JP2020010144A - Smart speaker, secure element, program, information processing method, and distribution method - Google Patents

Abstract

To provide a smart speaker and the like that can appropriately operate while reducing a risk of security and privacy.SOLUTION: A smart speaker 1 includes: a speaker body including a microphone for receiving an input of voice, a speaker for outputting voice, and a communication unit for communicating with the outside; and a secure unit to which access from the speaker body is restricted. The secure unit includes: a storage unit for storing biological information on a user; an acquisition unit for acquiring the biological information on a user who input voice from the speaker body when the microphone receives the input of the voice; and an authentication unit for performing authentication based on the biological information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a smart speaker, a secure element, a program, an information processing method, and a distribution method.

  A device called a smart speaker having a communication function and an assistant function for voice operation is becoming popular. However, it is currently being used and led by convenience, and security concerns have been pointed out. For example, a case has been reported in which a smart speaker recognizes an utterance of a third party who is not a legitimate user, determines an order to an EC site, and ships the product.

  On the other hand, Patent Literature 1 discloses an electronic device such as a smartphone that starts an application according to a voice input by a user, and detects biological information such as a user's face and iris when a predetermined operation such as a tap by the user is detected. An electronic device or the like is disclosed that performs user authentication, and when authentication is successful, accepts voice input and starts an application.

JP 2018-74366 A

  It is also conceivable to apply the technology described in Patent Literature 1 to a smart speaker and cause the smart speaker to perform user authentication by detecting a user's operation, biological information, and the like. However, when important information such as biological information is arranged on a smart speaker or cloud, there is a risk of security due to cracking or the like, or a risk of privacy leakage.

  An object of one aspect is to provide a smart speaker or the like that can operate properly while reducing security and privacy risks.

  In one aspect, a smart speaker includes a microphone that accepts audio input, a speaker that outputs audio, and a speaker body that has a communication unit that communicates with the outside, and a secure unit that has limited access from the speaker body. Wherein the secure unit includes a storage unit that stores biometric information of a user, and an acquisition unit that, when an input of a voice is received by the microphone, obtains the biometric information of the user who has input the voice from the speaker body. And an authentication unit for performing authentication based on the biometric information.

  In one aspect, it can operate properly while reducing security and privacy risks.

It is a schematic diagram which shows the example of a structure of a speaker system. It is a block diagram which shows the example of a structure of a smart speaker. FIG. 3 is an explanatory diagram for describing an outline of the first embodiment. It is a flowchart which shows an example of the processing procedure which a speaker system performs. FIG. 14 is an explanatory diagram for describing an outline of a second embodiment. 13 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 2. FIG. 14 is an explanatory diagram for describing an outline of a third embodiment. 15 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 3. FIG. 15 is an explanatory diagram for describing an outline of a fourth embodiment. 15 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 4. FIG. 15 is an explanatory diagram for describing an outline of a fifth embodiment. 15 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 5. FIG. 19 is an explanatory diagram for describing an outline of a sixth embodiment. 20 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 6. FIG. 21 is a block diagram showing a configuration example of a smart speaker according to a seventh embodiment. It is a functional block diagram showing operation of a smart speaker of the above-mentioned form.

Hereinafter, the present invention will be described in detail with reference to the drawings showing the embodiments.
(Embodiment 1)
FIG. 1 is a schematic diagram illustrating a configuration example of a speaker system. A speaker system that provides a predetermined service to a user by using the smart speaker 1 and that authenticates a user at the time of voice input in the smart speaker 1 will be described. The speaker system includes a smart speaker 1, a management server 3, and a service server 4 (4a, 4b ...). The devices are connected to each other via a network N such as the Internet.

  The smart speaker 1 is a speaker device having a communication function with an external device in addition to a sound input / output function. Is a speaker device that interacts with the user as shown in FIG. The smart speaker 1 receives a voice input from the user and transmits the voice to the outside, and performs voice recognition, natural language processing, and the like in a predetermined external device, and reproduces an output voice returned in response to the input voice.

  The management server 3 is a device of an administrator that manages the present system, and is a management device that manages key information for the smart speaker 1 to execute encryption of confidential information described below. The key information is, for example, a public key of a public key cryptosystem, a common key of a common key cryptosystem, or the like. As will be described in detail later, the smart speaker 1 stores the key information distributed from the management server 3, and encrypts and transmits data to be transmitted to the outside using the key information.

  The service server 4 is a server device of a service provider that provides a predetermined service to a user based on the voice input from the smart speaker 1. In the following description, it is assumed that there are a plurality of service providers, and the service servers 4 of the respective service providers are represented by reference numerals 4a, 4b,. The service provided by the service provider is assumed to be an EC service or the like, but the service content is not particularly limited. The service server 4 acquires input voice data from the smart speaker 1 and executes information processing (in the case of an EC service, processing for ordering a product, etc.) according to the service content provided to the user. The service server 4 returns to the smart speaker 1 data for output audio relating to the service provided to the user, and outputs the audio.

  When an existing platform such as Google Home is used, an external server that performs voice recognition, natural language processing, and the like is actually located between the smart speaker 1 and the service server 4, and the input / output voice of the smart speaker 1 is used. However, in the present embodiment, description of the external server is omitted for simplicity of description. Alternatively, the service server 4 may directly perform speech recognition, natural language processing, and the like, and analyze and generate input / output speech.

  In the present embodiment, the smart speaker 1 stores confidential information related to the user, which is necessary for using the service provided by the service provider, and transmits the confidential information together with the input voice to the service server. 4 to use the service. The confidential information is, for example, a credit card number, a personal number (my number), etc., but may be any information that should be kept confidential, and the content is not particularly limited. For example, when the user uses the EC service via the smart speaker 1, the smart speaker 1 transmits purchase information (for example, a credit card number) necessary for product purchase to the service server 4 as confidential information.

  In the present embodiment, the smart speaker 1 authenticates biometric information at the time of voice input by a user in order to prevent unauthorized use by a malicious third party, in particular, misuse or exploitation of confidential information. More specifically, the smart speaker 1 extracts a feature amount related to the user's voiceprint, that is, voiceprint information from the input voice, and authenticates the user by comparing it with voiceprint information stored in advance.

FIG. 2 is a block diagram illustrating a configuration example of the smart speaker 1. The smart speaker 1 includes a control unit 11, a main storage unit 12, a communication unit 13, a microphone 14, a speaker 15, an auxiliary storage unit 19, and a secure element 20.
The control unit 11 has one or more arithmetic processing devices such as a CPU (Central Processing Unit) and an MPU (Micro-Processing Unit), and reads and executes the program P stored in the auxiliary storage unit 19, Various information processing, control processing, and the like related to the smart speaker 1 are performed. The main storage unit 12 is a temporary storage area such as a random access memory (RAM), and temporarily stores data necessary for the control unit 11 to execute arithmetic processing. The communication unit 13 includes a processing circuit and the like for performing processing related to communication, and transmits and receives information to and from the outside. The communication process performed by the communication unit 13 may be wired communication or wireless communication. The microphone 14 is a microphone for inputting a user's instruction by voice. The speaker 15 is a speaker for outputting a result of an operation instructed by a user by voice input to the microphone 14 as voice. The auxiliary storage unit 19 is a nonvolatile storage area such as a ROM (Read-Only Memory), and stores a program P and other data necessary for the control unit 11 to execute a process.

  The secure element 20 is a hardware module having tamper resistance, for example, an IC card or an IC chip such as a SIM (Subscriber Identity Module), a UIM (User Identity Module), and a TPM (Trusted Platform Module). The secure element 20 has restricted access from the speaker body including the control unit 11, the communication unit 13, the microphone 14, the speaker 15, and the like. Is stored.

  In the present embodiment, the secure element 20 is configured as a security chip connected to the speaker main body, and is configured to be detachable from the speaker main body. By making the secure element 20 detachable from the speaker body, the user's profile can be moved easily and intuitively.

  It is needless to say that the secure element 20 may not be detachably mounted, but may be mounted on the speaker body in a non-removable manner by, for example, soldering.

  The secure element 20 includes an authentication unit 21, an encryption unit 22, and a storage unit 23. The authentication unit 21 performs an authentication process based on the biometric information of the user. The encryption unit 22 encrypts data output from the secure element 20. The storage unit 23 is a memory area mounted on the secure element 20, and stores voiceprint information 231, confidential information 232, and key information 233. The voiceprint information 231 is biometric information of the user that can be extracted from the input voice, and is a voice feature indicating the voiceprint of the user. The confidential information 232 is confidential information related to the user, and stores confidential information necessary for using a service provided by the service server 4.

  The key information 233 is key information for encrypting data output from the secure element 20, and is, for example, a public key of a public key cryptosystem or a common key of a common key cryptosystem. Note that, for example, the key information 233 may be an encryption key for an electronic signature, and the encryption algorithm is not particularly limited. The encryption unit 22 encrypts the confidential information 232 using the key information 233 and outputs the encrypted confidential information 232 to the speaker body. The key information (for example, a secret key) corresponding to the key information 233 (for example, a public key) stored in the storage unit 23 is held by the service server 4. The service server 4 decrypts and verifies the confidential information 232 using the key information held by the service server 4, and provides a service to the user. In the present embodiment, the key information used by the smart speaker 1 and the service server 4 is managed by the management server 3, and each device holds the key information obtained from the management server 3 and performs data encryption and decryption. .

  In FIG. 2, for convenience of illustration, single voiceprint information 231 and confidential information 232 are illustrated as being stored, but in the present embodiment, one smart speaker 1 is used by a plurality of users. It is assumed that individual voiceprint information 231 and confidential information 232 are stored for each user. For example, the storage unit 23 stores voiceprint information 231 and confidential information 232 of each user in association with the user name. The secure element 20 identifies a user based on the voiceprint information 231 and outputs confidential information 232 corresponding to the identified user.

  Similarly, the key information 233 is also illustrated as storing a single key information 233 for convenience, but in the present embodiment, individual key information is provided for each service server 4a, 4b,. 233 are stored. The secure element 20 selects the key information 233 according to the service used by the user, and encrypts and outputs the confidential information 232 using the selected key information 233.

FIG. 3 is an explanatory diagram for explaining the outline of the first embodiment. An outline of the present embodiment will be described with reference to FIG.
When using the service provided by the service server 4, the user inputs a predetermined instruction sound to the smart speaker 1 to request the use of the service. For example, when using the EC service, the user speaks information of a product desired to be purchased. The microphone 14 of the smart speaker 1 receives an input of an instruction voice for instructing purchase of a product.

  The smart speaker 1 extracts a feature amount indicating a user's voiceprint, that is, voiceprint information from the voice input to the microphone 14 as biological information. The voiceprint information is, for example, a frequency pattern related to a sound spectrogram. The smart speaker 1 inputs the extracted voiceprint information to the secure element 20.

  The authentication unit 21 of the secure element 20 performs user authentication based on voiceprint information obtained from the speaker body. That is, the authentication unit 21 reads out the voiceprint information 231 stored in the storage unit 23 in advance, and checks whether or not the voiceprint information 231 matches the voiceprint information acquired from the speaker body. Specifically, the authentication unit 21 performs comparison with the voiceprint information 231 of each of the plurality of users stored in the storage unit 23, and specifies the user who has input the voice. If the voiceprint information matches, the authentication unit 21 determines that the authentication has been successful. If it is determined that the voiceprint information does not match, the authentication unit 21 determines that the authentication has failed, outputs the authentication result to the speaker body, and ends a series of processing.

  If the authentication is successful, the authentication unit 21 notifies the encryption unit 22 of the fact. Upon receiving the notification, the encryption unit 22 reads the user confidential information 232 from the storage unit 23. As described above, the confidential information 232 is information related to the user that should be kept confidential, and is information necessary for the user to use the service. For example, when the service provided by the service server 4 is an EC service, the storage unit 23 stores purchase information necessary for purchasing a product, such as a credit card number. The encryption unit 22 reads the confidential information 232 corresponding to the user specified based on the voiceprint information 231 by the authentication unit 21 from among the confidential information 232 of each of the plurality of users stored in the storage unit 23.

  Further, the encryption unit 22 reads the key information 233 from the storage unit 23. As described above, the key information 233 is a public key of a public key cryptosystem, a common key of a common key cryptosystem, and the like, and is key information corresponding to the key information held by the service server 4. In the present embodiment, individual key information 233 is prepared for each service provided by each of the service servers 4a, 4b,..., And the storage unit 23 stores the key information 233 corresponding to each service. The smart speaker 1 (speaker body) specifies a service to be used by the user from the input voice, and the encryption unit 22 reads out key information 233 corresponding to the specified service.

  The method of specifying the service from the input voice is not particularly limited. For example, the smart speaker 1 may recognize a predetermined command voice such as a so-called wake word from the input voice to specify the service. Alternatively, only the voice may be output first from the smart speaker 1 to the external server, the service may be specified by performing voice recognition, and the specified result may be obtained from the external server.

  As described above, the encryption unit 22 reads the confidential information 232 corresponding to the user who has input the voice and the key information 233 corresponding to the service used by the user. The encryption unit 22 encrypts the read confidential information 232 based on the key information 233 and outputs the encrypted confidential information 232 to the speaker body.

  The communication unit 13 of the speaker body transmits the confidential information 232 output from the secure element 20 to the service server 4 together with the audio data input to the microphone 14. For example, when using the EC service, the communication unit 13 transmits to the service server 4 the data of the instruction voice for instructing the purchase of the product and the purchase information necessary for purchasing the product. As a result, the smart speaker 1 requests the service server 4 to provide a service.

  The service server 4 receives the input voice and the data relating to the confidential information 232 from the smart speaker 1. The service server 4 decrypts the received confidential information 232 with the key information held by the service server 4, and performs verification. As described above, the key information 233 used for encryption by the smart speaker 1 is individual for each key information held by each service server 4. Therefore, even if the smart speaker 1 erroneously transmits the confidential information 232 to the unintended service server 4, the service server 4 cannot decrypt the confidential information 232, thereby reducing the risk of unauthorized use. it can.

  If the confidential information 232 is successfully decrypted, the service server 4 provides a service to the user according to the input voice. For example, when providing an EC service, the service server 4 performs processing related to ordering and shipping of a product. The service server 4 transmits to the smart speaker 1 data for output voice related to the provided service. The communication unit 13 receives the data and transfers the data to the speaker 15. The speaker 15 reproduces (outputs) the output sound transmitted from the service server 4.

  As described above, the smart speaker 1 includes the tamper-resistant secure element 20 and stores the voice print information 231 in the secure element 20 as the biometric information of the user. When the user uses a service by voice input, the smart speaker 1 inputs voiceprint information to the secure element 20 to authenticate the user. The smart speaker 1 outputs the confidential information 232 according to the authentication result by the secure element 20, and provides a service to the user. As a result, unauthorized use of the smart speaker 1, particularly unauthorized use of the confidential information 232, can be prevented, and the security of the speaker system can be enhanced.

FIG. 4 is a flowchart illustrating an example of a processing procedure executed by the speaker system. With reference to FIG. 4, the contents of processing performed by the speaker system will be described.
The control unit 11 of the smart speaker 1 receives the input of the instruction voice via the microphone 14 (Step S11). The control unit 11 extracts the voiceprint information of the user from the input voice (Step S12).

  The control unit 11 inputs the extracted voiceprint information to the secure element 20, and the secure element 20 performs an authentication process for collating with the voiceprint information 231 (biological information) of the user stored in the storage unit 23 (step S13). When the voiceprint information 231 of a plurality of users is stored (registered) in the storage unit 23, the secure element 20 converts the voiceprint information extracted from the input voice into the voiceprint information 231 of each user stored in the storage unit 23. And identifies the user who input the voice.

  As a result of the authentication processing in step S13, the secure element 20 determines whether the voiceprints match (step S14). If it is determined that the voiceprints do not match (S14: NO), the secure element 20 ends a series of processing.

  If it is determined that the voiceprints match (S14: YES), the secure element 20 reads the confidential information 232 from the storage unit 23 (Step S15). When the confidential information 232 of a plurality of users is stored in the storage unit 23, the secure element 20 reads the confidential information 232 corresponding to the user authenticated (identified) in step S13.

  The secure element 20 reads the key information 233 from the storage unit 23 (Step S16). For example, the storage unit 23 stores individual key information 233 for each service used by the user by voice input. After the control unit 11 of the speaker body specifies the service from the input voice, the secure element 20 is specified. The key information 233 corresponding to the provided service is read from the storage unit 23. The secure element 20 encrypts the confidential information 232 based on the read key information 233 (Step S17). The secure element 20 outputs the encrypted confidential information 232 to the speaker body, and the control unit 11 transmits the audio data input in step S11 to the service server 4 together with the output confidential information 232 (step S18). .

  The service server 4 receives the input voice data including the confidential information 232 from the smart speaker 1 (Step S19). The service server 4 decrypts the confidential information 232 received from the smart speaker 1 using the key information held by the service server 4 and corresponding to the key information 233 stored in the secure element 20 of the smart speaker 1. (Step S20). The service server 4 uses the decrypted confidential information 232 to execute information processing on a service to be provided according to the voice input by the user (step S21). For example, in the case of providing an EC service, the service server 4 executes information processing related to withdrawal of a product price and shipping of a product using purchase information (confidential information 232) necessary for product purchase. The service server 4 returns data of the output voice related to the provided service to the smart speaker 1 (Step S22).

  The control unit 11 of the smart speaker 1 receives the output audio data from the service server 4 (Step S23). The control unit 11 outputs the received voice through the speaker 15 (step S24), and ends a series of processes.

  As described above, according to the first embodiment, biometric information (voiceprint information 231) is stored in the secure element 20 to which access from the speaker body is restricted, and biometric authentication of a user who has input a voice at the time of voice input is performed. This allows the smart speaker 1 to operate properly while reducing security and privacy risks.

  Further, according to the first embodiment, the storage area of the biometric information is the secure element 20 having tamper resistance, so that the configuration can be made robust against external physical attacks. The above risk can be further reduced.

  Further, according to the first embodiment, the configuration in which the secure element 20 is detachable from the speaker body makes it easy and intuitive to move the profile of the user.

  Further, according to the first embodiment, the confidential information 232 is stored in the secure element 20, and the confidential information 232 is output to the speaker body according to the authentication result of the biometric information. Thus, the user can enjoy the service utilizing the smart speaker 1 while safely handling the confidential information 232.

  Further, according to the first embodiment, the biometric information and the confidential information 232 of each of the plurality of users are stored in the secure element 20, and the user who has input the voice is specified from the biometric information, and the confidential information of the specified user is specified. The information 232 is output to the speaker body. Thereby, even when a plurality of people share the smart speaker 1, the present system can be operated properly.

  According to the first embodiment, the secure element 20 encrypts the confidential information 232 with the key information 233 and outputs the encrypted confidential information 232. Thereby, the confidential information 232 can be securely transmitted and received between the smart speaker 1 and the service server 4.

  According to the first embodiment, the key information 233 is individualized for each service provided by the service servers 4a, 4b,..., And the confidential information is obtained by using the key information 233 corresponding to the service used by the user. 232 is encrypted. Therefore, even when the confidential information 232 is transmitted to the unintended service server 4, the risk of unauthorized use can be reduced.

(Embodiment 2)
In the present embodiment, a mode in which authentication is performed using a user's fingerprint as biometric information in addition to a voiceprint will be described. Note that the same components as those in the first embodiment are denoted by the same reference numerals, and description thereof is omitted.
FIG. 5 is an explanatory diagram for explaining the outline of the second embodiment. The smart speaker 1 according to the present embodiment includes a fingerprint sensor 16. The fingerprint sensor 16 is a touch sensor for reading a user's fingerprint. Note that the fingerprint sensor 16 may be provided on the speaker body, or may be an external device. The fingerprint sensor 16 gives the control unit 11 image data obtained by reading the fingerprint of the user.

  In the present embodiment, the storage unit 23 of the secure element 20 stores fingerprint information 234. The fingerprint information 234 is data indicating a feature amount of the user's fingerprint, and is registered by the user in advance using the fingerprint sensor 16. Note that, as in the first embodiment, the storage unit 23 stores fingerprint information 234 for each user.

  As in the first embodiment, the smart speaker 1 receives an input of a predetermined instruction voice from the user through the microphone 14. In this case, the smart speaker 1 accepts not only voice input but also fingerprint input by the fingerprint sensor 16.

  The smart speaker 1 extracts a feature amount of a user's fingerprint from fingerprint image data read by the fingerprint sensor 16, that is, fingerprint information. Then, the smart speaker 1 inputs the extracted fingerprint information and the voiceprint information extracted from the instruction voice to the secure element 20.

  The authentication unit 21 of the secure element 20 performs voiceprint authentication as in the first embodiment, and performs fingerprint authentication in the present embodiment. That is, the authentication unit 21 checks whether the fingerprint information input from the speaker body matches the fingerprint information 234 stored in the storage unit 23. For example, the authentication unit 21 performs voiceprint authentication first, compares the voiceprint information extracted from the input voice with the voiceprint information 231 of each user stored in the storage unit 23, and specifies the user who has input the voice. Further, the authentication unit 21 reads out the fingerprint information 234 of the specified user from the storage unit 23 and checks whether the fingerprint information 234 matches the fingerprint information acquired via the fingerprint sensor 16. Needless to say, fingerprint authentication may be performed first, and voiceprint authentication may be performed later.

  When the authentication of either the voice print or the fingerprint fails, the authentication unit 21 outputs an authentication result indicating that the authentication has failed to the speaker body, and ends the processing. When the authentication of both the voice print and the fingerprint is successful, the authentication unit 21 notifies the encryption unit 22 of that. Subsequent processing is the same as in the first embodiment, and the secure element 20 encrypts the confidential information 232 and outputs it to the speaker body.

FIG. 6 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to the second embodiment.
The control unit 11 of the smart speaker 1 receives a voice input via the microphone 14 and a fingerprint input via the fingerprint sensor 16 (step S201). The control unit 11 extracts voiceprint information from the input voice and also extracts fingerprint information indicating the feature amount of the input fingerprint (step S202). The control unit 11 inputs the extracted voiceprint information and fingerprint information to the secure element 20.

  The secure element 20 performs an authentication process in which the voiceprint information and the fingerprint information input from the speaker body are compared with the voiceprint information 231 and the fingerprint information 234 of the user stored in the storage unit 23 (step S203). As a result of the authentication processing in step S203, the secure element 20 determines whether the voiceprint and the fingerprint match each other. If it is determined that the voiceprint and the fingerprint do not match (S204: NO), the secure element 20 ends a series of processing. If it is determined that the voiceprint and the fingerprint match (S204: YES), the secure element 20 shifts the processing to step S15.

  In the above description, a fingerprint is taken as an example of biometric information other than a voiceprint. However, the present embodiment is not limited to this, and information such as a face and an iris may be used as biometric information.

  As described above, according to the second embodiment, user authentication is performed using a plurality of pieces of biometric information such as voiceprint information 231 and fingerprint information 234. As a result, security can be further improved.

(Embodiment 3)
In the present embodiment, an embodiment will be described in which a user inputs other authentication information different from biometric information to perform authentication.
FIG. 7 is an explanatory diagram for explaining the outline of the third embodiment. The smart speaker 1 according to the present embodiment includes an input unit 17. The input unit 17 is an input interface for a user to input a PIN code, and is, for example, an input pad such as a mechanical key and a touch panel. Note that the input unit 17 may be provided in the speaker body or may be an external device.

  Further, in the present embodiment, the storage unit 23 of the secure element 20 stores a PIN code 235 as authentication information for performing user authentication by means other than biometric information. The PIN code 235 is a password having a predetermined number of digits registered in advance by the user, and is registered in advance by the user using the input unit 17 or the like. As in the first embodiment, the storage unit 23 stores a PIN code 235 for each user.

  As in the first embodiment, the smart speaker 1 receives an input of a predetermined instruction voice from the user through the microphone 14. In this case, the smart speaker 1 receives the input of the PIN code as well as the voice through the input unit 17. The smart speaker 1 extracts voiceprint information from the instruction voice and inputs the voiceprint information to the secure element 20, and also inputs the PIN code accepted via the input unit 17 to the secure element 20.

  The authentication unit 21 of the secure element 20 performs voiceprint authentication as in the first embodiment, and also performs PIN code authentication in the present embodiment. That is, the authentication unit 21 checks whether the PIN code input from the speaker body matches the PIN code 235 stored in the storage unit 23. For example, the authentication unit 21 performs voiceprint authentication first, compares the voiceprint information extracted from the input voice with the voiceprint information 231 of each user stored in the storage unit 23, and specifies the user who has input the voice. Further, the authentication unit 21 reads out the PIN code 235 of the specified user from the storage unit 23 and checks whether the PIN code 235 matches the PIN code acquired via the input unit 17.

  When the authentication of either the voice print or the PIN code fails, the authentication unit 21 outputs an authentication result indicating that the authentication has failed to the speaker body, and ends the process. When the authentication of both the voiceprint and the PIN code is successful, the authentication unit 21 notifies the encryption unit 22 of that. Subsequent processing is the same as in the first embodiment, and the secure element 20 encrypts the confidential information 232 and outputs it to the speaker body.

  In the above description, the PIN code is used as the authentication information different from the biometric information. However, the authentication information is not limited to the PIN code, and may be, for example, a password including characters and numerals. The authentication information only needs to be usable in combination with the biometric information, and the content is not particularly limited.

FIG. 8 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 3.
After extracting voiceprint information from the voice input to the microphone 14 (step S12), the control unit 11 of the smart speaker 1 executes the following processing. The control unit 11 receives an input of a PIN code (authentication information) different from the biological information via the input unit 17 (Step S301). The authentication information input in step S301 may be any information for authentication that is different from biometric information, and is not limited to a PIN code. The control unit 11 inputs the voiceprint information extracted in step S12 and the PIN code received in step S301 to the secure element 20. The secure element 20 performs an authentication process of collating the voiceprint information acquired from the speaker body with the voiceprint information 231 stored in the storage unit 23 (Step S302).

  As a result of the authentication processing in step S302, the secure element 20 determines whether the voiceprints match (step S303). If it is determined that the voiceprints match (S303: YES), the control unit 11 further performs authentication of the PIN code, and determines whether the PIN code acquired from the speaker body matches the PIN code 235 stored in the storage unit 23. It is determined whether or not it is (step S304). If it is determined that they match (S304: YES), the secure element 20 shifts the processing to step S15.

  If it is determined that the voiceprints do not match (S303: NO) or if the PIN codes do not match (S304: NO), the secure element 20 ends a series of processing.

  As described above, according to the third embodiment, security can be further improved by allowing the user to input authentication information such as a PIN code.

(Embodiment 4)
In the present embodiment, an embodiment will be described in which the position information of the smart speaker 1 is used for authentication in addition to the biological information.
FIG. 9 is an explanatory diagram for describing an outline of the fourth embodiment. The smart speaker 1 according to the present embodiment includes a position acquisition unit 18. The position acquisition unit 18 is, for example, a GPS antenna that acquires GPS (Global Positioning System) information, and acquires position information of the smart speaker 1.

  Further, the storage unit 23 of the secure element 20 stores regular position information 236. The regular position information 236 is position information indicating the regular arrangement coordinates of the smart speaker 1, and is information indicating an appropriate position where the smart speaker 1 is normally used. Regular position information 236 is registered (stored) in the secure element 20 in advance.

  When the microphone 14 receives a voice input, the position acquisition unit 18 of the smart speaker 1 acquires position information indicating the current position of the smart speaker 1. The smart speaker 1 inputs the voiceprint information extracted from the voice input to the microphone 14 and the position information acquired by the position acquisition unit 18 to the secure element 20.

  The authentication unit 21 of the secure element 20 performs authentication based on position information prior to voiceprint authentication. The authentication unit 21 reads out the regular position information 236 from the storage unit 23 and checks with the position information acquired from the speaker body to determine whether the current position of the smart speaker 1 is a proper position for normal use. For example, the authentication unit 21 determines whether the current position coordinates of the smart speaker 1 are within a predetermined allowable range from the regular arrangement coordinates. If it is determined that the position information is within the allowable range, the authentication unit 21 determines that the position information has been successfully authenticated, and shifts the processing to voiceprint authentication. Subsequent processing is the same as in the first embodiment. The encryption unit 22 encrypts the confidential information 232 and outputs it to the speaker body.

FIG. 10 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 4.
After extracting voiceprint information from the voice input to the microphone 14 (step S12), the control unit 11 of the smart speaker 1 executes the following processing. The control unit 11 acquires the position information of the smart speaker 1 (Step S401). The control unit 11 inputs the voiceprint information extracted in step S12 and the position information extracted in step S401 to the secure element 20.

  The secure element 20 compares the position information of the smart speaker 1 with the regular position information 236 stored in the storage unit 23 to determine whether the smart speaker 1 is at an appropriate position (step S402). For example, the secure element 20 determines whether the current position coordinates of the smart speaker 1 are within a predetermined allowable range from the regular arrangement coordinates. When determining that the secure element 20 is located at the appropriate position (S402: YES), the secure element 20 determines that the authentication is successful. In this case, the secure element 20 performs authentication based on the voiceprint information (step S403), and determines whether or not the authentication matches the voiceprint of the user (step S404). If it is determined that the voiceprints match (S404: YES), the control unit 11 shifts the processing to step S15. In the case of NO in step S402 or S404, the secure element 20 determines that the authentication has failed, and ends a series of processing.

  As described above, according to the fourth embodiment, it is possible to cope with a case where the smart speaker 1 is physically taken away, and to strengthen security.

(Embodiment 5)
In the present embodiment, a mode in which key information 233 for encrypting confidential information 232 is updated will be described.
In the present embodiment, the key information 233 used when the smart speaker 1 and the service server 4 transmit and receive the confidential information 232 is updated via the cloud. More specifically, the management server 3 that manages the key information 233 distributes the key information 233 to each device and updates it.

  FIG. 11 is an explanatory diagram for describing an outline of the fifth embodiment. The secure element 20 of the smart speaker 1 according to the present embodiment includes a secret communication processing unit 24. The confidential communication processing unit 24 performs processing related to confidential communication with the management server 3. The storage unit 23 of the secure element 20 stores a secret communication key 237 (second key information) for performing secret communication. The secret communication key 237 is an encryption key for encrypting and decrypting communication contents with the management server 3, and is, for example, a common key of a common key system. In the present embodiment, the smart speaker 1 performs encrypted communication based on TLS (Transport Layer Security) to conceal communication contents with the management server 3, and securely receives the update key information 233.

  Hereinafter, an outline of the present embodiment will be described. First, the management server 3 transmits key information corresponding to the key information 233 held by the smart speaker 1 and used when the service server 4 decrypts the confidential information 232 to the service server 4, and updates the key information. As described above, the key information is different for each service server 4a, 4b,... And is individualized for each service used by the user. The management server 3 transmits key information corresponding to each service server 4a, 4b,... To the corresponding service server 4.

  Next, the management server 3 transmits the key information 233 to the smart speaker 1 and updates the key information 233 stored in the secure element 20. In this case, the management server 3 establishes a confidential communication path with the smart speaker 1 using the confidential communication key 237 held by the management server 3, and transmits the key information 233 after encrypting it.

  For example, the management server 3 performs confidential communication based on TLS. The management server 3 issues an electronic certificate including the public key of the public key cryptosystem to the smart speaker 1 (secure element 20) in advance, performs encrypted communication based on the public key, and obtains the common key of the common key cryptosystem. The secret communication key 237 is shared with the smart speaker 1. Here, for simplicity of description, it is assumed that the encrypted communication has already been performed and the secret communication key 237 has been shared. The management server 3 encrypts the communication with the smart speaker 1 using the secret communication key 237, and securely transmits the update key information 233.

  The management server 3 only needs to be able to encrypt communication contents using a secret communication key (second key information) shared with the smart speaker 1, and the algorithm is not limited to TLS.

  The smart speaker 1 receives the key information 233 corresponding to the service used by the user via the communication unit 13. When the secure element 20 has a communication unit independent of the speaker body, the secure element 20 may directly receive the key information 233 instead of the speaker body (communication unit 13). The smart speaker 1 inputs the received key information 233 to the secure element 20.

  The secure communication processing unit 24 of the secure element 20 decrypts the key information 233 input from the speaker body using the secure communication key 237. The secret communication processing unit 24 stores the decrypted key information 233 in the storage unit 23 and updates the key information 233. As described above, the key information 233 can be remotely managed, and security degradation due to the obsolescence of the key information 233 can be prevented.

FIG. 12 is a flowchart illustrating an example of a processing procedure executed by the speaker system according to Embodiment 5.
The management server 3 transmits, to the service servers 4a, 4b,..., Different key information for each service provided by each service server 4 (step S501). Further, the management server 3 encrypts the key information 233 to be transmitted to the smart speaker 1 with the secret communication key 237 shared with the smart speaker 1 in advance (step S502). The secret communication key 237 is, for example, a common key of a common key cryptosystem, and is an encryption key unique to each smart speaker 1. The management server 3 transmits the encrypted key information 233 to the smart speaker 1 (Step S503).

  The control unit 11 of the smart speaker 1 receives the key information 233 via the communication unit 13 and inputs the key information 233 to the secure element 20 (Step S504). The secure element 20 decrypts the key information 233 based on the secret communication key 237 stored in the storage unit 23 (Step S505). The secure element 20 stores the decrypted key information 233 in the storage unit 23 (Step S506). The secure element 20 ends the series of processing.

  As described above, according to the fifth embodiment, it is possible to remotely manage the key information 233 and to prevent a decrease in security due to the obsolescence of the key information 233.

(Embodiment 6)
In the present embodiment, a form in which various information stored in the secure element 20 is locally updated only by the smart speaker 1 will be described.
When the user uses the present system, a case may occur in which biometric information, confidential information 232, and the like in the secure element 20 are updated, such as registering a new user in the smart speaker 1 and updating a credit card number. On the other hand, managing such private information on a cloud (for example, the management server 3) has security or privacy concerns. Therefore, in the present embodiment, the smart speaker 1 alone updates various information.

  FIG. 13 is an explanatory diagram for describing an outline of the sixth embodiment. The secure element 20 according to the present embodiment includes an updating unit 25. The update unit 25 stores various information such as voiceprint information 231, confidential information 232, fingerprint information 234, PIN code 235, and regular position information 236 input from the speaker body in the storage unit 23, and performs a process of updating.

  First, the microphone 14 of the smart speaker 1 receives an input of a predetermined instruction voice for instructing the user to update the voiceprint information 231 or the like from the user. In addition, the fingerprint sensor 16 of the smart speaker 1 reads the fingerprint of the user. The smart speaker 1 extracts voiceprint information from input voice and fingerprint information (feature amount of fingerprint) from an image obtained by reading a fingerprint.

  Further, the smart speaker 1 acquires information that the user desires to update as information for update by using the microphone 14, the fingerprint sensor 16, and the like. The information for updating is at least one of voiceprint information, confidential information, fingerprint information, PIN code, and position information, but the information to be updated is not particularly limited. Further, the information to be updated may be that of an existing user whose voice print information 231 or the like is already registered (stored) in the secure element 20, or that of a new user. For example, when registering a new user, the existing user inputs the instruction voice as described above, and then the new user inputs the voice. The smart speaker 1 extracts voiceprint information from the voice of the new user as information for updating.

  The smart speaker 1 inputs the voiceprint information and the fingerprint information and the information for updating to the secure element 20.

  The update unit 25 of the secure element 20 collates the voiceprint information and the fingerprint information input from the speaker body with the user's voiceprint information 231 and the fingerprint information 234 stored in the storage unit 23, and a valid user requests an update. Authentication is performed as to whether or not authentication has been performed. If the voiceprint and the fingerprint match, the updating unit 25 determines that the authentication has been successful.

  As described above, the updating unit 25 performs authentication based on voiceprint information and fingerprint information, that is, biometric information. When the authentication of the biometric information is successful, the updating unit 25 verifies the PIN code. The updating unit 25 requests the speaker body to input a PIN code. When a request is received from the secure element 20, the smart speaker 1 prompts the user to input a PIN code by, for example, outputting a predetermined guidance voice through the speaker 15.

  The input unit 17 receives an input of a PIN code from a user and inputs the PIN code to the secure element 20. The update unit 25 of the secure element 20 collates the input PIN code with the PIN code 235 stored in the storage unit 23, and performs authentication to determine whether the two match. When determining that the PIN codes match, the updating unit 25 determines that the authentication has been successful.

  When the authentication of the biometric information and the PIN code is successful, the update unit 25 stores (stores) the update information acquired from the speaker body in the storage unit 23 and updates various information.

FIG. 14 is a flowchart illustrating an example of a processing procedure performed by the speaker system according to Embodiment 6.
The control unit 11 of the secure element 20 accepts an input of a fingerprint via the fingerprint sensor 16 and an input of an instruction voice requesting an update of information stored in the secure element 20 via the microphone 14 (step). S601). The control unit 11 extracts the voiceprint information of the user from the input voice (step S602). In addition, the control unit 11 extracts fingerprint information (feature amount related to the fingerprint) from the fingerprint (image) input in step S601 (step S603).

  Further, the control unit 11 acquires information for updating (step S604). The information for updating is at least one of voiceprint information, confidential information, fingerprint information, PIN code, and position information, but the information is not particularly limited. Further, the information to be updated may be that of an existing user whose voice print information 231 or the like is already registered (stored) in the secure element 20, or that of a new user. The control unit 11 inputs the voiceprint information and the fingerprint information extracted in steps S601 and S602 to the secure element 20, and also inputs information for updating.

  The secure element 20 performs an authentication process in which the voiceprint information and the fingerprint information input from the speaker body are compared with the voiceprint information 231 and the fingerprint information 234 stored in the storage unit 23 (step S605). As a result of the authentication processing in step S605, the secure element 20 determines whether or not the biometric information (voiceprint information and fingerprint information) matches (step S606). If it is determined that the biometric information does not match (S606: NO), the secure element 20 determines that the authentication has failed, does not update the information, and ends a series of processing.

  When it is determined that the biometric information matches (S606: YES), the secure element 20 requests the input of the PIN code to the speaker body, and the control unit 11 of the smart speaker 1 inputs the PIN code via the input unit 17. Accept (Step S607). The control unit 11 inputs the input PIN code to the secure element 20.

  The secure element 20 determines whether the PIN code input from the speaker body matches the PIN code 235 stored in the storage unit 23 (Step S608). If it is determined that the PIN codes do not match (S608: NO), the secure element 20 determines that authentication has failed, does not update the information, and ends a series of processing.

  If it is determined that the PIN codes match (S608: YES), the secure element 20 stores the update information acquired in step S604 in the storage unit 23 and updates the information (step S609). The secure element 20 ends the series of processing.

  As described above, according to the sixth embodiment, various types of information stored in the secure element 20 can be updated by the smart speaker 1 alone, and can be appropriately updated from the viewpoint of security and privacy.

(Embodiment 7)
In the first embodiment, an example has been described in which various types of information are stored in the tamper-resistant secure element 20 to perform authentication. In the present embodiment, the execution environment on the software in the smart speaker 1 is defined as a normal execution environment 201 (first execution environment) for performing general processing of the smart speaker 1 and a trusted environment more secure than the normal execution environment 201. A form in which the authentication processing is performed in the trusted execution environment 202 while being virtually separated from the execution environment 202 (second execution environment) will be described.

  FIG. 15 is a block diagram showing a configuration example of the smart speaker 1 according to the seventh embodiment. The smart speaker 1 according to the present embodiment uses, for example, a technology called TrustZone (registered trademark) to change the execution environment of software (OS, application, and the like) to a normal execution environment (REE; Rich Execution Environment). 201 and a trusted execution environment 202.

  The normal execution environment 201 is an execution environment of the general-purpose OS 211 that operates as the basic OS of the smart speaker 1, and is an execution environment that has no particular functional restrictions other than restricting access to the trusted execution environment 202. The general-purpose OS 211 is software that performs an OS function in the normal execution environment 201, and provides various OS functions including control of hardware included in the smart speaker 1 in response to a request from the application 212. By executing the application 212 on the general-purpose OS 211, the control unit 11 executes basic and general-purpose processing of the smart speaker 1, including input / output of sound and communication with the outside.

  The trusted execution environment 202 is an independent execution environment provided separately from the normal execution environment 201 on the same SoC (System on Chip) for the purpose of isolating security functions. In the trusted execution environment 202, access from the normal execution environment 201 is restricted, and executable functions are also limited. Note that the trusted execution environment is not limited to a name such as TEE, but may be separated from the normal execution environment 201 and may be any execution environment that is more secure in terms of security. Good. The smart speaker 1 secures software and data to be protected in security in the trusted execution environment 202 and restricts access from outside the normal execution environment 201 and the smart speaker 1 to ensure security.

  As described above, the normal execution environment 201 is restricted so as not to access the trusted execution environment 202, and the normal execution environment 201 cannot recognize the existence of the trusted execution environment 202. In order to call a process to be executed in the trusted execution environment 202 from the normal execution environment 201, it is necessary to go through a secure monitor 203 implemented by software.

  The trusted OS 221 is software that performs an OS function in the trusted execution environment 202, and provides an OS function centering on a security function in response to a request from the application 222. By executing the application 222 on the trusted OS 221, the control unit 11 executes a process important for security including a user authentication process according to the present embodiment.

  In the present embodiment, whether the various functions of the smart speaker 1 are implemented by the OS or the application is not an essential matter, but is a design matter to be appropriately selected by the implementer. The description of the function sharing is omitted.

  As shown in FIG. 11, in the present embodiment, the control unit 11 of the smart speaker 1 places voiceprint information 231, confidential information 232, key information 233, and the like in the trusted execution environment 202. The control unit 11 inputs data such as voiceprint information from the normal execution environment 201 to the trusted execution environment 202, and performs user authentication and encryption of the confidential information 232 in the trusted execution environment 202. The control unit 11 outputs the confidential information 232 from the trusted execution environment 202 to the normal execution environment 201, and transmits the confidential information 232 to the service server 4 via the communication unit 13.

  As described above, according to the third embodiment, the smart speaker 1 constructs the normal execution environment 201 and the trusted execution environment 202 which is more secure than the normal execution environment 201, and executes the authentication processing in the trusted execution environment 202. . As described above, the security can be ensured by the software configuration without mounting the secure element 20.

  As described above, the smart speaker 1 has a component (secure unit) that is more secure than a component (speaker body) that performs input / output of sound and communication with the outside, and various types of information including biometric information in the secure component. It is sufficient that the authentication processing can be executed. The secure component may be a secure element 20 that is separated on hardware, or a trusted execution environment 202 that is separated on software.

  Since this embodiment is the same as the first embodiment except that a trusted execution environment 202 is implemented instead of the secure element 20, detailed illustration and description are omitted in this embodiment.

(Embodiment 8)
FIG. 16 is a functional block diagram showing the operation of the smart speaker 1 of the above-described embodiment. When the control unit 11 executes the program P, the smart speaker 1 operates as follows.
The speaker body 161 includes a microphone 1611 for receiving audio input, a speaker 1612 for outputting audio, and a communication unit 1613 for communicating with the outside. The secure unit 162 includes a storage unit 1621 for limiting access from the speaker body 161 and storing biometric information of the user, and a biometric information of the user who inputs the voice when the microphone receives an input of the voice. And an authentication unit 1623 for performing authentication based on the biometric information.

  The eighth embodiment is as described above, and the other parts are the same as those in the first to seventh embodiments. Corresponding parts are denoted by the same reference numerals, and detailed description thereof will be omitted.

  The embodiment disclosed this time is an example in all respects and should be considered as not being restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

Reference Signs List 1 smart speaker 11 control unit 12 main storage unit 13 communication unit 14 microphone 15 speaker 16 fingerprint sensor 17 input unit 18 position acquisition unit 19 auxiliary storage unit 20 secure element 21 authentication unit 22 encryption unit 23 storage unit 231 voiceprint information 232 confidential information 233 Key information 234 Fingerprint information 235 PIN code 236 Regular position information 237 Secret communication key 24 Secret communication processing unit 25 Update unit 3 Management server 4 Service server

Claims (17)

A microphone that receives audio input, a speaker that outputs audio, and a speaker body having a communication unit that communicates with the outside;
And a secure unit whose access from the speaker body is restricted,
The secure unit,
A storage unit for storing biometric information of the user,
An acquisition unit configured to acquire, from the speaker body, the biological information of the user who has input the audio when the input of the audio is received at the microphone;
An authentication unit for performing authentication based on the biological information. The smart speaker according to claim 1, wherein the secure unit is a tamper-resistant secure element. The smart speaker according to claim 2, wherein the secure element is configured to be detachable from the speaker main body. The speaker main body is a first execution environment for executing a sound input / output process and a communication process with the outside,
The smart speaker according to claim 1, wherein the secure unit is a second execution environment virtually separated from the first execution environment. The storage unit stores a plurality of the biological information in association with the user,
The acquisition unit acquires the plurality of biological information,
The smart speaker according to claim 1, wherein the authentication unit performs authentication based on the plurality of pieces of biometric information. The speaker body includes an input unit that receives an input of authentication information different from the biological information,
The storage unit stores the authentication information,
The acquisition unit acquires the biometric information and the authentication information,
The smart speaker according to any one of claims 1 to 5, wherein the secure unit includes a second authentication unit that performs authentication based on the authentication information. The storage unit stores confidential information about the user,
The smart speaker according to any one of claims 1 to 6, wherein the secure unit includes an output unit that outputs the confidential information to the speaker body in accordance with an authentication result by the authentication unit. The storage unit stores the biological information and confidential information corresponding to each of the plurality of users,
The authentication unit specifies the user based on the biological information acquired from the speaker body,
The smart speaker according to claim 7, wherein the output unit outputs the confidential information corresponding to the specified user. The storage unit stores key information for encrypting the confidential information,
An encryption unit that encrypts the confidential information based on the key information,
The smart speaker according to claim 7, wherein the output unit outputs the encrypted confidential information. The storage unit stores the individual key information for each of a plurality of services used by the user by inputting a voice to the microphone,
The speaker body includes a specification unit that specifies the service used by the user based on a voice input to the microphone,
The smart speaker according to claim 9, wherein the encryption unit performs encryption based on the key information corresponding to the specified service. The storage unit stores second key information shared with a distribution source of the key information,
The secure unit,
A second acquisition unit that acquires the key information encrypted based on the second key information from the distribution source via a communication network;
A decryption unit that decrypts the key information based on the second key information;
The storage device according to claim 9, further comprising: a storage unit configured to store the decrypted key information in the storage unit. The speaker body includes a position acquisition unit that acquires position information of the smart speaker,
The storage unit stores regular position information of the smart speaker,
The said secure part is provided with the position authentication part which performs the authentication based on the said position information which the said position acquisition part acquired and the said regular position information. The Claim 1 characterized by the above-mentioned. Smart speaker. The acquisition unit acquires update information from the speaker body,
The smart device according to any one of claims 1 to 11, wherein the secure unit includes an update unit that updates information stored in the storage unit according to an authentication result by the authentication unit. Speaker. A microphone that receives input of voice, a speaker that outputs voice, and a secure element in which access from a speaker body of a smart speaker having a communication unit that performs communication with the outside is restricted,
A storage unit for storing biometric information of the user,
An acquisition unit configured to acquire, from the speaker body, the biological information of the user who has input the audio when the input of the audio is received at the microphone;
An authentication unit for performing authentication based on the biometric information. A microphone that receives voice input, a speaker that outputs voice, and a smart speaker with a communication unit that communicates with the outside,
Executing a voice input / output process and an external communication process in a first execution environment;
In a second execution environment virtually separated from the first execution environment,
Holding the user's biological information,
When receiving an input of a voice in the microphone, the biological information of the user who has input the voice is acquired from the first execution environment,
A program for executing processing for performing authentication based on the biological information. From the smart speaker storing the biometric information of the user, the purchase information required when the user purchases the product, and the key information in the secure section where the access from the speaker body is restricted, according to the authentication result of the biometric information The purchase information output by the secure unit, to obtain the purchase information encrypted based on the key information,
The acquired purchase information is decrypted based on key information corresponding to the key information,
An information processing method, comprising: causing a computer to execute a process of performing information processing on purchase of the product based on the decrypted purchase information. To a service provider providing a service to a user via a smart speaker, transmitting individual key information for each of the services,
Key information corresponding to the key information transmitted to the service provider is encrypted based on second key information shared with the smart speaker,
A distribution method comprising: causing a computer to execute a process of transmitting the encrypted key information to the smart speaker.

Images