JP6763821B2 - Authentication system, authentication method and authentication program - Google Patents

Description

The present invention relates to an authentication system, an authentication method and an authentication program.

Nowadays, so-called wearable terminals such as smart watches and personal devices such as smartphones are becoming widespread, and it is not uncommon for users to have multiple terminals by themselves. Many personal devices hold sensitive information such as personal information and confidential information. In addition, there are increasing opportunities to access important services such as banking via networks using personal devices. Therefore, in response to risks such as spoofing, a lock is generally applied so that only the person can use it. Then, each time it is used, biometric authentication or password authentication is required, or when using a service such as banking, a separate authentication operation such as login is required.

However, as the opportunities to utilize personal devices increase, the authentication operation becomes a burden on the user. Therefore, in order to reduce the burden on the user, for example, when the existence of a wearable terminal pre-paired and registered is recognized within a short distance such as within the communication range of Bluetooth (registered trademark) with the authenticated smartphone. , So-called possession authentication that unlocks the wearable terminal is known.

However, if there is a smartphone in the vicinity of the wearable terminal that is unlocked and can be operated by anyone other than the user when the user sleeps or leaves the desk, the wearable terminal may be used illegally. Therefore, there is a need for a technique for guaranteeing the possession of a wearable terminal when authenticating a plurality of terminals using the possession authentication, such as possession authentication of a wearable terminal using a smartphone.

For example, there is known a technique for guaranteeing that a wearable terminal is worn by a user by detecting the attachment / detachment of the wearable terminal using a special sensor or performing biometric authentication using an electrocardiogram or the like at the time of wearing the wearable terminal. See Non-Patent Documents 1 and 2). In these technologies, only when the wearable terminal is attached to the user, the lock of other pre-registered terminals existing in the Bluetooth communication range of the wearable terminal is unlocked and the wearable terminal can be used.

However, since these technologies are realized by using a dedicated sensor, they cannot be applied to general-purpose wearable terminals and smartphones. In addition, even if the wearable terminal is attached to a legitimate user, if a smartphone within the communication range of Bluetooth of the wearable terminal is authenticated using possession authentication, the possibility of being operated by another person and being used illegally is denied. Can not.

Therefore, the distance between terminals is estimated using the radio wave strength of the proximity sensor, and the acceleration sensor values between terminals are compared and collated to determine that they are in the same vehicle, and Bluetooth communication is performed. A technique for guaranteeing that a plurality of terminals exist in a shorter distance than within a range is known (see Non-Patent Documents 3 and 4). If a plurality of terminals exist at extremely close distances, it is possible to guarantee that the same person possesses the plurality of terminals.

"Safeband: Ultimate Security System.Bracelet & Tags", [Online], Indiegogo, [Search March 24, 2017], Internet <URL: https://www.indiegogo.com/projects/1267504> "Nymi | Convenient Authentication Anywhere.", [Online], [Search March 24, 2017], Internet <URL: https://nymi.com/> "The 267th Bluetooth Device to Manage Absence: Ubuntu Weekly Recipe,", [Online], March 27, 2013, Gijutsu-Hyoronsha, [Search March 24, 2017], Internet <URL: http: / /gihyo.jp/admin/serial/01/ubuntu-recipe/0267 ＞ Yuki Nishida, Keihiro Kawahara, Toru Asami, "B-15-6 Examination of Passenger Detection Method in the Same Train Using Accelerometer (B-15. Mobile Multimedia Communication, General Session)", Institute of Electronics, Information and Communication Engineers Proceedings of the Society Conference, vol.2011, no.1, Aug.2011, p.520

However, the conventional technique has a problem that a plurality of terminals owned by the same person at the same time cannot be authenticated with high accuracy. For example, the estimation of the distance between terminals using the radio field strength of Bluetooth or WiFi (registered trademark) has low accuracy and is unstable in time. Further, when comparing and collating acceleration sensor values and the like between a plurality of terminals, it is necessary to synchronize the time with high accuracy.

Moreover, the time stamp by the built-in clock of each device is not sufficiently stable and accurate. Therefore, even if the time is synchronized by exchanging the built-in clock time stamps between the devices, errors are accumulated and the accuracy of the calculated time difference is further lowered. Therefore, by any of the prior arts, it is not guaranteed that the operator of the smartphone and the wearer of the wearable terminal are the same person.

The present invention has been made in view of the above, and an object of the present invention is to authenticate a plurality of terminals possessed by the same person at the same time with high accuracy without imposing a burden on the user.

In order to solve the above-mentioned problems and achieve the object, the authentication system according to the present invention is an authentication system having a plurality of terminals and an authentication device, and each terminal measures the acceleration of its own terminal. A sensor, a storage unit that stores information of another terminal capable of close communication, and a predetermined signal transmitted / received to and received from the other terminal that is in close communication are detected, and the detection time of the signal is determined by the authentication device. Notification unit that notifies the authentication device, a transmission unit that transmits the measured time-series signal of the acceleration to the authentication device, and notification from the authentication device that the same person possesses the other terminal and the own terminal. When this is done, the authentication device includes an authentication unit that enables the other terminal and the own terminal to be used, and the authentication device uses the detection time of the signal notified from each of the plurality of terminals to each terminal. It is derived from the physical activity extracted from the acceleration by acquiring the time series signal of the acceleration of each of the plurality of terminals and the calculation unit for calculating the time difference of the clock built in the device to reflect the time difference. When the degree of similarity between the terminals of the time-series change of the acceleration component is higher than a predetermined threshold value, it is determined that the same person possesses both corresponding terminals, and the determination unit notifies the two terminals. It is characterized by having.

According to the present invention, it is possible to authenticate a plurality of terminals possessed by the same person at the same time with high accuracy without imposing a burden on the user.

FIG. 1 is a schematic diagram showing a schematic configuration of an authentication system according to an embodiment of the present invention. FIG. 2 is an explanatory diagram for explaining a processing outline of the authentication system of the present embodiment. FIG. 3 is an explanatory diagram for explaining the processing of the calculation unit. FIG. 4 is an explanatory diagram for explaining the processing of the calculation unit. FIG. 5 is an explanatory diagram for explaining the processing of the determination unit. FIG. 6 is an explanatory diagram for explaining the processing of the determination unit. FIG. 7 is a sequence diagram showing the authentication processing procedure of the present embodiment. FIG. 8 is a diagram illustrating a computer that executes an authentication program.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings. The present invention is not limited to this embodiment. Further, in the description of the drawings, the same parts are indicated by the same reference numerals.

[Authentication system configuration]
First, the schematic configuration of the authentication system according to the present embodiment will be described with reference to FIG. As illustrated in FIG. 1, the authentication system 1 according to the present embodiment includes a plurality of terminals 10 such as a smartphone and a wearable terminal, and an authentication device 20.

FIG. 2 is an explanatory diagram for explaining the processing outline of the authentication system 1. In the authentication system 1, each terminal 10 has a proximity communication function such as a BLE (Bluetooth Low Energy) function. Then, as shown in FIG. 2A, each terminal 10 transmits the RSSI (Received Signal Strength Indication) value of the BLE of the other terminal registered in advance to the authentication device 20. The authentication device 20 determines the proximity of both terminals 10 using the RSSI value. Both terminals 10 whose proximity has been determined transmit the detection time of a predetermined signal sound transmitted / received to each other to the authentication device 20. The authentication device 20 calculates the time difference of the clock built in each terminal 10 by using the detection time of the predetermined signal transmitted / received by both the determined terminals 10.

Next, as shown in FIG. 2B, the authentication device 20 synchronizes the time series signal of the acceleration acquired from each terminal 10 by reflecting the calculated time difference of the built-in clock of each terminal 10. And contrast, and determine whether or not the same person possesses it. The terminal 10 which is determined to be possessed by the same person as the authenticated terminal 10 which has been unlocked by the normal authentication earlier executes the possession authentication which unlocks and makes it usable.

[Terminal configuration]
Returning to the description of FIG. The terminal 10 is realized by a smartphone or a wearable terminal, and includes an input / output unit 11, a proximity communication function unit 12, a communication control unit 13, a storage unit 14, a control unit 15, an acceleration sensor 16, and a signal transmission / reception unit 17.

The input / output unit 11 is realized by a touch panel or the like, and various instruction information is input to the control unit 15 in response to an input operation by the operator, and the result of the authentication process described later is sent to the operator. Output. The communication control unit 13 is realized by a NIC (Network Interface Card) or the like, and controls communication between an external device such as an authentication device 20 via a telecommunication line such as a LAN (Local Area Network) or the Internet and a control unit 15. To do.

The storage unit 14 is realized by a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory (Flash Memory), or a storage device such as an optical disk. In the present embodiment, the pairing terminal information 14a is stored in the storage unit 14. The pairing terminal information 14a represents information of another terminal capable of proximity communication such as BLE. For example, the pairing terminal information 14a includes the name and ID (IDentifier) of the own terminal, the name and ID of a terminal that can be a partner of the proximity communication connection, and the like, and is registered in advance. Hereinafter, the own terminal is also referred to as S, and the other terminal of the proximity communication connection is also referred to as W.

The proximity communication function unit 12 connects terminals 10 within the communication range of proximity communication such as BLE to each other so that information can be communicated with each other by the proximity communication.

The acceleration sensor 16 measures the acceleration of the own terminal 10. For example, the acceleration sensor 16 calculates the acceleration of the own terminal 10 by detecting a change in the position of the own terminal 10. The signal transmission / reception unit 17 outputs or detects a predetermined signal described later. For example, the signal transmission / reception unit 17 includes a voice acquisition unit capable of highly accurate and evenly spaced sampling realized by a microphone, an A / D converter, or the like.

The control unit 15 serves as a notification unit 15a, a transmission unit 15b, and an authentication unit 15c as illustrated in FIG. 1 by executing a processing program stored in a memory by an arithmetic processing unit such as a CPU (Central Processing Unit). Function.

The notification unit 15a detects a predetermined signal transmitted and received to and from another terminal 10 in close communication, and notifies the authentication device 20 of the detection time of the signal. Specifically, when the notification unit 15a receives a proximity communication signal such as BLE of another terminal 10 registered in the pairing terminal information 14a, the notification unit 15a authenticates the RSSI value of the other terminal 10 (W). Send to 20. Further, when the authentication device 20 notifies that the distance between the other terminal 10 (W) estimated using the RSSI value is small and it is determined that both terminals 10 are close to each other, the notification unit 15a is notified. Generates a predetermined signal and instructs the signal transmission / reception unit 17 to start reproduction and detection.

Here, the predetermined signal is, for example, a signal sound in which a predetermined value is set in parameters such as frequency and intensity. The same parameters are set for the terminals 10 that communicate with each other in close proximity, and the signal is identified by the signal ID. The predetermined parameters may be set by the terminal 10 or may be set by the authentication device 20. Specifically, the frequency is set to a value that is not confused with the signal sound transmitted and received by other terminals in the vicinity that are not registered in the pairing terminal information 14a. A random value may be set for the frequency. Moreover, you may combine a plurality of frequencies. Even in a high noise environment, it can be easily detected separately from the environmental sound. Alternatively, if the audio signal processing capability of the terminal 10 is sufficiently high, the frequency of the environmental sound may be analyzed in advance to set a frequency at which the received terminal 10 can be easily separated from the environmental sound.

Further, as will be described later, the distance between the terminals 10 is estimated using the signal sounds transmitted and received here, and the time difference of the clock built in each terminal 10 is calculated. Therefore, it is desirable that the signal sound has a frequency that is inaudible to the user. Alternatively, when the signal sound may be conscious of the user, for example, a frequency slightly higher than the environmental sound may be set so as to make it difficult to hear by applying frequency masking.

The signal sound intensity is set to the minimum intensity so as not to be buried in the environmental sound by using the voice data acquired after starting the transmission / reception of the signal sound. Further, the signal transmitted and received here is not limited to the sound wave propagating in the air. For example, it may be a sound wave propagating in the same solid that both terminals 10 are in contact with, or an electromagnetic wave such as a radio wave or light.

The notification unit 15a first notifies the other terminal 10 (W) of the reproduction of the signal sound, and immediately instructs the signal transmission / reception unit 17 to start the reproduction of the signal sound.

Further, the notification unit 15a estimates the distance to the partner terminal 10 (W) using the reception intensity of the signal sound, and when the estimated distance is equal to or less than a predetermined threshold value, the notification unit 15a authenticates the detection time of the signal. Notify device 20. Here, the condition that the distance estimated using the reception intensity is equal to or less than a predetermined threshold value can be replaced with the condition that the reception intensity is equal to or more than a predetermined threshold value.

Therefore, for example, when the signal transmission / reception unit 17 detects a signal sound having a predetermined reception strength or higher in a predetermined time range with reference to the transmission time, that is, the playback start time, the notification unit 15a first detects the detection time. Is notified to the authentication device 20. The authentication device 20 is notified of the detection time of the signal sound reproduced by the own terminal 10 (S) and the detection time of the signal sound reproduced by the other terminal 10 (W).

Further, when the notification unit 15b of the remote terminal 10 (W) detects a signal sound having a predetermined reception strength or higher within a predetermined time range with reference to the time when the notification of signal sound reproduction is received, the signal transmission / reception unit 17 detects it. The authentication device 20 is notified of the first detected detection time.

The notification unit 15a may notify the authentication device 20 of the reception strength of the signal sound together with the detection time. In that case, the notification unit 15a may notify the authentication device 20 of the signal detection time regardless of the signal reception strength without estimating the distance to the other terminal 10 (W).

The transmission unit 15b transmits a time-series signal of the measured acceleration to the authentication device 20. Specifically, the transmission unit 15b transmits the time-series signal of the acceleration of the own terminal 10 measured by the acceleration sensor 16 to the authentication device 20 via the communication control unit (13, 23).

When the authentication device 20 notifies that the same person possesses the other party terminal 10 (W) and the own terminal 10 (S) by the authentication process described later, the authentication unit 15c causes the other party terminal 10 (W). W) and own terminal 10 (S) can be used.

Specifically, when the other terminal 10 (W) is first unlocked by normal authentication, the authentication unit 15c notifies itself that both terminals 10 are possessed by the same person. A process of unlocking the terminal 10 (S) to enable it, that is, possession authentication is executed. Further, when the own terminal (S) has been authenticated, the possession authentication of the other terminal 10 (W) notified that the same person as the own terminal (S) is possessed is instructed by using proximity communication. To do. It is sufficient that the authentication unit 15c is provided by at least one of the plurality of terminals 10.

[Authentication device configuration]
As shown in FIG. 1, the authentication device 20 according to the present embodiment is realized by a general-purpose computer such as a workstation or a personal computer, and has an input unit 21, an output unit 22, a communication control unit 23, a storage unit 24, and a control unit. 25 and.

The input unit 21 is realized by using an input device such as a keyboard or a mouse, and inputs various instruction information to the control unit 25 in response to an input operation by the operator. The output unit 22 is realized by a display device such as a liquid crystal display, a printing device such as a printer, an information communication device, and the like, and outputs the result of an authentication process described later to the operator.

The communication control unit 23 is realized by a NIC or the like, and controls communication between an external device such as a terminal 10 and the control unit 25 via a telecommunication line such as a LAN or the Internet.

The storage unit 24 is realized by a semiconductor memory element such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 24 stores in advance a processing program that operates the authentication device 20, data used during execution of the processing program, and the like, or temporarily stores each time the processing is performed. The storage unit 24 may be configured to communicate with the control unit 25 via the communication control unit 23. In the present embodiment, the storage unit 24 stores the terminal management information 24a that aggregates the pairing terminal information 14a stored in each terminal 10.

The control unit 25 functions as a calculation unit 25a and a determination unit 25b as illustrated in FIG. 1 by executing a processing program stored in a memory by an arithmetic processing unit such as a CPU.

The calculation unit 25a calculates the time difference of the clock built in each terminal 10 by using the detection time of the signal notified from each of the terminals 10. Specifically, the calculation unit 25a first estimates the distance between the terminals 10 by using the RSSI value of BLE notified from each of the pre-registered terminals 10 within the communication range of the proximity communication. The proximity is determined and the determination result is notified to both terminals 10. For example, the distance between the terminals 10 is estimated in several stages such as out of communication range, close communication possible distance, close distance, etc., and in the case of close distance, it is determined that both terminals 10 are close to each other, and both terminals 10 are notified. ..

The calculation unit 25a further refers to the terminal management information 24a of the storage unit 24, and when the third terminal 10 registered in advance is close to both of the above terminals 10, the third terminal 10 The distance between both terminals 10 may be estimated using the RSSI values of both terminals 10 observed by the terminal 10.

Next, the calculation unit 25a calculates the time difference of the built-in clock of each terminal 10 by using the detection time of the signal notified from each of the plurality of terminals 10 determined to be close to each other.

When the terminal 10 notifies the reception strength of the signal, the calculation unit 25a estimates the distance between the terminal 10 and another terminal 10 in close communication using the reception strength of the notified signal. In that case, if the estimated distance is equal to or less than a predetermined threshold value, the calculation unit 25a uses the detection time of the signal notified from each of the plurality of terminals 10 to set the time of the clock built in each terminal 10. The difference is calculated, and the process described later is continued. Further, instead of the condition that the distance estimated using the reception intensity is equal to or less than a predetermined threshold value, the condition that the reception intensity is equal to or more than a predetermined threshold value may be used.

Here, FIG. 3 is an explanatory diagram for explaining the processing of the calculation unit 25a. As described below, the calculation unit 25a uses various detection times for the same signal ID shown in FIG. 3 notified from the terminals 10 (S) and the terminals 10 (W) between the terminals 10. Calculate the time difference of the built-in clock. Here, the time stamp by the built-in clock of each terminal 10 is not sufficiently stable and accurate. Therefore, using a voice acquisition means built in each terminal 10 capable of sampling at equal intervals with high accuracy, the terminal 10 is based on the relative time of the signal sound detection event that occurs in one recording for each terminal 10. Calculate the time difference between the built-in clocks.

That is, the various detection times shown in FIG. 3 are the times (recording times) on the time axis of the recorded data acquired and recorded with high accuracy at equal intervals by the voice acquisition means built in each terminal 10. expressed. Further, the calculated time difference has a direction such as a time difference from the terminal S to the terminal W.

In the example shown in FIG. 3, the following equation (1) holds.

Therefore, delay delta _SW recording time of the terminal 10 (S) for recording the time of the terminal 10 (W) is calculated by the following equation (2).

Here, since the processing of the calculation unit 25a is executed in a sufficiently short time, the physical distance between the two terminals 10 moved by a person hardly changes, and the environment does not change significantly. Therefore, the sound transmission time between terminals can be regarded as tt ₁ = tt ₂ . In that case the delta _SW is expressed by the following equation (3).

Therefore, the delay tsΔ _SW of the built-in clock of the terminal 10 (S) with respect to the built-in clock of the terminal 10 (W) uses the Δ _SW and the built-in clock time stamps (ts0 _S , ts0 _W ) of the recording start time at each terminal 10. Therefore, it is calculated by the following equation (4). That is, the tsΔ _SW describes the detection times of the signal sound 1 and the signal sound 2 in the terminal 10 (S) and the terminal for the signal sound 1 reproduced by the terminal 10 (S) and the signal sound 2 reproduced by the terminal 10 (W). It is calculated using the detection time of the signal sound 1 and the signal sound 2 at 10 (W).

When there are three or more terminals 10, the calculation unit 25a calculates the time difference of the built-in clock between the terminals 10 for each pair of two terminals, as described below. FIG. 4 is an explanatory diagram for explaining the processing of the calculation unit 25a. In the example shown in FIG. 4, regarding the internal clocks of the three terminals A, B, and C, the internal clock of the terminal B is delayed by 3 units from the internal clock of the terminal A, and the internal clock of the terminal B is behind. , The built-in clock of terminal C is delayed by 4 units.

Here, for example, regarding the time difference between the built-in clocks of the terminal A and the terminal B, between the calculation result δ _AB = 2.9 calculated by the above equation (1) and the actual value Δ _AB = 3 measured. Includes an error. When there are two terminals 10, since there is one pair, only one calculation result is derived as an estimated value including an error. On the other hand, when there are three terminals A, B, and C, the calculation unit 25a adds the calculation result of the time difference of each of the built-in clocks of the three pairs, as shown in the following equation (5), for example. It is possible to calculate the time difference of the built-in clock between the terminals AB via the terminal C as in the case of A-CB.

The permutation of terminals such as ACB is referred to as a route, the number obtained by subtracting 1 from the number of terminals on the route is referred to as a route length, and the terminal in the middle of the route such as C is referred to as a relay point. For example, when there are four or more terminals, for example, the route length of the route ACDB is 3, the relay points are C and D, the route length of the route ACDEFB is 5, and the relay points are C, D, E, and F. Is.

When calculating the time difference of the built-in clock between terminals AB via terminal C, δ _ACB is calculated using the two calculation results of δ _CA and δ _BC , so an error of up to 2 times is added. There is a possibility that Therefore, the calculation unit 25a may calculate the time difference between the terminals AB by performing weighted averaging processing in consideration of an error, as shown in the following equation (6).

Similarly, calculation unit 25a, the terminal 10 of the N number, a time difference of the internal clock between the terminal T ₁ and the terminal T _2, as shown in the following equation (7), by performing the weighted average processing It may be calculated.

Further, the calculation unit 25a is simplified as shown in the following equation (8) by limiting the maximum value m <N-1 of the path length used for the calculation when the number of terminals N becomes large. The time difference of the built-in clock between the terminal T ₁ and the terminal T ₂ may be calculated.

Returning to the description of FIG. The determination unit 25b acquires the time-series signals of the accelerations of the plurality of terminals 10 to reflect the time difference of the built-in clock, and the time-series changes of the acceleration components derived from the physical activity extracted from the accelerations between the terminals. When the degree of similarity in is higher than a predetermined threshold value, it is determined that the same person possesses both corresponding terminals, and both terminals are notified.

Specifically, the determination unit 25b acquires time-series signals of the accelerations of the plurality of terminals 10. That is, the determination unit 25b acquires a time-series signal of acceleration transmitted from the transmission unit 15a of each terminal 10 via the communication control unit (13, 23).

Further, the determination unit 25b reflects the time difference of the built-in clock between the terminals 10 calculated by the calculation unit 25a in the acquired acceleration time series signal. Here, FIG. 5 is an explanatory diagram for explaining the processing of the determination unit 25b. As described above, and as shown in FIG. 5, the difference between the detection time of the signal sound reproduction terminal and the detection time of the other terminal is the time difference Δ of the built-in clock and the signal sound transmission time tt between the terminals 10. It is expressed using and. Therefore, the determination unit 25b synchronizes the acceleration times of both terminals 10 by using the time difference Δ of the built-in clock calculated by the calculation unit 25a.

Next, the determination unit 25b extracts acceleration components derived from human physical activity from each of the time-series signals of acceleration synchronized with time. Here, the acquired time-series signal of the acceleration of each terminal 10 includes an acceleration component derived from an external environment such as a vehicle and an acceleration component derived from human physical activity.

In vehicles such as elevators and trains, acceleration / deceleration is controlled electronically, so the time-series signals of acceleration show changes different from those caused by walking or the like controlled by the human musculoskeletal system. That is, in electronic acceleration / deceleration control in a vehicle or the like, in many cases, in order to reduce passenger discomfort, it is ideally designed to draw a gentle sinusoidal curve. Therefore, by using an index such as jerk, that is, a change in the differential value of acceleration, as the feature quantity, it is possible to discriminate between the acceleration component derived from the external environment and the acceleration component derived from human physical activity.

Specifically, when comparing the frequency components obtained by the power spectrum analysis, the acceleration components derived from the external environment are distributed in the low frequency components such as acceleration / deceleration of the vehicle and the high frequency components such as vibration noise. On the other hand, the acceleration component derived from human physical activity is distributed in the frequency band of about 0.25 to 2.5 hertz. Therefore, by designing a filter that excludes the low frequency band and the high frequency band of the acceleration component derived from the external environment, it is possible to extract the acceleration component derived from the human physical activity.

Therefore, for example, the determination unit 25b compares the frequency components by power spectrum analysis and performs signal processing by filters such as HF (High-pass Filter), LF (Low-pass Filter), and BF (Band-pass Filter). Then, the acceleration component derived from the human physical activity is extracted.

Further, for example, the noise caused by the falling or contact of the terminal 10 is larger than the acceleration component derived from the physical activity. On the other hand, the acceleration component of a vehicle or the like, such as raising and lowering an elevator, is controlled to take a small value so as not to cause discomfort to passengers. Therefore, the determination unit 25b can discriminate between the acceleration component derived from the human physical activity and the acceleration component derived from the external environment by using a predetermined threshold value.

Further, in order to collect an action log, a technique for determining an action state such as posture, walking, running, climbing stairs, and running a bicycle by using an acceleration obtained from an accelerometer worn or carried on the body is disclosed. .. Therefore, the determination unit 25b can also apply this technique to extract an acceleration component derived from human physical activity.

The determination unit 25b compares the time-series changes of the acceleration components derived from the physical activity extracted from each terminal 10 and derives the degree of similarity between the terminals 10. When the degree of similarity between the terminals 10 is higher than a predetermined threshold value, the determination unit 25b determines that the same person possesses both the corresponding terminals 10 and notifies the two terminals 10.

FIG. 6 is an explanatory diagram for explaining the processing of the determination unit 25b. As shown in FIG. 6, the determination unit 25b calculates, for example, the correlation coefficient with the time-series change of the acceleration component derived from the physical activity of the terminal 10 (S) and the terminal 10 (W), and matches the signals. Derivation of sex. Alternatively, the determination unit 25b frequency-converts both signals to derive the consistency of the power spectrum.

Here, when the same person possesses a plurality of terminals 10, the acceleration components derived from human physical activity are similar in the time domain and the frequency domain. For example, the periods in which peaks appear in the time domain match, or the peak positions match in the frequency domain.

Specifically, the acceleration applied to each terminal 10 possessed by the same person as walking is considered. When the transition from the swing phase to the stance phase of walking is performed, acceleration due to the impact of ground contact is applied to the terminal 10 such as a wearable terminal worn on the wrist and the terminal 10 such as a smartphone placed in the pocket. Since the acceleration applied here propagates from the lower limbs, the time-series change of the acceleration for each step is always delayed at the wrist terminal 10 than at the pocket terminal 10. Therefore, for example, the determination unit 25b analyzes the appearance timing of the positive and negative peaks of the acceleration time series signal, and if the degree of coincidence, that is, the degree of similarity of the periods in which the peaks appear is higher than a predetermined threshold value, the same person possesses it. It can be determined that it is.

The determination unit 25b notifies both terminals 10 determined to be possessed by the same person of the determination result together with information such as the name and ID of the other terminal.

On the other hand, when each terminal 10 is possessed by a different person, the acceleration applied to each terminal 10 is different, so that there is no similarity in the appearance timing of the peaks. In that case, the determination unit 25b cannot determine that the same person possesses it. Also in this case, the determination unit 25b notifies both terminals 10 that are determined not to be possessed by the same person of the determination result together with information such as the name and ID of the other terminal. Each terminal 10 that has received the notification can be unlocked and used by the user by performing normal biometric authentication, password authentication, passcode authentication, pattern authentication, or the like instead of the above-mentioned possession authentication. ..

If the time-series signal of the received acceleration contains only the acceleration component derived from the external environment and the acceleration component derived from the human physical activity is not extracted, the determination unit 25b does not need to perform any processing. Good.

[Authentication process]
Next, the authentication process in the authentication system 1 will be described with reference to FIG. 7. The sequence of FIG. 7 is started, for example, at the timing when the user possesses a plurality of terminals 10 including the authenticated terminal and starts an operation such as walking.

When each terminal 10 receives a proximity communication signal such as BLE of the terminal 10 registered in the pairing terminal information 14a, each terminal 10 transmits the RSSI value of the other terminal 10 (W) to the authentication device 20 (step S1). ). The authentication device 20 estimates the distance to the partner terminal 10 (W) using the RSSI value, and determines the proximity. When it is determined that the distance between the terminals 10 is small and close to each other, both terminals 10 are notified (step S2).

Both terminals 10 that have been notified start the sensing process described below (step S3). First, the terminal 10 determines the signal sound ID and the parameter of the signal sound to be transmitted and received to each other, and notifies each other (step S4). In addition, each terminal 10 notifies the other terminal 10 (W) of the reproduction of the signal sound (step S5), and immediately starts the reproduction of the signal sound (step S6). Further, each terminal 10 detects the signal sound reproduced by the own terminal 10 (S) and the signal sound reproduced by the other terminal 10 (W) (step S7), and notifies the authentication device 20 of the detection time (step S7). Step S8). The authentication device 20 calculates the difference in the time of the clock built in each terminal 10 by using the detection time of the signal notified from each terminal 10 (step S9).

Each terminal 10 transmits a time-series signal of the measured acceleration to the authentication device 20 (step S10), and ends a series of sensing processes (step S11). The authentication device 20 reflects the time difference of the built-in clock on the time-series signal of the acceleration of each terminal 10 and collates it, and the time-series change of the acceleration component derived from the physical activity extracted from the acceleration is performed between the terminals 10. The degree of similarity is calculated (step S12). When the degree of similarity is higher than a predetermined threshold value, the authentication device 20 determines that the same person possesses both the corresponding terminals 10 and notifies both terminals 10. In that case, each terminal 10, own terminal 10 (S), and partner terminal 10 (W) can be used. That is, when the other terminal 10 (W) is first unlocked by normal authentication, possession authentication is executed to unlock the own terminal 10 (S) so that it can be used. If the own terminal 10 (S) has already been authenticated, the possession authentication of the other terminal 10 (S) is instructed. As a result, a series of authentication processes are completed.

As described above, in the authentication system 1 of the present embodiment, in each terminal 10, the notification unit 15a mutually sends and receives to and from other terminals stored in the pairing terminal information 14a that is in close communication. Is detected, and the detection time of the signal is notified to the authentication device 20. Further, the transmission unit 15b transmits a time-series signal of the acceleration of the own terminal 10 measured by the acceleration sensor 16 to the authentication device 20. Further, when the authentication unit 15c is notified by the authentication device 20 that the other terminal 10 and the own terminal 10 are possessed by the same person, the other terminal 10 and the own terminal 10 can be used. ..

In the authentication device 20, the calculation unit 25a calculates the time difference of the clock built in each terminal 10 by using the detection time of the signal notified from each of the plurality of terminals 10. Further, the determination unit 25b acquires the time-series signals of the accelerations of the plurality of terminals 10 to reflect the time difference of the built-in clock, and each of the time-series changes of the acceleration components derived from the physical activity extracted from the accelerations. When the degree of similarity between the terminals 10 is higher than a predetermined threshold value, it is determined that the same person possesses both the corresponding terminals 10, and the two terminals 10 are notified.

As a result, for example, when the same user possesses the authenticated smartphone 10 and the wearable terminal 10 which has been paired and registered in advance, the wearable terminal 10 can be used without authentication by biometric authentication or the like. it can. Further, an attacker different from a legitimate user who possesses the wearable terminal 10 cannot operate the authenticated smartphone 10 to illegally use the wearable terminal 10. As described above, according to the authentication process of the authentication system 1 of the present embodiment, a plurality of terminals 10 possessed by the same person at the same time are authenticated with high accuracy without imposing a burden on the user, and the authentication is performed by using another person. The security threat of unlocking can be mitigated.

Further, the notification unit 15a of the terminal 10 detects a predetermined signal transmitted and received to and from the partner terminal 10 (W) in close communication, and uses the reception strength of the signal to communicate with the partner terminal 10 (W). The distance between them may be estimated, and when the distance is equal to or less than a predetermined threshold value, the detection time of the signal may be notified to the authentication device 20. As a result, the proximity of both terminals 10 can be determined with high accuracy.

Alternatively, the notification unit 15a of the terminal 10 may further notify the authentication device 20 of the signal reception strength. In that case, the calculation unit 25a of the authentication device 20 further estimates the distance to the partner terminal 10 (W) in close communication using the reception strength of the signal notified from the terminal 10, and the distance. When is equal to or less than a predetermined threshold value, the difference in the time of the clock built in each terminal is calculated by using the detection time of the signal notified from each of the plurality of terminals 10, and the subsequent processing is continued. As a result, the proximity of both terminals 10 can be determined with high accuracy.

The processing of the determination unit 25b of the authentication device 20 is not limited to the processing using acceleration. Instead of or in addition to acceleration, external environment information such as temperature, humidity, or light intensity, movement information such as GPS log or WiFi log, distance information using Bluetooth Proxicity profile, etc. may be used. Good.

[program]
It is also possible to create a program in which the processing executed by the terminal 10 and the authentication device 20 of the authentication system 1 according to the above embodiment is described in a language that can be executed by a computer. In one embodiment, the terminal 10 and the authentication device 20 can be implemented by installing an authentication program that executes the above authentication process as package software or online software on a desired computer. For example, by causing the information processing device to execute the above authentication program, the information processing device can function as the terminal 10 or the authentication device 20. The information processing device referred to here includes a desktop type or notebook type personal computer. In addition, the information processing device includes smartphones, mobile communication terminals such as mobile phones and PHS (Personal Handyphone System), and slate terminals such as PDAs (Personal Digital Assistants). Further, the authentication device 20 may be implemented as a cloud that provides the above-mentioned service related to the authentication process by outsourcing. Further, the function of the authentication device 20 may be included in any of the terminals 10. An example of a computer that executes an authentication program that realizes the same functions as the terminal 10 and the authentication device 20 will be described below.

As shown in FIG. 8, the computer 1000 that executes the authentication program includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface. It has 1070 and. Each of these parts is connected by a bus 1080.

The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores, for example, a boot program such as a BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1031. The disk drive interface 1040 is connected to the disk drive 1041. A removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041. For example, a mouse 1051 and a keyboard 1052 are connected to the serial port interface 1050. For example, a display 1061 is connected to the video adapter 1060.

Here, as shown in FIG. 8, the hard disk drive 1031 stores, for example, the OS 1091, the application program 1092, the program module 1093, and the program data 1094. Each of the data described in the above embodiment is stored in, for example, the hard disk drive 1031 or the memory 1010.

Further, the authentication program is stored in the hard disk drive 1031 as, for example, a program module 1093 in which a command executed by the computer 1000 is described. Specifically, the program module 1093 in which each process executed by the authentication device 20 described in the above embodiment is described is stored in the hard disk drive 1031.

Further, the data used for information processing by the authentication program is stored as program data 1094 in, for example, the hard disk drive 1031. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the hard disk drive 1031 into the RAM 1012 as needed, and executes each of the above-described procedures.

The program module 1093 and program data 1094 related to the authentication program are not limited to the case where they are stored in the hard disk drive 1031. For example, they are stored in a removable storage medium and read by the CPU 1020 via the disk drive 1041 or the like. May be done. Alternatively, the program module 1093 and the program data 1094 related to the authentication program are stored in another computer connected via a network such as a LAN or WAN (Wide Area Network), and read by the CPU 1020 via the network interface 1070. You may.

Although the embodiment to which the invention made by the present inventor is applied has been described above, the present invention is not limited by the description and the drawings which form a part of the disclosure of the present invention according to the present embodiment. That is, all other embodiments, examples, operational techniques, and the like made by those skilled in the art based on the present embodiment are included in the category of the present invention.

1 Authentication system 10 Terminal 11 Input / output unit 12 Proximity communication function unit 13 Communication control unit 14 Storage unit 14a Pairing terminal information 15 Control unit 15a Notification unit 15b Transmission unit 15c Authentication unit 16 Acceleration sensor 17 Signal transmission / reception unit 20 Authentication device 21 Input Unit 22 Output unit 23 Communication control unit 24 Storage unit 24a Terminal management information 25 Control unit 25a Calculation unit 25b Judgment unit

Claims (5)

An authentication system having a plurality of terminals and an authentication device.
Each terminal
An acceleration sensor that measures the acceleration of your terminal,
A storage unit that stores information from other terminals capable of close communication,
A notification unit that detects a predetermined signal transmitted and received to and from the other terminal that is in close proximity communication and notifies the authentication device of the detection time represented by the time of the clock built in the terminal of the signal.
A transmitter that transmits the measured time-series signal of the acceleration to the authentication device,
When the authentication device notifies that the other terminal and the own terminal are possessed by the same person, the authentication device includes an authentication unit that enables the other terminal and the own terminal to be used.
The authentication device is
A calculation unit that calculates the time difference of the clock built in each terminal by using the difference in the detection time of the same signal notified from each of the plurality of terminals.
The time-series signals of the accelerations of the plurality of terminals are acquired to reflect the time difference, and the degree of similarity between the terminals for the time-series change of the acceleration component derived from the physical activity extracted from the acceleration is determined. An authentication system including a determination unit that determines that the same person possesses both corresponding terminals and notifies both terminals when the threshold value is higher than the threshold value of. The notification unit of the terminal detects a predetermined signal transmitted and received to and from the other terminal in close communication, and estimates the distance to and from the other terminal using the reception strength of the signal. The authentication system according to claim 1, wherein when the distance is equal to or less than a predetermined threshold value, the detection time of the signal is notified to the authentication device. The notification unit of the terminal further notifies the authentication device of the reception strength of the signal.
The calculation unit of the authentication device further estimates a distance from the other terminal in close communication using the reception strength of the signal notified from the terminal, and the distance is a predetermined threshold value. The authentication according to claim 1, wherein in the following cases, the difference in time of the clock built in each terminal is calculated by using the detection time of the signal notified from each of the plurality of terminals. system. An authentication method executed by an authentication system having a plurality of terminals and an authentication device.
A clock built in a terminal that detects a predetermined signal that is transmitted and received to and from another terminal of a storage unit that stores information of another terminal that is in close communication and is capable of close communication . A notification process for notifying the authentication device of the detection time represented by the time, and
A calculation step of calculating the time difference of the clock built in each terminal by using the difference of the detection time of the same signal notified from each of the plurality of terminals in the authentication device.
A transmission step of transmitting a time-series signal of acceleration measured by an acceleration sensor that measures the acceleration of the own terminal to the authentication device at each terminal.
In the authentication device, the time-series signals of the accelerations of the plurality of terminals are acquired to reflect the time difference, and the time-series changes of the acceleration components derived from the physical activity extracted from the accelerations are performed between the terminals. When the degree of similarity is higher than a predetermined threshold, it is determined that the same person possesses both corresponding terminals, and the determination step of notifying the two terminals.
In each terminal, when the authentication device notifies that the other terminal and the own terminal are possessed by the same person, the authentication process for enabling the other terminal and the own terminal, and
An authentication method characterized by including. An authentication program that causes a computer to execute an authentication method executed by an authentication system having a plurality of terminals and an authentication device.
To the computer as the terminal
Detects a predetermined signal sent and received to and from another terminal of the storage unit that stores information of another terminal that is in close proximity communication and is capable of close communication, and displays the time of the clock built in the terminal of the signal. A notification step that notifies the authentication device of the detected detection time, and
A transmission step of transmitting a time-series signal of acceleration measured by an acceleration sensor that measures the acceleration of the own terminal to the authentication device at each terminal.
In each terminal, when the authentication device notifies that the other terminal and the own terminal are possessed by the same person, the authentication step for enabling the other terminal and the own terminal is executed. Let me
To the computer as the authentication device
A calculation step of calculating the time difference of the clock built in each terminal by using the difference of the detection time of the same signal notified from each of the plurality of terminals, and a calculation step.
In the authentication device, the time-series signals of the accelerations of the plurality of terminals are acquired to reflect the time difference, and the time-series changes of the acceleration components derived from the physical activity extracted from the accelerations are performed between the terminals. When the degree of similarity between the two terminals is higher than a predetermined threshold value, it is determined that the same person possesses both terminals, and a determination step of notifying the two terminals is executed.

Images