JP7569746B2 - Processing device and program - Google Patents

Description

The present invention relates to a processing device and a program.

In recent years, technology has been developed that authenticates devices based on the results of sending and receiving signals between devices. Authentication between devices can be performed using authentication information that each device has acquired in advance.

On the other hand, there is provided a control device that connects to and controls various devices via a communication line. For example, the following Patent Document 1 discloses a center server that supports various devices with different communication standards using connection information related to the devices provided by the device manufacturer. Such a center server can refer to the connection information and transmit control command information to the devices based on the communication standard corresponding to the devices.

JP 2016-095809 A

Here, programs that execute authentication processes with each device (control device) are prepared individually in advance, but incorporating multiple programs into a single application to support multiple devices is difficult, requiring development costs and time.

The present invention has been made in consideration of the above problems, and the object of the present invention is to provide a new and improved processing device and program that can improve the convenience of authentication processing performed between devices by appropriately configuring the communication sequence of the authentication processing.

In order to solve the above problem, according to one aspect of the present invention, a processing device is provided that includes a control unit that selects one or more communication processing units according to the target indicated by the identification information from among one or more communication processing units that functionally unitize a series of communication sequences of authentication processing that permits control of each target, according to input information including identification information indicating the target permitted to use the device, and performs processing to execute the communication sequence assembled according to the selection.

In addition, in order to solve the above problem, according to another aspect of the present invention, a program is provided that causes a computer to function as a control unit that, in accordance with input information including identification information indicating a target permitted to use, selects one or more communication processing units from among one or more communication processing units that functionally unitize a series of communication sequences of authentication processing that permits control of each target according to the target indicated by the identification information, and performs processing to execute the communication sequence assembled in accordance with the selection.

As described above, according to the present invention, by appropriately constructing the communication sequence of the authentication process, it is possible to improve the convenience of the authentication process performed between devices.

FIG. 1 is a diagram illustrating a system according to an embodiment of the present invention. FIG. 2 is a block diagram showing an example of the configuration of a user terminal according to the present embodiment. FIG. 2 is a block diagram showing an example of the configuration of an aggregation server according to the embodiment; FIG. 2 is a block diagram showing an example of the configuration of a device according to the embodiment. FIG. 2 is a diagram illustrating an example of a flow of operation processing of the entire system according to the embodiment. FIG. 11 is a sequence diagram showing an example of a process flow when operating a device according to the present embodiment. FIG. 11 is a sequence diagram showing an example of a process flow when operating a device according to the present embodiment.

The preferred embodiment of the present invention will be described in detail below with reference to the attached drawings. Note that in this specification and the drawings, components having substantially the same functional configuration are designated by the same reference numerals to avoid redundant description.

＜1. Overview＞
FIG. 1 is a diagram for explaining a system according to an embodiment of the present invention. In this embodiment, signals are transmitted and received by wireless communication between a device 50, which is an example of a control device that controls an object, and a user terminal 10, which is an example of a communication terminal (processing device), and an authentication process is executed to permit control of the object. The object is assumed to be, for example, a vehicle, a bicycle, a delivery box (locker-type equipment), etc. In addition, the device 50A may be, for example, an in-vehicle device mounted on a vehicle and controlling the unlocking of the door lock of the vehicle, the device 50B may be, for example, a device mounted on a bicycle and controlling the unlocking of the bicycle lock, and the device C may be, for example, a device that controls the unlocking of the delivery box lock. Note that permission to control the object is not limited to unlocking the lock. For example, in the case of a vehicle, permission to operate the vehicle, such as turning on a certain light provided in the vehicle and starting the engine, is also assumed.

The targets are not limited to the above examples, but may also include homes, offices, hotels, warehouses, parking lots, bicycle parking lots, construction machinery, etc. Examples of devices 50 mounted on targets include devices that can control various targets, such as a locking/unlocking control device mounted on the door of a hotel room, a locking/unlocking device mounted on the door of a house, and a control device installed at the entrance to a parking lot to control a gate system that manages the entry and exit of vehicles and settles accounts.

In addition, in this embodiment, as an example, it is assumed that the object includes an object that is shared by multiple people. Specifically, examples include vehicles provided by a car sharing service, bicycles provided by a bicycle sharing service, and delivery boxes used by delivery companies and residents. The authority to use an object that is shared by multiple people can be managed by the business operator server 20. The business operator server 20 accepts a reservation for use of the object based on reservation information input from the user terminal 10, and performs a process of granting the authority to use the object. An example of the process of granting the authority to use the object is a process of instructing a specified server to issue authentication information required to use the object to the user terminal 10 of the user.

The user terminal 10 may obtain authentication information to be used in authentication processing with the device 50. The authentication information includes, for example, an encryption key consisting of information indicating an algorithm used when encrypting or decrypting specific information. In this embodiment, such authentication information is referred to as an electronic key. Note that, in this embodiment, an encryption key consisting of an algorithm for encryption or decryption is used as an example of an electronic key (authentication information), but the present invention is not limited to this. For example, the authentication information may be a specific password, a unique ID, a numerical value, a calculation formula, or a program.

The user terminal 10 is a communication terminal (an example of a processing device) carried by the target user, and may be realized, for example, by a smartphone as shown in FIG. 1. The user terminal 10 may also be realized, for example, by a mobile phone, a tablet terminal, a wearable device such as a bracelet or glasses, or a small portable device (a so-called smart key consisting of a box, oval, card, etc.).

The electronic key of each device is generated and distributed (issued) by the corresponding key generation server (key A/B generation server 40 or key C generation server 42). A key generation server may be prepared for each type of object on which the device is mounted, or one key generation server may generate electronic keys for each device mounted on multiple different types of objects. For example, in the example shown in FIG. 1, electronic key A of device 50A mounted on a vehicle and electronic key B of device 50B mounted on a bicycle may be generated by key A/B generation server 40. Also, electronic key C of device 50C mounted on a delivery box, for example, is generated by key C generation server 42. The user terminal 10 obtains the electronic key generated by a specific key generation server and stores it in an internal memory area. Also, the user terminal 10 uses the electronic key to perform authentication processing with the corresponding device 50.

(Issues Sorting)
It would be convenient for users if a single application could seamlessly support electronic keys for multiple devices, such as vehicles, bicycles, and delivery boxes. However, because a program for authentication processing using an electronic key (authentication information) is prepared for each device, it has been difficult for application providers to understand and incorporate these multiple programs into their applications.

The system according to one embodiment of the present invention was conceived with the above points in mind, and by constructing an appropriate communication sequence, it is possible to improve the convenience of authentication performed between devices.

Specifically, the user terminal 10 incorporates a function (device authentication processing unit) that selects one or more communication processing units according to the target indicated by the identification information from among one or more communication processing units that functionally unitize a series of communication sequences of authentication processing that permits control of each target, according to input information including identification information indicating the target permitted to use, and performs processing to execute the communication sequence assembled according to the selection. Such a function (device authentication processing unit) can be realized, for example, by a software development kit (SDK) provided by an electronic key distributor that develops the authentication processing system (device 50 and key generation server).

In this way, by preparing a large number of communication processing units in advance and selecting and assembling the communication processing units to be executed as appropriate, it is also possible to handle authentication processing that is executed using different communication sequences for each target (for the device 50 that controls it).

The system of this embodiment also provides a function (aggregation function) between the business operator's system and the authentication processing system that converts input information into a format appropriate for the target and outputs it. When using multiple servers that issue electronic keys, the business operator must understand the specifications of the communication procedures, standards (protocols), APIs (Application programming interface), etc., which differ for each server, and develop an application that corresponds to the differences in the specifications of each server, which raises concerns about development costs and delays in implementation.

However, by using a function (aggregation function) that converts the input information into a format appropriate for the target and outputs it, it is possible to introduce a system that supports multiple target electronic keys with a single application, without the time required to develop applications that support the authentication process for each individual target.

Such an aggregation function can be incorporated into the aggregation server 30 (information processing device) and user terminal 10 shown in FIG. 1. The aggregation server 30 appropriately converts the form of input information, such as an electronic key request including authority information permitting use of the target, sent from the business server 20 that accepts reservations for use of the target, according to the target, and sends it to the corresponding key generation server. This allows the business server 20 to simply send information such as an electronic key request to the aggregation server 30 in the same way regardless of the processing related to any target, without needing to understand the different specifications of each key generation server. In other words, the aggregation server 30 can function as a common API for each key generation server.

In addition, the user terminal 10 incorporates a business application (business application function unit 121) that executes processing with the business server 20, an aggregation function (aggregation control unit 122), and an authentication function (device authentication processing unit) that executes processing with each target device 50. The business application controls the display of the operation screen, etc., and controls the transmission of information of operation input by the user to the business server 20. In addition, the business application outputs instruction information such as a key update request and an operation instruction to the device 50 (unlocking operation, etc.) to the aggregation function. The aggregation function appropriately converts the form of the instruction information from the business application according to the target and outputs it to the corresponding authentication function. As a result, the business application does not need to understand the different specifications of each authentication function, and only needs to output instruction information to the aggregation function in the same way regardless of the instruction regarding any target. In other words, in the user terminal 10, the aggregation function can function as a common API for each authentication function. The aggregation function and each authentication function built into the user terminal 10 may be realized by a software development kit (SDK) provided by an electronic key distributor who develops the authentication processing system (device 50 and key generation server).

The configuration of each device included in the system according to this embodiment will be explained below.

2. Configuration example
<2-1. User terminal 10>
2 is a block diagram showing an example of the configuration of the user terminal 10 according to the present embodiment. As shown in FIG. 2, the user terminal 10 includes a communication unit 110, a control unit 120, a display unit 130, an operation input unit 140, and a storage unit 150.

(Communication unit 110)
The communication unit 110 has a function of transmitting and receiving data with other devices. For example, the communication unit 110 performs communication with the device 50 in accordance with a predetermined wireless communication standard. For example, the communication unit 110 may be a communication device that transmits and receives data with other devices (for example, the device 50) over a short communication distance. The short communication distance may be, for example, within about 5 cm, 10 cm, 1 m, or 10 m. In this embodiment, for example, BLE (registered trademark) (Bluetooth Low Energy) may be used as a short-distance wireless communication method. In addition, for example, Wi-Fi (registered trademark), Bluetooth (registered trademark), UWB (Ultra-Wide Band), NFC (Near field communication), TransferJet (registered trademark), etc. may be used as other short-distance wireless communication methods.

The communication unit 110 may also be connected to the Internet, for example, and transmit and receive data with the business server 20, the aggregation server 30, and the key generation server via the Internet. For example, the communication unit 110 may be connected to the Internet via a wireless LAN (Local Area Network), Wi-Fi (registered trademark), Bluetooth (registered trademark), etc.

(Control unit 120)
The control unit 120 functions as an arithmetic processing unit or a control unit, and controls the overall operation or a part of the operation of each component of the user terminal 10 based on various programs recorded in a ROM (Read Only Memory), a RAM (Random Access Memory), an EEPROM (Electrically Erasable Programmable Read-Only Memory), or the storage unit 150. The control unit 120 can be realized by a processor such as a CPU (Central Processing Unit) or an MCU (Micro Controller Unit), for example.

The control unit 120 in this embodiment functions, for example, as a business application function unit 121, an aggregation control unit 122, and a device authentication processing unit (device A and B authentication processing unit 123, device C authentication processing unit 124).

The business application function unit 121 has a function of executing processing with the business server 20. The business application function unit 121 can be realized by an application developed by a business that provides and manages the target, such as a car sharing service business. For example, the business application function unit 121 controls the display unit 130 to display a reservation screen for making a reservation for the target and an operation screen for operating the target. The business application function unit 121 also controls communication connection with the business server 20 via the communication unit 110 and transmission of reservation information input from the operation input unit 140. The business application function unit 121 also controls output of instruction information, such as an instruction to obtain the target electronic key and an operation instruction, to the aggregation control unit 122.

The aggregation control unit 122 has a function of appropriately converting the mode of the instruction information input from the business application function unit 121 according to the target (conversion processing unit 1222) and outputting it to a corresponding device authentication processing unit. In addition, the aggregation control unit 122 may transmit the converted information to the aggregation server 30 via the communication unit 110 as necessary. The instruction information includes identification information indicating the target. Examples of the conversion of the mode include conversion of the data format (format) and generation (assembly) of a control instruction (command signal). The aggregation control unit 122 converts the instruction information into a data format or a control instruction (command signal) suitable for the target indicated by the identification information and the device authentication processing unit that executes the authentication process, and then controls outputting the converted instruction information to the device authentication processing unit. The conversion of the instruction information may be performed according to a conversion table stored in advance in the storage unit 150. As described above, the aggregation control unit 122 may be realized by a software development kit (SDK).

The device authentication processing unit has a function of executing authentication processing by appropriately transmitting and receiving data via the communication unit 110 with the device 50 that controls the target. For example, the device authentication processing unit can generate a predetermined authentication response signal using an electronic key previously obtained from the key generation server in response to an authentication request signal sent from the device 50, and control the communication unit 110 to return the signal to the device 50. The electronic key (an example of authentication information) is data generated and distributed by the key generation server in response to a key generation request from the business server 20, using the aggregation server 30 as a common API, based on the authority granted by the business server 20 by the reservation of use of the target shared by multiple people.

The series of communication sequences (communication procedures) executed in the authentication process may differ depending on the target (the device 50 that controls it). For example, the optimal method differs depending on the target, such as whether or not to check the state of the target or device before operating (controlling), and the timing of disconnecting communication. The device authentication processing unit according to this embodiment selects one or more communication processing units according to the target from one or more communication processing units that unitize the series of communication sequences of the authentication process on a functional basis, and performs processing to execute the communication sequence assembled according to the selection, thereby making it possible to appropriately handle targets with different communication sequences of the authentication process.

A communication processing unit is a set of processes including, for example, at least one of sending or receiving a signal, and generating a signal to be sent. The communication processing unit may include a communication processing unit common to different targets and a unique communication processing unit (optional communication processing unit) that differs depending on the target. Even if the common communication processing unit (communication procedure or mechanism) is the same, the contents of the data exchanged may differ depending on the target. Examples of the contents of the data include the control target (vehicle door, house door, bicycle lock, delivery box door, etc.) by the device 50, control means, control authority, etc. The control of what to do with the contents of the data may be instructed by a higher-level application (for example, the business application function unit 121). Each communication processing unit may be downloaded to the user terminal 10 in advance and stored in the storage unit 150. The control unit 120 of the user terminal 10 may also acquire a communication processing unit from the outside as appropriate. The storage unit 150 may also store information indicating which communication processing unit to select depending on the target and in what order to assemble them to form a communication sequence for the authentication process. The storage unit 150 may store, for example, a list (command list) related to the assembly of a communication processing unit corresponding to a target (or a request from the target).

In this embodiment, as an example of a device authentication processing unit capable of handling multiple targets (different types of targets), it is assumed that a device A/B authentication processing unit 123 capable of handling a device 50A mounted on a vehicle and a device 50B mounted on a bicycle is incorporated in the user terminal 10. Furthermore, the user terminal 10 according to this embodiment may also incorporate a device C authentication processing unit 124 capable of handling a device 50C mounted on a delivery box. As described above, each device authentication processing unit may be realized by a software development kit (SDK). Also, a program that realizes the functions of the device authentication processing unit may be provided from outside and installed in the user terminal 10. Also, the device authentication unit may be realized as a processing device.

The operation request (such as an instruction to unlock the target, including identification information indicating the target that is permitted to use) output from the business application function unit 121 is converted into a predetermined form by the aggregation control unit 122 and input to the device A/B authentication processing unit 123. The predetermined form is a data format or command signal that matches the specifications of the program that realizes the functions of the device A/B authentication processing unit 123. The input information (information converted from the operation request) input to the device A/B authentication processing unit 123 includes identification information indicating the target. The device A/B authentication processing unit 123 selects one or more communication processing units according to the target indicated by the identification information, assembles the selected communication processing units, and generates a communication sequence for the authentication process. This communication sequence is then executed between the device 50 that controls the target indicated by the identification information.

A specific example of the assembly will be described later with reference to FIG. 6 and FIG. 7. Examples of the communication processing unit to be assembled include a connection process for connecting communication with the device 50, a disconnection process for disconnecting the communication, a data synchronization process for executing data synchronization between the device 50 and an external device (aggregation server 30 or key generation server), a status acquisition process for acquiring the status of the device 50 (e.g., lock/unlock status), and an operation control process for controlling the operation of the target by the device 50 (e.g., unlock operation). In addition, by making the part common to multiple devices 50 out of the communication sequence of a series of authentication processes in each device 50 into a common communication processing unit, one communication processing unit can be applied to the authentication processes of different devices, improving convenience. In addition, when a compatible device is added, if only a unique communication processing unit is added, the communication sequence of the authentication process can be assembled in combination with the common communication processing unit, thereby reducing development costs and time.

(Display unit 130)
The display unit 130 displays various operation screens, menu screens, etc. The display unit 130 can be realized by, for example, a liquid crystal display (LCD) device, an organic light emitting diode (OLED) device, or the like.

(Operation Input Unit 140)
The operation input unit 140 accepts operation input to the user terminal 10, and outputs the input information to the control unit 120. The operation input unit 140 can be realized by, for example, a button, a switch, a touch panel, a keyboard, a mouse, or the like.

(Memory unit 150)
The storage unit 150 has a function of storing various information for the operation of the user terminal 10. For example, the storage unit 150 stores a program for the operation of the user terminal 10, as well as an electronic key. The electronic key may be, for example, an encryption key consisting of information indicating an algorithm used when encrypting or decrypting predetermined information. The encryption key may be a common key when a common key encryption method is used, or a private key when a public key encryption method is used. In this embodiment, the electronic key generated by the key generation server may be acquired and stored in the storage unit 150 by processing of the aggregation control unit 122 or the device authentication processing unit.

The above describes an example of the configuration of the user terminal 10. Note that the configuration of the user terminal 10 shown in FIG. 2 is just an example, and the present embodiment is not limited to this. For example, the user terminal 10 may be configured without a display unit 130, or may be configured without an operation input unit 140. In addition, the user terminal 10 may be configured with a microphone, a speaker, a light-emitting unit, a vibration unit, or the like.

<2-2. Aggregation server 30>
3 is a block diagram showing an example of the configuration of the aggregation server 30 according to this embodiment. As shown in FIG. 3, the aggregation server 30 includes a communication unit 310, a control unit 320, and a storage unit 330.

The communication unit 310 has a function of transmitting and receiving data to and from other devices. For example, the communication unit 310 may be connected to the Internet and transmit and receive data to and from the user terminal 10, the business server 20, the key generation server (key A and B generation server 40, key C generation server 42), and the device 50 via the Internet. For example, the communication unit 310 may be connected to the Internet via a wired/wireless LAN (Local Area Network), Wi-Fi (registered trademark), etc.

The control unit 320 functions as an arithmetic processing unit or control unit, and controls the overall operation or part of the operation of each component of the aggregation server 30 based on various programs recorded in a ROM (Read Only Memory), a RAM (Random Access Memory), the storage unit 260, or a removable recording medium. The control unit 320 can be realized by a processor such as a CPU (Central Processing Unit) or an MCU (Micro Controller Unit).

The control unit 320 according to this embodiment also functions as an aggregation control unit 321. The aggregation control unit 321 has a function of appropriately converting the form of information (input information) received from the business server 20 via the communication unit 310 and transmitting it to a corresponding key generation server. Examples of the conversion of the form include conversion of the data format and generation (assembly) of a control instruction (command signal). Also, an example of the information received from the business server 20 is a request for generation of an electronic key that is output when the business server 20 confirms the target reservation.

The electronic key generation request includes authority information that permits the use of the target. The authority information also includes information indicating who can use which target and when. Specifically, information on the period of use (long term (ownership), short term (temporary use)), the number of uses (when limiting the number of operations using the electronic key), user information, target identification information, etc. may be included. The aggregation control unit 321 converts the electronic key request into a data format and control instructions (command signals) suitable for the key generation server that generates the electronic key of the target indicated by the identification information, and then controls transmission to the key generation server. The conversion of the reservation information may be performed according to a conversion table previously stored in the storage unit 330. The electronic key generated by the key generation server may be stored in the aggregation server 30 and transmitted to the user terminal 10 in response to a request from the user terminal 10. The electronic key generated by the key generation server may also be stored in the key generation server (the aggregation server 30 is notified that the key has been generated), and in response to a key acquisition request from the user terminal 10 to the aggregation server 30, the aggregation server 30 may instruct the key generation server to transmit the generated electronic key to the user terminal 10. Communication processing related to key acquisition between the user terminal 10 and the aggregation server 30, and data synchronization processing described below, may be performed between the aggregation control units.

The storage unit 330 is configured to store various types of information. For example, the storage unit 330 stores programs and parameters used by the control unit 320. The storage unit 330 may also store processing results by the control unit 320. The storage unit 330 may be realized by, for example, a ROM (Read Only Memory) or a RAM (Random Access Memory).

A configuration example of the aggregation server 30 according to this embodiment has been described above. Note that the configuration of the aggregation server 30 is not limited to the example shown in FIG. 3. For example, the aggregation server 30 may be composed of multiple devices.

<2-3. Device 50>
4 is a block diagram showing an example of the configuration of the device 50 according to the present embodiment. As shown in FIG. 4, the device 50 includes a communication unit 510, a control unit 520, and a storage unit 530.

The communication unit 510 has a function of transmitting and receiving data to and from other devices. For example, the communication unit 510 communicates with the user terminal 10 in accordance with a specific wireless communication standard. More specifically, the communication unit 510 uses wireless communication standards such as BLE (registered trademark) (Bluetooth Low Energy), UWB (Ultra-Wide Band), Bluetooth (registered trademark), Wi-Fi (registered trademark), NFC (Near field communication), or TransferJet (registered trademark).

The communication unit 510 may also be connected to the Internet, for example, and transmit and receive data to and from the aggregation server 30 and key generation servers (e.g., key A and B generation server 40 and key C generation server 42) via the Internet. For example, the communication unit 510 may be connected to the Internet via a wireless LAN (Local Area Network), Wi-Fi (registered trademark), Bluetooth (registered trademark), etc.

The control unit 520 functions as an arithmetic processing unit or control device, and controls the overall operation or part of the operation of each component of the device 50 based on various programs recorded in a ROM (Read Only Memory), a RAM (Random Access Memory), the storage unit 530, or a removable recording medium. The control unit 520 may be realized by a processor such as a CPU (Central Processing Unit) or an MCU (Micro Controller Unit). In addition, in the case of the device 50A mounted on a vehicle, the control unit 520 may be realized by an ECU (Electronic Control Unit) mounted on the vehicle, a microcomputer mounted on the ECU, or the like.

The control unit 320 according to this embodiment also functions as an authentication processing unit 521. The authentication processing unit 521 may perform authentication processing to authenticate the user terminal 10 based on data transmission and reception with the user terminal 10 via the communication unit 510. At this time, the authentication processing unit 521 may perform authentication processing using authentication information (encryption key) acquired in advance from a key generation server and stored in the storage unit 530. There are no particular limitations on the algorithm of the authentication processing. Various methods can be applied to the authentication processing. In the case of authentication processing using an encryption key, the encryption keys used for encryption and decryption may be the same or different. In addition, when the device 50 and the user terminal 10 perform mutual authentication processing, the encryption keys used may be the same or different.

Here, the series of communication sequences (communication procedures) executed in the authentication process may differ depending on the target. For example, the optimal method differs depending on the target, such as whether or not to check the state of the target or device before operation (control), and the timing of disconnecting communication. The authentication processing unit 521 according to this embodiment can execute authentication processing suitable for the target by selecting one or more communication processing units according to the target from one or more communication processing units that unitize a series of communication sequences in functional units, and executing a communication sequence assembled according to the selection. The authentication processing unit 521 selects one or more communication processing units according to the target according to input information including identification information indicating the target, and executes a communication sequence assembled according to the selection. Information indicating which communication processing unit is selected according to the target and in what order to assemble them to form the communication sequence of the authentication process can be stored in the storage unit 530. The storage unit 530 can store, for example, a list (command list) related to the assembly of communication processing units corresponding to the target (or a request from the target). In addition, the function of the authentication processing unit 521 may be realized by a software development kit (SDK).

If the authentication is successful, the control unit 320 permits control (operation) of the target. For example, it permits unlocking of the vehicle doors. The control of the target may be performed directly by the control unit 320, or may be performed by the control unit 320 via another device.

(Memory unit 530)
The storage unit 530 is configured to store various types of information. For example, the storage unit 530 stores programs, parameters, and the like used by the control unit 520. The storage unit 530 may also store results of processing by the control unit 520, information received from other devices via the communication unit 510, and the like. For example, the storage unit 530 stores authentication information.

The content of the information stored in the memory unit 530 is not particularly limited. The memory unit 530 may be realized by, for example, a ROM (Read Only Memory) or a RAM (Random Access Memory). The memory unit 530 may be realized by, for example, a magnetic memory device such as a hard disk drive (HDD), a semiconductor memory device, an optical memory device, or a magneto-optical memory device.

A configuration example of the device 50 according to this embodiment has been described above. Note that the configuration of the device 50 according to this embodiment is not limited to the example shown in FIG. 4. For example, the device 50 may be composed of multiple devices. Furthermore, when the device 50 communicates with other devices mounted on the vehicle, data may be transmitted and received using an in-vehicle communication network that complies with any standard, such as CAN (Controller Area Network) or LIN (Local Interconnect Network).

<3. Details of authentication process>
Next, a detailed description will be given of the authentication process performed between the device 50 and the user terminal 10. Fig. 5 is a functional block diagram illustrating the authentication process between the devices 50A and 50B and the user terminal 10.

As shown in FIG. 5, the device A/B authentication processing unit 123 of the user terminal 10 has the functions of a selection unit 1231 that selects a communication processing unit according to the target, and a sequence assembly unit 1232 that assembles the selected communication processing unit. The selection and assembly order of the communication processing units can be determined according to the target. The target can be determined, for example, based on identification information included in the input information input from the aggregation control unit 122 to the device A/B authentication processing unit 123. Such input information is, for example, an operation request output from the business application function unit 121, and is data whose data format and command signal have been converted by the conversion processing unit 1222 into a form that matches the specifications of the program that realizes the function of the device A/B authentication processing unit 123.

Meanwhile, the authentication processing unit 521 (521A, 521B) of each device 50 (50A, 50B) also has the functions of a selection unit 5211 (5211A, 5211B) that selects a communication processing unit according to the target, and a sequence assembly unit 5212 (5212A, 5212B) that assembles the selected communication processing unit. The target can be determined, for example, based on identification information included in the input information input to the authentication processing unit 521 (521A, 521B) from the application function unit 522 (522A, 522B) that mainly controls the device 50 (e.g., controls the target).

The authentication processing unit incorporated in the user terminal 10 and the authentication processing unit 521 incorporated in the device 50 may each be realized by a software development kit (SDK). By generating a pair of programs that realize the selection and assembly of such communication processing units according to the target and incorporating them into the device 50 and the user terminal 10, respectively, it becomes possible to support a variety of targets.

Various examples of communication processing units and examples of assembly can be envisioned. For example, each communication processing unit, such as connection processing, disconnection processing, data synchronization processing, target operation control processing, and status acquisition processing, is appropriately selected and combined according to the target. The order of combination is appropriately determined according to the target. For example, they are assembled and executed in the order of connection, data synchronization (transmission of some data from the user terminal 10 to the device 50), data synchronization (transmission of some data from the device 50 to the user terminal 10), and status acquisition. In this case, for example, authentication processing may be performed in data synchronization (transmission of an authentication request signal, transmission of an authentication response signal).

Below, an example of assembling a communication processing unit according to this embodiment will be described in detail with reference to Figures 6 and 7.

Figure 6 is a sequence diagram showing an example of the process flow when operating device 50A.

As shown in FIG. 6, first, an operation request (e.g., a request to unlock the vehicle door lock) is output from the business application function unit 121 of the user terminal 10, which requests a specific operation on an object (e.g., a vehicle) (step S103). The trigger for outputting the operation request may be an operation input by the user, or may be detection of the user approaching within a certain distance from the vehicle, etc.

Next, the device A/B authentication processing unit 123 assembles a communication sequence for implementing the operation request based on the identification information indicating the target included in the operation request (input information) input via the aggregation control unit 122. Specifically, for example, the device A/B authentication processing unit 123 selects communication processing units for "status acquisition processing", "operation processing", "status acquisition processing", "data synchronization processing with server", and "disconnection processing" by the selection unit 1231, and generates a communication sequence by sequentially combining these by the sequence assembly unit 1232. Then, the device A/B authentication processing unit 123 of the user terminal 10 executes the assembled communication sequence (steps S106 to S124). Note that the authentication processing unit 521A of the device 50A can also generate a communication sequence according to the target in a similar manner. The authentication processing unit 521A can assemble a communication sequence according to the target in response to a notification (not shown) from the user terminal 10 to execute an example of a communication sequence.

Although the specific communication contents of each process are not particularly limited, each process transmits and receives a predetermined signal. The contents of the data to be transmitted and received may be appropriately specified depending on the target. In the example shown in FIG. 6, for example, authentication processing may be performed in the operation process (step S109). In this authentication process, for example, based on the authority granted by the business server 20 due to a reservation for use of a vehicle shared by multiple people, the electronic key A generated and distributed by the key A/B generation server 40 in response to a key generation request from the business server 20 using the aggregation server 30 as a common API may be used. In the operation process (step S109), it is also possible to perform an operation according to the state acquired in the state acquisition process (step S106). When the authentication of the user terminal 10 is successful, the authentication processing unit 521A transmits operation information to the application function unit 522A, so that the application function unit 522A can control the operation of the target (for example, unlock the door lock of the vehicle) (step S112). The application function unit 522A responds that the operation has been performed according to the request.

In addition, in the data synchronization process with the server (step S118), a process for synchronizing the specified data managed by the application function unit 522A with the specified data managed by the aggregation server 30 (or the key A and B generation server 40 via the aggregation server 30) (such as updating one of them) may be performed. At this time, the aggregation control unit 122 of the user terminal 10 may appropriately convert (convert command signals or data formats) the output information (data synchronization request and synchronization data) from the device A and B authentication processing unit 123, transmit it to the aggregation server 30, and be processed by the aggregation control unit 321 of the aggregation server 30. The aggregation control unit 122 may correspond to a number of device authentication processing units (for example, the device A and B authentication processing unit 123 and the device C authentication processing unit 124) with different communication standards, etc.

Then, when communication with device 50 is disconnected, device A/B authentication processing unit 123 notifies the business application function unit 121 of the operation result (e.g., that the door has been unlocked) via the aggregation control unit 122 (step S127).

Figure 7 is a sequence diagram showing an example of the processing flow when operating device 50B.

As shown in FIG. 7, first, an operation request (e.g., a request to unlock the bicycle) is output from the business application function unit 121 of the user terminal 10, which requests a specific operation on an object (e.g., a bicycle) (step S203). The trigger for outputting the operation request may be an operation input by the user, or may be detection of the user approaching within a certain distance from the bicycle, etc.

Next, the device A/B authentication processing unit 123 assembles a communication sequence for realizing the operation request based on the identification information indicating the target included in the operation request (input information) input via the aggregation control unit 122. Specifically, for example, the device A/B authentication processing unit 123 selects the communication processing units of "operation processing", "status acquisition processing", and "data synchronization processing with the server" by the selection unit 1231, and the sequence assembly unit 1232 sequentially combines these to generate a communication sequence. Here, as an example, unlike the example shown in FIG. 6, a communication sequence is assembled in which the operation processing can be performed without acquiring the status before the operation. Also, unlike the example shown in FIG. 6, after the operation processing, the disconnection processing is not performed, and the data synchronization processing with the server is periodically assembled. Note that the authentication processing unit 521B of the device 50B can also generate a communication sequence according to the target in the same way. The authentication processing unit 521B can assemble a communication sequence according to the target in response to a notification (not shown) from the user terminal 10 to execute an example of a communication sequence.

Then, the device A/B authentication processing unit 123 of the user terminal 10 executes the assembled communication sequence (steps S206 to S227). In this embodiment, the authentication processing is also performed, for example, in the operation processing (step S206). In this authentication processing, electronic key B generated and distributed by the key A/B generation server 40 in response to a key generation request from the business server 20 using the aggregation server 30 as a common API, based on the authority granted by the business server 20 due to a reservation for use of a bicycle shared by multiple people, can be used. If authentication is successful, operation information is sent from the authentication processing unit 521B to the application function unit 522B. The application function unit 522B replies that it has performed the operation in accordance with the request.

In addition, in this communication sequence, after performing the operation process (step S206) and the status acquisition process (step S212), the device A/B authentication processing unit 123 may perform a process of notifying the business application function unit 121 of the operation result (step S215).

The above describes examples of communication sequences (assembly of a communication processing unit) that differ depending on the target according to this embodiment.

In the above example, the assembly of a communication sequence for executing an operation process including an authentication process (a communication sequence based on an operation request) has been described, but the present embodiment is not limited to this. For example, a communication sequence based on various requests such as an initialization request, a time synchronization request, and an operation log request can also be assembled as appropriate depending on the target.

＜4. Supplementary Information＞
Although the preferred embodiment of the present invention has been described in detail above with reference to the accompanying drawings, the present invention is not limited to such an example. It is clear that a person having ordinary knowledge in the technical field to which the present invention pertains can conceive of various modified or altered examples within the scope of the technical ideas described in the claims, and it is understood that these also naturally belong to the technical scope of the present invention.

For example, in the above, vehicles and bicycles are given as examples of targets, but these are just examples of moving bodies. Other moving bodies (examples of targets) include, for example, ships (e.g., passenger ships, cargo ships, submarines, etc.) and aircraft (e.g., airplanes, helicopters, gliders, airships, etc.). Furthermore, vehicles are not limited to automobiles, but may be buses, motorcycles, electric scooters, locomotives, construction machinery, trains, etc. Furthermore, moving bodies are not limited to vehicles that users ride in, but may be movable objects such as self-propelled robots, unmanned guided vehicles, drones, etc.

The targets are not limited to the above-mentioned moving objects. As mentioned above, the targets may be, for example, parking lots, bicycle parking lots, houses, hotels, delivery boxes, various facilities, devices, etc.

Furthermore, the effects described in this specification are merely descriptive or exemplary and are not limiting. In other words, the technology disclosed herein may achieve other effects that are apparent to a person skilled in the art from the description in this specification, in addition to or in place of the above effects.

Furthermore, the steps involved in the authentication process in this specification do not necessarily have to be processed in chronological order according to the order shown in the figure.

In addition, one or more programs can be created to cause hardware such as a CPU, ROM, and RAM built into the computer to perform functions equivalent to those of the components of the user terminal 10, the aggregation server 30, or the device 50, and a computer-readable recording medium on which the one or more programs are recorded can also be provided.

10: User terminal, 110: Communication unit, 120: Control unit, 121: Business application function unit, 122: Aggregation control unit, 1222: Conversion processing unit, 123: Device A/B authentication processing unit, 124: Device C authentication processing unit, Setting unit: 1231, Sequence assembly unit: 1232, 130: Display unit, 140: Operation input unit, 150: Storage unit, 30: Aggregation server, 310: Communication unit, 320: Control unit, 321: Aggregation control unit, 3212: Conversion processing unit, 330: Storage unit, 40: Key generation server, 50: Device, 510: Communication unit, 520: Control unit, 521: Authentication processing unit, 5211: Selection unit, 5212: Sequence assembly unit, 530: Storage unit

Claims (11)

A processing device having a control unit that, according to input information including identification information indicating a target permitted to use, selects one or more communication processing units from among one or more communication processing units that functionally unitize a series of communication sequences for authentication processing that permits control of each target according to the target indicated by the identification information, and performs processing to execute the communication sequence assembled according to the selection. The processing device according to claim 1, wherein the one or more communication processing units include a communication processing unit common to different objects and a communication processing unit specific to each object. The processing device according to claim 1 or 2, wherein the communication processing unit includes at least one of transmitting or receiving signals and generating signals to be transmitted. The processing device according to any one of claims 1 to 3, wherein the target is shared by multiple users. The processing device according to claim 4, wherein the control unit performs the authentication process between the control device that controls the target and the control device, using authentication information generated based on the authority granted by the reservation of the target. The processing device according to claim 5, wherein the communication processing unit includes at least one of a connection process for connecting communication with the control device, a disconnection process for disconnecting the communication, a data synchronization process for performing data synchronization between the control device and an external device, a status acquisition process for acquiring a status of the control device, and an operation control process for controlling an operation of the target by the control device. The processing device according to claim 6, wherein the external device is an aggregation server that aggregates instructions to one or more generation servers that generate authentication information used in the authentication process. The processing device according to any one of claims 1 to 7, wherein the input information is information in which an operation request output from an application that executes processing with a business server that accepts reservations for use of the target is converted into a form corresponding to the target indicated by the identification information. The processing device according to any one of claims 1 to 8, wherein the control unit is realized by an SDK (Software Development Kit). The processing device according to any one of claims 1 to 9, wherein the processing device is a communication terminal carried by a user who uses the target. Computer,
A program that functions as a control unit that selects one or more communication processing units from among one or more communication processing units that functionally unitize a series of communication sequences of authentication processing that permits control of each object according to input information including identification information indicating the object that is permitted to use the communication sequence, in accordance with the object indicated by the identification information, and performs processing to execute the communication sequence assembled in accordance with the selection.

Images