JP2013196449A - Access key supply device, server device, authentication system and terminal device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To supply an individual access key for each terminal device to the terminal device with a limit of a prescribed location, and to authenticate propriety of each terminal device by the supplied access key.SOLUTION: An access key supply device 10A superimposes a shared key on an acoustic signal and emits it (S1-S3). A terminal device 20 requests authentication to a response processing server 30 by the shared key extracted from the detected acoustic signal (S4-S6). When the terminal device 20 is authenticated, the response processing server 30 provides the access key supply device 10A with a terminal ID of the terminal device 20 (S7, S8). The access key supply device 10A generates an individual key using the acquired terminal ID, superimposes it on the acoustic signal and emits it (S8-S10). The terminal device 20 requests log-in to the response processing server 30 by the individual key extracted from the detected acoustic signal (S11, S12). When the terminal device 20 is authenticated by the individual key, the response processing server 30 permits the log-in (S13, S14).

Description

  The present invention relates to authentication using an access key.

  In a connection service called a public wireless LAN or the like, information necessary for communication connection is supplied to a user terminal device in an area where the connection service is provided. In Patent Document 1, as a mechanism for supplying setting information necessary for communication connection to a user's communication device, an access point blinks an infrared LED light emitting unit, and the emitted light is captured by a digital camera of the communication device. Thus, it is disclosed that a communication apparatus obtains setting information (common key information such as a WEP (Wired Equivalent Privacy) key) necessary for connection with an access point.

JP 2007-110274 A

As in the invention described in Patent Document 1, when an access key shared by a plurality of user terminal devices is supplied by a method that can be acquired by the plurality of terminal devices, access is also performed by a terminal device of an unauthorized user. Keys can be obtained, and there are concerns about communication security issues. By the way, an authentication technique using an access key prepared for each terminal device is more preferable in solving a security problem than an authentication technique using an access key shared by a plurality of terminal devices. Generally considered. However, the invention described in Patent Document 1 does not include a configuration for associating a communication device with setting information that can be used only for communication connection by the communication device. The authenticity of each communication device cannot be authenticated.
Accordingly, an object of the present invention is to supply an individual access key for each terminal device to a terminal device while limiting to a predetermined place, and to authenticate the legitimacy of each terminal device using the supplied access key. .

  In order to solve the above-described problem, an access key supply device of the present invention communicates with a server device that has successfully authenticated the terminal device by using a first access key shared by a plurality of terminal devices, and identifies the terminal device. An ID acquisition unit that acquires a terminal ID to be used, and a generation unit that generates a second access key used for the terminal device indicated by the terminal ID to log in to the server device, using the terminal ID acquired by the ID acquisition unit And the first access key is superimposed on the acoustic signal by the acoustic watermark in the first period, and the second access key generated by the generation unit is superimposed on the acoustic signal by the acoustic watermark in the second period different from the first period. A superimposing unit; and a sound emission control unit that causes the sound emitting unit to emit the sound indicated by the acoustic signal on which the first or second access key is superimposed by the superimposing unit. It is characterized in.

  In the access key supply device of the present invention, a detection result acquisition unit that acquires a detection result of an environment that varies depending on the number of the terminal devices in the sound emission area of the sound emission unit, and a detection result acquired by the detection result acquisition unit. Accordingly, it is preferable to include a period setting unit that sets the first period and the second period, respectively.

  The server device of the present invention includes a first access key shared by a plurality of terminal devices extracted in a first period from an acoustic signal indicating a sound emitted by the access key supply device, and the first access key. The terminal device by which the terminal ID which identifies the extracted said terminal device is acquired by communication with the said terminal device, the 1st access key which the said 1st acquisition unit acquired, and the said terminal ID A first authenticating unit that authenticates the terminal device, and a providing unit that provides the terminal ID obtained by the first obtaining unit to the access key supply device by communication when the first authenticating unit succeeds in authenticating the terminal device; , Using the terminal ID provided by the providing unit extracted in the second period different from the first period from the acoustic signal indicating the sound emitted by the access key supply device. The second access key generated by the sesqui supplying device, the second access key used for the terminal device indicated by the terminal ID to log in to the own server device, and the terminal ID for identifying the terminal device, A second authentication unit that authenticates the terminal device using a second acquisition unit acquired by communication with the terminal device, a second access key acquired by the second acquisition unit, and the terminal ID; and the second authentication. A response processing unit that executes a specific response process for the terminal device that has been successfully authenticated.

  In the server device of the present invention, the response processing unit performs response processing according to a length of a period from when the authentication by the first authentication unit is performed to when the authentication by the second authentication unit is performed. You may make it perform.

  An authentication system of the present invention includes an access key supply device that supplies an access key to a terminal device, and a server device that authenticates the terminal device using the access key, and the access key supply device is shared by a plurality of terminal devices. The first access key is used to communicate with the server device that has been successfully authenticated by the terminal device, and an ID acquisition unit that acquires a terminal ID for identifying the terminal device and a terminal ID acquired by the ID acquisition unit are used. A generating unit that generates a second access key used by the terminal device indicated by the terminal ID to log in to the server device, and superimposing the first access key on an acoustic signal with an acoustic watermark in a first period, A superimposing unit that superimposes the second access key generated by the generating unit on the acoustic signal using an acoustic watermark in a second period different from the first period; A sound emission control unit that causes the sound emission unit to emit a sound indicated by the acoustic signal on which the first or second access key is superimposed by the superimposition unit, and the server device includes: The first access key extracted by the terminal device from the acoustic signal indicating the sound emitted by the control and the terminal ID indicating the terminal device from which the first access key has been extracted are communicated with the terminal device. A first authentication unit that acquires, a first authentication unit that authenticates the terminal device using the first access key and the terminal ID acquired by the first acquisition unit, and the first authentication unit that authenticates the terminal device If successful, the terminal ID acquired by the first acquisition unit is extracted from the providing unit that provides the access key supply device by communication and the acoustic signal indicating the sound emitted by the control of the sound emission control unit Said offer A second access key generated by the generating unit using the terminal ID provided by the terminal, and used by the terminal device indicated by the terminal ID to log in to the server device, and the terminal device A terminal ID for identifying the terminal device by a second acquisition unit that acquires the terminal ID by communication with the terminal device, a second access key acquired by the second acquisition unit, and the terminal ID. And a response processing unit that performs a specific response process on the terminal device that has been successfully authenticated by the second authentication unit.

  The terminal device of the present invention includes a communication unit that communicates with a server device, an acoustic signal acquisition unit that acquires an acoustic signal, and an acoustic signal that is acquired by the acoustic signal acquisition unit. An extraction unit that extracts a second access key generated using a key or a terminal ID indicating the terminal device, and the communication unit sends the first access key and the terminal ID extracted by the extraction unit to the server device To request authentication of the local terminal device, and after successfully authenticating the local terminal device with the first access key and the terminal ID in the server device, the second access key extracted by the extraction unit and And an access control unit that transmits the terminal ID to the server device by the communication unit and requests login to the server device.

  According to the present invention, it is possible to supply an individual access key to each terminal device by limiting to a predetermined place, and to authenticate the validity of each terminal device using the supplied access key.

The figure which shows the whole structure of an authentication system. The block diagram which shows the hardware constitutions of an access key supply apparatus. The block diagram which shows the hardware constitutions of a terminal device. The block diagram which shows the hardware constitutions of a response processing server. The figure which shows the data structure of authentication DB. The figure which shows the data structure of content DB. The functional block diagram which shows the functional structure of an authentication system. The sequence chart which shows the flow of a process in an authentication system. The flowchart which shows the procedure which selects the access key made into supply object. The time chart which shows the time-sequential change of an access key. The figure which shows the whole structure of the authentication system of this embodiment. The block diagram which shows the hardware constitutions of an access key supply apparatus. The functional block diagram which shows the functional structure of an access key supply apparatus. The flowchart which shows the procedure which selects the access key made into supply object. The time chart which shows the time-sequential change of an access key. The figure explaining the outline | summary of an authentication system. The block diagram which shows the hardware constitutions of an acoustic vibrator. The block diagram which shows the hardware constitutions of an access key supply apparatus. The figure explaining the outline | summary of an authentication system. The block diagram which shows the hardware constitutions of an acoustic vibrator.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
FIG. 1 is a diagram showing the overall configuration of the authentication system 1.
The authentication system 1 is a communication system that includes an access key supply device 10, a terminal device 20, and a response processing server 30, and a service is provided to the user of the terminal device 20 by the response processing server 30. Here, the access key supply device 10 is set in a store where an unspecified number of persons such as cafes, restaurants and shops can enter and exit. The access key supply device 10 uses the site of the store where the own access key supply device is installed as a sound emission area, and emits sound in this sound emission area. In the present embodiment, the access key supply devices 10A and 10B among the access key supply device 10 will be described. The access key supply device 10 </ b> A is installed in the store A and forms a sound emitting area in the site of the store A. The access key supply device 10B is installed in the store B and forms a sound emission area in the site of the store B.

  The terminal device 20 is a smartphone here and is carried by a user who can be a customer of the store. The response processing server 30 is a server device that provides a service via the terminal device 20 to a user who has entered the sound emission area formed by the access key supply device 10. In the present embodiment, the response processing server 30 is a server device that executes processing for providing content such as coupons and advertisements available to the user via the terminal device 20. The terminal device 20 and the response processing server 30 are communicably connected via the network NW. Here, the network NW is a communication network including a mobile communication network, a gateway, and the Internet.

FIG. 2 is a block diagram illustrating a hardware configuration of the access key supply apparatus 10. As shown in FIG. 2, the access key supply device 10 includes a control unit 11, a storage unit 12, a microphone 13, and a speaker 14.
The control unit 11 includes a microprocessor having a central processing unit (CPU), a read only memory (ROM), and a random access memory (RAM). The CPU controls each unit of the access key supply apparatus 10 by reading a program stored in the ROM or the storage unit 12 into the RAM and executing the program. For example, the control unit 11 performs control for supplying each terminal device 20 with an access key used by the response processing server 30 to authenticate each terminal device 20.

  The storage unit 12 is a storage device including a hard disk, for example. The storage unit 12 is used for the control unit 11 to generate an individual key (second access key) individually supplied to each terminal device 20 as an access key used for the terminal device 20 to log in to the response processing server 30. A key generation program PRG is stored. The key generation program PRG is a program in which an algorithm for generating an individual key for each terminal device 20 is described by a conversion process using a terminal ID for identifying the terminal device 20. Here, the conversion process is an arithmetic process for obtaining an individual key by a predetermined function using the terminal ID as an argument. The algorithm of the key generation program PRG is determined so that the access key is different if the terminal ID is different, in other words, the access key unique to each terminal device 20 is generated.

  The storage unit 12 further stores a shared key and schedule data 121. The shared key is an access key used by the response processing server 30 to authenticate the terminal device 20 and is a first access key shared by the plurality of terminal devices 20. The shared key is different for each access key supply apparatus 10. Here, the storage unit 12 of the access key supply device 10A stores the shared key “KS1”, and the storage unit 12 of the access key supply device 10B stores the shared key “KS2”. The method of setting the shared key in the access key supply device 10 is not particularly limited. For example, the shared key managed by the response processing server 30 is notified to the administrator of the access key supply device 10, and the administrator Manual setting is performed using an operation unit including a keyboard and a mouse for receiving operations.

The schedule data 121 is data indicating a schedule related to a shared key and individual key supply period in the access key supply apparatus 10. Here, in the schedule data 121, the length of the shared key supply period (first period) is T1, and the length of the individual key supply period (second period) is T2. The schedule of alternating the supply period is shown.
When there are a plurality of individual keys to be supplied, the plurality of individual keys are supplied with different supply periods by shifting the time.

  The communication unit 13 is an interface for connecting to the network NW. The speaker 14 is a sound emitting unit that emits sound indicated by the acoustic signal output from the control unit 11. The sound emission area described above is an area where the sound from the speaker 14 reaches, but in this embodiment, the terminal device 20 can restore the acoustic watermark information embedded in the sound emitted in the sound emission area. To do. The sound emission area described above is an area where the sound from the speaker 14 reaches, but in the present embodiment, the terminal device 20 can restore the acoustic watermark information embedded in the sound within the sound emission area.

FIG. 3 is a block diagram illustrating a hardware configuration of the terminal device 20. As illustrated in FIG. 3, the terminal device 20 includes a control unit 21, a UI (User Interface) unit 22, a wireless communication unit 23, a microphone 24, a speaker 25, and a storage unit 26.
The control unit 21 includes a microprocessor having a CPU, a ROM, and a RAM. The CPU controls each unit of the terminal device 20 by reading the program stored in the ROM or the storage unit 26 into the RAM and executing it. The UI unit 22 includes, for example, a touch panel, accepts an operation from the user, and notifies information by an image or sound. The wireless communication unit 23 includes a wireless communication circuit and an antenna, and is an interface for connecting to the network NW. The microphone 24 is a detection unit that is electrically connected to the control unit 21 and detects sound, and outputs an acoustic signal indicating the detected sound to the control unit 21. The microphone 24 outputs an acoustic signal indicating a received voice or a sound around the terminal device 20 to the control unit 21. This acoustic signal is, for example, an analog waveform signal representing a sound waveform. The analog audio signal is sampled by the control unit 21 and converted into a digital audio signal. The speaker 25 emits a transmitted voice. The storage unit 26 includes, for example, an EEPROM, and stores a terminal ID in addition to a program executed by the control unit 21. The terminal ID may be, for example, a telephone number assigned to the terminal device 20 or identification information specified from a SIM (Subscriber Identity Module) card.

FIG. 4 is a block diagram illustrating a hardware configuration of the response processing server 30. As illustrated in FIG. 4, the response processing server 30 includes a control unit 31, a communication unit 32, and a storage unit 33.
The control unit 31 includes a microprocessor having a CPU, a ROM, and a RAM. The CPU controls each unit of the response processing server 30 by reading the program stored in the ROM or the storage unit 33 into the RAM and executing it. The communication unit 32 is an interface for connecting to the network NW. The storage unit 33 includes a hard disk device, for example, and stores an authentication DB (Data Base) 331 and a content DB 332 in addition to a program executed by the control unit 31. The storage unit 33 stores a key generation program PRG in which an algorithm common to each access key supply apparatus 10 is defined as a program executed by the control unit 31.

FIG. 5 is a diagram illustrating the data structure of the authentication DB 331.
The authentication DB 331 is a database in which pieces of information “device ID”, “shared key”, and “terminal ID” are associated with each other. The device ID is identification information for identifying the access key supply device 10. Here, the device ID of the access key supply device 10A is “MID001”, and the device ID of the access key supply device 10B is “MID002”. When the response processing server 30 receives the access request, the shared key is used to collate with the shared key included in the access request. The shared key of the authentication DB 331 is the same as that stored in any one of the access key supply devices 10 and is written in the authentication DB 331 in association with the device ID of the access key supply device 10. The terminal ID of the authentication DB 331 is written in the authentication DB 331 in association with each device ID. The terminal ID of the authentication DB 331 is a terminal ID that indicates a terminal device 20 that has been successfully authenticated and is permitted to log in, among the terminal devices 20 that have transmitted access requests to the response processing server 30. Therefore, the terminal ID is not described in the authentication DB 331 before the authentication processing in the response processing server 30 is started.

FIG. 6 is a diagram illustrating a data structure of the content DB 332.
As shown in FIG. 6, the content DB 332 has a data structure in which pieces of information “device ID” and “content data” are associated with each other. The device ID is common to the device ID described in the authentication DB 331. Here, the content data is a storage address such as a URL (Uniform Resource Locator) in which the content to be provided to the terminal device 20 is stored. The content stored at this storage address is, for example, an advertisement or a coupon, but any content may be stored. For example, the content A associated with “MID001” as the device ID indicates content related to the store A (for example, a coupon that can be used at the store A), and the content B associated with “MID002” as the device ID is the store Content related to B (for example, a sale advertisement performed at store B) is shown.
In the response processing server 30, the content itself may be stored in the content DB 332.
Next, a functional configuration of the authentication system 1 will be described.

FIG. 7 is a functional block diagram showing a functional configuration of the authentication system 1. First, the functional configuration of the access key supply apparatus 10 will be described. The control unit 11 of the access key supply apparatus 10 realizes functions corresponding to the superimposition unit 111, the sound emission control unit 112, the ID acquisition unit 113, and the generation unit 114 by executing a program.
In accordance with the schedule indicated by the schedule data 121, the superimposing unit 111 superimposes the shared key stored in the storage unit 12 on the acoustic signal with an acoustic watermark during the shared key supply period, and generates the generating unit during the individual key supply period. The individual key generated by 114 is superimposed on the acoustic signal by the acoustic watermark. The superimposing unit 111 superimposes the shared key or the individual key on the acoustic signal by using a spreading code such as an M sequence or a Gold sequence, or using OFDM (Orthogonal Frequency-Division Multiplexing) modulation.
The sound emission control unit 112 causes the speaker 14 to emit the sound indicated by the acoustic signal in which the superimposing unit 111 superimposes the shared key or the individual key using the acoustic watermark.

  The ID acquisition unit 113 acquires a terminal ID from the response processing server 30 through communication of the communication unit 13. As will be described in detail later, the ID acquisition unit 113 acquires the terminal ID of the terminal device 20 that has been successfully authenticated by the response processing server 30 using the shared key.

The generation unit 114 generates an individual key used for the terminal device 20 indicated by the terminal ID acquired by the ID acquisition unit 113 to log in to the response processing server 30 using the terminal ID. Here, the generation unit 114 executes the key generation program PRG stored in the storage unit 12, and the terminal device 20 indicated by the terminal ID uses the conversion process using the terminal ID acquired by the ID acquisition unit 113. Generate individual keys.
Next, the functional configuration of the terminal device 20 will be described.

The control unit 21 of the terminal device 20 implements functions corresponding to the acoustic signal acquisition unit 211, the extraction unit 212, and the access control unit 213 by executing a program.
The acoustic signal acquisition unit 211 acquires an acoustic signal indicating the sound emitted by the speaker 25 under the control of the sound emission control unit 112. Here, the acoustic signal acquisition unit 211 acquires an acoustic signal indicating the sound detected by the microphone 24.
The extraction unit 212 extracts a shared key or an individual key superimposed by an acoustic watermark from the acoustic signal acquired by the acoustic signal acquisition unit 211. The extraction unit 212 extracts a shared key or an individual key by a method corresponding to the audio watermark superimposing method in the superimposing unit 111. For example, the extraction unit 212 includes an HPF (High Pass Filter) and performs a filtering process using the HPF.

The access control unit 213 performs access control for requesting authentication from the response processing server 30 according to the shared key or individual key extracted by the extraction unit 212. Specifically, the access control unit 213 transmits a first access request including the shared key extracted by the extraction unit 212 and the terminal ID acquired from the storage unit 26 to the response processing server 30 by the wireless communication unit 23. . In addition, the access control unit 213 wirelessly sends a second access request including the individual key and the terminal ID extracted by the extraction unit 212 after the response processing server 30 successfully authenticates the terminal device 20 in response to the first access request. The data is transmitted to the response processing server 30 by the communication unit 23.
Next, the functional configuration of the response processing server 30 will be described.

The control unit 31 of the response processing server 30 executes a program to thereby execute a first acquisition unit 311, a first authentication unit 312, a provision unit 313, a second acquisition unit 314, a second authentication unit 315, A function corresponding to the response processing unit 316 is realized.
The first acquisition unit 311 acquires the first access request transmitted by the terminal device 20 from the communication unit 32 through communication with the terminal device 20.

  The first authentication unit 312 authenticates the terminal device 20 that is the transmission source of the first access request based on the first access request acquired by the first acquisition unit 311. Specifically, first, the first authentication unit 312 determines whether or not the shared key included in the first access request matches any shared key written in the authentication DB 331. Second, when the first authentication unit 312 determines that the two shared keys match in the first authentication, the terminal ID included in the first access request is written in the authentication DB 331 in association with the shared key. It is determined whether or not. When determining that the terminal ID included in the first access request is not written in the second authentication, the first authentication unit 312 determines that the authentication of the terminal device 20 has been successful.

The providing unit 313 provides the terminal ID included in the first access request from the terminal device 20 successfully authenticated by the first authentication unit 312 to the access key supply device 10 through communication of the communication unit 32. Here, the providing unit 313 transmits the terminal ID by the communication unit 32 to the access key supply device 10 that is the supply source of the shared key used for authentication in the first authentication unit 312.
The providing unit 313 refers to the authentication DB 331, and specifies the access key supply device 10 that is the supply source of the shared key based on the device ID associated with the shared key that has been successfully authenticated by the first authentication unit 312. .

The second acquisition unit 314 acquires the second access request transmitted from the terminal device 20 from the communication unit 32 through communication with the terminal device 20.
The second authentication unit 315 authenticates the terminal device 20 that is the transmission source of the second access request based on the second access request acquired by the second acquisition unit 314. The second authentication unit 315 executes the key generation program PRG stored in the storage unit 33 and generates an individual key by conversion processing using the terminal ID included in the access request as an argument. If the generated individual key matches the access key included in the second access request, second authentication unit 315 determines that the authentication process using the individual key has succeeded. The second authentication unit 315 newly writes the terminal ID of the terminal device 20 successfully authenticated in the authentication DB 331 in association with the shared key used for the authentication in the first authentication unit 312.

The response processing unit 316 executes specific response processing corresponding to the authentication result by the second authentication unit 315 for the terminal device 20 that is the transmission source of the second access request. Here, if the authentication of the terminal device 20 is successful, the response processing unit 316 determines that the login of the terminal device 20 is permitted, and is associated with the device ID of the access key supply device 10 that is the individual key supply source. The communication unit 32 is controlled so that the acquired content data is acquired from the content DB 332 and transmitted to the terminal device 20. On the other hand, the response processing unit 316 controls the communication unit 32 to notify the terminal device 20 that the login is not permitted when the authentication of the terminal device 20 fails and it is determined that the login is not permitted.
Next, the operation of the authentication system 1 will be described.

  FIG. 8 is a sequence chart showing the flow of processing in the authentication system 1. Hereinafter, the operation when the terminal device 20 logs in to the response processing server 30 using the access key supplied from the access key supply device 10A will be described using the operation of the access key supply device 10A as an example. The terminal device 20 is assumed to be a terminal device 20 to which “UID001” is assigned as a terminal ID.

The control unit 11 of the access key supply apparatus 10A emits a sound such as BGM (Background Music) in advance in the sound emission area by the speaker 14 based on an acoustic signal supplied from a sound source (not shown) stored in the storage unit 12. I am letting. During this sound emission period, the control unit 11 superimposes an access key (shared key or individual key) on the acoustic signal indicating this BGM using an acoustic watermark. First, the control part 11 acquires a shared key from the memory | storage part 12 (step S1). Next, the control part 11 superimposes a shared key on an acoustic signal by an acoustic watermark in the supply period of a shared key (step S2). Then, the control unit 11 causes the speaker 14 to emit the sound indicated by the acoustic signal with the shared key superimposed by the acoustic watermark (step S3). The control unit 11 superimposes the access key using an acoustic signal having a relatively high frequency band (for example, 18 kHz or more) in the audible range.
Here, the control unit 11 superimposes “KS1” as a shared key on the acoustic signal using the acoustic watermark.

  The control unit 21 of the terminal device 20 has previously executed an application program for receiving provision of content data from the response processing server 30, and during this execution period, an acoustic signal indicating sound detected by the microphone 24 is output. get. Here, it is assumed that the sound detected by the microphone 24 is the sound emitted by one of the access key supply devices 10 in the process of step S3. And the control part 21 continues and repeats the operation | movement which tries extraction of a shared key from the acoustic signal acquired from the microphone 24. FIG. And the control part 21 extracts a shared key from the acoustic signal acquired from the microphone 24 (step S4). Here, the control unit 21 extracts “KS1” as the shared key.

  Next, the control unit 21 generates a first access request including the shared key extracted from the acoustic signal and the terminal ID stored in the storage unit 26, and the generated first access request is transmitted by the wireless communication unit 23. It transmits to the response processing server 30 (step S5). Here, the control unit 21 transmits a first access request including “KU1” as the shared key and “UID001” as the terminal ID.

  When acquiring the first access request received by the communication unit 32, the control unit 31 of the response processing server 30 authenticates the terminal device 20 using the acquired first access request (step S6). In the process of step S <b> 6, the control unit 31 determines whether or not the shared key included in the first access request matches any shared key in the authentication DB 331 stored in the storage unit 33. Next, in the authentication DB 331, the control unit 31 determines that the authentication of the terminal device 20 has succeeded if the terminal ID included in the access request is not associated with the shared key determined to match.

  When the authentication of the terminal device 20 is successful in the process of step S6, the control unit 31 provides the terminal ID included in the first access request from the terminal device 20 to the access key supply device 10A through communication of the communication unit 32. (Step S7). Here, the control unit 11 refers to the authentication DB 331 and transmits a terminal ID (here, “UID001”) to the access key supply apparatus 10 that stores the shared key acquired by the first access request. To do.

  The control unit 11 of the access key supply apparatus 10A receives the terminal ID provided from the response processing server 30 by the communication unit 13 and acquires it. And the control part 11 performs the key generation program PRG, and produces | generates an individual key by the conversion process using acquired terminal ID (step S8). Here, the control unit 11 generates “KU001” as the individual key using “UID001” as the terminal ID.

In the individual key supply period, the control unit 11 superimposes the individual key generated in the process of step S8 on the acoustic signal using the acoustic watermark (step S9), and outputs the sound indicated by the acoustic signal on which the individual key is superimposed. The speaker 14 emits sound (step S10). Here, the control part 11 superimposes an individual key on an acoustic signal in the supply period which is not a supply period of other access keys, such as a shared key.
Again, the control unit 11 superimposes the access key using an acoustic signal of a relatively high frequency band in the audible range (for example, 18 kHz or more).

When the sound emitted by the access key supply device 10A in step S10 is detected by the microphone 24, the control unit 21 of the terminal device 20 acquires an acoustic signal indicating the detected sound from the microphone 24. Next, the control part 11 extracts an individual key from the acquired acoustic signal (step S11). Here, the control unit 21 extracts “KU001” from the acoustic signal as the individual key.
The control unit 21 ends the acquisition of the acoustic signal indicating the sound detected by the microphone 24 when the individual key is extracted from the acoustic signal. Thereby, compared with the case where the control part 21 always acquires an acoustic signal and performs the process which tries extraction of an access key, the reduction in power consumption of the terminal device 20 is implement | achieved. In addition, the possibility that the terminal device 20 acquires an individual key generated for a terminal device other than the terminal device itself can be suppressed. In other words, it is possible to suppress the possibility that a terminal device other than the own terminal device 20 acquires the individual key generated for the own terminal device 20. In other words, it is possible to suppress the possibility that a terminal device other than the own terminal device 20 acquires the individual key generated for the own terminal device 20.

  Next, the control unit 21 generates a second access request including the individual key extracted in the process of step S11 and the terminal ID stored in the storage unit 26, and the generated second access request is transmitted to the wireless communication unit 23. Is transmitted to the response processing server 30 (step S12). Here, the control unit 21 transmits a second access request including “KU001” as the individual key and “UID001” as the terminal ID.

When acquiring the second access request received by the communication unit 32, the control unit 31 of the response processing server 30 authenticates the terminal device 20 using the acquired second access request (step S13).
In the process of step S13, the control unit 31 executes each key generation program PRG stored in the storage unit 33, and generates an individual key by a conversion process using the terminal ID included in the second access request as an argument. . If the generated individual key matches the individual key included in the second access request, the control unit 31 determines that the authentication with the individual key has succeeded. At this time, the control unit 31 accesses the access source of the individual key included in the second access request depending on which authentication is successful using the key generation program PRG corresponding to which access key supply device 10 in this authentication. The key supply device 10 is specified. Here, the control unit 31 identifies the access key supply device 10 that is the supply source of the individual key as the access key supply device 10A.

  In the authentication process of step S13, the control unit 31 may execute the key generation program PRG to perform an authentication process that does not generate an individual key. For example, a data set in which the combination of the terminal ID and the individual key that the response processing server 30 determines to be successful in authentication is associated with the device ID of the access key supply device 10 that is the source of the individual key is used as authentication data. This is stored in the storage unit 33. Then, the control unit 31 determines whether or not the combination of the individual keys included in the access request matches the combination of the terminal ID and the individual keys specified by the authentication data stored in the storage unit 33. . The control unit 31 determines that the authentication with the individual key is successful only when both the terminal ID and the individual key match. At that time, the control unit 31 may specify the access key supply device 10 that is the supply source of the individual key based on the device ID associated with the combination of the terminal ID and the individual key that have been successfully authenticated in the authentication data. it can.

As described above, the response processing server 30 uses the shared key and the individual key acquired by the first and second access requests, so that the terminal device 20 is located in the sound emission area of the access key supply device 10, and which access key supply It is possible to specify whether the access key is obtained in the sound emission area of the device 10. In addition, the response processing server 30 can provide a service only once to one terminal device 20, and can prevent multiple provisions of the same service to one user.
When the response processing server 30 may provide a service to a single user multiple times or when the number of times is not limited, authentication using the terminal ID is performed as a service providing method (providable number of times). It may be changed to a corresponding condition. Specifically, when providing a service to a single user a plurality of times, the response processing server 30 may manage the number of times the service has been provided or the remaining number of service provisions in association with the terminal ID. On the other hand, when the service provision count is not limited, the response processing server 30 may omit the process of writing the terminal ID in the authentication DB 331.

  When the authentication of the terminal device 20 is successful in the process of step S13, the control unit 31 acquires content data associated with the device ID of the access key supply device 10A that is the access key supply source from the content DB 332, and acquires the content data. The content data thus transmitted is transmitted to the terminal device 20 by the communication unit 32 (step S14). Here, the control unit 11 causes the terminal device 20 to transmit the content data of the content A associated with “MID001” as the device ID of the access key supply device 10A in the content DB 332.

When the content data transmitted from the response processing server 30 is received by the wireless communication unit 23, the control unit 21 of the terminal device 20 stores the content data in the storage unit 26 or causes the content to be presented using the UI unit 22. (Step S15). Here, how to use the content data received by the terminal device 20 is not particularly limited in the present embodiment.
The operation of the terminal device 20 when logging in to the response processing server 30 using the access key supplied from the access key supply device 10A has been described above.

  By the way, the access key supply apparatus 10 selects one of the shared key and the individual key according to the schedule indicated by the schedule data 121 and superimposes it on the acoustic signal. Here, an operation of selecting an access key to be supplied by the access key supply apparatus 10 will be described with reference to FIGS. 9 and 10.

FIG. 9 is a flowchart showing an operation procedure for selecting an access key to be supplied by the access key supply apparatus 10. FIG. 10 is a time chart showing a time-series change of the access key selected by the access key supply apparatus 10. FIG. 10A shows a case where the individual key to be supplied is zero. FIG. 10B shows a case where the individual key to be supplied is 1. FIG. 10C shows a case where the individual key to be supplied is 3. In FIG. 10, a period indicated as “common” means a shared key supply period. A period indicated as “number X” (X is a number) means a supply period of individual keys. If the number of “X” is different, a different individual key is supplied. Conversely, the same individual key is supplied for a plurality of periods in which the number of X is the same.
The control unit 11 of the access key supply apparatus 10 refers to the schedule data 121 stored in the storage unit 12 (step S101). The control unit 11 refers to the schedule data 121 to supply the shared key and the individual key alternately by setting the length of the shared key supply period to T1 and the length of the individual key supply period to T2. Specify the supply schedule.

  Next, based on the schedule data 121, the control unit 11 determines whether or not it is the individual key supply period (step S102). Here, when the control unit 11 determines that it is not the individual key supply period but the shared key supply period according to the schedule indicated by the schedule data 121 (step S102; NO), the control unit 11 uses the shared key as the access key to be supplied. Select (step S105). In this case, the control part 11 will supply the shared key selected by the process of step S105 to the terminal device 20 using an acoustic watermark.

In the process of step S102, when the control unit 11 determines that the individual key supply period is in accordance with the schedule indicated by the schedule data 121 (step S102; YES), the process proceeds to step S103.
Next, the control unit 11 determines whether there is an individual key to be supplied (step S103). Here, when the control unit 11 has not yet acquired the terminal ID from the response processing server 30 or when the supply of the individual key that has already been supplied is terminated, there is no individual key to be supplied. Judgment is made (step S103; NO). Also in this case, the control unit 11 selects a shared key as an access key to be supplied (step S105). And the control part 11 supplies the shared key selected by the process of step S105 to the terminal device 20 using an acoustic watermark.
In this case, as shown in FIG. 10A, the control unit 11 makes the shared key not only during the shared key supply period but also during the individual key supply period.

When determining that there is an individual key to be supplied in the process of step S103 (step S103; YES), the controller 11 selects the individual key as the access key to be supplied (step S104). And the control part 11 will supply the shared key selected by the process of step S104 using an acoustic watermark.
Here, the control part 11 supplies the individual key which is a supply object now in order according to the acquisition order of terminal ID. For example, as illustrated in FIG. 10B, when the individual key to be supplied is “1”, the control unit 11 supplies the individual key represented by “one” during the supply period of each individual key. Therefore, the length of one cycle in which the shared key and all the individual keys to be supplied are supplied is T1 + T2. That is, when the individual key to be supplied is “1”, the access key is supplied in the same pattern every T1 + T2.

For example, as illustrated in FIG. 10C, when the individual key to be supplied is “3”, the control unit 11 supplies the individual keys in the order of “Piece 1” → “Piece 2” → “Piece 3”. To do. Therefore, the length of one cycle in which the shared key and all the individual keys to be supplied are supplied is 3 (T1 + T2). That is, when the individual key to be supplied is “3”, the access key is supplied in the same pattern every 3 (T1 + T2) periods. Thus, as the number of individual keys to be supplied increases, the length of one cycle becomes longer. This is because the access key supply apparatus 10 needs to select the individual key and the shared key exclusively by the acoustic watermark. Moreover, according to this supply pattern, since the access key supply device 10 supplies the shared key at a relatively high frequency, the terminal device 20 in the sound emission area can quickly acquire the shared key.
According to the schedule indicated by the schedule data 121, the length of one cycle becomes longer as the number of individual keys to be supplied increases.

  When the control unit 11 selects an access key to be supplied in the process of step S104 or S105, the control unit 11 determines whether or not to continue supplying the access key (step S106). Here, if the control unit 11 has not received an instruction to end the supply of the access key or the like, it determines that the supply is continued (step S106; YES), and returns to the process of step S101. And the control part 11 repeats the process step of step S101-S105 in the same procedure as the above. On the other hand, when receiving an instruction to end the supply of the access key, the control unit 11 determines that the supply of the access key is not continued (step S106; NO), and ends the operation of selecting the access key. At the same time, the control unit 11 ends the process of superimposing the access key on the acoustic signal.

  In the embodiment described above, when the access key supply device 10 supplies a shared key and the terminal device 20 acquires the shared key, the terminal device 20 authenticates the response processing server 30 with the shared key and the terminal ID. Request. When the response processing server 30 successfully authenticates the terminal device 20, the response processing server 30 provides the terminal ID of the terminal device 20 to the access key supply device 10. Then, the access key supply device 10 supplies the individual key generated using the terminal ID, and the terminal device 20 permits the response processing server 30 to log in using this individual key. According to the authentication system 1, the response processing server 30 authenticates with two types of access keys, and further authenticates with a set of access key and terminal ID. Compared with the case where the terminal device 20 is authenticated, the accuracy of the authentication becomes higher. As an example, even if the terminal device 20 acquires an access key generated using a terminal ID other than its own terminal device, the access request includes the terminal ID of its own terminal device. Login is not permitted by the response processing server 30.

Further, even if the user of the terminal device 20 does not perform any operation in the sound emission area, the control relating to the supply of the shared key and the individual key is executed by the cooperation of the access key supply device 10 and the response processing server 30. Therefore, the user is not burdened with troublesome work due to the double authentication of the shared key and the individual key.
Furthermore, since the access key is supplied by the access key supply device 10 only to the sound emission area where the sound according to the acoustic signal reaches, the area restriction means (that is, the wall) is a means by which a person can visually confirm the sound emission area. The sound emission area to which the access key is supplied can be limited relatively easily using a member that has an effect of insulating sound such as partition and partition.

[Second Embodiment]
Next, a second embodiment of the present invention will be described.
In the first embodiment described above, the access key supply apparatus 10 selects an access key to be supplied according to a fixed schedule according to the schedule data 121. On the other hand, the access key supply device 10 of the present embodiment has a configuration in which the schedule indicated by the schedule data 121 is changed according to the number of terminal devices 20 in the sound emission area.
In the present embodiment, the components and processing steps that are denoted by the same reference numerals as those in the first embodiment described above function in the same manner as in the first embodiment described above, and therefore, differences will be mainly described below.

FIG. 11 is a diagram showing the overall configuration of the authentication system of the present embodiment.
The authentication system 1 includes an access key supply device 10, a terminal device 20, a response processing server 30, and a detection device 40. The hardware configuration of the access key supply device 10, the terminal device 20, and the response processing server 30 is basically the same as that of the first embodiment described above, and has the same connection relationship as that of the first embodiment described above. is there.
The detection device 40 detects an installation environment related to the number of terminal devices 20 in the sound emission area (in other words, the number of users in the store). This installation environment is an environment that changes according to the number of terminal devices 20 in the sound emission area. In other words, the detection device 40 detects an event caused by a change in the number of terminal devices 20 in the sound emission area as a change in the installation environment. As an installation environment which the detection apparatus 40 detects, the installation environment shown to the following (a)-(e) is mentioned, for example.
(A) Number of times of opening / closing of entrance door of store The detection device 40 includes a door opening / closing sensor, for example, and detects the number of times of opening / closing the entrance door of the store (sound emitting area) detected by the door opening / closing sensor as an installation environment. As the number of times of opening and closing the entrance door increases, the number of users entering and exiting the store increases, and the number of users in the store (the number of terminal devices 20) increases.
(B) Pressure applied to the floor mat provided in the store The detection device 40 includes, for example, a pressure sensor, and detects the pressure applied to the floor mat in the store (sound emitting area) detected by the pressure sensor as an installation environment. As the pressure applied to the floor mat increases, the number of users (number of terminal devices 20) on the floor mat increases.
(C) Imaging of sound emission area The detection device 40 includes, for example, an imaging device, images a store (sound emission area) with this imaging device, and detects a captured image obtained by the imaging as an installation environment. When the detection device 40 performs image analysis on the captured image, the number of users in the sound emission area (the number of terminal devices 20) can be determined.
(D) POS (Point of sale system) function The detection device 40 includes, for example, a register having a POS function, and estimates the number of shop users by the POS function. That is, the detection device 40 detects the number of users specified by the POS function as an installation environment.
(E) Background Noise Level The detection device 40 includes a sensor that detects a background noise level in a store (sound emitting area), and detects the background noise level detected by the sensor as an installation environment. As the background noise level is higher, it can be used as an index for determination that the number of users (number of terminal devices 20) in the store is larger.
The detection device 40 detects one or a plurality of installation environments described in the above (a) to (e) and provides the detection result to the access key supply device 10. Note that the detection device 40 may detect an installation environment other than these as the installation environment of its own device related to the number of terminal devices 20 in the sound emission area.

  FIG. 12 is a block diagram illustrating a hardware configuration of the access key supply apparatus 10. As shown in FIG. 12, the access key supply device 10 includes a control unit 11, a storage unit 12, a microphone 13, a speaker 14, and a detection device IF (Interface) 15. The control unit 11, the storage unit 12, the microphone 13, and the speaker 14 function in the same manner as in the first embodiment described above. The detection device IF 15 is an interface for connecting to the detection device 40. The control unit 11 acquires the detection result by the detection device 40 via the detection device IF15, and changes the schedule indicated by the schedule data 121 according to the detection result.

FIG. 13 is a functional block diagram showing a functional configuration of the access key supply apparatus 10. The control unit 11 of the access key supply apparatus 10 executes the program, thereby superimposing unit 111, sound emission control unit 112, ID acquisition unit 113, generation unit 114, detection result acquisition unit 115, and period setting. A function corresponding to the unit 116 is realized. The superimposing unit 111, the sound emission control unit 112, the ID acquisition unit 113, and the generation unit 114 function in the same manner as in the first embodiment described above.
The detection result acquisition unit 115 acquires the detection result of the installation environment by the detection device 40 via the detection device IF15. The period setting unit 116 sets a period for supplying the shared key (first period) and a period for supplying the individual key (second period) based on the detection result acquired by the detection result acquiring unit 115, respectively. The schedule data 121 is updated. The superimposing unit 111 refers to the schedule data 121 and superimposes the shared key on the acoustic signal during the shared key supply period set by the period setting unit 116 and superimposes the individual key on the acoustic signal during the individual key supply period. .

FIG. 14 is a flowchart showing an operation procedure for selecting an access key to be supplied by the access key supply apparatus 10. FIG. 15 is a time chart showing a time-series change of the access key selected by the access key supply apparatus 10.
The control unit 11 of the access key supply device 10 acquires the detection result of the installation environment detected by the detection device 40 via the detection device IF15 (step S107). Next, the control part 11 updates the schedule data 121 according to the acquired detection result (step S108). Here, the control unit 11 determines whether the acquired detection result satisfies a predetermined condition indicating that the number of users in the sound emitting area is large, and sets the access key supply period according to the determination result. .

  When the control unit 11 determines that the condition indicating that the number of users is large is not satisfied, as shown in FIG. 15A, the control unit 11 sets the length of the shared key supply period as in the first embodiment described above. The schedule data 121 is updated so as to define a supply schedule in which the shared key and the individual key are alternately supplied, with T1 being the length of the individual key supply period and T2. With this schedule, any time the terminal device 20 enters the sound emission area, the terminal device 20 can quickly obtain the shared key. Further, since the number of terminal devices 20 in the sound emitting area is not so large and the period of one cycle is relatively short, the terminal device 20 can also obtain individual keys quickly. For this reason, the terminal device 20 can log in to the response processing server 30 quickly. On the other hand, when it is determined that the condition indicating that the number of users is large is satisfied, the control unit 11 updates the schedule data 121 so as to shorten the period of one cycle as illustrated in FIG. Specifically, the control unit 11 defines a supply schedule in which the supply period of the shared key is set only once in each cycle, and the individual keys are sequentially supplied in the order of acquisition of the terminal ID. Thereby, even if the number of the terminal devices 20 in the sound emission area increases to some extent, the terminal device 20 can prevent an excessive time until obtaining the individual key for the own device.

  Thereafter, the access key supply apparatus 10 supplies the access key by executing the processing steps of steps S101 to S106 according to the schedule indicated by the schedule data 121 updated in the processing of step S108. In the present embodiment, when the control unit 11 determines “YES” in the process of step S106, the process returns to the process of step S107. That is, the control unit 11 supplies the access key while updating the schedule data 121 one by one according to the detection result by the detection device 40.

  According to the authentication system 1 of 2nd Embodiment demonstrated above, while there exists an effect equivalent to 1st Embodiment, according to the number of the users of a sound emission area, the terminal device 20 promptly uses a shared key and an individual key. The schedule indicated by the schedule data 121 can be defined so as to be obtained.

[Modification]
The present invention can be implemented in a form different from the above-described embodiment. Further, the following modifications may be combined as appropriate.
(Modification 1)
In each embodiment described above, the schedule indicated by the schedule data 121 employed by the access key supply apparatus 10 may be any schedule. For example, in the first embodiment described above, the shared key may be supplied only once per cycle, or the shared key may be supplied in a form that is not alternated with the individual keys.

(Modification 2)
In each of the above-described embodiments, the access key supply apparatus 10 stops supplying the individual key according to the support from the response processing server 30 when the authentication of the individual key is successful. Instead of this, the access key supply apparatus 10 may stop supplying the individual keys when a predetermined time has elapsed since the supply start.

(Modification 3)
In each of the above-described embodiments, when the response processing server 30 succeeds in the authentication with the individual key for the number of terminal devices 20 determined in advance for each access key supply device 10, the response processing server 30 may not perform the authentication with the individual key thereafter. Good. In this case, when the response processing server 30 provides the access key supply apparatus 10 with a terminal ID for supplying a predetermined number of individual keys, the response processing server 30 may stop the provision. The configuration of the authentication system 1 is suitable for providing a service with a limited number of users, such as providing a coupon to a predetermined number of first-come-first-served users.

(Modification 4)
In each of the above-described embodiments, the response processing server 30 determines a period from when authentication with a shared key to authentication with an individual key is performed for one terminal device 20 (hereinafter, “inter-authentication period”). It is also possible to execute a response process corresponding to the length of.
In this modification, the terminal device 20 transmits a second access request to the response processing server 20 in response to an instruction from the user. Further, the response processing server 30 may specify the length of this period based on, for example, the time measured by the internal clock of the response processing server 30.

The longer the inter-authentication period in one terminal device 20, the longer the period in which the user of the terminal device 20 was in the store (sound emitting area) (that is, the user's stay period). Therefore, the response processing server 30 transmits the content data to the terminal device 20 so as to provide a coupon with a higher monetary value as the terminal device 20 has a longer inter-authentication period. With this configuration, the response processing server 30 can provide a service that preferentially treats users who can stay in the store for a long time and contribute to the sales of the store.
In addition to this, the response processing server 30 includes content data indicating an advertisement for giving a right to purchase a limited product only to a user whose authentication period exceeds a certain time, and content data indicating a voucher for a premium. May be transmitted to the terminal device 20. Further, the response processing server 30 may divide the length of the stay period into a plurality of stages and transmit the content data to the terminal device 20 so as to provide the user with different contents at each stage. In short, the response processing server 30 may perform response processing according to the length of the inter-authentication period so as to provide the user with a different service according to the length of the inter-authentication period.
In this modification, the terminal device 20 transmits the second access request to the response processing server 30 in response to an instruction from the user. For example, the terminal device 20 repeatedly transmits the second access request every predetermined period. Also good. In this case, the response processing server 30 can specify the length of the inter-authentication period by the second access request acquired last from the terminal device 20.

(Modification 5)
In the second embodiment described above, the access key supply device 10 varies the supply period according to the detection result of the installation environment by the detection device 40, but the supply period is set according to other predetermined conditions. It may be different. For example, the access key supply device 10 may change the supply period according to the number of individual keys to be supplied, or may change the supply period according to a mode manually set by an administrator or the like. . In addition, the access key supply apparatus 10 may vary the length of the supply period of each shared key, or may vary the length of the supply period of each individual key.

(Modification 6)
In the embodiment described above, the access key supply device 10 executes the key generation program PRG and generates the individual keys of each terminal device 20 by the conversion process using the terminal ID. The specific processing may be other than this. For example, the access key supply device 10 may generate a different individual key for each terminal device 20 by adding a terminal ID or other information corresponding to the terminal ID to the access key stored in the storage unit 12. Good. When the individual key is expressed by a pseudo random number generated according to a predetermined pseudo random number generation algorithm, a seed value (that is, an initial value for generating the pseudo random number) used for generating the pseudo random number is set as the terminal ID. It is good. In this case, if the control unit 31 of the response processing server 30 generates a pseudo-random number using the seed value as a terminal ID in accordance with a pseudo-random number generation algorithm common to the access key supply apparatus 10, authentication is performed using the individual key and the terminal ID. be able to.

Further, the access key supply device 10 encrypts a shared key shared by the plurality of terminal devices 20 by a method that can be decrypted by the terminal ID acquired from the terminal device 20, and generates an individual key for each terminal device 20. It may be generated. For example, the access key supply apparatus 10 encrypts the shared key stored in the storage unit 26 with the encryption key generated by the common key method using the terminal ID. When the terminal device 20 obtains the individual key from the acoustic watermark, the terminal device 20 decrypts the individual key using the terminal ID of the terminal device 20 itself. For example, the terminal device 20 uses the terminal ID to decrypt the individual key with the decryption key generated by the common key method common to the access key supply device 10. In this case, the individual key included in the second access request by the terminal device 20 is common to the plurality of terminal devices 20, but the individual key supplied to the terminal device 20 by the access key supply device 10 is the terminal device. Since it is different for every 20, the possibility of leakage of the access key itself necessary for logging in to the response processing server 30 can be suppressed.
In this case, the terminal device 20 may include the encrypted individual key in the access request, and the response processing server 30 may decrypt the individual key using the terminal ID.
In short, the access key supply device 10 only needs to generate an individual key using the terminal ID acquired from the terminal device 20. On the other hand, the response processing server 30 may perform authentication by a method corresponding to the method of generating the individual key in the access key supply apparatus 10.

(Modification 7)
In the above-described embodiment, the access key supply apparatus 10 further encrypts the individual key generated using the terminal ID using the terminal ID in a method that can be decrypted using the terminal ID, It may be superimposed on the signal. For example, the access key supply apparatus 10 encrypts the individual key generated with the encryption key generated by the common key method using the terminal ID. When the terminal device 20 extracts the encrypted individual key from the acoustic signal, the terminal device 20 decrypts the individual key by performing a decryption process on the extracted individual key using the terminal ID stored in the storage unit 26. Also in this case, the terminal device 20 may decrypt the individual key with the decryption key generated by the common key method common to the access key supply device 10 using the terminal ID.
In this case, the terminal device 20 may include the encrypted individual key in the second access request, and the response processing server 30 may decrypt the individual key using the terminal ID.

  According to the authentication system 1 of this modified example, since the individual key is not embedded in the sound as it is by the acoustic watermark, it is possible to more reliably prevent the individual key from being illegally obtained by a third party. Even if the terminal device 20 acquires an individual key generated for a terminal device other than its own terminal device, the individual key cannot be decrypted. Therefore, it is also possible to prevent the terminal device 20 from requesting login to the response processing server 30 using an individual key that is not for the terminal device itself.

(Modification 8)
In the embodiment described above, the access key supply apparatus 10 may acquire the shared key through communication with the response processing server 30 and store it in the storage unit 12. In this case, the response processing server 30 may perform control for updating the shared key of the access key supply apparatus 10 through communication. At that time, the response processing server 30 may rewrite the authentication DB 331 according to the update content of the shared key. Further, the algorithm of the key generation program PRG may be updated by communication between the access key supply apparatus 10 and the response processing server 30.

(Modification 9)
In the authentication system 1 of the embodiment described above, time authentication may be further employed. In this case, it is assumed that each of the access key supply device 10 and the response processing server 30 has a timer unit for measuring the current time. When the access key supply apparatus 10 superimposes the access key (shared key or individual key) on the acoustic signal using the acoustic watermark, the access key supply apparatus 10 also superimposes the time information indicating the time measured by the timer unit of the own apparatus on the acoustic signal using the acoustic watermark. The terminal device 20 includes the time information in addition to the access key as the acoustic watermark information extracted from the acoustic signal, and transmits it to the response processing server 30. The response processing server 30 performs time authentication using time information included in the access request in addition to authentication using the access key and the terminal ID. Specifically, the response processing server 30 matches the time indicated by the time information included in the access request within a predetermined time range with the time measured by the time measuring unit of the server device itself (for example, 1 minute before and after). ), Login is permitted. On the other hand, if the response processing server 30 determines that the time indicated by the time information does not match the time measured by the time measuring unit of the server device within the above time range, the response processing server 30 logs in even if authentication is performed using the access key and the terminal ID. Is not allowed.
In this way, the response processing server 30 can reliably disallow login to the terminal device even if an access key is obtained later by the terminal device in an unauthorized manner.

(Modification 10)
In each of the embodiments described above, the access key supply device 10 supplies the access key by a method of sound emission from the speaker 14, but the present invention may be modified as follows.
FIG. 16 is a diagram for explaining the outline of the authentication system of this modification.
As shown in FIG. 16, here, a case where the communicable area is configured in a restaurant such as a fast food restaurant will be described. A plurality of tables 100 and chairs 200 as shown in FIG. 16 are arranged in the restaurant. A user of the terminal device 20 who is a restaurant customer may sit on the chair 200, place an order on the table 100, and use the terminal device 20. In this restaurant, one acoustic shaker 50 is distributed to each customer per table 100 when ordering goods. The user attaches the distributed acoustic exciter 50 to the table 100 used by the user. As shown in FIG. 16, for example, the user wears the acoustic vibrator 50 at a position relatively close to itself on the back surface of the table 100. The acoustic exciter 50 vibrates a member to which the acoustic exciter 50 is attached under the control of the access key supply device 10 according to an acoustic signal in which the access key is superimposed from the member. Sounds are emitted. Here, this member is the table 100 on which the acoustic vibrator 50 is mounted, and the member (table 100) and the acoustic vibrator 50 come into contact with each other and vibrate together. Therefore, in this modification, the table 100 and the acoustic exciter 50 constitute a sound emitting unit.

FIG. 17 is a block diagram illustrating a hardware configuration of the acoustic vibrator 50.
As shown in FIG. 17, the acoustic exciter 50 includes a control unit 51, a wireless communication unit 52, and an excitation unit 53. The control unit 51 is a control device including an arithmetic device including a CPU and a memory. The arithmetic device controls the acoustic exciter 50 by executing a program stored in the memory. The wireless communication unit 52 is an interface that includes a wireless communication circuit and an antenna and performs wireless communication with an access key supply device 10a described later. The vibration unit 53 generates a vibration corresponding to the control signal of the control unit 51, and causes the generated vibration to act outside.

  FIG. 18 is a block diagram showing a hardware configuration of the access key supply apparatus 10a of the present modification. As illustrated in FIG. 18, the access key supply apparatus 10 a includes a control unit 11, a storage unit 12, and a wireless communication unit 16. The control unit 11 and the storage unit 12 basically have the same configuration as that of the above-described embodiments, but the control unit 11 performs control for supplying an access key by acoustic excitation. The wireless communication unit 16 is an interface for performing wireless communication. Here, the wireless communication unit 16 transmits information necessary for acoustic excitation to an area corresponding to a sound emitting area.

The access key supply device 10a of this modification controls the acoustic exciter 50 so as to vibrate the table 100 according to the acoustic signal. Specifically, the control unit 11 modulates an acoustic signal on which an access key is superimposed with a carrier wave, and transmits this transmission signal by the wireless communication unit 16. When the wireless communication unit 52 receives this transmission signal, the control unit 51 of the acoustic exciter 50 demodulates the acoustic signal on which the access key is superimposed. Then, the control unit 51 causes the vibration unit 53 to vibrate so that the sound represented by the demodulated acoustic signal is emitted from the table 100. Since the user who sits down on the chair 200 holds his terminal device 20 in the vicinity of the table 100 or places it on the table 100, the control unit 21 detects the sound emitted from the table 100 and detected by the microphone 24. An acoustic signal representing the generated sound is acquired.
In this modification, the access key supply device 10 controls the acoustic exciter 50 by transmitting the access key to the acoustic exciter 50 by the wireless communication unit 16. It's okay.

  According to the authentication system of this modification, the area to which the access key is supplied is limited to the vicinity of the table 100, for example. That is, only the terminal device 20 of the user in the vicinity of the table 100 can acquire the access key, and the service can be provided only for the person who uses the table 100, that is, the person who ordered the product. As a result, it is possible not to provide an access key to users who are not in the vicinity of the table 100 and have simply entered the store, so it is possible to further limit the area where the service is provided, and the product It can also be said that this service is suitable for providing this service as part of sales activities such as sales.

(Modification 11)
The configuration of the above-described modification 10 may be configured such that the acoustic exciter starts to excite at the timing when the user sits on the chair 200 while the acoustic exciter is mounted on the table 100.
FIG. 19 is a diagram for explaining the outline of the authentication system of this modification. In this modification, it is assumed that a product ordered and received by the user is placed on the tray 300 and carried to his / her seat to eat and drink. Here, the tray 300 is provided with an RFID (Radio Frequency IDentification) element 310 as shown in FIG. In the RFID element 310, information for identifying that the RFID element 310 is provided on the tray 300 is written in advance.

FIG. 20 is a block diagram illustrating a hardware configuration of the acoustic vibrator 50a.
As shown in FIG. 20, the acoustic exciter 50 a includes a control unit 51, a wireless communication unit 52, an excitation unit 53, and a reading unit 54. Among these, the configurations of the control unit 51, the wireless communication unit 52, and the excitation unit 53 are the same as in the tenth modification. The reading unit 54 is a so-called RFID reader, and reads information written in the RFID element 310.

In the acoustic exciter 50a, when the tray 300 is not in the vicinity, such as when no one is sitting on the chair 200, the reading unit 54 tries to read information from the RFID element 310 while the wireless communication unit 52 is stopped. . Eventually, when the user places the tray 300 on the table 100 and the reading unit 54 reads the information of the RFID element 310 of the tray 300, a reading signal indicating that the information has been read is output to the control unit 51. The control unit 51 starts using the table 100 when the read signal is received, and the acoustic exciter 50a attached to the table 100 can be excited. The wireless communication unit 52 notifies the access key supply apparatus 10a that the vibration by 50a is started. The control unit 11 of the access key supply device 10a triggers the acoustic exciter 50a to vibrate the table 100 according to the acoustic signal on which the access key is superimposed, when this notification is received by the wireless communication unit 16. Control.
Eventually, when the user leaves the tray 300, the control unit 51 does not read the RFID element 310 by the reading unit 54 and is not supplied with a read signal. Therefore, if the user does not sit on the chair 200, to decide. Then, the control unit 51 controls the wireless communication unit 52 to stop wireless communication so that the reading unit 54 does not perform reading.

With the above configuration, the access key supply device 10a can supply an access key only when necessary without the user turning on and off the acoustic vibrator 50a. As a result, the acoustic exciter 50a does not vibrate the table 100 when it is not necessary to distribute the access key, such as when the seat 300 is seated but the tray 300 on which the ordered product is placed is not placed on the table 100. Therefore, low power consumption of the acoustic vibrator 50a can be expected. In addition, the possibility of using this service by a person who does not use the tray 300, that is, a person who does not order goods and is not a target for providing the service, can be further reduced, and the area where the service is provided is further limited. Is possible.
In this modification, the acoustic excitation of the acoustic exciter 50a is switched on and off using the RFID element 310 and the reading unit 54. For example, an infrared communication method, a contact type or a non-contact type IC chip is used. You may implement | achieve by the communication system using this, a near field communication system, etc. Moreover, the structure which switches a user on and off the acoustic excitation of the acoustic vibrator 50a manually may be sufficient. Also in this modified example, the acoustic vibration exciter 50a may be distributed to the person who ordered the product. In this modification, the RFID element 310 is provided on the tray 300, but it may be provided on another portable member.

(Modification 12)
In each embodiment described above, the detection unit that detects sound is a microphone, and the sound emitting unit that emits the sound indicated by the acoustic signal on which information is superimposed by the acoustic watermark is a speaker. In this case, the microphone detects sound that is vibration of gas (more specifically, air), and the speaker emits sound that is vibration of gas (more specifically, air). is there. On the other hand, the detection unit / sound emitting unit may detect / sound a solid or liquid vibration. At this time, the sound emitting unit is realized by a vibrator that applies vibration to the outside and a medium that is vibrated by the vibrator. That is, the vibrator emits sound by propagating an elastic wave to the member. On the other hand, the detection unit is, for example, a vibration pickup (vibration detector) and detects sound that is an elastic wave propagating through the member.
Even in such a configuration of the detection unit / sound emitting unit, if the acoustic signal includes the frequency component of the acoustic watermark information, the terminal device 20 extracts the acoustic watermark information from the acoustic signal, and the acoustic watermark information is Various processes can be executed by using.

(Modification 13)
The terminal device of the present invention may be a terminal other than a smartphone. For example, the present invention is applied to various terminal devices such as a mobile phone, a tablet terminal, a PDA (Personal Digital Assistant), a mobile computer, a game machine, and a digital signage. Can also be applied.
Further, the response processing server 30 is not limited to executing response processing for transmitting content data, and may be any server that executes some response processing on the terminal device 20 according to the authentication result.

  Further, the place where the access key supply device 10 forms the sound emission area may be anywhere as long as the service of the response processing server 30 is provided to the terminal device 20. For example, the access key supply apparatus 10 may be installed at a place where an unspecified number of persons enter and exit, such as a station premises, a hotel lobby, or an office lobby. In addition, an access key supply device 10 may be installed in a place where a specific person such as a company, a factory, or a house enters and exits in order to provide an individual service to the specific person.

  The programs executed by the control unit 11 of the access key supply device 10, the control unit 21 of the terminal device 20, and the control unit 31 of the response processing server 30 in each embodiment described above are magnetic recording media (magnetic tape, magnetic disk ( HDD, FD, etc.), optical recording media (optical discs (CD, DVD), etc.), magneto-optical recording media, and computer-readable recording media such as semiconductor memories. It is also possible to download via a network such as the Internet.

DESCRIPTION OF SYMBOLS 1 ... Authentication system 10, 10A, 10B, 10a ... Access key supply apparatus, 100 ... Table, 11 ... Control part, 111 ... Superimposition part, 112 ... Sound emission control part, 113 ... ID acquisition part, 114 ... Generation part, DESCRIPTION OF SYMBOLS 115 ... Detection result acquisition part, 116 ... Period setting part, 12 ... Memory | storage part, 121 ... Schedule data, 13 ... Communication part, 14 ... Speaker, 15 ... Detection apparatus IF, 16 ... Wireless communication part, 20 ... Terminal apparatus, 200 DESCRIPTION OF SYMBOLS ... Chair, 21 ... Control part, 211 ... Acoustic signal acquisition part, 212 ... Extraction part, 213 ... Access control part, 22 ... UI part, 23 ... Wireless communication part, 24 ... Microphone, 25 ... Speaker, 26 ... Memory | storage part, DESCRIPTION OF SYMBOLS 30 ... Response processing server, 300 ... Tray, 31 ... Control part, 311 ... 1st acquisition part, 312 ... 1st authentication part, 313 ... Provision part, 314 ... 2nd acquisition part, 315 ... 2nd authentication part, DESCRIPTION OF SYMBOLS 16 ... Response processing part, 32 ... Communication part, 33 ... Memory | storage part, 331 ... Authentication DB, 332 ... Content DB, 40 ... Detection apparatus, 50 ... Acoustic exciter, 50a ... Acoustic exciter, 51 ... Control part, 52 ... Wireless communication unit, 53 ... Excitation unit

Claims (6)

An ID acquisition unit that communicates with a server device that has been successfully authenticated by the first access key shared by a plurality of terminal devices, and acquires a terminal ID that identifies the terminal device;
A generation unit that generates a second access key used for the terminal device indicated by the terminal ID to log in to the server device, using the terminal ID acquired by the ID acquisition unit;
A superimposing unit that superimposes the first access key on an acoustic signal by an acoustic watermark in a first period, and superimposes the second access key generated by the generation unit on an acoustic signal by an acoustic watermark in a second period different from the first period. When,
An access key supply device comprising: a sound emission control unit that causes the sound emission unit to emit a sound indicated by the acoustic signal on which the first or second access key is superimposed by the superimposition unit. A detection result acquisition unit that acquires a detection result of an environment that varies depending on the number of the terminal devices in the sound emission area of the sound emission unit;
The access key supply apparatus according to claim 1, further comprising: a period setting unit that sets the first period and the second period according to the detection result acquired by the detection result acquisition unit. Identifying the first access key shared by a plurality of terminal devices extracted in the first period from the acoustic signal indicating the sound emitted by the access key supply device, and the terminal device from which the first access key is extracted A first acquisition unit for acquiring a terminal ID to be acquired by communication with the terminal device;
A first authenticating unit that authenticates the terminal device with the first access key and the terminal ID acquired by the first acquiring unit;
When the first authentication unit succeeds in authenticating the terminal device, the providing unit provides the access key supply device with the terminal ID acquired by the first acquisition unit,
By using the terminal ID provided by the providing unit extracted from the acoustic signal indicating the sound emitted by the access key supply device in a second period different from the first period, by the access key supply apparatus The generated second access key, the second access key used for the terminal device indicated by the terminal ID to log in to the own server device, and the terminal ID for identifying the terminal device are A second acquisition unit for acquiring by communication;
A second authentication unit that authenticates the terminal device with the second access key acquired by the second acquisition unit and the terminal ID;
A server apparatus comprising: a response processing unit that performs a specific response process on the terminal device that has been successfully authenticated by the second authentication unit. The response processing unit
The response process according to the length of a period from when the authentication by the first authentication unit is performed until when the authentication by the second authentication unit is performed is performed. Server device. An access key supply device that supplies an access key to the terminal device; and a server device that authenticates the terminal device using the access key;
The access key supply device includes:
An ID acquisition unit that communicates with the server device that has been successfully authenticated by the first access key shared by a plurality of terminal devices and acquires a terminal ID that identifies the terminal device;
A generation unit that generates a second access key used for the terminal device indicated by the terminal ID to log in to the server device, using the terminal ID acquired by the ID acquisition unit;
A superimposing unit that superimposes the first access key on an acoustic signal by an acoustic watermark in a first period, and superimposes the second access key generated by the generation unit on an acoustic signal by an acoustic watermark in a second period different from the first period. When,
A sound emission control unit that causes the sound emission unit to emit a sound indicated by the acoustic signal on which the first or second access key is superimposed by the superimposition unit;
The server device
A first access key extracted by the terminal device from an acoustic signal indicating a sound emitted by the control of the sound emission control unit, and a terminal ID indicating the terminal device from which the first access key is extracted, A first acquisition unit that acquires through communication with a terminal device;
A first authenticating unit that authenticates the terminal device with the first access key and the terminal ID acquired by the first acquiring unit;
When the first authentication unit succeeds in authenticating the terminal device, the providing unit provides the access key supply device with the terminal ID acquired by the first acquisition unit,
A second access key generated by the generating unit using a terminal ID provided by the providing unit, extracted from an acoustic signal indicating a sound emitted by the control of the sound emitting control unit, A second acquisition key that acquires a second access key used for the terminal device indicated by the terminal ID to log in to the server device and a terminal ID for identifying the terminal device by communication with the terminal device;
A second authentication unit that authenticates the terminal device with the second access key acquired by the second acquisition unit and the terminal ID;
An authentication system comprising: a response processing unit that performs a specific response process on the terminal device that has been successfully authenticated by the second authentication unit. A communication unit that communicates with the server device;
An acoustic signal acquisition unit for acquiring an acoustic signal;
An extraction unit for extracting a first access key shared by a plurality of terminal devices or a second access key generated using a terminal ID indicating the own terminal device from the acoustic signal acquired by the acoustic signal acquisition unit;
The communication unit sends the first access key and the terminal ID extracted by the extraction unit to the server device to request authentication of the own terminal device, and the server device uses the first access key and the terminal ID. After successful authentication of the local terminal device, the second access key and the terminal ID extracted by the extraction unit are transmitted to the server device by the communication unit, and an access requesting login to the server device is requested. A terminal device comprising: a control unit.

Images