JP2024049750A - Authentication device, authentication method, and program for authentication method - Google Patents

Abstract

[Problem] To obtain an authentication device or the like that can perform authentication processing with higher security even when using general earphones, etc. [Solution] An authentication device that authenticates authority for a device, comprising a communication device 120 that performs wireless communication with earphones 200, and a control processing device 110 that performs processing related to authentication, the control processing device 110 having an earphone confirmation processing unit 111 that performs processing to confirm the presence or absence of earphones 200, a password generation processing unit 112 that generates a password, a voice generation processing unit 113 that generates voice based on the password and transmits it to the communication device, and an authentication processing unit 114 that acquires a character string and performs authentication based on the character string and the password. [Selected Figure] Figure 1

Description

This technology relates to an authentication device, authentication method, and authentication method program that authenticates the authority of a device. In particular, it relates to authentication using earphones.

An authentication device is a device that performs authentication-related processes to determine whether or not a person has the authority (qualification) to use and operate a target device. For example, in the case of a terminal device such as a smartphone, the terminal device performs authentication processes related to personal authentication to recognize that a person attempting to operate the terminal device is the person in possession of the terminal device (owner) and to permit use and operation. In this case, the terminal device is the target object, and has the function of an authentication device that performs personal authentication.

A typical method for authenticating an individual (hereafter simply referred to as authentication) is, for example, to use a password. The terminal device acting as the authentication device performs an authentication process in which it compares a character string entered by a person attempting to operate the terminal device with a preset password to determine whether they match. However, passwords can be deciphered depending on the combination of characters, and so do not provide high safety (security). For this reason, authentication devices have been proposed that use special earphones capable of acquiring electrocardiogram information to perform authentication based on biometric information (biometric authentication) (for example, see Patent Document 1).

JP 2017-38766 A

However, authentication devices such as those described in Patent Document 1 require special earphones that can acquire biometric information, and authentication cannot be performed using commonly available earphones.

Therefore, there has been a demand for an authentication device that can perform more secure authentication processing even when using ordinary earphones, etc.

The disclosed authentication device is an authentication device that authenticates authority for a device, and includes a communication device that performs wireless communication with earphones, and a control processing device that performs processing related to authentication. The control processing device has an earphone confirmation processing unit that performs processing to confirm the presence or absence of earphones, a password generation processing unit that generates a password, a voice generation processing unit that generates voice based on the password and transmits it to the communication device, and an authentication processing unit that obtains a character string and performs authentication based on the character string and the password.

The disclosed authentication method is an authentication method for authenticating authority over a device, and includes an earphone confirmation step for determining the presence or absence of earphones that emit sound and performing authentication, a password generation step for generating a password, a sound generation step for generating sound based on the password and transmitting the sound to a communication device that wirelessly communicates with the earphones, and an authentication processing step for performing authentication based on the character string and the password when a character string is obtained.

The disclosed authentication method program is a program for authenticating authority over a device, and causes a computer to perform an earphone confirmation process for determining the presence or absence of earphones that emit sound and performing authentication, a password generation process for generating a password, a sound generation process for generating sound based on the password and transmitting the sound to a communication device that wirelessly communicates with the earphones, and an authentication processing process for performing authentication based on the character string and the password when a character string is obtained.

According to the disclosed authentication device, authentication is performed based on the presence or absence of earphones and communication via the earphones. Therefore, even when authentication is performed using ordinary earphones, it is possible to perform authentication processing with a higher level of security.

1 is a diagram showing an example of the configuration of an authentication system centered around a terminal device 100 according to a first embodiment. FIG. 4 is a diagram illustrating a process flow in authentication according to the first embodiment. FIG. 11 is a diagram showing a configuration example of an authentication system centered around a terminal device 100 according to a second embodiment. FIG. 11 is a diagram illustrating a process flow in authentication according to the second embodiment.

Below, the authentication device and the like according to the embodiment will be described with reference to the drawings. In the following drawings, the same reference numerals are used to denote the same or equivalent parts, and are common throughout the embodiments described below. In addition, the size relationship between the components in the drawings may differ from the actual relationship. The forms of the components shown in the entire specification are merely examples, and are not limited to the forms described in the specification. It may not be necessary to include all of the devices described in the specification. In particular, the combination of the components is not limited to the combinations in each embodiment, and the components described in other embodiments may be applied to other embodiments. In addition, when multiple similar devices are distinguished by subscripts, etc., and there is no need to distinguish or identify them, the reference numerals, subscripts, etc. may be omitted.

Embodiment 1.
FIG. 1 is a diagram showing an example of the configuration of an authentication system centered on a terminal device 100 according to the first embodiment. The authentication system in FIG. 1 has a configuration including a terminal device 100 and an earphone 200. The earphone 200 is a device that is worn in the ear and converts a signal including voice data sent from the terminal device 100 into sound waves such as voice. Here, the earphone 200 includes, for example, a headphone or a bone conduction earphone. In addition, a signal including password voice data in which a password is voiced is sent to the earphone 200 by wireless communication from the terminal device 100, which is an authentication device in this embodiment. The communication standard of the wireless communication is not particularly limited. For example, communication can be performed using a short-range wireless communication standard such as Bluetooth (registered trademark). Here, the terminal device 100 and the earphone 200 are paired in advance according to the Bluetooth (registered trademark) standard, and one-to-one communication by wireless signals is possible by performing a process of establishing a communication connection. Here, the earphone 200 is an element of ownership information in the authentication related to the terminal device 100.

The terminal device 100 is, for example, a device such as a smartphone, tablet, or computer. When the terminal device 100 is turned on, the terminal device 100 performs authentication to determine whether or not a person attempting to operate the device has the authority to operate the device. The terminal device 100 is an authentication device, and is also a device for which operation is permitted through authentication. Here, the terminal device 100 includes a control processing device 110, a communication device 120, an imaging device 130, an input device 140, a display device 150, a sound collection device 160, and a storage device 170.

The communication device 120 is an interface device that performs signal conversion and the like when communicating signals including data between the control processing device 110 of the terminal device 100 and an external device. Here, the communication device 120 in particular sends a signal including audio data from the control processing device 110 to the earphone 200 via short-range wireless communication. The imaging device 130 is a device that captures an image of a subject and sends an image signal including image data related to the image to the control processing device 110. Here, the imaging device 130 is in particular a device that obtains an image for the control processing device 110 to determine whether the earphone 200 is present or not. Note that the imaging device 130 is preferably an in-camera provided on a smartphone or the like in order to capture an image showing the face of a person wearing the earphone 200 and operating the device to be authenticated.

The input device 140 is a device that sends input signals including input data such as operation instructions and characters input by a person who is trying to be authenticated for the terminal device 100 to the control processing device 110. Here, the input data is particularly a character string data indicating a password including letters, numbers, symbols, etc. The input device 140 has, for example, a keyboard or a touch panel. Here, the input device 140 has a touch panel. The display device 150 is a device such as a display or monitor that displays operation contents, etc. based on a display signal from the control processing device 110. The sound collection device 160 such as a microphone converts sounds such as voices emitted by a person who is trying to be authenticated for the terminal device 100 into signals including voice input data and sends them to the control processing device 110.

The storage device 170 stores data used by the control processing device 110 when performing processing. Here, it stores password data in which the character string of a preset login password and the character string of a one-time password generated by the control processing device 110 are data. The storage device 170 also stores programs executed by the control processing device 110. Here, the storage device 170 has a volatile storage device (not shown) such as a random access memory (RAM) that can temporarily store data, and a non-volatile auxiliary storage device (not shown) such as a flash memory that can store data for the long term. The storage device 170 may also be mounted within the control processing device 110.

The control processing device 110 controls various devices provided in the terminal device 100 and performs processes such as controlling the entire terminal device 100. Here, it determines whether a person who wishes to be authenticated for the terminal device 100 is the owner of the terminal device 100, and performs authentication for the operation of the terminal device 100. For this reason, the control processing device 110 in the first embodiment has, in particular, an earphone confirmation processing unit 111, a password generation processing unit 112, a voice generation processing unit 113, and an authentication processing unit 114, and performs various processing steps. The earphone confirmation processing unit 111 performs an earphone confirmation step of confirming the presence or absence of the earphone 200 within a predetermined range of the terminal device 100. The earphone confirmation processing unit 111 in the first embodiment determines the presence or absence of the earphone 200 based on the establishment of a wireless communication connection with the earphone 200 by the communication device 120 and the image data captured by the imaging device 130, and performs confirmation and authentication of the earphone 200. For this reason, the earphone confirmation processing unit 111 has a communication confirmation unit 111A and an image confirmation unit 111B. The presence or absence of the earphones 200 can be confirmed simply by establishing a wireless communication connection by the communication confirmation unit 111A. However, the communication distance between the terminal device 100 and the earphones 200 is longer than the distance between the person attempting to be authenticated by the terminal device 100 and the terminal device 100. Therefore, in the terminal device 100, the earphone confirmation processing unit 111 also confirms the presence of the earphones 200 based on an image, thereby enhancing safety.

When the earphone verification processing unit 111 determines that the earphone 200 has been photographed, the password generation processing unit 112 performs a password generation process to generate a one-time password that can be used temporarily. Then, the password generation processing unit 112 stores password data, which is data of a character string indicating the one-time password, in the storage device 170. The voice generation processing unit 113 performs a voice generation process to generate voice data by vocalizing the one-time password generated by the password generation processing unit 112 based on the password data. Then, the voice generation processing unit 113 causes a signal including the voice data to be transmitted to the communication device 120.

The authentication processing unit 114 in the first embodiment performs an authentication processing step in which it determines whether the set password and one-time password indicated by the password data stored in the storage device 170 match the character string indicated by the input data acquired by the signal sent from the input device 140, and performs authentication based on the determination. For this reason, the authentication processing unit 114 has a character string processing unit 114A. Here, the authentication processing unit 114 is described as permitting operation of the terminal device 100 through authentication.

The control processing device 110 is assumed to be configured, for example, with a microcomputer having a control arithmetic processing device such as a CPU (Central Processing Unit). The control processing device 110 executes processing based on the programs stored in the storage device 170, and realizes the processing performed by each part of the control processing device 110.

2 is a diagram for explaining the flow of processing in authentication according to the first embodiment. Here, the processing is explained as being performed by the control processing device 110 of the terminal device 100 and each unit of the control processing device 110. For example, when the power supply (not shown) of the terminal device 100 is turned on, the control processing device 110 sends a display signal to the display device 150 to display a message prompting the user to enter a set password, and prompts the user who wishes to be authenticated for the terminal device 100 to enter the set password. When the authentication processing unit 114 determines that the input character string matches the set password stored in the storage device 170 as password data, the control processing device 110 causes the communication device 120 to establish wireless communication with the earphone 200. At this time, the device name of the earphone 200 may be stored in the storage device 170 of the terminal device 100 in advance, and the control processing device 110 may acquire the device name of the earphone 200 connected by Bluetooth (registered trademark), compare it with the device name of the registered earphone 200, and if they match, establish wireless communication with the registered earphone 200.

The earphone confirmation processing unit 111 of the control processing device 110 determines whether a wireless communication connection with the earphone 200 has been established (step S1). If the earphone confirmation processing unit 111 determines that a wireless communication connection has not been established because, for example, the earphone 200 is powered off, it sends a display signal indicating authentication failure to the display device 150 to display the same (step S9), and ends the authentication process.

Furthermore, when the earphone confirmation processing unit 111 determines that a wireless communication connection has been established, it causes the imaging device 130 to capture an image and send a signal including image data related to the image. The earphone confirmation processing unit 111 determines whether the earphone 200 is included in the image based on the image data in the signal (step S2). When the earphone confirmation processing unit 111 determines that the earphone 200 is not included in the image, it sends a display signal indicating authentication failure to the display device 150 to display the same (step S9), and ends the authentication process. Here, the earphone confirmation processing unit 111 may determine whether the earphone 200 is attached to the ear of the person who is to be authenticated.

On the other hand, if the earphone confirmation processing unit 111 determines that the earphone 200 has been photographed, the password generation processing unit 112 of the control processing device 110 generates a one-time password and stores the password data in the storage device 170 (step S3).

The voice generation processing unit 113 of the control processing device 110 generates voice data based on the one-time password generated by the password generation processing unit 112. The voice generation processing unit 113 then causes a signal including the voice data to be transmitted to the communication device 120 (step S4). The communication device 120 transmits the signal to the earphones 200. The earphones 200 convert the voice data included in the signal into voice, and notify the person attempting to be authenticated for the terminal device 100 of the one-time password.

Meanwhile, the authentication processing unit 114 of the control processing device 110 sends a display signal to the display device 150, causing it to display a message prompting the user to enter the one-time password sent by voice (step S5). The authentication processing unit 114 also waits for input data indicating the password to be entered for a predetermined set time (step S6). If the authentication processing unit 114 determines that no input data has been entered based on a signal from the input device 140 within the set time, it sends a display signal to the display device 150 to display an indication of authentication failure (step S9), and ends the authentication process.

When the authentication processing unit 114 determines based on a signal from the input device 140 that input data has been input within the set time, it determines whether the character string indicated by the input data matches the password data of the one-time password stored in the storage device 170 (step S7). When the authentication processing unit 114 determines that the character string does not match the password data, it sends a display signal indicating authentication failure to the display device 150 to display the same (step S9), and ends the authentication process.

On the other hand, if the authentication processing unit 114 determines that the character string and the password data match, it sends a display signal related to the operation screen to the display device 150 to display it, permits operation of the terminal device 100 (step S8), and ends the authentication process.

As described above, in the first embodiment, when the terminal device 100, which is an authentication device, performs authentication processing, the control processing device 110 of the terminal device 100 establishes a one-to-one wireless communication connection with the earphone 200 and generates voice data of a one-time password. Then, the control processing device 110 causes the earphone 200 to transmit a signal including voice data related to the password to the communication device 120. When the control processing device 110 determines that the one-time password has been input via the input device 140 within a set time, it permits the operation of the terminal device 100. Therefore, the terminal device 100 according to the first embodiment can perform multi-factor authentication using two factors, namely, knowledge information based on a preset password or the like, and ownership information based on the earphone 200 that is communicatively connected to the terminal device 100 as well as the terminal device 100. Therefore, the security of the terminal device 100 can be enhanced. At this time, in the authentication device of the first embodiment, even if the earphone 200 is a general one capable of wireless communication, authentication based on ownership information can be realized. In the authentication device of embodiment 1, a one-time password is generated and output if the earphone 200 is captured in an image, making it possible to perform authentication with even higher security even when using ordinary earphones.

Here, in the above description, the state of the earphone 200 in the image captured by the imaging device 130 was not mentioned in particular. In principle, it is better for the person who is going to be authenticated for the terminal device 100 to be in a state where he or she can hear the password from the earphone 200. Therefore, for example, the earphone confirmation processing unit 111 may determine that the earphone 200 is captured (the earphone 200 is present) when the earphone 200 is attached to a person's ear in the image in the image data. By determining that the earphone 200 is present when the earphone 200 is attached to a person's ear, it is possible to prevent a person who is going to operate the terminal device 100 from missing the password when the password is issued by sound from the earphone 200. Here, when determining whether the earphone 200 is attached, it is also possible to perform face authentication by capturing the face of the person who is going to be authenticated in the image captured by the imaging device 130. However, there are cases where authentication is required when wearing a mask, which is inconvenient. In addition, there is a disadvantage in that there is a high risk of information leakage when data related to the face is stored. In this regard, the authentication device of embodiment 1 only requires that the earphones 200 be confirmed as being attached, making it easy and safe against information leaks.

Embodiment 2.
In the above-described first embodiment, the control processing device 110 performed the authentication process based on the password input from the input device 140. In the second embodiment, the control processing device 110 performs a voice analysis process based on the voice of the password uttered by the person who wishes to be authenticated for the terminal device 100, which is included in the sound received by the sound collection device 160, and performs the authentication process.

Figure 3 is a diagram showing an example of the configuration of an authentication system centered around a terminal device 100 according to embodiment 2. In Figure 3, devices and the like that are given the same reference numerals as those in Figure 1 and that are not specifically described perform the same operations as those described in embodiment 1.

The control processing device 110 of the terminal device 100 in FIG. 3 has a voice analysis processing unit 115. The voice analysis processing unit 115 performs voice analysis processing based on a signal including voice input data from the sound collection device 160, and generates character string and voiceprint data. A voiceprint represents the characteristics of a person's voice, for example, by frequency.

Furthermore, the authentication processing unit 114 in the second embodiment performs authentication processing based on the character string and voiceprint data acquired from the voice analysis processing unit 115. For this reason, the authentication processing unit 114 in the second embodiment has a voiceprint processing unit 114B in addition to the character string processing unit 114A. The voiceprint processing unit 114B compares the voiceprint data with registered voiceprint data, determines whether there is a match, and performs authentication based on the determination. Here, the voiceprint is an element of biometric information in authentication related to the terminal device 100. The registered voiceprint data is voiceprint data registered in advance by the owner of the terminal device 100, and is stored in the storage device 170. Here, in the comparison between the voiceprint and the registered voiceprint data, a match is not limited to a perfect match, but also includes cases where it can be considered that there is a match.

Figure 4 is a diagram illustrating the flow of processing in authentication according to embodiment 2. In Figure 4, the processing from step S11 to step S15 is the same as the processing from step S1 to step S5 described in embodiment 1. Furthermore, the processing of step S21 is the same as the processing of step S9 described in embodiment 1.

The voice analysis processing unit 115 of the control processing device 110 waits for a signal including voice input data for a predetermined set time (step S16). If the voice analysis processing unit 115 determines that no signal has been input from the sound collection device 160 within the set time, it sends a display signal indicating authentication failure to the display device 150 to display the same (step S21), and ends the authentication process.

When the voice analysis processing unit 115 determines that a sound has been input within the set time based on the signal from the sound collection device 160, it executes a voice analysis process (step S17). The voice analysis processing unit 115 performs the voice analysis process and generates character string and voiceprint data from the sound from the sound collection device 160.

Then, the authentication processing unit 114 judges whether the character string obtained from the voice analysis process matches the password data stored in the storage device 170 (step S18). If the authentication processing unit 114 judges that the character string does not match the password data, it sends a display signal indicating that authentication has failed to the display device 150 (step S21), and ends the authentication process.

If the authentication processing unit 114 determines that the character string matches the password data, it then determines whether the voiceprint matches the registered voiceprint data (step S19). If the authentication processing unit 114 determines that the voiceprint does not match the registered voiceprint data, it sends a display signal to the display device 150 to display an indication of authentication failure (step S21), and ends the authentication process.

On the other hand, if the authentication processing unit 114 determines that the voiceprint matches the registered voiceprint data, it sends a display signal related to the operation screen to the display device 150 to display it, permits operation of the terminal device 100 (step S20), and ends the authentication process.

As described above, according to the authentication device of the second embodiment, when the terminal device 100, which is the authentication device, performs authentication processing, the control processing device 110 sends a signal including voice data related to the one-time password to the earphone 200 capable of one-to-one communication. Then, the voice analysis processing unit 115 converts the voice input data related to the sound from the sound collection device 160 into character string and voiceprint data. If the authentication processing unit 114 determines that the one-time password is correct based on the character string and that the person is the owner of the terminal device 100 based on the voiceprint, it allows the operation of the terminal device 100. Therefore, the terminal device 100 according to the second embodiment can perform multi-factor authentication based on three factors, namely, knowledge information based on the password and ownership information based on the earphone 200, as well as biometric information based on the voiceprint. Therefore, it is possible to authenticate the owner of the terminal device 100 not only based on the ownership of the earphone 200 but also based on the voiceprint, and the security of the terminal device 100 can be further enhanced.

Embodiment 3.
In the above-mentioned first and second embodiments, the one-time password has been described assuming a random character string composed of alphanumeric characters, but is not limited to this. For example, in the case where the password is input by voice, as in the terminal device 100 of the second embodiment, the character string of the one-time password may be composed as a sentence. By making the character string of the one-time password a sentence, the security of the authentication is increased, and by allowing it to blend into everyday conversation, it is possible to perform natural authentication without third parties realizing that it is a password.

In addition, the earphone confirmation processing unit 111 determines whether the earphone 200 is present or not based on image data captured by the imaging device 130, but this is not limited to the above. For example, the earphone confirmation processing unit 111 may confirm that the earphone 200 is placed in the person's ear based on a signal from the earphone 200 that is equipped with a sensor that detects the placement and removal of the earphone 200 in the person's ear.

The terminal device 100 in the first and second embodiments described above is an authentication device and is also a device that is subject to permission for operation, etc., through authentication, but the authentication device and the device that is operated, etc., through authentication may be separate entities.

REFERENCE SIGNS LIST 100 Terminal device 110 Control processing device 111 Earphone confirmation processing unit 111A Communication confirmation unit 111B Image confirmation unit 112 Password generation processing unit 113 Voice generation processing unit 114 Authentication processing unit 114A Character string processing unit 114B Voiceprint processing unit 115 Voice analysis processing unit 120 Communication device 130 Imaging device 140 Input device 150 Display device 160 Sound collection device 170 Storage device 200 Earphone

Claims (9)

An authentication device for authenticating authority over a device, comprising:
A communication device that wirelessly communicates with the earphones;
a control processing device that processes the authentication,
The control processing device includes:
an earphone confirmation processing unit that performs processing to confirm the presence or absence of the earphone;
a password generation processing unit that generates a password;
a voice generation processing unit that generates a voice based on the password and transmits the voice to the communication device;
An authentication device having an authentication processing unit that acquires a character string and performs authentication based on the character string and the password. Equipped with a sound collector that converts sound into a signal,
the control processing device has a voice analysis processing unit that analyzes the sound from the sound collection device and generates data of the character string and voiceprint;
2. The authentication device according to claim 1, wherein the authentication processing unit performs authentication based on the character string generated by the voice analysis processing unit and the password, and performs authentication based on the voiceprint generated by the voice analysis processing unit. An input device for inputting characters,
The authentication device according to claim 1 , wherein the authentication processing unit acquires the character string input to the input device. An imaging device for creating an image related to imaging,
The authentication device according to claim 1 , wherein the earphone confirmation processing unit confirms that the earphone is present when it determines that the earphone is included in the image. The authentication device according to claim 4, wherein the earphone confirmation processing unit confirms that the earphone is present when it determines, based on the image, that the earphone is attached to the person's ear. The authentication device according to claim 1 or 2, wherein the earphone confirmation processing unit confirms that the earphone is present when it determines that the communication device has established a wireless communication connection with the earphone. The authentication device according to claim 1 or 2, wherein the password generation processing unit generates the password in text. 1. An authentication method for authenticating authority over a device, comprising:
an earphone confirmation process for determining whether or not an earphone that emits sound is present and performing authentication;
A password generation step of generating a password;
a voice generating step of generating the voice based on the password and transmitting the voice to a communication device that wirelessly communicates with the earphone;
When the character string is acquired, an authentication process step is performed based on the character string and the password. A program for an authentication method for authenticating authority to a device, comprising:
an earphone confirmation process for determining whether or not an earphone is used to emit sound and for performing authentication;
A password generation step of generating a password;
a voice generating step of generating the voice based on the password and transmitting the voice to a communication device that wirelessly communicates with the earphone;
A program for an authentication method that causes a computer to perform an authentication processing step of, when a character string is acquired, performing authentication based on the character string and the password.

Images