JP2022153444A - Authentication system, transmission device, reception device, authentication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To deal with noise received by data to be transmitted.

SOLUTION: A transmission device (20) of a communication system (S) divides data to be transmitted into a plurality of data portions, creates each of a plurality of packets so that at least one data portion is duplicated and included multiple times and order information about order of the data portion in the data to be transmitted is included, and transmits each of the plurality of packets to a reception device (30). The reception device (30) of the communication system (S) receives each of the plurality of packets from the transmission device (20), acquires the data to be transmitted by coupling the plurality of data portions based on at least one data portion of the duplicated multiple pieces and the order information included in each of the plurality of packets, and executes predetermined processing based on the data to be transmitted.

SELECTED DRAWING: Figure 7

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present disclosure relates to communication systems, transmitting devices, receiving devices, communication methods, and programs.

2. Description of the Related Art Conventionally, there is known a technique for transmitting data to be transmitted such as user identification information from a transmitting device to a receiving device. For example, in Patent Document 1, a transmitting device encrypts user identification information with an encryption key that is changed at a predetermined timing, and uses a Bluetooth (registered trademark) advertising packet to transmit the encrypted identification information. Techniques for transmitting to a receiving device are described.

JP 2016-116130 A

In the technique of Patent Literature 1, identification information differs for each user, so the receiving device needs to receive an advertising packet containing arbitrary identification information. In this respect, noise may occur during conversion to an analog electric signal or during transmission of an advertising packet. Therefore, in order to accurately acquire the identification information, the receiving device of Patent Document 1 needs to distinguish between advertising packets that are not affected by noise and advertising packets that are affected by noise.

The advertising packet of Patent Document 1 contains a CRC (Cyclic Redundancy Check), which is a type of error detection code, but there is a limit to the error detection accuracy of the CRC, and it is not possible to sufficiently cope with the noise received by the identification information. Sometimes. This point is the same for other communication protocols than Bluetooth (registered trademark), and the conventional method could not sufficiently deal with the influence of noise on data to be transmitted.

One of the purposes of the present disclosure is to deal with the noise received by the data to be transmitted.

A predicted profit and loss display system according to the present disclosure is a communication system including a transmitting device and a receiving device, wherein the transmitting device includes dividing means for dividing transmission target data into a plurality of data parts, and a plurality of packets. creating means for creating each of the plurality of packets such that each of the plurality of packets includes a plurality of at least one of the data portions in duplicate and includes order information regarding the order of the data portions in the transmission target data; and transmitting means for transmitting each of the plurality of packets to the receiving device, the receiving device receiving means for receiving each of the plurality of packets from the transmitting device; an obtaining means for obtaining the data to be transmitted by combining the plurality of data portions based on the at least one of the plurality of overlapping data portions and the order information included in each packet; and execution means for executing a predetermined process based on the data to be transmitted.

A transmission device according to the present disclosure includes dividing means for dividing transmission target data into a plurality of data portions, and each of a plurality of packets includes a plurality of at least one of the data portions in duplicate, and the transmission target data creating means for creating each of the plurality of packets such that order information relating to the order of the data portions in the data is included; and transmitting means for transmitting each of the plurality of packets to a receiving device.

A receiving device according to the present disclosure includes receiving means for receiving each of a plurality of packets from a transmitting device, at least one of a plurality of overlapping data portions included in each of the plurality of packets, and order information about the order, obtaining means for obtaining transmission target data by combining the plurality of data portions based on the order information, and execution means for executing predetermined processing based on the transmission target data.

A communication method according to the present disclosure includes a dividing step of dividing transmission target data into a plurality of data portions; a creating step of creating each of the plurality of packets so that order information about the order of the data portion in the data is included; a transmitting step of transmitting each of the plurality of packets to a receiving device; , a receiving step of receiving each of the plurality of packets, a plurality of the at least one data portion that is duplicated and included in each of the plurality of packets, and the order information, the plurality of data An acquisition step of combining parts to acquire the transmission target data, and an execution step of executing a predetermined process based on the transmission target data.

The program according to the present disclosure includes dividing means for dividing transmission target data into a plurality of data parts, each of a plurality of packets includes a plurality of at least one of the data parts in duplicate, and in the transmission target data The computer is caused to function as creating means for creating each of the plurality of packets and transmitting means for transmitting each of the plurality of packets to a receiving device so that order information about the order of the data portion is included.

A program according to the present disclosure relates to receiving means for receiving each of a plurality of packets from a transmitting device, at least one of a plurality of overlapping data portions included in each of the plurality of packets, and an order of the data portions. The computer is caused to function as acquisition means for acquiring data to be transmitted by combining the plurality of data portions based on order information, and execution means for executing predetermined processing based on the data to be transmitted.

In one aspect of the present disclosure, each of the plurality of packets includes a plurality of duplicates of the at least one data part in a first data area, includes the order information in a second data area, and The acquisition means scans packets having the same value contained in the first data area, and acquires the transmission target data based on the scanned packets.

In one aspect of the present disclosure, the creating means creates each of the plurality of packets so that each of the plurality of packets includes a plurality of overlapping pieces of the order information, and the obtaining means creates the The data to be transmitted is acquired based on the plurality of duplicated at least one data portions and the plurality of duplicated order information included in each of the plurality of packets.

In one aspect of the present disclosure, each of the plurality of packets includes a plurality of overlapping at least one data portions in a first data area, and overlaps the order information in a second data area. The acquiring means scans packets having the same value contained in the second data area, and acquires the transmission target data based on the scanned packets.

In one aspect of the present disclosure, the creating means creates each of the plurality of packets such that each of the plurality of packets includes a plurality of consecutively overlapping pieces of the order information.

In one aspect of the present disclosure, the creating means creates the plurality of packets such that the plurality of at least one data portion and the order information are separated from each other by a predetermined distance or more in each of the plurality of packets. to create each of the

In one aspect of the present disclosure, the creation means creates each of the plurality of packets such that each of the plurality of packets includes a plurality of the at least one data portion in succession in an overlapping manner.

In one aspect of the present disclosure, the receiving device further includes identifying means for identifying the number of the data portions, and the obtaining means obtains the at least one data portion from each of the plurality of packets until the number is reached. and the order information is obtained, and when the number is reached, the transmission target data is obtained.

In one aspect of the present disclosure, the transmission target data is a numerical value with a predetermined number of digits, each of the plurality of data portions is an individual digit included in the numerical value, and the order information is The number of digits is indicated, and the specifying means specifies the number of digits as the number.

In one aspect of the present disclosure, the receiving device can communicate with each of the plurality of transmitting devices, and each of the plurality of packets includes identification information that can identify the transmitting device that transmitted the packet. and the acquisition means acquires the transmission target data for each of the transmission devices based on the identification information included in each of the plurality of packets.

In one aspect of the present disclosure, each of the plurality of packets is an advertising packet in a predetermined wireless communication standard, and the creating means adds a part of a service UUID in the wireless communication standard to each of the plurality of advertising packets As, each of the plurality of advertising packets is created so as to include a plurality of the at least one data part in duplicate and the order information, and the transmitting means uses the wireless communication standard , transmitting each of the plurality of advertising packets, the receiving means using the wireless communication standard to receive each of the plurality of advertising packets, and the obtaining means for each of the plurality of advertising packets The data to be transmitted is obtained based on the plurality of duplicated at least one data portions included as part of the service UUID and the order information.

In one aspect of the present disclosure, a predetermined application is installed in the transmission device, and the processing of each of the division unit, the creation unit, and the transmission unit is executed as processing of the application, and the service The UUID includes an application identification ID that can identify the application, and the obtaining means scans the advertising packet in which the application identification ID is included in the service UUID, and obtains the transmission target data. do.

In one aspect of the present disclosure, the transmission target data is a user ID capable of identifying a user of the transmission device, and the predetermined process is an authentication process executed based on the user ID.

In one aspect of the present disclosure, the receiving device further includes biometric information acquisition means for acquiring biometric information of the user, and the execution means performs the authentication process based on the user ID and the biometric information. to run.

According to the present disclosure, it is possible to deal with noise received by transmission target data.

It is a figure which shows the whole structure of a communication system. It is a figure which shows an example of the scene where a communication system is used. FIG. 4 is a diagram showing an example format of an advertising packet; FIG. 10 is a diagram showing how an authentication device scans advertising packets; FIG. 10 is a diagram showing how an authentication device scans advertising packets; FIG. 10 is a diagram showing how an authentication device scans advertising packets; 1 is a functional block diagram showing an example of functions implemented in a communication system; FIG. It is a figure which shows the data storage example of a user database. FIG. 10 is a diagram showing a data storage example of scan setting data; FIG. 10 is a flow diagram showing an example of activation processing; FIG. 10 is a flow diagram showing an example of authentication processing; FIG. 10 is a diagram showing details of processing in S204; FIG.

[1. Overall configuration of communication system]
Hereinafter, examples of embodiments of a communication system according to the present disclosure will be described. In this embodiment, a case where the communication system is applied to an authentication service for authenticating users will be taken as an example. The communication system can be applied to any service, and examples of application to other services will be described in modified examples below.

FIG. 1 is a diagram showing the overall configuration of a communication system. As shown in FIG. 1, a communication system S includes a server 10, a user terminal 20, and an authentication device 30, which are connectable to a network N such as the Internet. Note that FIG. 1 shows one each of the server 10, the user terminal 20, and the authentication device 30, but a plurality of these may be provided.

Server 10 is a server computer. The server 10 includes a control section 11 , a storage section 12 and a communication section 13 . Control unit 11 includes at least one processor. The control unit 11 executes processing according to programs and data stored in the storage unit 12 . The storage unit 12 includes a main storage unit and an auxiliary storage unit. For example, the main memory is volatile memory such as RAM. Further, for example, the auxiliary storage unit is non-volatile memory such as ROM, EEPROM, flash memory, or hard disk. The communication unit 13 is a communication interface for wired communication or wireless communication. The communication unit 13 performs data communication via the network N. FIG.

The user terminal 20 is a computer operated by a user. The user terminal 20 is an example of a transmission device. Therefore, where the user terminal 20 is described in this embodiment, it can be read as a transmission device. The transmitting device may be any device that transmits individual data portions obtained by dividing transmission target data, which will be described later. Other examples of the transmitting device will be described in modified examples described later.

For example, the user terminal 20 is a mobile phone (including a smart phone), a mobile information terminal (including a tablet computer and a wearable terminal), or a personal computer. In this embodiment, the user terminal 20 includes a control section 21 , a storage section 22 , a communication section 23 , an operation section 24 , a display section 25 and an imaging section 26 . The physical configurations of the control unit 21, the storage unit 22, and the communication unit 23 may be the same as those of the control unit 11, the storage unit 12, and the communication unit 13, respectively.

The operation unit 24 is an input device. For example, the operation unit 24 is a touch panel, a pointing device such as a mouse, a keyboard, buttons, or the like. The display unit 25 is a display or monitor. For example, the display section 25 is a liquid crystal display section, an organic EL display section, or the like. The imaging unit 26 includes at least one camera. The photographing unit 26 may generate a still image, or may continuously photograph at a predetermined frame rate to generate a moving image.

The authentication device 30 is a computer used for authentication. The authentication device 30 is an example of a receiving device. Therefore, where the authentication device 30 is described in this embodiment, it can be read as a receiving device. The receiving device may be any device as long as it receives individual data portions obtained by dividing transmission target data, which will be described later. Other examples of the receiving device will be described in modified examples described later.

For example, the authentication device 30 is a mobile phone, a personal digital assistant, or a personal computer. In this embodiment, the authentication device 30 includes a control section 31 , a storage section 32 , a communication section 33 , an operation section 34 , a display section 35 and an imaging section 36 . The physical configurations of the control unit 31, the storage unit 32, the communication unit 33, the operation unit 34, the display unit 35, and the photographing unit 36 are the control unit 11, the storage unit 12, the communication unit 13, the operation unit 24, the display unit 25, respectively. , and the imaging unit 26 .

Note that the programs and data described as being stored in the storage units 12, 22, and 32 may be supplied via the network N. Moreover, the hardware configuration of each computer described above is not limited to the above example, and various hardware can be applied. For example, even if a reading unit (e.g., optical disk drive or memory card slot) for reading a computer-readable information storage medium and an input/output unit (e.g., USB port) for inputting/outputting data with an external device are included. good. For example, a program or data stored in an information storage medium may be supplied via a reading section or an input/output section.

[2. Overview of communication system]
In the present embodiment, processing executed in the communication system S will be described by taking as an example a scene in which a user passes through a security gate. The communication system S can also be applied to authentication in any other scene, and examples of application to other scenes will be described in modified examples described later.

FIG. 2 is a diagram showing an example of a scene in which the communication system S is used. As shown in Figure 2, the security gate SG includes a revolving door. An authentication device 30 is connected to the security gate SG. The door of security gate SG is locked by a lock mechanism. Once the user is successfully authenticated, the lock is released. For example, a security gate SG is placed at any facility such as a company or public facility, and only users who are qualified to enter the facility can pass through the security gate SG.

In this embodiment, as an authentication method for authenticating a user, two-step authentication including ID authentication and face authentication is taken as an example. The authentication method is not limited to the example of this embodiment, and any other authentication method can be used. For example, biometric authentication other than face authentication may be used, such as fingerprint authentication, iris authentication, vein authentication, or voice authentication. Also, for example, authentication methods other than ID authentication and face authentication may be used, such as two-dimensional code authentication, passcode authentication, password authentication, electronic stamp authentication, password authentication, or the like. Further, for example, only one step of authentication may be performed, or three or more steps of authentication may be performed.

ID authentication is authentication performed using a pre-issued user ID. A user ID is information that can identify a user. In this embodiment, the user ID is a numeric value with a predetermined number of digits, but the user ID may have a different number of digits depending on the user. The user ID may be in any format and is not limited to numerical values. For example, the user ID may be a character string or a combination of numerical values (numbers) and characters. ID authentication succeeds when a pre-issued user ID is entered. In this embodiment, when any user ID registered in the server 10 is input to the authentication device 30, ID authentication is successful.

Face authentication is authentication performed using a photograph of a face registered in advance or a feature amount of the face. A facial photograph is an image of the user's face. The facial feature amount is information indicating facial features shown in a facial photograph. In the present embodiment, the facial feature amount is described as a multidimensional vector, but the facial feature amount may be in any form, such as an array or a single numerical value. In the present embodiment, if there is a facial photograph or facial feature quantity registered in the server 10 that is similar or identical to the facial photograph or facial feature quantity of the user captured by the authentication device 30, the face Authentication succeeds. The face authentication itself can use a known method, such as principal component analysis, linear discriminant analysis, elastic matching, or hidden Markov model. The feature amount may be calculated by a calculation formula according to these methods.

For example, when a user operates the user terminal 20 to register for use of the authentication service, personal information such as the user's name and the user's facial photograph are registered in the server 10 . When the usage registration is completed, the user ID issued by the server 10 is stored in the storage unit 22 of the user terminal 20 . The user can then use the authentication service to pass through the security gate SG.

The same user ID may be used permanently, but in this embodiment, it is updated at a predetermined timing. When the user ID is updated, the old user ID that has been used until then becomes invalid. For example, an application for using an authentication service (hereinafter referred to as an authentication application) is installed in the user terminal 20, and the user ID is updated each time the authentication application is activated.

Note that the timing of updating the user ID is not limited to when the authentication application is activated, and may be any timing. For example, the user ID may be updated when the user performs a predetermined operation within the authentication application, when ID authentication is successful, or when the expiration date set in the user ID expires.

As shown in FIG. 2, for example, the user approaches the security gate SG with the user terminal 20 in the pocket of the clothes. The wireless communication function of the communication unit 23 of the user terminal 20 is turned on in advance, and the user ID stored in the storage unit 22 is transmitted within the communication range. The wireless communication function may be turned on automatically when approaching the security gate SG, or may be manually turned on by the user. Wireless communication itself can use any communication standard, for example, Bluetooth (registered trademark) or Wi-Fi (registered trademark).

In this embodiment, the user terminal 20 transmits the user ID using an advertising packet of BLE (Bluetooth Low Energy), which is a type of Bluetooth (registered trademark). The advertising packet is a packet transmitted before pairing is performed, and the user terminal 20 transmits the advertising packet to an unspecified number of devices included within a communication range of several meters to several tens of meters. .

FIG. 3 is a diagram showing an example format of an advertising packet. The format of the advertising packet is defined by wireless communication standards, and the details of the format are open to the public. Therefore, in this embodiment, only the part used for transmitting the user ID will be explained without explaining the entire format.

As shown in FIG. 3, the advertising packet includes a data payload section for storing actual data. The size of the data payload portion is variable, with a maximum of 37 bytes (octets). Actual data is stored in the AD data portion of the data payload portion. The type of actual data stored in the AD data portion is specified by the AD type of the data payload portion. The authentication device 30 can identify the type of actual data stored in the corresponding AD data section by referring to the AD type.

For example, when the AD type is the first value, it means that the actual data stored in the AD data section is the service UUID. A service UUID is information that can identify a service. For example, the service UUID identifies the application that sent the advertising packet. The service UUID of the advertising packet sent by the authentication application identifies that the advertising packet was sent by the authentication application.

Further, for example, the AD type being the second value means that the actual data stored in the AD data section is a local name. A local name is information that can identify a device. For example, the local name is the device name of user terminal 20 . Depending on the operating system of the user terminal 20, when an application such as an authentication application enters background mode, or when a predetermined period of time has passed since the user terminal 20 entered sleep mode, for power saving, The local name in memory may be erased and cannot be sent.

On the other hand, the service UUID can transmit the same information as long as the application such as the authentication application is not deleted. Therefore, in this embodiment, by transmitting an advertising packet in which the user ID is embedded in part of the service UUID, the user ID can be transmitted from the user terminal 20 to the authentication device 30 without pairing. there is

The service UUID may use the format defined by the wireless communication standard. For example, a 128-bit service UUID consists of 36 digits including 32 digits and 4 hyphens. The position of the hyphen within the 36 digits is predetermined. Since it is not necessary to use all of the service UUID for service identification, even if a part of the service UUID is used for the user ID, the authentication device 30 cannot identify which service the advertising packet is. Identifiable.

Since the authentication device 30 may receive advertising packets transmitted by applications other than the authentication application, the authentication device 30 scans the advertising packets transmitted by the authentication application among the advertising packets transmitted to itself. . That is, the authentication device 30 processes advertising packets transmitted by the authentication application, and excludes and discards advertising packets transmitted by other applications.

4 to 6 are diagrams showing how the authentication device 30 scans advertising packets. 4 and 5 provide a description for reference, and FIG. 6 illustrates the technique of the present embodiment. In this embodiment, the user ID is a four-digit numerical value from "0000" to "9999", and FIGS. 4 to 6 explain the case where the user ID is "2791".

The service UUID in FIG. 4 stores "68753A44-4D6F-1226-9C60-0050E4C0" as an application identification ID in the 1st to 32nd digits, and "2791" as a user ID in the 33rd to 36th digits. is stored. The application identification ID is information that can identify the authentication application. It is assumed that the application identification ID is pre-stored in the storage unit 22 of the user terminal 20 .

The user terminal 20 creates an advertising packet containing the service UUID shown in FIG. 4 and transmits the created advertising packet to the surroundings. The authentication device 30 within the communication range of the user terminal 20 scans the advertising packets sent to itself, including the service UUID and the application identification ID of the authentication application. That is, the authentication device 30 has the AD type of the first value, and the 1st to 32nd digits of the service UUID stored in the AD data section are "68753A44-4D6F-1226-9C60-0050E4C0". Scan advertising packets. Other advertising packets are discarded without being scanned.

In the example of FIG. 4, since the 33rd to 36th digits of the service UUID are arbitrary numbers, the 33rd to 36th digits are "0000" to "9999", which are 10,000 patterns to be scanned. Since the authentication device 30 needs to scan a huge number of advertising packets, depending on the performance of the authentication device 30, it may not be possible to scan all advertising packets. For example, even if you try to make the authentication device 30 scan 10,000 patterns, in reality, only several hundred to several thousand patterns can be scanned, and the authentication device 30 cannot receive the user ID and cannot perform the authentication process. Sometimes.

Also, noise may occur when the user terminal 20 converts an advertising packet created as digital data into an analog electric signal. Noise can also be caused by other factors. For example, noise may occur due to external factors in the air, or noise may occur when the authentication device 30 converts analog electrical signals received into digital data. Therefore, even if the user terminal 20 repeatedly transmits an advertising packet containing the same service UUID, the user ID may be rewritten due to noise.

In the example of FIG. 4, noise occurs in three out of four advertising packets received by the authentication device 30 from the user terminal 20 . Although the same user ID should be stored in these four advertising packets, at least one value in the 33rd to 36th digits, for example, may be rewritten due to the influence of noise. In this case, the authentication device 30 cannot determine which is the correct user ID.

It is conceivable that all four types of advertising packets received by the authentication device 30 are considered to be correct user IDs and the authentication process is executed in a round-robin manner, but in this case, the authentication process needs to be executed many times. Therefore, the processing load on the server 10 and the authentication device 30 increases. Furthermore, the user in front of the security gate SG may be erroneously authenticated as another user with a similar face. In the example of FIG. 4, if the user whose user ID is "2791" and the users whose user IDs are "1791", "2795", and "8791" have similar faces, false authentication occurs. there is a possibility.

In this regard, as shown in FIG. 5, the user ID "2791" is divided into individual digits, and each of the four service UUIDs stores two overlapping individual digits to reduce the effects of noise. It is also conceivable to let In the example of FIG. 5, the 1st to 32nd digits of the service UUID are the same as in FIG. 4 and are an application identification ID. In the 33rd and 34th digits of the service UUID, "00" is stored as padding to make the service UUID 36 digits. In the 35th and 36th digits of the service UUID, the numerical values of individual digits of the user ID are redundantly stored.

For example, the 35th and 36th digits of the first service UUID become "22" by duplicating the first digit "2" of the user ID. Also, for example, the 35th and 36th digits of the second service UUID become "77" by duplicating the second digit "7" of the user ID. Also, for example, the 35th and 36th digits of the third service UUID become "99" by inserting two duplicate "9"s, which are the second digits of the user ID. Also, for example, the 35th and 36th digits of the fourth service UUID become "11" by duplicating the 4th digit "1" of the user ID.

In the case of FIG. 5, the authentication device 30 scans an advertising packet in which the 35th and 36th digits match. , there are 10 matching patterns. Since the number of objects to be scanned is greatly reduced compared to the case of FIG. 4, the processing load on the authentication device 30 is reduced, and the entire street can be reliably scanned. For this reason, it is possible to prevent the user ID from being omitted from the scanning target and the authentication process from not being executed.

Furthermore, since scanning is not performed unless the 35th and 36th digits match, the influence of noise can be eliminated to some extent. For example, if the 35th and 36th digits are "22" indicating the first digit of the user ID, even if the number becomes "24" due to noise, the 35th and 36th digits will not match. Since it is not scanned without scanning, advertising packets affected by noise can be excluded and discarded. However, as shown in FIG. 5, if both the 35th and 36th digits are affected by noise and "22" is rewritten to "55", the advertising packet affected by such noise cannot be excluded.

Further, in the case of FIG. 5, since the four-digit user ID is divided into four advertising packets and transmitted, authentication device 30 may not be able to specify the order of individual digits. For example, even if the first service UUID to the fourth service UUID are transmitted in order, the authentication device 30 does not necessarily receive them in the order of transmission. It may not be an ID. Furthermore, depending on the operating system of the authentication device 30, the received service UUIDs may be sorted in ascending order. In this case, the individual numerical values of the user ID "2791" are sorted in ascending order to become "1279", which may not be an accurate user ID.

Therefore, in this embodiment, as shown in FIG. 6, order information is included in the service UUID. The order information is information regarding the order of individual digits in the user ID. In this embodiment, the 4-digit user ID is divided into individual digits, so the order information is information indicating what digit the user ID is. In the example of FIG. 6, "A", "B", "C" and "D" indicate the first, second, third and fourth digits, respectively. The order information can be expressed in any other format, and may be expressed as numerical values from "1" to "4", for example. Also, for example, the order of characters and the order of digits may not match, such that "A" indicates the fourth digit and "B" indicates the first digit.

In the example of FIG. 6, "68753A44-4D6F-" in the 1st to 14th digits and "-9C60-0050E4C0" in the 19th to 32nd digits of the service UUID are application identification IDs. Although the application identification ID in FIG. 6 has fewer digits than the application identification IDs in FIGS. 4 and 5, it has a sufficient number of digits to identify the application. It can be identified as an advertising packet.

The application identification ID may have any number of digits, but if the number of digits is too small, it may overlap with other applications and cannot be distinguished. shall have Since the service UUID has an upper limit on the number of digits (for example, 36 digits), the number of digits of the user ID and the number of sequence information are determined so that a certain number of digits can be secured for the application identification ID. ing. Conversely, if the number of digits of the user ID and the number of order information are too small, the effect of reducing the influence of noise will be weakened, so these numbers are also ensured to a certain extent.

As shown in FIG. 6, the 15th to 18th digits of the service UUID store four pieces of redundant order information, and the 33rd to 36th digits of the service UUID store individual digits of the user ID. are stored four times.

For example, in the 15th to 18th digits of the first service UUID, four "A"s indicating the first digit are duplicated to form "AAAA", and the 33rd to 36th digits The first digit of the user ID, ie, "2" is duplicated four times, resulting in "2222". Also, for example, the 15th to 18th digits of the second service UUID become "BBBB" by inserting four "B"s indicating the second digit, and the 33rd to 36th digits. The second digit is "7777" by adding four duplicates of "7", which is the second digit of the user ID.

Also, for example, in the 15th to 18th digits of the third service UUID, four “C”s indicating that it is the 3rd digit are duplicated to form “CCCC”, and the 33rd to 36th digits are “CCCC”. The third digit is "9999" by adding four duplicate "9", which is the third digit of the user ID. Also, for example, the 15th to 18th digits of the fourth service UUID become "DDDD" by inserting four "D"s indicating that it is the 4th digit, and the 33rd to 36th digits. The fourth digit is "1111" by adding four duplicates of "1", which is the fourth digit of the user ID.

In the case of Fig. 6, the scan target is 4 ways of "AAAA" to "DDDD" for the 15th to 18th digits, and 10 ways of "0000" to "9999" for the 33rd to 36th digits. 40 streets. Although the number of objects to be scanned is slightly increased compared to the case of FIG. 5, the number of objects to be scanned is significantly smaller than that of FIG. Also, the authentication device 30 can accurately acquire the user ID by specifying the order of individual digits according to the order information. Furthermore, compared to the case of FIG. 5, each of the order information and the individual digits of the user ID overlaps four times, and the number of overlaps is large.

When the user ID is acquired, the authentication device 30 captures the user's face with the imaging unit 36 to acquire a facial photograph. The authentication device 30 transmits the user ID and face photograph to the server 10 . The server 10 performs ID authentication and face authentication based on the user ID and facial photograph, and transmits an authentication result indicating success or failure of the authentication to the authentication device 30 . When the authentication is successful, the authentication device 30 unlocks the security gate SG and causes the display unit 35 to display a message prompting the user to pass. If the authentication fails, the authentication device 30 does not unlock the security gate SG and causes the display unit 35 to display a predetermined error message.

As described above, in the present embodiment, by using advertising packets, authentication processing can be executed without pairing between the user terminal 20 and the authentication device 30 . In addition, each advertising packet contains a plurality of duplicated order information and a plurality of duplicated individual digits of the user ID, thereby coping with the influence of noise and transmitting the user ID to the authentication device 30. It is designed to be obtained accurately. Hereinafter, details of the communication system S will be described.

[3. Functions realized in communication system]
FIG. 7 is a functional block diagram showing an example of functions implemented in the communication system S. As shown in FIG. Here, functions realized by each of the server 10, the user terminal 20, and the authentication device 30 will be described.

[3-1. Functions implemented in the server]
As shown in FIG. 7, the server 10 implements a data storage unit 100, an issuing unit 101, and an executing unit 102. FIG. The data storage unit 100 is realized mainly by the storage unit 12 . Each of issuing unit 101 and executing unit 102 is realized mainly by control unit 11 .

[Data storage part]
The data storage unit 100 stores data necessary for providing authentication services. In this embodiment, a user database DB will be described as an example of data stored in the data storage unit 100. FIG.

FIG. 8 is a diagram showing an example of data storage in the user database DB. As shown in FIG. 8, the user database DB is a database in which various types of information regarding each of a plurality of users who have completed usage registration are stored. For example, the user database DB stores user accounts, user names, passwords, user IDs, uploaded facial photograph data, and facial feature amounts calculated from facial photographs.

A user account is information that can identify a user. A user account is a concept similar to a user ID, but in this embodiment, the user ID is updated each time the authentication application is started, whereas in principle the user account is used permanently without being updated. be done. In addition, in the present embodiment, duplication of user IDs is permitted between users whose faces do not resemble each other. Not duplicate. A user's email address may be used as a user account.

When the server 10 accepts user registration for use, the server 10 creates a new record in the user database DB and stores various information about the user who has registered for use. For example, the server 10 calculates the feature amount of the facial photograph uploaded by the user and stores it in the user database DB. The initial value of the user ID is issued by the issuing unit 101, which will be described later, and in this embodiment, the user ID is updated to a new user ID each time the authentication application is started. Other information such as a face photo may also be changeable after the fact.

The data stored in the data storage unit 100 is not limited to the user database DB, and the data storage unit 100 can store arbitrary data. For example, when multiple authentication devices 30 are included in the communication system S, the data storage unit 100 may store a database in which various types of information regarding each of the multiple authentication devices 30 are stored.

[Publishing Department]
The issuing unit 101 issues a user ID for each of a plurality of users based on ID issuing rules. The ID issuance rule may be any predetermined rule, for example, it may be a rule to randomly issue a user ID, or a rule to issue the youngest available number as a user ID. There may be. In the present embodiment, an example will be described in which the ID issuing rule is to issue a random user ID so as not to duplicate the user ID of another user having a similar face.

For example, when issuing a user ID for a certain user (hereinafter referred to as a user to be issued), the issuing unit 101 randomly generates a four-digit numerical value as a user ID candidate. The issuing unit 101 refers to the user database DB and determines whether or not the face of the user to be issued is similar to the face of the user associated with the same user ID as the generated candidate. Various methods used in face authentication can be used for face similarity determination itself. The similarity judgment is performed based on the distance of . A distance less than the threshold means that the faces are similar. A distance greater than or equal to the threshold means that the faces are not similar.

If the issuing unit 101 determines in the above determination that there is no similarity, the issuing unit 101 determines the current candidate as the user ID of the user to be issued. If the issuing unit 101 determines that the two are similar in the above determination, it randomly generates another 4-digit numerical value and acquires it as a new candidate. After that, the issuing unit 101 generates new candidates until a candidate determined as dissimilar in the above determination is found.

The issuing unit 101 stores the determined user ID in the user database DB as the user ID of the user to be issued. The issuing unit 101 transmits the determined user ID to the user terminal 20 . Upon receiving the user ID, the user terminal 20 records it as a new user ID in the data storage unit 200, which will be described later, and erases the old user ID. In this embodiment, the issuing unit 101 issues a user ID when the user registers for use or when the authentication application is activated. It is not limited to the example of this embodiment.

[Execution part]
The executing unit 102 executes predetermined processing based on a request from the authentication device 30 . The predetermined process may be a process of contents according to the service to which the communication system S is applied. In this embodiment, since an example of application to an authentication service is described, authentication processing will be described as an example of predetermined processing. The execution unit 102 receives a user ID acquired by a user ID acquisition unit 303, which will be described later, from the authentication device 30, and executes authentication processing based on the user ID.

In this embodiment, two-step authentication of ID authentication and face authentication is used. perform authentication. If the user ID exists in the user database DB, ID authentication is successful. ID authentication fails if the user ID does not exist in the user database DB.

The execution unit 102 calculates the facial features of the user to be processed based on the facial photograph received from the authentication device 30 when the ID authentication is successful. Based on the calculated facial feature amount and the correct facial feature amount stored in the user database DB (the facial feature amount associated with the user ID received from the authentication device 30), the execution unit 102 , perform face recognition. If these distances are less than the threshold, face recognition is successful. If these distances are equal to or greater than the threshold, face recognition fails. The execution unit 102 transmits authentication results of ID authentication and face authentication to the authentication device 30 .

In this embodiment, a case where user IDs and facial feature amounts are stored in one user database DB will be described, but a separate database for storing facial feature amounts may be used for each user ID. In this case, the data storage unit 100 stores multiple databases, and the user ID is used as a query to search the databases. The execution unit 102 refers to the database associated with the user ID received from the authentication device 30, and determines whether there is a facial feature quantity similar to the facial feature quantity calculated based on the facial photograph received from the authentication device 30. It is sufficient to determine whether or not In this case, since ID authentication is not executed, authentication processing is only one-step face authentication.

[3-2. Functions implemented in user terminal]
As shown in FIG. 7 , the user terminal 20 implements a data storage unit 200 , a division unit 201 , a creation unit 202 and a transmission unit 203 . The data storage unit 200 is realized mainly by the storage unit 22 . Each of dividing section 201 , creating section 202 , and transmitting section 203 is implemented mainly by control section 21 . In this embodiment, an authentication application is installed in the user terminal 20, and each process of the division unit 201, the creation unit 202, and the transmission unit 203 is executed as application processing.

[Data storage part]
The data storage unit 200 stores data necessary for the user to use the authentication service. For example, the data storage unit 200 stores the user's facial photograph data, the user ID issued by the issuing unit 101, the authentication application, and the application identification ID of the authentication application. The user ID and application identification ID may be stored in data storage unit 200 as part of the authentication application.

[Division part]
The dividing unit 201 divides the data to be transmitted into a plurality of data parts. It is assumed that this division rule is defined in the authentication application. In this embodiment, the dividing unit 201 divides the user ID into individual digits. A user ID is an example of data to be transmitted, and each digit is an example of a data portion. Therefore, the description of the user ID in this embodiment can be read as data to be transmitted, and the description of individual digits can be read as data.

The transmission target data is data transmitted from the user terminal 20 to the authentication device 30 . In other words, the data to be transmitted is the data before division and the data from which the data portion is divided. The data to be transmitted may be any data as long as it corresponds to the service to which the communication system S is applied. In this embodiment, a case where a user ID, which is an example of transmission target data, is stored in the data storage unit 200 will be described. may be stored in an information storage medium. Also, authentication information other than the user ID may correspond to the transmission target data. For example, authentication information such as a password, passcode, telephone number, email address, or individual identification information of the user terminal 20 may correspond to the transmission target data.

The data part is part of the transmission target data. Each data portion is indicated by at least one numeric value or letter. The numbers “0” to “9” for representing numerical values are a kind of letters. The number of data portions may be predetermined or dynamically changed. If the number of data portions is variable, it is necessary for the authentication device 30 to recognize how many data portions are divided. shall be sent using The specifying unit 302, which will be described later, refers to this information to specify the number of data portions.

Also, the amount of information (for example, the number of digits) of each data part may be the same or different. For example, instead of all data parts being single-digit numbers as in this embodiment, some data parts are two-digit numbers and other data parts are single-digit numbers. The number of digits may differ depending on the That is, the number of digits of the user ID and the number of data portions do not have to match. If the information amount of each data portion is different, it is necessary for the authentication device 30 to recognize the information amount of the data portion included in a certain advertising packet. , advertising packets, etc.

In this embodiment, the user IDs of all users are four digits, but the user IDs may have different numbers of digits depending on the user. For example, in the present embodiment, even if the number is "67", "00" is added to make the user ID 4 digits. may be used as the user ID. In this case, only two advertising packets are required to transmit the user ID. However, since it is necessary for the authentication device 30 to recognize how many digits the user ID has, in this case, information indicating how many digits the user ID has is transmitted using an advertising packet or the like. shall be

[Creation Department]
The creating unit 202 creates each of a plurality of packets to be transmitted from the user terminal 20 to the authentication device 30 . In this embodiment, each of the plurality of packets is an advertising packet in a predetermined wireless communication standard, but communication may be performed using packets other than advertising packets. Therefore, the description of the advertising packet in this embodiment can be read as a packet of any communication standard.

For example, in this embodiment, a case where pairing is not required will be described, but the user ID may be transmitted after pairing. Create a packet. Also, for example, when another wireless communication standard such as Wi-Fi (registered trademark) is used between the user terminal 20 and the authentication device 30, the creation unit 202 creates a packet that can be transmitted according to that standard. Just create it. Further, for example, the user terminal 20 and the authentication device 30 may communicate by wire, and in this case, the creation unit 202 may create a packet that can be transmitted according to the wire communication standard.

The creation unit 202 generates a plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of at least one digit of the user ID and includes order information regarding the order of the digits in the user ID. Create each of the packets. In this embodiment, one digit of the user ID is included in one advertising packet, and the number of created advertising packets and the number of digits of the user ID match. It doesn't have to be. Also, the number of digits included in one advertising packet is not limited to four, and may be two, three, or five or more. Also, the number of digits that are redundantly included may be different for each advertising packet.

For example, for the user ID "2791", the first advertising packet includes multiple duplicates of "27", and the second advertising packet includes multiple duplicates of "91". , multiple digits of the user ID may be included in one advertising packet. In this case, the 33rd to 36th digits of the first advertising packet are like "2727", and the 33rd to 36th digits of the second advertising packet are like "9191". . Order information such as "ABAB" and "CDCD" may be stored in the 15th to 18th digits of these advertising packets. Alternatively, the 33rd to 36th digits of the first advertising packet are like "2277", and the 33rd to 36th digits of the second advertising packet are like "9911". Order information such as "AABB" or "CCDD" may be stored in the 15th to 18th digits of these advertising packets.

Also, for example, the number of digits included in one advertising packet may be different from the number of digits included in another advertising packet. For example, the first advertising packet includes multiple duplicates of only the first digit of the user ID, and the second advertising packet includes multiple duplicates of the second to fourth digits of the user ID. may be included. In this way, each advertising packet may contain at least one digit of the user ID in duplicate.

Each advertising packet may contain only one piece of order information, but in the present embodiment, the creation unit 202 creates multiple pieces of order information so that each of a plurality of advertising packets includes a plurality of overlapping pieces of order information. , create each of a plurality of advertising packets. The number of pieces of order information redundantly included in one advertising packet is not limited to four, and may be two, three, or five or more. Also, the number of duplicated order information items may be different for each advertising packet. Also, the number of pieces of order information included in one advertising packet and the number of digits of the user ID may be different. For example, one advertising packet may contain only two pieces of order information and four individual digits of the user ID.

In the present embodiment, the creation unit 202 creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of overlapping order information in succession. Continuing here means that the data area in the advertising packet is continuous. For example, order information is stored continuously in the 15th to 18th digits, and each of the four pieces of order information is stored in a continuous data area within the advertising packet. No other information such as an application identification ID exists between the order information. The four pieces of order information stored in one advertising packet may be stored separately, such as the 10th digit, the 14th digit, the 16th digit, and the 20th digit.

In this embodiment, the creation unit 202 creates each of a plurality of advertising packets such that at least one of the plurality of overlapping digits and the order information are separated by a predetermined distance or more in each of the plurality of advertising packets. . The distance here is the distance in the data area within the advertising packet. The distance can also be referred to as the number of digits or the number of characters. Part of the application identification ID exists between the user ID and the order information. In the example of FIG. 6, between the four order information in the 15th to 18th digits and the four digits in the 33rd to 36th digits, the 19th to 32nd digits There is a part of the eye application identification ID. Therefore, the order information and the digit are separated by a distance of 14 digits. Note that the order information and individual digits of the user ID may be stored consecutively.

In the present embodiment, the creating unit 202 creates each of the plurality of advertising packets such that each of the plurality of advertising packets includes a plurality of consecutively overlapping at least one data portion. The meaning of continuation is as described above. For example, individual digits of the user ID are stored consecutively in the 33rd to 36th digits, and each of the four digits is stored in consecutive data areas within the advertising packet. No other information, such as an application identification ID, exists between individual digits. It should be noted that the four digits stored in one advertising packet may be stored discretely, such as the 25th digit, the 30th digit, the 32nd digit, and the 36th digit.

In this embodiment, the creating unit 202 includes multiple duplicates of at least one digit of the user ID as part of the service UUID in the wireless communication standard, and includes order information in each of the plurality of advertising packets. Create each of a plurality of advertising packets as follows. It is assumed that the position of each digit of the user ID in the service UUID, the position of the order information, and the position of the application identification ID are determined in advance. In this embodiment, a case where one service UUID is stored in one advertising packet will be described, but due to revisions of wireless communication standards, etc., a plurality of service UUIDs may be stored in one advertising packet.

Note that the service UUID is not limited to the 128-bit type described in this embodiment, and other types may be used. Also, other UUIDs such as characteristic UUIDs may be used instead of service UUIDs. Also, data other than the UUID may be used, and individual digits of the user ID may be stored in the local name, if the specifications of a particular operating system are not taken into account. Other data than UUIDs and local names may also be used, for example.

[Transmitter]
Transmitter 203 transmits each of the plurality of packets to authentication device 30 . In this embodiment, the transmitting unit 203 transmits each of a plurality of advertising packets using wireless communication standards. Each advertising packet may be transmitted only once, but in the present embodiment, the transmitting unit 203 repeatedly transmits each of a plurality of advertising packets multiple times. Also, the transmitting unit 203 may transmit each advertising packet separately, or may transmit a plurality of advertising packets at once.

The transmitting unit 203 converts the advertising packet as digital data created by the creating unit 202 into an analog electrical signal, and transmits the advertising packet converted into the analog electrical signal to the authentication device 30 . The electric signal conversion procedure may be executed in accordance with the wireless communication standard. When another communication standard is used, the transmission unit 203 may transmit packets according to the procedure according to the communication standard used.

[3-3. Functions Realized in Authentication Device]
As shown in FIG. 7 , the authentication device 30 implements a data storage unit 300 , a reception unit 301 , an identification unit 302 , a user ID acquisition unit 303 , a biometric information acquisition unit 304 and an execution unit 305 . Data storage unit 300 is realized mainly by storage unit 32 . Each of the reception unit 301 , the identification unit 302 , the user ID acquisition unit 303 , the biometric information acquisition unit 304 , and the execution unit 305 is realized mainly by the control unit 31 .

[Data storage part]
The data storage unit 300 stores data necessary for providing authentication services. In this embodiment, not all advertising packets are scanned, but some advertising packets are scanned. Therefore, the data storage unit 300 stores scan setting data DT that defines advertising packets to be scanned. . Note that scanning in the present embodiment means validating an advertising packet, and means subjecting it to processing for acquiring a user ID.

FIG. 9 is a diagram showing a data storage example of the scan setting data DT. As shown in FIG. 9, the scan setting data DT includes information that enables identification of advertising packets to be scanned. In this embodiment, the following four conditions are defined in the scan setting data DT. (Condition 1) The service UUID must be included. (Condition 2) The application identification ID must be included in the 1st to 14th digits and the 19th to 32nd digits of the service UUID. (Condition 3) The 15th to 18th digits must be the same, and each digit must be one of "A" to "D". (Condition 4) The 33rd to 36th digits must be the same, and each digit must be one of "0" to "9".

Although the data storage example of FIG. 9 shows the scan setting data DT as data in a table format, the scan setting data DT may be data in any format. For example, the scan setting data DT may be in CSV format, text format, or formula format, or may be defined as part of the program code. Data stored in the data storage unit 300 is not limited to the scan setting data DT, and the data storage unit 300 can store arbitrary data.

[Receiver]
The receiving unit 301 receives each of multiple packets from the user terminal 20 . In this embodiment, the receiving unit 301 receives each of a plurality of advertising packets using wireless communication standards. Since individual advertising packets may be repeatedly transmitted, receiving section 301 may repeatedly receive each of a plurality of advertising packets multiple times. The receiving unit 301 receives all advertising packets for the time being, and based on the scan setting data DT, the user ID obtaining unit 303, which will be described later, scans the advertising packets to be processed. Receiving section 301 may receive a plurality of advertising packets separately, or may receive a plurality of advertising packets at once.

[Specified part]
The identifying unit 302 identifies the number of data portions. In this embodiment, the data to be transmitted is a numerical value with a predetermined number of digits, each of the plurality of data portions is individual digits included in the numerical value (four-digit numerical value indicated by the user ID), and the order information is , the number of digits in this numerical value, the specifying unit 302 specifies the number of digits (the number of digits in the user ID) as the number. In this embodiment, the four-digit user ID is divided into four numerical values, so the identification unit 302 identifies four as the number of data portions. For example, it is assumed that the number of data portions is stored in the data storage section 300 . This number may be defined as part of the program code, or may be defined as a setting value separate from the program code.

[User ID Acquisition Unit]
User ID acquisition section 303 combines a plurality of digits based on at least one of a plurality of duplicated digits included in each of the plurality of advertising packets and order information regarding the order of the digits to obtain a user ID. to get In this embodiment, the user ID acquisition unit 303 acquires the user ID based on at least one of the plurality of overlapping digits and order information included as part of the service UUID in each of the plurality of advertising packets. get. User ID acquisition section 303 identifies the order of each of the plurality of digits based on the order information included in each of the plurality of advertising packets. User ID acquisition unit 303 acquires a user ID by combining each of the plurality of digits in the specified order.

In this embodiment, each of the plurality of advertising packets includes a plurality of overlapping at least one digit in the 33rd to 36th digits of the service UUID, and in the 15th to 18th digits of the service UUID, the order Contains information. The 33rd to 36th digits of the service UUID are an example of the first data area, and the 15th to 18th digits of the service UUID are an example of the second data area. Therefore, the description of the 33rd to 36th digits of the service UUID in this embodiment can be read as the first data area, and the 15th to 18th digits of the service UUID are described. The place where the data is present can be read as the second data area.

The first data area is a predetermined area for storing individual digits of the user ID. A data area is part of an advertising packet. For example, the area from the first bit to the second bit counted from the beginning of the AD data portion of the advertising packet is the first data area. In this embodiment, the case where the size of the first data area (the size from the first bit to the second bit) is four digits will be described, but the size of the first data area is It can be of any size. The first data area may not be a continuous area, but may be an enclave-like area such as the 25th, 28th, 30th, and 34th digits of the service UUID.

The second data area is a predetermined area for storing order information. For example, the area from the 3rd bit to the 4th bit counted from the beginning of the AD data portion of the advertising packet is the second data area. In this embodiment, the case where the size of the second data area (the size from the third bit to the fourth bit) is four digits will be described, but the size of the second data area is As with the first data area, it may be of any size. The second data area, like the first data area, does not have to be a continuous area. The size of the first data area and the size of the second data area may be different.

In this embodiment, the user ID acquisition unit 303 scans for advertising packets in which the values included in the 33rd to 36th digits of the service UUID are the same, and based on the scanned advertising packets, determines the user ID. get. Based on conditions 1 and 4 defined in the scan setting data DT, the user ID acquisition unit 303 determines that all of the 33rd to 36th digits of the service UUID are the same and "0" to "9". It is determined whether it is any of The user ID acquisition unit 303 discards without scanning advertising packets for which this determination is not affirmative, and scans and processes advertising packets for which this determination is affirmative.

Note that each advertising packet may contain only one piece of order information, but in this embodiment, the user ID acquisition unit 303 obtains a plurality of duplicate order information contained in each of a plurality of advertising packets. A user ID is obtained based on at least one digit and a plurality of overlapping order information.

For example, the user ID acquisition unit 303 scans for advertising packets in which the values included in the 15th to 18th digits of the service UUID are the same, and acquires transmission target data based on the scanned advertising packets. Based on conditions 1 and 3 defined in the scan setting data DT, the user ID acquisition unit 303 determines that all of the 15th to 18th digits of the service UUID are the same and "A" to "D". It is determined whether it is any of The user ID acquisition unit 303 discards without scanning advertising packets for which this determination is not affirmative, and scans and processes advertising packets for which this determination is affirmative.

Note that the user ID digits and sequence information included in each advertising packet may be used for purposes other than scanning as described above. For example, the user ID acquisition unit 303 may acquire all user IDs for the time being when individual digits or individual order information contained in an advertising packet are different from each other. Similarly, when an advertising packet contains only one piece of order information, the user ID acquisition unit 303 first acquires all user IDs when individual digits contained in a certain advertising packet are different from each other. good too. Although the processing load on the server 10 and the authentication device 30 increases somewhat and the possibility of incorrect authentication increases somewhat, the authentication process may be executed for all user IDs.

In the present embodiment, the user ID acquisition unit 303 acquires at least one digit of the user ID and order information from each of a plurality of advertising packets until a predetermined number (the number specified by the specifying unit 302) is reached, A user ID is acquired when the predetermined number is reached. For example, the user ID acquisition unit 303 refers to the order information of the advertising packet and determines whether or not all digits have been received. When determining that all the digits have been received, the user ID acquisition unit 303 combines the individual digits received so far to acquire the user ID.

Authentication device 30 can communicate with each of a plurality of user terminals 20, and each of a plurality of advertising packets contains identification information that can identify the user terminal 20 that transmitted the advertising packet. Acquisition section 303 acquires a user ID for each user terminal 20 based on identification information included in each of a plurality of advertising packets. This identification information may be any information, such as the address of the user terminal 20 or the computer name of the user terminal 20 . In this embodiment, the access address part or the advertising address part of the format shown in FIG. 3 corresponds to the identification information.

In this embodiment, the service UUID contains an application identification ID that can identify the application, and the user ID acquisition unit 303 scans an advertising packet containing the application identification ID in the service UUID, and obtains the user ID. to get The user ID acquisition unit 303 determines whether or not the service UUID is included and the application identification ID of the authentication application is included based on conditions 1 and 2 defined in the scan setting data DT. . The user ID acquisition unit 303 discards without scanning advertising packets that do not satisfy the conditions 1 and 2, and scans and treats advertising packets that satisfy the conditions 1 and 2 as processing targets.

[Biometric Information Acquisition Unit]
The biometric information acquisition unit 304 acquires biometric information of the user. In the present embodiment, face authentication will be described as an example of biometric authentication, so the biometric information acquisition unit 304 acquires a photograph of the user's face or a feature amount of the face. In this embodiment, a photograph of the face is acquired by the biometric information acquiring unit 304, and the facial feature amount is calculated by the server 10. However, the biometric information acquiring unit 304 may calculate the facial feature amount. . The biometric information may be obtained by a method suitable for biometric authentication used in the communication system S.

[Execution part]
The executing unit 305 executes predetermined processing based on the user ID. In this embodiment, the data to be transmitted is a user ID that can identify the user of the user terminal 10, and the predetermined process is an authentication process executed based on the user ID. This is as described for the execution unit 102 . For example, the execution unit 305 executes authentication processing based on the user ID and biometric information. In this embodiment, the execution unit 102 of the server 10 determines the validity of the user ID and the similarity of the face. 10 will be processed.

[4. Processing executed in communication system]
Next, processing executed in the communication system S will be described. Here, the activation process executed when the user activates the authentication application and the authentication process for the user to pass through the security gate SG will be described. The processing described below is an example of processing executed by the functional blocks shown in FIG.

[4-1. Start process]
FIG. 10 is a flowchart illustrating an example of activation processing. The activation process shown in FIG. 10 is executed by the control units 11 and 21 operating according to the programs stored in the storage units 12 and 22, respectively. It is assumed that the user has already registered for use when the activation process is executed.

As shown in FIG. 10, the user terminal 20 determines whether or not to activate the authentication application based on the detection signal from the operation unit 24 (S100). The authentication application is activated by an arbitrary operation, for example, when an operation of selecting the authentication application from the menu screen displayed on the display unit 25 is performed.

If it is determined not to activate the authentication application (S100; N), this process ends. In this case, the user ID stored in the storage unit 22 of the user terminal 20 is not updated. On the other hand, when it is determined that the authentication application should be activated (S100; Y), the user terminal 20 activates the authentication application (S101) and transmits an authentication application activation notification to the server 10 (S102). The activation notification is a notification indicating that the authentication application has been activated. The activation notification includes information that can identify at least one of the user terminal 20, the user, and the authentication application, and includes the user ID stored in the storage unit 22 of the user terminal 20, for example.

Upon receiving the activation notification, the server 10 issues a new user ID to the user who transmitted the activation notification (S103). A new user ID is a user ID different from the current user ID. At S103, the server 10 issues a user ID based on a predetermined ID issuing rule. For example, the server 10 may issue user IDs that do not overlap with all other users, or may issue user IDs that do not overlap with other users having similar facial features. The server 10 stores the newly issued user ID in the user database DB instead of the user ID included in the activation notification.

The server 10 transmits a new user ID to the user terminal 20 (S104). When receiving the new user ID, the user terminal 20 erases the old user ID from the storage unit 22, records the new user ID in the storage unit 22 (S105), and ends this process. After that, the user terminal 20 can transmit a new user ID using the advertising packet.

[4-2. Authentication process]
FIG. 11 is a flow diagram showing an example of authentication processing. The authentication process shown in FIG. 11 is executed by control units 11, 21 and 31 operating according to programs stored in storage units 12, 22 and 32, respectively. It is assumed that usage registration has been completed before the authentication process is executed. When the activation process of FIG. 10 is executed after use registration, the authentication process described below is executed based on the new user ID after the update. The authentication process may be executed in any of a state in which the authentication application is activated, a state in which the authentication application has transitioned to background mode, or a state in which the user terminal 20 has transitioned to sleep mode.

As shown in FIG. 11, the user terminal 20 divides the user ID stored in the storage unit 22 into individual digits (S200). In S200, the user terminal 20 divides the four-digit user ID into first, second, third, and fourth digits.

The user terminal 20 creates a plurality of advertising packets so that multiple individual digits are duplicated and multiple order information is duplicated (S201). In S201, the user terminal 20 creates four advertising packets each containing four service UUIDs as described with reference to FIG. 6 for each digit divided in S200.

The user terminal 20 transmits each of a plurality of advertising packets to the authentication device 30 (S202). In S202, the user terminal 20 repeatedly transmits each of the four advertising packets created in S201. If an application other than the authentication application is installed in the user terminal 20, and if the other application also uses advertising packets, the user terminal 20 uses other advertising packets than the four advertising packets created in S201. Send a packet.

The authentication device 30 receives the advertising packet from the user terminal 20 or another computer (S203). At the time of S203, since the authentication device 30 cannot determine what data is stored in the advertising packet, it receives all the advertising packets for the time being. The authentication device 30 scans the advertising packets defined in the scan setting data among the received advertising packets, and acquires the user ID (S204).

FIG. 12 is a diagram showing details of the processing in S204. As shown in FIG. 12, the authentication device 30 refers to the AD type of the advertising packet received in S203 and determines whether or not the service UUID is stored (S2040). If it is not determined that the service UUID is stored (S2040; N), the authentication device 30 discards the advertising packet received in S203 without scanning it (S2041), and ends this process.

On the other hand, if it is determined that the service UUID is stored (S2040; Y), the authentication device 30 refers to the 1st to 14th digits and the 19th to 32nd digits of this service UUID to is stored (S2042). If it is determined that the application identification ID of the authentication application is not stored (S2042; N), the advertising packet is transmitted by an application unrelated to the authentication service, so the process proceeds to S2041 and the advertising packet is discarded. .

On the other hand, if it is determined that the application identification ID of the authentication application is stored (S2042; Y), authentication device 30 matches all the 15th to 18th digits of the service UUID and It is determined whether it is one of "D" (S2043). If it is determined that the 15th to 18th digits of the service UUID do not match, or if it is determined that the 15th to 18th digits of the service UUID are not one of "A" to "D" ( S2043; N) Since there is a possibility of being affected by noise, the process proceeds to S2041 and the advertising packet is discarded.

On the other hand, when it is determined that the 15th to 18th digits of the service UUID all match and the value is one of "A" to "D" (S2043; Y), the authentication device 30 determines that the service UUID It is determined whether the 33rd to 36th digits (lower four digits) all match and is any one of "0" to "9" (S2044). If it is determined that the last four digits of the service UUID do not match, or if it is determined that the last four digits of the service UUID are not one of "0" to "9" (S2044; N), the effect of noise Since there is a possibility that the advertising packet has been received, the processing moves to S2041 and the advertising packet is discarded.

If it is determined that the last four digits of the service UUID match and are any of "0" to "9" (S2044; Y), the authentication device 30 scans the advertising packet being processed. , the order information of the 15th to 18th digits of the service UUID and the numerical value of the lower four digits of the service UUID, the digits of the user ID are stored in the storage unit 22 (S2045). In S2045, the authentication device 30 stores in the storage unit 32 an array UserID[i] storing the digits of the user ID for each piece of identification information such as the address of the user terminal 20 stored in the scanned advertising packet. i is the order of the digits and is any of "1" to "4". Each element of this array is a digit stored in a received advertising packet. In S2045, authentication device 30 converts any of "A" to "D" indicated by the order information into any of "1" to "4" and stores the received digits in an array.

The authentication device 30 determines whether or not acquisition of the user ID has been completed (S2046). In S2046, authentication device 30 determines whether digits are stored in all four elements of the array. When it is determined that digits are stored in all four elements, the authentication device 30 acquires the user ID by combining the numerical values of each element, and determines that the acquisition of the user ID has been completed.

If it is determined that the acquisition of the user ID has not been completed (S2046; N), the process returns to S203 to continue receiving advertising packets. On the other hand, if it is determined that acquisition of the user ID has been completed (S2046; Y), returning to FIG. 11, the authentication device 30 acquires a photograph of the face based on the detection signal from the photographing section 36 (S205). The authentication device 30 transmits to the server 10 an authentication request including the user ID determined to have been acquired in S204 and the facial photograph acquired in S205 (S206). An authentication request is a predetermined request for requesting execution of authentication processing.

Upon receiving the authentication request, the server 10 performs ID authentication and face authentication based on the user database DB (S207). In S207, the server 10 determines whether or not the user ID included in the authentication request exists in the user database DB. If the user ID exists, the server 10 calculates facial features based on the photograph of the face included in the authentication request. The server 10 calculates the distance between the facial feature amount associated with the user ID in the user database DB and the facial feature amount calculated from the facial photograph included in the authentication request. If this distance is less than the threshold, face recognition is successful. If this distance is greater than or equal to the threshold, face recognition fails.

If the authentication fails (S207; failure), the server 10 transmits an error message to the authentication device 30 (S208), and ends this process. In this case, an error message is displayed on the display unit 35 of the authentication device 30 to notify the user that the authentication was not successful.

On the other hand, if the authentication has succeeded (S207; success), the server 10 transmits a success notification indicating that the authentication has succeeded to the authentication device 30 (S209). In the authentication device 30, upon receiving the notification of success, the control unit 31 of the authentication device 30 unlocks the security gate SG (S210), and this processing ends. Thereafter, a message indicating that the authentication was successful is displayed on the display unit 35 of the authentication device 30, and the user passes through the security gate SG.

According to the communication system S of the present embodiment, the user terminal 20 creates each of a plurality of advertising packets so that at least one digit of the user ID overlaps and includes a plurality of digits, and order information is included. and send. Authentication device 30 acquires a user ID by combining multiple digits based on at least one of multiple multiple digits and sequence information included in each of multiple advertising packets, and performs predetermined processing. to run. As a result, even if the advertising packet is affected by noise, it is possible to transmit the correct user ID and to cope with the influence of noise. Authentication accuracy can also be improved by transmitting an accurate user ID. Also, if the number of digits included in each advertising packet is too small, it is likely to be affected by noise. By including the number in the advertising packet, it is possible to reduce the influence of noise and distinguish between the authentication application and other applications. In addition, by including the order information in each advertising packet, the authentication device 30 can accurately grasp the order of each digit even if the digits of the user ID are divided and received.

In addition, the communication system S scans for advertising packets in which the values contained in the 33rd to 36th digits of the service UUID are the same, and acquires the user ID based on the scanned advertising packets. The number of advertising packets to be scanned can be reduced, and the processing load on the authentication device 30 can be reduced. Furthermore, the authentication device 30 can be caused to scan all types of advertising packets determined as scanning targets, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably obtained.

Further, the communication system S obtains a user ID based on a plurality of duplicated at least one digit and a plurality of duplicated order information contained in each of the plurality of advertising packets, thereby performing authentication. It is possible to further increase the certainty of causing the device 30 to acquire the user ID.

Further, the communication system S scans advertising packets in which the values contained in the 15th to 18th digits of the service UUID are the same, and acquires the user ID based on the scanned advertising packets, The number of advertising packets to be scanned can be reduced, and the processing load on the authentication device 30 can be reduced. Furthermore, the authentication device 30 can be caused to scan all types of advertising packets determined as scanning targets, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably obtained.

In addition, the communication system S creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of overlapping order information in succession. A plurality of order information can be obtained by referring to the area. Therefore, the process of acquiring the order information can be simplified and the processing load of the authentication device 30 can be reduced as compared with the case where a plurality of pieces of order information are stored in separate areas.

In addition, the communication system S creates each of a plurality of advertising packets such that at least one of the plurality of overlapping digits and the order information are separated by a predetermined distance or more in each of the plurality of advertising packets, It becomes easier to deal with the influence of noise. For example, if service UUIDs within a certain range are received at the same time, other electrical signals that do not have a large difference in electrical signals may be received as noise. (In the example of FIG. 6, by inserting the 19th to 32nd digits of the application identification ID between them), the difference between the electrical signals becomes large, and noise is less likely to occur.

In addition, the communication system S creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of consecutively overlapping at least one digit, thereby enabling the authentication device 30 to Multiple digits can be obtained by referencing consecutive areas. Therefore, compared to the case where a plurality of digits are stored in separate areas, the process of obtaining a plurality of digits can be simplified, and the processing load on the authentication device 30 can be reduced.

In addition, the communication system S acquires at least one digit and order information from each of the plurality of advertising packets until a predetermined number is reached, and acquires a user ID when the predetermined number is reached, thereby performing authentication. It is possible to further increase the certainty of causing the device 30 to acquire the user ID.

Further, the communication system S specifies the number of digits of the entire user ID, and repeats the processing for acquiring the user ID until the specified number of digits is reached. can be enhanced.

In addition, the communication system S acquires a user ID for each user terminal 20 based on identification information such as the address of the user terminal 20 included in each of a plurality of advertising packets, thereby enabling a plurality of user terminals around the authentication device 30. user terminal 20, the user ID of each user terminal 20 can be reliably acquired.

Also, the communication system S acquires a user ID based on at least one digit of a plurality of duplicates and sequence information included as part of the service UUID in each of the plurality of advertising packets, It is possible to further increase the certainty of causing the authentication device 30 to acquire the user ID. For example, even if the operating system is such that the local name disappears when the authentication application transitions to background mode, individual digits of the user ID can be transmitted even in such cases by using the service UUID. , the authentication device 30 can reliably acquire the user ID.

Further, the communication system S scans advertising packets in which the application identification ID is included in the service UUID and obtains the user ID, thereby reducing the number of advertising packets to be scanned and reducing the processing load of the authentication device 30. . Furthermore, the authentication device 30 can be caused to scan all types of advertising packets determined as scanning targets, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably obtained.

Further, the communication system S can cope with noise in the authentication service by executing the authentication process based on the user ID.

Further, the communication system S can cope with noise in an authentication service that provides two-step authentication by executing authentication processing based on the user ID and biometric information.

[5. Modification]
Note that the present disclosure is not limited to the embodiments described above. Modifications can be made as appropriate without departing from the gist of the present disclosure.

(1) For example, in the embodiment, the scene where the user passes through the security gate SG was taken as an example, but even if the communication system S is applied to the authentication service, it can be applied to authentication in any other scene. It is possible. For example, it can be applied to authentication when a user purchases a product or uses a service. In this case, for example, the authentication device 30 is a vending machine, a ticket vending machine, a POS terminal, or a payment terminal in a store. If authentication succeeds, settlement processing is executed, and the user can purchase products or use services.

In modification (1), payment information may be registered in the user database DB, and the execution unit 102 may execute payment processing based on the user's payment information when authentication of a certain user is successful. . The payment information referred to during payment processing is payment information associated with a successfully authenticated user.

Payment information is information necessary for payment, such as credit card information, electronic value (e.g., electronic money or point) account information, virtual currency account information, bank account information, or debit card information. is. Settlement information is registered at the time of user registration or the like, and for example, settlement information is stored in a user database DB in association with a user account. Note that the payment information may be stored in a database different from the user database DB.

The execution unit 102 does not execute payment processing if either ID authentication or face authentication fails, and executes payment processing if ID authentication and face authentication succeed. When the settlement process is executed, a message to that effect is displayed on the display unit 35 of the authentication device 30 or a terminal in the store, and the user receives the product or uses the service. In addition, for example, the communication system S can be used for arbitrary authentication such as authentication in user behavior analysis, authentication when entering an event, authentication when entering an examination hall, or authentication when voting in an election or the like.

(2) Also, for example, the communication system S can be used for services other than the authentication service. For example, the communication system S may be applied to a distribution service for distributing coupons. In this case, the communication system S includes a distribution device for distributing coupons, the distribution device corresponds to the transmission device, and the user terminal 20 corresponds to the reception device. The data to be transmitted is a coupon ID that can identify the coupon, and the distribution device divides the coupon ID into individual digits, stores them in an advertising packet together with order information, and transmits them. The user terminal 20 receives the advertising packet containing the individual digits and order information and acquires the coupon ID. The user terminal 20 transmits the acquired coupon ID to the server 10, and the user acquires the coupon.

(3) For example, the communication system S may not include the server 10 . In this case, the authentication device 30 may execute the authentication processing described as being executed by the server 10 . Further, for example, the communication system S may not include the authentication device 30, and the server 10 may correspond to the receiving device. In this case, a plurality of advertising packets are transmitted from the user terminal 20 to the server 10 using wireless communication or wired communication. The server 10 may execute the user ID acquisition processing described as being executed by the authentication device 30 .

S communication system, N network, 10 server, 20 user terminal, 30 authentication device, 11, 21, 31 control unit, 12, 22, 32 storage unit, 13, 23, 33 communication unit, 24, 34 operation unit, 25, 35 display unit 26, 36 imaging unit DB user database DT scan setting data SG security gate 100 data storage unit 101 issuing unit 102 execution unit 200 data storage unit 201 division unit 202
Creation unit 203 Transmission unit 300 Data storage unit 301 Reception unit 302 Identification unit 303 User ID acquisition unit 304 Biometric information acquisition unit 305 Execution unit.

Claims (15)

An authentication system including a transmitting device and a receiving device,
The transmitting device
a dividing means for dividing the authentication information of the user of the transmitting device into a plurality of data portions;
the plurality of packets so that each of the plurality of packets includes a plurality of overlapping at least one of the data portions and a plurality of overlapping order information regarding the order of the data portions in the authentication information; creating means for creating each of the packets;
transmitting means for transmitting each of the plurality of packets to the receiving device;
including
The receiving device
receiving means for receiving each of the plurality of packets from the transmitting device;
based on the plurality of duplicated at least one data portions and the plurality of duplicated order information included in each of the plurality of packets, combining the plurality of data portions to generate the authentication information; an acquisition means for acquiring;
execution means for executing authentication processing based on the authentication information;
Authentication system including. each of the plurality of packets includes a plurality of duplicates of the at least one data part in a first data area, and the order information in a second data area;
The acquisition means scans packets determined to have the same value contained in the first data area, and acquires the authentication information based on the scanned packets.
The authentication system according to claim 1. each of the plurality of packets includes a plurality of duplicates of the at least one data part in a first data area, and a plurality of duplicates of the order information in a second data area;
The acquisition means scans packets determined to have the same values contained in the second data area, and acquires the authentication information based on the scanned packets.
The authentication system according to claim 1 or 2. The creation means creates each of the plurality of packets such that each of the plurality of packets includes a plurality of the order information in succession in an overlapping manner.
An authentication system according to any one of claims 1 to 3. The creating means creates each of the plurality of packets such that the plurality of at least one data portion and the order information are separated from each other by a predetermined distance or more in each of the plurality of packets.
An authentication system according to any one of claims 1 to 4. The creation means creates each of the plurality of packets such that each of the plurality of packets includes a plurality of the at least one data portion that overlap and are consecutively included.
An authentication system according to any one of claims 1 to 5. The receiving device further includes specifying means for specifying the number of the data portions,
The acquiring means acquires the at least one data portion and the order information from each of the plurality of packets until the number is reached, and acquires the authentication information when the number is reached.
The authentication system according to any one of claims 1-6. The receiving device is capable of communicating with each of the plurality of transmitting devices,
each of the plurality of packets includes identification information that can identify the transmitting device that transmitted the packet;
the acquiring means acquires the authentication information for each of the transmitting devices based on the identification information included in each of the plurality of packets;
An authentication system according to any one of claims 1 to 7. The authentication information is a user ID that can identify the user,
The authentication process is performed based on the user ID,
The authentication system according to any one of claims 1-8. The receiving device further includes biometric information acquisition means for acquiring biometric information of the user as the authentication information,
the execution means executes the authentication process based on the biometric information;
The authentication system according to any one of claims 1-9. a dividing means for dividing a user's authentication information into a plurality of data portions;
the plurality of packets so that each of the plurality of packets includes a plurality of overlapping at least one of the data portions and a plurality of overlapping order information regarding the order of the data portions in the authentication information; creating means for creating each of the packets;
transmitting means for transmitting each of the plurality of packets to a receiving device;
a transmitting device containing receiving means for receiving each of the plurality of packets from the transmitting device;
based on at least one of a plurality of duplicated data portions included in each of the plurality of packets and a plurality of duplicated pieces of order information relating to the order of the data portions; obtaining means for combining the data portions to obtain authentication information for the user of the sending device;
execution means for executing authentication processing based on the authentication information;
receiving device, including a splitting step of splitting the authentication information of the user of the sending device into a plurality of data portions;
the plurality of packets so that each of the plurality of packets includes a plurality of overlapping at least one of the data portions and a plurality of overlapping order information regarding the order of the data portions in the authentication information; a creating step of creating each of the packets;
a transmitting step of transmitting each of the plurality of packets to a receiving device;
a receiving step of receiving each of the plurality of packets from a transmitting device;
based on the plurality of duplicated at least one data portions and the plurality of duplicated order information included in each of the plurality of packets, combining the plurality of data portions to generate the authentication information; an obtaining step to obtain;
an execution step of performing an authentication process based on the authentication information;
Authentication methods, including dividing means for dividing the user's authentication information into a plurality of data portions;
the plurality of packets so that each of the plurality of packets includes a plurality of overlapping at least one of the data portions and a plurality of overlapping order information regarding the order of the data portions in the authentication information; creating means for creating each of the packets;
transmitting means for transmitting each of the plurality of packets to a receiving device;
A program that allows a computer to function as a receiving means for receiving each of the plurality of packets from the transmitting device;
based on at least one of a plurality of duplicated data portions included in each of the plurality of packets and a plurality of duplicated pieces of order information relating to the order of the data portions; obtaining means for combining the data portions to obtain the authentication information of the user of the transmitting device;
execution means for executing authentication processing based on the authentication information;
A program that allows a computer to function as a

Images