JP2014138404A - Mutual authentication system, terminal device, mutual authentication server, mutual authentication method, and mutual authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a mutual authentication system and the like that configure an ad-hoc connection relation between information apparatuses.SOLUTION: A mutual authentication system 1 is constructed through mutual connection between a plurality of terminal devices 3 and 4 and a mutual authentication server 2. Each terminal device 3 includes: audio data collection means 3a for collecting a peripheral environmental sound as audio data; feature vector generation means 3b for analyzing a frequency component of the audio data to generate feature vectors and transmitting the feature vectors to the mutual authentication server; and mutual authentication means 3c for performing mutual authentication with another terminal device using an authentication key returned from the mutual authentication server. The mutual authentication server 2 includes: feature vector selection means 2a for selecting the feature vectors whose acquisition times fall within a predetermined difference range; feature vector comparison means 2b for determining whether the selected feature vectors agree with each other; and key sharing means 2c for, when the selected feature vectors agree with each other, generating the authentication key.

Description

  The present invention relates to a mutual authentication system, a terminal device, a mutual authentication server, a mutual authentication method, and a mutual authentication program, and more particularly to a mutual authentication system for constructing an ad hoc connection relationship between specific devices.

  The technology of data communication between information devices has been developed recently, but there are cases where it is desired to establish an "ad hoc (non-permanent, temporary)" connection relationship between specific devices. . For example, when a company employee and a trader have a business meeting, they may want to share materials, minutes, etc. between the attendees of the meeting. Or it may be the case where people who have no particular contact in a specific place (for example, a restaurant or a concert or sports game venue) want to build a community.

  Even when such an ad hoc connection relationship is established, mutual authentication between devices is essential. In this case, it is desirable that the mutual authentication can be performed by a simpler operation for the user, rather than a complicated operation in which the user inputs a long digit PIN (Personal Identification Number), a password, or the like.

  The following technical documents are related to this. Patent Document 1 discloses a communication function that detects that buttons provided on an apparatus are simultaneously pressed, generates a unique group connection ID, and uses this as a common key (authentication key) for mutual authentication. Is described.

  Non-Patent Document 1 describes an outline of a technique in which keys are shared by holding devices provided with a non-contact IC reader and used for mutual authentication as an authentication key. Further, in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, a common change amount is detected by applying the same movement from the outside to two devices provided with an acceleration sensor, thereby sharing an authentication key. The technology is described.

  Patent Document 4 describes a mutual authentication system in which a mobile terminal reads a two-dimensional code generated by a web server and displayed on a terminal, thereby generating unique information for specifying a user. Patent Document 5 describes an authentication method that includes a plurality of terminals and a session management apparatus, and exchanges key information between terminals via an encrypted channel established by the terminal-session management apparatus.

  Further, Patent Document 6 describes an authentication system in which authentication is performed using time-series data such as position information and acceleration information in an in-vehicle device. Japanese Patent Application Laid-Open No. 2004-228688 describes a technique in which an optical disc apparatus learns a timing deviation amount between light spots on the apparatus and corrects a clock phase. Patent Document 8 describes a technique of sampling a drive sound of a disk device and classifying the device into a non-defective product and a defective product by this.

Japanese Patent No. 3707660 JP 2008-31726 A JP 2010-187282 A JP 2009-1224311 A JP 2005-160005 A JP 2011-101118 A Japanese Patent Application Laid-Open No. 08-221759 Japanese Patent Laid-Open No. 08-077683

Sony Corporation, “SDK for NFC / SDK for FeliCa Product Overview”, December 12, 2011, [Search January 31, 2012], Internet <URL: http://www.sony.co.jp/ Products / felica / business / data / SDK_Products.pdf> J. Lester, B. Hannaford, and G. Borriello. "“ Are You With Me? ”-Using accelerometers to determine if two devices are carried by the same person.", Pervasive2004, LNCS 3001, pp.33-50, 2004 . Y. Huynh and B. Schiele. "Analyzing features for activity recognition." SOc-EUSAI’05, pp.159-163, 2005. D. Bichler, G. Stromberg, M. Huemer, and M. Low. "Key generation based on acceleration data of shaking processes." UbiComp2007, LNCS 4717, pp.304-417, 2007.

  Although each of the above-described mutual authentication methods, in the technique described in Patent Document 1, an operation of pressing a button is an action that can be easily performed by a third party. There is a risk of issuing an authentication key. Further, if the timing is shifted by the operation of simultaneously pressing the buttons, even a legitimate user may not be able to authenticate normally, so the convenience of this system is not high. The technique described in Non-Patent Document 1 has a problem in cost because it is necessary to equip each device with a non-contact IC reader.

  In the techniques described in Patent Literatures 2 to 3 and Non-Patent Literatures 2 to 4, the user needs to perform operations such as shaking the two devices together. For example, there are many devices that cannot be operated due to physical reasons such as being large, heavy, and vulnerable to impact, and thus cannot be applied to such devices.

  The technology that can solve this problem is not described in the remaining Patent Documents 4 to 8. The technique described in Patent Document 4 is for authenticating that the terminal and the portable terminal are the same user, and does not construct an ad hoc connection relationship, so the object of the invention is different in the first place. . The technique described in Patent Document 5 is a technique for constructing a communication path for distributing an authentication key, and is not a technique for generating an authentication key.

  Since the technique described in Patent Document 6 is a technique for authenticating an in-vehicle device using vehicle position information, acceleration information, and the like, it is not a technology that can be applied to devices other than the in-vehicle device. Since the technique described in Patent Document 7 is a technique for correcting the phase of a clock with an optical disc apparatus, this technique is also not a technique applicable to authentication key generation. The technique described in Patent Document 8 is a technique for classifying a disk device into a non-defective product and a defective product, and is not a technology that can be applied to authentication key generation.

  In addition, the server computer that issues the authentication key is likely to be overloaded when it receives issuance requests from many terminal devices at a time. Therefore, it is desirable that the processing that can be performed on the terminal device side be performed on the terminal device side as much as possible. In particular, recently, since high-functional smartphones are often used as terminal devices, it can be said that the necessity of processing on the terminal device side as much as possible is increasing. Technologies that can solve this point are not described in Patent Documents 1 to 8 and Non-Patent Documents 1 to 4.

  An object of the present invention is that mutual operations that do not require complicated operations for the user, do not significantly increase costs, and can reduce the load on the server side and establish an ad hoc connection relationship between information devices. An object is to provide an authentication system, a terminal device, a mutual authentication server, a mutual authentication method, and a mutual authentication program.

  In order to achieve the above object, a mutual authentication system according to the present invention is a mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server to each other. Voice data collection means for collecting environmental sound as voice data, feature vector generation means for analyzing the frequency component of voice data to generate a feature vector and transmitting it to the mutual authentication server, and a mutual authentication server according to the feature vector Mutual authentication means for performing mutual authentication with another terminal device using the authentication key returned from the mutual authentication server, and the mutual authentication server obtains the acquisition time in advance from the feature vectors received from each terminal device. Feature vector selection means for selecting one within a given difference, and feature vector comparison means for determining whether or not these feature vectors match between the terminal devices It has a key sharing unit generates and transmits an authentication key to each terminal device when the feature vector is matched, characterized by.

  In order to achieve the above object, a terminal device according to the present invention is a terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system, and that is used to convert ambient environmental sound into audio data. Voice data collection means that collects as follows, feature vector generation means that analyzes frequency components of voice data to generate a feature vector and transmits it to the mutual authentication server, and has been returned from the mutual authentication server according to this feature vector And a mutual authentication unit that performs mutual authentication with another terminal device using an authentication key.

  In order to achieve the above object, a mutual authentication server according to the present invention is a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system, from among feature vectors received from each terminal device. Feature vector selection means for selecting an acquisition time within a given difference, feature vector comparison means for determining whether or not these feature vectors match between the terminal devices, and feature vectors match And a key sharing means for generating and transmitting an authentication key to each terminal device.

  To achieve the above object, a mutual authentication method according to the present invention is a mutual authentication system in which a plurality of terminal devices and a mutual authentication server are connected to each other, and voice data collection means of each terminal device However, the ambient environmental sound is collected as voice data, and the feature vector generation means of each terminal device analyzes the frequency component of the voice data to generate a feature vector and transmits it to the mutual authentication server. The vector selection means selects one of the feature vectors received from each terminal device that has an acquisition time within a predetermined difference, and the feature vector comparison means of the mutual authentication server selects these features between the terminal devices. It is determined whether the vectors match, and the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match, Mutual authentication means location is, by using the authentication key has been returned to perform mutual authentication with another terminal apparatus, characterized by.

  In order to achieve the above object, another mutual authentication method according to the present invention is provided in one terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system, and includes voice data collection means. However, the surrounding environmental sound is collected as voice data, the feature vector generation means analyzes the frequency component of the voice data, generates a feature vector, and transmits it to the mutual authentication server. The mutual authentication means responds to the feature vector. And performing mutual authentication with another terminal device using an authentication key returned from the mutual authentication server.

  In order to achieve the above object, another mutual authentication method according to the present invention is a mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system, wherein the feature vector selection means includes each terminal device. From the feature vectors received from, the feature vector comparison means determines whether or not these feature vectors match between the terminal devices, and the key The sharing means generates and transmits an authentication key to each terminal device when the feature vectors match.

  In order to achieve the above object, a mutual authentication program according to the present invention is provided in a processor included in one terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system. , A procedure for collecting ambient environmental sounds as voice data, a procedure for analyzing frequency components of voice data to generate a feature vector and transmitting it to the mutual authentication server, and a response from the mutual authentication server according to the feature vector A procedure for performing mutual authentication with another terminal device using an authentication key is executed.

  In order to achieve the above object, another mutual authentication program according to the present invention is provided in a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system. A procedure for selecting a feature vector received from a terminal device that has an acquisition time within a predetermined difference, a procedure for determining whether or not these feature vectors match between the terminal devices, and a feature vector In the case where they match, a procedure for generating and transmitting an authentication key to each terminal device is executed.

  Since the present invention is configured such that the mutual authentication server generates the authentication key when the feature vectors of the environmental sounds around the terminal device match as described above, the voice input means provided in many devices in advance is provided. Mutual authentication can be performed by using it as it is. This makes it possible to construct an ad hoc connection relationship between information devices without requiring a complicated operation for the user, without significantly increasing costs, and reducing the load on the server side. A mutual authentication system, a terminal device, a mutual authentication server, a mutual authentication method, and a mutual authentication program having characteristics can be provided.

It is explanatory drawing shown about the structure of the mutual authentication system which concerns on the basic form of this invention. It is explanatory drawing shown about the structure of the mutual authentication system which concerns on the 1st Embodiment of this invention. It is explanatory drawing which shows in more detail the structure of the feature vector production | generation means shown in FIG. It is explanatory drawing shown about an example of the operation | movement in which the audio | voice data compression means shown in FIG. 2 obtains the representative value of environmental sound. It is explanatory drawing shown about the process which the Fourier-transform function of the feature vector production | generation means shown in FIG. 3 performs. It is explanatory drawing shown about the process which the cutoff function of the feature vector production | generation means shown in FIG. 3 performs. It is explanatory drawing shown about the process which the quantization function of the feature vector production | generation means shown in FIG. 3 performs. FIG. 8 is an explanatory diagram showing examples of a plurality of types of quantization patterns prepared in advance when the quantization function of the feature vector generation unit shown in FIG. 3 performs the processing shown in FIG. 7. It is explanatory drawing shown about the process which the feature vector selection means and the feature vector comparison means shown in FIG. 2 perform. It is explanatory drawing shown about the process which the key sharing means shown in FIG. 2 performs. It is explanatory drawing which shows the example of the mutual authentication system produced experimentally. It is a graph which shows the change with respect to the measurement time of the sum total of the information content calculated between each terminal device in the mutual authentication system shown in FIG. It is explanatory drawing shown about the process by the time correction means shown in FIG. It is a flowchart shown about operation | movement of the mutual authentication performed between the mutual authentication server shown in FIG. 2, and a terminal device. It is explanatory drawing shown about the structure of the mutual authentication system which concerns on the 2nd Embodiment of this invention. It is explanatory drawing shown about the more detailed structure of the feature vector production | generation means shown in FIG. It is explanatory drawing which shows in detail the process by the frequency selection function and quantization function which were shown in FIG. It is explanatory drawing shown about the process which the feature vector comparison means shown in FIG. 15 performs. It is a flowchart shown about the operation | movement of the mutual authentication performed between the mutual authentication server shown in FIG. 15, and a terminal device.

(Basic form)
Hereinafter, the basic configuration of the present invention will be described with reference to FIG.
A mutual authentication system 1 according to a basic form is a mutual authentication system configured by connecting a plurality of terminal devices 3 and 4 and a mutual authentication server 2 to each other via a network 5. Each terminal device 3 includes an audio data collection unit 3a that collects ambient environmental sound as audio data, a feature vector generation unit 3b that analyzes a frequency component of the audio data, generates a feature vector, and transmits the feature vector to the mutual authentication server And a mutual authentication means 3c for performing mutual authentication with another terminal device using an authentication key returned from the mutual authentication server in accordance with the feature vector. Then, the mutual authentication server 2 selects a feature vector selection unit 2a that selects a feature vector received from each terminal device that has an acquisition time within a predetermined difference, and the feature vector between the terminal devices. Feature vector comparison means 2b for determining whether or not they match, and key sharing means 2c for generating and transmitting an authentication key to each terminal device when the feature vectors match.
Specifically, how these means are realized and how the processing is performed will be described as the following first and second embodiments.

(First embodiment)
Then, the structure of embodiment of this invention is demonstrated based on attached FIGS.
First, the basic content of the present embodiment will be described, and then more specific content will be described.
The mutual authentication system 100 according to the present embodiment is a mutual authentication system configured by connecting a plurality of terminal devices 20 and a mutual authentication server 10 to each other. Each terminal device 20 includes an audio data collection unit 202 that collects ambient environmental sound as audio data, a feature vector generation unit 204 that analyzes a frequency component of the audio data, generates a feature vector, and transmits the feature vector to the mutual authentication server. And a mutual authentication unit 206 that performs mutual authentication with another terminal device using an authentication key returned from the mutual authentication server in accordance with the feature vector. Then, the mutual authentication server 10 selects the feature vector selection means 102 that selects a feature vector received from each terminal device within the difference in which the acquisition time is given in advance, and the feature vectors between the terminal devices are A feature vector comparison unit 103 that determines whether or not they match, and a key sharing unit 104 that generates and transmits an authentication key to each terminal device when the feature vectors match.

  Each terminal device 20 includes time synchronization means 201 that synchronizes time with each other in advance. Furthermore, the terminal device 20 has time correction means 205 that calculates the exact time at which the audio data is acquired from the elapsed time since the previous time was adjusted by the time synchronization means and the average value of the amount of time deviation that occurred in the past.

  Then, the feature vector generation means 204 of the terminal device 20 divides the voice data into time windows having a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum. And a quantization function 204c that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a preset threshold value. Further, it has a cut-off function 204b that removes a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifts it to the quantization function.

By providing the above configuration, the mutual authentication system 1 does not require a complicated operation for the user, does not significantly increase the cost, and reduces the load on the server side to establish an ad hoc connection relationship between information devices. It becomes possible to construct.
Hereinafter, this will be described in more detail.

  FIG. 2 is an explanatory diagram showing the configuration of the mutual authentication system 100 according to the first embodiment of the present invention. The mutual authentication system 100 includes two terminal devices 20a and 20b (hereinafter collectively referred to as the terminal device 20) to be subjected to mutual authentication, and a mutual authentication server that generates and gives an authentication key to these terminal devices 20. 10 are connected to each other via a network 30. Here, the network 30 may be a wired connection or a wireless connection, and the connection form and protocol are not particularly limited.

  The mutual authentication server 10 has a basic configuration as a computer device. In other words, the computer 11 includes a processor 11 that is an operation subject of the computer program, a storage unit 12 that stores the program and data, and a communication unit 13 that performs data communication with each terminal device 20.

  The processor 11 of the mutual authentication server 10 receives the feature vector generated by the time synchronizer 101 that synchronizes the time with the terminal device 20 and each terminal device 20 by operating the mutual authentication program. Feature vector selection means 102 that selects an acquisition time within a given difference, and feature vector comparison means 103 that compares the selected feature vectors between the terminal devices and determines whether or not they match. , And the key sharing means 104 that generates and transmits an authentication key to each terminal device 20 when the feature vectors match. The generated authentication key 111 is stored in the storage unit 12.

  The terminal devices 20 (20a and 20b) both have the same configuration, and all have a basic configuration as a computer device. That is, the voice data is transmitted by the processor 21 that is the main operating body of the computer program, the storage unit 22 that stores the program and data, the communication unit 23 that performs data communication with the mutual authentication server 10 and other terminal devices 20, and a microphone. Voice input means 24 for acquiring and inputting

  The processor 21 of the terminal device 20 operates the mutual authentication program to convert the environmental sound acquired through the time synchronization unit 201 and the voice input unit 24 that synchronize the time with other devices into the time series change of the sound pressure. Voice data collecting means 202 that collects data (voice data), voice data compression means 203 that compresses the data amount of the acquired voice data, and a feature vector that is generated from the compressed voice data and transmitted to the mutual authentication server 10 The vector generation unit 204, the time correction unit 205 that corrects the time set by the time synchronization unit 201 more precisely, and the mutual authentication unit 206 that receives the authentication key from the mutual authentication server 10 and performs mutual authentication function. The storage unit 22 stores the authentication key 211 received from the mutual authentication server 10.

  FIG. 3 is an explanatory diagram showing the configuration of the feature vector generating unit 204 shown in FIG. 2 in more detail. The feature vector generation unit 204 is further divided into three functional units, that is, a Fourier transform function 204a, a cutoff function 204b, and a quantization function 204c.

  The Fourier transform function 204a performs FFT (Fast Fourier Transform) on the input time-series data and outputs a power spectrum. The cut-off function 204b cuts a frequency component having a frequency equal to or higher than a cut-off frequency given in advance in the input power spectrum. The quantization function 204c compares the output power spectrum with a plurality of threshold values given in advance, and outputs a feature vector whose element is a quantized value of the power spectrum for each frequency.

(Time synchronization means)
Next, the operation of each means of the mutual authentication server 10 and the terminal device 20 will be described. In the mutual authentication server 10 and the terminal devices 20a and 20b, the respective time synchronization means 101 and 201 perform time synchronization processing for adjusting time between each other. This time synchronization process may be performed when the mutual authentication server 10 and the terminal devices 20a and 20b are turned on, or may be performed periodically at a specific cycle. An NTP (Network Time Protocol) protocol can be used for time synchronization. When an external NTP server can be used, the synchronization processing of the terminal device 20 may make an inquiry to the external server via NTP. In this case, the mutual authentication server 10 may not necessarily include the time synchronization means 101. The processing by the time correction unit 205 will be described later.

(Voice data collection means)
The audio data collection means 202 of the terminal device 20 is based on the premise that the above time synchronization processing is performed, and a reference time set in advance as a common value between the mutual authentication server 10 and each terminal device 20 Based on t0 and time interval w, when the current time (elapsed time from the reference time) t (where t0 + (α-1) w <t <t0 + αw, α is a natural number), from t = (t0 + αw) time point The environmental sound for time w is acquired through the voice input means 24, and is sampled at a sampling rate f (unit: Hz) set as a common value between the mutual authentication server 10 and each terminal device 20. And obtained as sound pressure data.

  Here, the values of t0, w, and f may be set as common values in the time synchronization process. For example, when values such as t0 = 0, w = 3, t = 10, and f = 8000 (8 kHz) are set, the environmental sound is composed of sound pressure values of 8000 sounds / second for 12 to 15 seconds. It means that it is collected as time-series audio data.

(Audio data compression means)
FIG. 4 is an explanatory diagram showing an example of an operation in which the audio data compression unit 203 shown in FIG. 2 obtains a representative value of the environmental sound. The voice data compression unit 203 reduces the data amount by using the sound pressure data 251 of the environmental sound of f pieces / second collected by the voice data collection unit 202 as data of fc (f> fc) pieces / second. To do.

  More specifically, the data is divided into the number of quotients obtained by dividing f by fc, and the maximum value obtained for each division is set as the representative value of the section to generate a total of fc time-series data 252. Then, the time-series data 252 is transmitted to the mutual authentication server 10 together with the label 252b indicating the sensing time in the voice data collection unit 202. Here, the label 252b indicates a time range in which audio data is acquired, such as “t0 + αw to t0 + (α + 1) w”. Further, instead of the maximum value, an average value in the time range can be used as a representative value. Hereinafter, this “time range in which the audio data is acquired” is referred to as a target time range.

  In this example, assuming that f = 8000 and fc = 100, the audio data compression unit 203 obtains an average value of every 80 sound pressure values and obtains time series data 252 of 100 / second. When w = 3, 300 time-series data are obtained every 3 seconds. By this processing, it is possible to obtain time-series data from which high-frequency components included in the audio data are removed.

(Feature vector generation means / Fourier transform function)
FIG. 5 is an explanatory diagram showing processing performed by the Fourier transform function 204a of the feature vector generation unit 204 shown in FIG. The Fourier transform function 204a divides the time-series data obtained by the audio data compression unit 203 into small sections having a predetermined time interval. This is referred to herein as time windows 301-303. The Fourier transform function 204a performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum indicating the frequency characteristics. FIG. 5 shows a power spectrum 311 output with respect to the time window 301.

  The time series data received from each terminal device 20 includes sound pressure values of 100 / unit time as described above. In the example shown in FIG. 5, 64 continuous sound pressure values are used as one time window 301. In addition, 50% (32 pieces) of them are overlapped with the next time window 302. The subsequent time window 303 is also overlapped with the previous time window 302 by 50% (32). The rate at which the continuous time windows are overlapped can be arbitrarily set. By doing in this way, more time windows can be cut out as comparison target data from time series data in the same target time range.

(Feature vector generation means / cut-off function)
FIG. 6 is an explanatory diagram showing processing performed by the cut-off function 204b of the feature vector generation unit 204 shown in FIG. The cut-off function 204b cuts a frequency component having a frequency equal to or higher than a predetermined cut-off frequency fm from the output power spectrum 311. In the example shown in FIG. 6, fm = 10 Hz, but this cutoff frequency can be set arbitrarily. Alternatively, the cut-off function 204b may be realized in an analog manner by a so-called LPF (low-pass filter) placed before the Fourier transform function 204a.

  However, fm must be a value equal to or less than half of the fc used by the audio data compression unit 203 to create time-series data. In the example shown in this specification, since fc = 100 Hz, fm = 10 Hz sufficiently satisfies the condition.

(Feature vector generation means / quantization function)
FIG. 7 is an explanatory diagram showing processing performed by the quantization function 204c of the feature vector generation unit 204 shown in FIG. The quantization function 204c performs a quantization process by applying a quantization pattern to the power spectrum 311 output from the Fourier transform function 204a. Here, the quantization pattern is a pattern in which a plurality of threshold values are set for each component frequency given in advance below the cut-off frequency fm. A plurality of quantization patterns are prepared in advance, which will be described later, and FIG. 7 shows processing by one quantization pattern.

  In the example shown in FIG. 7, one quantization pattern includes four threshold values T1 to T4 for each component frequency of the power spectrum 311. The power at each component frequency is classified into five levels. ing. Here, the component frequency is set in increments of 1 Hz from 0 to 10 Hz. For example, when the component frequency is “0 Hz”, the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”. The same applies to component frequencies of 1 Hz or higher. In actual operation, the step is obtained as fc / N from the number of data points fc per unit time of the data input to the FFT and the number N of data points in the time window.

  Region (5) if the power corresponding to each component frequency is T4 or more, region (4) if T3 or more and less than T4, region (3) if T2 or more and less than T3, region if T1 or more and less than T2. (2) If it is less than T1, it is classified into region (1). The number and value of each of these threshold values and component frequencies can be arbitrarily set. In the text of this specification, for example, “5 number” is written as “(5)”.

  As described above, for the power spectrum 311 shown in FIG. 7, the feature vector generation unit 204 outputs the feature vector 321 and transmits it to the mutual authentication server 10. The feature vector here is an array of regions corresponding to the power at each frequency for each component frequency of 1 to 10 Hz.

  FIG. 8 is an explanatory diagram showing examples of a plurality of types of quantization patterns prepared in advance when the quantization function 204c of the feature vector generation unit 204 shown in FIG. 3 performs the processing shown in FIG. In the example shown in FIG. 8, four types of quantization patterns 331 to 334 are prepared, and each of them includes four threshold values as shown in FIG.

  The number of quantization patterns can also be set arbitrarily, but the number of threshold values is common among the quantization patterns. The threshold value included in each quantization pattern is an exponentially widened value based on the maximum value of the power spectrum calculated from the time series data. The threshold value is slightly different between the quantization patterns.

  As will be described in detail later, when the power is in the vicinity of the threshold value, whether the obtained power value is higher or lower than the threshold value may change even if the acoustic characteristics and the position from the sound source are slightly different. As a result, different feature vectors may be output even for time windows obtained from the same environmental sound. For this reason, the quantization function 204c prepares a plurality of quantization patterns with the threshold value shifted little by little, and outputs a plurality of feature vectors from one time window.

  The processing up to this point is performed on audio data obtained from the environmental sound acquired by one terminal device 20, and audio data acquired by other terminal devices is not particularly involved. It can be done alone. The process of comparing the feature vector obtained from the voice data with the feature vector obtained by another terminal device is performed by the feature vector comparing means 103 of the mutual authentication server 10 described next.

(Feature vector selection means / feature vector comparison means)
FIG. 9 is an explanatory diagram showing processing performed by the feature vector selection unit 102 and the feature vector comparison unit 103 shown in FIG. The feature vector comparison means 103 compares a plurality of feature vectors output from the quantization function 204c of each terminal device 20a and 20b over the same time window, and the environmental sounds collected by these terminal devices are the same. It is determined whether or not. At this time, assuming that there are c quantization patterns prepared by the quantization function 204c, c feature vectors are output from each of the terminal devices 20a and 20b in the same time window.

  Here, the “same time window” means a time window observed and processed in exactly the same time range in each of the terminal devices 20a and 20b, but the feature vector selection means 102 is given a sensing time in advance. A combination of feature vectors within the difference is selected as “same time window”. Since the time shift that can be generated by the time synchronization processing by the time synchronization means 101 and 201 is approximately 0.01 seconds, it is desirable to set, for example, about 0.05 seconds as the “given difference”.

  Then, the feature vector comparison means 103 compares the feature vectors output c by way of the same time window in each of the terminal devices 20a and 20b, and if there is even one that matches. It is determined that the time series data match between the terminal devices 20a and 20b.

  In the example shown in FIG. 9, feature vectors 341 and 342 are output from the terminal devices 20a and 20b, respectively, in the same time range. Since the number of quantization patterns is c = 4, there are four output feature vectors 341 and 342, respectively. Each of the feature vectors 341 and 342 represents which region in FIGS. 8 to 9 corresponds to the power corresponding to each component frequency in increments of 1 Hz from 0 to 3 Hz.

  In FIG. 9 and FIG. 10 to be described later, in order to simplify the description, only the power corresponding to each component frequency of “0 to 3 Hz in 1 Hz increments” is displayed for each feature vector. The definition of “power corresponding to each component frequency” is the same as in FIG. For example, when the component frequency is “0 Hz”, the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”. The same applies to component frequencies of 1 Hz or higher.

  The feature vector comparison unit 103 finds that “(5) (1) (2) (1)” of the feature vector matches the third from the top of the feature vector 331 and the first from the top of the feature vector 332. Therefore, it is already determined that the time series data match between the terminal devices 20a and 20b.

(Key sharing means)
FIG. 10 is an explanatory diagram showing processing performed by the key sharing means 104 shown in FIG. The key sharing unit 104 receives the comparison result, generates an authentication key 111 for the terminal devices 20a and 20b, stores the authentication key 111 in the storage unit 12, and transmits the authentication key to the terminal devices 20a and 20b.

At that time, the key sharing means 104 calculates the amount of information from the generation probability of the matched feature vector, and the key length exceeds a certain threshold with the total length of the matched feature vector information for each time window as the key length. Only in this case, the hash value of the concatenated matching time windows is set as the authentication key 111. The amount of information here (selected information amount, self-entropy) is a concept in information theory. If the probability of occurrence of a certain event is P, the amount of information I (bits) calculated by the following equation 1 is used. is there.

  The key sharing means 104 counts the total number of matched feature vectors and the number of matches of individual feature vectors in the time range to be compared, but this count is not reset in units of time windows, The feature vectors that match in other time windows within the target time range are also accumulated and counted, and the total amount of information (bits) of the matched feature vectors is obtained.

  In the example illustrated in FIG. 10, the total number of feature vectors 341 that coincide between the terminal devices 20a and 20b is ten, of which “(5) (1) (4) (1)” is three, (5) (2) (4) (1) ", one" (5) (1) (4) (2) "," (5) (1) (3) (1) " Three pieces, “(5) (2) (4) (2)”, coincide with two pieces. The respective feature vectors are obtained from the time windows 301 or 262 obtained from the time series data waveforms 261 and 262 obtained from the terminal devices 20a and 20b, and matched by the feature vector comparison means. Is observed.

  In this case, for example, in the case of “(5) (1) (4) (1)”, three of the ten pieces matched, so when the probability P = 3/10 is applied to the above equation 1, the information amount I = 1.737 bits are required. Similarly, when the amount of information is calculated for other feature vectors and the total is obtained as the key length, 12.44 bits are obtained. In this example, since the threshold value is set to 10 bits, “12.44 bits” calculated here exceeds this threshold value.

  FIG. 11 is an explanatory diagram showing an example of a mutual authentication system 401 created experimentally. The mutual authentication system 401 is configured by connecting three terminal devices 420a to 420c and a mutual authentication server 410 via a wireless network. Each of the terminal devices 420a to 420c has the same configuration as that of the terminal device 20 shown in FIGS. The mutual authentication server 410 has the same configuration as the mutual authentication server 10 shown in FIGS. The terminal devices 420a and 420b are installed in the same room 421, and the terminal device 420c is installed in the adjacent room 422.

  Then, the sum of the information amounts of the matched feature vectors was calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c by the method described up to FIG. FIG. 12 is a graph showing changes with respect to the measurement time of the total amount of information calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c in the mutual authentication system 401 shown in FIG. . The sum total of the information amount calculated between the terminal devices 420a and 420b is represented as a graph 431, and the sum total of the information amount calculated between the terminal devices 420a and 420c is represented as a graph 432.

  In other words, the graph 431 represents the total amount of information calculated in each case in the situation where the same environmental sound should be observed, whereas the graph 432 represents the situation where the same environmental sound should not be observed. ing. As clearly shown in FIG. 12, the graphs 431 and 432 clearly differ in the total amount of information. Therefore, an appropriate value in the middle is set in advance as the threshold value 433, and the length of the target time when sensing is performed. It is possible to detect whether or not the environmental sounds are the same by comparing the corresponding threshold value with the total amount of information obtained.

  When it is determined that the environmental sounds are the same, the key sharing unit 104 generates a hash value of the concatenated feature vectors 341 concatenated as the authentication key 111 and stores it in the storage unit 12, and the terminal device 20a And 20b. The hash value here is an output value obtained by inputting the concatenated feature vectors 341 into an irreversible function.

(Mutual authentication means)
In the terminal devices 20a and 20b, the mutual authentication unit 204 receives the authentication key 211 (111) and stores it in the storage unit 22, and the terminal devices 20a and 20b perform mutual authentication using the authentication key. The authentication key 111 (211) is preferably transmitted and received by a secure communication method such as SSL (Secure Socket Layer). The mutual authentication operation can use a known technique such as challenge-response authentication.

(Time correction means)
The processing described above is based on the premise that the time is precisely synchronized between the mutual authentication server 10 and the terminal devices 20a and 20b. Even when the time synchronization processing by the time synchronization means 101 and 201 described above is performed, the time between these devices may be shifted by 0.01 second. In order to perform the comparison process by the feature vector comparison unit 103 normally, it is desirable to make the time shift between the devices as close to 0 as possible.

  FIG. 13 is an explanatory diagram showing processing by the time correction unit 205 shown in FIG. As described above, the time window 451 in the case where 8000 pieces / second of audio data is compressed to 100 pieces / second by the sound data compression means 203 and each time window is constituted by 64 continuous sound pressure values, This is shown in FIG. In this case, if the time shift 452 is 0.64 seconds or more with respect to this time window 451, the feature vector comparison means 103 will compare the feature vectors of the time window at completely different times. This makes the comparison itself meaningless. The time correction unit 205 performs processing for bringing such a time shift close to zero.

  At the timing when the time synchronization processing by the time synchronization means 101 and 201 described above is performed, the time correction means 205 calculates “per unit time from the amount of time deviation corrected by this time synchronization processing and the elapsed time from the previous time synchronization processing. The time deviation amount of “is calculated and recorded. Then, at the timing when the processing by the feature vector generation unit 204 is performed, the average value of the time deviation amount recorded per unit time in the past and the elapsed time from the previous time synchronization processing to the current time are applied to the approximate expression. Then, the time deviation amount at the current time is calculated, and the time obtained by correcting the current time by this time deviation amount is set as the sensing time described above.

As the approximate expression used at this time, for example, an arbitrary expression such as a linear approximate expression, a logarithmic approximate expression, or a polynomial approximate expression can be used. Among the plurality of types of approximate expressions prepared in advance, an approximate expression in which the determination coefficient R2 expressed by the following formula ² is closer to 1, that is, the relative residual is smaller is selected for each process. It may be. Here, y _i is the sample value, that is, the amount of time deviation actually measured during each time synchronization process. f _i is an estimated value based on an approximate expression for each time synchronization process.

(flowchart)
FIG. 14 is a flowchart showing a mutual authentication operation performed between the mutual authentication server 10 and the terminal device 20 shown in FIG. First, in the mutual authentication server 10 and the terminal device 20, the respective time synchronization means 101 and 201 perform time synchronization processing for adjusting the time between them (steps S101 and 201).

  Next, on the terminal device 20 side, the sound data collecting means 202 acquires the environmental sound as sound data via the sound input means 24 (step S202), and the time correction means 205 includes the time deviation accordingly. The sensing time is calculated (step S203). Then, the audio data compression means 203 of the terminal device 20 creates time-series data in which the data amount is reduced from the acquired audio data, and c patterns prepared in advance for each time window from the time-series data. By applying the quantization pattern, c feature vectors are generated and transmitted to the mutual authentication server 10 (step S204).

  In the mutual authentication server 10, the feature vector selection unit 102 selects, as the “same time window”, a combination of feature vectors whose sensing times are within a predetermined difference for the feature vectors transmitted from both terminal apparatuses. (Step S102), the feature vector comparison means 103 compares the feature vectors of the “same time window” selected by each terminal device, and determines that they match if even one feature vector is common. (Step S103). If the feature vectors do not match, the process ends abnormally.

  Receiving this comparison result, the key sharing means 104 calculates the information amount of each matched feature vector from the generation probability of the matched feature vector, and the matched feature vector only when the sum exceeds a given threshold value. Are transmitted as an authentication key to each terminal (steps S104 to S105). Even when the information amount of the feature vector does not exceed a certain threshold, the process ends abnormally. The mutual authentication means 204 of the terminal devices 20a and 20b performs mutual authentication using the received authentication key (step S205).

  Through the processing described above, this mutual authentication system can generate and issue an effective authentication key having sufficient strength only by voice input. No special operation is required for this, and since many devices are equipped in advance with hardware and software necessary for voice input, the installation cost is small.

(Overall operation of the first embodiment)
Next, the overall operation of the above embodiment will be described.
The mutual authentication method according to the present embodiment is a mutual authentication system in which a plurality of terminal devices 20 and a mutual authentication server 10 are connected to each other, and the voice data collection means of each terminal device is a peripheral device. Are collected as voice data (step S202 in FIG. 14), and the feature vector generation means of each terminal device analyzes the frequency component of the voice data to generate a feature vector and transmits it to the mutual authentication server (FIG. 14). 14 · Step S204), the feature vector selection means of the mutual authentication server selects a feature vector received from each terminal device that has an acquisition time within a predetermined difference (FIG. 14 · Step S102), The feature vector comparison means of the mutual authentication server determines whether or not these feature vectors match between the terminal devices (step S103 in FIG. 14). The key sharing means of the certificate server generates and transmits an authentication key to each terminal device when the feature vectors match (FIG. 14, step S105), and the mutual authentication means of each terminal device has returned. Mutual authentication is performed with another terminal device using the authentication key (FIG. 14, step S205).

Here, each of the above-described operation steps may be programmed to be executable by a computer, and may be executed by the processor 11 of the mutual authentication server 10 that directly executes each of the steps. The program may be recorded on a non-temporary recording medium, such as a DVD, a CD, or a flash memory. In this case, the program is read from the recording medium by a computer and executed.
By this operation, this embodiment has the following effects.

(Effect obtained by this embodiment)
Patent Documents 2 to 3 and Non-Patent Documents 2 to 4 described above disclose a configuration in which a user “shakes two devices together”. Although the environmental sound used for authentication in this embodiment can also be said to be “vibration” in a broad sense, the technique disclosed by the prior art cannot be directly applied to this embodiment for the following reason.

  The vibration that is the subject of authentication in this prior art is at most several times a second. On the other hand, for example, in the specification of a microphone for voice call of a mobile phone terminal, the voice targeted by the present embodiment needs to be sampled at 8 kHz and 8 bits at the minimum. If this is transmitted as it is, an enormous amount of communication (8 kilobytes / second) occurs during transmission, and the amount of processing at the time of determination also becomes enormous. In the present embodiment, when the environmental sound data collected by the terminal device 20 is transmitted to the mutual authentication server 10, only the feature vector generated from the sound pressure data is transmitted. Therefore, the amount of communication and processing are greatly reduced.

  Further, in the present embodiment, the sound pressure data is limited to the low frequency side, thereby obtaining the same effect as passing through a so-called low-pass filter. Environmental sounds can be broadly divided into “steady sound systems” that occur periodically and “pulse systems” that occur suddenly, but the environmental sounds of “steady sound systems” are not physically close to each other. There are many cases where the same sound is observed even in a place. The environmental sound of the “stationary sound system” often has a relatively high frequency, whereas the environmental sound of the “pulse system” often has a relatively low frequency.

  Therefore, in the present embodiment, the influence of the environmental sound of the “steady sound system” having a relatively high frequency is reduced, and it is determined whether or not the “pulse system” environmental sound that is observed only at that time is coincident. can do. This also has the effect of reducing the risk of falsely issuing an authentication key to an unauthorized user, that is, the occurrence of false positives.

  Also, by preparing multiple quantization patterns with threshold values changed little by little, and using them to generate and compare multiple feature vectors, differences in observation locations and differences in acoustic characteristics between devices It is also possible to obtain an effect of reducing the influence due to the above.

  With the above configuration, in this embodiment, it is possible to realize reliable mutual authentication with less risk of erroneously issuing an authentication key to an unauthorized user. In that case, all that is required is to input the sound around the apparatus, and therefore, it can be implemented only with hardware and software that are provided as standard in many devices. In addition, even when the number of terminal devices increases, it is possible to perform processing smoothly by reducing the load of calculation amount and communication amount applied to the mutual authentication server.

  At that time, since it is necessary to accurately synchronize the time between the terminal devices, time correction means is provided. This time correction means allows each terminal device to calculate its own deviation from the latest time synchronization, so the time synchronization processing of steps S101 and S201 in FIG. 14 is not executed every time (once every several days). If it is configured such that the overhead generated by the time synchronization processing can be reduced, there is also a secondary effect.

(Second Embodiment)
In the mutual authentication system 501 according to the second embodiment of the present invention, in addition to the configuration of the first embodiment, first, the feature vector generation unit 504 of the terminal device 520 uses a Fourier instead of the above-described cutoff function 204b. A frequency selection function 504a for selecting a predetermined number of frequencies from the power spectrum obtained by the conversion function in descending order of the power level and shifting the frequency to the quantization function is provided. Then, the quantization function 504b outputs a feature vector including each selected frequency and the result of comparing the power level at the frequency with a threshold value. Further, the quantization function 504b is given a plurality of threshold values in advance, and the result of comparing each selected frequency and the power level at that frequency with each threshold is set as a candidate vector, and these candidate vectors are combined as a feature vector. Output.

  The feature vector comparison unit 503 of the mutual authentication server 510 determines that the feature vectors of the respective terminal devices match when at least one candidate vector included in the feature vector matches between the terminal devices. Then, the key sharing means 104 calculates the total value of the information amount per unit time of the feature vectors that coincide in the target time range of the time series data, and the total value of the calculated information amount is equal to or greater than a predetermined value given in advance. Only when the matching feature vectors are connected, the hash value of the connected feature vectors is generated as an authentication key.

In addition to obtaining the same effect as in the first embodiment by the above configuration, in the first embodiment, the audio signal in the high frequency band to be cut is used, and near the upper limit of the audible band to outside the audible band. It is possible to provide an authentication service using frequency audio.
Hereinafter, this will be described in more detail.

  FIG. 15 is an explanatory diagram showing the configuration of the mutual authentication system 501 according to the second embodiment of the present invention. The mutual authentication system 501 is the mutual authentication system 1 shown in the first embodiment, in which the mutual authentication server 10 is replaced with another mutual authentication server 510, and the terminal device 20 is replaced with another terminal device 520. It is.

  The mutual authentication server 510 has the same hardware configuration as the mutual authentication server 10, and the software configuration that runs on the processor 11 includes many of the same elements. Similarly, the configuration of the terminal device 520 as hardware is the same as that of the terminal device 20, and the configuration of software operating on the processor 21 includes many of the same elements. Therefore, only the differences will be described here.

  In the mutual authentication server 510, the feature vector comparison unit 103 is replaced with another feature vector comparison unit 503. In the terminal device 520, the feature vector generation unit 204 is replaced with another feature vector generation unit 504, and the audio data compression unit 203 is omitted.

(Feature vector generation means)
FIG. 16 is an explanatory diagram showing a more detailed configuration of the feature vector generation unit 504 shown in FIG. The feature vector generation unit 504 includes the same Fourier transform function 103a as that of the first embodiment shown in FIG. 3, and a frequency selection function 504a and a quantization function 504b unique to this embodiment.

  The feature vector generation unit 504 receives the audio data collected by the audio data collection unit 202 without being cut off of frequency components, and first performs a Fourier transform by the Fourier transform function 103a (as shown in FIG. 6). ) Output the power spectrum for each time window. The frequency selection function 504a selects the upper k (≧ 1) frequencies having a large power level from the power spectrum. Then, the quantization function 504b compares the “power level for the k frequencies” with a predetermined threshold value, and outputs a value corresponding to the comparison result as a feature vector.

  FIG. 17 is an explanatory diagram illustrating in detail processing by the frequency selection function 504a and the quantization function 504b illustrated in FIG. In FIG. 16, only a very simple example is shown in order to explain the concept of the present invention. That is, the frequency selection function 504a selects only the top two frequencies having the highest power level, and the quantization function 504b determines only whether or not power level ≧ threshold. Of course, these numbers may be larger than this example. That is, it is assumed that the frequency selection function 504a selects only “higher n power levels” (n ≧ 3 natural number) frequencies, and the quantization function 504b “(the first embodiment described with reference to FIG. 8). Similarly, it is also possible to compare two or more threshold values with a power level to determine which region the power level belongs to. "

  The “highest two power levels” selected by the frequency selection function 504a are defined as f1 and f2, respectively. When the threshold is T1, the quantization function 504b selects “(f1, 1) (f2, 0)” when the power level at the frequency f1 is higher than T1 and the power level at the frequency f2 is lower than T1. Let it be a vector 551a. As in the first embodiment, a plurality of threshold values are prepared. FIG. 16 shows an example in which three threshold values T1, T2, and T3 are prepared. Then, the quantization function 504b outputs a set of candidate vectors 551a to 551c obtained by applying all the thresholds as a feature vector 551 and transmits it to the mutual authentication server 510. The other terminal device 520 also performs the same operation using the same threshold value.

(Feature vector selection means / feature vector comparison means)
FIG. 18 is an explanatory diagram showing processing performed by the feature vector comparison unit 503 shown in FIG. As in the first embodiment, the feature vector selection unit 102 of the mutual authentication server 510 determines that the feature vectors received from the respective terminal devices 520 have a sensing time within a predetermined difference in the same time. Select as feature vector in window. Then, the feature vector comparison unit 503 compares the candidate vectors included in the selected feature vectors in the same time window, and determines that there is a match if there is even one matching candidate vector.

  In the example shown in FIG. 18, since the feature vector 551 received from the terminal device 520a and the feature vector 552 received from the terminal device 520b are within the difference in which the sensing time is given in advance, the “same time window”. It is judged that there is a comparison target. Since both the candidate vector 551a included in the feature vector 551 and the candidate vector 552c included in the feature vector 552 are “(f1, 1) (f2, 0)”, the feature vectors 551 and 552 are already used. Are determined to match.

  As a result, similarly to the comparison processing in the first embodiment, even when the power level is near the threshold value, whether or not the influence is reduced due to the difference in the observation place or the difference in the acoustic characteristics between the devices is matched. It becomes possible to judge whether. Further, a difference value for “determining that the terminal devices match each other if within a predetermined difference value” may be provided as appropriate in the frequency f1 or f2.

  At this time, not only the candidate vector “(f1, 1) (f2, 1)” is included in both feature vectors, but also the candidate vector “(f2, 1) (f1, 1)” It may be determined that it matches “(f1,1) (f2,1)”. Here, “(f1,1) (f2,1)” means that the power level at the frequency f1 is higher than the power level at f2, and “(f2,1) (f1,1)” is f2 This means that the power level at is higher. Processing by the key sharing unit 104 and processing by other components are the same as those in the first embodiment.

(flowchart)
FIG. 19 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 510 and the terminal device 520 shown in FIG. Since this flowchart also includes many operations that are the same as those in the first embodiment shown in FIG. 14, such operations will be denoted by the same reference numerals and description thereof will be omitted.

  That is, the operation on the terminal device 520 side is the same as that in FIG. 14 in steps S201 to S203, but the subsequent operation of generating the feature vector is different as described above (step S601). The operation on the mutual authentication server 510 side is the same as that in FIG. 14 until step S804, but the operation for comparing the received feature vectors to determine whether or not they match is as described above (step S602). ). All subsequent operations are the same as in FIG.

(Effect obtained by this embodiment)
In the first embodiment described above, the high frequency component of the audio data collected by the cut-off function is cut and limited to the low frequency side, and then the feature vector is generated. On the other hand, in the second embodiment, a feature vector is generated without performing frequency component cutoff or the like. Since what is transmitted from the terminal device 520 to the mutual authentication server 510 is not the voice data itself but the “feature vector”, even if a component due to a high-frequency signal is included, the communication amount for transmission does not increase. In the first embodiment, the sampling frequency is 8 kHz, but there is no particular problem even if it is a value that can include the entire audible band (for example, 44.1 kHz, which is the same as the compact disc for music).

  For example, when you want to build an ad-hoc connection relationship, if you consciously play a sound with a specific frequency near the upper limit of the audible band (such as the so-called mosquito sound) and outside the audible band, that frequency will be used elsewhere. Therefore, it is possible to reliably issue a valid authentication key using this. Further, even if it is not an environment in which such voice is consciously circulated, it is possible to perform authentication by actively using a voice component of such a frequency.

(Extended embodiment)
Various extensions can be considered in the first and second embodiments described above without departing from the spirit of the first and second embodiments. This will be described below.
First, one mutual authentication system may include three or more terminal devices, and these terminal devices may perform mutual authentication with a set of three or more devices. One of the terminal devices included in one mutual authentication system may also have a function as a mutual authentication server.

  In addition, when the total value of the information amount described in Equation 1 is equal to or less than a predetermined value, the key sharing unit of the mutual authentication server temporarily stores this feature vector in a storage unit provided in advance, and the same A configuration may be adopted in which a hash value obtained by concatenating a feature vector temporarily stored with a feature vector sent from a set of terminal devices is generated as an authentication key. In this way, feature vectors obtained continuously from the same set of terminal devices are used even when feature keys with sufficient key length cannot be obtained with only environmental sounds obtained during a specific period. Thus, a valid authentication key can be generated and used.

  Further, the user designates a specific time range, and only the designated time range is set as a target time range to be authenticated in the present invention, or conversely, excluded from the target time range to be authenticated in the present invention. It is also possible to adopt a configuration that does.

  The present invention has been described with reference to the specific embodiments shown in the drawings. However, the present invention is not limited to the embodiments shown in the drawings, and any known hitherto provided that the effects of the present invention are achieved. Even if it is a structure, it is employable.

  The present invention can be used in a mutual authentication system for constructing an ad hoc (non-permanent, temporary) connection relationship between specific devices. It is particularly suitable when the terminal device has a relatively large processing capacity such as a smartphone.

1, 100, 401, 501 Mutual authentication system 2, 10, 410, 510 Mutual authentication server 11, 21 Processor 12, 22 Storage means 13, 23 Communication means 3, 4, 20, 20a, 20b, 420, 420a, 420b, 420c Terminal device 24 Voice input means 5, 30 Network 101, 201 Time synchronization means 2a, 102 Feature vector selection means 2b, 103, 503 Feature vector comparison means 2c, 104 Key sharing means 111, 211 Authentication key 3a, 202 Voice data collection Means 203 Audio data compression means 3b, 204, 504 Feature vector generation means 204a Fourier transform function 204b Cut-off function 204c, 504b Quantization function 205 Time correction means 3c, 206 Mutual authentication means 504a Frequency selection function

Claims (17)

A mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server to each other,
Each terminal device collects ambient environmental sound as audio data, and a feature vector generation unit that analyzes a frequency component of the audio data to generate a feature vector and transmits it to the mutual authentication server A mutual authentication means for performing mutual authentication with the other terminal device using an authentication key returned from the mutual authentication server according to the feature vector,
The mutual authentication server selects, from the feature vectors received from the terminal devices, a feature vector selection means for selecting an acquisition time within a predetermined difference, and the feature vectors between the terminal devices are And a feature vector comparison unit that determines whether or not they match, and a key sharing unit that generates and transmits the authentication key to each of the terminal devices when the feature vectors match. Mutual authentication system.   The mutual authentication system according to claim 1, wherein each of the terminal devices has time synchronization means for synchronizing the time with each other in advance.   The terminal device has time correction means for calculating an accurate time at which the audio data is acquired from an elapsed time since the previous time was adjusted by the time synchronization means and an average value of the amount of time deviation generated in the past. The mutual authentication system according to claim 2, wherein: The feature vector generation means of the terminal device is
A Fourier transform function that divides the audio data into time windows at fixed time intervals, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum;
2. The method according to claim 1, further comprising: a quantization function that outputs a feature vector for each frequency by comparing a power level for each frequency of the output power spectrum with a preset threshold value. Mutual authentication system. The feature vector generation means of the terminal device is
5. A cutoff function for removing a frequency component equal to or higher than a predetermined cutoff frequency from the power spectrum obtained by the Fourier transform function and shifting the frequency component to the quantization function is provided. The mutual authentication system described in 1. The feature vector generation means of the terminal device is
It has a frequency selection function of selecting a predetermined number of frequencies from the power spectrum obtained by the Fourier transform function in descending order of power level and shifting this to the quantization function. The mutual authentication system according to claim 4.   The quantization function of the feature vector generation means outputs the feature vector including each selected frequency and a result of comparing a power level at the frequency with the threshold value. The mutual authentication system described.   The quantization function of the feature vector generation means is provided with a plurality of the threshold values in advance, and a result obtained by comparing the selected frequency and the power level at the frequency with the threshold is set as a candidate vector. The mutual authentication system according to claim 7, wherein candidate vectors are combined and output as the feature vector.   The feature vector comparison means of the mutual authentication server determines that the feature vectors of the terminal devices match when even one of the candidate vectors included in the feature vector matches between the terminal devices. The mutual authentication system according to claim 8, wherein:   The key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of information amounts is calculated in advance. 10. The hash value of the concatenated feature vectors and the concatenated feature vectors are generated as the authentication key only when they are equal to or greater than a given value. Mutual authentication system. One terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system,
Voice data collection means for collecting ambient environmental sounds as voice data;
A feature vector generating means for analyzing a frequency component of the voice data to generate a feature vector and transmitting the generated feature vector to the mutual authentication server;
A terminal device comprising: mutual authentication means for performing mutual authentication with the other terminal device using an authentication key returned from the mutual authentication server according to the feature vector. A mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system,
Feature vector selection means for selecting, from among the feature vectors received from each of the terminal devices, one having an acquisition time within a predetermined difference;
Feature vector comparison means for determining whether or not these feature vectors match between the terminal devices;
A mutual authentication server, comprising: key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match. In a mutual authentication system in which a plurality of terminal devices and a mutual authentication server are connected to each other,
The voice data collection means of each terminal device collects ambient environmental sounds as voice data,
The feature vector generating means of each terminal device generates a feature vector by analyzing the frequency component of the audio data and transmits it to the mutual authentication server,
The feature vector selection means of the mutual authentication server selects the feature vectors received from the respective terminal devices that have an acquisition time within a predetermined difference,
The feature vector comparison means of the mutual authentication server determines whether or not these feature vectors match between the terminal devices,
The key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match,
A mutual authentication method, wherein the mutual authentication means of each terminal device performs mutual authentication with the other terminal device using the returned authentication key. In one terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system,
Audio data collection means collects ambient environmental sounds as audio data,
The feature vector generation means analyzes the frequency component of the audio data to generate a feature vector and sends it to the mutual authentication server,
A mutual authentication method, wherein the mutual authentication means performs mutual authentication with the other terminal device using an authentication key returned from the mutual authentication server according to the feature vector. In a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system,
A feature vector selection unit selects one of the feature vectors received from each of the terminal devices that has an acquisition time within a predetermined difference,
The feature vector comparison means determines whether or not these feature vectors match between the terminal devices,
A mutual authentication method, wherein key sharing means generates and transmits an authentication key to each terminal device when the feature vectors match. In one terminal device that is mutually connected to another terminal device and a mutual authentication server to constitute a mutual authentication system,
In the processor provided in the terminal device,
Procedures for collecting ambient environmental sounds as audio data,
Analyzing frequency components of the audio data to generate a feature vector and transmitting it to the mutual authentication server;
And a mutual authentication program for executing a procedure for performing mutual authentication with the other terminal device using an authentication key returned from the mutual authentication server in accordance with the feature vector. In a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system,
In the processor included in the mutual authentication server,
A procedure for selecting the feature vector received from each terminal device that has an acquisition time within a given difference,
A procedure for determining whether or not these feature vectors match between the terminal devices;
And a mutual authentication program for executing a procedure for generating and transmitting an authentication key to each terminal device when the feature vectors match.

Images