JP2013015884A - Authentication system and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication system and an authentication method which can exclude unauthorized use of an apparatus.SOLUTION: An apparatus transmits an authentication information request to a connection apparatus which performs operations by connecting with the apparatus, and the connection apparatus attaches current location information to the authentication information request and transmits the authentication information request with the current location information to an authentication center. The authentication center determines that the connection apparatus is in a specific area on the basis of the received current location information, generates authentication information, and transmits the authentication information to the apparatus via the connection apparatus. The apparatus authorizes connection with the connection apparatus when the authentication information indicates expected contents.

Description

  The present invention relates to an authentication system and an authentication method that can eliminate unauthorized use of devices.

  In recent years, it has become common for embedded devices such as mobile phones and in-vehicle computers to be equipped with functions for maintenance such as a debug function and an update function as software becomes more sophisticated.

  The debug function is used for the purpose of verifying the operation of the device during development and for analyzing the failed device. The update function is used to update a firmware version, correct a defect, and improve a function.

  These maintenance functions are used for maintenance work by manufacturers, etc., but are not normally used by general users. In normal use, restrictions are imposed so that users cannot access these functions. There are many cases. In particular, in-vehicle computers have the characteristic of being in control of automobiles, and easy changes in parameters and the like may lead to breakdowns and accidents. For this reason, a dedicated device is required to access the maintenance function, and a structure that cannot be easily touched by general users is adopted.

  Japanese Patent Application Laid-Open No. 2004-228561 describes a technique for performing authentication between a debugging device and a debug target device and enabling the device debug function only when the authentication is successful. In the invention according to Patent Document 1, the debug target device receives the device specific information and the authenticator from the debug device, and whether the debug target device, the debug device, and the debug program included in the debug device are all valid. Validate. If any one of the three cannot be verified as valid, debugging cannot be performed. For example, the user temporarily obtains a debug program and creates a device equivalent to the debug device. Even if you do, you cannot debug.

In Patent Documents 2 and 3, a GPS (Global Positioning System) device is mounted on the device, and the acquired current position is checked against an area stored in advance, thereby prohibiting activation outside the set area. The technology to be described is described. According to the inventions according to Patent Documents 2 and 3, even if the device is leaked from a certain place due to theft or the like, it cannot be used if it goes out of the set area, thus preventing unauthorized use of the device. can do.

International Publication No. 2008/117340 JP 2006-215951 A JP 2006-99769 A

The method of performing authentication between the debug device and the debug target device described in Patent Document 1 cannot cope with the case where the debug device itself is taken out of the original place such as a development base of the manufacturer due to theft or the like. There is. If a debug device is taken out due to theft, etc., the device to be debugged will authenticate the device. Can not be prevented.

  In addition, in the methods described in Patent Documents 2 and 3, in which the device itself has a built-in GPS and is prohibited from being used outside a designated location, when there are many maintenance bases and the maintenance base information is frequently updated, There is a problem that the latest maintenance base information must be held in all debug devices. When there are many maintenance bases such as repair shops such as automobiles, all of them must be listed and maintained, or different maintenance base information must be recorded for each debugging device, which requires management costs .

  The present invention has been made in consideration of the above-described problems, and an object thereof is to provide an authentication system and an authentication method that can eliminate unauthorized use of devices.

  In order to achieve the above object, in the authentication system according to the present invention, the connected device is authenticated by the following means.

  An authentication system according to the present invention is an authentication system including a device, a connection device for connecting to the device and performing communication, and an authentication center, and the device requests authentication information from the connection device. An authentication information request transmitting means for transmitting an authentication information request; an authentication information receiving means for receiving authentication information corresponding to the authentication information request from the connected device; and when the received authentication information matches an assumed content. Permission means for permitting connection with the connection device, wherein the connection device receives an authentication information request from the device, and a current position for acquiring current position information of the connection device. Receiving means, a message sending means for sending the received authentication information request and the acquired current position information to the authentication center, and receiving the authentication information from the authentication center; Authentication information transfer means for transferring to the recording device, wherein the authentication center uses message connection means for receiving the authentication information request and the current location information transmitted from the connection device, and uses the connection device. Effective position storage means for storing the permitted specific area, message confirmation means for determining that the connected device is in the specific area from the received current position information, and the connected device, And an authentication information transmitting means for generating the authentication information corresponding to the authentication information request and transmitting the authentication information to the connected device when in a specific area.

  The device in the present invention requests authentication information indicating that the connected device is valid from the connected device. The connected device acquires the current position and transmits it to the authentication center. The authentication center generates authentication information and transmits it to the connected device only when the current position of the connected device is within the permitted area. . By transmitting this to the device, the connected device can confirm that the connected device to be used is valid. With this configuration, even if the actual connected device leaks due to theft or the like, the connected device cannot be used outside the permitted area.

  The message transmitting means transmits an individual identifier and an electronic signature of the connected device together with the authentication information request and the current location information to the authentication center, and the message confirming means is configured to transmit the added electronic signature. To confirm that the current position information has not been altered, and to confirm that the individual identifier of the connected device has not been spoofed.

By using the electronic signature, it is ensured that the data transmitted to the authentication center has not been altered and the source is correct. Also, since the electronic signature cannot be created unless there is a secret key, the current location of the connected device cannot be falsified. Accordingly, there is an advantage that not only the leaked connection device can be prevented from being used, but also the avoidance of authentication by the illegally modified connection device can be prevented.

  The message transmitting means transmits an electronic certificate including a public key corresponding to the connected device together with the authentication information request, the current location information, the individual identifier, and the electronic signature to the authentication center. The message confirmation unit may acquire the public key from the added electronic certificate and decrypt the electronic signature.

  By using the electronic certificate, there is an advantage that the authentication center does not need to hold a public key corresponding to the connected device.

  The authentication information request includes a numerical value generated by a pseudo random number, and the authentication information transmitting means converts the authentication information request by converting the authentication information request with a common key that both the device and the authentication center have. It is good also as generating.

  The device transmits a numerical value generated by a pseudo-random number, and the authentication center converts the numerical value using a common key held by both the device and the authentication center to generate authentication information. Thereby, the device can confirm that the authentication information is generated by conversion using the common key. This method is called a so-called challenge / response authentication method, and has an advantage that the common key cannot be estimated even if the communication content is acquired because the communication content at the time of authentication changes every time.

  The authentication center further includes a position information history storage unit that stores the position information of the connected device that has been authenticated in the past as a history, and the message confirmation unit is configured to store the position information stored in the position information history storage unit. The specific area may be changed using a history, and it may be determined that the current position information of the connected device is within the changed area.

  The authentication center collects, as a history, position information where the connected device has been used in the past, and corrects the position determination of the connected device using the information. By configuring in this way, it is possible to perform position determination with higher accuracy such as permitting use only in a place where the connected device is regularly used.

  ADVANTAGE OF THE INVENTION According to this invention, the authentication system and authentication method which can exclude the unauthorized use of an apparatus can be provided.

It is a block block diagram of the tool authentication system which concerns on 1st Embodiment. It is the figure which showed the content of the message which concerns on 1st Embodiment. It is the schematic which showed an example of the authentication by an electronic signature. It is a figure showing the content of the effective position memory | storage part of the center which concerns on 1st Embodiment. It is a flowchart of the object apparatus which concerns on 1st Embodiment. It is a flowchart of the tool which concerns on 1st Embodiment. It is a flowchart of the center which concerns on 1st Embodiment. It is a block block diagram of the tool authentication system which concerns on 2nd Embodiment. It is a figure showing the content of the tool position log | history memory | storage part of the center which concerns on 2nd Embodiment. It is a flowchart of the center which concerns on 2nd Embodiment.

(First embodiment)
An overview of the tool authentication system in the present embodiment will be described. In the following, a connected device such as a debugger used for device analysis or content update is referred to as a tool, and a device to be analyzed or updated is referred to as a target device.

  The target device in the present embodiment has a challenge generation means for challenge / response authentication. In addition, the tool has a function of adding position information indicating the current position of the tool to the challenge generated by the target device, attaching an electronic signature and an electronic certificate, and transmitting the information to the center by encrypted communication. . As a result, the center can grasp that the tool is about to be used at the location indicated by the sent position information.

  The center compares the distance between the current position of the received tool and the place where the operation is permitted. If the distance is less than a certain value, the center generates a response using the common key in response to the received challenge. This response is transmitted to the target device via the tool. Since the target device and the center have the same common key, the target device can confirm that the received response is generated from the transmitted challenge using the common key.

  The target device verifies whether the received response is valid, and if it is valid, permits connection to the tool. By configuring in this way, the target device permits the connection to the tool only when the tool is used at a valid position, so that the object of the invention can be achieved.

  The configuration of the tool authentication system according to the present embodiment will be described with reference to FIG.

  The configuration of the target device 30 will be described by taking an ECU (Electric Control Unit) built in the automobile as an example. The common key storage unit 31 is means for storing a common key. The target device 30 and the center 10 have the same common key, so that challenge / response authentication can be performed between the target device and the center. The challenge generation unit 33 has a function of generating a pseudo random number and uses this as challenge data.

  Moreover, the response confirmation part 32 has a function which confirms that the said response was produced | generated using the common key from the challenge which the challenge production | generation part 33 produced | generated when the response was received from the tool 20. FIG. This verification is performed by converting the challenge generated by the challenge generation unit 33 with the common key of the common key storage unit 31 and confirming whether the converted content and the received response are the same. Challenge generation and response verification may be performed by an embedded computer having a CPU and a storage device, or may be performed by an electronic circuit having a nonvolatile memory. The communication unit 34 is means for communicating with the tool 20. The automotive ECU is equipped with a standard port called OBD2, and the communication unit 34 makes a wired connection with the tool 20 using the port.

The configuration of the tool 20 will be described using an automobile ECU rewriting tool as an example. The communication unit 27 is a wired communication unit having the above-described OBD2 standard connector. The current position grasping unit 24 has a GPS receiver and has a function of acquiring current position information such as latitude and longitude numerically. The electronic signature giving unit 25 has a function of giving an electronic signature to data to be transmitted. As shown in the schematic diagram of FIG. 3, the electronic signature is created by encrypting data obtained by hashing both the acquired position information and the challenge with the secret key that the secret key storage unit 26 has. The In the present embodiment, the current position information and the challenge received from the target device 30 are used for transmission data. The secret key is stored in the secret key storage unit 26. The message generation unit 22 has a function of adding an electronic certificate to transmission data and an electronic signature. The electronic certificate indicates that the center has authenticated the tool, and is held by the electronic certificate storage unit 23. Each of these components is preferably realized by an embedded computer. The encryption communication unit 21 is a unit that performs wireless communication with the center, and is realized by a unit that can transmit and receive an IP protocol, such as a mobile phone network or a communication module that uses multi-channel access radio.

  Among the constituent elements of the tool 20, the components other than the cryptographic communication unit 21 and the communication unit 27 belong to the protection domain 28 in which the access right is managed. The protection domain is an area that can be executed only by a program for which reliability is ensured, and since it cannot be accessed from an external domain, the system can be protected from data tampering and attacks. Such a technique can be realized by applying, for example, ARM's TrustZone (registered trademark) technology.

  The configuration of the center 10 will be described. Similar to the cryptographic communication unit 21, the cryptographic communication unit 16 that communicates with the tool 20 is means for transmitting and receiving the IP protocol. The effective position storage unit 15 is means for holding position information permitted to use the tool in a database or a table format as shown in the example of FIG. The message confirmation unit 14 is a unit that receives a message from the tool, verifies the electronic signature, and determines whether the current position of the tool is within a valid range. The current position is determined by comparing the position information transmitted from the tool with the position information stored in the effective position storage unit 15 to calculate the distance between the two points and determining whether it is within the effective range. Is done by doing. The response generation unit 13 is a unit that generates a response using the received challenge and the common key held by the common key storage unit 11 when it is determined that the current position of the tool is valid. The above configuration is preferably configured by a computer having a CPU and a storage device.

  The operation when the tool is connected to the target device will be described using a flowchart. 5 is a flowchart of the target device, FIG. 6 is a flowchart of the tool, and FIG. 7 is a flowchart of the center. When the target device 30 detects the connection with the tool 20, the challenge generation unit 33 generates challenge data for challenge / response authentication using a pseudo-random number (S10). The generated challenge is transmitted to the tool 20 through the communication unit 34 and the communication unit 27 (S11).

  In the tool 20, the current position grasping unit 24 acquires tool position information by the GPS receiver (S21). In this embodiment, each information of latitude and longitude is used as the current position. When the positioning is successful (S22), the electronic signature assigning unit 25 assigns an electronic signature to both the acquired position information and the challenge received from the target device 30 (S23).

  When an electronic signature is added to the data, the message generation unit 22 attaches an electronic certificate to the location information and the challenge, and the generated electronic signature, and generates transmission data (hereinafter, created by the message generation unit 22). Data is called a message). The electronic certificate includes a public key of the tool, an electronic signature obtained by encrypting data obtained by hashing the public key of the tool with a secret key of the center, and the electronic certificate storage unit 23 includes the electronic certificate. . Further, the message generator 22 adds a unique individual identification number possessed by the tool 20 to the message as sender information. With these processes, the content configuration of the message transmitted to the center is as shown in FIG.

The message is transmitted to the center through the cryptographic communication unit 21 (S24). The encryption communication unit 21 and the encryption communication unit 16 are means for performing encrypted communication, and perform communication using wireless communication such as a mobile phone network. The IP protocol is used for communication, and encryption can be realized by SSL (Secure Socket Layer) or the like. The center can confirm that the communication partner is the tool 20 and the message has not been tampered with by verifying the electronic signature and electronic certificate included in the message.

The center receives the message through the encryption communication unit 16 and verifies the electronic signature by the message confirmation unit 14. The message confirmation unit 14 acquires the individual identification number included in the message (S31), and acquires the public key corresponding to the individual identification number from the electronic certificate attached to the message. Specifically, the electronic signature included in the electronic certificate is decrypted with the public key of the center. If the decryption result matches the hashed version of the public key of the tool included in the electronic certificate, it can be confirmed that the public key transmitted from the tool 20 is valid.
Then, the electronic signature acquired from the message is decrypted using the public key, and the received position information and challenge are collated with the hashed data. Since the acquired public key is proved to be the tool 20, if the verification result of the electronic signature matches, the received position information and challenge are transmitted from the tool 20 having the individual identification number. It can be confirmed that it is a thing (S32). When the verification of the electronic signature fails, the center ends the operation.

  When the validity of the message is confirmed, the message confirmation unit 14 stores the received position information in the effective position storage unit 15 to compare the received position information with the position information stored in the effective position storage unit 15. The latitude / longitude information of the position where the operation of the tool is permitted (hereinafter referred to as an effective position) is acquired (S33). As shown in FIG. 4, the effective position information includes position information (latitude / longitude) in which the operation of the tool is permitted, and whether the current position of the tool is valid by comparing with the received position information. Determine whether or not.

  Next, the message confirmation unit 14 determines an allowable error (S34). The allowable error is the maximum distance between the effective position information and the received position information. For example, when the error is set to a value of 500 m, the position information received from the tool is centered on the point indicated by the effective position. If the radius is within 500 m, it is determined that the tool is in an effective position.

Since the position information of the tool and the effective position information are information of latitude and longitude, the distance between the two points can be obtained by Equation 1, for example. If the distance of the result is within an allowable error, it is determined that the position information is valid (S35). If the error is larger than the allowable error, it is determined that the position information is invalid, and the center ends the operation.

  When the message confirmation unit 14 determines that the position information of the tool is valid, the response generation unit 13 acquires a common key from the common key storage unit 11 and generates a response from the challenge using the common key ( S36). Next, the generated response is transmitted to the tool 20 through the encryption communication unit 16 and the encryption communication unit 21 (S38).

  When there is a response from the center (S25), the tool 20 receives a response from the center (S26), and transmits the response to the target device 30 through the communication unit 27 (S27). The encryption communication unit 21 and the communication unit 27 that perform this series of processing correspond to the authentication information transfer unit in the present invention.

When the target device 30 receives the response (S12), the response confirmation unit 32 verifies whether the received response is correct. The response confirmation unit 32 converts the challenge generated in step S10 using the common key that the common key storage unit 31 has (S13).
Next, the conversion result and the received response are compared (S14). If they are equal, it can be seen that the center 10 has authenticated the tool, and therefore the target device 30 permits the connection with the tool 20. If no response is returned or if the response is different from the expected one, the target device 30 rejects the connection with the tool 20.

  When the target device 30 permits the connection, a permission response is transmitted to the tool 20 (S28), and the tool starts operation. If there is no authorization response, the tool operation ends.

  As described above, the target device according to the present embodiment requests authentication information indicating that the tool is valid from the tool, and the tool acquires the current position and sends it to the authentication center. The authentication center is generated only when the authentication center is in an area where the tool is permitted. As a result, the center can determine whether or not the operation can be performed based on the position information of the tool, and even when the tool is illegally leaked outside, the use of the tool can be automatically stopped. .

  In addition, since the tool has an electronic certificate necessary for authentication, a private key for electronic signature, and a means for obtaining the current position, the tool is placed in a secure protected domain. There is an advantage that unauthorized modification of the tool cannot be performed, such as sending fake position information. Similarly, since the electronic signature cannot be disguised, the individual identification number cannot be disguised.

  In addition, since the response necessary for permitting the operation of the tool is generated at the center, there is an advantage that the response cannot be obtained even if the tool itself is manufactured, and the tool cannot be connected. For example, even if a tool having a function of resetting a security device is produced by imitating an automobile maintenance tool, the vehicle refuses connection unless authentication from the center is obtained, so that vehicle theft can be prevented. it can.

  In this embodiment, challenge / response authentication is used, but other authentication methods such as a fixed password may be used. When the center does not permit the operation of the tool, an invalid response may be returned as a response to the challenge instead of no response.

  In this embodiment, the digital signature and the tool individual identification number are used to ensure that the content of the message transmitted to the center is not altered or spoofed. If it is not necessary to prevent misrepresentation, it may not be used. Moreover, although the confirmation method by the public key cryptosystem was described about the electronic signature, other cryptosystems may be used.

  In this embodiment, an electronic certificate is used to ensure that the public key corresponding to the tool is correct, but it is not used if the validity of the public key can be confirmed. May be. In this case, the public key needs to be obtained from a means for holding the public key separately such as a repository. When using an electronic certificate, an external certification authority may be used. When using an external certificate authority, the electronic signature in the electronic certificate stored in the electronic certificate storage unit 23 is created using the private key of the certificate authority, and the message confirmation unit 14 uses the public key of the certificate authority. Use to verify the public key corresponding to the tool. In addition to the public key and electronic signature exemplified above, the electronic certificate may include information on a certification authority, information on tools, and the like.

  Moreover, although Formula 1 was used for the conversion from the position information to the distance information, a formula other than this may be used, and an allowable error may be held by latitude and longitude instead of meters. In this case, the range of the effective position is determined by calculating the latitude and longitude.

  Further, in the first embodiment, it is determined that the tool is in the effective position when the tool is within a certain radius centered on the set coordinates. The determination may be made by other methods, for example, an area within a certain distance from a line connecting a plurality of coordinates is set as an effective position, and an area surrounded by a straight line between the plurality of coordinates is set as an effective position.

  In addition to the tool position information, the effective position storage unit may be provided with a field that permits operation in units of individual identification numbers.

(Modification of the first embodiment)
In the first embodiment, the tool 20 transmits position information by GPS to the center 10 and performs authentication based on the current position, but cannot be used indoors where the radio waves of the satellite cannot be received. Therefore, in this modification, the position information that can be acquired from the radio base station is used when positioning by GPS fails.

  The configuration of the tool authentication system according to this modification is the same as that shown in FIG. In the first embodiment, when the current position grasping unit 24 cannot acquire the current position, the encryption communication unit 21 acquires position information based on information from the mobile phone base station and communicates with the center 10.

  In addition, for example, the current position may be determined based on differences in arrival times of radio waves received from a plurality of base stations, or position information of base stations in a public wireless network may be used.

  In the first embodiment, when the current position cannot be determined by GPS, the tool cannot be used because the center cannot be authenticated, but the position information is acquired from the mobile phone network as in this modification. This makes it possible to receive authentication from the center and to use the tool. The position information by the mobile phone network is less accurate than the position information by GPS, but has the advantage that it can be used indoors because the position information is generated from the information received from the base station.

  In addition to the method of transmitting the acquired location information by adding it to the message described above, it may be transmitted by adding it to an HTTP request query or a request header, for example, without adding it to the message.

(Second Embodiment)
In the second embodiment, the center 10 has means for storing position information of tools used in the past as a history, and corrects the effective position determination using the information. The configuration of the tool authentication system according to the present embodiment will be described with reference to FIG.

  The tool position history storage unit 12 added to the first embodiment is means for holding position information permitted to use a tool in the past as a history in a database or table format. In the first embodiment, the allowable error with respect to the effective position is uniquely defined. However, in the second embodiment, more accurate determination is performed by correcting the allowable error based on the history information.

  About operation | movement of the object apparatus 30 and the tool 20, it is the same as that of 1st Embodiment. The operation of the tool will be described with reference to the flowchart of FIG. The process up to step S33 for acquiring the position information where the operation of the tool is permitted is the same as in the first embodiment. Next, the message confirmation unit 14 acquires the position information history of the tool permitted to operate in the past, which is stored in the tool position history storage unit 12 (S41). As shown in FIG. 9, the position information history includes an individual identification number, latitude / longitude, date and time, and a distance from an effective position.

  Next, the “distance from the effective position” is acquired from all the position information histories of the tool having the individual identification number (S42). Here, it is confirmed whether the number of acquisition results is equal to or greater than a certain number (S43). If the number is not greater than a certain number, an allowable error is set to a default value such as 500 m (S44).

  If there is more than a certain number of usage histories of the tool and the “distance from the effective position” in the position information history is smaller than the default value, the allowable error is set to the maximum value. For example, when the predetermined number is 3 and the distance from the effective position is “300 m”, “200 m”, and “250 m”, respectively, it means that the tool is constantly used within a radius of 300 m. Therefore, the allowable error is set to 300 m (S45). After the step S35 for determining whether the position information received from the tool is within the error from the effective position and the step S36 for generating response data are executed, the position information of the current tool is recorded together with the individual identification number. Is recorded in the tool position history storage unit 12 (S37). Subsequent operations are the same as those in the first embodiment.

  In the second embodiment, since the distance for which the use is permitted is corrected using the history information that has been permitted to be used in the past, there is an advantage that a highly accurate permission determination can be performed according to the actual situation of the tool use. For example, if only a few tens of meters from the registered point such as the workshop of a repair shop is set as the permitted use range, even if a third party gets a tool that has leaked, it will be used unless it enters the factory. I can't.

  In this embodiment, the use permission range is narrowed down by shortening the allowable error with respect to the effective position. The range may be changed by other methods, such as deciding to.

  For example, if there are two workshops on the site of a repair shop, the location information history is distributed to two locations centered on each workshop, so each center point is calculated and then constant from each center point. A tool within the range of the rectangle may be determined to be valid, and if the position information history is long and narrowly distributed to fit within a specific rectangle, for example, the tool within the range of the rectangle is determined to be valid. May be.

  The above-described embodiment is merely an example, and the present invention can be implemented with appropriate modifications within a range not departing from the gist thereof.

DESCRIPTION OF SYMBOLS 10 Center 11,31 Common key memory | storage part 12 Tool position log | history memory | storage part 13 Response production | generation part 14 Message confirmation part 15 Effective position memory | storage part 16,21 Cryptographic communication part 17 Effective individual information storage part 20 Tool 22 Message generation part 23 Electronic certificate Storage unit 24 Current position determination unit 25 Electronic signature giving unit 26 Private key storage unit 27, 34 Communication unit 28 Protection domain 30 Target device 32 Response confirmation unit 33 Challenge generation unit

Claims (8)

An authentication system comprising a device, a connected device for connecting and communicating with the device, and an authentication center,
The equipment is
An authentication information request transmitting means for transmitting an authentication information request for requesting authentication information to the connected device;
Authentication information receiving means for receiving authentication information corresponding to the authentication information request from the connected device;
Permission means for permitting connection with the connected device when the received authentication information matches the assumed content;
Have
The connection device is
Authentication information request receiving means for receiving the authentication information request from the device;
Current position acquisition means for acquiring current position information of the connected device;
Message transmitting means for transmitting the received authentication information request and the acquired current position information to the authentication center;
Receiving the authentication information from the authentication center and transferring the information to the device; and
The authentication center is
Message receiving means for receiving the authentication information request and the current location information transmitted from the connected device;
Effective position storage means for storing a specific area in which use of the connection device is permitted;
Message confirmation means for determining from the received current position information that the connected device is in the specific area;
An authentication information transmitting means for generating the authentication information corresponding to the authentication information request and transmitting the authentication information to the connected device when the connected device is in the specific area;
An authentication system characterized by comprising: The message transmitting means transmits an individual identifier and an electronic signature of the connected device together with the authentication information request and the current position information to the authentication center,
The message confirmation means confirms that the current location information has not been altered by the added electronic signature, and confirms that the individual identifier of the connected device has not been spoofed. The authentication system according to claim 1. The message transmission means transmits an electronic certificate including a public key corresponding to the connected device together with the authentication information request, the current location information, the individual identifier, and the electronic signature to the authentication center,
The authentication system according to claim 2, wherein the message confirmation unit acquires the public key from the added electronic certificate and decrypts the electronic signature. The authentication information request includes a numerical value generated by a pseudo random number,
The authentication information transmitting means generates the authentication information by converting the authentication information request using a common key that both the device and the authentication center have. 5. The authentication system described in. The authentication center further includes a location information history storage unit that stores location information of connected devices that have been authenticated in the past as history.
The message confirmation means changes the specific area using a history of position information stored in the position information history storage unit, and indicates that the current position information of the connected device is in the changed area. The authentication system according to any one of claims 1 to 4, wherein a determination is made. An authentication method using a device, a connected device for connecting to the device and performing communication, and an authentication center,
The device transmits an authentication information request for requesting authentication information to the connected device,
The connected device transmits the authentication information request received from the device and current location information indicating the current location of the connected device to the authentication center,
The authentication center determines from the received current position information whether the connected device is in a specific area, and if the connected device is in the specific area, the authentication corresponding to the authentication information request Information is generated and transmitted to the device via the connected device;
The connected device authentication method, wherein the device permits connection with the connected device when the authentication information matches an assumed content. A connection device for connecting to and communicating with a device,
Authentication information request receiving means for receiving an authentication information request for requesting authentication information from the device;
Current position acquisition means for acquiring current position information of the connected device;
Message transmitting means for transmitting the authentication information request and the acquired current location information to an authentication center for issuing the authentication information;
Authentication information receiving means for receiving authentication information corresponding to the authentication information request from the authentication center;
Authentication information transmitting means for transmitting the authentication information to the device;
Having connected equipment. A message receiving means for receiving a current location information of the connected device and an authentication information request for requesting authentication information transmitted from a connected device for communicating with the device;
Effective position storage means for storing a specific area in which use of the connection device is permitted;
Message confirmation means for determining from the current position information that the connected device is in the specific area;
Authentication information transmitting means for generating authentication information corresponding to the authentication information request and transmitting it to the connected device when the connected device is in the specific area;
Having an authentication center.

Images