JP7005675B2 - Systems, their control methods, devices, and programs - Google Patents

Description

The present invention relates to a wireless communication technique.

Among the communication technologies for direct communication between devices, a mechanism has been developed that can provide various services according to the distance between devices by utilizing the technology that saves energy and enables long-distance communication. As an example of this technology, there is a technology called BLE (Bluetooth (registered trademark) Low Energy).

For example, there is iBeacon (registered trademark) as a mechanism for using BLE. In this mechanism, first, the transmitter broadcasts and transmits a signal including device information on the transmitting side called Beacon by BLE. The receiver is a mechanism capable of providing various services by using the device information included in the received signal and the distance information obtained together from the signal strength and the like. By using this mechanism, for example, it is possible to provide a service in which a Beacon signal is transmitted at a certain store, and when the customer's mobile terminal detects the signal at that store, sales information according to the distance is notified.

In addition, as a conventional technique for notifying a distance between terminals, Patent Document 1 discloses a technique of using wireless communication and an ultrasonic signal generator and receiver of each terminal in combination.

Japanese Unexamined Patent Publication No. 2013-236255

Various applications can be considered for the mechanism for using signals via wireless communication such as BLE described above. For example, when personal authentication is required to enter an office or the like, the user always carries a security card or a mobile terminal. By mounting a signal transmitter such as Beacon on such a security card or mobile terminal, it is conceivable to grasp the position of the user and provide various services according to the position.

However, constantly transmitting a signal directly or indirectly related to a user who travels to and from an area requiring authentication from a user's security card, mobile terminal, or the like means that the information in the signal is encrypted. However, there are concerns about security risks.

Therefore, an object of the present invention is to provide a mechanism capable of flexibly controlling transmission of a signal such as Beacon or changing the content in response to a trigger such as authentication in order to solve the above problems. do.

In order to solve the above problems, the present invention is a system including an external system for managing user information indicating a user of a mobile device and a device for communicating with the external system.
The device responds to the first transmission means for transmitting a request including information received via short-range communication with the mobile device to the external system and the response to the request from the external system. A second transmission means for transmitting data that triggers the start of transmission of a signal to the mobile device, and a third transmission for transmitting data used for controlling to stop the signal at which transmission is started in the mobile device. In the mobile device , the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled according to the reception of the data from the second transmission means of the device. Further, the stop of the function of transmitting the signal is controlled according to the data from the third transmission means of the device, and the signal includes the mobile device or the identification information for identifying the user of the mobile device. It is characterized by that.

According to the present invention, it is possible to provide a mechanism capable of flexibly controlling such as suppressing transmission of a signal such as Beacon or changing the content according to a trigger such as authentication.

The figure which shows the structure of the network system in this invention. The figure which shows the example of the hardware composition of each apparatus in this invention. The figure which shows the example of the software composition of each apparatus in this invention. The figure which shows the example of the various data tables used by the authentication server 130 in the authentication process. The figure which shows the example of the data table used in the mobile device 110 A flowchart for explaining the process in the authentication device according to the first embodiment. A flowchart for explaining the process in the authentication server according to the first embodiment. A flowchart for explaining the process in the mobile device according to the first embodiment. The figure which shows the example of the authentication device information used by the authentication device in Example 1. The figure which shows the example of the monitoring information which used the Beacon information in Example 1. The figure which shows the example of the authentication history information stored in the data storage part 330 in Example 1. The figure which shows the example of the history information including the distance information in Example 1. A diagram showing an example of a data table managed by the authentication server 130 in Application Example 2. The figure which shows the example of the authentication device information used by the authentication device 120 in the application example 2. The figure which shows the example of various data tables used in application example 3. The figure which shows the modification of the portable device to which this invention is applied A flowchart for explaining the processing of the authentication server 130 in the second embodiment. The figure which shows an example of the contents in the warning notification in Example 2. The figure which shows the example of the management table of the history information in Example 2.

Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings.

(Example 1)
FIG. 1 is a diagram showing a configuration example of a basic network system according to the present invention. The network system includes an authentication device 120 and an authentication server 130. The authentication device 120 and the authentication server 130 are authentication systems arranged in the user environment for realizing authentication processing and the like, and are connected to each other via the network 100 and can perform data communication. Further, the authentication device 120 can perform data communication with the mobile device 110 by communication 101. Regarding the communication 101, it is possible to perform communication in various forms such as a contact type and a non-contact type for authentication. In this embodiment, the mobile device 110, the authentication device 120, and the authentication server 130 are configured as one unit, but a plurality of each may be present.

FIG. 2 is a block diagram for explaining a configuration example of hardware of a device, an apparatus, and a server constituting the present invention.

FIG. 2A is a block diagram showing an example of the hardware configuration of the mobile device 110.

The CPU 201 comprehensively controls each device connected to the system bus 210 according to a program stored in the ROM 203, which is a storage unit. The RAM 202 also functions as a main memory, a work area, and the like of the CPU 201. ROM 203 stores various programs and data. The communication I / F 204 controls the communication of the reader / writer response unit 205 and the Beacon 206. The reader / writer response unit 205 responds to a data transmission / reception request from the authentication device 120, and transmits / receives data between the two points. The reader / writer response unit 205 includes a contact type that directly contacts between two points to transmit and receive data, and a non-contact type that transmits and receives data by wireless communication. The Beamon 206 as a signal control unit is a signal transmission I / F, and controls periodic transmission of a signal including an identifier that can identify an individual of a mobile device 110 or its user by an external system. The transmission of this signal is performed to the wireless network, and the transmission cycle and frequency may be fixed or arbitrarily changed. In the present invention, Beacon information is given as an example of a signal whose transmission is controlled by the signal control unit, and the description will be described below. The process described in this embodiment is realized by loading the program recorded in the ROM 203 into the RAM 202 and executing the program by the CPU 201. Further, the mobile device 110 may further have a display unit for controlling display based on the retained data, and a connection unit for connecting to the outside by wire / wireless. Examples of the wired / wireless connection include a connection using USB (Universal Serial Bus), Wi-Fi (Wireless Fidelity), and the like.

FIG. 16 is a modification of FIG. 2A, and shows a mobile device 110 having a hardware configuration different from that of FIG. 2A. The present invention is also applicable to the portable device 110 having the configuration shown in FIG.

The CPU 220, RAM 221 and ROM 222 are the same as those of the CPU 201, RAM 202 and ROM 203. The communication I / F 223 controls the reader / writer response unit 224. The reader / writer response unit 224 is the same as the reader / writer response unit 205.

The expansion I / F 225 is a module expansion I / F, and the module can be controlled by connecting a module for transmitting Beacon information (hereinafter referred to as a Beacon information transmission module). That is, it can be a portable device capable of performing the same control as in FIG. 2A by additionally connecting the module to a device having no Beacon information transmission function.

The Beacon information transmission module is composed of a CPU 226, a RAM 227, a ROM 228, and a Beacon 229. The CPU 226 comprehensively controls each device according to a program stored in the ROM 228, which is a storage unit. The RAM 227 also functions as a main memory, a work area, and the like of the CPU 226. ROM 228 stores various programs and data of the Beacon information transmission module. Beacon 229 is similar to Beacon 206.

In this embodiment, FIG. 2A will be used in the following description. As an example of the portable device 110 shown in FIGS. 2A and 16A, an IC card type device (security card) for identifying an individual and performing personal authentication or the like is mentioned. Other examples of the portable device 110 may be a smartphone, a glasses-type information device, a wristwatch-type information device, a car navigation system, a robot, or the like. In addition to personal authentication, device authentication and vehicle body authentication are also assumed for the authentication described later.

FIG. 2B is a block diagram showing an example of the hardware configuration of the authentication device 120.

The CPU 240 controls the overall operation of the authentication device 120. The CPU 240 comprehensively controls each device connected to the system bus 250 according to the program stored in the ROM 242. The RAM 241 functions as a main memory, a work area, and the like of the CPU 240, and is also used as an input information expansion area and an environment data storage area. The ROM 242 stores a control program executed by the CPU 240 and various data. The communication I / F 243 controls the communication of the NIC 244, the reader / writer 245, and the Beacon 246. NIC 244 is a connection I / F with a network and controls transmission / reception of data to / from the authentication server 130. The reader / writer 245 transmits a data transmission / reception request, and transmits / receives data between the two points in response to a response from the mobile device 110. The reader / writer 245 includes a contact type in which data is transmitted and received by directly contacting two points, and a non-contact type in which data is transmitted and received by wireless communication.

The Beacon 246 as a signal receiving unit is an I / F for receiving signals such as Beacon information, and controls the reception of Beacon information that can identify the portable device 110. The external device connection I / F 247 controls an interface with an external device 248 such as an automatic door or a lock. The process described in this embodiment is realized by reading the program recorded in the ROM 242 into the RAM 241 as needed and executing the program by the CPU 240.

It is assumed that the Beamon 246 and the external device connection I / F 247 are built in a control device (not shown) other than the authentication device 120 in the system. A plurality of control devices may be installed with different roles, and each of them naturally has a hardware configuration such as a ROM, RAM, and CPU, and can execute a predetermined control program. Specifically, when the Beacon information that can identify the mobile device 110 is received, the control device controls an interface with an arbitrary external device via an external device connection I / F. Specifically, when the control device receives Beacon information including predetermined identification information, it calls an elevator after designating a destination, starts a car engine, starts or ends shooting with a network camera, and so on. It is possible to control the provision of services. In addition, it is also possible to control to turn on the controlled device, output a message, or execute a command according to the reception of Beacon information. In addition, even if you enter a membership store that requires operations such as authentication, it is recommended by the control device in the store that receives the signal transmitted from the mobile device according to the operation. It is also possible to provide products and predetermined messages.

The authentication device 120 and other control devices can switch the control of the external device to be controlled according to the content of Beacon information (identification information, etc.) and the distance information found from the signal strength. be. For example, it is possible to control to start shooting with a network camera on a specific floor only when a certain control device receives Beacon information including distance information indicating a relatively short distance and a specific identifier. ..

In the present invention, a user having a mobile device 110 authenticates with each of a plurality of authentication devices within the range of action at home or at work, and uses a signal (Beacon information) transmitted from the mobile device 110 after the authentication. You can automatically receive services provided by various devices.

FIG. 2C is a block diagram showing an example of the hardware configuration of the authentication server 130.

The CPU 260 controls the overall operation of the authentication server 130. The CPU 260 comprehensively controls each device connected to the system bus 280 according to the program stored in the ROM 262. The RAM 261 functions as a main memory, a work area, and the like of the CPU 260, and is also used as an input information expansion area and an environment data storage area. The RAM 261 also includes an NVRAM (Non-volatile RAM) area, and is configured so that the memory capacity can be expanded by an optional RAM connected to an expansion port (not shown). The ROM 262 stores a control program executed by the CPU 260 and various data. The display unit I / F 263 controls the interface with the display unit 270. The operation unit I / F 264 controls an interface with the operation unit 271 including a button, a touch panel, a keyboard, a pointing device, and the like. The external memory I / F265 controls access to an external memory 272 such as a flash memory and an SSD (Solid State Disk). The external memory 272 functions as a storage or readable storage medium, and stores an operating system (OS) and an application. The communication I / F 266 controls the communication of the NIC 273. NIC273 is a connection I / F with a network and controls transmission / reception of data to / from the authentication device 120. The process described in this embodiment is realized by reading the program recorded in the external memory 272 into the RAM 261 as needed and executing the program by the CPU 260. The program may be stored in the RAM 261 or the ROM 262 in addition to the external memory 272.

FIG. 3 is a block diagram for explaining a module configuration example of software such as devices, devices, and servers constituting the present invention and its functions. The program that realizes the function shown in FIG. 3 is stored in the ROM 203, ROM 242, and ROM 262 of each device and each server group, and the CPU 201, CPU 240, and CPU 260 load and execute the program in the RAM 202, RAM 241, and RAM 261. , These functions are realized.

The authentication server 130 has a data storage unit 330, a communication unit 331, and a management unit 332.

The communication unit 331 has a communication module conforming to the communication method with the authentication device 120. This communication module corresponds to an interface for performing data communication with the authentication device 120, and can perform data communication with the communication module of the authentication device 120. The management unit 332 performs the authentication process by collating the user information list of the data storage unit 330 based on the authentication information transmitted from the authentication device 120 via the communication unit 331. Further, the authentication device information is acquired from the data storage unit 330 and transmitted in response to the request of the authentication device 120. The user information list / authentication device information list is stored in the data storage unit 330.

FIG. 4 shows an example of a data table stored in the data storage unit 330. FIG. 4A is an example of a user information list. In this list, the user account (401), password (402), authentication information (403), UUID (404), major number (405), minor number (406) are monitored. The user account (401) and password (402) are information used when the user accesses the network of the network system from a terminal (not shown) or the like. The authentication information (403) is authentication information used when authenticating a user using the mobile device 110, and the authentication information corresponding to the mobile device 110 is also stored. At the time of authentication, the authentication information is encrypted using a key or the like and used. The UUID (404) is identification information of Beacon information transmitted by the mobile device 110. The major number (405) and the minor number (406) are numbers for identifying mobile devices having the same UUID.

FIG. 4B is an example of information (list) about the authentication device stored in the data storage unit 330. In this list, device ID (410), role information (411), and transmission control information (412) are managed. The device ID (410) is identification information that can uniquely identify the authentication device existing on the network. In the data table shown in FIG. 4B, it is assumed that an authentication device other than the authentication device 120 exists on the network. The role information (411) is information indicating the role of the authentication device. For example, information such as which entrance of which place the authentication device is installed is stored. The transmission control information (412) stores control information such as whether the mobile device 110 starts or stops transmitting Beacon information by the authentication of the authentication device. A part or all of the data managed by the data storage unit 330 may be managed by an external storage device.

The authentication device 120 has a communication unit 320, an authentication processing unit 321 and a monitoring unit 322.

The communication unit 320 communicates with the authentication server 130 via the NIC 244 according to the instruction of the authentication processing unit 321. The communication unit 320 has a communication module conforming to the communication method with the authentication server 130. This communication module corresponds to an interface for performing data communication with the authentication server 130, and can perform data communication with the communication module of the authentication server 130.

The authentication processing unit 321 controls the communication unit 320, and performs authentication processing using the authentication information acquired from the mobile device 110 via the NIC 244, the reader / writer 245, or the like. Further, a control request such as starting or stopping the transmission of Beacon information is transmitted to the mobile device 110. The authentication processing unit 321 has a communication module conforming to the communication method with the authentication response unit 310 of the mobile device 110. This communication module corresponds to an interface for performing data communication with the authentication response unit 310 of the mobile device 110, and can perform data communication with the communication module of the authentication response unit 310 of the mobile device 110. .. The monitoring unit 322 monitors the Beacon information transmitted from the mobile device 110. The monitoring unit 322 has a communication module conforming to the communication method with the transmission unit 312 of the mobile device 110 via the Beacon 246. This communication module corresponds to an interface for receiving Beacon information transmitted from the communication module included in the transmission unit 312 of the mobile device 110.

The portable device 110, which is an authentication device for an individual or an aircraft, has an authentication response unit 310, a data storage unit 311 and a transmission unit 312.

The authentication response unit 310 controls the response to the authentication request transmitted from the authentication device 120, the reply of the authentication information of the data storage unit 311, and the like via the reader / writer response unit 205. Further, as a result of returning the authentication information, the transmission unit 312 controls the transmission start / stop of the Beacon information in response to the control request for the transmission start / stop of the Beacon information transmitted from the authentication device 120. The authentication response unit 310 has a communication module conforming to the communication method with the authentication processing unit 321 of the authentication device 120. This communication module corresponds to an interface for performing data communication with the authentication processing unit 321 of the authentication device 120, and can perform data communication with the communication module of the authentication processing unit 321 of the authentication device 120. .. The data storage unit 311 stores authentication information and Beacon information.

The transmission unit 312 starts or stops transmission of a signal including identification information that identifies the mobile device 110 or its user according to the instruction of the authentication response unit 310. More specifically, the start / stop of transmission of Beacon information using BLE (Bluetooth (registered trademark) Low Energy) via Beacon 206 is controlled.

FIG. 5 is an example of authentication information / Beacon information stored in the data storage unit 311. This table contains authentication information (420), UUID (421), major number (422), and minor number (423). The authentication information (420), UUID (421), major number (422), and minor number (423) are synonymous with the data of the same name described in FIG.

Using the flowchart shown in FIG. 6, an authentication process with the mobile device 110 in the authentication device 120 and a process for requesting control of transmission start / stop of Beacon information will be described.

First, in S601, the authentication processing unit 321 transmits an authentication request. Regarding the authentication request here, the request destination is not specified. For example, if there is an approaching mobile device, the authentication request is received on the mobile device side. In S602, the authentication processing unit 321 determines whether or not the mobile device 110 that has received the above authentication request has responded to the request. If it is determined that there is a response, the process proceeds to S603.

In S603, the authentication processing unit 321 identifies the authentication information included in the response from the mobile device 110, and gives an authentication instruction to the communication unit 320. Upon receiving the authentication instruction, the communication unit 320 transmits the specified authentication information together with the authentication request to the authentication server 130, and receives the authentication result. In S604, the authentication processing unit 321 determines whether or not the authentication processing is successful based on the authentication result received from the communication unit 320. If it is determined that the authentication process is successful, the process proceeds to S610, and if it is determined that the authentication process is unsuccessful, the process returns to S601.

In S610, the authentication processing unit 321 requests the authentication server 130 via the communication unit 320 to acquire the authentication device information using the identifier (device ID) of the own device managed by the storage unit in the own device. And send. Then, the authentication device information returned as a response to the request is acquired. The authentication device information may be stored in the storage unit of the authentication device 120 itself without being acquired from the authentication server 130, or may be managed by another dedicated server.

FIG. 9 is an example of the authentication device information acquired in S610. This information includes device ID (430), role information (431), and transmission control information (432). The device ID (430), role information (431), and transmission control information (432) are the same as the device ID (410), role information (411), and transmission control information (412) described in FIG. 4 (b). ..

In S611, the authentication processing unit 321 determines whether or not to start transmitting a signal (Beacon information in this embodiment) including specific identification information based on the transmission control information included in the authentication device information acquired in S610. to decide. In the example of FIG. 9, since the transmission control information (432) stores the information indicating “transmission”, it is determined that the transmission of the signal should be started. If it is determined to start the transmission, the process proceeds to S612, and if it is not determined to start the transmission, the process proceeds to S613. In S612, the authentication processing unit 321 transmits a transmission request for starting transmission of a signal (Beacon information) to the mobile device 110.

In S613, the authentication processing unit 321 determines whether or not to stop the transmission of the signal including the specific identification information (Beacon information in this embodiment) based on the transmission control information included in the authentication device information acquired in S610. to decide. If it is determined that the transmission of the signal should be stopped, the process proceeds to S614, and if it is not determined that the signal should be stopped, the process proceeds to S615. In S614, the authentication processing unit 321 transmits a stop request for stopping the transmission of the signal (Beacon information) to the mobile device 110.

In S615, the authentication processing unit 321 controls the external device. The control for the external device may be performed by using the role information included in the authentication device information acquired in S610. In the example of FIG. 9, since it is shown that the authentication device 120 is installed at the “entrance” of the external device “GateA”, the unlocking instruction is given to the “GateA”.

According to the processing example described with reference to FIG. 6, the user performs an authentication operation on the authentication device 120 using the mobile device 110 in order to open the “entrance” of the “Gate A” shown in FIG. If this is the case, the Beacon information transmission will be automatically started from the mobile device 110.

The monitoring unit 322 of the authentication device 120 receives the Beacon information and the distance information transmitted by the mobile device 110 and transmits the Beacon information and the distance information to the authentication server 130 to monitor the mobile device 110 or the Beacon information.

FIG. 10 is an example of monitoring information based on Beacon information acquired from the mobile device 110. The UUID (440), major number (441), and minor number (442) are the same as the UUID (404), major number (405), and minor number (406) in FIG. The distance information (443) included in the monitoring information is information indicating the distance between the authentication device 120 and the mobile device 110, and indicates the distance between the two points of the Beacon information transmitting side and the receiving side. For example, the distance information indicates one of "very close (immediate)", "near", "far", and "out of range" as the distance between two points. This information is analyzed based on the strength of the signal received on the Beacon information receiving side and the like.

Beacon information may be monitored by one or more control devices (not shown) other than the authentication device 120 as described above. By the monitoring process of each control device, it is possible to control the provision of different services to the user having the mobile device 110 according to the content of the Beacon information and the distance information to the mobile device 110.

The authentication process in the authentication server 130 will be described with reference to the flowchart shown in FIG. 7. When this process is started, first, as shown by S700, the management unit 332 receives a request from the outside via the communication unit 331.

In S701, the management unit 332 determines whether or not the request received via the communication unit 331 is a request for authentication processing from the authentication device 120. If it is determined that the authentication request has been received, the process proceeds to S702, and if not, the process proceeds to S704. In S702, the management unit 332 receives the authentication information from the authentication device 120 together with the request, and performs the authentication process. The authentication process is performed by collating the user information list stored in the data storage unit 330 based on the authentication information received from the authentication device 120. The management unit 332 returns the result of performing this authentication process to the authentication device 120 via the communication unit 331.

FIG. 4A is an example of a user information list stored in the data storage unit 330. The description of FIG. 4 is as described above. Explaining with the example of FIG. 4, when the authentication information received from the authentication device 120 is "gi9j39t74mks", since there is information matching the authentication information (403), the user account ("User A") associated with the authentication information. ) Succeeds in authentication. The authentication information is encrypted and used using a (encryption) key or the like. The authentication method in this embodiment is only an example, and it is also possible to use other authentication techniques for authenticating users and devices.

In S703, the management unit 332 associates the result of the authentication process with the user information and records it as authentication history information.

FIG. 11 is an example of authentication history information stored in the data storage unit 330 in S703. In the authentication history information, the information of the user account (“User A”) authenticated above, the authentication date / time (456), and the authentication location / device ID (457) are managed. The authentication date and time (456) stores the date and time when the authentication process was performed, and the authentication location / device ID (457) stores the identification information that can identify the authentication device 120 that performed the authentication.

In S704, the management unit 332 determines whether or not the request received via the communication unit 331 is a request for acquiring the authentication device information from the authentication device 120. If it is determined that the acquisition request has been received, the process proceeds to S705. If it is determined that the message has not been received, this process ends. In S705, the management unit 332 lists the authentication device information stored in the data storage unit 330 based on the device ID received from the authentication device 120 together with the acquisition request via the communication unit 331 (FIG. 4B). To match. If there is authentication device information associated with the received device ID, the information is returned to the authentication device 120. An example of the authentication device information returned as a result of collation is shown in FIG. 9 as described above.

The management unit 332 monitors the Beacon information transmitted from the mobile device 110. For example, the Beacon information and the distance information shown in FIG. 10 described above are received from the authentication device 120 or a control device (not shown) having a Beacon information receiving function. In response to this reception, the distance information is stored in the data storage unit 330 in association with the user information as history information. Here, the user information to be associated can be specified from the identification information in the Beacon information.

FIG. 12 is an example of history information including distance information stored in the data storage unit 330 for monitoring by the management unit 332. The reception date and time (466) stores the date and time when the Beacon information was received, and the reception location / receiver ID (467) identifies the authentication device 120 and the control device (not shown) that received the Beacon information. Information is stored. The distance information (468) is the same as the distance information (443) in FIG. By centrally monitoring the Beacon information in this way, the authentication server 130 can grasp the current position of the mobile device 110, the history of movement, and the like.

Next, using the flowchart shown in FIG. 8, a process related to authentication in the mobile device 110 and a process related to control of transmission of Beacon information will be described.

In S801, the authentication response unit 310 determines whether or not the authentication request has been received from the authentication device 120. If it is determined that the authentication request has been received, the process proceeds to S802. In S802, the authentication response unit 310 acquires the authentication information from the data storage unit 311 and returns it to the authentication device 120. FIG. 5 is an example of authentication information / Beacon information stored in the data storage unit 311. The authentication information (420) in this is acquired and replied.

In S803, the authentication response unit 310 determines whether or not a request for starting transmission of a signal (Beacon information) including predetermined identification information has been received from the authentication device 120 together with the authentication result. If it is determined that the start request has been received, the process proceeds to S804, and if not, the process proceeds to S806.

In S804, the authentication response unit 310 instructs the transmission unit 312 to start transmission of the signal acquired from the data storage unit 311. Specifically, Beacon information including UUID (421), major number (422), minor number (423), etc. as illustrated in FIG. 5 is periodically transmitted using wireless communication technology such as BLE. Become so. If the Beacon information has already been transmitted, the transmission will be continued as it is.

In S805, the authentication response unit 310 determines a time-out related to signal transmission. Whether or not a time-out has occurred is determined by counting the elapsed time after starting transmission of Beacon information and determining whether or not a predetermined time-out value stored in the data storage unit 311 has elapsed. If it is determined that the time-out has occurred, the process proceeds to S807.

In S806, the authentication response unit 310 determines whether or not a request for stopping transmission of a signal (Beacon information) including predetermined identification information has been received from the authentication device 120 together with the authentication result. If it is determined that the stop request has been received, the process proceeds to S807, and if it is determined that the stop request has not been received, this process ends. In S807, the authentication response unit 310 gives a stop instruction to the transmission unit 312 to stop the signal transmission.

(Application example 1)
The time-out determination in S805 may not be necessary. In that case, the mobile device 110 will continue to transmit until it receives a request to stop transmitting Beacon information from the authentication device 120.

(Application example 2)
The time-out determination in S805 may be determined according to the transmission time-out value transmitted from the authentication device 120, instead of the predetermined time-out value stored in advance in the data storage unit 311 of the mobile device 110. This form will be described.

In this example, the data storage unit 330 of the authentication server 130 stores a list of authentication device information as shown in FIG. In this list, the outgoing timeout value (473) is set for some authentication device information. The device ID (470), role information (471), transmission control information (472), and the like are synonymous with the above-mentioned information having the same name. The management unit 332 of the authentication server 130 returns the authentication device information included in this list in response to the request for acquisition of the authentication device information from the authentication device 120.

The authentication processing unit 321 of the authentication device 120 acquires the authentication device information including the transmission timeout value as shown in FIG. 14 in S610.

The authentication device information exemplified in FIG. 14 includes a device ID (480), a role information (481), a transmission control information (482), and a transmission timeout value (483). The device ID (480), role information (481), and transmission control information (482) are synonymous with the information of the same name described in FIG. 4 (b). As the transmission timeout value (483), the timeout value after the start of transmission of Beacon information is stored in seconds. In S612, the authentication processing unit 321 transmits this transmission timeout value to the mobile device 110 together with the transmission request for Beacon information. In the mobile device 110, this transmission time-out value is used in the determination of the time-out in S805.

(Application example 3)
A form in which the content of the Beacon information transmitted by the mobile device 110 is switched according to an instruction from the authentication device 120 is also conceivable. This form will be described.

In S612, the authentication processing unit 321 of the authentication device 120 transmits its own device ID to the mobile device 110 together with a signal transmission start request. The device ID transmitted here is the same as the information included in the authentication device information acquired in S610.

The authentication response unit 310 of the mobile device 110 determines in S803 whether or not the start request and the device ID have been received from the authentication device 120 together with the authentication result. If it is determined that the start request and the device ID have been received, the process proceeds to S804. Then, in S804, the authentication response unit 310 gives an instruction to the transmission unit 312 and starts transmission of Beacon information. The Beacon information at which transmission is started here is information that reflects the device ID received from the authentication device 120 in the minor number of the Beacon information acquired from the data storage unit 311.

FIG. 15A is an example of Beacon information transmitted by the transmitting unit 312 in this application example. Includes UUID (490), major number (491), minor number (492). The minor number (492) stores the device ID received from the authentication device 120.

Note that all device IDs received in the past from a plurality of authentication devices including the authentication device 120 may be stored and managed in order. FIG. 15B is an example in which all the device IDs received in the past are sequentially stored in the minor number (497). Further, the storage destination of the device ID is not limited to the minor number, but may be a major number or another storage area of Beacon information.

The information stored in the Beacon information is not limited to the device ID, and may be any information as long as it is the information transmitted by the authentication device 120. That is, according to the service using this signal (Beacon information), the identification information required for the control of the provided service can be appropriately defined and transmitted from the mobile device 110.

When the authentication device 120 transmits the authentication result and the start request to the mobile device 110, it is also possible to transmit information specifying the content of the signal to be transmitted instead of the device ID. In that case, a plurality of Beacon information having different contents is stored in the data storage unit 311 of the mobile device 110, and the mobile device 110 selectively transmits a signal in S804 according to the designated information transmitted. It will control the start.

(Application example 4)
It is also possible for the authentication response unit 310 of the mobile device 110 to receive an authentication result from the authentication device 120 and a start request for transmission of a plurality of signals (Beacon information) having different contents in S802, and perform control. .. In this case, the Beacon information of the contents stored in the data storage unit 311 of the mobile device 110 and the Beacon information based on the instruction from the authentication device 120 described in the application example 3 are adjusted in the transmission timing and cycle. It will be sent at the same time or at a different timing.

Further, in S802, it is also possible to receive and control both the start request and the stop request of the transmission of the signal (Beacon information) together with the authentication result from the authentication device 120. In this case, the process of S804 is applied to the Beacon information to be started based on the designation included in the start request, and the signal transmission is started. Further, based on the designation included in the stop request, the processing of S807 is applied to the Beacon information to be stopped, and the signal transmission is stopped.

According to the first embodiment, the user having the portable device 110 authenticates with the authentication device in the system, so that the start / stop of the transmission of the signal (Beacon information) is controlled. Then, the authentication server 130 can monitor the user's authentication path and the like from the Beacon information transmitted by the monitored mobile device 110. Further, in response to the authentication operation using the mobile device 110 by the user, a service corresponding to the signal (Beacon information) transmitted by the mobile device 110 is automatically provided to the user by a control device (not shown) or the like. become.

(Example 2)
In the first embodiment, a mode has been described in which the mobile device 110 stops the transmission when a predetermined timeout value elapses after the transmission of the signal (Beacon information) corresponding to the authentication process. In this embodiment, further considering the security aspect, a mode will be described in which the authentication server 130 gives a warning notification to the user when it detects that the mobile device 110 has moved out of the predetermined range after transmitting a signal. ..

The system configuration, the hardware configuration, and the software configuration of each device constituting the system in this embodiment are the same as those in the first embodiment.

The monitoring process by the authentication server 130 will be described with reference to the flowchart shown in FIG.

In S1701, the management unit 332 refers to the history information management table (FIG. 19) for monitoring the signal (Beacon information) transmitted by the mobile device 110. In S1702, as a result of reference, it is determined whether or not the Beacon information to be monitored has moved out of the predetermined range. If it is determined that the vehicle has moved out of the range, the process proceeds to S1703, and if it is determined that the vehicle has not moved out of the range, the process proceeds to S1704.

FIG. 19 is an example of a history information management table including distance information stored in the data storage unit 330. User account (501), password (502), authentication information (504), UUID (505), major number (506), minor number (507), reception date and time (508), reception location / receiver ID included in the table. (509), the distance information (510) is synonymous with the information having the same name as FIG.

The e-mail address (503) is the e-mail address of the user of the mobile device 110. Explaining with the example of FIG. 19, the distance information with the receiving place / receiving device ID (509) = "123456" (authentication device 120) is out of the range from "Far" (no reception), and other Beacon information is received. If the Beacon information is not received from the device, it is determined that the device has moved out of range.

Here, the term "out of range" includes the case where the distance information from all the authentication devices in the system is "far" or "out of range". Alternatively, the distance information from the specific authentication device may be "far" or "out of range". Definitions outside the predetermined range may be appropriately set by the system operator in consideration of security and the like.

In S1703, the management unit 332 sends a warning notification to the e-mail address specified by the user information associated with the Beacon information determined to have moved out of the predetermined range. If the mobile device 110 is a terminal that can receive e-mail such as a smart phone instead of a security card or the like, this warning notification may be given to the mobile device 110.

FIG. 18 is an example of the content of the warning notification. The sender, recipient's email address, and subject of the email are displayed in 1801. The content of the warning notification is displayed in 1802. The warning notification includes content to warn that a predetermined signal (Beacon information) is inadvertently continuously transmitted from a mobile device (security card or the like). In addition, the content also includes an appropriate authentication route for stopping the signal.

In S1704, the management unit 332 determines whether or not to end the monitoring. When the administrator of the authentication server 130 instructs the authentication server 130 to end monitoring, it is determined that the monitoring is terminated. If it is determined that monitoring will be terminated, this process will be terminated. If it is determined not to end the monitoring, the process returns to S1701.

As a result, even if the mobile device 110 moves out of the predetermined range, such as outside the office, while transmitting Beacon information, the user can be aware of it by receiving a warning notification. become.

(Other Examples)
The present invention also includes an apparatus or system configured by appropriately combining the above-described embodiments and a method thereof.

Here, the present invention is a device or system that is a main body that executes one or more software (programs) that realize the functions of the above-described embodiment. Further, a method for realizing the above-described embodiment executed by the device or system is also one of the present inventions. Further, the program is supplied to the system or device via a network or various storage media, and the program is read and executed by one or more computers (CPU, MPU, etc.) of the system or device. That is, as one of the present inventions, the program itself or various storage media that can be read by the computer that stores the program are also included. The present invention can also be realized by a circuit (for example, ASIC) that realizes the functions of the above-described embodiment.

Claims (15)

A system including an external system that manages user information indicating a user of a mobile device and a device that communicates with the external system.
The device is
A first transmission means for transmitting a request including information received via short-range communication with the mobile device to the external system, and
A second transmission means for transmitting data that triggers the start of transmission of a signal to the mobile device in response to receiving a response to the request from the external system.
The mobile device has a third transmission means for transmitting data used for controlling to stop the signal at which transmission is started .
In the portable device, according to the reception of the data from the second transmission means of the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled, and the start of the function of transmitting the signal is controlled . The stoppage of the function of transmitting the signal is controlled according to the data from the third transmission means.
A system characterized in that the signal includes identification information for identifying a mobile device or a user of the mobile device. A system including an external system that manages user information indicating a user of a mobile device and a device that communicates with the external system.
The device is
A first transmission means for transmitting a request including information received via short-range communication with the mobile device to the external system, and
It has a second transmission means for transmitting data that triggers transmission of signals having different contents to the mobile device in response to receiving a response to the request from the external system.
In the mobile device, according to the reception of the data from the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled.
In the above function, the transmission of signals having different contents is controlled.
A system characterized in that one type of signal among the signals having different contents includes identification information for identifying a mobile device or a user of the mobile device. Further, in the portable device, when a request for stopping the function is received from the external system, or when a specified time elapses after the function is started, the stop of the started function is controlled. The system according to claim 1 or 2 , wherein the system is to be used. The system according to claim 1 , wherein the mobile device changes the content of a signal transmitted by using the function according to the content of data received from the external system. As the request, the first transmission means transmits a request for authentication including information received from the mobile device to the external system.
The second transmission means according to any one of claims 1 to 4, wherein when the authentication is successful, the second transmission means transmits data that triggers the start of transmission of a signal to the mobile device. The system described. When it is detected that the mobile device has moved out of a predetermined range, a warning notification is given to the mobile device specified by the identification information or the destination corresponding to the user of the mobile device. The system according to any one of claims 1 to 5. The system according to any one of claims 1 to 6, wherein the function uses Bluetooth (registered trademark) Low Energy as wireless communication. Any of claims 1 to 7, wherein the portable device is at least one of an IC card type device, a terminal with a telephone function, a glasses type information device, a watch type information device, a car navigation system, and a robot. The system according to item 1. The system according to any one of claims 1 to 8, wherein the signal transmitted from the portable device in response to the start of the function includes a UUID, a major number, and a minor number. A control method in a system including an external system that manages user information indicating a user of a mobile device and a device that communicates with the external system.
The device is
A first transmission step of transmitting a request including information received via short-range communication with the mobile device to the external system, and
A second transmission step of transmitting data that triggers the start of transmission of a signal to the mobile device in response to receiving a response to the request from the external system.
It has a third transmission step of transmitting data used for control of stopping the signal at which transmission is started by the mobile device .
In the portable device, according to the reception of the data transmitted in the second transmission step of the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled, and the start of the function is controlled. , The stop of the function of transmitting the signal is controlled according to the data transmitted in the third transmission step of the apparatus.
A control method comprising the signal including identification information for identifying a mobile device or a user of the mobile device. A control method in a system including an external system that manages user information indicating a user of a mobile device and a device that communicates with the external system.
The device is
A first transmission step of transmitting a request including information received via short-range communication with the mobile device to the external system, and
It has a second transmission step of transmitting data that triggers transmission of signals having different contents to the mobile device in response to receiving a response to the request from the external system.
In the mobile device, according to the reception of the data from the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled.
In the above function, the transmission of signals having different contents is controlled.
A control method comprising one type of signal among the signals having different contents includes identification information for identifying a mobile device or a user of the mobile device . A device that communicates with an external system that manages user information that indicates the user of a mobile device.
A first transmission means for transmitting a request including information received via short-range communication with the mobile device to the external system, and
A second transmission means for transmitting data that triggers the start of transmission of a signal to the mobile device in response to receiving a response to the request from the external system.
The mobile device has a third transmission means for transmitting data used for controlling to stop the signal at which transmission is started .
In the portable device, according to the reception of the data from the second transmission means of the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled, and the start of the function of transmitting the signal is controlled . The stoppage of the function of transmitting the signal is controlled according to the data from the third transmission means.
A device characterized in that the signal includes identification information for identifying a mobile device or a user of the mobile device. A device that communicates with an external system that manages user information that indicates the user of a mobile device.
A first transmission means for transmitting a request including information received via short-range communication with the mobile device to the external system, and
It has a second transmission means for transmitting data that triggers transmission of signals having different contents to the mobile device in response to receiving a response to the request from the external system.
In the mobile device, according to the reception of the data from the device, the start of the function of transmitting a signal at a predetermined frequency or cycle by using wireless communication is controlled.
In the above function, the transmission of signals having different contents is controlled.
A device characterized in that one type of signal among the signals having different contents includes identification information for identifying a mobile device or a user of the mobile device. A program for operating a computer as the means according to claim 12 . A program for operating a computer as the means according to claim 13.

Images