JP6508901B2 - Authentication system - Google Patents

Description

The present invention relates to a certification system.

  Conventionally, user authentication has been performed. For example, in a web page or the like, user authentication is performed depending on whether the user is allowed to input a user ID and password and the input user ID and password match the user ID and password registered in advance.

JP, 2011-118742, A JP, 2004-13274, A

  However, conventional user authentication is cumbersome for the user. For example, the user must store a user ID and password. In addition, when performing user authentication, the user must input a user ID and a password.

  This application is made in view of the above, and an object of the present invention is to provide an authentication device, an authentication method, an authentication program, and an authentication system that can reduce the complexity of user authentication.

  The authentication apparatus according to the present application is the transmission unit that transmits an authentication code to the first device according to the authentication request transmitted from the first device according to the operation of the user, and the second device associated with the user. A receiving unit for receiving data based on a sound output from the first device and collected by the second device, the data received from the second device, and the authentication code transmitted to the first device; And an authentication unit that authenticates the authentication request.

  According to one aspect of the embodiment, the complexity of user authentication can be reduced.

FIG. 1 is a diagram illustrating an example of an authentication process according to the embodiment. FIG. 2 is a diagram showing an example of the configuration of each device constituting the authentication system according to the embodiment. FIG. 3 is a diagram showing an example of device information according to the embodiment. FIG. 4 is a diagram showing an example of authentication code information according to the embodiment. FIG. 5 is a sequence diagram showing an example of the flow of authentication processing by the authentication system according to the embodiment. FIG. 6 is a diagram illustrating an example of an authentication process according to a modification. FIG. 7 is a diagram illustrating an example of an authentication process according to a modification. FIG. 8 is a diagram illustrating an example of an authentication process according to a modification. FIG. 9 is a hardware configuration diagram showing an example of a computer that implements the function of the authentication device according to the embodiment.

  Hereinafter, an authentication apparatus, an authentication method, an authentication program, and a mode for implementing an authentication system according to the present application (hereinafter, referred to as “embodiment”) will be described in detail with reference to the drawings. Note that the authentication device, the authentication method, the authentication program, and the authentication system according to the present application are not limited by the embodiment. Moreover, the same code | symbol is attached | subjected to the same site | part in the following each embodiment, and the overlapping description is abbreviate | omitted.

[1. Authentication process]
First, an example of the authentication process according to the embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of an authentication process according to the embodiment. In FIG. 1, an advertisement control process is performed by the authentication system 1.

  As shown in FIG. 1, the authentication system 1 includes a first device 10, a second device 11, and an authentication device 12. The first device 10, the second device 11, and the authentication device 12 are communicably connected by wire or wireless via a network. The authentication system 1 illustrated in FIG. 1 may include a plurality of first devices 10 and second devices 11.

  The first device 10 is an information processing apparatus that the user desires to use. The first device 10 is an information processing apparatus shared and used by a plurality of users, and when the user authentication is successful, the service provided by the first device 10 or the first device 10 itself becomes available. The first device 10 is, for example, a smartphone, a PDA (Personal Digital Assistant), a mobile phone, a desktop PC (Personal Computer), or a notebook PC. In this embodiment, the case where the first device 10 is a notebook PC disposed in a conference room and used in common is taken as an example.

  The second device 11 is an information processing apparatus associated with a user. The second device 11 is an information processing apparatus owned by each user and capable of associating users to use on a one-on-one basis. The second device 11 is, for example, a smartphone, a PDA (Personal Digital Assistant), or a mobile phone. In the present embodiment, the case where the second device 11 is a smartphone owned by each user is taken as an example.

  The authentication device 12 is an information processing device that authenticates a user and provides a predetermined service to the authenticated user, and is realized by, for example, a server device or a cloud system including a plurality of server devices. The authentication device 12 is connected to the first device 10 and the second device 11 via a network, and can transmit and receive arbitrary information.

  Hereinafter, an authentication process in which the authentication system 1 authenticates a user will be described along the flow using FIG. 1. The first device 10 displays the input screen 20 of the authentication information used for authentication in accordance with the operation of the user (step S1). In the example of FIG. 1, the input screen 20 is provided with a log-in button 21 for requesting authentication by inputting a user ID and a password as authentication information.

  When the user requests authentication by the user ID and password, the user inputs the user ID and password on the input screen 20 and selects the login button 21.

  By the way, user authentication by user ID and password is complicated for the user. For example, the user must store a user ID and password. In addition, when performing user authentication, the user must input a user ID and a password.

  Therefore, in the authentication system 1 according to the present embodiment, user authentication is performed without the user inputting a user ID and a password.

  In the example of FIG. 1, the input screen 20 is provided with a sound authentication button 22 for requesting authentication by sound without inputting a user ID and a password.

  When the user requests authentication without inputting a user ID and a password, the user selects the sound authentication button 22 on the input screen 20. When the sound authentication button 22 of the input screen 20 is selected, the first device 10 transmits an authentication request to the authentication device 12 (step S2).

  In response to the authentication request transmitted from the first device 10, the authentication device 12 generates an authentication code and transmits the generated authentication code to the first device 10 (step S3). The authentication code is a code for identifying an authentication request. The authentication code is assigned to each session for which authentication has been requested. When the authentication device 12 receives the authentication request, the authentication device 12 generates a unique code. The authentication code transmitted by the authentication device 12 may be code data, or sound data obtained by converting the authentication code into sound according to a predetermined conversion rule.

  The first device 10 is provided with a speaker capable of outputting sound. When receiving the authentication code from the authentication device 12, the first device 10 outputs a sound based on the received authentication code from the speaker (step S4). For example, when the first device 10 receives the authentication code as code data, the first device 10 converts the received data of the authentication code into sound data according to a predetermined conversion rule, converts the sound data, reproduces the sound data, and outputs the sound data from the speaker. When the first device 10 receives the authentication code as sound data, the first device 10 reproduces the sound data of the received authentication code and outputs the sound data from the speaker. The first device 10 repeats the reproduction of the sound data until the sound data of the authentication code is reproduced a predetermined number of times or for a predetermined reproduction time.

  During reproduction of sound data, the first device 10 displays the received authentication code on the screen 25 (step S5). When the authentication code is received as code data, the first device 10 displays the received authentication code on the screen 25. When the authentication code is received as sound data, the first device 10 recognizes the sound data according to a predetermined conversion rule, and displays the authentication code recognized from the sound data on the screen 25. In the example of FIG. 1, the authentication code “XXXXX” is displayed on the screen 25.

  The second device 11 is provided with a microphone capable of collecting sound. The user brings the second device 11 close to the first device 10, and the sound output from the first device 10 is collected by the microphone (step S6). The second device 11 recognizes sound data of the collected sound according to a predetermined conversion rule, and displays an authentication code recognized from the sound data on the screen 26 (step S7). In the example of FIG. 1, the authentication code “XXXXX” is displayed on the screen 26. The screen 26 is provided with a transmission button 27 for instructing transmission of an authentication code.

  The user compares the authentication code displayed on the screen 25 of the first device 10 with the authentication code displayed on the screen 26 of the second device 11, and when they match, selects the send button 27. This makes it possible to confirm that the authentication code has been correctly recognized from the sound output from the first device 10, and to request authentication.

  When the transmission button 27 is selected, the second device 11 transmits data based on the collected sound to the authentication device 12 (step S8). The data based on the collected sound may be sound data of the collected sound, or may be data of an authentication code in which the sound data is recognized according to a predetermined conversion rule.

  The authentication device 12 authenticates the authentication request based on the data received from the second device 11 and the authentication code transmitted to the first device 10 (step S9). For example, when receiving the sound data from the second device 11, the authentication device 12 recognizes the received sound data according to a predetermined conversion rule. Then, the authentication device 12 compares the authentication code recognized from the sound data with the authentication code transmitted to the first device 10, and performs authentication on the authentication request depending on whether the authentication codes match. Also, for example, when the authentication device 12 receives data of the authentication code from the second device 11, the authentication device 12 compares the received authentication code with the authentication code transmitted to the first device 10, and determines whether the authentication codes match. Perform authentication on the authentication request depending on whether or not

  If the authentication code matches, the authentication device 12 determines that the authentication for the authentication request is successful. On the other hand, when the authentication code does not match, the authentication device 12 determines that the authentication for the authentication request has failed.

  The authentication device 12 stores, for each second device 11, information on a user associated with the second device 11. For example, the authentication device 12 stores, for each second device 11, information on a user who owns the second device 11.

  The authentication device 12 transmits information according to the authentication result to the first device 10 (step S10). For example, when the authentication with respect to the authentication request is successful, the authentication device 12 transmits the screen 28 to the first device 10 as the login performed by the user of the second device 11 that has transmitted the data whose authentication is successful. In the example of FIG. 1, the authentication apparatus 12 transmits a screen 28 indicating that the login of the authenticated user is completed. On the other hand, when the authentication for the authentication request fails, the authentication device 12 transmits data to the effect that the authentication failed to the first device 10.

  As described above, in the authentication system 1, user authentication can be performed without the user inputting a user ID and a password. This eliminates the need for the user to store the user ID and password, and also eliminates the need for the user to input the user ID and password when performing user authentication, thus reducing the complexity of user authentication. .

  In addition, in the authentication system 1, when the processing of the first device 10 and the second device 11 is created by the Web application, the processing can be realized by the browser in the first device 10 and the second device 11, and therefore login is performed regardless of the environment. It can be performed.

  Further, in the authentication system 1, the second device 11 associated with the user can be realized not by a special device but by a smartphone, so that the system can be easily configured.

  Further, in the authentication system 1, by controlling the volume of the sound output from the first device 10, the range in which the authentication code is propagated by the sound can be limited.

  Hereinafter, an example of functional composition of each device which constitutes authentication system 1 which realizes an authentication process mentioned above is explained.

[2. Configuration of Each Device Constituting Authentication System 1]
Next, with reference to FIG. 2, configurations of respective devices constituting the authentication system 1 according to the embodiment will be described. FIG. 2 is a diagram showing an example of the configuration of each device constituting the authentication system according to the embodiment. As shown in FIG. 2, in the authentication system 1, the first device 10, the second device 11 and the authentication device 12 are communicably connected by wire or wireless via the network N.

[2-1. Configuration of First Device 10]
The configuration of the first device 10 will be described. The first device 10 includes a display unit 30, an input unit 31, a speaker 32, a communication unit 33, a storage unit 34, and a control unit 35. The internal configuration of the authentication device 12 is not limited to the configuration shown in FIG. 2, and may be another configuration as long as the first device 10 performs the below-described authentication process.

  The display unit 30 is realized by, for example, a display device such as a liquid crystal display (LCD) or a cathode ray tube (CRT). The display unit 30 displays various types of information under the control of the control unit 35.

  The input unit 31 is realized by, for example, various buttons provided on the first device 10 or an input device such as a transmissive touch sensor provided on the display unit 30. The input unit 31 receives input of various types of information. Although the display unit 30 and the input unit 31 are separately separated in the example of FIG. 2 because the functional configuration is shown, for example, the display unit 30 and the input unit 31 are configured by a device in which the display unit 30 and the input unit 31 are integrally provided. You may

  The speaker 32 is realized by an output device that outputs a sound. The speaker 32 outputs various sounds under the control of the control unit 35.

  The communication unit 33 is realized by, for example, a NIC (Network Interface Card) or the like. The communication unit 33 is connected to the network N in a wired or wireless manner, and transmits and receives information to and from the authentication device 12.

  The storage unit 34 is realized by, for example, a semiconductor memory device such as a random access memory (RAM) or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 34 stores an operating system (OS) executed by the control unit 35 and various programs. For example, the storage unit 34 stores various programs including an authentication program that executes an authentication process described later that the first device 10 executes. Furthermore, the storage unit 34 stores various data used in a program executed by the control unit 35. For example, the storage unit 34 stores an authentication code 40.

  The control unit 35 is realized, for example, by a CPU (Central Processing Unit) or an MPU (Micro Processing Unit) etc. executing various programs stored in a storage device inside the authentication device 12 using the RAM as a work area. Ru. The control unit 35 is realized by an integrated circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).

  In addition, the control unit 35 operates as various processing units by executing the authentication program stored in the storage unit 34 with the RAM as a work area. For example, the control unit 35 operates as a first display control unit 50, a request transmission unit 51, and a sound generation unit 52.

[2-2. Example of data stored in storage unit 34]
Subsequently, data stored in the storage unit 34 will be described. The storage unit 34 stores the authentication code 40 obtained as a response to the authentication request sent to the authentication device 12.

[2-3. Example of processing executed by control unit 35]
An example of processing executed by the first display control unit 50, the request transmission unit 51, and the sound generation unit 52 that the control unit 35 has will be described.

  The first display control unit 50 displays the input screen 20 of the authentication information used for authentication on the display unit 30 according to the operation of the user. In addition, when the authentication code 40 is obtained as a response to the authentication request transmitted to the authentication device 12, the first display control unit 50 displays the screen 25 on which the authentication code 40 is displayed on the display unit 30. Further, when the first display control unit 50 receives the information according to the authentication result from the authentication device 12, the first display control unit 50 performs the display according to the received information. For example, when the authentication for the authentication request by the authentication device 12 is successful and the information of the screen 28 indicating that the login of the authenticated user is completed is received from the authentication device 12, the first display control unit 50 displays the screen 28 Displayed on the display unit 30. When the authentication device 12 fails in authentication with respect to the authentication request and receives data indicating that the authentication failed from the authentication device 12, the first display control unit 50 displays on the display unit 30 that the authentication has failed. .

  The request transmission unit 51 transmits an authentication request to the authentication device 12 according to the operation of the user. For example, when the sound authentication button 22 is selected on the input screen 20, the request transmission unit 51 transmits an authentication request to the authentication device 12. An authentication code is returned from the authentication device 12 in response to this authentication request. Here, the authentication code is transmitted from the authentication device 12 as data of the code. The authentication code obtained as a response from the authentication device 12 as a response is stored in the storage unit 34 as an authentication code 40. The first display control unit 50 displays the screen 25 on which the authentication code 40 is displayed on the display unit 30.

  The sound generation unit 52 converts the data of the authentication code 40 into sound data according to a predetermined conversion rule. Then, the sound generation unit 52 repeatedly reproduces the sound data until the converted sound data is reproduced a predetermined number of times or a predetermined reproduction time.

[2-4. Configuration of Second Device 11]
Next, the configuration of the second device 11 will be described. The second device 11 includes a display unit 60, an input unit 61, a microphone 62, a communication unit 63, a storage unit 64, and a control unit 65. Note that the internal configuration of the authentication device 12 is not limited to the configuration shown in FIG. 2, and any other configuration may be used as long as the second device 11 performs the below-described authentication process. The display unit 60, the input unit 61, the communication unit 63, the storage unit 64, and the control unit 65 of the second device 11 are the display unit 30, the input unit 31, the communication unit 33, the storage unit 34, and the control unit 35 of the first device 10. Therefore, the description of the same parts will be omitted, and the different parts will be mainly described.

  The microphone 62 is realized by a sound collection device that collects sound. The microphone 62 collects sound under the control of the control unit 65.

  The storage unit 64 stores the OS executed by the control unit 65 and various programs. For example, the storage unit 64 stores various programs including an authentication program that executes an authentication process described later that the second device 11 executes. Furthermore, the storage unit 64 stores various data used in a program executed by the control unit 65. For example, the storage unit 64 stores an authentication code 70.

  The control unit 65 operates as various processing units by the authentication program stored in the storage unit 64 being executed using the RAM as a work area. For example, the control unit 65 operates as a sound recognition unit 80, a second display control unit 81, and a transmission unit 82.

[2-5. Example of data stored in storage unit 64]
Subsequently, data stored in the storage unit 64 will be described. The storage unit 64 stores an authentication code 70 obtained as a result of recognizing the sound output from the first device 10.

[2-6. Example of processing executed by control unit 65]
An example of processing executed by the sound recognition unit 80, the second display control unit 81, and the transmission unit 82 that the control unit 65 has will be described.

  The sound recognition unit 80 recognizes the sound collected by the microphone 62. For example, the sound recognition unit 80 converts an analog signal of the sound signal collected by the microphone 62 into digital sound data at a predetermined sampling rate. Then, the sound recognition unit 80 recognizes the converted sound data according to a predetermined conversion rule, and identifies an authentication code from the sound data. The recognized authentication code is stored in the storage unit 64 as an authentication code 70.

  When the authentication code 70 is obtained as a result of the recognition by the sound recognition unit 80, the second display control unit 81 causes the display unit 60 to display the screen 26 on which the authentication code 70 is displayed.

  The transmission unit 82 transmits data based on the sound collected by the microphone 62 to the authentication device 12 when the transmission button 27 of the screen 26 is selected. Here, the transmission unit 82 transmits the authentication code 70 recognized from the sound data of the collected sound to the authentication device 12.

[2-7. Configuration of Authentication Device 12]
Next, the configuration of the authentication device 12 will be described. The authentication device 12 includes a communication unit 90, a storage unit 91, and a control unit 92. The internal configuration of the authentication device 12 is not limited to the configuration shown in FIG. 2, and any other configuration may be used as long as the authentication device 12 performs the below-described authentication process. The communication unit 90, the storage unit 91, and the control unit 92 of the authentication device 12 are the same as the communication unit 33, the storage unit 34, and the control unit 35 of the first device 10. The different parts will be described.

  The storage unit 91 stores the OS and various programs executed by the control unit 92. For example, the storage unit 91 stores various programs including an authentication program that executes an authentication process described later that the authentication device 12 executes. Furthermore, the storage unit 91 stores various data used in a program executed by the control unit 92. For example, the storage unit 91 stores device information 100 and authentication code information 101.

  The control unit 92 operates as various processing units as the authentication program stored in the storage unit 91 is executed using the RAM as a work area. For example, the control unit 92 operates as a transmission unit 110, a reception unit 111, an authentication unit 112, and a notification unit 113.

[2-8. Example of data stored in storage unit 91]
Subsequently, data stored in the storage unit 91 will be described. First, the device information 100 will be described. The device information 100 is data in which information for associating the user with the second device 11 is registered. In the device information 100, information on a user who owns the second device 11 is registered for each second device 11. In the present embodiment, the user ID of the owned user is registered in the device information 100 for each second device 11.

  For example, FIG. 3 is a diagram illustrating an example of device information according to the embodiment. In the example shown in FIG. 3, information of a plurality of items such as “device ID” and “user ID” is registered in the device information 100. The item “device ID” is an area for storing identification information for identifying the second device 11. The item of “user ID” is an area for storing the user ID of the user who owns the second device 11 whose device ID is registered in the item of “device ID”. In the example of FIG. 3, it is registered that the device ID “smart phone A” is that the user ID of the owning user is “AAAA”. In addition, it is registered that the device ID of “terminal B” is that the user ID of the owned user is “BBBB”. The device information 100 illustrated in FIG. 3 is merely an example, and additional information in an arbitrary format regarding the user or the second device 11 may be added.

  Subsequently, the authentication code information 101 will be described. The authentication code information 101 is data in which the transmitted authentication code is registered in response to an authentication request from the first device 10.

  For example, FIG. 4 is a diagram showing an example of authentication code information according to the embodiment. In the example shown in FIG. 4, in the authentication code information 101, information of a plurality of items such as “session ID” and “authentication code” is registered. The item of “session ID” is an area for storing the session ID of the session of the authentication request received from the first device 10. The item of “authentication code” is an area for storing the transmitted authentication code in response to the authentication request of the session whose session ID is registered in the item of “session ID”. The example in FIG. 4 indicates that "XXXXX" is transmitted as an authentication code in response to an authentication request for a session whose session ID is "session A". The authentication code information 101 illustrated in FIG. 4 is merely an example, and additional information in an arbitrary format related to a session may be added.

[2-9. Example of processing executed by control unit 92]
Returning to FIG. 2, an example of processing performed by the transmission unit 110, the reception unit 111, the authentication unit 112, and the notification unit 113, which the control unit 92 has, will be described.

  When receiving the authentication request from the first device 10, the transmission unit 110 generates a unique authentication code. Then, the transmission unit 110 transmits the generated authentication code to the first device 10 of the authentication request source as a response to the authentication request. The transmission unit 110 may transmit control information to cause the first device 10 to display an authentication code and output a sound based on the authentication code to the first device. For example, when the first device 10 executes the processing by the browser, the transmission unit 110 transmits control information for causing the display of the authentication code and the sound based on the authentication code to be output to the first device 10 using script language or the like. When an application program for executing processing related to authentication is installed in advance in the first device 10 and the application program displays the received authentication code and outputs a sound based on the authentication code, the control information is used as the first device. There is no need to send to.

  The transmission unit 110 registers the transmitted authentication code in the authentication code information 101 in association with the session ID of the authentication request.

  The receiving unit 111 receives data based on sound from the second device 11. Here, the receiving unit 111 receives, from the second device 11, the authentication code 70 recognized from the sound data of the collected sound.

  The authentication unit 112 performs authentication on the authentication request based on the data received from the second device 11 and the authentication code transmitted to the first device 10. For example, when receiving the authentication code 70 from the second device 11, the authentication unit 112 specifies the second device 11 that is the transmission source of the authentication code 70. Then, the authentication unit 112 refers to the device information 100 and identifies the user ID of the user who owns the identified second device 11. The authentication unit 112 also refers to the authentication code information 101 to determine whether the received authentication code 70 is registered. When the authentication code 70 is registered, the authentication unit 112 determines that the authentication is successful, and identifies the session ID associated with the authentication code 70. On the other hand, when the authentication code 70 is not registered, the authentication unit 112 determines that the authentication has failed.

  The notification unit 113 notifies the first device 10 of information according to the authentication result by the authentication unit 112. For example, when the authentication is successful, the notification unit 113 determines that the screen 28 is displayed on the assumption that the user of the second device 11 logs in in response to the authentication request for the session ID associated with the authentication code 70. Notify the device 10. The notification to the first device 10 may be performed, for example, by periodically making a query with the session ID for which the first device 10 makes an authentication request to the authentication device 12, and may be performed as a response to the query. If the authentication device 12 can notify the first device 10, the authentication device 12 may directly notify the first device 10.

  Thereby, when the authentication is successful, the user can use the first device 10 by performing user authentication without the user inputting the user ID and the password.

[3. Processing sequence of authentication system 1]
Next, the procedure of the authentication process performed by the authentication system 1 will be described with reference to FIG. FIG. 5 is a sequence diagram showing an example of the flow of authentication processing by the authentication system according to the embodiment. FIG. 5 shows the flow of authentication processing when sound authentication is performed.

  When receiving an operation from the user, the first device 10 displays an input screen 20 of authentication information used for authentication (step S100). When the user requests authentication without inputting a user ID and a password, the user selects the sound authentication button 22 on the input screen 20. When the sound authentication button 22 of the input screen 20 is selected, the first device 10 transmits an authentication request to the authentication device 12 (step S101).

  When receiving the authentication request transmitted from the first device 10, the authentication device 12 generates an authentication code, and transmits the authentication code to the first device 10 (step S102).

  When receiving the authentication code from the authentication device 12, the first device 10 outputs a sound based on the received authentication code from the speaker 32 (step S103). Further, the first device 10 displays the received authentication code on the screen 25 during the reproduction of sound data (step S104). The user brings the second device 11 owned by the user close to the first device 10, and the microphone 62 collects the sound output from the first device 10.

  The second device 11 recognizes the sound data of the collected sound according to a predetermined conversion rule (step S105). Then, the second device 11 displays the authentication code recognized from the sound data on the screen 26 (step S106). The user compares the authentication code displayed on the screen 25 of the first device 10 with the authentication code displayed on the screen 26 of the second device 11, and if they match, the send button 27 provided on the screen 26 select. When the transmission button 27 is selected, the second device 11 transmits data based on the collected sound to the authentication device 12 (step S107).

  The authentication device 12 authenticates the authentication request based on the data received from the second device 11 and the authentication code transmitted to the first device 10 (step S108). The authentication device 12 transmits information according to the authentication result to the first device 10 (step S109), and ends the process.

[4. Modified example]
The authentication system 1 according to the above-described embodiment may be implemented in various different forms other than the above-described embodiment. So, below, other embodiment of the authentication system 1 is described.

[4-1. Automatic execution of authentication process by sound]
In the above embodiment, an example has been shown in which the first device 10 can selectively execute authentication by inputting a user ID and a password and authentication by sound on the input screen 20 by the operation of the user. However, the first device 10 may perform only sound authentication. For example, the first device 10 may transmit an authentication request to the authentication device 12 when receiving an operation for requesting authentication from the user.

[4-2. Display of authentication code]
In the above embodiment, the authentication code received by the first device 10 is displayed on the screen 25, and the second device 11 displays the authentication code recognized from the sound data on the screen 26. However, the first device 10 and the second device 11 may not display the authentication code. In this case, when the authentication code is recognized from the sound data, the second device 11 may transmit the recognized authentication code to the authentication device 12 without waiting for an instruction from the user.

[4-3. Storage of authentication information]
In the above embodiment, an example has been shown in which the user ID of the user who owns the second device 11 is stored in the device information 100 for each second device 11. However, the device information 100 may store, for each second device 11, authentication information used for authentication of the user ID and password of the user who owns the second device 11. If the authentication is successful, the authentication unit 112 may log in using authentication information such as a user ID and a password. As a result, when the authentication is successful, the authentication system 1 can cause the user to perform login for other systems.

[4-4. Notification of Authentication Code from Second Device 11 to First Device 10]
In the above embodiment, the authentication code may be notified from the second device 11 to the first device 10. FIG. 6 is a diagram illustrating an example of an authentication process according to a modification. In addition, about the process part same as FIG. 1, the same code | symbol is attached | subjected, description is abbreviate | omitted, and a mainly different part is demonstrated.

  For example, the second device 11 further includes a speaker capable of outputting sound. The second device 11 outputs the sound data of the collected sound from the speaker (step S11). At this time, the user brings the second device 11 owned by the user close to the first device 10 and vibrates the second device 11. Thereby, a Doppler effect due to vibration is generated in the sound output from the speaker of the second device 11.

  The first device 10 further includes a microphone capable of collecting sound. The first device 10 collects the sound output from the second device 11 with the microphone (step S12). The first device 10 compares the sound output to the second device 11 and determines whether a Doppler effect occurs in the collected sound (step S13). For example, the first device 10 determines that the Doppler effect is generated when the collected sound periodically fluctuates to a high frequency and a low frequency with respect to the output sound.

  When the Doppler effect is occurring, the first device 10 performs display in accordance with the information according to the authentication result notified from the authentication device 12 (step S14). For example, the first device 10 causes the screen 28 to be displayed when the Doppler effect is occurring. On the other hand, when the Doppler effect is not generated, the first device 10 does not display the information according to the authentication result notified from the authentication device 12.

  Thereby, in the authentication system 1, when the second device 11 is located in the vicinity of the first device 10 and it can be confirmed that the sound output from the first device 10 is correctly collected by the second device 11, The screen 28 is displayed on the first device 10. As a result, in the authentication system 1, the screen 28 is displayed on the first device 10 that the user desires to use even in an environment where there are a plurality of first devices 10 nearby and the sounds of the other first devices 10 are likely to interfere. It can be displayed. Thereby, in the authentication system 1, even when there are a plurality of first devices 10 nearby, it is possible to suppress erroneous login to the other first devices 10.

  In addition, the first device 10 collects the sound output from the second device 11, compares it with the output sound, and displays the authentication code if the Doppler effect occurs in the collected sound. The second device 11 displays the authentication code included in the data based on the collected sound in response to the notification from the first device 10. May be

  FIG. 7 is a diagram illustrating an example of an authentication process according to a modification. In addition, about the process part same as FIG. 6, the same code | symbol is attached | subjected, description is abbreviate | omitted, and a mainly different part is demonstrated. In FIG. 7, steps S5, S6, and S13 are deleted from FIG. In addition, since steps S18 to S20 are the same as steps S8 to S10, the description will be omitted.

  When the Doppler effect has occurred, the first device 10 displays the authentication code received from the authentication device 12 on the screen 25 (step S15). When the Doppler effect is occurring, the first device 10 notifies the second device 11 (step S16). For example, the first device 10 notifies the second device 11 that the Doppler effect is occurring.

  When the second device 11 receives the notification from the first device 10, the second device 11 displays the authentication code recognized from the sound data on the screen 26 (step S17). Thereafter, the processes of steps S18 to S20 are performed.

  Thereby, in the authentication system 1, when the second device 11 is located in the vicinity of the first device 10 and it can be confirmed that the sound output from the first device 10 is correctly collected by the second device 11, The screen 25 is displayed on the first device 10, and the screen 26 is displayed on the second device 11. Thereby, in the authentication system 1, the screen 25 is displayed on the first device 10, and the screen 26 is displayed on the second device 11, so that the user can receive the sound from the first device 10 that the user wants to use. Since it can be confirmed, even in an environment where the sound of the other first device 10 is likely to cause interference, the user can be authenticated for the first device 10 that the user desires to use.

[4-5. Other application examples]
In the above embodiment, the authentication system 1 is shown as an example applied to authentication of login of a user who uses the first device 10. However, the authentication system 1 may be applied to authentication of the use of other devices. For example, the authentication system 1 may be applied to authentication of use of a rental car, car sharing, a hotel room, a rental conference room, and the like. Hereinafter, the case where the authentication system 1 is applied to the authentication of the use of the rental conference room will be described as an example. FIG. 8 is a diagram illustrating an example of an authentication process according to a modification. In the example of FIG. 8, the first device 10 is, for example, a device which is provided at a door of a rental conference room and controls opening and closing of a door key. The second device 11 is, for example, a smartphone possessed by a user.

  The first device 10 transmits an authentication request to the authentication device 12 according to the operation of the user (step S30). For example, when the user operates the input unit 31 such as a button provided on a door, the first device 10 transmits an authentication request to the authentication apparatus 12.

  In response to the authentication request transmitted from the first device 10, the authentication device 12 generates an authentication code and transmits the generated authentication code to the first device 10 (step S31).

  The first device 10 includes a speaker 32 capable of outputting sound. When the first device 10 receives the authentication code from the first device 10, the first device 10 outputs a sound based on the received authentication code from the speaker 32 (step S32).

  The second device 11 is provided with a microphone 62 capable of collecting sound. The user brings the second device 11 close to the first device 10, and the sound output from the first device 10 is collected by the microphone 62 (step S33). The second device 11 recognizes sound data of the collected sound according to a predetermined conversion rule (step S34). The second device 11 transmits data based on the collected sound to the authentication device 12 (step S35).

  The authentication device 12 authenticates the authentication request based on the data received from the second device 11 and the authentication code transmitted to the first device 10 (step S36). If the authentication code matches, the authentication device 12 determines that the authentication for the authentication request is successful. On the other hand, when the authentication code does not match, the authentication device 12 determines that the authentication for the authentication request has failed.

  The authentication device 12 transmits information according to the authentication result to the first device 10 (step S37). For example, when the authentication for the authentication request is successful, the authentication device 12 transmits, to the first device 10, a notification indicating that the authentication is successful. On the other hand, when the authentication for the authentication request fails, the authentication device 12 transmits, to the first device 10, a notification indicating that the authentication has failed.

  When the first device 10 receives the notification indicating that the authentication is successful from the authentication device 12, as shown in FIG. 8, the door is unlocked. This allows the user to open the door and enter the hotel room.

  As described above, even when the authentication system 1 is applied to the authentication of the use of the hotel room, the user performs the user authentication to unlock the door of the hotel room without inputting the user ID and the password. Can. The control of the unlocking of the door by the authentication system 1 is an example, and other controls may be performed. For example, in the case of car rental and car sharing, control may be performed to validate the operation of the ignition when there is a notification indicating that the authentication is successful. Thus, if the authentication is successful, the engine can be started. Further, for example, in the case of a hotel room or a rental conference room, control may be performed to turn on the lighting or power of the room when there is a notification indicating that the authentication is successful. Thus, if the authentication is successful, room lighting and power can be used.

[4-5. Other]
Further, among the processes described in the above embodiment, all or part of the process described as being automatically performed may be manually performed, or the process described as being manually performed. All or part of them can be performed automatically by known methods. In addition, information including processing procedures, specific names, various data and parameters shown in the above-mentioned documents and drawings can be arbitrarily changed unless otherwise specified. For example, the various information shown in each figure is not limited to the illustrated information.

  Further, each component of each device illustrated is functionally conceptual, and does not necessarily have to be physically configured as illustrated. That is, the specific form of the distribution and integration of each device is not limited to the illustrated one, and all or a part thereof may be functionally or physically dispersed in any unit depending on various loads, usage conditions, etc. It can be integrated and configured. For example, the first display control unit 50, the request transmission unit 51 and the sound generation unit 52 of the first device 10 shown in FIG. 2, and the sound recognition unit 80 and the second display control unit 81 and the transmission unit 82 of the second device 11. The functions performed by the transmission unit 110, the reception unit 111, the authentication unit 112, and the notification unit 113 of the authentication device 12 may be integrated at an arbitrary granularity.

  Further, the authentication device 12 does not have to store the device information 100 and the authentication code information 101 in the storage unit 91. For example, the device information 100 and the authentication code information 101 store other server devices etc. existing on the network. It may be done.

  Moreover, it is possible to combine suitably each embodiment mentioned above in the range which does not contradict process content.

[4-3. program〕
Further, the authentication device 12 according to the embodiment described above is realized by, for example, a computer 1000 configured as shown in FIG. Hereinafter, the computer 1000 that executes the function of the authentication device 12 will be described. FIG. 9 is a hardware configuration diagram showing an example of a computer that implements the function of the authentication device according to the embodiment. The computer 1000 includes a CPU 1100, a RAM 1200, a ROM 1300, an HDD 1400, a communication interface (I / F) 1500, an input / output interface (I / F) 1600, and a media interface (I / F) 1700.

  The CPU 1100 operates based on an authentication program stored in the ROM 1300 or the HDD 1400 to control each part. The ROM 1300 stores a boot program executed by the CPU 1100 when the computer 1000 starts up, a program depending on the hardware of the computer 1000, and the like.

  The HDD 1400 stores a program executed by the CPU 1100, data used by the program, and the like. The communication interface 1500 receives data from another device via the network N, sends it to the CPU 1100, and transmits data generated by the CPU 1100 to the other device.

  The CPU 1100 controls output devices such as a display and a printer, and input devices such as a keyboard and a mouse via the input / output interface 1600. The CPU 1100 acquires data from an input device via the input / output interface 1600. Also, the CPU 1100 outputs the generated data to the output device via the input / output interface 1600.

  The media interface 1700 reads a program or data stored in the recording medium 1800 and provides the CPU 1100 with the program via the RAM 1200. The CPU 1100 loads such a program from the recording medium 1800 onto the RAM 1200 via the media interface 1700 and executes the loaded program. The recording medium 1800 is, for example, an optical recording medium such as a digital versatile disc (DVD) or a phase change rewritable disc (PD), a magneto-optical recording medium such as a magneto-optical disk (MO), a tape medium, a magnetic recording medium, or a semiconductor memory. Etc.

  For example, when the computer 1000 functions as the authentication device 12 according to the embodiment, the CPU 1100 of the computer 1000 realizes the function of the control unit 92 by executing the authentication program loaded on the RAM 1200. Also, the HDD 1400 stores data in the storage unit 91, for example, device information 100 and authentication code information 101. The CPU 1100 of the computer 1000 reads these programs from the recording medium 1800 and executes them, but as another example, these programs may be acquired from other devices.

[5. effect〕
As described above, the authentication device 12 transmits an authentication code to the first device 10 in response to the authentication request transmitted from the first device 10 according to the operation of the user. The authentication device 12 receives, from the second device 11 associated with the user, data based on the sound output from the first device 10 and collected by the second device. The authentication device 12 authenticates the authentication request based on the data received from the second device 11 and the authentication code transmitted to the first device 10. Thus, the authentication device 12 can reduce the complexity of user authentication.

  Further, the authentication device 12 transmits, to the first device 10, control information that causes the first device 10 to display an authentication code and output a sound based on the authentication code. As a result, the authentication device 12 can display the authentication code on the first device 10 and output sound based on the authentication code without installing an application on the first device 10.

  Further, in the authentication system 1, the first device 10 transmits an authentication request according to the user's operation, and outputs a sound based on the authentication code obtained as a response to the authentication request. The second device 11 transmits data based on the collected sound, which is associated with the user and output from the first device 10. In response to the authentication request transmitted from the first device 10, the authentication device 12 transmits an authentication code to the first device 10, and when data is received from the second device 11, the data is transmitted to the first device 10 The authentication request is authenticated on the basis of the authentication code. Thus, the authentication system 1 can reduce the complexity of user authentication.

  The first device 10 also displays the authentication code obtained as a response to the authentication request. When the data based on the collected sound includes an authentication code, the second device 11 displays the authentication code. As a result, the user can confirm that the second device 11 has correctly recognized the authentication code propagated by the sound, and can make a request for authentication.

  Further, when a sound including an authentication code is collected, the second device 11 inquires the user whether data based on the sound is to be transmitted, and when a transmission instruction is obtained from the user, the second device 11 transmits the data. Do. As a result, it is possible to make the user aware that authentication is to be performed using collected sound data, and when different sounds of the first device 10 are collected, it is possible to stop data transmission.

  Also, the second device 11 outputs the collected sound. The authentication device 12 notifies the first device 10 of information according to the authentication result. The first device 10 collects the sound output from the second device 11 and compares it with the output sound, and when the Doppler effect occurs in the collected sound, the information notified from the authentication device 12 Display based on Thereby, even when there are a plurality of first devices 10 nearby, it is possible to suppress that the user erroneously logs in to another first device 10 and operates.

  Also, the second device 11 outputs the collected sound. The first device 10 collects the sound output from the second device 11, compares it with the output sound, and displays the authentication code when the collected sound has a Doppler effect, and displays the authentication code and the second device 11. Do one or both of the notifications for 11. In response to the notification from the first device 10, the second device 11 displays the authentication code included in the data based on the collected sound. Thereby, even in an environment where the sound of the other first device 10 is likely to cause interference, the user can be authenticated for the first device 10 that the user desires to use.

  Although some of the embodiments of the present application have been described in detail based on the drawings, these are only examples, and various modifications can be made based on the knowledge of those skilled in the art, including the aspects described in the section of the disclosure of the invention. It is possible to implement the invention in other improved forms.

  Also, the "section (module, unit)" described above can be read as "means" or "circuit". For example, the authentication unit can be read as an authentication means or an authentication circuit.

1 authentication system 10 first device 11 second device 12 authentication device 32 speaker 33 communication unit 34 storage unit 35 control unit 40 authentication code 50 first display control unit 51 request transmission unit 52 sound generation unit 62 microphone 63 communication unit 64 storage unit 65 control unit 70 authentication code 80 sound recognition unit 81 second display control unit 82 transmission unit 90 communication unit 91 storage unit 92 control unit 100 device information 101 authentication code information 110 transmission unit 111 reception unit 112 authentication unit 113 notification unit

Claims (4)

A first device that transmits an authentication request according to a user operation and outputs a sound based on an authentication code obtained as a response to the authentication request;
A second device that is associated with the user, transmits data based on the collected sound output from the first device;
According to the authentication request transmitted from the first device, an authentication code is transmitted to the first device, and when the data is received from the second device, the data and the authentication code transmitted to the first device An authentication device for performing authentication on the authentication request based on
The second device outputs the collected sound,
The authentication device notifies the first device of information according to the authentication result,
The first device collects the sound output from the second device, and compares the output sound with the output sound, and when the Doppler effect occurs in the collected sound, the information notified from the authentication device An authentication system characterized by displaying on the basis of A first device that transmits an authentication request according to a user operation and outputs a sound based on an authentication code obtained as a response to the authentication request;
A second device that is associated with the user, transmits data based on the collected sound output from the first device;
According to the authentication request transmitted from the first device, an authentication code is transmitted to the first device, and when the data is received from the second device, the data and the authentication code transmitted to the first device An authentication device for performing authentication on the authentication request based on
The second device outputs the collected sound,
The first device collects the sound output from the second device, compares it with the output sound, and displays the authentication code when the collected sound has a Doppler effect. 2) notify one or both of the devices,
The second system, in response to a notification from the first device, displays an authentication code included in data based on a collected sound. The first device displays an authentication code obtained as a response to the authentication request,
The second device, if it contains authorization code data based on the collected sounds, the authentication system according to claim 1 or 2, characterized in that to display an authentication code. When the sound including the authentication code is collected, the second device inquires the user whether to transmit data based on the sound.
The authentication system according to any one of claims 1 to 3 , wherein, when a transmission instruction is obtained from a user, the data is transmitted.

Images