JP7428995B2 - Authentication system and authentication method - Google Patents

Description

The present invention relates to an authentication system and an authentication method that issue key information used for authentication with an operation target to a mobile terminal and perform wireless authentication between the mobile terminal and the operation target.

Conventionally, an authentication system is known in which a user's mobile terminal is operated as a key for an operation target, authentication is performed via wireless communication between the mobile terminal and the operation target, and the operation target is executed based on the authentication result. There is. Patent Document 1 discloses an authentication system that enables a mobile terminal (smartphone) to operate as a vehicle key by issuing key information from a key information issuing device to the mobile terminal.

JP 2018-3330 Publication

By the way, if the key information issued to the mobile terminal is stolen, for example by hacking, there is a possibility that the operation target may be used illegally by the stolen key information. Therefore, there was a problem in terms of security.

An authentication system to solve the above problems issues key information to a mobile terminal to be used for authentication with the operation target, performs the authentication via wireless between the mobile terminal and the operation target, and based on the authentication result. An authentication system that allows operation of the operation target to operate the operation target, the system generates the key information based on secret information input when issuing the key information to the mobile terminal, and transmits the key information to the mobile terminal. a first calculation unit that issues the key information; and a second calculation unit that generates the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target. , an authentication unit that performs the authentication using the key information on the mobile terminal side and the key information on the operation target side, and inputs the secret information when issuing the key information to the mobile terminal. A first input unit for inputting the secret information when performing the authentication between the mobile terminal and the operation target is provided in the mobile terminal, and a second input unit for inputting the secret information is provided in the operation target. The secret information used when issuing the key information to the mobile terminal is input to the first input section when issuing the key information, and the secret information used when issuing the key information to the mobile terminal is input to the first input section when issuing the key information, and The secret information used when performing the authentication between the parties is input into the second input section when performing the authentication, and the secret information is input into the second input section when the key information is issued to the mobile terminal. This is what was input into the first input section.

An authentication method to solve the above problem is to issue key information to a mobile terminal to be used for authentication with the operation target, perform the authentication via wireless between the mobile terminal and the operation target, and based on the authentication result. An authentication method for permitting operation of the operation target when the key information is issued to the mobile terminal, the key information being generated based on secret information input when the key information is issued to the mobile terminal, and the key information being transmitted to the mobile terminal. generating the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target; and generating the key information on the operation target side on the mobile terminal side. performing the authentication using the key information and the key information of the operation target side, and the secret information used when issuing the key information to the mobile terminal is used to issue the key information to the mobile terminal. The secret information is input to a first input section provided on the mobile terminal when performing the authentication, and the secret information is used when performing the authentication between the mobile terminal and the operation target. The key information is input into the second input section provided on the operation target, and is input into the first input section when issuing the key information to the mobile terminal.

According to the present invention, it is possible to provide an authentication system and an authentication method that can improve security.

FIG. 1 is a block diagram showing the configuration of an authentication system. FIG. 3 is a flow diagram showing the flow of key information issuance by the data center. FIG. 3 is a flow diagram showing the flow of authentication between a mobile terminal and an authentication device.

An embodiment of an authentication system and a key information issuing device will be described below with reference to FIGS. 1 to 3.
As shown in FIG. 1, a vehicle 1 to be operated is equipped with an electronic key system 4 that performs wireless ID verification with an electronic key 2 to permit or execute operation of an on-vehicle device 3. The electronic key system 4 is a key operation-free system that executes ID verification (smart verification) using short-range wireless communication upon communication from the vehicle 1. An example of the on-vehicle device 3 is a door lock device or an engine.

The electronic key system 4 includes a system device 5 that operates the electronic key system 4 in the vehicle 1. The electronic key ID and key unique key used in smart verification are registered in the electronic key 2 and the system device 5. The electronic key 2 and the system device 5 perform smart verification through two-way communication in which communication is performed by transmitting and receiving radio waves to and from each other. Smart verification executes, for example, electronic key ID verification to confirm whether the electronic key ID is correct or not, challenge response authentication using a key-specific key, and the like. Radio waves in the LF (Low Frequency) band are used to transmit radio waves from the system device 5 to the electronic key 2, and radio waves in the UHF (Ultra High Frequency) band are used to transmit radio waves from the electronic key 2 to the system device 5. ing.

When the system device 5 executes smart communication (outdoor smart communication) with the electronic key 2 located outdoors, if the smart verification performed at this time (outdoor smart verification) is established, the system device 5 locks and unlocks the vehicle door. permit or execute. As a result, when the outside door handle is touched, the vehicle door is unlocked, and when the lock button on the outside door handle is operated, the vehicle door is locked. In addition, when the system device 5 executes smart communication (indoor smart communication) with the electronic key 2 located indoors, if the smart verification performed at this time (indoor smart verification) is established, the system device 5 turns off the vehicle power supply. Allow transition operations. As a result, when the engine switch on the driver's seat is pressed while pressing the brake pedal, the engine starts.

For example, in the case of a shared vehicle shared by multiple people, the vehicle 1 is equipped with a shared system 9, a so-called car sharing system, that allows each user to operate the vehicle 1 using a mobile terminal 8 owned by each user during a specified reserved time. Be prepared. Note that the shared system 9 corresponds to an authentication system. In the shared system 9 of this example, key information Dk is issued from the data center 10 to the mobile terminal 8, for example. The data center 10 corresponds to a key information issuing device. The authenticity of the mobile terminal 8 is determined by authentication using the key information Dk with the authentication device 11 provided in the vehicle 1. The authentication result of the authentication is one condition for whether or not the vehicle 1 can be operated. The key information Dk is a type of key that includes, for example, a usage time limit element. It is preferable that the key information Dk is a one-time key (one-time password) that is permitted to be used only once.

The mobile terminal 8 includes a terminal control unit 12 that controls the operation of the mobile terminal 8, a network communication module 13 that performs network communication in the mobile terminal 8, and a short-range wireless module 14 that performs short-range wireless communication in the mobile terminal 8. It also includes a memory 15 in which data can be written and rewritten. When the mobile terminal 8 acquires the key information Dk from the data center 10 through network communication, the mobile terminal 8 writes and stores this key information Dk in the memory 15. The short-range wireless communication is preferably Bluetooth (registered trademark), for example.

The mobile terminal 8 is provided with an input section 16 that is operated when inputting data on the mobile terminal 8. An example of the input unit 16 is a touch panel display. Further, in the mobile terminal 8, for example, a user interface application for managing the operation of the shared system 9 in the mobile terminal 8 is provided in the terminal control unit 12. The terminal control unit 12 uses a user interface application to execute various processes such as procedures for using the vehicle 1 (identity authentication, reservation procedures), locking and unlocking the vehicle doors, and starting the engine of the vehicle 1. .

The authentication device 11 includes a controller 20 that controls the operation of the authentication device 11 . The authentication device 11 also writes and writes data to a smart communication block 21 that performs smart communication, a network communication module 22 that performs network communication, and a short-range wireless module 23 that performs short-range wireless communication. It also includes a replaceable memory 24. A private key unique to the authentication device 11 is written and stored in the memory 24. The authentication device 11 has a one-to-one relationship with the vehicle 1 by linking the authentication device ID registered therewith with, for example, the vehicle body ID (vehicle number) of the vehicle 1.

The data center 10 is provided with a first calculation unit 31 that generates key information Dk and a memory 32. A public key used when issuing the key information Dk is written and stored in the memory 32. The first calculation unit 31 generates key information Dk based on the secret information Ds input to the input unit 16 of the mobile terminal 8 when issuing the key information Dk to the mobile terminal 8. An example of the secret information Ds is a password, a personal identification number, etc. The secret information Ds is sent from the mobile terminal 8 to the data center 10 through network communication. In this example, the first calculation unit 31 generates key information Dk by calculating a random number whose value changes each time it is generated, a public key, and secret information Ds. Furthermore, the data center 10 transmits the random number used when generating the key information Dk to the authentication device 11 through network communication.

The shared system 9 includes an authentication section 33 that performs authentication between the mobile terminal 8 and the authentication device 11. The authentication unit 33 includes an authentication unit 33a provided in the terminal control unit 12 and an authentication unit 33b provided in the authentication device 11. The authentication units 33a and 33b of this example perform authentication when Bluetooth communication between the mobile terminal 8 and the authentication device 11 is established.

The vehicle 1 is provided with an input section 34 for inputting secret information Ds at the time of authentication. Examples of the input unit 34 include a car navigation system provided inside the vehicle 1, an input device provided outside the vehicle 1, and the like.

The authentication device 11 includes a second calculation unit 35 that generates key information Dk based on the secret information Ds input to the input unit 34 of the vehicle 1 at the time of authentication. In this example, the second calculation unit 35 generates the key information Dk by calculating the random number received from the data center 10, the secret key registered in itself, and the secret information Ds.

The authentication units 33a and 33b perform authentication using the key information Dk of the mobile terminal 8 and the authentication device 11. That is, if the key information Dk generated by the first calculation unit 31 and the second calculation unit 35 are the same, authentication is established. In the authentication, the authentication units 33a and 33b of this example use the data strings generated by the mobile terminal 8 and the authentication device 11, respectively, and the key information Dk of each of the mobile terminals 8 and the authentication device 11 to create a secret in the mobile terminal 8 and the authentication device 11, respectively. Calculate the values and check if these secret values match. An example of a secret value calculation method is the Diffie-Hellman key agreement method. Further, it is preferable that the secret value calculation method (calculation algorithm) be given to the mobile terminal 8 and the authentication device 11 in advance, for example, at the time of registration with the data center 10.

The authentication device 11 includes a key function section 36 that operates the authentication device 11 like the electronic key 2. The key function section 36 is provided in the controller 20. The controller 20 switches the key function section 36 to an on state (valid) when authentication by the authentication sections 33a and 33b is successful. When the key function unit 36 shifts to the on state, smart communication (smart verification) with the electronic key system 4 becomes possible.

Next, the operation and effects of the authentication system and key information issuing device will be explained using FIGS. 2 and 3.
As shown in FIG. 2, in step S101, the data center 10 starts data issuance processing by receiving a usage application (usage reservation) from the mobile terminal 8. The application for use (reservation for use) includes, for example, the user ID and secret information Ds (password) given when registering the mobile terminal 8 in the data center 10, as well as registration of the period of use of the vehicle 1.

In step S102, the data center 10 performs user authentication based on the user ID and secret information Ds (password) transmitted from the mobile terminal 8. The data center ends the process if the user authentication is not successful.

In step S103, if the person authentication is successful, the first calculation unit 31 of the data center 10 uses the secret information Ds received from the mobile terminal 8, the random number whose value changes each time it is generated, and the public key to generate key information. Calculate Dk. Furthermore, the data center 10 transmits the random number used to generate the key information Dk to the authentication device 11. Note that the random number may be transmitted at any timing before, after, or during the issuance of the key information Dk.

In step S104, the data center 10 transmits the key information Dk to the mobile terminal 8. Furthermore, the data center 10 transmits usage information of the key information Dk to the mobile terminal 8. The usage information includes information on the validity period of the key information Dk. The mobile terminal 8 writes and stores the received key information Dk and usage information in the memory 15.

Next, the flow of authentication between the mobile terminal 8 and the authentication device 11 will be explained using FIG. 3.
As shown in FIG. 3, in step S201, when the mobile terminal 8 receives an advertisement message transmitted from the authentication device 11, processing for Bluetooth communication connection between the mobile terminal 8 and the authentication device 11 is started. A Bluetooth communication connection between the mobile terminal 8 and the authentication device 11 is established when device authentication (for example, address authentication, etc.) is established according to a series of communication connection processes following an advertisement message. The communication connection between the two continues until the mobile terminal 8 moves out of the Bluetooth communication range with the authentication device 11.

In step S202, the authentication device 11 enables the input function of the input unit 34 via the system device 5 when the Bluetooth connection is established. At this time, the authentication device 11 notifies the user of a request to input the secret information Ds, for example, by voice or display, and causes the input unit 34 to input the secret information Ds. When the user makes an input to the input unit 34, the authentication device 11 moves to step S203. On the other hand, if there is no input to the input unit 34, the authentication device 11 ends the process.

In step S203, the second calculation unit 35 of the authentication device 11 calculates key information Dk using the secret information Ds input to the input unit 34, the random number received from the data center 10, and the secret key.

In step S204, the authentication units 33a and 33b determine whether the authentication is successful or not. The authentication units 33a and 33b calculate secret values using the generated data strings and key information Dk, respectively, and confirm whether these secret values match.

In this example, the authentication unit 33b generates a predetermined random number during authentication. The authentication unit 33b uses this random number and the key information Dk on the authentication device 11 side to perform an operation according to a predetermined cryptographic operation formula. As a result, authentication parameters for the authentication device 11 are generated. The authentication unit 33b transmits the authentication parameters on the authentication device 11 side to the mobile terminal 8 via wireless. On the other hand, the authentication unit 33a generates a predetermined random number different from that on the authentication device 11 side during authentication. The authentication unit 33a uses this random number to perform a calculation according to a predetermined cryptographic calculation formula. As a result, authentication parameters for the mobile terminal 8 are generated. Then, the authentication unit 33a transmits the authentication parameters on the mobile terminal 8 side to the authentication device 11.

The authentication unit 33b uses the authentication parameters received from the mobile terminal 8 and the random numbers used when generating its own authentication parameters to calculate a secret value on the authentication device 11 side using a predetermined cryptographic expression. On the other hand, the authentication unit 33a uses the authentication parameters received from the authentication device 11, the random numbers used when generating its own authentication parameters, and the key information Dk on the mobile terminal 8 side, and performs a predetermined cryptographic operation on the mobile terminal 8 side. Calculate the secret value of.

The authentication units 33a and 33b determine that the authentication is successful when these secret values match. After the authentication is established, the mobile terminal 8 and the authentication device 11 are able to perform encrypted communication using a secret value.
Here, in order for the secret values calculated by the authentication sections 33a and 33b to match, the secret information Ds input to the input section 16 and the secret information Ds input to the input section 34 need to match. Therefore, authentication will not be established by a third party who does not know the secret information Ds. Furthermore, since calculating the secret value requires a calculation algorithm that is shared by the system, even if the key information Dk is extracted, the secret value cannot be calculated. Further, since the key information Dk takes a different value each time it is calculated using a random number, it is difficult to guess information such as the secret information Ds, public key, and secret key from the key information Dk.

In step S205, if the authentication is successful, the authentication device 11 causes the mobile terminal 8 to transmit usage information and turns on the key function section 36. Therefore, the key function unit 36 can perform smart communication (smart function) through the electronic key system 4 during the validity period registered in the usage information. That is, the mobile terminal 8 is given the right to use the vehicle 1 during the validity period. Note that the usage information from the mobile terminal 8 may be transmitted at any timing before the authentication, after the authentication, or during the authentication.

In this example, the first calculation unit 31 generates the key information Dk of the mobile terminal 8 based on the secret information input when issuing the key information Dk to the mobile terminal 8, and the and a second calculation unit that generates key information Dk for the authentication device 11 based on the secret information Ds input during authentication. Furthermore, an authentication section 33 is provided that performs authentication using the key information Dk of the mobile terminal 8 and the authentication device 11. According to this configuration, since the key information Dk is generated based on the secret information Ds, it is possible to improve the security of the key information Dk.

Furthermore, according to the above configuration, the secret information Ds input when issuing the key information Dk of the mobile terminal 8 is also input during authentication. Therefore, since the secret information Ds is required for authentication to be established, even if the key information Dk is extracted by hacking, for example, the vehicle 1 will not be operated illegally. This allows for improved security.

In this example, the key information Dk is a one-time key whose value differs each time it is generated. According to this configuration, the validity period of the key information Dk is limited, which contributes to improving security.
In this example, the first calculation unit 31 generates the key information Dk based on the public key and a random number whose value changes each time it is generated, and the second calculation unit 35 generates the key information Dk using the first calculation unit 31. Key information Dk is generated based on the same random number as the generated random number and a private key corresponding to the public key. According to this configuration, the key information Dk can be made complicated by a random number, a public key, and a private key, which contributes to improving security.

In this example, during authentication, the authentication units 33a and 33b use secret values of the mobile terminal 8 and the authentication device 11, respectively, based on data strings generated by the mobile terminal 8 and the authentication device 11, and key information Dk. and check whether these secret values match. According to this configuration, in order to match the secret values, it is necessary to perform calculation using the key information Dk using a calculation method determined on both the mobile terminal 8 side and the vehicle 1 side. This contributes to improving security.

In this example, the vehicle 1 is provided with an input section 34 for inputting secret information Ds at the time of authentication. According to this configuration, there is no need to transmit the secret information Ds to the authentication device 11 through wireless communication between the mobile terminal 8 and the authentication device 11. Thereby, the confidentiality of the secret information Ds can be ensured.

Note that this embodiment can be implemented with the following modifications. This embodiment and the following modified examples can be implemented in combination with each other within a technically consistent range.
- At the time of authentication, the secret information Ds may be input to an input section provided on another terminal. That is, the input section 34 does not need to be provided in the vehicle 1.

- In this embodiment, the secret information Ds input into the input section 16 of the mobile terminal 8 may be transmitted to the authentication device 11 at the time of authentication. That is, the input section 34 may be omitted. In this case, compared to the case where the vehicle 1 is provided with a separate input section, an increase in the number of parts can be suppressed.

- In this embodiment, the data center 10 may have the private key, the authentication device 11 may have the public key, or both the data center 10 and the authentication device 11 may have the private key. You may do so.

- In this embodiment, the same group of random numbers may be stored between the data center 10 and the authentication device 11, and random numbers from the group may be used in a predetermined order. In short, the key information Dk may be calculated using the same random number in the first calculation section 31 and the second calculation section 35.

-Using a private key and a public key for calculating the key information Dk may be omitted. Further, the use of random numbers in calculating the key information Dk may be omitted. In short, the key information Dk only needs to be calculated based on the secret information Ds.

- The key information Dk is not limited to a one-time key, and may be information that includes an element of a time limit on use, or may be information that does not have a time limit on use.
- The key information Dk may be information including usage information. The authentication device 11 may obtain the usage information by decrypting the key information Dk.

- The data center 10 may transmit an input request for the secret information Ds to the mobile terminal 8 when the user authentication is successful. In this case, when the mobile terminal 8 receives the input request, it is sufficient to accept the input of the secret information Ds from the input section 16, and when the secret information Ds is input to the input section 16, the secret information Ds is sent to the data center. Just send it to 10. That is, when issuing the key information Dk to the mobile terminal 8, the secret information Ds may be input at any time.

- The determination of whether or not authentication is successful is not limited to checking whether the secret values obtained through calculation using the key information Dk match, but may also check whether the key information Dk itself matches. That is, authentication may be performed using the key information Dk.

- The determination of whether or not the key information Dk on the vehicle 1 side and the mobile terminal 8 side is authenticated may be performed by the authentication section 33a, the authentication section 33b, or both the authentication section 33a and the authentication section 33b. You may go. That is, the authentication of the vehicle 1 and the mobile terminal 8 may be one-way authentication or mutual authentication.

- The conditions for switching the key function section 36 to the on state (enabled) can be changed according to specifications.
- In this embodiment, the secret information Ds may be a password using alphanumeric symbols, a personal identification number, or a pictorial pattern. Further, the secret information Ds may be biometric information such as a fingerprint, face, vein, palm shape, iris, and retina.

- The input unit 16 is not limited to a touch panel display, and may be a fingerprint sensor, an iris sensor, or a camera.
- In this embodiment, communication between the mobile terminal 8 and the key issuing device may be performed via short-range wireless communication, or may be performed using other communication modes.

- The key information issuing device is not limited to the data center 10, but may be another device. For example, it may be a terminal linked one-to-one to the vehicle 1, or the electronic key 2 may have a function as a key information issuing device.

- When issuing key information to the mobile terminal 8, the secret information Ds may be input to an input section provided in the key information issuing device.
- The mobile terminal 8 is not limited to a high-performance mobile phone, and may be various terminals. For example, it may be a terminal with a valet key position.

- The authentication device 11 may be communicatively connected to the system device 5 by wire.
- The authentication device 11 may have a configuration that is retrofitted to the vehicle 1 or a configuration that is assembled to the vehicle 1 in advance.

- The authentication device 11 may cause the vehicle 1 to perform an operation according to the request obtained from the mobile terminal 8 by outputting a command according to the request received from the mobile terminal 8 to the system device 5.

- The issuance of key information to the mobile terminal 8 is not limited to the manner in which it is started by a usage application from the mobile terminal 8, but may be started by communication from the key information issuing device, or the issuance of the key information between the mobile terminal 8 and the key information It may also be started when the issuing device establishes a communication connection. Further, the usage application may be processed by another terminal.

- Near field wireless communication is not limited to Bluetooth communication, and may be changed to other communication methods.
- Communication between the mobile terminal 8 and the authentication device 11, communication between the system device 5 and the authentication device 11, communication between the electronic key 2 and the system device 5, communication between the mobile terminal 8 and the data center 10, and Various frequencies and communication methods can be applied to communication between the data center 10 and the authentication device 11.

- The electronic key system 4 is not limited to a key operation free system, and may be changed to one with another system configuration.
- The object to be operated is not limited to the vehicle 1, and may be changed to other members such as the door of an accommodation facility, the gate machine of a coin parking lot, the locker of a delivery box, etc.

The technical philosophy is described below.
- Authentication in which key information used for authentication with the operation target is issued to a mobile terminal, the authentication is performed via wireless between the mobile terminal and the operation target, and the operation of the operation target is permitted based on the authentication result. A system,
a first calculation unit that generates the key information based on secret information input when issuing the key information to the mobile terminal, and issues the key information to the mobile terminal;
a second calculation unit that generates the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target;
an authentication unit that performs the authentication using the key information on the mobile terminal side and the key information on the operation target side;
Equipped with
The first calculation unit generates the key information based on a random number whose value changes each time it is generated and a public key registered in itself,
The second calculation unit is an authentication system that generates the key information based on the same random number as the random number generated by the first calculation unit and a private key corresponding to the public key.

- An input unit for inputting the secret information during the authentication between the mobile terminal and the operation target is provided in at least one of the mobile terminal and the operation target.
- The key information is a one-time key that has a different value each time it is generated.

- As the authentication, the authentication unit obtains a secret value obtained through calculation using the key information in each of the mobile terminal and the operation target, and confirms that these secret values match.

- Authentication in which key information used for authentication with the operation target is issued to a mobile terminal, the authentication is performed via wireless between the mobile terminal and the operation target, and the operation of the operation target is permitted based on the authentication result. A method,
generating the key information based on secret information input when issuing the key information to the mobile terminal, and issuing the key information to the mobile terminal;
generating the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target;
performing the authentication using the key information on the mobile terminal side and the key information on the operation target side;
Equipped with
In the step of issuing the key information to the mobile terminal, the key information is generated based on a random number whose value changes each time it is generated and a public key registered to the mobile terminal,
In the step of generating the key information on the operation target side, the key information is generated based on the same random number as the random number generated in the step of issuing the key information to the mobile terminal and the private key corresponding to the public key. Authentication method to generate key information.

DESCRIPTION OF SYMBOLS 1... Vehicle, 2... Electronic key, 4... Electronic key system, 5... System device, 8... Mobile terminal, 9 Shared system, 10... Data center, 11... Authentication device, 16... Input unit, 31... First calculation unit , 33... Authentication section, 34... Input section, 35... Second calculation section, 36... Key function section.

Claims (2)

An authentication system that issues key information to a mobile terminal to be used for authentication with an operation target, performs the authentication via wireless communication between the mobile terminal and the operation target, and permits operation of the operation target based on the authentication result. And,
a first calculation unit that generates the key information based on secret information input when issuing the key information to the mobile terminal, and issues the key information to the mobile terminal;
a second calculation unit that generates the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target;
an authentication unit that performs the authentication using the key information on the mobile terminal side and the key information on the operation target side;
Equipped with
A first input unit for inputting the secret information when issuing the key information to the mobile terminal is provided in the mobile terminal,
A second input unit for inputting the secret information when performing the authentication between the mobile terminal and the operation target is provided in the operation target,
The secret information used when issuing the key information to the mobile terminal is input to the first input section when issuing the key information,
The secret information used when performing the authentication between the mobile terminal and the operation target is input to the second input section when performing the authentication, and the secret information is input to the second input section when performing the authentication, and An authentication system that is input to the first input section when issuing information. An authentication method in which key information used for authentication with an operation target is issued to a mobile terminal, the authentication is performed wirelessly between the mobile terminal and the operation target, and operation of the operation target is permitted based on the authentication result. And,
generating the key information based on secret information input when issuing the key information to the mobile terminal, and issuing the key information to the mobile terminal;
generating the key information on the operation target side based on the secret information input when performing the authentication between the mobile terminal and the operation target;
performing the authentication using the key information on the mobile terminal side and the key information on the operation target side;
Equipped with
The secret information used when issuing the key information to the mobile terminal is input to a first input section provided on the mobile terminal when issuing the key information,
The secret information used when performing the authentication between the mobile terminal and the operation target is input to a second input section provided on the operation target when performing the authentication, and An authentication method in which the key information is input to the first input section when issuing the key information to the mobile terminal.