JPWO2002030040A1 - Data transmission system - Google Patents

Abstract

The transmitting-side authentication card A and the transmitting / receiving device B convert the authentication data into second and first substitute values using first and second conversion constants, respectively, and the first substitute value and the first conversion constant. And a means for transmitting to the transmitting / receiving apparatus B a first transmitting signal including the following and a second transmitting signal including the second substitute value and the second conversion constant. Means for recognizing first and second alternative values and first and second conversion constants from the first and second transmission signals, and converting the first decoded data from the first alternative value and the second conversion constant. Means for calculating and calculating second decoded data from the second substitute value and the first conversion constant.

Description

Technical field
The present invention relates to a data transmission system, a method, an apparatus, a program, and a door lock using the transmission system, in which even when data is leaked during data transmission, it is difficult to decode the data.
Background art
Conventionally, there is a technology that enhances confidentiality of data transmission by a sender encrypting data using an encryption key and transmitting the encryption key and the encrypted data to a receiver through separate lines (Japanese Patent No. No. 3052322).
However, since the receiver receives the data without authenticating the sender of the encrypted data and the encrypted data, even if the sender is transmitted by a third party on behalf of the sender who should have transmitted the data, the receiver is not identified. Could not authenticate.
There is also an individual authentication service of an authentication service company that performs individual authentication on a communication line such as the Internet. However, personal authentication services provided by such authentication service companies are expensive and unsuitable for use by individuals.
Further, as a configuration in which the authentication technology is put to practical use, for example, a card that has a multipurpose function of performing a plurality of operations such as opening and closing a door lock after performing personal authentication, and a card that is convenient for carrying, etc. There were no devices that could be easily used.
The present invention has been made to solve the above-mentioned problem, and even if a third party transmits data instead of the original sender, the third party transmits the data by performing personal authentication of the sender on the receiver side. It is an object of the present invention to provide a data transmission system, a method, a device, a program, and a door lock using the data transmission system, which can identify a user and prevent the inconvenience caused by the spoofing transmission.
Disclosure of the invention
A data transmission system according to the present invention is a data transmission system for transmitting data from a transmission device to a reception device, wherein the transmission device converts the authentication data into a second substitution constant and a second substitution constant, respectively. Means for converting into a value, a first alternative value, a first transmission signal including the first alternative value and the first conversion constant, and a second transmission signal including the second alternative value and the second conversion constant. Means for transmitting a transmission signal to the receiving device by changing at least one of a transmission time and a transmission path to the receiving device, wherein the receiving device transmits the first transmitting signal and the second transmitting signal from the transmitting device. Means for identifying the first substitute value, the second substitute value, the first conversion constant, and the second conversion constant, and a first value from the first substitute value and the second conversion constant. 1 to calculate the decoded data Means for and a substitute value and the first conversion constant calculating the second decoded data, characterized by comprising a.
As described above, the transmitting device is configured to transmit two outgoing signals each including the substitute value obtained by converting the authentication data to the receiving device, and even if one outgoing signal is leaked, A third party who has acquired the leaked transmission signal cannot decrypt the authentication data from the transmission signal. As described above, according to the data transmission system of the present invention, strict authentication is performed, which is preferable.
Further, the receiving device includes means for authenticating the first decrypted data and the second decrypted data using the first decrypted data and the second decrypted data. Can be authenticated.
In addition, the receiving device includes a storage unit that stores authentication data, and includes a unit that performs authentication of the first decryption data and the second decryption data using the authentication data of the storage unit. It is preferable that the authentication data can be confirmed using the data on the receiving device side.
Also, the receiving device compares the first substitute value with the authentication data in the storage unit when receiving the first transmission signal, and performs temporary authentication. Transmitting means, and the transmitting device includes means for receiving the result of the provisional authentication, so that the receiving device, before receiving the second outgoing signal, confirms that the first outgoing signal is a correct sender. Can be determined.
Preferably, the transmitting device and the receiving device are connected to a communication network including the Internet. It is preferable that the transmitting device and the receiving device include means for transmitting and receiving data by an infrared communication system, a radio wave system, or an optical communication system.
Further, the receiving device is connected to an external device, and has a configuration including means for operating the external device based on operation data included in the first transmission signal or the second transmission signal. Is preferably performed by an authenticated user from a remote place. Further, the external device is, for example, a door lock. In this case, the door is unlocked only by an authorized person, so that high security can be preferably obtained.
Further, the first transmission signal or the second transmission signal includes second data, and the transmission device includes a storage unit that stores the determination data, and transmits the first transmission signal or the second transmission signal. Means for authenticating the second data using the determination data; means for storing the number of times the second data has not been authenticated; and storing the number of times when the number of times has reached a predetermined number. Means for erasing data stored in the unit, even if data is illegally transmitted from the transmitting device, the sender is authenticated by the second data and the discrimination data. It is preferable because it can be performed.
Further, at least one of the first transmission signal and the second transmission signal is transmitted to the receiving device together with the data encrypted using the authentication data, so that the encrypted data becomes the authentication data. And transmitted securely.
The method of the present invention is a method of transmitting authentication data from a transmitting device to a receiving device, wherein the transmitting device converts the authentication data into a second substitute value and a second substitute value using a first conversion constant and a second conversion constant, respectively. A first step of converting to a substitute value of 1, and a second step of transmitting the first transmission signal including the first substitute value and the first conversion constant to the receiving device by the transmitting device; The transmission device transmits a second transmission signal including the second substitute value and the second conversion constant to the reception device by making at least one of a transmission time and a transmission path different from the first transmission signal. A third step of transmitting; a fourth step in which the receiving device recognizes the first substitute value and the first conversion constant from the first transmission signal received from the transmitting device; But received from the transmitting device A fifth step of recognizing the second alternative value and the second conversion constant from the second transmission signal, and the receiving device determines a first value from the first alternative value and the second conversion constant from the second alternative value and the second conversion constant. A sixth step of calculating decoded data and calculating second decoded data from the second substitute value and the first conversion constant.
Further, after the sixth step, the receiving device authenticates the first decrypted data and the second decrypted data using the first decrypted data and the second decrypted data. Characterized by comprising the following steps:
Further, after the seventh step, the receiving device performs authentication of the first decrypted data and the second decrypted data using the authentication data stored in the storage unit provided in the receiving device. The method is characterized by including an eighth step of performing.
In addition, between the second step and the third step, the receiving device compares a first substitute value with authentication data in the storage unit, and after the temporary authentication step, the receiving device Transmitting the result of the temporary authentication to the transmitting device.
Further, in the second step, the transmitting device performs authentication of the second data included in the first transmission signal using the determination data stored in the storage unit provided in the transmitting device. Adding and storing the number of times when the second data is not authenticated, and erasing the data stored in the storage unit provided in the transmitting device when the number of times reaches a predetermined number of times. And characterized in that:
Further, the device of the present invention includes an input unit for inputting data related to authentication data, a storage unit storing data related to authentication data, a transmitting / receiving unit for transmitting / receiving data, and an input / output unit for inputting / outputting data. And a process of converting the authentication data into a second alternative value and a first alternative value using a first conversion constant and a second conversion constant, respectively, the first alternative value and the first conversion constant. A control unit for performing a process of transmitting the first transmission signal and the second transmission signal including the second alternative value and the second conversion constant by changing at least one of a transmission time and a transmission path. It is characterized by having.
The control unit may further include a process of receiving the first transmission signal and the second transmission signal, a first substitution value, a second substitution value, and a first substitution value based on the first transmission signal and the second transmission signal. Recognizing the conversion constant and the second conversion constant, calculating the first decoded data from the first substitute value and the second conversion constant, and calculating the second substitute value and the first conversion A process of calculating second decoded data from a constant.
Further, the control unit performs a process of authenticating the first decrypted data and the second decrypted data by using the first decrypted data and the second decrypted data.
Further, the control unit performs a process of authenticating the first decrypted data and the second decrypted data using the authentication data in the storage unit.
Further, the control unit compares the first substitute value with the authentication data in the storage unit when receiving the first transmission signal and performs a temporary authentication, and a process of transmitting a result of the temporary authentication. Is performed.
Further, the transmitting and receiving unit is connected to a communication network including the Internet. Further, the input / output unit includes means for transmitting and receiving data by an infrared communication system, a radio wave system, or an optical communication system.
Further, the data related to the authentication data includes determination data, the first transmission signal includes second data, and the control unit performs authentication of the second data using the determination data, Performing a process of adding and storing the number of times when the second data is not authenticated, and a process of deleting the data stored in the storage unit when the number of times reaches a predetermined number of times. And
Further, the program of the present invention includes a first process of converting the authentication data into a second alternative value and a first alternative value using a first conversion constant and a second conversion constant, respectively; And a second process of transmitting a first transmission signal including the first conversion constant, and a second transmission signal including the second alternative value and the second conversion constant, the first transmission signal And a third process of transmitting at least one of the transmission time and the transmission path differently, to execute the transmission device.
Further, the program of the present invention is configured to execute the first substitute value and the first substitute value from a first transmission signal including a first substitute value obtained by converting the authentication data by a second conversion constant and a first conversion constant. A first process for recognizing the conversion constant of the first and second conversion values obtained by converting the authentication data by the first conversion constant and a second transmission signal including the second conversion constant. A second process for recognizing a substitute value and the second conversion constant, and calculating first decoded data from the first substitute value and the second conversion constant, to obtain the second substitute value and the second conversion constant. And a third process of calculating the second decoded data from the conversion constant of 1.
In addition, after the third process, a fourth process for authenticating the first and second decoded data is received using the first and second decoded data. The device may be executed.
Further, after the fourth process, the receiving device executes a process of authenticating the first decrypted data and the second decrypted data using the authentication data stored in the storage unit of the receiving device. You may do so.
Further, after the first process, a process of performing temporary authentication of the first substitute value using authentication data stored in a storage unit of the receiving device, and a process of transmitting a result of the temporary authentication May be executed by the receiving device.
Further, after the second process, a process of receiving a result of the temporary authentication and, if the first substitute value has been authenticated by the temporary authentication, causing the transmitting device to execute the third process. It may be.
Further, the door lock of the present invention is disposed on a door frame, and locks the door frame to a fixed object by a strike.The door lock includes the strike, a latching plug for catching the strike, A first device for driving the latching plug, and a second device for controlling the operation of the first device by an external operation signal. A second control unit for releasing the latching plug and the first unit from the strike, and an operation of the second unit in response to an external operation signal. And a second control unit that controls
As described above, even when the first device becomes inoperative due to a malfunction, the door lock can be released by operating the second device, which is preferable.
Further, since the first device or the second device is a solenoid actuator or a micromotor, a door lock can be easily formed.
Further, the second device is a micromotor, and is provided with a changeover switch for rotating the micromotor forward and reverse, so that when the problem of the first device is solved, the latching plug and the first It is preferable that the means can be returned to the normal position.
In addition, the first device includes third means for detecting a position of the first means, and the third means controls the operation of the second means, so that the latching plug and the This is preferable because the first means can be stopped at a predetermined position.
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings. The arrangement, configuration, and the like described below do not limit the present invention, but can be variously modified within the scope of the present invention.
A first data transmission method relating to the data transmission system of the present invention will be described with reference to FIG. The first data transmission method is, for example, a method suitable for transmitting data with a small data amount such as authentication data (personal identification number).
A first transmission signal and a second transmission signal each containing the same authentication data are transmitted from the sender to the receiver. The first transmission signal and the second transmission signal are composed of packets of packet numbers 1 to 9999 as shown in FIG. These packets each have data of the same number of digits, and in the case of FIG. 1, are 6-digit data.
The packet of the packet number 1 is a synchronization signal (SY), and this synchronization signal indicates the start of the transmission signal. The packet of the packet number 2 is a communication number and is numbered for each transmission signal. The authentication data is contained in a packet having an arbitrary packet number selected by the sender among the packets of packet numbers 3 to 9998. In this case, the packet number 1231 has been selected.
The packet of the packet number 9999 has control data, which indicates the end of the transmission signal and is used for instructing the receiver to perform various operations. The operation includes, for example, opening and closing of a key, ON / OFF of a control switch, display of a data transmission use frequency, and the like, and the operation data can be used for these operations.
A packet other than the packet numbers 1, 2, 1231, and 9999 is provided with a scramble signal (SC). The scramble signal is arbitrary number data determined by a random number, and the scramble signals of the same packet number of the first and second transmission signals are allocated so as not to be equal.
The communication number, the authentication data, the packet number in which the authentication data is stored, and the control data are set by the sender. The set data is arranged in the packet of the predetermined packet number, and the scramble signal is arranged in the other packets, so that the first transmission signal and the second transmission signal are generated.
The first transmission signal and the second transmission signal are transmitted from the sender by the packet switching transmission method, and when received by the receiver, the data is compared for each packet number. As a result, in this case, it is determined that the data of the packet numbers 2, 1231, and 9999 match each other. Then, the authentication data is extracted from the data of the packet number 1231 by the recipient.
The number of data digits of the packet and the number of packets can be arbitrarily changed. The positions of the communication number and the control data packet may be reversed. Further, the authentication data may be divided into a plurality of packets and transmitted. In this case, when the first and second outgoing signals are compared by the receiver, the data matches with a plurality of packet numbers other than the packet numbers 2 and 9999. These matched data are decoded into the original authentication data by being combined.
As described above, in the first data transmission method, the authentication data is specified by receiving and comparing both the first transmission signal and the second transmission signal, so that either one of the transmission signals is leaked. Is not decoded as significant data.
Next, a second data transmission method will be described with reference to FIG. The second data transmission method is a method suitable for transmitting a large amount of data such as a confidential document, music, video, or the like as transmission data. As in the first data transmission method, a first transmission signal and a second transmission signal are transmitted from a sender to a receiver. However, the data is divided into a plurality of packets because of its large capacity. The number of packets depends on the size of data.
As shown in FIG. 2, the synchronization signal is arranged in the packet of the packet number 1 of the first and second transmission signals, the communication number is arranged in the packet of the packet number 2, and the packet of the last packet number N is Is provided with control data. In the packets of packet numbers 3 to (N-1), the data (D) divided for each packet and the scramble signal are arranged to form a data body portion.
Here, the divided data is arranged in one of the first and second transmission signals in the order of the packet number, and the scramble signal is arranged in the other packet of the same packet number where the divided data is not arranged.
The first and second transmission signals generated in this manner are transmitted from the sender to the receiver, respectively, and only necessary divided data is selected from the respective data bodies according to the selection signal. The selected divided data is synthesized and decoded into original data.
The selection of the divided data may be performed by arranging a selection signal in advance between the sender and the receiver, or depending on the type of data, the divided data may be selected from the data transmitted by the receiver itself. In some cases you can choose.
As described above, in the second data transmission method, since data is transmitted after being divided into the first and second transmission signals, even if one of the transmission signals is obtained, the third party transmits significant data. I can't get it.
In the first and second data transmission methods, when the first and second transmission signals are eavesdropped or leaked, one or both of the first and second transmission signals are made difficult to extract significant data therefrom. May be converted by a preset conversion constant.
For example, in the second data transmission method, when the conversion constant is previously set to “3456”, the conversion constant is added to “193801” which is the communication number of the second transmission signal, and the second transmission signal The communication number “197257” is transmitted as the communication number. The receiver can obtain the true communication number “193801” by subtracting the conversion constant from the alternative communication number of the second transmission signal. Then, it is possible to combine the first and second outgoing signals as a pair of outgoing signals from the communication numbers obtained through such conversion.
The receiver can obtain predetermined data by selectively combining the received first transmission signal and the second transmission signal according to the selection signal. As described above, the method of converting the communication number of one transmission signal by a predetermined conversion constant and transmitting the transmission number can also be applied to the first data transmission method.
In the first data transmission method, the authentication data may be transmitted by adding a conversion constant. When the first and second outgoing signals are compared, the authentication data can be determined by extracting a packet of a packet number having data that differs by the numerical value of the conversion constant.
Next, a third data transmission method will be described with reference to FIG. The third data transmission method is a method suitable for transmitting both the small-capacity data and the large-capacity data as transmission data. In the third data transmission method, similarly to the first and second data transmission methods, communication number, control data, and authentication data packets are arranged in the first and second transmission signals. For simplicity of illustration.
The first transmission signal includes a conversion constant X0 and a substitute value C10 of the personal identification number data C0. The second transmission signal includes the conversion constant Y0 and the substitute value C20 of the personal identification number data C0. Here, the substitute values C10 and C20 are converted by the conversion constants Y0 and X0, respectively.
In the case of FIG. 3, for example, the substitute value C10 is obtained by adding a conversion constant Y0 to the personal identification number data C0, and the substitute value C20 is obtained by adding the conversion constant X0 to the personal identification number data C0. In addition, as a conversion method, in addition to adding the conversion constant to the authentication data, a method of subtracting the conversion constant or other methods may be used.
In the case of FIG. 3, the data of the packet has 12 digits. As specific numerical examples, the conversion constants X0 and Y0 are 6-digit numbers, and are “224455” and “335566”, respectively. The personal identification number data C0 that is the authentication data is “123423456789”. Therefore, the first outgoing signal has “123432792355” obtained by adding the conversion constant Y0 “335566” to the personal identification number data C0 “123234456789” as the substitute value C10, and the second transmit signal has the personal identification number as the substitute value C20. It has “123342681244” obtained by adding the conversion constant X0 “224455” to the data C0 “123423456789”.
The first and second transmission signals are received by the receiver, and the conversion constant X0 and the alternative value C10, and the conversion constant Y0 and the alternative value C20 are determined, respectively. Then, the personal identification number data C0 is calculated by subtracting the conversion constant Y0 from the substitute value C10. Further, the personal identification number data C0 is calculated by separately subtracting the conversion constant X0 from the substitute value C20. Then, the calculated password data C0 are compared, and if they match, the password data is adopted as the password data C0.
As described above, in the third data transmission method, the personal identification number data C0 is converted into alternative values C10 and C20 by two conversion constants Y0 and X0, respectively, and the respective alternative values are transmitted by the first and second transmission signals. Therefore, even if the third party obtains one of the transmission signals, it cannot obtain significant data.
Further, data having a large data amount, which is encrypted using the personal identification number data as an encryption key, may be transmitted together with the first or second transmission signal, and may be decrypted on the receiving side by the personal identification number data. . At that time, the first or second transmission signal may be transmitted as a transmission header of the encrypted data.
As described above, in the first to third data transmission methods, the authentication data or its substitute value is transmitted to the receiver by the first and second transmission signals, and the receiver compares the first and second transmission signals, The data is decrypted as authentication data by being selectively combined.
Next, as a data transmission method, the following method can be used. In FIG. 4, the sender first sends the first and second transmission signals to the receiver via a communication line including, for example, the Internet, a telephone line, a dedicated line, an ISDN line, and wireless.
These are transmitted at a staggered time or transmitted by another route. Alternatively, the data may be transmitted on another route at a different time. The receiver decodes the authentication data and the predetermined data by comparing and combining the pair of transmission signals received separately. At this time, the first or second transmission signal may be converted by a conversion constant.
In the configuration shown in FIG. 5, the first transmission signal is transmitted directly to the recipient via the communication line, and the second transmission signal is transmitted to the recipient via the registration manager. In this case, if the second transmission signal is converted by the conversion constant, the second transmission signal may be converted back to the original by the registration manager and then transferred to the receiver. Alternatively, the message may be simply transferred to the recipient. Also in this case, it is preferable that both signals are transmitted with a time lag.
FIG. 6 shows the flow of data when the sender is authenticated based on a transmission signal from the sender using the first data transmission method and only the result is transmitted to the receiver. Things. In this case, a certification organization (for example, an administrative organization such as the Legal Affairs Bureau) authenticates the sender. The first transmission signal is transmitted directly to the certification organization via the communication line. Further, the second transmission signal converted by the conversion constant is inversely converted by the registration manager and restored, and then transferred to the certification organization.
The certification body obtains the certification data from the first and second outgoing signals. The sender is collated based on the authentication data, and it is determined whether the sender is authenticated or not. This determination result is transmitted to the registration manager, and is transferred from the registration manager to the receiver. Therefore, the recipient is not informed about the authentication data, but is informed only of the result of the authentication. Thus, for example, when a contract or purchase is made, personal authentication can be performed on the communication line as a substitute for a seal seal certificate or the like. In the above configuration, the second transmission signal may also be directly transmitted to the certification organization, and the certification result may be transmitted from the certification organization to the recipient.
4 to 6, the first and second transmission signals are not limited to being transmitted via a communication line, but may be stored in a storage medium and delivered to a receiver or a registration manager.
Hereinafter, an example in which the third data transmission method of the present invention is applied to a data transmission system S will be described. As shown in FIG. 7, the data transmission system S includes an authentication card A, a transmission / reception device B, and an external device C. The user can transmit and receive data using the authentication card A and the transmitting and receiving device B.
The user can use the authentication card A to transmit personal authentication data and the like to the transmitting / receiving device B. When the personal authentication data and the like are determined and authenticated by the transmission / reception device B, the transmission / reception device B transmits an operation signal to the external device C to perform an operation such as unlocking of a door.
As shown in FIG. 8, the authentication card A includes a CPU 101 which is an IC chip functioning as a control unit, an input unit 102 which is an operation panel, an input / output unit 103 which is a data transmission / reception transmission circuit, and a display unit 104 using LEDs. , An oscillation element 105, and a storage unit 106. The authentication card A is realized as a personal portable electronic card.
The CPU 101 controls data input / output and data transmission / reception. The input unit 102 has ten keys, buttons specialized for a certain function such as an “OPN” (open) button and a “CLS” (close) button, and alphabet keys (not shown).
The input / output unit 103 includes a light receiving sensor element 103a that transmits and receives data to and from the transmitting / receiving device B, and a signal transmitting element 103b. The display unit 104 performs display using LEDs according to the output of the CPU 101. The storage unit 106 stores a program of the CPU 101 and data such as a personal identification number and is configured to function as a work area.
As shown in FIG. 9, the transmitting / receiving device B includes a CPU 201 as a control unit, an input unit 202 having an operation panel and a setting panel, an input / output unit 203, a display unit 204 as an LCD display, and an oscillation element 205. , A storage unit 206, a battery voltage detector 207, an interface 208 with the external device C, and a power supply unit 209.
The CPU 201 performs data input / output control, data transmission / reception control, data encryption / decryption, control of the external device C, and the like. The input unit 202 includes various input buttons, and includes a numeric keypad, alphabet keys (not shown), buttons specialized for a specific function (for example, a power ON / OFF switch, a door open / close button, and the like). The input / output unit 203 includes an input / output unit 203a which is a transmission / reception head for transmitting / receiving data to / from the authentication card A, and an input / output unit 203b for inputting / outputting data from / to a storage medium or the like. The input / output unit 203b performs, for example, data input / output with various storage media such as a flexible disk, reading of a barcode, and the like.
The display unit 204 displays input data from the outside, input data at the time of operation, and the like according to the output of the CPU 201. The storage unit 206 stores personal identification number data, programs for the CPU 201, various application programs, and the like, and is configured to function as a work area for the programs. The transmission / reception device B may be configured to use a normal desktop personal computer or a mobile terminal.
As a data transmission / reception system between the authentication card A and the transmission / reception device B, an infrared system, a radio wave system, an optical communication system, and the like, which are well-known technologies, can be applied. The authentication card A and the transmission / reception device B transmit and receive data by a packet switching transmission method.
The external device C includes a door lock D, a modem 210 for transmitting and receiving data to and from an external communication line, an alarm, a door switch as an input signal, and the like. The transmission / reception device B is connected to a communication line including the Internet via a modem 210, and can transmit and receive data via the communication line.
Next, the configuration of the door lock D will be described with reference to FIG. As shown in FIG. 10, the door lock D is disposed inside the door frame 67 and includes the housing 20, the strike 62, the handle 66 and the like. The housing 20 houses the micromotor 70 and the actuator 30.
The micromotor 70 includes a rotating shaft 71, a rotor 73 in which the rotating shaft 71 is inserted, and a stator coil 74, which are housed in a motor case 75 fixed in the housing 20. A worm gear 72 is integrally inserted into the tip of the rotating shaft 71.
The actuator 30 includes a slider slider 39 having a cylindrical shape fixed inside the housing 20, a slider 38 having a worm gear portion 37 fixed at an upper portion, and a solenoid actuator 31. The worm gear 72 engages with the worm gear portion 37 and moves the worm gear portion 37 and the slider 38 up and down with the forward and reverse rotation of the rotating shaft 71. The slider 38 slides inside the slider base 39 and moves up and down.
Position detection switches 50a and 50b are provided at the upper and lower ends of the slider base 39. When the slider 38 moves within the slider base 39 and comes into contact with the position detection switch 50a or 50b, the rotation of the micromotor 70 is started. Movement is stopped.
The solenoid actuator 31 includes an exciting coil 21, a plunger 35, and a latching plug 60 coaxially fixed to a lower end of the plunger 35.
A coil spring 37 is inserted into the plunger 35 between the exciting coil 21 and the latching plug 60, and the coil spring 37 urges the latching plug 60 downward. The latching plug 60 is configured to move upward when the excitation coil 21 is excited by an excitation signal.
The strike 62 is engaged with the handle 66 via the slide gear teeth 65. When the door is locked, the distal end of strike 62 fits in strike key groove 69 of frame 68, and latching plug 60 fits in key groove 63 of strike 62. Therefore, the handle 66 cannot be rotated.
When the excitation signal is input to the actuator 30, the latching plug 60 is pulled up and detaches from the key groove 63. At this time, if the handle 66 is rotated counterclockwise in FIG. 10, the strike 62 moves to the left, and the tip of the strike 62 comes off the strike key groove 69, so that the door can be opened.
When the handle 66 is rotated by a predetermined angle, the strike 62 moves to the left, and the position fixing groove 64 is located substantially directly below the latching plug 60. In this state, when there is no excitation signal to the solenoid actuator 31, the latching plug 60 biased by the coil spring 37 moves downward. Then, the distal end is fitted into the position fixing groove 64, and the strike 62 is maintained in a state of being separated from the strike key groove 69.
Since the position fixing groove 64 is a concave portion having a gentle slope, when the handle 66 is rotated clockwise, the latching plug 60 easily comes off from the position fixing groove 64, and the strike 62 moves to the right, and again. It is inserted into the strike key groove 69.
The strike 62 is not provided with the position fixing groove 64 having a gentle slope, but once the latching plug 60 is fitted like the key groove 63, the strike 62 is not moved unless the latching plug 60 is moved upward. May be provided with a position fixing groove 64 that is not movable. In this case, when the door is closed, the excitation signal needs to be transmitted to the solenoid actuator 31 again.
The solenoid actuator 31 is actuated by an external excitation signal to pull up the latching plug 60, but the latching plug 60 may not be pulled up normally due to a problem. The malfunction is that the exciting coil 21 inside the solenoid actuator 31 is disconnected, or the plunger 35 is caught and cannot be moved.
In such a case, when the micromotor 70 is operated, the latching plug 60 is pulled up together with the slider 38, and the latching plug 60 comes off from the key groove 63. Therefore, even if the actuator 30 is not operated, the door can be unlocked immediately without breaking the door lock D, which is preferable.
Next, an outline of the operation of the door lock D will be described with reference to FIG. Upon receiving the transmission signal for unlocking the door lock D, the transmission / reception device B transmits an excitation signal for operating the actuator 30 to the door lock D. This excitation signal enters between the terminals 11 and 12. Here, the terminal 11 is a ground terminal.
While the excitation signal is being received, the transistor 22 operates and an excitation current flows to the excitation coil 21 by the DC voltage applied to the terminal 13. Thereby, the plunger 35 and the latching plug 60 are raised.
At this time, if there is a problem with the exciting coil 21 or the like as described above, the plunger 35 and the latching plug 60 are not lifted, and the door is kept locked. In this case, the user transmits another transmission signal for unlocking the door lock D to the transmission / reception device B. Upon receiving the another transmission signal, the transmission / reception device B transmits a pulse signal to the door lock D, and the pulse signal is transmitted between the terminals 24 and 25.
When the user presses the operation buttons 1a and 1b provided on the side of the door lock D while receiving this pulse signal, the transistor 23 is activated and the micromotor 70 rotates forward. When the micromotor 70 rotates forward, the slider 38 is pulled up, the latching plug 60 is also pulled up, and the strike 62 becomes movable.
When the user keeps pressing down the operation buttons 1a and 1b together, the slider 38 comes into contact with the position detection switch 50a, thereby releasing the line at the position of the position detection switch 50a and stopping the operation of the micromotor 70. When the slider 38 is slightly lifted from the lower end in the slider base 39, the circuit closes at the position detection switch 50b.
In order to return the raised slider 38 to the original position, the user transmits a transmission signal again and presses both the operation buttons 2a and 2b. As a result, the micromotor 70 rotates in the reverse direction, and the slider 38 moves downward, comes into contact with the position detection switch 50b, and stops.
In the above-described embodiment, the micromotor 70 is operated by the user pressing the operation buttons 1a and 1b. However, the micromotor 70 may be directly operated by another transmission signal. Further, the operation buttons 1a, 1b or 2a, 2b may be operated by another transmission signal.
In the above embodiment, the actuator 30 drives the latching plug 60. However, instead of the actuator 30, the latching plug 60 may be driven by a micromotor. In this case, for example, a worm gear as shown in FIG. 10 is used for the latching plug 60 and the micromotor, so that the latching plug 60 can be advanced and retracted.
Then, in order to unlock or lock the door lock D, the unlocking signal or the locking signal may be input to the micromotor, and the micromotor may be rotated forward or backward. Further, a position detection switch for detecting the position of the latching plug 60 is provided in the slider 38 so that when the latching plug 60 moves to a predetermined position, the unlocking signal and the locking signal do not enter the micromotor. It is suitable. Further, a switch for switching an electric circuit may be provided in order to rotate the micromotor forward and reverse with the same signal without separating the unlocking signal and the locking signal.
Further, in the above embodiment, the micromotor 70 lifts the latching plugs 60 together with the slider 38, but it is also possible to configure so that a solenoid actuator pulls them up instead.
In this case, for example, the solenoid actuator may be configured to drive the plunger upward in FIG. 10 when an excitation signal is received, and to couple the plunger to the slider 38. Further, it is preferable that the slider 38 is always urged downward by a coil spring.
Next, the transmission and reception data format between the authentication card A and the transmission / reception device B and between the transmission / reception devices B will be described with reference to FIG. The transmission / reception device B has a data area of packets numbered by packet numbers 0 to 99 and other data transmission / reception areas, of which packets of packet numbers 1 to 9 are used as work areas for transmission / reception. Is used as a data storage area. On the other hand, the authentication card A has a packet data area numbered by packet numbers 0 to 9 and another data transmission / reception area.
The authentication card A and the transmission / reception device B transmit the transmission data composed of the packet data of the packet numbers 1 to 9 to another transmission / reception device B. Each packet stores 9-digit data.
Further, large data such as music and video can be transmitted to another transmitting / receiving apparatus B using the transmission data as a transmission header. At this time, the large-capacity data is encrypted using a password transmitted by the transmission data as an encryption key.
The packet of the packet number 0 is for the transmission / reception device password (PSW), and stores the serial registration number assigned to each transmission / reception device B. This number is used for password verification at the time of changing the setting of the transmitting / receiving device B.
The packets of packet numbers 1 to 9 are used for data transmission / reception with the authentication card A and the transmitting / receiving device B. The authentication card A and the transmission / reception device B use a combination of packets of packet numbers 1 to 9 as a transmission signal. The packet of packet number 1 is for the communication number (TNo) of the outgoing signal. Receiving the transmission signal from the outside, the transmission / reception device B reads the communication number and displays it on the display unit 204. Further, the communication number is used in the transmitting / receiving device B to recognize the first and second outgoing signals from the authentication card A or the transmitting / receiving device B, and to correctly combine the first and second outgoing signals.
This communication number may be a fixed number when the outgoing signal is transmitted from the authentication card A, or may be a number that is changed for each transmission. The telephone number of the transmitting / receiving device B is specified.
The packet of the packet number 2 is for the operation number (OP). The first digit number designates a combination of packet numbers to be operated. As shown in FIG. 12, when the leading digit number is "0", a combination of packet numbers 3, 5, and 7 is designated, and when the leading digit number is "1", a combination of packet numbers 4, 6, and 8 is designated. You. For example, the first digit number “0” is set at home, and “1” is set at company. In this example, since the outgoing signal is composed of 9 packets, only two kinds of leading digit numbers can be selected. However, the outgoing signal is composed of (3 + 3N) packets so that N kinds of selections are possible. You may do so.
The digits other than the first digit of the operation number (OP) are also numbers that can be changed at any time, and can cause the transmitting / receiving device B that has received the data to execute various operations. For example, as shown in FIG. 12, when the eight digits of the operation number (OP) are distinguished from a leading digit by a to h, the operation is performed by a combination of a, b, c, and d digits. Can be specified.
Further, e, f, g, and h digits are specialized for a specific operation. For example, the first digit h designates the opening / closing operation of a door key, and the second digit g designates a received call. For example, a signal read or write operation can be specified. Specifically, when g is 0, the designated packet data of the packet numbers 30 to 99, which is the password recording holder (D), is read. When g is 1 or 2, the password is temporarily recorded. Reading or writing of the designated packet data of Dt) with the packet numbers 20 to 29 is designated. However, the specific operation by e, f, g, and h can be made ineffective by a combination of a, b, c, and d.
Packets with packet numbers 3 and 4 are for conversion constants. The conversion constant is a four-digit number. When the first and second transmission signals are transmitted with "0" designated as the first digit number of the operation number (OP), the packet of packet number 3 includes only conversion constants X0 and Y0 as data, respectively. It is. At this time, the packet of the packet number 4 does not include data, but may be a random number.
When “1” is specified as the leading digit number of the operation number (OP), only the conversion constant X1 or Y1 is included in the packet of the packet number 4 as data. At this time, the packet of the packet number 3 does not include data, but may be a random number.
The packets of the packet numbers 5 and 6 are used for specifying a password recording location. In the case of FIG. 12, the data of the packet with the packet number 5 is “00000030”, and the packet number 30 is specified. This packet number is selected from 20 to 29 or 30 to 99.
Packets with packet numbers 7 and 8 are for passwords. In the case of FIG. 12, the password “12345678” of the packet number 30 designated by the packet of the packet number 5 is stored in the packet of the packet number 7. Packet number 9 is for control data.
Packet numbers 10 to 19 are signal setting holders (S), which are used for setting various input / output conditions of the transmitting / receiving apparatus B. For example, it is used for calendar setting, various input / output time span settings, and telephone connection destination setting.
Packet numbers 20 to 29 are password temporary recording holders (Dt), and are locations where temporary passwords used when transmitting and receiving passwords and the like to unspecified large numbers are stored. For example, when transmitting and receiving a personal identification number as a purchase ticket number, it can be used temporarily. However, when the g-digit number of the operation number (OP) is designated as “2”, when the received new data is written, the old data is deleted.
Packet numbers 30 to 99 are personal identification number record holders (D), and each packet stores the personal identification number of the authentication card A or the transmission / reception device B of the transmission / reception partner. This password may be the serial number of each device. This password is registered in the transmitting / receiving apparatus B in advance and is permanently recorded, and is in principle not disclosed to anyone other than the setting manager. However, the password may be changed.
Next, a method of transmitting and registering a personal identification number from the transmitting / receiving device B to the authentication card A and the other transmitting / receiving device B will be described. The user uses the input unit 202 of the transmission / reception device B to register the password, and sets the communication number, the operation number, the conversion constant, the password storage location, the password, and the control data in order to create a transmission signal. I do.
First, when the communication number is set, the communication number is stored in the packet of the packet number 1, and when the operation number is set, the operation number is stored in the packet of the packet number 2. At this time, if the first digit of the operation number is "0", the conversion constant, the password recording location, and the password are automatically recorded in the packets of packet numbers 3, 5, and 7, respectively. . When the first digit is "1", it is automatically recorded in the packets of packet numbers 4, 6, and 8, respectively.
If the first digit of the operation number is “0” and the conversion constants X0 and Y0 are set, the conversion constant X0 is stored in the upper four digits of the packet of the packet number 3 and the conversion constant Y0 is stored in the lower four digits. When the leading digit is “1”, when the conversion constants X1 and Y1 are set, the conversion constant X1 is set in the upper four digits of the packet of the packet number 4 and the conversion constant Y1 is set in the lower four digits.
At the password recording location, a packet for which a password has not been set is automatically selected from the password recording holder (D). When the control data is finally set, the control data is stored in the packet of the packet number 9. No data is set in other packets, but a random number may be set.
The transmission signal thus generated is transmitted from the transmission / reception device B to the authentication card A or another transmission / reception device B. In the case of transmission to the authentication card A, when a transmission command is specified by the input unit 202, the transmission is transmitted to the authentication card A through the transmission / reception head 203a. The authentication card A receives a transmission signal through the input / output unit 103.
On the other hand, when the transmission signal is transmitted from the transmission / reception device B to another transmission / reception device B, the address of the other transmission / reception device B is specified by the input unit 202 by a telephone number or the like, and the other transmission / reception device B is transmitted via the modem 210. Sent to
When the password registration signal is received by the authentication card A, the authentication card A is switched to the password registration mode by the user, and the signal is registered in the storage unit 106. When the transmission signal is received by another transmitting / receiving device B, it is displayed on the display unit 204, and the user confirms the content of the transmission signal and performs a registration operation. This registration is usually performed only once between the authentication card A and the transmitting / receiving device B for transmitting a personal identification number, which will be described later, or between the transmitting / receiving devices B. However, the above-described registration may be independently set by the authentication card A and the transmission / reception device B without receiving the password registration transmission signal from the transmission / reception device B of the registration destination.
Next, data transmission from the authentication card A or the transmission / reception device B to another transmission / reception device B will be described. When a communication number, an operation number, a conversion constant, a security code recording location, and a security code are designated on the transmission side based on the security code data registered in advance, the first and second transmission signals are generated based on these data. Is done.
When a large amount of data (for example, music data, document data, etc.) other than the password is transmitted, the data is specified in addition to the communication number. The designated data is encrypted with a password transmitted by the first and second outgoing signals, and the encrypted data is divided into packets and combined after the second outgoing signal. However, the encrypted data may be combined after the first outgoing signal.
As shown in FIG. 13, the communication number, the operation number, the conversion constant, the password storage location, the substitute value of the password, and the control data are the packet numbers 1, 2, 3, 5, 7, 9 of the first transmission signal, respectively. Placed in Here, it is assumed that “0” is designated as the leading digit number of the operation number. When this number is “1”, the data is arranged in packet numbers 1, 2, 4, 6, 8, and 9.
The conversion constant and the password storage location are determined and registered in advance with the transmitting / receiving device B on the transmitting side. In the packet of packet number 3, “0000” is placed in the first four digits, and a conversion constant X0 is placed in the last four digits. The substitute value arranged in the packet of the packet number 7 is a value obtained by adding the conversion constant Y0 to the personal identification number.
When the first transmission signal is transmitted and received by the transmission / reception device B, the transmission / reception device B displays the communication number of the packet of the packet number 1 on the display unit 204. Since the first digit of the data of the packet number 2 is “0” and the g-digit number is “0”, the data of the packet number designated by the data of the packet number 5 is selected. In this case, since the data of the packet number 5 is “00000030”, the password of the packet number 30 of the transmitting / receiving apparatus B is selected.
Then, the first two digits of the selected password are compared with the first two digits of the password alternative value of the packet number 7 of the first transmission signal. If these match, the transmitting / receiving device B performs temporary authentication, and returns an answer back signal indicating the matching to the transmitting side. When the answer back signal indicates that they match, for example, the control data of the transmitted first transmission signal is returned as "11111111". On the other hand, if they do not match, the answer back signal is returned with, for example, the control data set to “00000000”. Alternatively, a specific format of the answerback signal may be set, and the signal may be transmitted according to this format.
When the first transmission signal is transmitted from the authentication card A, the answerback signal is transmitted from the transmission / reception head 203a. If the first transmission signal is transmitted from another transmitting / receiving device B, the answerback signal is returned to the telephone number of the other transmitting / receiving device B via the modem 210.
The password is set with an eight-digit number, but the third digit from the top is something other than 9 so that when the 4-digit conversion constant is added, the first two digits are not affected. It is set as follows. When the conversion constant is subtracted, the third digit from the top is set to a value other than 0.
Upon receiving the answer back signal, the transmitting side transmits a second transmission signal to the transmitting / receiving apparatus B. As shown in FIG. 14, the second transmission signal is composed of a communication number, a conversion constant, and a substitute value of a personal identification number, and these data are arranged in the packet numbers 1, 3, and 7 of the second transmission signal, respectively. Here, the leading digit number of the operation number is “0”. When this number is “1”, the data is arranged in packet numbers 1, 4, and 8. The operation number may be newly transmitted by the second transmission signal.
The communication number arranged in the packet of the packet number 1 is the same as the communication number of the first transmission signal. In the packet of the packet number 3, “0000” is placed in the upper four digits, and a conversion constant Y0 is placed in the lower four digits. The substitute value arranged in the packet of the packet number 7 is a value obtained by adding the conversion constant X0 to the personal identification number.
When the second outgoing signal is received by the transmitting / receiving device B, the communication number of the first outgoing signal is compared with the communication number of the second outgoing signal. Decoded by the conversion constant. If the decrypted values match, the decrypted value is adopted as a password.
In the case of FIGS. 13 and 14, since the g-digit number of the operation number is “0” and the password recording location is “00000030”, the data of the packet number 30 in the password recording Selected as a number. Then, the decrypted personal identification number is compared with the personal identification number of the packet number 30, authentication is performed, and if they match, the personal identification number is adopted as the personal identification number.
The personal identification number is set as an eight-digit number, but may be distinguished by using the upper four digits as a master authentication number and the lower four digits as a personal authentication number. When a plurality of persons are managed by an administrator, the plurality of persons may be authenticated by the master authentication number by giving the master authentication number in common.
When the second outgoing signal is accompanied by encrypted large-capacity data, the data is decrypted using the authenticated and adopted password as a decryption key. Then, the user can acquire data via the input / output unit 203b.
The large-capacity data can be, for example, one or more barcode data. For example, a shipping company or the like encrypts barcode data attached to a consignment with a personal identification number, and attaches the encrypted barcode data to a destination in advance by attaching it to at least one of the first and second transmission signals. I do. The destination receives the first and second transmission signals, authenticates the shipping company or the like based on these transmission signals, and can decode the barcode data from the obtained personal identification number. By using the barcode data, it is possible to reliably confirm the transported object.
As another method, the first transmission signal is output from the input / output unit 203b, the data is printed as a bar code, attached to the transported object, and the second transmitted with the encrypted large-volume data on the transported object. The transmission signal may be transmitted to the destination. In this case, the bar code attached to the goods at the destination is read by the input / output unit 203b, and the password is decrypted by the read first transmission signal and the second transmission signal received in advance. Is done. Using this password as a decryption key, large-capacity data is decrypted.
Further, as another method, the first transmission signal is transmitted to the receiver side, and the second transmission signal with the encrypted large-volume data is output from the input / output unit 203b to the storage medium, and May be delivered to In this case, on the receiver side, the password is decoded from the second transmission signal stored in the storage medium and the first transmission signal received in advance, and the large-capacity data is decrypted by the password. .
Furthermore, the transmitting / receiving apparatus B on the receiving side may set in advance the number of times data can be transmitted / received to / from the transmitting side device, and reduce the number of times when receiving data. When the transmitting / receiving apparatus B performs the data distribution service, the transmitting side determines the number of times the transmitting / receiving apparatus B can use the data, and reduces the number of times the data is transmitted every time the data is transmitted. do it.
Further, when data is transmitted from the authentication card A to the transmitting / receiving device B, it is determined whether or not the operation number registered in the authentication card A in advance at the time of transmitting the first transmission signal matches the specified operation number, If they do not match, data may not be transmitted. Further, if the numbers do not match the predetermined number of times in the determination, the data such as the password stored in the storage unit 106 of the authentication card A may be deleted.
In the above determination, for example, the b, c, and d digits of the operation number are set as numbers set for each user of the authentication card A, and the user sets the b, c, and d digits of the operation number when the operation number is designated. , Specify to the set number. When the first transmission signal is transmitted, the b, c, and d digits of the designated operation number match the b, c, and d digits of the operation number registered in the authentication card A. Is determined.
In this way, even if the authentication card A is illegally acquired, the acquirer can use the authentication card A to transmit data to the transmitting / receiving device B if he does not know the registered operation number. This is preferable because it cannot be performed. Also, even if the data such as the password of the authentication card A is erased by mistake, the authentication card A is not used if the data such as the password is again registered with the transmitting / receiving device B. Will be able to In the case where the operation number is included in the second transmission signal, the above determination may be made when the second transmission signal is transmitted.
In the case of data transmission from the transmission / reception device B to another transmission / reception device B, the transmission path of the first transmission signal and the second transmission signal can be selected. The transmission route is set in advance. For example, the first outgoing signal can use a telephone line, and the second outgoing signal can use a dedicated line. In addition, the first and second transmission signals can use separate lines such as a telephone line, a dedicated line, an Internet line, and a wireless line. Further, the second transmission signal can be set to be transmitted to the transmission / reception device B on the reception side via a preset registration manager.
Further, at least one of the first transmission signal and the second transmission signal can be stored in a storage medium or the like from the input / output unit 203b, and the storage medium can be delivered to the receiving side. The receiving side can read outgoing signals stored in the storage medium from the input / output unit 203b.
Further, when a predetermined input signal is input to the authentication card A, data may be automatically transmitted to the transmission / reception device B. For example, by setting the input signal to the authentication card A as a signal from a door open / close detector, a fire detector, or the like, when a fire or the like is detected, transmission / reception of the transmission / reception device B from the input / output unit 103 is automatically performed. The personal identification number and a preset operation number are transmitted to the head 203a.
Thereby, the transmission / reception device B can reliably authenticate the authentication card A with the password, and perform a predetermined process based on the received operation number. For example, when the authentication card A transmits data to the transmission / reception device B by a signal from the fire detector, the transmission / reception device B acts as a fire alarm so as to notify predetermined contacts and perform processing such as activation of the alarm. I do.
As described above, since data transmission from the authentication card A to the transmission / reception device B is performed without passing through wiring, a system using various detectors can be easily configured.
Next, a process of the transmitting device when a transmission signal is transmitted from the authentication card A or the transmitting / receiving device B (hereinafter, referred to as a transmitting device) to another transmitting / receiving device B will be described with reference to FIG. Here, a case will be described in which the second transmission signal is transmitted from the transmission / reception device B to another transmission / reception device B via the communication line 1 without accompanying large-capacity data. The communication line I used for transmitting the first transmission signal and the second transmission signal is specified in advance. In step S10, the user specifies the communication number, operation number, conversion constant, password storage location, password, and control data from the input units 104 and 204, and the process proceeds to step S11.
The operation number, personal identification number, conversion constant and personal identification number recording location are those that have been registered in the transmitting device at the time of personal identification number registration. B is also registered.
Then, when receiving the transmission command signal based on the input of the user in step S11, the transmitting device generates a first transmission signal in step S12. Here, when the transmitting / receiving device is the authentication card A, the location of the transmitting / receiving device B on the receiving side is not specified, but when the transmitting / receiving device is the transmitting / receiving device B, the location of the transmitting / receiving device B on the receiving side is: For example, it is specified by a telephone number.
After generating the first transmission signal in step S12, the transmitting device transmits the first transmission signal in step S13. Here, when the transmitting / receiving device is the authentication card A, the first transmission signal is transmitted from the input / output unit 103. However, when the transmitting / receiving device is the transmitting / receiving device B, the designated communication is performed via the modem 210. The data is transmitted to the transmission / reception device B using the line I.
When the first transmission signal is transmitted, it may be determined whether or not the designated operation number is correct by using an operation number registered in advance. As a result of the determination, if the specified operation number is correct, the process proceeds to step S14, and if not, the fact may be displayed on the display units 104 and 204, and the process may be terminated.
If the specified operation number is not correct, the number may be counted and the process may return to step S10 without terminating the process. When the number of times reaches a predetermined number (for example, four times), registered data such as a password is erased. At this time, the counted number may be reset and return to “0” times when proceeding to step S14.
Then, in step S14, an answer back signal from the transmission / reception device B of the other party is received, and the process proceeds to step S15. If the answerback signal is not received within a predetermined time after transmitting the first transmission signal in step S13, the process may be terminated.
When the transmission / reception device B that has received the first transmission signal partially matches the password transmitted from the transmission device with the password of the transmission / reception device B on the reception side, the transmission / reception device B returns an answer back signal indicating that the password matches. On the other hand, if they do not match, an answer back signal indicating the mismatch is returned.
If it is determined in step S15 that the answerback signal indicating the match has been received (step S15; Yes), a second transmission signal is generated in step S16 based on the setting in step S10. Then, the second transmission signal generated in step S17 is transmitted, and the process ends.
On the other hand, if it is determined in step S15 that the answerback signal indicates a mismatch (step S15; No), the process ends. It should be noted that the inconsistency may be displayed on the display units 104 and 204.
Next, a process on the receiving side when the transmitting / receiving device B receives a transmission signal from the authentication card A or another transmitting / receiving device B will be described with reference to FIGS. First, in step S30, when the first transmission signal is received from the transmission-side device, in step S31, the first transmission signal is temporarily recorded in the storage unit 206 of the transmission / reception device B as packets of packet numbers 1 to 9. Then, in step S32, the data of the packet with the packet number 2 is referred to, the leading digit number is confirmed, and the process proceeds to step S33.
In step S33, it is determined whether the leading digit number is "0". If the leading digit number is "0" (step S33; Yes), the process proceeds to step S34, where the data of the packet number 5 refers to the packet number of the password recording location. Then, in step S35, the data of the packet number is referred to as a password, and the process proceeds to step S36. In step S36, the substitute value of the personal identification number received by the first transmission signal is referred to from the packet of the packet number 7.
On the other hand, when the leading digit number is not “0” in step S33 (step S33; No), the process proceeds to step S37, and it is determined whether or not the leading digit number is “1”. If the leading digit number is "1" in step S37 (step S37; Yes), the process proceeds from step S38 to S40, and the packet number of the personal identification number recording location is referred to by the data of the packet number 6 as in steps S34 to S36. Then, the data of the packet number is referred to as the password, and the substitute value of the password is referred to from the data of the packet number 8. If the first digit number is not "1" (step S37; No), the process ends.
Then, in step S41, the personal identification number referred to in step S35 and the first two digits of the substitute value of the personal identification number of the first transmission signal are compared for provisional authentication. As a result of the comparison, if the two do not match (step S41; No), the process proceeds to step S42, where an answer back signal to the effect that the two do not match is returned to the transmitting device, and the process ends.
On the other hand, if the result of the comparison in step S41 is that they match (step S41; Yes), the process proceeds to step S43. In step S43, an answer back signal indicating that they match is returned to the transmitting device.
Next, in step S44, the second transmission signal is received from the transmitting device, and in step S45, the second transmission signal is temporarily recorded. If the second transmission signal is not received within a predetermined time after transmitting the answer back signal in step S43, the process may be terminated.
Next, in step S46, it is determined whether or not the communication numbers of the first transmission signal and the second transmission signal match. If the result of the determination is that they match (step S46; Yes), the two are regarded as a pair of transmission signals, and the process proceeds to step S47. On the other hand, if they do not match (step S46; No), the process ends.
In consideration of the fact that another first transmission signal or the like may be received after the transmission of the answerback signal, even if the communication numbers of the received signals do not match, the predetermined time from the transmission of the answerback signal is further different. May be waited for the second transmission signal.
In step S47, it is determined whether or not the leading digit number of the operation number is “0”. If it is “0” (step S47; Yes), the process proceeds to step S48, where the first and second transmission signals are transmitted. The conversion constant of the packet of the packet number 3 is referred to. Here, they are conversion constants X and Y, respectively. On the other hand, if the leading digit number is not “0” in step S47, the process proceeds to step S49.
In step S49, it is determined whether or not the leading digit number is "1". If it is "1" (step S49; Yes), the process proceeds to step S50, and the conversion constants X and Y are set in the same manner as in step S48. Is read from the packet of the packet number 4 of the first and second transmission signals. If the first digit number is not "1" (step S49; No), the process ends.
Next, in step S51, a password is calculated from an alternative value (hereinafter referred to as Cx) of the password of the first transmission signal and the conversion constant Y. Further, a password is calculated from the substitute value (hereinafter, referred to as Cy) of the password of the second transmission signal and the conversion constant X, and the process proceeds to step S52.
In step S52, the g-digit number of the operation number received in the first transmission signal is referred to. If this is “0” or “1” (step S52; g = 0, 1), the process proceeds to step S53. On the other hand, if “2” (step S52; g = 2), the process proceeds to step S54.
In step S53, the password of the packet in the password holder (D) or the temporary password holder (Dt) of the transmitting / receiving device B is read, and the process proceeds to step S55. Here, the packet is a packet of the packet number specified in the location where the personal identification number of the first transmission signal is recorded.
In step S55, it is determined whether or not the password calculated from the first and second transmission signals in step S51 matches the password read in step S53. If they match (step S55; Yes), the process proceeds to step S56, a predetermined operation designated by the operation number is executed, and the process ends. In step S55, when they do not match (step S55; No), the process ends.
The predetermined operation is, for example, an operation of the external device C for safety management, a human entry / exit management processing operation, an automatic gate opening / closing operation, various reservation processing operations and the like.
If the g-digit number of the operation number is “2” in step S52 (step S52; g = 2), the calculated password is recorded in a packet of a predetermined password temporary recording holder (Dt), and The data of the original packet is deleted, and the process ends.
In the above-described embodiment, even when the transmission signal is transmitted from the authentication card A to the transmission / reception device B, the answer back signal is returned from the transmission / reception device B to the authentication card A. However, since the transmission from the authentication card A to the transmission / reception device B is performed over a short distance, the possibility that the transmission signal is leaked is low. Therefore, the reply of the answer back signal may be omitted. And the second transmission signal may be transmitted simultaneously.
When at least one of the first and second transmission signals is stored in the storage medium and delivered from the transmission side to the transmission / reception apparatus B on the reception side, the communication number, the operation number, the conversion constant When a password recording location, a password, and control data are designated, first and second transmission signals are generated, and if necessary, encrypted data is combined with one of the transmission signals. Then, one of the transmission signals is output from the input / output unit 203b to the storage medium. The other transmission signal is transmitted to another transmission / reception device B via the communication line.
In the other transmitting / receiving device B, one transmission signal stored in the storage medium is read from the input / output unit 203b, and authentication is performed based on the transmission signal and the other transmission signal that has already been received. Is decrypted.
The other transmission signal is stored in the storage unit 206 when received by the other transmission / reception device B, and when one transmission signal stored in the storage medium is read, the transmission signal and the communication number Based on
Next, as a specific example, a procedure for operating the door lock D using an operation number will be described. When the transmitting / receiving device B authenticates the password of the transmission signal transmitted from the transmitting device, the transmitting / receiving device B performs the operation according to the operation number.
If the h-digit number of the operation number is “1” in step 60 (step S60; Yes), the transmitting / receiving device B transmits a lock release signal to the connected door lock D in step S61. When the door lock release signal is transmitted, the operation of the authentication confirmation timer is started in step S62.
The authentication confirmation timer has a timer time set in advance, and is for issuing an external alarm when the set time has elapsed. If the h-digit number of the operation number is not “1” in step S60 (step S60; No), the process ends.
In step S63, it is determined whether or not the set time of the authentication confirmation timer has elapsed. If the set time has not elapsed (step S63; No), step S63 is repeated, and if the set time has elapsed (step S63). Yes) proceeds to step S64.
In step S64, it is determined by the door switch, which is one of the external devices C, whether the unlocked door is open or closed. If it is determined that the door is open (step S64; Yes), the process proceeds to step S65, the alarm is activated, and the process ends.
On the other hand, when it is determined that the door is closed (Step S64; No), the process ends. In this case, only the operation of the door lock D has been described. However, when another operation is designated by the operation number, another operation is performed. Further, the door lock D is a case where only the unlock is used as the input signal, but the door lock D may be such that both the unlock and the lock can be operated by the input signal of the unlock and the lock.
Industrial applicability
As described above, according to the present invention, when transmitting authentication data such as a personal identification number, a first transmission signal and a second transmission signal are set, and they are separately transmitted to the recipient. In the first transmission signal, an alternative value of the authentication data converted by the second conversion constant is arranged, and the first conversion constant is arranged and transmitted. On the other hand, a substitute value of the same authentication data converted by the first conversion constant is arranged in the second transmission signal, and a second conversion constant is arranged and transmitted.
The receiver receives both outgoing signals, converts the substitute values of the authentication data included in the first and second outgoing signals into authentication data again by the second and first conversion constants, and obtains them from both. If the received authentication data is equal, the data is received as authentication data.
Therefore, even if one of the outgoing signals leaks in the middle of the outgoing signal, the sender cannot safely decrypt the authentication data using only the one of the leaked outgoing signals. Can be sent to Further, by changing the transmission path, more secure data transmission becomes possible.
In addition, the encryption and decryption of the authentication data can be easily performed by the conversion constant, but secure data transmission is possible and the configuration related to the data transmission is simple. A data transmission system can be constructed.
In addition, even if a third party transmits data in place of the original sender, the recipient can perform personal authentication of the sender, thereby preventing inconvenience due to spoofing transmission.
Therefore, by using the data transmission system of the present invention, services such as highly secure user authentication and transmission of confidential documents can be provided. Further, it is possible to provide a security code registration management service for managing security code registration, deletion, data delivery, control condition change, and the like of the user.
In addition, by using the data transmission system of the present invention to transmit and authenticate the authentication data to the receiving side, it is possible to cause the receiving side to perform a predetermined operation by transmitting data accompanying the authentication data. Therefore, a remote operation of a predetermined operation by the sender who has been authenticated can be performed.
Further, according to the door lock using the data transmission system of the present invention, the door lock can be unlocked by the sender who has been personally authenticated. By transmitting the authentication data, the door can be unlocked without breaking.
[Brief description of the drawings]
1 to 3 are explanatory diagrams of a data transmission method according to the present invention, FIGS. 4 to 6 are explanatory diagrams of a data transmission method, FIG. 7 is an explanatory diagram showing an outline of a data transmission system, and FIG. 8 is an authentication card. 9 is a circuit diagram of a transmission / reception device, FIG. 10 is a partial cross-sectional view of a door lock, FIG. 11 is a circuit diagram of a door lock, FIG. 12 is an explanatory diagram of a transmission / reception data format of the transmission / reception device, and FIG. FIG. 14 is an explanatory view of the data format of the transmission signal, FIG. 14 is an explanatory diagram of the data format of the second transmission signal, FIG. 15 is a flowchart showing the flow of processing by a program on the transmission side, and FIGS. It is a flowchart which shows the flow of.

Claims (34)

A data transmission system for transmitting data from a transmitting device to a receiving device,
The transmitting device converts the authentication data into a second alternative value and a first alternative value by using a first conversion constant and a second conversion constant, respectively, and the first conversion value and the first conversion value. Means for transmitting a first outgoing signal including a constant and a second outgoing signal including the second alternative value and the second conversion constant to the receiving device by changing at least one of a transmission time and a transmission path; ,
The receiving device obtains the first substitute value, the second substitute value, the first conversion constant, and the second conversion constant from the first transmission signal and the second transmission signal from the transmission device. Means for identifying, calculating first decoded data from the first substitute value and the second conversion constant, and calculating second decoded data from the second substitute value and the first conversion constant Means for transmitting data. 2. The receiving device according to claim 1, further comprising means for authenticating the first decrypted data and the second decrypted data using the first decrypted data and the second decrypted data. Data transmission system. The receiving device includes a storage unit that stores authentication data, and includes a unit that performs authentication of the first decrypted data and the second decrypted data using the authentication data in the storage unit. The data transmission system according to claim 2. The receiving device compares the first substitute value with the authentication data in the storage unit when receiving the first transmission signal, and performs temporary authentication, and transmits a result of the temporary authentication to the transmitting device. Means,
The data transmission system according to claim 3, wherein the transmission device includes a unit that receives a result of the temporary authentication. 5. The data transmission system according to claim 1, wherein the transmission device and the reception device are connected to a communication network including the Internet. The data transmission system according to any one of claims 1 to 5, wherein the transmission device and the reception device include means for transmitting and receiving data by an infrared communication method, a radio wave method, or an optical communication method. The first transmission signal or the second transmission signal includes first data,
7. The data transmission system according to claim 1, wherein the receiving device is connected to an external device, and includes a unit that operates the external device based on the first data. The data transmission system according to claim 7, wherein the external device is a door lock. The first outgoing signal or the second outgoing signal includes second data,
The transmitting device includes a storage unit that stores the determination data, and when transmitting the first transmission signal or the second transmission signal, a unit that performs authentication of the second data using the determination data. Means for storing the number of times the second data has not been authenticated, and means for erasing the data stored in the storage unit when the number of times has reached a predetermined number. Item 9. The data transmission system according to any one of Items 1 to 8. 10. The method according to claim 1, wherein at least one of the first transmission signal and the second transmission signal is transmitted to the receiving device together with data encrypted using the authentication data. Data transmission system as described. A method for transmitting authentication data from a transmitting device to a receiving device,
A first step in which the transmitting device converts the authentication data into a second alternative value and a first alternative value using a first conversion constant and a second conversion constant, respectively;
A second step in which the transmitting device transmits a first transmission signal including the first substitute value and the first conversion constant to the receiving device;
The transmission device transmits a second transmission signal including the second substitute value and the second conversion constant to the reception device by making at least one of a transmission time and a transmission path different from the first transmission signal. A third step of transmitting;
A fourth step in which the receiving device recognizes the first substitute value and the first conversion constant from the first transmission signal received from the transmitting device;
A fifth step in which the receiving device recognizes the second substitute value and the second conversion constant from the second transmission signal received from the transmitting device;
The receiving device calculates first decoded data from the first substitute value and the second conversion constant, and calculates second decoded data from the second substitute value and the first conversion constant. And a sixth step. After the sixth step, the receiving device performs a seventh step of performing authentication of the first and second decrypted data using the first and second decrypted data. The method of claim 11, comprising: After the seventh step, the receiving device authenticates the first decrypted data and the second decrypted data using authentication data stored in a storage unit provided in the receiving device. 13. The method according to claim 12, comprising eight steps. A temporary authentication step in which the receiving device compares a first substitute value with authentication data in the storage unit between the second step and the third step; and 14. The method according to claim 11, further comprising transmitting a result of the temporary authentication to a device. In the second step, the transmitting device performs authentication of the second data included in the first transmission signal using the determination data stored in the storage unit provided in the transmitting device, Adding and storing the number of times when the second data is not authenticated, and erasing the data stored in the storage unit provided in the transmitting device when the number of times reaches a predetermined number of times; The method according to any of claims 11 to 14, comprising: An input unit into which data relating to the authentication data is input,
A storage unit in which data related to the authentication data is stored;
A transmitting and receiving unit for transmitting and receiving data;
An input / output unit for inputting / outputting data,
A process of converting the authentication data into a second alternative value and a first alternative value using a first conversion constant and a second conversion constant, respectively, a first process including the first alternative value and the first conversion constant; Transmitting a transmission signal and a second transmission signal including the second alternative value and the second conversion constant by changing at least one of a transmission time and a transmission path. An apparatus characterized by the above. The control unit receives the first transmission signal and the second transmission signal, and processes the first substitution value, the second substitution value, and the first conversion from the first transmission signal and the second transmission signal. A process of recognizing a constant and the second conversion constant, calculating first decoded data from the first substitution value and the second conversion constant, and calculating the second substitution value and the first conversion constant; 17. The apparatus according to claim 16, wherein a process of calculating the second decoded data from is performed. 18. The method according to claim 17, wherein the control unit performs a process of authenticating the first decrypted data and the second decrypted data using the first decrypted data and the second decrypted data. Equipment. 19. The apparatus according to claim 17, wherein the control unit performs a process of authenticating the first decryption data and the second decryption data using the authentication data of the storage unit. The control unit, when receiving the first transmission signal, a process of performing a temporary authentication by comparing the first alternative value and the authentication data of the storage unit, a process of transmitting the result of the temporary authentication, 20. Apparatus according to any of claims 17 to 19, wherein: 21. The apparatus according to claim 16, wherein the transmission / reception unit is connected to a communication network including the Internet. 22. The apparatus according to claim 16, wherein the input / output unit includes means for transmitting and receiving data by an infrared communication system, a radio wave system, or an optical communication system. The data relating to the authentication data includes determination data,
The first outgoing signal includes second data,
The control unit performs authentication of the second data using the determination data, and adds and stores the number of times when the second data is not authenticated;
23. The method according to claim 16, further comprising: erasing data stored in the storage unit when the number of times reaches a predetermined number. A first process of converting the authentication data into a second alternative value and a first alternative value using a first conversion constant and a second conversion constant, respectively;
A second process of transmitting a first transmission signal including the first substitute value and the first conversion constant;
And transmitting a second transmission signal including the second substitute value and the second conversion constant by making at least one of a transmission time and a transmission path different from the first transmission signal. A program to be executed by a device. A first recognizing unit for recognizing the first alternative value and the first conversion constant from a first transmission signal including a first alternative value obtained by converting the authentication data by the second conversion constant and a first conversion constant Processing and
The second substitution value and the second conversion constant are recognized from a second transmission value including the second substitution value obtained by converting the authentication data by the first conversion constant and the second conversion constant. A second process;
A third process of calculating first decoded data from the first substitute value and the second conversion constant, and calculating second decoded data from the second substitute value and the first conversion constant; For causing the receiving device to execute After the third process, a fourth process of authenticating the first decrypted data and the second decrypted data using the first decrypted data and the second decrypted data is performed by a receiving device. 26. The program according to claim 25, wherein the program is executed. After the fourth process, using the authentication data stored in the storage unit of the receiving device, causing the receiving device to execute a process of authenticating the first decrypted data and the second decrypted data. The program according to claim 26, wherein the program is characterized by: After the first process, a process of performing temporary authentication of the first substitute value using authentication data stored in a storage unit of the receiving device, and a process of transmitting a result of the temporary authentication The program according to any one of claims 25 to 27, wherein the program is executed by a receiving device. After the second process, a process of receiving a result of the temporary authentication and causing the transmitting device to execute the third process when the first substitute value is authenticated by the temporary authentication. The program according to claim 24, wherein: After the first processing, authentication of the second data specified in the first transmission signal is performed using the discrimination data of the transmitting device, and when the second data is not authenticated, 30. The program according to claim 24, wherein the program causes the transmitting device to execute a process of adding and storing the data and a process of erasing data of the transmitting device when the number of times reaches a predetermined number. In a door lock which is arranged on a door frame and locks the door frame to a fixed object by a strike,
The door lock includes the strike, a latching plug for catching the strike, a first device, and a second device.
The first device includes first means for driving the latching plug, and a first control unit for controlling the operation of the first means by an external operation signal,
The second device includes: a second unit configured to release the latching plug and the first unit from the strike; and a second control unit configured to control an operation of the second unit by an external operation signal. A door lock comprising: The first device or the second device is a solenoid actuator or a micromotor. 33. The door lock according to claim 31, wherein the second device is a micromotor, and further includes a changeover switch for rotating the micromotor forward and reverse. The first device includes third means for detecting a position of the first means,
The door lock according to any one of claims 31 to 33, wherein the third means controls the operation of the second means.

Images