JP2011034307A - Information processing apparatus and authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily and strictly perform personal authentication. <P>SOLUTION: A portable computer 1 includes a body casing 2a, a keyboard 5, and an authentication part 8. The authentication part 8 obtains device information from a communication partner device 9 possessed by a user 100 by human body communication through a contact with the user 100. When the obtained device information and device information stored in a memory 22a equipped in an authentication module 22 are in agreement, input operation of the keyboard 5 is permitted. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information processing apparatus and an authentication method.

In electronic devices such as portable computers and automatic cash dispensers, various methods have been developed to ensure security. In addition to personal authentication by password verification, personal authentication using personal biometric information (biological information) such as fingerprints and fundus images is performed.

JP 2008-65850 A

As an example of personal authentication using biometric information, there is a technique that uses a blood vessel pattern of a user read by an authentication device for personal authentication (for example, Patent Document 1). In the disclosed technology, biometric information is acquired from an authentication device worn by the user,
Personal authentication is performed by transmitting to external devices via human body communication. However, an authentication device for reading a blood vessel pattern had to be structured so as to be wound around a finger or arm and to be in contact with a human skin over a large area.

With the spread of portable computers, versatility is required for security functions in portable computers. Therefore, an authentication device used for personal authentication is desired to have a format that can be attached to various mobile devices, rather than a structure limited to obtain special information as described above.

The present invention has been made in view of the above-described points, and an object of the present invention is to perform personal authentication more easily and strictly.

In order to achieve the above object, an information processing apparatus according to the present invention is provided at a position where a human body comes into contact with a housing, an input device provided in the housing, and the input device being operated. A communication unit that communicates with a device through a contact point with a human body, an authentication unit that performs an authentication process based on identification information acquired from a communication partner device through communication by the communication unit, and When authentication is established by the authentication unit, an operation in accordance with an operation signal from the input device is executed. When authentication is not established by the authentication unit, an operation by an operation signal from the input device is not executed. And a control unit for performing control.

Further, the authentication method according to the present invention is an authentication method performed by an information processing device including an input device, and on the housing of the information processing device that a human body contacts when the input device is operated. Communicating with an external device via a contact point with a human body, acquiring unique identification information from the device by communication via a contact point with the human body, and using the acquired identification information for authentication processing If authentication is established by the authentication process, an operation in accordance with an operation signal from the input device is executed. If the authentication is not established, an operation by an operation signal from the input device is not executed. It is characterized by performing control.

  According to the present invention, it is possible to perform personal authentication more easily and strictly.

1 is an external view of a portable computer in this embodiment. An example of using the portable computer in this embodiment. 1 is a functional block diagram of a portable computer in the present embodiment. The figure which shows the 1st structure of the authentication part of the portable computer in this Embodiment. The figure which shows the 2nd structure of the authentication part of the portable computer in this Embodiment. 6 is a flowchart showing a procedure of an authentication operation of the portable computer in the present embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to FIGS.

A portable computer 1 will be described as an example of the information processing apparatus according to the present invention. First, the structure of the portable computer 1 will be described with reference to FIG. FIG. 1 is an external perspective view of a portable computer 1 according to an embodiment of the present invention.

In the portable computer 1, a main unit 2 and a display unit 3 are rotatably provided via a hinge 4. The main unit 2 includes a main body housing 2a, a keyboard 5, a touch pad 6, a power switch 7, and an authentication unit 8. The display unit 3 is provided with a display device 3a in the center. In this specification, when viewed from the user facing the display device 3a, the upper side is defined as the upper side, the lower side as the lower side, the near side as the near side, the far side as the far side, the right side as the right, and the left side as the left.

The display device 3a displays a video based on a video signal sent from a graphic chip mounted on the substrate. The display device 3a is, for example, an LCD (Liquid Crystal).
Display) and the like.

The main body housing 2a has operation devices such as a keyboard 5 and a touch pad 6 on the upper surface, and houses a substrate, an HDD (Hard Disk Drive) 16 and the like inside. In addition, a USB (Universal Serial Bus) connector is provided on the right side surface of the main body casing 2a so that it can be connected to various devices.

The keyboard 5 is an input device provided on the upper surface of the main body housing 2a. By operating the buttons of the keyboard 5, operation signals such as character input and icon selection are transmitted to each unit.

The touch pad 6 is a pointing device provided on the upper surface of the main body housing 2a. By operating the touch pad 6, operation signals such as screen transition and icon selection are transmitted to each unit.

The power switch 7 inputs a control signal for powering on / off the portable computer 1 in accordance with an operation by the user.

The authentication part 8 is provided in a palm rest part and authenticates a user via human body communication. Human body communication is short-distance data communication used as a substitute for a communication cable by applying the property that a human body passes a weak current. That is, since it is necessary for the devices that perform transmission and reception to be connected by the human body that plays the role of the communication cable, it is determined whether or not the user 10 is connected or disconnected.
There is a feature that it is possible to confirm whether 0 is in contact with the authentication unit 8 or not. This human body communication will be described with reference to FIG. FIG. 2 shows an example when the portable computer 1 in the present embodiment is used. In the present embodiment, the human body communication is executed in a state where the user 100 possessing the communication partner device 9 is in contact with the authentication unit 8. For example, when an authentication request signal is transmitted from the authentication unit 8 to the communication counterpart device 9, the body current is changed by causing the authentication unit 8 to pass a current of about a body fat scale that is harmless to the human body. Signals are transmitted by reading the weak change in the body current with the communication partner device 9. A response signal from the communication partner device 9 is also transmitted in the same manner. In this way, a signal is transmitted by passing a weak current through the user 100. The structure of the authentication unit 8 will be described later.

Next, functions of the portable computer 1 will be described with reference to FIG. FIG. 3 is a functional block diagram of the portable computer 1 in the present embodiment.

The portable computer 1 includes a keyboard 5, a touch pad 6, a power switch 7, a CPU 10, a north bridge 11, a main memory 12, a graphics controller 13, a VRAM 14, a south bridge 15, an HDD 16, and a BIOS. -ROM17
EC / KBC 18, power supply controller 19, battery 20, and AC adapter 21
And a communication module 22 and a power feeding unit 23.

The CPU 10 is a processor provided for controlling the operation of the personal computer 1 and executes an operating system and various application programs loaded from the HDD 16 to the main memory 12. The CPU 10 also has a BIOS-ROM 17.
The system BIOS stored in is loaded into the main memory 12 and then executed. System BI
The OS is a program for hardware control.

The north bridge 11 is a bridge device that connects the local bus of the CPU 10 and the south bridge 15. The north bridge 11 also includes a memory controller that controls access to the main memory 12. The North Bridge 11 is AGP (Accele).
It also has a function of executing communication with the graphics controller 13 via a (Rated Graphics Port) bus or the like.

The main memory 12 is a so-called working memory for developing an operating system and various application programs stored in the HDD 16 and a system BIOS stored in the BIOS-ROM 17.

The graphics controller 13 is a display controller that controls the display device 3a used as a display monitor of the computer. The graphics controller 13 is operated by the operating system / application program according to the VRAM 14.
A video signal that forms a display image to be displayed on the display device 3a is generated from the display data drawn on the screen.

The south bridge 15 is used to access the BIOS-ROM 17, the HDD 16, and the ODD.
It controls a disk drive (I / O device) such as (Optical Disk Drive).

The HDD 16 is a storage device that stores an operating system, various application programs, and the like.

The BIOS-ROM 17 is a system BIOS that is a program for hardware control.
A rewritable nonvolatile memory storing S.

  The EC / KBC 18 controls the touch pad 5 and the keyboard 6 as input means.

The EC / KBC 18 is a one-chip microcomputer that monitors and controls various devices (peripheral devices, sensors, power supply circuits, etc.) regardless of the system status of the personal computer 1. Further, the EC / KBC 18 has a function of powering on / off the personal computer 1 in cooperation with the power supply controller 19 in accordance with the operation of the power switch 7 by the user. In the present embodiment, the authentication module 22 is connected to the EC / KBC 18. The authentication result in the authentication module 22 is output to the EC / KBC 18, and the EC / KB
The KBC 18 controls input from the keyboard 5.

When the external power is supplied through the AC adapter 21, the power controller 19
A system power supply to be supplied to each component of the personal computer 1 is generated using an external power supply supplied from the AC adapter 21. The power controller 19 generates system power to be supplied to each component (the main unit 2 and the display unit 3) of the personal computer 1 using the battery 20 when the external power is not supplied via the AC adapter 21. To do.

The authentication module 22 authenticates the encryption received from the communication partner device 9 via the human body communication. The authentication module 22 includes a memory 22a. The memory 22a stores information indicating devices that are permitted to be input from the keyboard 5. The authentication module 22 performs an operation for converting the acquired cipher into a digital signal, and compares it with the device information stored in the memory 22a. That is, the encryption information stored in the communication partner device 9 is not stored as it is, but the data subjected to the arithmetic processing is stored to prevent the encryption information from being leaked. When the authentication module 22 determines that the communication partner device 9 is a device that allows the keyboard 5 to be input as a result of collation between the information from the communication partner device 9 and the device information stored in the memory 22a, that fact Is sent to the EC / KBC 18 so that the keyboard 5 can be input.

On the other hand, if it is determined as a result of the collation that the communication partner device 9 is a device that does not permit input of the keyboard 5, the fact is sent to the EC / KBC 18, and input of the keyboard 5 is stopped.

Next, the structure of the authentication unit 8 when the portable computer 1 has the main body plastic casing 2a will be described with reference to FIG. FIG. 4 is a diagram showing a first structure of the authentication unit 8 of the portable computer 1 in the present embodiment. The authentication unit 8 includes an authentication module 22, a conductive wire 23, and an electrode 24. When the main body casing is made of plastic, a conductive coating 25 is applied to the back side of the casing as a measure against EMI (Electro Magnetic Interference).

The authentication module 22 reads a change in current at the electrode 24 and acquires a cipher from the communication partner device 9. In addition, the obtained cipher is subjected to arithmetic processing and collated with the device information stored in the memory 22a.

  The conducting wire 23 electrically connects the authentication module 22 and the electrode 24.

The electrode 24 is provided by being joined to the main body plastic casing 2a to which the conductive coating 25 is not applied. That is, a weak current change can be transmitted between the electrode 24 and the user 100 via the main body plastic casing 2a. Therefore, the electrode 24 is connected to the surface of the electrode 24 and the user 1.
The communication partner device 9 possessed by the user 100 in a state where there is a contact with 00
The authentication request signal is transmitted to the communication partner device 9 or the response signal is received from the communication partner device 9.

Next, the structure of the authentication unit 8 when the portable computer 1 has the main body metal housing 2b will be described with reference to FIG. FIG. 5 is a diagram showing a second structure of the authentication unit 8 of the portable computer 1 in the present embodiment. The authentication unit 8 includes an authentication module 22 and a conductor 2
3, an electrode 24, and a plastic lid 26. When the main body casing is made of metal, a plastic lid 26 is provided on the casing portion of the authentication unit 8 in order to transmit a weak current change.

Next, an authentication operation performed by the authentication module 22 will be described with reference to FIG. FIG. 6 is a flowchart showing an authentication procedure of the portable computer 1 in the present embodiment.

First, the authentication unit 8 transmits an authentication request signal to a communication partner device via human body communication (step S11). Next, the authentication unit 8 determines whether or not a response signal to the authentication request has been received (step S12). As a result, when it is determined that a response signal has not been received (step S13), the process proceeds to step S17 described later. On the other hand, if it is determined that a response signal to the authentication request has been received (Yes in step S12), the authentication unit 8 determines whether to permit authentication based on the received response signal (step S14).

As a result, when the authentication is permitted (Yes in step S14), input from the keyboard 5 is enabled (step S15). To enable input from the keyboard 5, the CPU 1
0 means receiving an operation signal from the keyboard 5 and executing processing based on the operation signal. On the other hand, if it is determined that the authentication is not permitted (No in step S14), the keyboard 5 input is stopped (step S17). Stopping keyboard 5 input means CPU 1
When 0 receives an operation signal from the keyboard 5, the operation signal itself is not recognized.
Alternatively, after the operation signal is recognized, the processing based on the operation signal is not executed. Alternatively, the keyboard 5 may be directly controlled so as not to transmit the operation signal.

Next, the authentication unit 8 determines whether or not there is a power-off request within a certain time (step S1).
7). As a result, when it is determined that there is no power-off request within a certain time (No in step S17), the process proceeds to step S11 described above. In other words, a continuous authentication operation is realized by executing the authentication operation again at regular intervals. On the other hand, if it is determined that a power-off request has been made within a certain time (Yes in step S17), the authentication unit 8 sends a signal requesting power-off to the EC / KBC 18 and turns off the power (step S18). ).

According to the present embodiment configured as described above, when the keyboard 5 is used, the user 1
By providing a human body communication contact for performing authentication at a position where 00 is in contact with the portable computer 1, personal authentication can be performed more strictly. That is, by providing a human body communication contact (electrode 24) for authentication on the palm rest portion on which the user 100 places the wrist when using the keyboard 5, the posture of the user 100 is conditioned as a use condition of the keyboard 5. be able to. Therefore, authentication for using the keyboard 5 cannot be executed only by the user 100 holding the communication partner device 9 being located in the vicinity of the authentication unit 8, so that the security becomes higher.

Furthermore, while the user 100 and the electrode 24 are in contact, it is possible to continuously perform personal authentication by periodically transmitting an authentication request signal and repeating the authentication operation. Therefore, personal authentication becomes more strict and the security of the portable computer 1 can be improved.

Further, since authentication is executed on the portable computer 1 side using the device information of the communication partner device 9, it is possible to construct an authentication system more easily without providing the communication partner device 9 with a special function.

As described above, by performing authentication through human body communication using the device information of the communication counterpart device 9, it is possible to perform personal authentication more simply and strictly.

In the present embodiment, the description has been given by taking as an example the communication that performs communication by flowing a current through the human body as the transmission path as the human body communication, but the present invention is not limited to this. For example, both the transmitter and the receiver are brought into contact with the human body via an insulator, and the electric field on the human body surface is changed by applying a voltage from the transmitter. Then, human body communication may be realized by reading a change in electric field with a receiver and converting it into an electric signal. According to the human body communication using this electric field method, current does not flow directly to the human body, but mobile phones <http://e-words.jp/w/E690BAE5B8AFE99BBBE8A9B1.html>
As in the case of electronic devices such as these, an induced current is generated inside the human body, and signals are transmitted and received.

Note that the present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiments. For example,
Some constituent elements may be deleted from all the constituent elements shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

DESCRIPTION OF SYMBOLS 1 Portable computer 2 Main body unit 2a Main body plastic housing 2b Main body metal housing 3 Display unit 3a Display device 4 Hinge 5 Keyboard 6 Touch pad 7 Power switch 8 Authentication unit 9 Communication partner device 10 CPU
11 North Bridge 12 Main Memory 13 Graphics Controller 14 VRAM
15 South Bridge 16 HDD
17 BIOS-ROM
18 EC / KBC
19 Power Controller 20 Battery 21 AC Adapter 22 Authentication Module 22a Memory 23 Conductor 24 Electrode 25 Conductive Paint 26 Plastic Cover 100 User

Claims (9)

A housing,
An input device provided in the housing;
A communication unit that is provided at a position where the human body contacts when the input device is operated, and communicates with an external device via a contact with the human body;
An authentication unit that executes an authentication process based on identification information acquired from a communication partner device via communication by the communication unit;
When authentication is established by the authentication unit, an operation in accordance with an operation signal from the input device is executed. When authentication is not established by the authentication unit, an operation by an operation signal from the input device is not executed. An information processing apparatus comprising a control unit that performs control as described above. 2. The control unit according to claim 1, wherein after the elapse of a predetermined time, the control unit acquires again the identification information of the communication partner device from the communication unit, and the authentication unit performs the authentication process again.
The information processing apparatus described in 1. 3. The information processing according to claim 2, wherein the control unit repeats acquiring the identification information again and executing an authentication process after a predetermined time has elapsed until the information processing apparatus is powered off. apparatus. A storage unit that stores identification information of a device that permits reception of an operation signal from the input device;
4. The information processing according to claim 3, wherein the authentication unit establishes the authentication when a device indicated by the identification information acquired by the communication unit matches the identification information stored in the storage unit. apparatus. An authentication method performed by an information processing apparatus including an input device,
On the housing of the information processing device that comes into contact with the human body when the input device is operated, perform communication via a contact with the human body with an external device,
Through communication via the contact point with the human body, the unique identification information is acquired from the device,
Execute authentication processing using the acquired identification information,
When authentication is established by the authentication process, an operation is performed in accordance with an operation signal from the input device, and when the authentication is not established, control is performed so as not to perform an operation by an operation signal from the input device. An authentication method characterized by that. 6. The authentication method according to claim 5, wherein control is performed so that identification information of a communication partner apparatus is obtained again after a predetermined time has elapsed, and the authentication process is executed again. The information processing apparatus according to claim 6, wherein the identification information is acquired again and authentication processing is executed after a predetermined time has elapsed until the information processing apparatus is powered off. Storing identification information of a device that permits reception of an operation signal from the input device;
The authentication method according to claim 7, wherein the authentication process determines whether or not a device indicated by the acquired identification information and the stored identification information matches. A body having an upper surface;
A display unit that is provided such that a closed position that covers the upper surface and an open position that opens the upper surface can be rotated via a hinge portion;
A keyboard provided on the upper surface;
Of the sides forming the upper surface, a touch pad provided between the side facing the side provided with the hinge portion and the keyboard;
Palm rests provided on both sides of the touchpad;
A communication unit that is provided on the palm rest and performs communication via a contact point with a human body,
An authentication unit that executes an authentication process based on identification information acquired from a communication partner device via communication by the communication unit;
When authentication is established by the authentication unit, an operation in accordance with an operation signal from the keyboard is executed. When authentication is not established by the authentication unit, an operation by an operation signal from the keyboard is not executed. An information processing apparatus comprising: a control unit that performs control.

Images