JP6934442B2 - Management server, authentication method, computer program and service cooperation system - Google Patents

Description

The present invention, management server, directed to the authentication method, computer program and service integration system.

Conventionally, when a user operates a communication terminal, a one-time code (“token” in Reference 1) used for service authentication is received from a server, and a plurality of linked services are used using the received one-time code. A service cooperation system using the above has been proposed (see, for example, Patent Document 1).

Japanese Unexamined Patent Publication No. 2016-128966

However, in the conventional technology, it is necessary to issue a one-time code for each user. Therefore, when the number of users is very large, the one-time code issuance and management costs increase, which causes a problem that the load on the server increases.

In view of the above circumstances, an object of the present invention is to provide a technique capable of reducing the load on the server in the service cooperation system.

One aspect of the present invention is a management server that links a plurality of services, and identifies the first one-time code shared and used by a plurality of users who use the plurality of services and the user. A one-time code generator that generates a second one-time code used for authenticating a device control service based on the identification information for the device, and a plurality of the generated second one-time codes. Is transmitted to the communication terminal of the user who uses the service, and receives the second one-time code from the device related to the device control service, and is received from the device related to the device control service. The management server includes the second one-time code and an authentication unit that authenticates based on the second one-time code generated by the one-time code generation unit.

One aspect of the present invention is the management server, wherein the one-time code generation unit combines the identification information at an arbitrary position of the first one-time code to perform the second one-time. Generate code.

One aspect of the present invention is the management server, in which the communication unit transmits the request to the authentication server when a request for using the plurality of services is made from the communication terminal, and the request is made. Upon receiving the authentication result from the authentication server, the one-time code generation unit generates the second one-time code when the authentication result received from the authentication server indicates that the authentication has been performed.

One aspect of the present invention is the management server, and the communication unit uses an authentication cooperation protocol to contact the authentication server when a request for using the plurality of services is made from the communication terminal. On the other hand, the authentication of the communication terminal is requested.

One aspect of the present invention is the management server, further including an encryption unit that encrypts the second one-time code, and the communication unit is encrypted by the encryption unit. The one-time code of is transmitted to the communication terminal.

One aspect of the present invention is the management server, in which the communication unit receives the second one-time code encrypted by the encryption unit from a device related to the device control service. , Further includes a decoding unit that decodes the received second one-time code.

One aspect of the present invention is an authentication method performed by a management server that links a plurality of services, the first one-time code shared and used by a plurality of users who use the plurality of services, and the above-mentioned. A one-time code generation step for generating a second one-time code used for authenticating a device control service based on identification information for identifying a user, and the generated second one-time code. Is transmitted to the communication terminal of the user who uses the plurality of services, and the second one-time code is received from the device related to the device control service, and the device control service. It is an authentication method having an authentication step of performing authentication based on the second one-time code received from the apparatus and the second one-time code generated in the one-time code generation step.

One aspect of the present invention is a first one-time code shared and used by a plurality of users who use the plurality of services with respect to a computer as a management server for linking a plurality of services, and the use thereof. A one-time code generation step for generating a second one-time code used for authenticating a device control service based on identification information for identifying a person, and the generated second one-time code are generated. , A communication step of transmitting to a communication terminal of a user who uses the plurality of services and receiving the second one-time code from a device related to the device control service, and a device related to the device control service. This is a computer program for executing an authentication step of performing authentication based on the second one-time code received from the user and the second one-time code generated in the one-time code generation step. ..

One aspect of the present invention is a service cooperation system including a management server for linking a plurality of services and an authentication server for authenticating a user who uses the plurality of services, and the management server is the plurality of services. When the user of the communication terminal that is the source of the information used for the authentication is authenticated by the authentication server, the first one is shared and used by a plurality of users who use the plurality of services. A one-time code generator that generates a second one-time code used for authenticating a device control service based on the time code and identification information for identifying the user, and the generated first one-time code. A communication unit that transmits the one-time code of 2 to a communication terminal of a user who uses the plurality of services and receives the second one-time code from a device related to the device control service, and the device control. An authentication unit that authenticates based on the second one-time code received from the device related to the service of the above and the second one-time code generated by the one-time code generation unit, and the authentication server. Is a service cooperation system including an authentication unit that authenticates the user of the communication terminal based on the information about the user and the information about the user registered in advance by the communication terminal.

According to the present invention, it is possible to reduce the load on the server in the service cooperation system.

It is a figure which shows the functional structure of the service cooperation system of this invention. It is a schematic block diagram which shows the functional structure of a communication terminal. It is a schematic block diagram which shows the functional structure of management server. It is a figure which shows an example of the one-time code generated by the management server. It is a figure which shows the specific example of the user information table. It is a figure which shows the specific example of the system information table. It is a schematic block diagram which shows the functional structure of an authentication server. It is a schematic block diagram which shows the functional structure of an electronic lock. It is a sequence diagram which shows the flow of the initial processing in a service cooperation system. It is a sequence diagram which shows the flow of processing at the time of unlocking in a service cooperation system.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing a functional configuration of the service cooperation system 100 of the present invention. The service cooperation system 100 includes a communication terminal 10, a management server 20, an authentication server 30, and an electronic lock 40. The communication terminal 10, the management server 20, the authentication server 30, and the electronic lock 40 are communicably connected via the network 55. The network 55 is, for example, the Internet.

The communication terminal 10 is a terminal device owned by the user, and unlocks the electronic lock 40 by using a one-time code issued from the management server 20. Here, the user is a person who uses the service in the service cooperation system 100. The service in the service cooperation system 100 is, for example, the unlocking of the electronic lock 40. In addition, the one-time code is a one-time code issued to a user when the user who uses a plurality of services is authenticated, and is composed of a predetermined character string for device control and is electronic. Information used to unlock the lock 40. The communication terminal 10 is an information processing device such as a smartphone, a tablet terminal, a mobile phone, and a personal computer.

The management server 20 manages the unlocking of the electronic lock 40 in the service cooperation system 100. For example, the management server 20 manages the unlocking of the electronic lock 40 by permitting the unlocking of the electronic lock 40 for each user who uses the service, generating a one-time code, and the like. The management server 20 generates a common one-time code in the system, and generates a one-time code for each user by adding identification information for identifying the user to the generated common one-time code. Adding the identification information for identifying the user means combining the identification information for identifying the user at an arbitrary position of the common one-time code. The arbitrary position is any position related to the common one-time code, for example, the beginning, middle, end, etc. of the common one-time code. In the service cooperation system 100, the position where the identification information for identifying the user is added needs to be fixed, and is determined in advance. Hereinafter, the one-time code common to the systems will be described as the first one-time code, and the one-time code for each user will be described as the second one-time code.

The authentication server 30 authenticates the user of the communication terminal 10. The existing technology is used for the user authentication performed between the authentication server 30 and the communication terminal 10. For example, a method using FIDO UAF (Universal Authentication Framework), a method using an ID and a password, and the like are used for user authentication performed between the authentication server 30 and the communication terminal 10. In the present embodiment, a case where FIDO UAF is used for user authentication performed between the authentication server 30 and the communication terminal 10 will be described as an example. FIDO UAF is a specification that authenticates a user without using a password. If the user registers biometric information such as a fingerprint or voiceprint on the communication terminal 10 and registers the communication terminal 10 in the service, the communication terminal 10 It is a mechanism that allows you to log in to the service just by authenticating.
The electronic lock 40 is a lock that electrically opens and closes the lock. The electronic lock 40 is installed in the building or at the entrance of the building. The electronic lock 40 controls the opening and closing of the lock based on the second one-time code obtained from the communication terminal 10. The electronic lock 40 is, for example, a smart lock.

FIG. 2 is a schematic block diagram showing a functional configuration of the communication terminal 10.
The communication terminal 10 includes a communication unit 11, an operation unit 12, a display unit 13, a control unit 14, a biometric information input unit 15, a biometric information storage unit 16, a one-time code storage unit 17, and a short-range communication unit 18.
The communication unit 11 communicates with the authentication server 30. For example, the communication unit 11 transmits an issuance request requesting issuance of a one-time code to the management server 20 via the network 55. The issuance request is a request sent when a user uses one of a plurality of services.

The operation unit 12 is configured by using an existing input device such as a touch panel, a button, a keyboard, and a pointing device (mouse, pen tablet, etc.). The operation unit 12 is operated by the user when inputting the user's instruction to the communication terminal 10. The operation unit 12 receives a request instruction for issuing a one-time code. Further, the operation unit 12 may be an interface for connecting the input device to the communication terminal 10. In this case, the operation unit 12 inputs the input signal generated in response to the user's input in the input device to the communication terminal 10.

The display unit 13 is an image display device such as a liquid crystal display or an organic EL (Electro Luminescence) display. The display unit 13 displays a screen (hereinafter referred to as "registration screen") for allowing the user to input information. The display unit 13 may be an interface for connecting the image display device to the communication terminal 10. In this case, the display unit 13 generates a video signal for displaying the communication terminal 10 and outputs the video signal to the image display device connected to the display unit 13.

The control unit 14 is configured by using a processor such as a CPU (Central Processing Unit) or a memory. By executing the program, the control unit 14 functions as a communication control unit 141, a key generation unit 142, an encryption unit 143, and a biometric authentication unit 144.
The communication control unit 141 controls communication by the communication unit 11 and the short-range communication unit 18.
The key generation unit 142 generates an encryption key using a predetermined encryption method. For example, the key generation unit 142 generates a public key and a private key by a public key cryptosystem.

The encryption unit 143 encrypts predetermined information using the encryption key generated by the key generation unit 142. For example, the encryption unit 143 uses the private key to encrypt the authentication information used for authentication by the authentication server 30. In the case of authentication by FIDO UAF, the encryption unit 143 encrypts the challenge code (random value) transmitted from the authentication server 30 with the private key when the result of biometric authentication performed in the own device is authentication OK. do.
The biometric authentication unit 144 performs biometric authentication based on the biometric information input via the biometric information input unit 15 and the biometric information stored in the biometric information storage unit 16.

The biometric information input unit 15 inputs the biometric information of the user. The biometric information of the user is, for example, a photograph of the user's face, a fingerprint, a voiceprint, or the like. The biometric information input unit 15 stores the input biometric information of the user in the biometric information storage unit 16.
The biological information storage unit 16 is configured by using a storage device such as a magnetic hard disk device or a semiconductor storage device. The biometric information storage unit 16 stores biometric information input via the biometric information input unit 15.

The one-time code storage unit 17 is configured by using a storage device such as a magnetic hard disk device or a semiconductor storage device. The one-time code storage unit 17 stores the second one-time code obtained from the management server 20.
The short-range communication unit 18 performs short-range wireless communication with the electronic lock 40. For example, the short-range communication unit 18 transmits the second one-time code stored in the one-time code storage unit 17 to the electronic lock 40. The short-range communication unit 18 performs short-range wireless communication using, for example, Bluetooth (registered trademark), NFC (Near Field Communication), or the like.

FIG. 3 is a schematic block diagram showing the functional configuration of the management server 20.
The management server 20 includes a communication unit 21, a control unit 22, an operation unit 23, a user information storage unit 24, and a system information storage unit 25.
The communication unit 21 communicates with the communication terminal 10 and the authentication server 30. For example, the communication unit 21 transmits a registration information notification for initial registration of the user in the service cooperation system 100 to the communication terminal 10. In addition, the communication unit 21 transmits an authentication request to the authentication server 30. In addition, the communication unit 21 receives the issuance request transmitted from the communication terminal 10. The authentication request is a notification for requesting the authentication server 30 to authenticate the user.

The control unit 22 is configured by using a processor such as a CPU and a memory. By executing the program, the control unit 22 functions as a notification generation unit 221, a communication control unit 222, a one-time code generation unit 223, an authentication unit 224, an encryption unit 225, and a decryption unit 226.
The notification generation unit 221 generates a registration information notification in response to a request from the administrator operating the management server 20 or the communication terminal 10.

The communication control unit 222 controls the communication by the communication unit 21. For example, when the communication terminal 10 makes a one-time code issuance request, the communication control unit 222 causes the authentication server 30 to transmit the authentication request to the communication unit 21 by using the authentication cooperation protocol or the like.
The one-time code generation unit 223 generates a first one-time code and a second one-time code. For example, the one-time code generation unit 223 generates the first one-time code periodically (for example, a set update frequency). Further, for example, the one-time code generation unit 223 generates a second one-time code when there is a user who satisfies a predetermined condition. The predetermined conditions include that the user has been authenticated by the authentication server 30 and that the user is within the unlocking permission period of the electronic lock 40.

FIG. 4 is a diagram showing an example of a one-time code generated by the one-time code generation unit 223.
As shown in FIG. 4, the second one-time code is composed of the first one-time code and the user ID. As shown in FIG. 4, the one-time code generation unit 223 generates a second one-time code by combining the first one-time code with a user ID relating to a user who satisfies a predetermined condition. .. In FIG. 4, as an example, the second one-time code in which the user ID is combined at the end of the first one-time code is shown, but the position where the user ID is combined is the first one as described above. Any position of 1 one-time code may be used.

Returning to FIG. 3, the description will be continued.
The authentication unit 224 authenticates the validity of the one-time code by using the second one-time code transmitted from the electronic lock 40 and the second one-time code stored in the own device.
The encryption unit 225 encrypts the second one-time code generated by the one-time code generation unit 223 according to a predetermined encryption method.
The decryption unit 226 decrypts the encrypted second one-time code by using the same method as the encryption method by the encryption unit 225.

The operation unit 23 is configured by using an existing input device such as a touch panel, a button, a keyboard, and a pointing device (mouse, pen tablet, etc.). The operation unit 23 is operated by the administrator when inputting the administrator's instruction to the management server 20. The operation unit 23 uses information about the user (for example, identification information of the communication terminal 10 possessed by the user), information about the electronic lock 40 that allows the user to unlock, an authentication expiration date, and an effective time. Accepts instructions from the administrator of the obi, etc. The authentication expiration date is the expiration date on which the authenticated user is considered to have been authenticated. That is, the authentication expiration date is an expiration date that does not require re-authentication for a user who has been authenticated once. The valid time zone is the time zone in which the authentication expiration date is valid. Further, the operation unit 23 may be an interface for connecting the input device to the management server 20. In this case, the operation unit 23 inputs the input signal generated in response to the user's input in the input device to the management server 20.

The user information storage unit 24 is configured by using a storage device such as a magnetic hard disk device or a semiconductor storage device. The user information storage unit 24 stores the user information table.
The system information storage unit 25 is configured by using a storage device such as a magnetic hard disk device or a semiconductor storage device. The system information storage unit 25 stores the system information table.

FIG. 5 is a diagram showing a specific example of the user information table. The user information table is composed of 60 records (hereinafter, referred to as "user information records") representing information about users. The user information record 60 has values of a user ID, an unlockable lock ID, an authentication expiration date, an expiration time zone, and a final authentication time.

The value of the user ID is information for identifying the user. The value of the user ID is, for example, information about the user, for example, ID information such as the employee number and guest number of the user. The value of the unlockable lock ID is information for identifying the electronic lock 40 that is permitted to be unlocked by the user identified by the user ID. The value of the authentication expiration date is the expiration date on which the authenticated user is considered to have been authenticated. For example, if the authentication expiration date is 24 hours, the user can unlock the electronic lock 40 simply by transmitting the one-time code to the electronic lock 40, after the authentication is performed once and the authentication is valid for 24 hours. Become. The time zone value is a time zone in which the user can unlock the electronic lock 40 using the one-time code. The value of the last authentication time is the time when the last authentication was performed. The value of the final authentication time is updated every time the authentication server 30 authenticates and the management server 20 receives the authentication result.

In the example shown in FIG. 5, a plurality of user IDs are registered in the user information table. These user IDs are "001" and "002". In FIG. 5, the values registered in the user information record 60 registered at the top of the user information table are the user ID "001" and the unlockable lock IDs "00a" and "00b". , The authentication expiration date is "24 hours", the valid time zone is "weekdays 08: 00 to 20:00", and the final authentication time is "20XX / 11/30 YYYYYY". That is, the identification information of the electronic lock 40 that can be unlocked by the communication terminal 10 identified by the user ID "001" is "00a" and "00b", and once authenticated, the authentication is performed for "24 hours". It is unnecessary, the time zone when the electronic lock 40 can be unlocked using the one-time code is between "08: 00-20: 00 on weekdays", and the time when the final authentication is made is "20XX / 11/30 YYYYYY". It is expressed that.

FIG. 6 is a diagram showing a specific example of the system information table. The system information table is composed of a record (hereinafter, referred to as "system information record") 70 representing information about the service cooperation system 100. The system information record 70 has values of a system ID, a lock ID, a user ID, an update frequency, and a first one-time code. The system ID, lock ID, user ID, and update frequency are updated when the administrator operates the management server 20.

The value of the system ID is information for identifying the system. For example, the value of the system ID may be registered in advance by the administrator, or may be a randomly set value. The value of the lock ID is the identification information of the electronic lock 40. The value of the user ID is information for identifying the user. The update frequency value is the timing for updating the first one-time code. When the update frequency is "5 seconds", the first one-time code is updated every "5 seconds". The value of the first one-time code is a one-time code common in one system.

In the example shown in FIG. 6, one system ID is registered in the system information table. This system ID is "0x". In FIG. 6, the values registered in the system information record 70 registered in the system information table are the system ID "0x", the lock IDs "00a, 00b" and "00a, 00c", and the user ID. "001" and "002", the update frequency is "5 seconds", and the first one-time code is "DDDDDD". That is, in the system identified by the system ID "0x", the identification information of the electronic lock 40 that can be unlocked by the user identified by the user ID "001" is "00a, 00b", and the first one The time code is updated every "5 seconds", indicating that the first one-time code is "DDDDDD".

FIG. 7 is a schematic block diagram showing the functional configuration of the authentication server 30.
The authentication server 30 includes a communication unit 31, a control unit 32, and a key information storage unit 33.
The communication unit 31 communicates with the communication terminal 10 and the management server 20. The communication unit 31 receives the public key from the communication terminal 10.

The control unit 32 is configured by using a processor such as a CPU and a memory. The control unit 32 functions as a communication control unit 321, an authentication unit 322, and a decoding unit 323 by executing a program.
The communication control unit 321 controls the communication by the communication unit 31.
The authentication unit 322 authenticates the user of the communication terminal 10. In the case of authentication by the FIDO UAF, the authentication unit 322 authenticates the user of the communication terminal 10 by confirming the validity of the challenge code decrypted by the decoding unit 323.

The decryption unit 323 decrypts the information encrypted by the communication terminal 10 by using the encryption key stored in the key information storage unit 33. For example, the decryption unit 323 decrypts the challenge code encrypted by the communication terminal 10 by using the public key stored in the key information storage unit 33.
The key information storage unit 33 is configured by using a storage device such as a magnetic hard disk device or a semiconductor storage device. The key information storage unit 33 stores an encryption key (for example, a public key).

FIG. 8 is a schematic block diagram showing the functional configuration of the electronic lock 40.
The electronic lock 40 includes an information acquisition unit 41, a control unit 42, a communication unit 43, and a lock control unit 44.
The information acquisition unit 41 acquires information from the communication terminal 10. For example, the information acquisition unit 41 acquires a second one-time code by performing short-range wireless communication with the communication terminal 10.
The control unit 42 requests authentication of the validity of the second one-time code by transmitting the second one-time code acquired by the information acquisition unit 41 to the management server 20 via the communication unit 43.

The communication unit 43 communicates with the management server 20 via the network 55. For example, the communication unit 43 transmits the second one-time code to the management server 20. Further, for example, the communication unit 43 receives the authentication result of the second one-time code from the management server 20.
The lock control unit 44 controls the opening and closing of the lock according to the instructions of the control unit 42. For example, the lock control unit 44 unlocks according to the instruction of the control unit 42.

FIG. 9 is a sequence diagram showing the flow of the initial registration process in the service cooperation system 100.
The notification generation unit 221 of the management server 20 generates a registration information notification in response to a request from the administrator operating the management server 20 or the communication terminal 10 (step S101). The registration information notification generated by the notification generation unit 221 is, for example, an e-mail. For example, the registration information notification may include a URL (Uniform Resource Locator) with individual parameters for each user, or may include a user ID and a user password for initial registration in addition to the URL. Alternatively, the user ID and user password for logging in to the dedicated application may be included instead of the URL. In the description of FIG. 9, a case where the registration information notification includes a URL with individual parameters for each user will be described as an example. The communication unit 21 of the management server 20 transmits the generated registration information notification to the communication terminal 10 (step S102).

The communication unit 11 of the communication terminal 10 receives the registration information notification transmitted from the management server 20. The display unit 13 displays the URL included in the received registration information notification. When the URL is selected by the user's operation, the communication unit 11 of the communication terminal 10 accesses the authentication server 30 specified by the URL (step S103). If the registration information notification includes a user ID and a user password for logging in to the dedicated application instead of the URL, the communication terminal 10 accesses the authentication server 30 via the dedicated application.

The authentication server 30 transmits the registration screen data to the accessing communication terminal 10 (step S104).
The communication unit 11 of the communication terminal 10 receives the registration screen data transmitted from the authentication server 30. The display unit 13 displays a registration screen based on the received registration screen data. The biometric information input unit 15 receives input of biometric information from the user. When the biometric information is input by the user, the biometric information input unit 15 registers the input biometric information in the biometric information storage unit 16 (step S105). After that, the encryption unit 143 generates an encryption key (step S106). For example, the encryption unit 143 generates a private key and a public key. The communication unit 11 transmits the generated encryption key (public key) to the authentication server 30 (step S107).

The communication unit 31 of the authentication server 30 receives the encryption key (public key) transmitted from the communication terminal 10. The communication control unit 321 associates the received encryption key (public key) with the user ID and stores it in the key information storage unit 33 (step S108).

FIG. 10 is a sequence diagram showing a processing flow at the time of unlocking in the service cooperation system 100.
The one-time code generation unit 223 generates a first one-time code common to the service cooperation system 100 identified by the system ID registered in the system information table (step S201). Existing techniques may be used to generate the first one-time code. For example, the one-time code generation unit 223 generates a first one-time code using a random value.

The one-time code generation unit 223 registers the generated first one-time code in the system information table in association with the system ID. After that, the one-time code generation unit 223 updates the first one-time code according to the update frequency registered in the system information table. For example, demonstrating the system information table shown in FIG. 6 as an example, the one-time code generation unit 223 generates the first one-time code associated with the system ID “0x” and the first one-time code. It will be updated every time "5 seconds" have passed. When updating the first one-time code, the one-time code generator 223 generates a new first one-time code, and the generated first one-time code is the first one-time already registered. Update the first one-time code by overwriting the code.

The communication unit 11 of the communication terminal 10 transmits a one-time code issuance request to the management server 20 via the network 55 in response to the user's operation (step S202). The one-time code issuance request includes the user ID.
The communication unit 21 of the management server 20 receives the one-time code issuance request transmitted from the communication terminal 10. When the issuance request is received, the communication control unit 222 controls the communication unit 21 to request the authentication server 30 to authenticate the user ID included in the issuance request.

Specifically, the communication control unit 222 generates an authentication request including the user ID included in the issuance request, controls the communication unit 21, and transmits the generated authentication request to the authentication server 30 (step S203). ). For example, the communication control unit 222 controls the communication unit 21 and uses an authentication cooperation protocol (for example, Open ID Connect) to make an authentication request to the authentication server 30 by redirect communication via the communication terminal 10. Send.

The communication unit 31 of the authentication server 30 receives the authentication request transmitted from the management server 20. When the authentication request is received, the authentication unit 322 authenticates the user of the communication terminal 10. For example, the authentication unit 322 performs authentication using the FIDO UAF. In this case, the authentication unit 322 transmits a challenge code (random value) to the application or browser of the communication terminal 10 (step S204).

The communication unit 11 of the communication terminal 10 receives the challenge code transmitted from the authentication server 30. When the challenge code is received by the communication unit 11, the display unit 13 displays that the input of the biometric information is requested, and accepts the input of the biometric information from the user. When the biometric information is input from the user via the biometric information input unit 15, the biometric authentication unit 144 compares the input biometric information with the biometric information stored in the biometric information storage unit 16. Biometrics is performed by (step S205). The biometric authentication unit 144 determines that the authentication has been successful when the input biometric information and the biometric information stored in the biometric information storage unit 16 match. On the other hand, the biometric authentication unit 144 determines that the authentication could not be performed when the input biometric information and the biometric information stored in the biometric information storage unit 16 do not match.

If the authentication cannot be performed, the biometric authentication unit 144 displays on the display unit 13 that the authentication has not been performed. In this case, the display unit 13 may display that the input of biometric information is requested again.
On the other hand, if the authentication is successful, the encryption unit 143 encrypts the received challenge code using the held encryption key (for example, the private key) (step S206). The communication control unit 141 controls the communication unit 11 and transmits the encrypted challenge code as a response to the authentication server 30 (step S207).

The communication unit 31 of the authentication server 30 receives the response transmitted from the communication terminal 10. The communication control unit 321 outputs the received response to the decoding unit 323. The decryption unit 323 decrypts the received response by using the encryption key stored in the key information storage unit 33. For example, the decryption unit 323 challenges by decrypting the response using the public key corresponding to the user ID of the communication terminal 10 which is the transmission source of the response among the public keys stored in the key information storage unit 33. Get the code (step S208). The authentication unit 322 authenticates the user of the communication terminal 10 by using the acquired challenge code and the challenge code transmitted to the communication terminal 10 in the process of step S204 (step S209).

Specifically, the authentication unit 322 compares the acquired challenge code with the challenge code transmitted to the communication terminal 10 in the process of step S204, and confirms whether or not they match. As a result of the comparison, if the acquired challenge code and the challenge code transmitted to the communication terminal 10 in the process of step S204 match, the authentication unit 322 determines that the user has been authenticated. On the other hand, if the acquired challenge code and the challenge code transmitted to the communication terminal 10 in the process of step S204 do not match, the authentication unit 322 determines that the authentication could not be performed.

The authentication unit 322 outputs the authentication result to the communication control unit 321. In FIG. 10, it is assumed that the authentication is successful. In this case, the communication control unit 321 generates an authentication result including a notification indicating that the authentication has been performed, and transmits the generated authentication result to the management server 20 via the communication unit 31 (step S210).

The communication unit 21 of the management server 20 receives the authentication result transmitted from the authentication server 30. The one-time code generation unit 223 confirms the received authentication result (step S211). Since the authentication result includes a notification indicating that the authentication has been performed, the communication control unit 222 determines whether or not the one-time code can be issued to the user by using the user information table shown in FIG. Step S212).

Specifically, first, the communication control unit 222 selects the user information record 60 corresponding to the user ID included in the authentication result from the user information records 60 registered in the user information table. Next, the communication control unit 222 refers to the values of the authentication expiration date and the final authentication time of the selected user information record 60, and determines whether or not the one-time code can be issued.

For example, the communication control unit 222 determines that the one-time code can be issued when the current time does not exceed the time obtained by adding the time indicated by the authentication expiration date to the final authentication time. On the other hand, the communication control unit 222 determines that the one-time code is not issued when the current time exceeds the time obtained by adding the time indicated by the authentication expiration date to the final authentication time. If the one-time code is not issued, the communication control unit 222 controls the communication unit 21 and transmits an error notification indicating that the authentication has expired to the communication terminal 10.

On the other hand, when the one-time code can be issued, the one-time code generation unit 223 generates a second one-time code (step S213). Specifically, first, the one-time code generation unit 223 acquires the first one-time code from the system information table. Then, the one-time code generation unit 223 generates a second one-time code by combining the acquired first one-time code with the user ID included in the issuance request at an arbitrary predetermined position. do. The one-time code generation unit 223 outputs the generated second one-time code to the encryption unit 225.

The encryption unit 225 encrypts the second one-time code output from the one-time code generation unit 223 according to a predetermined encryption method (step S214). The communication unit 21 transmits the one-time code information including the encrypted second one-time code to the communication terminal 10 (step S215).

The communication unit 11 of the communication terminal 10 receives the one-time code information transmitted from the management server 20. The communication control unit 141 stores the encrypted second one-time code included in the received one-time code information in the one-time code storage unit 17. After that, the user carries the communication terminal 10 and moves to the vicinity of the electronic lock 40, and instructs the authentication by the one-time code (step S216).

The communication control unit 141 reads out the encrypted second one-time code stored in the one-time code storage unit 17 in response to an instruction from the user. The communication control unit 141 controls the short-range communication unit 18 and transmits the one-time code information including the read encrypted second one-time code to the electronic lock 40 by short-range wireless communication to authenticate. Request (step S217).
The information acquisition unit 41 of the electronic lock 40 receives the one-time code information transmitted from the communication terminal 10. The control unit 42 controls the communication unit 43 to transmit the one-time code information to the management server 20 (step S218). At this time, the control unit 42 assigns the lock ID of the own device to the one-time code information.

The communication unit 21 of the management server 20 receives the one-time code information and the lock ID transmitted from the electronic lock 40. The decryption unit 226 uses a method similar to the encryption method by the encryption unit 225 to decrypt the encrypted second one-time code included in the one-time code information, thereby performing the second one-time. Restore the code (step S219). After that, the authentication unit 224 authenticates the validity of the one-time code using the restored second one-time code and the lock ID (step S220).

Specifically, the authentication unit 224 is in a time zone in which the current time is a time zone in which the electronic lock 40 can be unlocked using the second one-time code, the second one-time code is valid, and the second one-time code is valid. It is determined whether or not the user has the authority to unlock the electronic lock 40, which is the source of the one-time code information. The current time is a time zone in which the electronic lock 40 can be unlocked using the second one-time code, the second one-time code is valid, and the user is the source of the one-time code information. If the user has the authority to unlock the electronic lock 40, the authentication unit 224 determines that the authentication has been successful. On the other hand, in other cases, the authentication unit 224 determines that the authentication cannot be performed.

Here, it is determined whether or not the current time is a time zone in which the electronic lock 40 can be unlocked using the second one-time code, and whether or not the second one-time code is valid and used. A method for determining whether or not a person has the authority to unlock the electronic lock 40, which is the source of the one-time code information, will be described.

(Determining whether or not the current time is a time zone in which the electronic lock 40 can be unlocked using the second one-time code)
The authentication unit 224 acquires the user ID from a predetermined position of the restored second one-time code. The authentication unit 224 refers to the user information table and selects the user information record 60 corresponding to the acquired user ID. Next, the authentication unit 224 determines whether or not the current time is within the time zone registered in the time zone item of the selected user information record 60. When the current time is within the time zone of the selected user information record 60, the authentication unit 224 determines that the current time is the time zone in which the electronic lock 40 can be unlocked using the second one-time code. ..
On the other hand, when the current time is outside the time zone of the selected user information record 60, the authentication unit 224 does not have a time zone in which the electronic lock 40 can be unlocked using the second one-time code. judge.

(Determining whether the second one-time code is valid)
The authentication unit 224 refers to the system information table and selects the system information record 70 corresponding to the user ID. Next, the authentication unit 224 acquires the value registered in the item of the first one-time code of the selected system information record 70, and sets the user ID at an arbitrary position of the acquired first one-time code. The validity of the second one-time code is confirmed by comparing the combined value with the restored second one-time code. When the value obtained by combining the user ID at an arbitrary position of the first one-time code and the restored second one-time code match, the authentication unit 224 determines that the second one-time code is valid. judge. On the other hand, if the value obtained by combining the user ID at an arbitrary position of the first one-time code and the restored second one-time code do not match, the authentication unit 224 says that the second one-time code is valid. It is determined that there is no such thing.

(Determination of whether or not the user has the authority to unlock the electronic lock 40, which is the source of the one-time code information)
The authentication unit 224 refers to the user information table and selects the user information record 60 corresponding to the user ID. Next, the authentication unit 224 determines whether or not the lock ID registered in the unlockable lock ID item of the selected user information record 60 matches the lock ID assigned to the one-time code information. To judge. When the registered lock ID and the lock ID included in the one-time code information match, the authentication unit 224 has the authority to unlock the electronic lock 40, which is the source of the one-time code information. Judge that it is.
On the other hand, when the registered lock ID and the lock ID given to the one-time code information do not match, the authentication unit 224 unlocks the electronic lock 40, which is the source of the one-time code information. Judge that you do not have the authority of.

If the authentication cannot be performed, the communication control unit 222 controls the communication unit 21 and transmits an error notification to the communication terminal 10.
On the other hand, if the authentication is successful, the communication control unit 222 controls the communication unit 21 and transmits an authentication result indicating that the authentication has been performed to the electronic lock 40 identified by the lock ID included in the one-time code information. (Step S221).
The information acquisition unit 41 of the electronic lock 40 receives the authentication result transmitted from the management server 20. The control unit 42 refers to the received authentication result, and if it indicates that the authentication has been performed, instructs the lock control unit 44 to unlock the lock. The lock control unit 44 unlocks according to the instruction of the control unit 42 (step S222). On the other hand, the control unit 42 refers to the received authentication result, and if it indicates that the authentication has not been performed, notifies the user that the authentication has not been performed by a beep sound or the like.

In the service cooperation system 100 configured as described above, a common one-time code is generated in the system, and the user ID is combined with the generated one-time code to obtain a one-time code for each user. As a result, if one common one-time code is generated in one system, the one-time code of each user belonging to the system can be obtained. Therefore, the management server 20 can reduce the processing load for generating the one-time code for each user. Therefore, in the service cooperation system, it is possible to reduce the load on the server while confirming the legitimacy of the user.

<Modification example>
The number of the communication terminal 10, the management server 20, the authentication server 30, and the electronic lock 40 may be two or more.
In the above embodiment, the information acquisition unit 41 of the electronic lock 40 acquires the second one-time code by short-range wireless communication with the communication terminal 10, but the information acquisition unit of the electronic lock 40 has been shown. 41 may obtain the second one-time code by other methods. For example, the information acquisition unit 41 may be configured to acquire the second one-time code by optically reading the coded second one-time code. The coding may be, for example, bar-coded or two-dimensionally coded. In this configuration, the communication terminal 10 includes a code generation unit instead of the short-range communication unit 18. The code generation unit encodes the second one-time code and stores it in the one-time code storage unit 17. After that, in response to an instruction from the operation unit 12, the display unit 13 displays the second coded one-time code stored in the one-time code storage unit 17. Then, the user brings the coded second one-time code closer to the information acquisition unit 41 of the electronic lock 40, and the information acquisition unit 41 reads the coded second one-time code. Get 2 one-time code.

When the key generation unit 142 does not use the authentication method by FIDO UAF, the key generation unit 142 may generate a common key by a common key encryption method.
In the present embodiment, the configuration for generating the encryption key in the communication terminal 10 is shown, but the encryption key may be generated by another device. For example, the encryption key may be generated by the management server 20 or the authentication server 30. When the management server 20 generates the encryption key, the management server 20 generates the encryption key at the timing of transmitting the registration information notification, and transmits the encryption key (for example, the private key) to the communication terminal 10 together with the registration information notification. Further, when the authentication server 30 generates the encryption key, the authentication server 30 generates the encryption key at the timing when the communication terminal 10 accesses or the authentication information is registered, and the encryption key (for example, The public key) is transmitted to the communication terminal 10. In this case, the authentication server 30 stores the private key in the key information storage unit 33. Further, the service cooperation system 100 may be configured to use both the common key encryption method and the public key encryption method properly.

In FIG. 10, when the communication terminal that is the source of the issuance request is authenticated once and the authentication expiration date has not passed, the management server 20 does not execute the process of step S203 but the process of step S211. May be configured to perform. In this configuration, the service cooperation system 100 does not execute the processes of steps S203 to S211.
In the present embodiment, the management server 20 shows a configuration in which the one-time code is directly acquired from the device to be controlled in the service used by the user (for example, the electronic lock 40), but the device to be controlled is controlled. It may be configured to acquire the one-time code acquired by the device to be controlled from the server.

The service cooperation system 100 may be applied to the attendance management of the user by accumulating the unlocking log of the electronic lock 40.
In the present embodiment, the unlocking of the electronic lock 40 has been described as an example, but it may be applied to other services. Other services include, for example, admission management to event venues, rental management in the sharing economy service, locker locking management, and activation management of various devices.

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to this embodiment, and includes designs and the like within a range that does not deviate from the gist of the present invention.

10 ... Communication terminal, 11 ... Communication unit, 12 ... Operation unit, 13 ... Display unit, 14 ... Control unit, 141 ... Communication control unit, 142 ... Key generation unit, 143 ... Encryption unit, 144 ... Bioauthentication unit, 15 ... Biometric information input unit, 16 ... Biological information storage unit, 17 ... One-time code storage unit, 18 ... Short-distance communication unit, 20 ... Management server, 21 ... Communication unit, 22 ... Control unit, 221 ... Notification generation unit, 222 ... Communication control unit, 223 ... One-time code generation unit, 224 ... Authentication unit, 225 ... Encryption unit, 226 ... Decryption unit, 23 ... Operation unit, 24 ... User information storage unit, 25 ... System information storage unit, 30 ... Authentication server, 31 ... Communication unit, 32 ... Control unit, 321 ... Communication control unit, 322 ... Authentication unit, 323 ... Decryption unit, 33 ... Key information storage unit, 40 ... Electronic lock, 41 ... Information acquisition unit, 42 ... Control unit, 43 ... Communication unit, 44 ... Lock control unit, 55 ... Network

Claims (9)

A management server that links multiple services
It is used to authenticate the device control service based on the first one-time code shared and used by a plurality of users who use the plurality of services and the identification information for identifying the user. A one-time code generator that generates a second one-time code,
A communication unit that transmits the generated second one-time code to a communication terminal of a user who uses the plurality of services, and receives the second one-time code from a device related to the device control service. When,
An authentication unit that performs authentication based on the second one-time code received from the device related to the device control service and the second one-time code generated by the one-time code generation unit.
Management server with. The management server according to claim 1, wherein the one-time code generation unit generates the second one-time code by combining the identification information at an arbitrary position of the first one-time code. When a request for using the plurality of services is made from the communication terminal, the communication unit transmits the request to the authentication server, receives the authentication result from the authentication server, and receives the authentication result.
The management server according to claim 1 or 2, wherein the one-time code generation unit generates the second one-time code when the authentication result received from the authentication server indicates that the authentication has been performed. The communication unit requests the authentication server to authenticate the communication terminal by using the authentication cooperation protocol when the communication terminal requests to use the plurality of services. The listed management server. An encryption unit that encrypts the second one-time code is further provided.
The management server according to any one of claims 1 to 4, wherein the communication unit transmits the second one-time code encrypted by the encryption unit to the communication terminal. The communication unit receives the second one-time code encrypted by the encryption unit from the device related to the device control service, and receives the second one-time code.
The management server according to claim 5, further comprising a decoding unit that decodes the received second one-time code. It is an authentication method performed by the management server that links multiple services.
It is used to authenticate the device control service based on the first one-time code shared and used by a plurality of users who use the plurality of services and the identification information for identifying the user. One-time code generation step to generate the second one-time code,
A communication step in which the generated second one-time code is transmitted to a communication terminal of a user who uses the plurality of services, and the second one-time code is received from a device related to the device control service. When,
An authentication step for performing authentication based on the second one-time code received from the device related to the device control service and the second one-time code generated in the one-time code generation step.
Authentication method with. For a computer as a management server that links multiple services
It is used to authenticate the device control service based on the first one-time code shared and used by a plurality of users who use the plurality of services and the identification information for identifying the user. One-time code generation step to generate the second one-time code,
A communication step in which the generated second one-time code is transmitted to a communication terminal of a user who uses the plurality of services, and the second one-time code is received from a device related to the device control service. When,
An authentication step for performing authentication based on the second one-time code received from the device related to the device control service and the second one-time code generated in the one-time code generation step.
A computer program to run. A service linkage system including a management server for linking a plurality of services and an authentication server for authenticating users who use the plurality of services.
The management server
When the user of the communication terminal that is the source of the information used for the authentication of the plurality of services is authenticated by the authentication server, it is shared and used by the plurality of users who use the plurality of services. A one-time code generator that generates a second one-time code used for authenticating a device control service based on the first one-time code and identification information for identifying the user.
A communication unit that transmits the generated second one-time code to a communication terminal of a user who uses the plurality of services, and receives the second one-time code from a device related to the device control service. When,
An authentication unit that performs authentication based on the second one-time code received from the device related to the device control service and the second one-time code generated by the one-time code generation unit.
The authentication server is
An authentication unit that authenticates a user of the communication terminal based on the information about the user and the information about the user registered in advance by the communication terminal.
Service cooperation system equipped with.

Images