JP2020091710A - Authentication system and authentication method - Google Patents

Abstract

To provide an authentication system and an authentication method capable of improving the security level without reducing the convenience of user authentication.SOLUTION: An authentication system 100 includes: an identification information acquisition part 211 that acquires a card ID on the basis of the touch operation of an ID card 5 that identifies a user made by the user; an operation count acquisition part 212 that acquires the number of touches made by the user within a predetermined time; and an authentication processing part 213 that is configured so as to permit the authentication of the user when the number of touches acquired by the operation count acquisition part 212 and the number of touch authentications previously associated with the card ID acquired by the identification information acquisition part 211 match, and not to permit the authentication of the user when the number of touches does not match the number of touch authentications.SELECTED DRAWING: Figure 2

Description

The present invention relates to an authentication system and an authentication method for authenticating a user.

2. Description of the Related Art There is known an authentication system that authenticates an ID of an ID card possessed by a participant who participates in a conference and permits the participant to participate in the conference when the authentication is successful. For example, in Patent Document 1, when the login information acquired when the participant participates in the conference matches the pre-registered participant information, participation in the conference is permitted, and a key used in the conference is attached. A system is disclosed in which a participant is notified of an authentication key that permits viewing of a document.

JP, 2015-22514, A

However, in the system disclosed in Patent Document 1, if a third party who is not qualified to participate in the conference illegally obtains the ID card of the participant, the third party can participate in the conference, Information such as the agenda of the meeting and the contents of materials used in the meeting may be leaked. A method of allowing a participant to enter a plurality of personal information (password, etc.) when participating in a conference is also conceivable, but this method is not convenient for the participant.

An object of the present invention is to provide an authentication system and an authentication method that can improve the security level without reducing the convenience of user authentication.

An authentication system according to one aspect of the present invention includes an identification information acquisition unit that acquires the identification information based on an input operation of identification information that identifies the user by the user, and the user performs the input operation within a predetermined time. An operation count acquisition unit that acquires the operation count indicating the number of times performed, the operation count acquired by the operation count acquisition unit, and a set count that is associated in advance with the identification information acquired by the identification information acquisition unit. Authentication unit that permits the user's authentication, and disallows the user's authentication when the operation count and the set count do not match.

An authentication method according to another aspect of the present invention includes a step of acquiring the identification information based on an input operation of identification information for identifying the user by the user, and the number of times the user has performed the input operation within a predetermined time. A step of acquiring the number of times of operations, the acquired number of times of operation, and the number of times of setting that is previously associated with the acquired identification information, the authentication of the user is permitted, and the number of times of operations and Disabling authentication of the user when the set number of times does not match.

According to the present invention, it is possible to provide an authentication system and an authentication method capable of improving the security level without reducing the convenience of user authentication.

FIG. 1 is a diagram showing a schematic configuration of an authentication system according to an embodiment of the present invention. FIG. 2 is a block diagram showing the configuration of the authentication system according to the embodiment of the present invention. FIG. 3 is a diagram showing an example of authentication information used in the server device of the authentication system according to the embodiment of the present invention. FIG. 4 is a diagram showing an example of conference authentication information used in the server device of the authentication system according to the embodiment of the present invention. FIG. 5A is a flowchart showing an example of a procedure of an authentication process executed by the authentication system according to the embodiment of the present invention. FIG. 5B is a flowchart showing an example of the procedure of the authentication process executed by the authentication system according to the embodiment of the present invention. FIG. 6 is a flowchart showing an example of a procedure of command issuing processing executed in the authentication system according to the embodiment of the present invention. FIG. 7 is a flowchart showing an example of a procedure of command execution processing executed by the authentication system according to the embodiment of the present invention. FIG. 8 is a diagram showing another example of the conference authentication information used in the server device of the authentication system according to the embodiment of the present invention. FIG. 9A is a diagram showing an example of information notified to the user by the server device according to the embodiment (modification 1) of the present invention. FIG. 9B is a diagram showing an example of information notified to the user by the server device according to the embodiment (modification 1) of the present invention. FIG. 9C is a diagram showing an example of information notified to the user by the server device according to the embodiment (modification 1) of the present invention. FIG. 10 is a flowchart showing another example of the procedure of the authentication processing executed by the authentication system according to the embodiment (variant 1) of the present invention. FIG. 11 is a diagram showing another example of the conference authentication information used in the server device of the authentication system according to the embodiment of the present invention.

Embodiments of the present invention will be described below with reference to the accompanying drawings to provide an understanding of the present invention. The following embodiments are examples of embodying the present invention, and do not limit the technical scope of the present invention.

[Authentication system 100]
As shown in FIG. 1, an authentication system 100 according to the embodiment of the present invention includes a server device 1, an authentication device 2, a terminal device 3 (for example, the terminal devices 3A and 3B), and a display device 4. The server device 1, the authentication device 2, the terminal device 3, and the display device 4 can communicate with each other via the communication network N1 such as the Internet, LAN, WAN, or public telephone line. A plurality of terminal devices 3 and display devices 4 may be provided. The authentication system 100 is an example of the authentication system of the present invention, and the terminal device 3 is an example of the terminal device of the present invention. Further, the authentication system of the present invention may be configured by the server device 1 or the authentication device 2, or may be configured by the server device 1 and the authentication device 2, or the server device 1, the authentication device 2, and the terminal device. 3 may be included.

The authentication system 100 is used, for example, in a conference. The authentication system 100 performs an authentication process according to a predetermined authentication input operation (an example of the input operation of the present invention) of a user who participates in a conference. Further, the authentication system 100 transmits a command (operation control command or the like) for instructing an operation corresponding to a desired operation of the user who is permitted to authenticate to the conference, and the terminal device 3 receives the command. The corresponding action is executed.

Here, an example of a usage scene of a process executed in the authentication system 100 according to the embodiment of the present invention will be shown.

For example, when the user A participates in a predetermined conference, the ID card 5A possessed by the user A is held by the reading unit 25 (see FIG. 2) (for example, a card reader) of the authentication device 2 installed in the entrance or exit of the conference room. Touch (or swipe) (see FIG. 1). At this time, the user A touches the card reader 5A with the ID card 5A five times in accordance with a preset authentication condition (for example, touch authentication count: “5 times”). The number of times of touch authentication is set in advance for each user (participant) participating in the conference and is notified to each user in advance. The authentication device 2 permits the authentication of the user A when the number of touches by the user A touching the ID card 5A (here, five times) and the number of touch authentications match, and the number of touches and the number of touch authentications. If and do not match, the authentication of the user A is prohibited. The authentication device 2 notifies the user A and the server device 1 of the authentication result.

When the authentication of the user A is permitted, the server device 1 sets the command set in advance corresponding to the user A as a device to execute the command (hereinafter, a command target device). It is transmitted to the terminal device 3. The command is a command for causing the terminal device 3 to execute a predetermined operation corresponding to a user's desired operation, and a user (participant) who participates in a conference individually sets the command target device as necessary. To do. For example, when the user A has set “display material-1” as the command and has set “PC1” (terminal device 3A) as the command target device, the server device 1 causes the terminal device 3A to “display”. The command corresponding to "Display document-1" is transmitted.

When the terminal device 3A acquires the command, the terminal device 3A executes the command. For example, the terminal device 3A causes the display device 4 to display “Material-1”. When the command is an instruction to activate a predetermined application, the terminal device 3A activates the application when the command is obtained.

As described above, when the user A participates in the conference, the user A performs the authentication input operation according to the authentication condition set for himself/herself. Then, when the authentication of the user A is permitted, the command preset by the user A is executed. Further, in the authentication system 100, the user A can also perform the authentication input operation during the conference. When the authentication of the user A is permitted during the conference, the command during the conference set by the user A in advance is executed.

According to the authentication system 100 according to the embodiment of the present invention, it is possible to improve the security level without reducing the convenience of user authentication. Hereinafter, a specific configuration of the authentication system 100 for realizing the processing will be described.

[Server device 1]
As shown in FIG. 2, the server device 1 is a server computer including a control unit 11, a storage unit 12, an operation display unit 13, a communication I/F 14, and the like. The server device 1 is not limited to one computer, and may be a computer system in which a plurality of computers operate in cooperation. Further, various processes executed by the server device 1 may be distributed and executed by one or a plurality of processors. Furthermore, the server device 1 may be installed in a place different from the place where the authentication device 2 is installed (for example, a conference room) or on a cloud network, and may perform data communication with the authentication device 2 and the terminal device 3. ..

The communication I/F 14 connects the server device 1 to the communication network N1 in a wired or wireless manner, and communicates with external devices such as the authentication device 2 and the terminal device 3 via the communication network N1 in accordance with a predetermined communication protocol. It is a communication interface for executing communication.

The operation display unit 13 is a user interface including a display unit such as a liquid crystal display or an organic EL display that displays various kinds of information, and an operation unit such as a mouse, a keyboard, or a touch panel that receives an operation.

The storage unit 12 is a non-volatile storage unit including a semiconductor memory that stores various types of information, an HDD (Hard Disk Drive), an SSD (Solid State Drive), and the like.

Specifically, the storage unit 12 stores an authentication information DB 121 in which authentication information of a plurality of users in the present authentication system is registered. FIG. 3 is a diagram showing an example of the authentication information DB 121. Authentication information such as user name, card ID, authentication interlocking information, command target device, command ID, and command content is registered in the authentication information DB 121. The information on the command target device is an example of the terminal information of the present invention. The command target device may be a mobile terminal (such as the terminal device 3) owned by the user and brought to the conference, or a terminal device (such as the terminal device 3) provided in advance in the conference room. The information on the command ID and the command content is an example of the command information of the present invention. In the authentication information DB 121, the authentication information regarding the users (participants) participating in the conference is registered. Each user who participates in the conference registers the authentication information in his/her operating terminal (for example, the terminal device 3) before the conference starts. The card ID is unique ID information (card ID) of the ID card 5 owned by each user. The card ID is an example of identification information of the present invention.

The command content is the content of the command executed in a predetermined command target device (for example, PC1: terminal device 3A in the case of user A) when the user's authentication to participate in the conference is permitted, and is a command character string. Is. The user registers a command corresponding to a desired operation (action) as necessary. The command ID is associated with each command content. For example, when the authentication of the user A is permitted, the command with the command ID “1” is transmitted to the PC 1 (terminal device 3A) that is the command target device. Each user may set one command or a plurality of commands.

The authentication interlocking information is information indicating whether or not to send the command when user authentication is permitted. “ON: login” indicates that the command is transmitted when the authentication (login authentication) at the time of joining the conference (at the start) is permitted. “ON: Normal” indicates that the command is transmitted when the authentication (normal authentication) during the conference is permitted. “OFF” indicates that the command is not transmitted even when the user authentication is permitted. As described above, the authentication interlocking information is information indicating whether or not to interlock the authentication process and the command issuing process.

Further, the storage unit 12 stores a conference authentication information DB 122 in which conference information and the authentication information are registered. FIG. 4 is a diagram showing an example of the conference authentication information DB 122. The conference ID, the date and time of the conference, the place of the conference, the user name, the card ID, the authentication interlocking information, the command target device, the command ID, the authentication condition (the number of times of touch authentication), the authentication status, etc. are registered in the conference authentication information DB 122. .. The authentication information and information about the meeting are registered in the meeting authentication information DB 122. For example, the conference manager registers the conference information on his/her operating terminal (for example, the terminal device 3) before the conference starts. In addition, a conference system capable of a remote conference in which users can participate in different places (bases) may be introduced in the conference.

In the conference authentication information DB 122, the authentication condition is information indicating an operation condition for permitting user authentication. Here, the number of times the user A touches the ID card 5A on the reading unit 25 (see FIG. 2) of the authentication device 2 within a predetermined time is set as the authentication condition. The authentication condition is individually set for each user by the control unit 11 of the server device 1.

The authentication status is information indicating the current status of the user. The authentication state of an arbitrary user starts from the state of “logoff”, transits to the “logon” state temporarily when the authentication is permitted, and then transits to the “connection” state. The command issuing process at the time of logon transits to the "logon" state once, and then is processed as needed, and then transits to the "connect" state. For example, when the authentication of the user A is permitted, the state of “logoff” is temporarily changed to the state of “logon”, and the command with the command ID “1” (“display material-1”) is executed. After that, “connection” is registered in the authentication status. Further, for example, in the case of the user C, after the authentication is permitted, the command is not executed because the authentication interlocking information is temporarily turned off, but the authentication status is directly changed to the “connection” state. In the case of the user D, after the authentication is permitted, the user temporarily enters the "logon" state, but since the command issuing process at the time of logon is not set, the command operation related to this is not performed and the authentication state remains the "connected" state. Transition to. However, in the case of the user D, since the authentication interlocking information at the normal time is set to ON, the authentication operation is performed at an arbitrary timing in the “connected” state, and when the result is determined to be correct, the command ID The command of "1" is executed. Further, for example, when the authentication is not permitted like the user B, “logoff” is registered in the authentication status. In addition, when the conference ends or when the user exits in the middle of the conference and the user performs an authentication input operation and authentication is permitted, “logoff” is registered in the authentication status.

In addition, as another embodiment, a part or all of the authentication information DB 121 and the conference authentication information DB 122 may be stored in the authentication device 2.

Further, the storage unit 12 stores a control program such as a command issuing process program for causing the control unit 11 to execute a command issuing process (see FIG. 6) described later. For example, the command issuance processing program is non-temporarily recorded in a computer-readable recording medium such as a USB, a CD, or a DVD, and a reading device (such as a USB drive, a CD drive, or a DVD drive included in the server device 1 ( It is read in (not shown) and stored in the storage unit 12. Further, the command issuing processing program may be downloaded from an external device via the communication network N1 and stored in the storage unit 12.

The control unit 11 has control devices such as a CPU, a ROM, and a RAM. The CPU is a processor that executes various arithmetic processes. The ROM is a non-volatile storage unit in which control programs such as a BIOS and an OS for causing the CPU to execute various arithmetic processes are stored in advance. The RAM is a volatile or non-volatile storage unit that stores various types of information, and is used as a temporary storage memory (work area) for various processes executed by the CPU. Then, the control unit 11 controls the server device 1 by causing the CPU to execute various control programs stored in advance in the ROM or the storage unit 12.

Specifically, as shown in FIG. 2, the control unit 11 includes various processing units such as an authentication information management unit 111, a conference authentication information management unit 112, an authentication result acquisition unit 113, and a command processing unit 114. The control unit 11 functions as the various processing units by executing various processes according to the command issuing processing program in the CPU. Further, some or all of the processing units included in the control unit 11 may be configured by electronic circuits. The command issuing processing program may be a program for causing a plurality of processors to function as the various processing units.

The authentication information management unit 111 manages the authentication information in the authentication information DB 121 (see FIG. 3). Specifically, the authentication information management unit 111 acquires the authentication information registered by the user and registers the acquired authentication information in the authentication information DB 121.

The conference authentication information management unit 112 manages the conference authentication information in the conference authentication information DB 122 (see FIG. 4). Specifically, the conference authentication information management unit 112 acquires the authentication information and the conference information registered by the user, the conference administrator, and the like, and acquires the acquired authentication information and the conference information as the conference authentication information. Register in DB122. In addition, the conference authentication information management unit 112 sets the authentication condition (touch authentication number of times) for each user, and registers the set authentication condition in the conference authentication information DB 122. For example, the conference authentication information management unit 112 randomly sets the number of times of touch authentication different for each user. Alternatively, the user may set the number of times of touch authentication, and the conference authentication information management unit 112 may register the number of times of touch authentication in the conference authentication information DB 122. Further, in the configuration that requires the authentication input operation of another user to authenticate the user to be authenticated (see Modification 1 described later), the conference authentication information management unit 112 determines the order of the authentication input operations of a plurality of users. To set. The conference authentication information management unit 112 individually sets the information on the set number of times of touch authentication (authentication condition) for each user by using a mail address (not shown) of the user managed in advance as a part of the user information. Notice. 9A, 9B, and 9C (details will be described later) show an example of information (at-conference authentication information) notified to users who are scheduled to participate in the meeting. For example, the conference authentication information management unit 112 transmits the information on the number of times of touch authentication of the user A to the mail address of the user A registered in advance. Further, the conference authentication information management unit 112 transmits the conference authentication information DB 122 to the authentication device 2. The touch authentication count is an example of the set count of the present invention.

The authentication result acquisition unit 113 acquires from the authentication device 2 the result (authentication result) of the authentication process (see FIGS. 5A and 5B) executed in the authentication device 2 described later.

When the authentication result acquisition unit 113 acquires the authentication result, the conference authentication information management unit 112 updates the authentication status of the conference authentication information DB 122. For example, before the start of the conference, the conference authentication information management unit 112 registers “logoff” in the authentication status (see FIG. 4). When the authentication result acquisition unit 113 acquires the authentication result of “authentication permitted” (successful authentication) from the authentication device 2 at the start of the conference, the conference authentication information management unit 112 registers “connection” in the authentication status ( (See FIG. 4). If the authentication result acquisition unit 113 has not acquired the authentication result of “authentication permitted” (successful authentication), the conference authentication information management unit 112 registers “logoff” in the authentication status.

When the authentication result acquisition unit 113 acquires the authentication result, the authentication device 2 displays information according to the authentication result to the user. For example, when the authentication result acquisition unit 113 acquires the authentication result of “authentication not allowed” (authentication failure), the authentication device 2 notifies the corresponding user terminal or the terminal device 3 of a message indicating that the authentication is not performed. To do.

When the authentication result acquisition unit 113 acquires the authentication result of “authentication permitted”, the command processing unit 114 transmits a predetermined command to the command target device corresponding to the user who is permitted the authentication. For example, when the authentication of the user A is permitted at the start of the conference, the command processing unit 114 outputs the command “display material-1” of the command ID “1” to the command target device PC1 (terminal device 3A). Send. Further, for example, when the authentication of the user D is permitted during the conference, the command processing unit 114 outputs the command “display material-3” of the command ID “1” to the PC 4 (terminal device 3) which is the command target device. Send. Since the authentication interlocking information (see FIG. 4) is set to “OFF” for the user C, command processing is performed even when the authentication of the user C is permitted at the start of the conference or during the conference. The unit 114 does not perform command issuing processing and transmission processing. The command processing unit 114 is an example of the command issuing unit of the present invention.

Here, the command includes a switching command that validates the connection between the command target device and the display device 4. Therefore, for example, when the command is transmitted to the terminal device 3A, the terminal device 3A can establish the connection with the display device 4 and control the display of the display device 4, and the terminal device 3B can perform the display control. When the command is transmitted, the terminal device 3B can establish the connection with the display device 4 and control the display of the display device 4.

In addition, in another embodiment of the server device 1, a part or all of the processing units included in the control unit 11 may be provided in the authentication device 2.

[Authentication device 2]
As shown in FIG. 2, the authentication device 2 includes a control unit 21, a storage unit 22, an operation display unit 23, a communication I/F 24, a reading unit 25, and the like. The authentication device 2 is, for example, a device installed in each conference room where a conference is held. The authentication device 2 may be an information processing device such as a tablet terminal or a personal computer to which a reading unit 25 described later is connected. When the conference is a remote conference connecting a plurality of bases, the authentication device 2 is installed at each base. Further, one authentication device 2 may be installed in one base, or a plurality of authentication devices 2 may be installed.

The reading unit 25 is a reading device that reads unique ID information (card ID) of the ID card 5. The reading unit 25 is, for example, a card reader. When the ID information is embedded in the one-dimensional code or the two-dimensional code, the reading unit 25 includes a camera that reads the information code. When the ID information is recorded on the IC chip, the reading unit 25 is configured by a contactless IC card reader that uses contact type or short-range wireless communication. The ID card 5 is an example of the card medium of the present invention. The card medium of the present invention may be a card medium containing a one-dimensional code or a two-dimensional code, or may be an IC card. In addition, in the authentication system 100, a mobile terminal (for example, a smartphone) owned by the user can be used instead of the card medium. In this case, for example, the reading unit 25 may capture the QR code (registered trademark) displayed on the smartphone and read the ID information.

The communication I/F 24 connects the authentication device 2 to the communication network N1 by wire or wirelessly, and executes data communication according to a predetermined communication protocol with an external device such as the server device 1 via the communication network N1. Is a communication interface for.

The operation display unit 23 is a user interface including a display unit such as a liquid crystal display or an organic EL display that displays various kinds of information, and an operation unit such as a mouse, a keyboard, or a touch panel that receives an operation. The operation display unit 23 may be omitted if the user does not need to operate the keyboard or touch panel. Further, the display unit may be an LED that emits a color according to the authentication status of the user. The LED is an example of the light emitting unit of the present invention.

The storage unit 22 is a non-volatile storage unit including a semiconductor memory that stores various types of information, an HDD, an SSD, or the like.

The storage unit 22 stores the conference authentication information DB 122 (see FIG. 4) transmitted from the server device 1.

Further, the storage unit 22 stores a control program such as an authentication program for causing the control unit 21 to execute the authentication process (see FIGS. 5A and 5B) described later. For example, the authentication program is non-temporarily recorded on a computer-readable recording medium such as a USB, a CD, or a DVD, and is electrically connected to the authentication device 2 such as a USB drive, a CD drive, or a DVD drive. It is read by a reading device (not shown) and stored in the storage unit 22. Further, the authentication program may be downloaded from an external device via the communication network N1 and stored in the storage unit 22.

The control unit 21 has control devices such as a CPU, a ROM, and a RAM. The CPU is a processor that executes various arithmetic processes. The ROM is a non-volatile storage unit in which control programs such as a BIOS and an OS for causing the CPU to execute various processes are stored in advance. The RAM is a volatile or non-volatile storage unit that stores various types of information, and is used as a temporary storage memory (work area) for various processes executed by the CPU. Then, the control unit 21 controls the authentication device 2 by causing the CPU to execute various control programs stored in advance in the ROM or the storage unit 22.

Specifically, the control unit 21 includes various processing units such as an identification information acquisition unit 211, an operation count acquisition unit 212, an authentication processing unit 213, and an authentication result notification unit 214. The control unit 21 functions as the various processing units by executing various processes according to the authentication program by the CPU. Further, some or all of the processing units included in the control unit 21 may be configured by electronic circuits. The authentication program may be a program for causing a plurality of processors to function as the various processing units.

The identification information acquisition unit 211 acquires the ID information based on the input operation of the ID information for identifying the user by the user. For example, the identification information acquisition unit 211 acquires the ID information based on the input operation of the user at the start of the conference or during the conference. Specifically, the identification information acquisition unit 211 acquires the unique ID information (card ID) of the ID card 5 read by the reading unit 25 based on the touch operation of the ID card 5 by the user.

The operation number acquisition unit 212 acquires the operation number indicating the number of times the user has performed the input operation within a predetermined time. Specifically, the number-of-operations acquisition unit 212 acquires the number of times the user has performed the touch operation on the reading unit 25 within a predetermined time. For example, the operation number acquisition unit 212 acquires the number of times the card ID is read by the reading unit 25 as the operation number. For example, when the user A touches the ID card 5A on the reading unit 25 a plurality of times consecutively within a predetermined time, the identification information acquisition unit 211 acquires the ID information of the ID card 5A a plurality of times consecutively. In addition, the operation number acquisition unit 212 counts the number of touches within a predetermined time period, and when the same ID information is continuously acquired within the predetermined time period, determines that the touch operation is performed by the same user, and determines the counted touch number get. Here, the operation number acquisition unit 212 refers to the card ID information notified from the identification information acquisition unit 211 and acquires “5 times” as the number of touch operations of the touch operation by the user A. The identification information acquisition unit 211 is an example of the identification information acquisition unit of the present invention, and the operation number acquisition unit 212 is an example of the operation number acquisition unit of the present invention. The touch operation is an example of the input operation of the present invention, and the number of touches is an example of the number of operations of the present invention. That is, the input operation of the present invention is an operation for causing the reading unit 25 to read a card medium (for example, the ID card 5) including identification information such as ID information.

In addition, in the above-mentioned example, the identification information acquisition unit 211 has mentioned the touch operation as the user's authentication input operation, but the input operation of the present invention is not limited to this. For example, the user's input operation may be an operation of inputting personal information such as a card ID, a password, and biometric information on the operation display unit 23. In this case, the operation count acquisition unit 212 acquires the number of times personal information is input (the number of operations).

The authentication processing unit 213 authenticates the user based on the card ID acquired by the identification information acquisition unit 211. For example, the authentication processing unit 213 is based on the card ID acquired by the identification information acquisition unit 211 and the operation frequency information acquired by the operation frequency acquisition unit 212 at the start of the conference or by the user's input operation during the conference. The user is authenticated. Specifically, the authentication processing unit 213 acquires the authentication condition (the number of touch authentication times) associated with the card ID from the conference authentication information DB 122 (see FIG. 4) stored in the storage unit 22. Then, the authentication processing unit 213 determines whether or not the number of touches acquired by the operation number acquisition unit 212 and the authentication condition (number of touch authentications) match. The authentication processing unit 213 permits the authentication when the number of touches and the number of touch authentications match, and disapproves the authentication when the number of touches does not match the number of touch authentications. When the number of touches and the number of touch authentications do not match, the operation number acquisition unit 212 resets the counted number of touches, or shifts to the procedure when authentication is not permitted and resets the number of touches. .. The authentication processing unit 213 is an example of the authentication unit of the present invention. Note that in a configuration that requires an authentication input operation of another user to authenticate the user to be authenticated (see Modification 1 described later), the authentication processing unit 213 uses the touch corresponding to each of the plurality of other users. The user to be authenticated is authenticated in consideration of the determination result for the number of times.

The authentication result notifying unit 214 notifies the user and the server device 1 of the result of the authentication processing by the authentication processing unit 213 (“authentication permitted” or “authentication not permitted”). The authentication result notifying unit 214 also notifies the outside of the information indicating the authentication result. For example, the authentication result notification unit 214 causes the display unit of the operation display unit 23 to turn on the LED in red during standby and turn on the LED in green when the user A touches the ID card 5A once. When the ID card 5A is touched five times and the authentication is permitted, the LED is turned on in yellow. Further, the authentication result notification unit 214 causes the LED to blink in red when the authentication is not permitted. The display unit (LED) is preferably provided at a position that is difficult for a third party other than the user who performs the authentication input operation to visually recognize. As a result, it is possible to prevent information leakage of the authentication condition (touch authentication frequency). The authentication result notifying unit 214 is an example of the notifying unit of the present invention.

The authentication result notifying unit 214 may notify the information indicating the authentication result by voice from a speaker (not shown). The speaker is preferably a speaker having a directivity that makes it difficult for a third party other than the user who performs the authentication input operation to hear.

Here, in the conference authentication information DB 122 shown in FIG. 4, as commands corresponding to the user B, a first command (command ID “1” (an example of the first command information of the present invention)) and a second command ( Command ID “2” (an example of the second command information of the present invention) is registered. The card ID corresponding to the user B includes the first touch authentication count “2” for the first command (an example of the first command setting count of the present invention) and the second touch authentication count for the second command. “3” (an example of the second command setting count of the present invention) is associated. In this case, the command processing unit 114 of the server device 1 issues the first command when the touch count and the first touch authentication count match and the authentication processing unit 213 permits the authentication of the user B. The second command is issued when the number of touches and the number of second touch authentications match and the authentication processing unit 213 permits the authentication of the user B. It should be noted that the command processing unit 114 is at least any one of a time when the user inputs the identification information (performs the authentication input operation) at the time of login (at the start of the conference), a normal time after login (during the conference), and a logout. Issue the command at.

In addition, in another embodiment of the authentication device 2, some or all of the processing units included in the control unit 21 of the authentication device 2 may be provided in the server device 1.

[Terminal device 3]
As shown in FIG. 1, the terminal device 3 includes a control unit 31, a storage unit 32, an operation display unit 33, a communication I/F 34, and the like. The terminal device 3 may be a mobile terminal owned by a user and brought to a conference, or may be a terminal device provided in advance in a conference room.

The communication I/F 34 connects the terminal device 3 to the communication network N1 by wire or wirelessly, and executes data communication according to a predetermined communication protocol with an external device such as the server device 1 via the communication network N1. Is a communication interface for.

The operation display unit 33 is a user interface including a display unit such as a liquid crystal display or an organic EL display that displays various kinds of information, and an operation unit such as a mouse, a keyboard, or a touch panel that receives an operation. For example, the user participating in the conference registers the authentication information on the operation display unit 33 before the conference is started. Further, the conference manager registers the conference information on the operation display unit 33 before the conference starts.

The storage unit 32 is a non-volatile storage unit including a semiconductor memory, HDD, SSD, or the like that stores various kinds of information. For example, the storage unit 32 stores a control program such as a command execution program for causing the control unit 31 to execute a command execution process (see FIG. 7) described later. For example, the command execution program is non-temporarily recorded in a computer-readable recording medium such as a USB, a CD, or a DVD, and is electrically connected to the terminal device 3, such as a USB drive, a CD drive, or a DVD drive. Is read by a reading device (not shown) and stored in the storage unit 32. The command execution program may be downloaded from an external device via the communication network N1 and stored in the storage unit 32.

The control unit 31 has control devices such as a CPU, a ROM, and a RAM. The CPU is a processor that executes various arithmetic processes. The ROM is a non-volatile storage unit in which control programs such as a BIOS and an OS for causing the CPU to execute various processes are stored in advance. The RAM is a volatile or non-volatile storage unit that stores various types of information, and is used as a temporary storage memory (work area) for various processes executed by the CPU. Then, the control unit 31 controls the terminal device 3 by executing various control programs stored in the ROM or the storage unit 32 in advance by the CPU.

Specifically, the control unit 31 includes various processing units such as a command acquisition unit 311 and a command execution unit 312. The control unit 31 functions as the various processing units by executing various processes according to the command execution program by the CPU. Further, some or all of the processing units included in the control unit 31 may be configured by electronic circuits. The command execution program may be a program for causing a plurality of processors to function as the various processing units.

The command acquisition unit 311 acquires the command transmitted from the server device 1. For example, when the authentication is permitted for the authentication input operation of the user A at the start of the conference, the command acquisition unit 311 causes the command (“display material-1”) corresponding to the user A transmitted from the server device 1 to be transmitted. get. Further, for example, when the authentication is permitted for the authentication input operation of the user B during the conference, the command acquisition unit 311 transmits the command corresponding to the user B transmitted from the server device 1 (“display material-2”). To get.

The command execution unit 312 executes the command acquired by the command acquisition unit 311. For example, when the command acquisition unit 311 acquires a command (“display material-1”) corresponding to the user A, the command execution unit 312 causes the display device 4 to display “material-1”. Further, for example, when the command acquisition unit 311 acquires a command (“display material-2”) corresponding to the user B, the command execution unit 312 causes the display device 4 to display “material-2”.

Note that, here, the command corresponding to the user B is a command executed when the authentication (normal authentication) during the conference is permitted, and therefore the command execution unit 312 displays the “material” displayed on the display device 4. -1" is switched to "Material-2". Further, when “material-1” is stored in the terminal device 3A and “material-2” is stored in the terminal device 3B, the terminal device 3B that has acquired the command corresponding to the user B is the display device 4 The connection with is switched from the terminal device 3A to the terminal device 3B, and "Document-2" is displayed. That is, the command may include a switching control command for switching the connection (input terminal) with the display device 4.

In another embodiment of the terminal device 3, the command execution unit 312 may be provided in the server device 1. In this case, the server device 1 executes the command to control the display of the display device 4.

[Authentication process]
Next, the authentication processing executed by the control unit 21 of the authentication device 2 will be described with reference to FIGS. 5A and 5B. For example, the control unit 21 starts the execution of the authentication process by starting the execution of the authentication program in response to the user's authentication input operation (touch operation). The authentication process may be terminated midway according to a predetermined operation on the authentication device 2. The control unit 21 executes the authentication process at the start of the conference or each time the user performs an authentication input operation during the conference.

The present invention can be understood as an invention of an authentication method that executes one or more steps included in the authentication process, and one or more steps included in the authentication process described here are appropriately omitted. Good. Moreover, the order of execution of the steps in the authentication process may be different within a range in which the same operational effect is produced. Further, here, a case where each step in the authentication processing is executed by the control unit 21 will be described as an example, but in another embodiment, each step in the authentication processing is distributed and executed by a plurality of processors. May be.

Note that the authentication processing shown in FIGS. 5A and 5B shows the processing in the case of authenticating the user A based on only the authentication input operation of the user A participating in the conference, for example. A process (see FIG. 10) that requires an authentication input operation of the user A and an authentication input operation of another user when authenticating the user A will be described later.

First, the control unit 21 determines whether a touch operation (or a swipe operation) of the card ID by the user is detected (S111). When the touch operation is detected (S111: YES), the control unit 21 determines whether the touch operation is the first time (first time) (S112). After the first touch operation is detected in step S111, the timer is started in the subsequent processing (S120). If the touch operation is not performed, it is normally determined whether or not the timer has expired (S121). : NO), the process proceeds to step S111. On the other hand, if the predetermined time has passed without detecting the touch operation (S111: NO) (when the timer has expired) (S121: YES), the predetermined operation cannot be satisfied during the user's authentication input operation. The determination is made, and the process proceeds to step S122 described later.

When the touch operation is the first touch operation (S112: YES), the control unit 21 acquires (introduces) the user authentication information (authentication condition) from the conference authentication information DB 122 (see FIG. 4) (S113). The process proceeds to step S116.

On the other hand, when the touch operation is not the first touch operation (S112: NO), the control unit 21 performs card ID matching (S114) and determines whether the card IDs match (S115). Specifically, the control unit 21 determines whether or not the card ID acquired in the previous touch operation and the card ID acquired in the current touch operation match. When the card IDs match (S115: YES), the process proceeds to step S116, and when the card IDs do not match (S115: NO), the process proceeds to step S122 described later.

Next, the control unit 21 sets “determining” in the determination flag (S116) and acquires (counts) the number of times the ID card is touched. Next, the control unit 21 determines whether or not the touch count matches the authentication condition (touch authentication count) associated with the card ID. When the number of times of touch and the number of times of touch authentication match (S118: YES), the control unit 21 sets the determination flag to “OK” (S119). Then, a process transfers to step S123. On the other hand, when the number of times of touch and the number of times of touch authentication do not match (S118: NO), the process returns to S111 and the above process is repeated.

Here, when the touch operation is not performed within a predetermined time (S121: YES) or when the card IDs do not match (S115: NO), the control unit 21 sets “failure” in the determination flag. Is set (S122). Then, a process transfers to step S123.

In step S123, the control unit 21 activates the timer set to the random time. Here, the timer may be configured to have a longer time compared with the timer time set in step S120. This is to prevent the element for determining the authentication condition from being given in a short time and easily when the time is set to be shorter. Next, the control unit 21 determines whether or not the touch operation of the card ID by the user is detected (S124). When the touch operation of the card ID is not performed within the randomly set predetermined time (S125: NO), the control unit 21 determines whether “OK” is set in the determination flag (S126). .. When the determination flag is set to "OK" (S126: YES), the control unit 21 permits the user authentication (S127), and when the determination flag is not set to "OK" (S126: NO). The control unit 21 disallows user authentication (S128). After that, the control unit 21 notifies the user and the server device 1 of the result of the authentication process (“authentication permitted” or “authentication not permitted”) (S129).

On the other hand, when the touch operation of the card ID is performed within the randomly set predetermined time (S124: YES), the control unit 21 determines whether “OK” is set in the determination flag (S130). ). When "OK" is set in the determination flag (S130: YES), the control unit 21 sets "failure" in the determination flag (S131). Then, a process transfers to step S123. If "OK" is not set in the determination flag (S130: NO), the process proceeds to step S123. The authentication process is executed as described above.

[Command issuing process]
Next, the command issuing process executed by the control unit 11 of the server device 1 will be described with reference to FIG. For example, the control unit 11 starts the execution of the command issuing process by starting the execution of the command issuing process program when the authentication result is acquired from the authentication device 2.

Note that one or more steps included in the command issuing process described here may be appropriately omitted. Further, the execution order of the steps in the command issuing process may be different within a range in which the same action and effect are produced. Further, here, a case where each step in the command issuing process is executed by the control unit 11 will be described as an example, but in another embodiment, each step in the command issuing process is dispersed by a plurality of processors. It may be executed.

In step S21, when the control unit 11 (authentication result acquisition unit 113) acquires the authentication result from the authentication device 2, the process proceeds to step S22.

In step S22, the control unit 11 (command processing unit 114) determines whether the authentication result is “authentication permitted”. When the authentication result is “authentication permitted” (S22: YES), the process proceeds to step S23, and when the authentication result is “authentication not permitted” (S22: NO), the process proceeds to step S25. ..

In step S23, the control unit 11 (command processing unit 114), from the conference authentication information DB 122 (see FIG. 4) stored in the storage unit 12, information on the command and the command target device associated with the card ID. To get.

In step S24, the control unit 11 (command processing unit 114) issues (transmits) the acquired command to the terminal device 3 of the command target device.

In step S25, the control unit 11 (command processing unit 114) updates the authentication status of the conference authentication information DB 122 (see FIG. 4). The command issuing process is executed as described above.

[Command execution processing]
Next, the command execution processing executed by the control unit 31 of the terminal device 3 will be described with reference to FIG. 7. For example, the control unit 31 starts execution of the command execution process by starting execution of the command execution process program when the command is acquired from the server device 1.

Note that one or a plurality of steps included in the command execution processing described here may be omitted as appropriate. Further, the execution order of the steps in the command execution process may be different within a range in which the same effect is produced. Further, here, the case where each step in the command execution process is executed by the control unit 31 will be described as an example, but in another embodiment, each step in the command execution process is dispersed by a plurality of processors. It may be executed.

When the control unit 31 (command acquisition unit 311) acquires the command from the server device 1 in step S31, the process proceeds to step S32.

In step S32, the control unit 31 (command execution unit 312) executes the command.

In step S33, the control unit 31 (command execution unit 312) notifies the server device 1 of the execution status of the command. The server device 1 registers information (not shown) indicating that the command has been executed in the conference authentication information DB 122.

According to the authentication system 100 according to the embodiment of the present invention, a user who participates in a conference performs an authentication input operation according to an authentication condition (for example, the number of touches) that only the user can know. Therefore, even if a third party who is not qualified to participate in the meeting illegally obtains the ID card 5 of the participant, it is possible to prevent the third party from participating in the meeting. The authentication input operation is a simple operation of touching the ID card 5 on the reading unit 25 a predetermined number of times set for each user, and is not an operation of inputting a user ID or the like. Therefore, the convenience of user authentication does not decrease. Therefore, according to the authentication system 100, the security level can be improved without reducing the convenience of user authentication. Further, according to the authentication system 100, when the user participating in the conference performs the authentication input operation at the start of the conference or during the conference and the authentication of the user is permitted, the card ID acquired by the authentication input operation. A predetermined command associated with (identification information) is issued. Therefore, the user needs to perform a separate operation for executing the command, for example, an operation of displaying the material used in the conference on the display device 4, an operation of activating a predetermined application on the terminal device 3, and the like. Absent. Therefore, according to the authentication system 100, it is possible to simplify the user's operation in the conference.

The present invention is not limited to the above embodiments. Modifications corresponding to other embodiments of the present invention will be described below.

[Modification 1]
An authentication system 100 according to another embodiment, for example, when authenticating a user A who participates in a conference, performs an authentication input operation of the user A and an authentication of another user who participates in the conference other than the user A, for example, a user C. Authentication processing for the login of the user A is performed based on the input operation. Specifically, for example, the control unit 11 (conference authentication information management unit 112) of the server device 1 sets the number of touches of the user A to “5 times” as the authentication condition corresponding to the login of the user A, and the user C Set the number of touches of to "3 times". Further, the control unit 11 (conference authentication information management unit 112) sets the order of the authentication input operation. For example, the control unit 11 sets the authentication input operation of the user A to “first” and sets the authentication input operation of the user C to “second”. The control unit 11 registers these set authentication conditions (the number of times of touch authentication) in the conference authentication information DB 122 (see FIG. 8 ), and notifies the users A and C. For example, the control unit 11 (meeting authentication information management unit 112) notifies the user A of the information shown in FIG. 9A as the information of the authentication condition corresponding to the user A, and as the information of the authentication condition corresponding to the user C. , And notifies the user C of the information shown in FIG. 9B. The control unit 21 of the authentication device 2 authenticates the user A when the user A first (first) performs the touch operation five times, and subsequently (secondly) the user C performs the touch operation three times. Is permitted and the command (“Display Material-1”) is transmitted. 9A and 9B exemplify a configuration in which information of authentication conditions other than operations performed by the user is not disclosed to each user, but the present invention is not limited to this, and authentication conditions of other users related to own authentication are not limited thereto. May be disclosed.

Similarly, the control unit 11 sets the number of touches of the user C to “2 times” and the number of touches of the user B to “1 time” as the authentication condition corresponding to the user C. Further, the control unit 11 sets the authentication input operation of the user C to "No. 1" and sets the authentication input operation of the user B to "No. 2". The control unit 11 registers these set authentication conditions (the number of times of touch authentication) in the conference authentication information DB 122 (see FIG. 8) and notifies the users C and B. For example, the control unit 11 notifies the user C of the information shown in FIG. 9B as the information of the authentication condition corresponding to the user C, and the information shown in FIG. 9C as the information of the authentication condition corresponding to the user B. Notify B. The control unit 21 of the authentication device 2 authenticates the user C when the user C first (first) makes a touch operation twice and then (secondly) the user B makes a single touch operation. Allow

FIG. 10 is a flowchart showing a part of the authentication processing executed by the control unit 21 of the authentication device 2 according to the first modification. The authentication process according to the first modification is different from the authentication process shown in FIGS. 5A and 5B in that steps S141 and S142 are added, and the other processes are the same. Here, for the sake of convenience, a process different from the authentication process shown in FIGS. 5A and 5B will be described, and the description of the same process will be omitted.

In step S141, the control unit 21 determines whether or not another user's authentication input operation is necessary to authenticate the user to be authenticated. When the authentication input operation of another user is required (S141: YES), the control unit 21 acquires the authentication information (authentication condition) of the other user from the conference authentication information DB 122 (see FIG. 4) (introduction). ) (S142), and the process proceeds to step S116. After step S116, a determination process (S118) of the number of touches corresponding to the authentication input operation (touch operation) of the other user is performed. When the number of touches of the other user matches the authentication condition (S118: YES) and there is no other user who needs the authentication input operation (S141: NO), the process proceeds to step S119. .. The subsequent process is the same as the authentication process shown in FIG. 5B.

Further, the control unit 11 of the server device 1 sets the number of touches of the user A to "5 times" and the number of touches of the user C to "3 times" as the authentication condition corresponding to each of the user A and the user C. However, the control unit 21 of the authentication device 2 may be configured to permit the authentication of the user A and the user C at the same time when the user A and the user C perform the authentication input operation according to the authentication conditions. An example of the conference authentication information DB 122 in the case of this configuration is shown in FIG. The “*” symbol in the user designation of the authentication condition in FIG. 11 is treated as the order does not matter.

As described above, the control unit 21 of the authentication device 2 controls the first identification information (first card ID) and the first operation count (first touch count) corresponding to the first user, and the second identification information corresponding to the second user. The identification information (second card ID) and the second operation count (second touch count) are acquired. Further, the control unit 21 determines whether or not the acquired first operation count and a first set count (first touch authentication count) that is associated in advance with the first identification information match, and It is determined whether or not the number of times of the second operation and the second set number of times (the number of times of second touch authentication) previously associated with the second identification information match. Then, if the control unit 21 determines that the first number of operations and the first set number of times match and also determines that the second number of operations and the second set number of times match, the first unit Authentication of at least one of the user and the second user is permitted.

In addition, when authenticating the first user, the authentication device 2 may add determination processing of the authentication input operation of another one user (for example, the second user), or each of the plurality of other users. The authentication input operation determination process may be added. Further, the order of the authentication input operation of each of the first user to be authenticated and the other user may be defined, and a process of determining the order may be added to the determination process. For example, when the authentication input operation by the first user and the authentication input operation by the second user are successively performed in this order, the control unit 21 determines the first operation count and the first set count. If it is determined that the first operation number and the second set number of times match each other, the authentication of the first user is permitted.

With these configurations, when authenticating a user who intends to participate in the conference, in addition to the authentication input operation of the user himself/herself, the authentication input operation of a third party other than the user himself/herself is required. It is possible to further improve. In addition, the control unit 21 of the authentication device 2 can arbitrarily combine a plurality of authentications by the authentication operation of the users who are conference participants. According to these configurations, it is possible to further improve the security level according to the combination of the authentication input operations of the third party.

In the above configuration, the authentication device 2 may change the display mode of the display unit (LED) based on the authentication input operation by a plurality of users. For example, in the above example of authenticating the user A, when the user A touches the ID card 5A five times, the LED is lit from red during standby to green, and then the user C turns the ID card 5C three times. When touched, the user A authentication is permitted and the LED is turned on in yellow.

[Modification 2]
The authentication system 100 according to another embodiment may perform an authentication process for logging off from the conference system, for example, when the conference ends or when the user leaves during the conference. In the authentication processing, authentication is performed based on the user's authentication input operation described above. It should be noted that the authentication condition for joining the conference (at logon) and the authentication condition for logging off may be set to the same condition or different conditions.

[Modification 3]
In the authentication system 100 according to another embodiment, the control unit 21 (authentication processing unit 213) of the authentication device 2 displays the number of touches counted by the user's authentication input operation (touch operation) on the operation display unit 23. It may be displayed on the section. Accordingly, the user can grasp the progress of the touch operation, and thus can accurately perform the touch operation according to the set number of touches.

In the above configuration, the information on the number of touches may be leaked to a third party. In such a case, the control unit 21 (operation count acquisition unit 212) of the authentication device 2 corrects the number of touches displayed on the display unit, and continues the ID information acquisition operation by the identification information acquisition unit 211. Let The control unit 21 (operation count acquisition unit 212) may display the dummy count that represents the corrected touch count. With this, since the dummy number can be displayed when the authentication is permitted, when the authentication is not permitted, or during the touch operation, it is possible to prevent the information leakage of the regular touch number.

[Modification 4]
In the authentication system 100 according to another embodiment, the display device 4 may have the function of the terminal device 3, and the terminal device 3 may be omitted. In this configuration, the server device 1 transmits the predetermined command to the display device 4, and the display device 4 executes the command. Further, in the authentication system 100 according to another embodiment, the display device 4 may be omitted. In this configuration, each user who participates in the conference uses his own terminal device 3. The display screen of each terminal device 3 may be shared. Further, the authentication system 100 according to another embodiment may be configured by only the server device 1. In this configuration, the server device 1 performs the authentication process, the command issue process, and the command execution process. In addition, the authentication system 100 according to another embodiment may include the server device 1 and the authentication device 2.

1: server device 2: authentication device 3: terminal device 4: display device 11: control unit 12: storage unit 13: operation display unit 14: communication I/F
21: control unit 22: storage unit 23: operation display unit 24: communication I/F
25: reading unit 31: control unit 32: storage unit 33: operation display unit 34: communication I/F
100: Authentication system 111: Authentication information management unit 112: Conference authentication information management unit 113: Authentication result acquisition unit 114: Command processing unit 211: Identification information acquisition unit 212: Operation count acquisition unit 213: Authentication processing unit 214: Authentication result notification Part 311: Command acquisition part 312: Command execution part

Claims (16)

An identification information acquisition unit that acquires the identification information based on an input operation of the identification information for identifying the user by the user,
An operation number acquisition unit that acquires an operation number indicating the number of times the user has performed the input operation within a predetermined time,
When the number of operations acquired by the number-of-operations acquisition unit and the set number of times associated with the identification information acquired by the identification-information acquisition unit match, authentication of the user is permitted, and the number of operations And an authentication unit that disallows authentication of the user when the set number of times does not match,
Authentication system with. The input operation is an operation of causing a reading unit that reads information of the card medium to read a card medium including the identification information,
The operation number acquisition unit acquires the number of times the identification information is read by the reading unit as the operation number,
The authentication system according to claim 1. The operation number acquisition unit counts the number of operations in the predetermined time period, and when the same identification information is continuously acquired by the identification information acquisition unit within the predetermined time period, the same user Judge as the input operation and obtain the counted number of operations,
The authentication system according to claim 1 or 2. When the number of operations does not match the set number of times, the operation number acquisition unit resets the counted number of operations,
The authentication system according to claim 3. When the number of operations does not match the set number of times, the operation number acquisition unit corrects the counted number of operations to a dummy number,
Characterized in that the operation of acquiring the identification information by the identification information acquisition unit is continued.
The authentication system according to claim 3. The identification information acquisition unit acquires first identification information corresponding to a first user and second identification information corresponding to a second user,
The operation number acquisition unit acquires a first operation number by the first user and a second operation number by the second user,
In the authentication unit, the first operation count acquired by the operation count acquisition unit matches a first set count pre-associated with the first identification information acquired by the identification information acquisition unit, and If the second operation number acquired by the operation number acquisition unit and a second set number pre-associated with the second identification information acquired by the identification information acquisition unit match, the first operation Permitting authentication of at least one of the user and the second user,
The authentication system according to any one of claims 1 to 5. The identification information acquisition unit acquires first identification information corresponding to a first user and a plurality of identification information corresponding to each of a plurality of other users,
The operation number acquisition unit acquires a first operation number by the first user and a plurality of operation numbers by each of the plurality of users,
In the authentication unit, the first operation count acquired by the operation count acquisition unit matches a first set count pre-associated with the first identification information acquired by the identification information acquisition unit, and , Each of the plurality of operation times acquired by the operation number acquisition unit and each of a plurality of set times pre-associated with each of the plurality of identification information acquired by the identification information acquisition unit In that case, the authentication of the first user is permitted,
The authentication system according to any one of claims 1 to 5. The identification information acquisition unit acquires first identification information corresponding to a first user and second identification information corresponding to a second user,
The operation number acquisition unit acquires a first operation number by the first user and a second operation number by the second user,
The authentication unit, when the input operation by the first user and the input operation by the second user are successively performed in this order, the first operation number acquired by the operation number acquisition unit, and , The first set number of times associated with the first identification information acquired by the identification information acquisition unit matches, and the second operation number acquired by the operation number acquisition unit, and the identification information When the second set number associated in advance with the second identification information acquired by the acquisition unit matches, authentication of the first user is permitted,
The authentication system according to any one of claims 1 to 5. The identification information acquisition unit acquires first identification information corresponding to a first user and second identification information corresponding to a second user,
The operation number acquisition unit acquires a first operation number by the first user and a second operation number by the second user,
The authentication unit, when the input operation by the first user and the input operation by the second user are successively performed in this order, the first operation number acquired by the operation number acquisition unit, and , The first set number of times associated with the first identification information acquired by the identification information acquisition unit matches, and the second operation number acquired by the operation number acquisition unit, and the identification information When the second set number associated in advance with the second identification information acquired by the acquisition unit matches, authentication of at least one of the first user and the second user is permitted,
The authentication system according to any one of claims 1 to 5. A light emitting unit that displays a predetermined color,
A notification unit for notifying the user of the result of the authentication processing by the authentication unit,
Further equipped with,
The notification unit displays the light emitting unit in the first display color when the authentication unit permits the user authentication, and emits the light when the authentication unit does not permit the user authentication. Parts in the second display color,
The authentication system according to any one of claims 1 to 9. Command information of a command for instructing an operation corresponding to the user's desired operation is previously associated with the identification information corresponding to the user,
Further comprising a command issuing unit for issuing the command of the command information associated with the identification information corresponding to the user when the authentication unit permits the user to be authenticated,
The authentication system according to any one of claims 1 to 10. A plurality of command information including the first command information of the first command and the second command information of the second command in the identification information corresponding to the user, and the first command indicating the number of times of setting for the first command A plurality of command setting times including a setting number and a second command setting number indicating the setting number for the second command are associated with each other;
The command issuing unit issues the first command when the number of times of operation matches the number of times of setting for the first command and the authentication unit permits the authentication of the user. The second command is issued when the set number of times for two commands matches and the authentication of the user is permitted by the authentication unit,
The authentication system according to claim 11. The command issuing unit issues the command at least at any one of login at the start of a conference, normal time during a conference after login, and logout,
The authentication system according to claim 11 or 12. The identification information corresponding to the user is previously associated with terminal information for identifying a terminal device that executes the command,
The command issuing unit identifies the command corresponding to the command information associated with the identification information corresponding to the user, when the authentication of the user is permitted by the authentication unit, the identification corresponding to the user. Transmitting to the terminal device corresponding to the terminal information associated with information,
The authentication system according to any one of claims 11 to 13. The identification information acquisition unit acquires the identification information based on the input operation of the user at the start of the conference or during the conference,
The authentication system according to any one of claims 1 to 14. Acquiring the identification information based on an input operation of the identification information for identifying the user by the user,
Acquiring a number of operations indicating the number of times the user has performed the input operation within a predetermined time,
When the acquired number of operations and the acquired set number of times associated with the identification information match, authentication of the user is permitted, and when the number of operations does not match the set number, the user is authenticated. Disallowing the authentication of
An authentication method comprising.