum position information. The function for sending the optimum position information to the position information verification unit 19 and the control from the position information verification unit 19 , Location information It has a function of sending out the barrel signature generation unit 27 and the signed electronic file storage unit 28. Note that “appropriately determined” means determined based on actual measurement results, for example.

Here, the calculation process in the position information calculation unit 18 will be supplementarily described. Since this embodiment is a two-dimensional plane, if three terrestrial broadcasting stations are designated as S _i , the standard broadcast includes accurate position information (x _i , y _i ) and scheduled broadcasting time for the broadcasting station S _i. information _{t i} are included. If the least square method is adopted here for numerical optimization, the velocity of electromagnetic waves is c, the position information of the mobile terminal 10 is (x _m , y _m ), the reception time information is t _{m, and the} broadcasting station S _i The upper limit value of the positioning error included in the received information of ε is ε _i , and the optimum position information (x _m ⁰ , y _m ⁰ ) of the mobile terminal 10 and the received information from each broadcasting station S _{i according} to the above [Equation 1]. is calculated with respect to the ^{_{(x m 0, y m 0}} ) includes error ^{_{σ i (x m 0, y}} m 0) having the.

Location information verification unit 19, the three broadcasting station S _i triangles in a region where the value of the three broadcasting station position information obtained from a radio wave broadcast and the apex of, the mobile terminal 10 by the position information calculating unit 18 is calculated A function for verifying whether or not the optimal position information is included and the included error is within a preset allowable error range and the time / authenticator verification unit 17 verify that there is no forgery, and within the triangular area When it is verified that the optimum position information is included and the inclusion error is verified to be within a preset allowable error range, the function for accepting the optimum position information of the mobile terminal 10 and the optimum position information are A function that requests the position information calculation unit 18 to send the optimum position information to the digital signature generation unit 27 and requests the time information storage unit 20 to send the internal time information to the digital signature generation unit 27 after the acceptance. It has.

Note that the high accuracy of the internal clock 11 is essential for the positional information verification unit 19 to guarantee the validity of verification of the positional information. As a realistic candidate for a high-precision internal clock, there is a small crystal oscillator with a thermostatic chamber that is currently manufactured and sold by several manufacturers. According to the performance evaluation catalogs issued by each company, these have already achieved a stability of an error of 5 × 10 ^-10 [s / day] as a typical level, and the occupied volume can be incorporated into a mobile terminal. Therefore, it can be used as an internal clock of the proposed method. Another candidate in the very near future is the chip-scale atomic clock announced by the US National Institute of Standards and Technology (NIST) in 2005 (S. Knappe, V. Gerginov, PDD Schwindt, V. Shah, HG Robinson). , L. Hollberg and J. Kitching, “Atomic vapor cells for chip-shale atomic clocks with improved long-term frequency stability”, Optics Letters, vol. 30, no. 18, Sep. 2005, pp. 2351-2353. reference).

According to the NIST announcement, this chip-scale atomic clock has achieved a stability of 1 day error of 5 × 10 ⁻¹¹ [s / day]. Since such a chip-scale atomic clock has a small occupied volume and low power consumption, it is suitable for incorporation into small devices such as wristwatches, mobile terminals, and RFID tags. In addition, since this chip-scale atomic clock can be manufactured by being integrated in a wafer using a production technology for MEMS (micro-electro-mechanical systems), the manufacturing cost can be reduced.

  The time information storage unit 20 acquires and stores time information from the internal clock 11 immediately upon receiving a request from the timing control unit 22. After obtaining permission from the position information verification unit 19, the time information storage unit 20 digitally stores the acquired time information. It has a function to be given to the signature generation unit 27.

  The switch 21 operates the shutter 23 in the on state, and simultaneously notifies the timing control unit 22 that it is in the on state.

  As soon as the switch 21 is turned on, the timing control unit 22 performs control so that the reception information storage unit 15 acquires and stores the reception information and the time information storage unit 20 acquires and stores the internal time information of the internal clock 11 simultaneously. .

The shutter 23 is an opening / closing mechanism that is operated by the switch 21.
When the shutter 23 is in the open state, the image sensor 24 captures an object in front and sends an output signal including the imaging result to the electronic file generator 25.

  The electronic file generation unit 25 has a function of generating an electronic file representing an image based on an output signal received from the image sensor 24 after the shutter 23 is operated, a hash value generation unit 26 and an electronic file storage unit with a signature. 28.

  Note that the switch 21, the shutter 23, the image sensor 24, the electronic file generation unit 25, and the electronic file storage unit with signature 28 are elements corresponding to the camera of the camera-equipped mobile phone.

  The hash value generation unit 26 has a function of generating a hash value from the electronic file received from the electronic file generation unit 25 using an operation that can be regarded as a one-way function, and sending the obtained hash value to the digital signature generation unit 27. Yes.

  When the determination result by the time / authenticator verification unit 17 indicates that there is no forgery and the determination result by the position information verification unit 19 indicates that there is no retransmission, the digital signature generation unit 27 includes the internal time information and the position information of the own device. Based on this, a digital signature of the electronic file is generated.

  Specifically, the digital signature generation unit 27 receives the position information received from the position information calculation unit 18 and the internal time information received from the time information storage unit 20 (reception time) for the hash value received from the hash value generation unit 26. Information) and the synchronization time information received from the internal clock update time information storage unit 12 and the expiration date are added to create signature target data, and the signature target data is created based on the private key unique to the mobile terminal 10. It has a function of executing a decryption process to generate a digital signature and sending the obtained digital signature to the electronic file storage unit 28 with signature.

  The signed electronic file storage unit 28 receives the position information received from the position information calculation unit 18 and the internal time information (reception time information) received from the time information storage unit 20 for the electronic file received from the electronic file generation unit 25. And the synchronization time information and expiration date received from the internal clock update time information storage unit 12 and the digital signature received from the digital signature generation unit 27, and these electronic file, position information, internal time information, and synchronization time information And has a function of storing an expiration date and a digital signature as a set.

  The tamper resistant protection area 29 includes an internal clock 11, an internal clock update time information storage unit 12, a tamper resistance guarantee parameter storage unit 13, a reception unit 14, a reception information storage unit 15, a demodulation unit 16, and a time / authenticator verification unit 17. The position information calculation unit 18, the position information verification unit 19, the time information storage unit 20, the timing control unit 22, the electronic file generation unit 25, the hash value generation unit 26, and the digital signature generation unit 27 are protected by providing tamper resistance. Specifically, when an unauthorized operation is performed on the tamper resistant protection area 29 from the outside, each of the elements 11 to 20, 22, 25 to 27 described above is invalidated immediately after the unauthorized operation is detected. It has a function to do. Here, the function to be invalidated may be to erase the data or program of each element.

  Next, the operation of the mobile terminal configured as described above will be described using the flowchart of FIG.

  The switch 21 is operated by the user to activate the shutter 23 in the on state, and simultaneously notifies the timing control unit 22 that the shutter 23 is in the on state.

  When the shutter 23 is in the open state, the image sensor 24 captures a subject in front and sends an output signal including the imaging result to the electronic file generator 25.

  The electronic file generation unit 25 generates an electronic file representing an image based on the output signal, and sends the electronic file to the hash value generation unit 26 and the signed electronic file storage unit 28.

  On the other hand, as soon as the switch 21 is turned on, the timing control unit 22 controls the reception information storage unit 15 to acquire and store the reception information and the time information storage unit 20 to acquire and store the internal time information of the internal clock 11 at the same time. (ST1).

  The demodulator 16 demodulates the received information in the received information storage unit 15 into a readable data format, and sends the received information to the time / authenticator verification unit 17.

  The time / authenticator verification unit 17 determines whether or not each piece of received information from each broadcasting station is equal to or more than three stations (ST2). If not, the process proceeds to step ST5 to obtain the mobile terminal 10. The received information is rejected as fraud due to an attack.

  Next, the time / authenticator verification unit 17 compares the internal time information (reception time information) acquired from the time information storage unit 20 with the scheduled broadcast time information in the reception information, and the reception time information is all scheduled. It is verified whether or not it is later than the broadcast time information (ST3). If not, the process proceeds to step ST5 and the received information is rejected.

  Next, the time / authenticator verification unit 17 determines the presence / absence of forgery of radio broadcast based on the authenticator of the received information, that is, whether the authenticator is valid (ST4). The determinations in steps ST2 to ST4 may be performed in any order, or may be performed between steps ST6 to ST8 described later. If any of the determination results in steps ST2 to ST4 does not indicate validity, the process is stopped (ST5). Here, a case where the received information is recognized as valid will be described.

The position information calculation unit 18 is preliminarily appropriate to the three scheduled broadcast time information t _{1 to} t 3 obtained from the radio broadcasts of the _three broadcasting stations S _{1 to} S ₃ and the acquired internal time information (reception time information) t _m. based on the upper limit value ε ₁ ~ε ₃ of positioning error defined in the three distance limit d ₁ to d ₃ between each mobile terminal 10 of the three broadcasting station S ₁ to S ₃ calculate.

Thereafter, the position information calculating section 18, three broadcast station position information corresponding to three distance limit d ₁ to d ₃ and the respective distance limit _{d 1 ~d 3 (x 1,} y 1), (x _2, y _2), (based on x _3, y _3), by the least squares method, the optimum position information (x _m ⁰ of the mobile terminal 10, y _m ⁰⁾ and the broadcasting station on the basis of the optimum position information The included error information σ _i (x _m ⁰ , y _m ⁰ ) included in the received information from S _i is calculated (ST6), and these calculation results (x _m ⁰ , y _m ⁰ ), σ _i (x _m ⁰ , y _m ⁰ ) is sent to the position information verification unit 19.

The position information verification unit 19 determines whether or not the calculated optimum position information (x _m ⁰ , y _m ⁰ ) of the mobile terminal 10 is included in a triangular area having the _three broadcasting stations S _{1 to} S ₃ as vertices. (ST7), if not, the process moves to step ST9, and the optimum position information (x _m ⁰ , y _m ⁰ ) is rejected as an illegal act.

Subsequently, the position information verification unit 19 determines whether or not the error σ _i (x _m ⁰ , y _m ⁰ ) of the optimum position is within a preset error tolerance range (ST8). In this case, the process proceeds to step ST9, where the optimum position information (x _m ⁰ , y _m ⁰ ) is rejected as illegal.

If the result of step ST8 is within the allowable error range, the position information verification unit 19 accepts the optimum position information (x _m ⁰ , y _m ⁰ ) as the true position of the mobile terminal 10 (ST10), and the position information End the verification.

  Hereinafter, the mobile terminal 10 creates signature target data by adding (optimum) position information, internal time information, synchronization time information, and an expiration date to the hash value of the electronic file, generates a digital signature from the signature target data, This digital signature is added to the electronic file and stored.

  As described above, according to the present embodiment, a broadcast station-specific authenticator is given to the scheduled broadcast time information and the broadcast station position information transmitted wirelessly, and the presence or absence of forgery is determined based on this authenticator. Can prevent counterfeit attacks. In addition to this, the broadcast time information, the broadcast station position information, and the tamper-resistant protection area in its own device are within the triangular area with the three broadcast station position information as the vertices among the broadcast station position information of each broadcast station. Includes the optimum position information of its own device calculated using the time information of the internal clock and the upper limit value of the positioning error determined in advance based on the actual measurement results, etc., and the inclusive error for each broadcasting station that the optimum position information has Is estimated to be within the preset allowable range, it is determined that the radio broadcast is not retransmitted.

Further, as described above, according to the present embodiment, since the triangular region verification is performed on the optimum position information (x _m ⁰ , y _m ⁰ ) in consideration of the inclusion error, the validity of radio wave broadcasting is more realistic and efficient. The sex can be verified.

  Supplementally, the present embodiment simplifies the configuration and increases the efficiency of the process by performing the evaluation of the position error included in the received information and the prevention of fraud with a single determination algorithm at the same time, Furthermore, malfunction can be suppressed.

  Therefore, forgery attacks and retransmission attacks can be practically prevented only by unidirectional communication without using bidirectional communication, and the validity of position information can be verified with a clear technical basis.

Supplementally, the present embodiment, since it is realized by unidirectional communication, without location information of the mobile terminal 10 is known on the broadcasting station S _i, it is possible to protect the privacy. That is, for example, since it is realized by unidirectional communication, the verifier can certify the location where the mobile terminal 10 existed in the past without constantly monitoring the mobile terminal 10, and the mobile terminal uses the location information Can protect the privacy.

Further, unlike the two-way communication, the present embodiment does not need to respond to the broadcasting station S _i and can be mounted relatively easily. Further, unlike the bidirectional communication, there is no problem of deterioration in position accuracy due to high-speed movement. Further, unlike the bidirectional communication, there is no need to respond to the broadcasting station _Si , so there is no problem due to the low battery output at the time of response.

In addition, since the present embodiment can be realized by a simple verification algorithm that determines whether or not the position information of the mobile terminal 10 is included in a triangular area having the broadcasting stations S _{1 to} S ₃ as vertices, the configuration can be simplified. At the same time, the processing can be made more efficient, and malfunctions can be suppressed.

  Furthermore, since this embodiment can verify the validity of location information by preventing counterfeit attacks and retransmission attacks, the time information of the mobile terminal 10, the location information, and the time information added to the electronic file generated by the mobile terminal 10 And the correctness of the location information can be technically guaranteed. Also, using GPS and other broadcast-type communications, electronic file generation is performed on the terminal side, and there is no need to fix the terminal in a fixed position and there is no need for network connection, and secure location authentication that does not allow false location information Can be realized.

  In addition, according to the present embodiment, since the validity of radio wave broadcasting can be guaranteed, the generation time / position of digital data is guaranteed (for example, installed in a mobile terminal) according to the device equipped with the radio wave broadcasting verification device. ), Time information and location information in logistics (for example, when mounted on an RFID tag), car travel record certificate (for example, when mounted on a taxi fare meter), etc. Various services that require the legitimacy of can be realized. For example, various services using a mobile receiving terminal that is not fixed in place can be realized.

(Second Embodiment)
FIG. 3 is a flowchart showing the operation of the mobile terminal incorporating the radio broadcast verification apparatus according to the second embodiment of the present invention.

That is, this embodiment is a modification of the first embodiment, and the mobile terminal 10 shown in FIG. 1 replaces the triangular area verification with the _three broadcasting stations S _{1 to} S ₃ as vertices with 4 The configuration is such that tetrahedron region verification is performed with the two broadcasting stations S _{1 to} S ₄ as vertices. Accordingly, the functions of the position information calculation unit 18 and the position information verification unit 19 are slightly changed.

Specifically, the position information calculation unit 18 includes four scheduled broadcast time information and broadcast station position information obtained from the radio broadcasts of the four broadcast stations S _i , the acquired internal time information, and a predetermined positioning. Based on the error upper limit value, a function for calculating four distance upper limit values between each of the four broadcasting stations and the own apparatus, three distance upper limit values, and four distance corresponding to the distance upper limit values. Based on the broadcast station position information and the position information of the mobile terminal 10, the optimum position information of the mobile terminal 10 and the included error information related to the optimum position information are obtained under appropriate numerical optimization processing according to the error characteristics of the received information. And a function of sending these calculation results to the position information verification unit 19. The meaning of “appropriately defined” is as described above.

Here, the calculation process in the position information calculation unit 18 will be supplementarily described. Since this embodiment is a case of a three-dimensional space, assuming that three broadcast stations on the ground and one broadcast station of an artificial satellite are S _i (where 1 ≦ i ≦ 4), the broadcast station S is used for standard broadcasting. the exact location information of _i are included _{(x i, y i, z} i) the scheduled broadcast time information _{t i.} Assuming here that the least square method is adopted for the numerical optimization process, the velocity of the electromagnetic wave is c, the position information of the mobile terminal 10 is (x _m , y _m , z _m ), the reception time information is t _m , broadcast If the upper limit value of the positioning error included in the received information from the station S _i is ε _i , the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) of the mobile terminal 10 and its The inclusion error σ _i (x _m ⁰ , y _m ⁰ , z _m ⁰ ) for each broadcasting station S _i is calculated.

  The location information verification unit 19 includes the optimum location information calculated by the location information calculation unit 18 in the tetrahedron region with the values of the four broadcast station location information as vertices, and the inclusion error is set in advance. The function for verifying whether or not the error is within the allowable range and the time / authenticator verifying unit 17 verify that there is no forgery, verify that the position information is included in the tetrahedron region, and the error included When it is verified that the error is within the preset allowable error range, the position information calculating unit 18 accepts the optimum position information, and after accepting the optimum position information, the position information calculating unit 18 accepts the optimum position information. It has a function of requesting information to be sent to the digital signature generation unit 27 and requesting the time information storage unit 20 to send internal time information to the digital signature generation unit 27.

  Next, the operation of the mobile terminal configured as described above will be described using the flowchart of FIG.

  Now, it is assumed that, from the operation of turning on the switch 21, the acquisition / storage operation of the reception information and the internal time information is executed as in the above-described step ST 1 (ST 11).

  Subsequently, the demodulation unit 16 demodulates the reception information in the reception information storage unit 15 into a readable data format, and sends the reception information to the time / authenticator verification unit 17.

  The time / authenticator verification unit 17 determines whether there are four or more pieces of received information from each broadcasting station (ST12). If not, the process proceeds to step ST15 to obtain the mobile terminal 10. The received information is rejected as fraud due to an attack.

  Next, the time / authenticator verification unit 17 compares the internal time information (reception time information) acquired from the time information storage unit 20 with the scheduled broadcast time information in the reception information, and the reception time information is all scheduled. Whether it is later than the broadcast time information is verified (ST13). If not, the process proceeds to step ST15 to reject the received information.

  Next, the time / authenticator verification unit 17 determines the presence / absence of forgery of radio broadcast, that is, whether the authenticator is valid based on the authenticators of the received information of four stations or more (ST14). Note that the determination order of steps ST12 to ST14 is arbitrary, and the like is the same as steps ST2 to ST4 described above.

The position information calculation unit 18 appropriately includes _four scheduled broadcast time information t _{1 to} t 4 obtained from radio broadcasts of _four broadcast stations S _{1 to} S ₄ and acquired internal time information (reception time information) t _m in advance. on the basis of the positioning error limit ε ₁ ~ε ₄ of prescribed in the four distance limit d ₁ to d ₄ between each mobile terminal 10 of the four broadcast stations S ₁ to S ₄ calculate.

Thereafter, the position information calculating section 18, four distance limit d ₁ to d _4, and four broadcasting station position information corresponding to the respective distance limit _{d 1 ~d 4 (x 1,} y 1, z 1 ), (X ₂ , y ₂ , z ₂ ), (x ₃ , y ₃ , z ₃ ), (x ₄ , y ₄ , z ₄ ), the optimal position of the mobile terminal 10 by the least square method Information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) and included error information σ _i (x _m ⁰ , y _m ⁰ , z _m ⁰ ) related to the optimum position information are calculated (ST16), and these calculation results (x _m ⁰ , y _m ⁰ , z _m ⁰ ), σ _i (x _m ⁰ , y _m ⁰ , z _m ⁰ ) are sent to the position information verification unit 19.

The position information verifying unit 19 calculates the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) of the mobile terminal 10 in the tetrahedral area with the four broadcasting stations S _{1 to} S ₄ as vertices. (ST17), if not, the process proceeds to step ST19, and the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) is rejected as an illegal act.

Subsequently, the position information verification unit 19 determines whether or not the optimum position inclusion error σ _i (x _m ⁰ , y _m ⁰ , z _m ⁰ ) is within a preset allowable error range (ST18). If not, the process moves to step ST19, and the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) is rejected as illegal.

If the result of step ST18 is within the allowable error range, the position information verification unit 19 accepts the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) as the true position of the mobile terminal 10 (ST20 ), The verification of the position information is finished.

  Hereinafter, the mobile terminal 10 creates signature target data by adding (optimum) position information, internal time information, synchronization time information, and an expiration date to the hash value of the electronic file, generates a digital signature from the signature target data, This digital signature is added to the electronic file and stored.

  As described above, according to the present embodiment, the same effects as those of the first embodiment can be obtained even when the tetrahedron region verification is performed with the four broadcast station position information as vertices. Since verification of position information is also realized in a three-dimensional space, the application range of verification processing can be expanded compared to the first embodiment.

Similarly, the present embodiment can be realized by a simple verification algorithm that determines whether or not the location information of the mobile terminal 10 is included in the tetrahedron region having the broadcast stations S _{1 to} S ₄ as vertices. In addition to simplification, the processing efficiency can be improved, and malfunctions can be suppressed.

Furthermore, according to the present embodiment, since the tetrahedron region verification is performed on the optimum position information (x _m ⁰ , y _m ⁰ , z _m ⁰ ) in consideration of the included error, the validity of radio wave broadcasting is more realistic and efficient. The sex can be verified.

(Third embodiment)
FIG. 4 is a schematic diagram showing the configuration of a mobile terminal incorporating a radio broadcast verification apparatus according to the third embodiment of the present invention. This embodiment is a modification of the first or second embodiment, and has a configuration using a taxi fare meter as the mobile terminal 10a. Accordingly, a fare confirmation switch 21a and a fare counting unit 30 are provided instead of the switch 21, shutter 23, and image sensor 24 of FIG. 1, and the electronic file generation unit 25a generates an electronic file related to the taxi fare. Yes.

  Here, the fee confirmation switch 21a is configured to stop the fee counting unit 30 that is already in operation in the on state, confirm the fee, and notify the timing control unit 22 that it is in the on state.

  The fare counting unit 30 counts the taxi fare when the fare meter start switch (not shown) is turned on when the passenger gets on by the driver's operation, and the fare confirmation switch 21a is turned on when the passenger gets off. Then, finalized data indicating the finalized fee is sent to the electronic file generation unit 25a.

  The electronic file generation unit 25 a has a function of generating an electronic file representing the confirmed data in the fee counting unit 30 and a function of sending the electronic file to the hash value generation unit 26 and the signed electronic file storage unit 28.

  The charge confirmation switch 21a, the charge count unit 30, the electronic file generation unit 25a, and the signed electronic file storage unit 28 mainly correspond to taxi fare meters, and the other elements 11 to 20 are mainly used for the radio wave broadcasting verification apparatus. Correspondingly, 22 to 24 and 26 to 28 mainly correspond to a time position authentication device using a radio wave broadcast verification device.

Next, the operation of the mobile terminal configured as described above will be described.
The taxi company (management center 40) synchronizes the time of the internal clock 11 of the mobile terminal (taxi fare meter) 10a before starting business. The driver turns on a fare meter start switch (not shown) when the passenger gets on, turns on the fare meter's fare confirmation switch 21a when getting off, confirms the fare, and at the same time, positions information on the passenger's getting on and off the vehicle. A digital signature unique to the fare meter is generated for the time information, the boarding fee, the update time of the internal clock 11, and the expiration date, added to these data, and stored as a set.

  After the taxi arrives at the end of the business, the taxi company verifies the tamper resistance guarantee parameters, outputs the stored data, and synchronizes the time of the internal clock 11 of the mobile terminal (taxi fare meter) 10a again before the next business starts. Do.

  As described above, according to this embodiment, even when the mobile terminal is applied to a taxi fare meter, the same effects as those of the first or second embodiment can be obtained.

(Fourth embodiment)
FIG. 5 is a schematic diagram showing a configuration of a mobile terminal incorporating a radio broadcast verification apparatus according to the fourth embodiment of the present invention.

  This embodiment is a modification of the first or second embodiment, and has a configuration using a delivery settlement machine as the mobile terminal 10b. Accordingly, in place of the switch 21, the shutter 23, and the image sensor 24 of FIG. 1, the receipt issuing switch 21b and the adjustment data input terminal 31 are provided, and the electronic file generation unit 25b generates an electronic file related to the adjustment data. It has become.

  Here, the receipt issuance switch 21b sends input data of the payment data input terminal 31 to the electronic file generation unit 25 in the on state, and notifies the timing control unit 22 that it is in the on state.

  The settlement data input terminal 31 inputs settlement data by credit card or manual input. When the receipt issuance switch 21b is turned on, the settlement data input terminal 31 sends confirmed settlement data to the electronic file generation unit 25b. is there.

  The electronic file generation unit 25, upon receipt of settlement data determined from the settlement data input terminal 31, generates a digital file representing a receipt corresponding to the settlement data, and converts the electronic file into a hash value generation unit 26 and a signed electronic And a function for sending to the file storage unit 28.

  The receipt issuance switch 21b, the settlement data input terminal 31, the electronic file generation unit 25b, and the signed electronic file storage unit 28 mainly correspond to a settlement settlement machine, and the other elements 11 to 20 are mainly radio broadcasts. Corresponding to the verification device, 22 to 24 and 26 to 28 mainly correspond to the time position authentication device using the radio wave broadcast verification device.

Next, the operation of the mobile terminal configured as described above will be described.
The delivery company (management center 40) synchronizes the time of the internal clock 11 of the mobile terminal (delivery settlement machine) 10b before starting the business, and delivers the mobile terminal 10b to the delivery person.

  When the delivery person performs the payment process at the stage of delivering the package and turns on the receipt issuing switch 21b, the payment process information such as the credit card number, the position information and time information when performing the payment, the update time of the internal clock 11 A digital signature unique to the mobile terminal 10b is generated for the information and the expiration date, added to these data, and stored as a set.

  The delivery person delivers the mobile terminal (delivery settlement machine) 10b to the delivery company at the end of the business. The delivery company verifies the tamper resistance guarantee parameter, outputs the stored data, and synchronizes the time of the internal clock 11 of the mobile terminal 10b again before starting the next business.

  As described above, according to the present embodiment, the same effect as that of the first or second embodiment can be obtained even when the mobile terminal is applied to a delivery settlement machine.

(Fifth embodiment)
FIG. 6 is a schematic diagram showing a configuration of an RFID tag having a built-in radio broadcast verification apparatus according to the fifth embodiment of the present invention.

  This embodiment is a modification of the first or second embodiment, and has a configuration in which a radio broadcast verification apparatus is mounted on an RFID tag 10c. Accordingly, the communication device 32 is provided instead of the switch 21, the shutter 23, and the image sensor 24 of FIG. 1, and the electronic file generation unit 25c generates an electronic file related to recording data such as delivery records.

  Here, when the received content is a write request and recorded data, the communication device 32 sends the recorded data to the electronic file generation unit 25c and informs the timing control unit 22 that the received content is on, and the received content is It has a function of reading the stored contents of the electronic file storage unit with signature 28 and transmitting it from the antenna when a read request is made.

  The electronic file generation unit 25 has a function of generating an electronic file representing recording data received from the communication device, and a function of transmitting the electronic file to the hash value generation unit 26 and the signed electronic file storage unit 28.

  The communication device 32, the electronic file generation unit 25c, and the signed electronic file storage unit 28 mainly correspond to RFID tags, and the other elements 11 to 20 mainly correspond to radio wave broadcast verification devices. Reference numerals 26 to 28 correspond to time position authentication apparatuses mainly using radio wave broadcast verification apparatuses.

Next, the operation of the mobile terminal configured as described above will be described.
The delivery company (management center 40) synchronizes the time of the internal clock 11 of the RFID tag 10c before starting business, and attaches the RFID tag 10c to the delivery item (product or the like).

  When the delivery person writes the recording data as appropriate to the RFID tag 10c attached to the delivery item, the RFID tag 10 stores the position information and time information at the time of writing the recording data, the update time information and the expiration date of the internal clock 11, A digital signature unique to the RFID tag 10c is generated, added to these data, and stored as a set.

  After delivering the delivery item, the delivery company verifies the tamper resistance guarantee parameter of the RFID tag 10c removed from the delivery item, outputs the recorded data, and again the time of the internal clock 11 of the RFID tag 10c before the next delivery start. Synchronize. However, the RFID tag 10c is not limited to repeated use, but may be disposable.

  As described above, according to the present embodiment, the same effect as that of the first or second embodiment can be obtained even if the radio wave broadcast verification apparatus is mounted on the RFID tag 10c. In addition, since the RFID tag 10c has a simple function compared to the mobile terminal 10, it can be realized with a lower battery capacity than the mobile terminal 10.

  Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO) as programs that can be executed by a computer. ), And can be distributed in a storage medium such as a semiconductor memory.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Furthermore, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN or the Internet is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

  In addition, the computer in the present invention is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

It is a schematic diagram which shows the structure of the mobile terminal incorporating the radio broadcast verification apparatus which concerns on the 1st Embodiment of this invention. 4 is a flowchart for explaining the operation of the mobile terminal in the embodiment. It is a flowchart for demonstrating operation | movement of the mobile terminal incorporating the radio wave broadcast verification apparatus which concerns on the 2nd Embodiment of this invention. It is a schematic diagram which shows the structure of the mobile terminal incorporating the radio wave broadcast verification apparatus which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the mobile terminal incorporating the radio wave broadcast verification apparatus which concerns on the 4th Embodiment of this invention. It is a schematic diagram which shows the structure of the RFID tag incorporating the radio wave broadcast verification apparatus which concerns on the 5th Embodiment of this invention. It is a schematic diagram which shows delivery of the positional information for demonstrating the outline | summary of this invention. It is a schematic diagram which shows the measurement of the distance upper limit for demonstrating the outline | summary of this invention. It is a schematic diagram which shows the positioning on the two-dimensional plane for demonstrating the outline | summary of this invention. It is a schematic diagram which shows the positioning on the two-dimensional plane for demonstrating the outline | summary of this invention. It is a schematic diagram which shows the positioning in the three-dimensional space for demonstrating the outline | summary of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10, 10a, 10b ... Mobile terminal, 11 ... Internal clock, 12 ... Internal clock update time information storage part, 13 ... Tamper resistance guarantee parameter storage part, 14 ... Reception part, 15 ... Reception information storage part, 16 ... Demodulation part , 17 ... authenticator verification unit, 18 ... position information calculation unit, 19 ... position information verification unit, 20 ... time information storage unit, 21, 21a, 21b ... switch, 22 ... timing control unit, 23 ... shutter, 24 ... imaging Elements: 25... Electronic file generation unit, 26... Hash value generation unit, 27... Digital signature generation unit, 28... Electronic file storage unit with signature, 29.

Claims (4)

Receiving means for receiving radio broadcasts including scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator from three broadcast stations performing unidirectional communication;
Forgery verification means for verifying the presence or absence of counterfeiting of the radio broadcast based on the authenticator;
An internal clock device that provides internal time information;
Reception time acquisition means for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device;
Based on the three scheduled broadcast time information obtained from the radio broadcasts of the three broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error, each of the three broadcast stations and its own device Distance upper limit calculating means for calculating three upper limit values between
Based on the three distance upper limit values and the three broadcast station position information corresponding to the distance upper limit values, the optimum position for calculating the optimum position information of the device and the error information relating to the optimum position information by the least square method. A calculation means;
Optimal position verification means for verifying whether or not the optimal position information is included in a triangular area having the values of the three broadcast station position information as vertices;
Including error verifying means for verifying whether the included error information related to the optimum position information is within a preset allowable error range;
When the counterfeit verification means verifies that the counterfeit is not counterfeit, the optimal position verification means verifies that the optimal position information is included, and the inclusion error verification means verifies that the error is within the allowable error range, the optimal A radio broadcast verification apparatus comprising: an optimum position acceptance unit that accepts position information. Receiving means for receiving radio broadcasts including scheduled broadcast time information, broadcast station position information, and broadcast station-specific authenticators from four broadcast stations performing unidirectional communication;
Forgery verification means for verifying the presence or absence of counterfeiting of the radio broadcast based on the authenticator;
An internal clock device that provides internal time information;
Reception time acquisition means for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device;
Based on the four scheduled broadcast time information obtained from the radio broadcasts of the four broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error, each of the four broadcast stations and its own device Distance upper limit calculation means for calculating four upper limit values of distance between
Based on the four distance upper limit values and the four broadcast station position information corresponding to the distance upper limit values, the optimum position for calculating the optimum position information of the own apparatus and the error information related to the optimum position information by the least square method. A calculation means;
Optimal position verification means for verifying whether or not the optimal position information is included in an area of a tetrahedron having the values of the four broadcast station position information as vertices;
Including error verifying means for verifying whether the included error information related to the optimum position information is within a preset allowable error range;
When the counterfeit verification means verifies that the counterfeit is not counterfeit, the optimal position verification means verifies that the optimal position information is included, and the inclusion error verification means verifies that the error is within the allowable error range, the optimal A radio broadcast verification apparatus comprising: an optimum position acceptance unit that accepts position information. A receiving circuit that receives radio broadcasts including scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator from three broadcast stations that perform unidirectional communication, and an internal clock device that provides internal time information A program used for a computer of a radio wave broadcasting verification apparatus,
The computer,
Forgery verification means for verifying the presence or absence of forgery of the radio broadcast based on the authenticator,
Reception time acquisition means for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device;
Based on the three scheduled broadcast time information obtained from the radio broadcasts of the three broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error, each of the three broadcast stations and its own device Distance upper limit value calculating means for calculating three distance upper limit values between
Based on the three distance upper limit values and the three broadcast station position information corresponding to the distance upper limit values, the optimum position for calculating the optimum position information of the device and the error information relating to the optimum position information by the least square method. Calculation means,
Optimal position verification means for verifying whether or not the optimal position information is included in a triangular region having the values of the three broadcast station position information as vertices;
Including error verifying means for verifying whether included error information relating to the optimum position information is within a preset allowable error range;
When the counterfeit verification means verifies that the counterfeit is not counterfeit, the optimal position verification means verifies that the optimal position information is included, and the inclusion error verification means verifies that the error is within the allowable error range, the optimal Optimal location acceptance means for accepting location information,
Program to function as. A receiving circuit that receives radio broadcasts including scheduled broadcast time information, broadcast station position information, and a broadcast station-specific authenticator from four broadcast stations that perform unidirectional communication; and an internal clock device that provides internal time information A program used for a computer of a radio wave broadcasting verification apparatus,
The computer,
Forgery verification means for verifying the presence or absence of forgery of the radio broadcast based on the authenticator,
Reception time acquisition means for acquiring internal time information indicating the time of reception of the radio broadcast from the internal clock device;
Based on the four scheduled broadcast time information obtained from the radio broadcasts of the four broadcast stations, the acquired internal time information, and a predetermined upper limit value of the positioning error, each of the four broadcast stations and its own device A distance upper limit calculating means for calculating four upper limit values between
Based on the four distance upper limit values and the four broadcast station position information corresponding to the distance upper limit values, the optimum position for calculating the optimum position information of the own apparatus and the error information related to the optimum position information by the least square method. Calculation means,
Optimal position verification means for verifying whether or not the optimal position information is included in an area of a tetrahedron having the values of the four broadcast station position information as vertices;
Including error verifying means for verifying whether included error information relating to the optimum position information is within a preset allowable error range;
When the counterfeit verification means verifies that the counterfeit is not counterfeit, the optimal position verification means verifies that the optimal position information is included, and the inclusion error verification means verifies that the error is within the allowable error range, the optimal Optimal location acceptance means for accepting location information,
Program to function as.

Images