WO2013125414A1 - Système d'authentification mutuelle, serveur d'authentification mutuelle, procédé d'authentification mutuelle et programme d'authentification mutuelle - Google Patents

Système d'authentification mutuelle, serveur d'authentification mutuelle, procédé d'authentification mutuelle et programme d'authentification mutuelle Download PDF

Info

Publication number
WO2013125414A1
WO2013125414A1 PCT/JP2013/053414 JP2013053414W WO2013125414A1 WO 2013125414 A1 WO2013125414 A1 WO 2013125414A1 JP 2013053414 W JP2013053414 W JP 2013053414W WO 2013125414 A1 WO2013125414 A1 WO 2013125414A1
Authority
WO
WIPO (PCT)
Prior art keywords
mutual authentication
time
feature vector
feature vectors
terminal devices
Prior art date
Application number
PCT/JP2013/053414
Other languages
English (en)
Japanese (ja)
Inventor
潤 野田
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2013125414A1 publication Critical patent/WO2013125414A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L19/00Speech or audio signals analysis-synthesis techniques for redundancy reduction, e.g. in vocoders; Coding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
    • G10L19/012Comfort noise or silence coding

Definitions

  • the present invention relates to a mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program, and more particularly to a mutual authentication system for constructing an ad hoc connection relationship between specific devices.
  • Mutual authentication between devices is essential even when building such an ad hoc connection relationship.
  • PIN Personal Identification Number
  • Patent Document 1 discloses a communication function that detects that buttons provided on an apparatus are simultaneously pressed, generates a unique group connection ID, and uses this as a common key (authentication key) for mutual authentication. Is described.
  • Non-Patent Document 1 describes an outline of a technique in which keys are shared by holding devices provided with a non-contact IC reader and used for mutual authentication as an authentication key. Further, in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, a common change amount is detected by applying the same movement from the outside to the two devices including the acceleration sensor, thereby sharing the authentication key. The technology is described.
  • Patent Document 4 describes a mutual authentication system in which a mobile terminal reads a two-dimensional code generated by a web server and displayed on a terminal, thereby generating unique information for specifying a user.
  • Patent Document 5 describes an authentication method including a plurality of terminals and a session management apparatus, and exchanging key information between terminals via an encrypted channel established by the terminal-session management apparatus.
  • Patent Documents 2 to 3 and Non-Patent Documents 2 to 4 the user needs to perform operations such as shaking the two devices together.
  • operations such as shaking the two devices together.
  • there are many devices that cannot be operated due to physical reasons such as being large, heavy, and vulnerable to impact, and thus cannot be applied to such devices.
  • the technology that can solve this problem is not described in the remaining patent documents 4 to 5.
  • the technique described in Patent Document 4 is for authenticating that the terminal and the portable terminal are the same user, and does not construct an ad hoc connection relationship, so the object of the invention is different in the first place.
  • the technique described in Patent Document 5 is a technique for constructing a communication path for distributing an authentication key, and is not a technique for generating an authentication key.
  • An object of the present invention is to provide a mutual authentication system that does not require a complicated operation for a user, does not significantly increase costs, and can establish an ad hoc connection relationship between information devices with sufficient security, To provide a mutual authentication server, a mutual authentication method, and a mutual authentication program.
  • a mutual authentication system is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume.
  • a feature vector generation unit that analyzes a frequency component for each time-series data received from each terminal device and generates a feature vector, and compares the generated feature vectors between the terminal devices to determine whether they match.
  • a feature vector comparing means for determining whether or not, and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
  • a mutual authentication server is a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system, and the volume of sound received from each terminal device.
  • the feature vector generation means for generating a feature vector by analyzing the frequency component for each of the time-series data representing the time variation of the time, and comparing the generated feature vector between the terminal devices, whether or not they match
  • a feature vector comparing means for determining whether or not and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
  • a mutual authentication method is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • the voice data transmitting means of each terminal device transmits surrounding environmental sounds to the mutual authentication server as time-series data representing the time change of the volume of the sound
  • the feature vector of the mutual authentication server The generation means analyzes the frequency component for each of the time-series data received from each terminal device to generate a feature vector, and the feature vector comparison means of the mutual authentication server transfers the generated feature vector between the terminal devices.
  • the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match. And butterflies.
  • a mutual authentication program is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • a procedure for generating a feature vector by analyzing a frequency component for each of time-series data representing a temporal change in sound volume received from each terminal device in a computer provided in the mutual authentication server in the mutual authentication system A procedure for comparing the generated feature vectors between the terminal devices to determine whether they match, and a procedure for generating and transmitting an authentication key to each terminal device if the feature vectors match Is executed.
  • the voice input means provided in many devices in advance is provided.
  • Mutual authentication can be performed by using it as it is.
  • a mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program can be provided.
  • FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means to key sharing means shown in FIG. 1 in more detail. It is explanatory drawing shown about an example of the operation
  • FIG. 8 is an explanatory diagram illustrating examples of a plurality of types of quantization patterns prepared when the quantization function of the feature vector generation unit illustrated in FIG. 2 performs the processing illustrated in FIG. 7. It is explanatory drawing shown about the process which the feature vector comparison means shown in FIG. 1 performs. It is explanatory drawing shown about the process which the key sharing means 105 shown in FIG. 1 performs. It is explanatory drawing which shows the example of the mutual authentication system produced experimentally.
  • a mutual authentication system 1 includes a mutual authentication system configured by connecting a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives an authentication key to these terminal devices. It is.
  • Each terminal device 20 includes a voice data transmission unit 203 that transmits surrounding environmental sounds to the mutual authentication server as time-series data representing temporal changes in sound volume.
  • the mutual authentication server 10 compares the generated feature vector between the terminal devices and the feature vector generating unit 103 that generates a feature vector by analyzing the frequency component of each time-series data received from each terminal device.
  • the feature vector comparison unit 104 that determines whether or not they match, and the key sharing unit 105 that generates and transmits an authentication key to each terminal device when the feature vectors match.
  • Each terminal device 20 includes a sensing unit 202 that collects ambient environmental sounds as audio data, and the audio data transmission unit 203 extracts a plurality of representative values from the collected audio data and converts them into time-series data. Send as. Furthermore, each of the terminal device 20 and the mutual authentication server 10 includes time synchronization means 201 and 101 that synchronize time with each other in advance.
  • the mutual authentication server 10 detects a predetermined number of extreme values from each time series data received from each terminal device, and based on the timing at which these extreme values are detected, the time axis direction between the time series data
  • the data synchronization unit 102 corrects the deviation and outputs it to the feature vector generation unit 103.
  • the feature vector generation means 103 of the mutual authentication server 10 divides the time-series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum.
  • 103a a quantization function 103c that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages, and a Fourier transform function 103a.
  • a cut-off function 103b that removes a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum and shifts it to the quantization function 103c.
  • the quantization function 103c of the mutual authentication server 10 provides a plurality of groups with a plurality of thresholds with respect to a preset level as one group, and outputs a feature vector for each group.
  • the feature vector comparison unit 104 compares a plurality of feature vectors generated in the same time window between the terminal devices, and if there is even one feature vector that matches between the terminal devices, It is determined that the feature vectors of the terminal device match.
  • the key sharing means 105 of the mutual authentication server 10 calculates the total value of the information amount per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of the information amount is given in advance. Only when the value is equal to or greater than the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as an authentication key.
  • the mutual authentication system 1 can construct an ad hoc connection relationship between the terminal devices 20 without requiring a complicated operation, without significantly increasing costs, and with sufficient safety. It becomes possible. Hereinafter, this will be described in more detail.
  • FIG. 1 is an explanatory diagram showing the configuration of the mutual authentication system 1 according to the first embodiment of the present invention.
  • the mutual authentication system 1 includes two terminal devices 20a and 20b (hereinafter collectively referred to as terminal devices 20) to be subjected to mutual authentication, and a mutual authentication server that generates and gives an authentication key to these terminal devices 20. 10 are connected to each other via a network 30.
  • the network 30 may be a wired connection or a wireless connection, and the connection form and protocol are not particularly limited.
  • the mutual authentication server 10 has a basic configuration as a computer device.
  • the computer 11 includes a processor 11 that is an operation subject of the computer program, a storage unit 12 that stores the program and data, and a communication unit 13 that performs data communication with each terminal device 20.
  • the processor 11 of the mutual authentication server 10 operates the time synchronization means 101 for matching the time with the terminal device 20 by the operation of the mutual authentication program, and the time axis direction deviation of the time series data received from each terminal device 20.
  • each of the key sharing means 105 functions to generate and transmit an authentication key to each terminal device 20.
  • the generated authentication key 111 is stored in the storage unit 12.
  • FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means 102 to key sharing means 105 shown in FIG. 1 in more detail.
  • the feature vector generation unit 103 is further divided into three functional units, that is, a Fourier transform function 103a, a cutoff function 103b, and a quantization function 103c.
  • the Fourier transform function 103a performs FFT (Fast Fourier Transform) on the input time series data and outputs a power spectrum.
  • the cut-off function 103b cuts frequency components of the input power spectrum that are equal to or higher than a predetermined cut-off frequency.
  • the quantization function 103c collates the output power spectrum with a plurality of threshold values given in advance, and outputs a feature vector having the quantized value of the power spectrum for each frequency as an element.
  • the terminal devices 20 (20a and 20b) both have the same configuration, and all have a basic configuration as a computer device. That is, the voice data is transmitted by the processor 21 that is the main operating body of the computer program, the storage unit 22 that stores the program and data, the communication unit 23 that performs data communication with the mutual authentication server 10 and other terminal devices 20, and a microphone. Voice input means 24 for acquiring and inputting
  • the processor 21 of the terminal device 20 operates the time series of sound pressure by using the time synchronization unit 201 that synchronizes the time with the mutual authentication server 10 and the sound input unit 24 by operating the mutual authentication program.
  • Sensing means 202 that collects change data (voice data), voice data sending means 203 that compresses the amount of acquired voice data and sends it to the mutual authentication server 10, and receives an authentication key from the mutual authentication server 10 Function as mutual authentication means 204 for performing mutual authentication.
  • the storage unit 22 stores the authentication key 211 received from the mutual authentication server 10.
  • each time synchronization means 101 and 201 performs time synchronization processing for adjusting time between each other. This time synchronization process may be performed when the mutual authentication server 10 and the terminal device 20 are turned on, or may be performed periodically at a specific cycle.
  • An NTP (Network Time Protocol) protocol can be used for time synchronization.
  • the sensing means 202 of the terminal device 20 is based on the assumption that the time synchronization process is performed, and a reference time t0 that is set in advance as a common value between the mutual authentication server 10 and each terminal device 20.
  • a reference time t0 that is set in advance as a common value between the mutual authentication server 10 and each terminal device 20.
  • FIG. 3 is an explanatory diagram illustrating an example of an operation in which the audio data transmission unit 203 illustrated in FIG. 1 obtains a representative value of the environmental sound.
  • the voice data transmission unit 203 reduces the data amount of the sound pressure data 251 of the f / second environmental sound collected by the sensing unit 202 as data of fc (f> fc) / second.
  • the data is divided for each number of quotients obtained by dividing f by fc, and the maximum value obtained for each division is set as the representative value of the section to generate a total of fc time-series data 252.
  • the time-series data 252 is transmitted to the mutual authentication server 10 together with the label 252b indicating the sensing time in the sensing means 202.
  • the label 252b indicates a time range in which audio data is acquired, such as “t0 + ⁇ w to t0 + ( ⁇ + 1) w”.
  • an average value in the time range can be used as a representative value.
  • this “time range in which the audio data is acquired” is referred to as a target time range.
  • the voice data transmission unit 203 obtains an average value of every 80 sound pressure values, and obtains time series data 252 of 100 / unit time. Then, the obtained time series data is transmitted to the mutual authentication server 10.
  • the data synchronization means 102 waits for the arrival of the time series data 252 from the two terminal devices 20a and 20b, and corrects the deviation in the time axis direction for the time series data having the same label indicating the sensing time. .
  • This data synchronization means 102 absorbs the time lag of the time series data between the terminal devices. However, when the terminal time can be accurately synchronized, it is considered that such time lag does not occur at all. Therefore, this means may not be provided.
  • FIG. 4 is an explanatory diagram showing an example of an operation in which the data synchronization means 102 shown in FIG. 1 adjusts the time axis direction deviation of the time series data.
  • the data synchronization means 102 obtains, from the time series data received from the terminal device 20, a point where the slope of the sound pressure fluctuation graph changes from positive to negative, that is, a point that is convex upward as an extreme value.
  • the data synchronization means 102 has the smallest difference between possible values among the extreme values whose distance on the time axis is within a predetermined threshold when the waveforms received from the respective terminal devices 20 are superimposed.
  • the value is determined as an extreme value measured at the same timing.
  • an average value of distances in the time axis direction is calculated for a predetermined number (this number is a variable p_num) from the top of the value, and the calculation is performed. It operates to shift one data in the time axis direction by the average value.
  • the waveforms of the time series data received from the terminal devices 20a and 20b are displayed as 261 and 262, respectively.
  • p_num 4 that is, an average value of distances in the time axis direction is calculated for the top four extreme values 271 to 274 in the waveform within the target time range. Based on this average value, one waveform is shifted in the time axis direction by the average value.
  • the time series data of the terminal device on the time axis advanced side may be padded with zeros (so-called zero padding) for the time advanced to the head of the time series data.
  • zero padding when the data of the time slot
  • this processing by the data synchronization unit 102 is omitted, and the feature vector generation unit 103 that follows is obtained from each terminal device 20. It is also possible to pass time-series data as it is.
  • FIG. 5 is an explanatory diagram showing processing performed by the Fourier transform function 103a of the feature vector generation unit 103 shown in FIG.
  • the Fourier transform function 103a divides the time-series data whose time axis direction deviation is adjusted by the data synchronization means 102 into small intervals of a predetermined time interval. This is referred to herein as time windows 301-303.
  • the Fourier transform function 103a performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum indicating the frequency characteristics.
  • FIG. 5 shows a power spectrum 311 output with respect to the time window 301.
  • the time-series data received from each terminal device 20 includes sound pressure values of 100 / unit time as described above.
  • 64 continuous sound pressure values are used as one time window 301.
  • 50% (32 pieces) of them are overlapped with the next time window 302.
  • the subsequent time window 303 is also overlapped with the previous time window 302 by 50% (32).
  • the rate at which the continuous time windows are overlapped can be arbitrarily set. By doing in this way, more time windows can be cut out as comparison target data from time series data in the same target time range.
  • FIG. 6 is an explanatory diagram showing processing performed by the cut-off function 103b of the feature vector generation unit 103 shown in FIG.
  • the cut-off function 103b may be realized in an analog manner by a so-called LPF (low-pass filter) placed before the Fourier transform function 103a.
  • LPF low-pass filter
  • FIG. 7 is an explanatory diagram showing processing performed by the quantization function 103c of the feature vector generation unit 103 shown in FIG.
  • the quantization function 103c performs a quantization process by applying a quantization pattern to the power spectrum 311 output from the Fourier transform function 103a.
  • the quantization pattern here is a pattern in which a plurality of threshold values are set for each component frequency given in advance at a cutoff frequency fm or lower. A plurality of quantization patterns are prepared in advance, which will be described later, and FIG. 7 shows processing by one quantization pattern.
  • one quantization pattern includes four threshold values T1 to T4 for each component frequency of the power spectrum 311.
  • the power at each component frequency is classified into five levels. ing.
  • the component frequency is set in increments of 1 Hz from 0 to 10 Hz.
  • the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”.
  • the step is obtained as fc / N from the number of data points fc per unit time of the data input to the FFT and the number N of data points in the time window.
  • Region (5) if the power corresponding to each component frequency is T4 or more, region (4) if T3 or more and less than T4, region (3) if T2 or more and less than T3, region if T1 or more and less than T2. (2) If it is less than T1, it is classified into region (1).
  • the number and value of each of these threshold values and component frequencies can be arbitrarily set. In the text of this specification, for example, “5 number” is written as “(5)”.
  • the feature vector generation unit 103 outputs the feature vector 321 with respect to the power spectrum 311 shown in FIG.
  • the feature vector here is an array of regions corresponding to the power at each frequency for each component frequency of 1 to 10 Hz.
  • FIG. 8 is an explanatory diagram showing examples of a plurality of quantization patterns prepared when the quantization function 103c of the feature vector generation unit 103 shown in FIG. 2 performs the processing shown in FIG.
  • four kinds of quantization patterns 331 to 334 are prepared, and each of them includes four threshold values as in the case shown in FIG.
  • the number of quantization patterns can also be set arbitrarily, but the number of threshold values is common among the quantization patterns.
  • the threshold value included in each quantization pattern is an exponentially widened value based on the maximum value of the power spectrum calculated from the time series data.
  • the threshold value is slightly different between the quantization patterns.
  • the quantization function 103c prepares a plurality of quantization patterns with the threshold values shifted little by little, and outputs a plurality of feature vectors from one time window.
  • FIG. 9 is an explanatory diagram showing processing performed by the feature vector comparison unit 104 shown in FIG.
  • the feature vector comparison unit 104 compares the plurality of feature vectors output from the quantization function 103c with respect to the same time window output from each terminal device 20a and 20b, and the environmental sound collected by each terminal device is It is determined whether or not they are the same.
  • c feature vectors are output from each of the terminal devices 20a and 20b in the same time window.
  • the “same time window” means a time window observed and processed in the same time range in each of the terminal devices 20a and 20b.
  • the feature vector comparison means 104 compares the feature vectors output c by way of the same time window in each of the terminal devices 20a and 20b, and performs a brute force comparison. It is determined that the time series data match between the devices 20a and 20b.
  • the feature vector comparison unit 104 finds that “(5) (1) (2) (1)” of the feature vector matches the third from the top of the feature vector 331 and the first from the top of the feature vector 332. Therefore, it is already determined that the time series data match between the terminal devices 20a and 20b.
  • FIG. 10 is an explanatory diagram showing processing performed by the key sharing unit 105 shown in FIG.
  • the key sharing unit 105 receives the comparison result, generates an authentication key 111 for the terminal devices 20a and 20b, stores the authentication key 111 in the storage unit 12, and transmits the authentication key to the terminal devices 20a and 20b.
  • the key sharing means 105 calculates the information amount from the generation probability of the matched feature vector, and the key length exceeds a certain threshold with the sum of the information amount of the matched feature vectors for each time window as the key length. Only in this case, the hash value of the concatenated matching time windows is set as the authentication key 111.
  • the amount of information here is a concept in information theory. If the probability of occurrence of a certain event is P, the amount of information I (bits) calculated by the following equation 1 is used. is there.
  • the key sharing means 105 counts the total number of matched feature vectors and the number of matching individual feature vectors in the time range to be compared, but this count is not reset in units of time windows.
  • the feature vectors that match in other time windows within the target time range are also accumulated and counted, and the total amount of information (bits) of the matched feature vectors is obtained.
  • the total number of feature vectors 341 that coincide between the terminal devices 20a and 20b is ten, of which “(5) (1) (4) (1)” is three, (5) (2) (4) (1) ", one" (5) (1) (4) (2) “,” (5) (1) (3) (1) " Three pieces, “(5) (2) (4) (2)”, coincide with two pieces.
  • the respective feature vectors are obtained from the time windows 301 or 262 obtained from the time series data waveforms 261 and 262 obtained from the terminal devices 20a and 20b, and matched by the feature vector comparison means. Is observed.
  • FIG. 11 is an explanatory diagram showing an example of a mutual authentication system 401 created experimentally.
  • This mutual authentication system 401 is configured by connecting three terminal devices 420a to 420c and a mutual authentication server 410 via a wireless network.
  • Each of the terminal devices 420a to 420c has the same configuration as that of the terminal device 20 shown in FIGS.
  • the mutual authentication server 410 has the same configuration as the mutual authentication server 10 shown in FIGS.
  • the terminal devices 420a and 420b are installed in the same room 421, and the terminal device 420c is installed in the adjacent room 422.
  • FIG. 12 is a graph showing changes with respect to the measurement time of the total amount of information calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c in the mutual authentication system 401 shown in FIG. .
  • the sum total of the information amount calculated between the terminal devices 420a and 420b is represented as a graph 431
  • the sum total of the information amount calculated between the terminal devices 420a and 420c is represented as a graph 432.
  • the graph 431 represents the total amount of information calculated in each case in the situation where the same environmental sound should be observed, whereas the graph 432 represents the situation where the same environmental sound should not be observed. ing. As clearly shown in FIG. 12, the graphs 431 and 432 clearly differ in the total amount of information. Therefore, an appropriate value in the middle is set in advance as the threshold value 433, and the length of the target time when sensing is performed. It is possible to detect whether or not the environmental sounds are the same by comparing the corresponding threshold value with the total amount of information obtained.
  • the key sharing unit 105 When it is determined that the environmental sounds are the same, the key sharing unit 105 generates a hash value of the concatenated feature vectors 341 concatenated as the authentication key 111 and causes the storage unit 12 to store the hash value. And 20b.
  • the hash value here is an output value obtained by inputting the concatenated feature vectors 341 into an irreversible function.
  • the mutual authentication unit 204 receives the authentication key 211 (111) and stores it in the storage unit 22, and the terminal devices 20a and 20b perform mutual authentication using the authentication key.
  • the authentication key 111 (211) is preferably transmitted and received by a secure communication method such as SSL (Secure Socket Layer).
  • SSL Secure Socket Layer
  • the mutual authentication operation can use a known technique such as challenge-response authentication.
  • FIG. 13 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 10 and the terminal device 20 shown in FIG.
  • the respective time synchronization means 101 and 201 perform time synchronization processing for adjusting the time between them (steps S101 and 201).
  • the sensing means 202 acquires the environmental sound as voice data via the voice input means 24 (step S202).
  • voice data transmission means 203 of the terminal device 20 produces the time series data which removed the high frequency component from the acquired audio
  • the data synchronization means 102 waits for reception of time-series data from the terminal devices 20a and 20b, and corrects the time-axis direction deviation of the time-series data received from both terminal devices (step S102). Then, the feature vector generation unit 103 divides this time series data into time windows to form time windows, and applies c quantization patterns prepared in advance to each time window to obtain c feature vectors. Generate (step S103).
  • the feature vector comparison means 104 compares the c feature vectors generated in the same time window for both terminal devices in a brute force manner, and if even one feature vector is common, the feature vectors match. Determination is made (step S104). If the feature vectors do not match, the process ends abnormally.
  • the key sharing unit 105 that has received the comparison result calculates the information amount of each matched feature vector from the generation probability of the matched feature vector, and the matched feature vector only when the sum exceeds a given threshold value. Are transmitted as an authentication key to each terminal (steps S105 to S106). Even when the information amount of the feature vector does not exceed a certain threshold, the process ends abnormally.
  • the mutual authentication means 204 of the terminal devices 20a and 20b performs mutual authentication using the received authentication key (step S204).
  • this mutual authentication system can generate and issue an effective authentication key with sufficient strength by voice input alone. No special operation is required for this, and since many devices are equipped in advance with hardware and software necessary for voice input, the installation cost is small.
  • the mutual authentication method according to the present embodiment is a mutual authentication system in which a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives authentication keys to these terminal devices are connected to each other. Then, the voice data transmitting means of each terminal device transmits the surrounding environmental sound to the mutual authentication server as time-series data representing the time change of the sound volume (FIG. 13, steps S202 to 203).
  • the feature vector generating unit of the authentication server analyzes the frequency component for each of the time series data received from each terminal device to generate a feature vector (FIG.
  • step S103 and the feature vector comparing unit of the mutual authentication server Compares the generated feature vectors between the terminal devices to determine whether or not they match (FIG. 13, step S104), and the key sharing means of the mutual authentication server It generates and transmits an authentication key to each terminal device when the feature vectors are matched (13 steps S105 ⁇ 106).
  • the process of generating the feature vector by the feature vector generating means shown in step S103 of FIG. 13 is performed by dividing the time series data into time windows having a constant time interval by the Fourier transform function and performing FFT ( (Fast Fourier Transform) is performed to output a power spectrum, and the output power spectrum is collated with a plurality of thresholds to which a quantization function is given in advance to output a feature vector for each given frequency. Further, here, a plurality of feature vectors are output for each of a plurality of patterns given in advance for a combination of a plurality of threshold values.
  • FFT Fast Fourier Transform
  • step S104 in FIG. 13 compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature between the terminal devices. If even one of the vectors matches, it is determined that the feature vectors of the terminal devices match.
  • each of the above-described operation steps may be programmed to be executable by a computer, and may be executed by the processor 11 of the mutual authentication server 10 that directly executes each of the steps.
  • the program may be recorded on a non-temporary recording medium, such as a DVD, a CD, or a flash memory. In this case, the program is read from the recording medium by a computer and executed.
  • the first point is that the vibration that is the subject of authentication in this prior art is at most several times per second, but the voice is, for example, in the specification of a microphone for voice calls of a mobile phone terminal. Since sampling at 8 kHz and 8 bits is required at least, if this is transmitted as it is, a huge amount of communication (8 kilobytes / second) occurs during transmission, and the amount of processing at the time of determination is also huge It will be a thing.
  • the second point is that it is not always appropriate to share a key for mutual authentication even among users under similar environmental sounds.
  • the third point is that it is greatly influenced by differences in observation locations and acoustic characteristics between devices. From the above three points, it is very difficult to replace “vibration” in the prior art with “environmental sound” as it is.
  • the sound pressure data is compressed from 8000 to 100 per second and transmitted. This not only reduces the amount of communication during transmission (corresponding to the first point), but also incorrectly issues an authentication key to an unauthorized user, that is, the risk of false positive occurrence. The effect of reducing can also be acquired. This will be described in more detail below.
  • Environmental sounds can be broadly divided into “steady sound systems” that occur periodically and “pulse systems” that occur suddenly, but the environmental sounds of “steady sound systems” are not physically close to each other. There are many cases where the same sound is observed even in a place. Therefore, in order to apply the environmental sound for the purpose of “mutual authentication” of the present application, it is not a “steady sound system”, but whether or not it is coincident with the “pulse system” environmental sound that is observed only at that time. It is necessary to judge.
  • the mutual authentication system 501 in addition to the configuration of the first embodiment, when the key sharing unit 605 of the mutual authentication server 510 has a total amount of information equal to or less than a predetermined value, The feature vector is temporarily stored in a storage means provided in advance, and the feature vector stored temporarily is further concatenated with the feature vector generated from the time-series data sent from the same set of terminal devices. It was assumed that the hash value of what was created was generated as the authentication key.
  • FIG. 14 is an explanatory diagram showing the configuration of the mutual authentication system 501 according to the second embodiment of the present invention.
  • the mutual authentication system 501 is the mutual authentication system 1 shown in the first embodiment, in which the mutual authentication server 10 is replaced with another mutual authentication server 510.
  • the terminal device 20 is the same as that in the first embodiment.
  • the mutual authentication server 510 has the same hardware configuration as the mutual authentication server 10, and the software configuration that operates on the processor 11 is replaced by another key sharing unit 605 instead of the key sharing unit 105. It is the same except that an area for storing the feature vector 612 is added to the means 12. Therefore, only the differences will be described here.
  • FIG. 15 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 510 and the terminal device 20 shown in FIG. It goes without saying that the operation of the terminal device 20 is the same as that of the first embodiment shown in FIG. 13, but the operation of the mutual authentication server 510 and steps S101 to S106 are also shown in FIG. It is the same as the operation of the form.
  • the only operation different from that of the first embodiment is that the key sharing unit 605 stores the feature vector 612 in the storage unit 12 when the total amount of information (key length) of the matched feature vectors does not exceed a certain threshold. (Step S107). Then, when new time-series data is sent from the same set of terminal devices 20 in the subsequent operation, the key sharing means 605 stores the feature vector generated from the new time-series data. The feature vectors 612 are further concatenated and the hash values are transmitted as authentication keys to each terminal.
  • one mutual authentication system may include three or more terminal devices, and these terminal devices may perform mutual authentication with a set of three or more devices.
  • One of the terminal devices included in one mutual authentication system may also have a function as a mutual authentication server.
  • the user designates a specific time range, and only the designated time range is set as a target time range to be authenticated in the present invention, or conversely, excluded from the target time range to be authenticated in the present invention. It is also possible to adopt a configuration that does this.
  • a mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices,
  • Each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume
  • the mutual authentication server is Feature vector generation means for generating a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device; Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
  • a mutual authentication system comprising key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  • each of the terminal device and the mutual authentication server has a time synchronization means for adjusting the time between each other in advance.
  • the mutual authentication server is A predetermined number of extreme values are detected from each of the time series data received from each terminal device, and a time axis direction shift between the time series data is detected based on the timing at which the extreme values are detected.
  • the feature vector generation means of the mutual authentication server includes: A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum; Supplementary note 1 characterized by having a quantization function that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the feature vector generation means of the mutual authentication server includes: Appendix 5 characterized by having a cut-off function for removing a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifting the power component to the quantization function.
  • Appendix 5 characterized by having a cut-off function for removing a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifting the power component to the quantization function.
  • the quantization function of the mutual authentication server is: 6.
  • the feature vector comparison unit of the mutual authentication server compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature vector is 1 between the terminal devices.
  • the key sharing unit of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the calculated information amount Note that only when the total value is equal to or greater than a predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key. 8.
  • the key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated information amount
  • a hash value of the concatenated feature vectors and the concatenated feature vectors is generated as the authentication key
  • the total value of the information amount is
  • the feature vector is temporarily stored in a storage unit provided in advance, and further added to the feature vector generated from the time-series data sent from the same set of terminal devices.
  • a mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system, Feature vector generating means for generating a feature vector by analyzing a frequency component for each of the time-series data representing a temporal change in the volume of sound received from each terminal device; Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
  • a mutual authentication server comprising: key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  • the feature vector generation means includes A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum; Appendix 11 has a quantization function for outputting a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the quantization function is 13.
  • the said feature vector comparison means compares the said several feature vectors produced
  • the key sharing unit calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the total value of the calculated information amounts is given in advance.
  • the mutual feature according to appendix 14 characterized in that only when the predetermined feature value is greater than or equal to the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  • Authentication server characterized in that only when the predetermined feature value is greater than or equal to the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  • the voice data transmitting means of each terminal device transmits surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume
  • the feature vector generation means of the mutual authentication server generates a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device
  • the feature vector comparison means of the mutual authentication server compares the generated feature vectors between the terminal devices to determine whether or not they match.
  • a mutual authentication method wherein the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match.
  • the process in which the feature vector generation unit generates the feature vector includes: The Fourier transform function divides the time series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum, The feature vector for each frequency is output by collating the power level for each frequency of the output power spectrum with a threshold value for which a quantization function is set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the process in which the quantization function outputs the feature vector includes: 18.
  • the feature vector comparing means compares the feature vectors.
  • the plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device 19.
  • the key sharing means generates and transmits an authentication key. Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value
  • the procedure for generating the feature vector includes: A step of dividing the time series data into time windows at regular time intervals and performing FFT (Fast Fourier Transform) on each time window to output a power spectrum; And appending the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages to output a feature vector for each frequency.
  • FFT Fast Fourier Transform
  • the procedure for outputting the feature vector includes: The mutual authentication program according to appendix 22, characterized by including a procedure in which a plurality of the thresholds for a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group. .
  • the procedure for comparing the feature vectors includes: The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device.
  • the procedure for generating and transmitting the authentication key is as follows. Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value 25.
  • the present invention can be used in a mutual authentication system for constructing an ad hoc (non-permanent, temporary) connection relationship between specific devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

[Problème] L'invention vise à pourvoir à un système d'authentification mutuelle pour créer une connexion ad hoc entre dispositifs d'informations. [Solution] Le système d'authentification mutuelle (1) selon la présente invention est configuré par connexion d'une pluralité de dispositifs terminaux (20) à un serveur d'authentification mutuelle (10) qui génère et attribue une clé d'authentification aux dispositifs terminaux. Chaque dispositif terminal (20) est pourvu d'un moyen de transmission de données sonores (203) pour transmettre le son ambiant de l'environnement au serveur d'authentification mutuelle en tant que données de séries chronologiques représentant le changement de volume du son au fil du temps. Le serveur d'authentification mutuelle (10) est pourvu d'un moyen de génération de vecteurs de caractéristiques (103) pour soumettre les données de séries chronologiques reçues en provenance de chaque dispositif terminal à une transformée de Fourier rapide (FFT) et générer des vecteurs de caractéristiques, d'un moyen de comparaison de vecteurs de caractéristiques (104) pour comparer les vecteurs de caractéristiques générés pour les dispositifs terminaux et déterminer s'il y a une correspondance, et d'un moyen de partage de clé (105) pour générer et transmettre la clé d'authentification à chaque dispositif terminal lorsque les vecteurs de caractéristiques correspondent.
PCT/JP2013/053414 2012-02-23 2013-02-13 Système d'authentification mutuelle, serveur d'authentification mutuelle, procédé d'authentification mutuelle et programme d'authentification mutuelle WO2013125414A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012-037361 2012-02-23
JP2012037361 2012-02-23

Publications (1)

Publication Number Publication Date
WO2013125414A1 true WO2013125414A1 (fr) 2013-08-29

Family

ID=49005601

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/053414 WO2013125414A1 (fr) 2012-02-23 2013-02-13 Système d'authentification mutuelle, serveur d'authentification mutuelle, procédé d'authentification mutuelle et programme d'authentification mutuelle

Country Status (2)

Country Link
JP (1) JPWO2013125414A1 (fr)
WO (1) WO2013125414A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015207873A (ja) * 2014-04-18 2015-11-19 日本放送協会 受信装置
JP2015232816A (ja) * 2014-06-10 2015-12-24 日本電信電話株式会社 認証システムおよびその動作方法
WO2016141972A1 (fr) * 2015-03-10 2016-09-15 ETH Zürich Authentification à deux facteurs sur la base d'un son ambiant
WO2023145985A1 (fr) * 2022-01-26 2023-08-03 엘지전자 주식회사 Dispositif d'affichage

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004418A1 (fr) * 2003-07-04 2005-01-13 Nippon Telegraph And Telephone Corporation Procede de mediation dans un rpv a acces a distance et dispositif de mediation
JP2009239431A (ja) * 2008-03-26 2009-10-15 Nec Corp 仲介システム、仲介方法および仲介用プログラム
JP2010187282A (ja) * 2009-02-13 2010-08-26 Nec Corp 暗号鍵生成システム、暗号鍵生成方法および暗号鍵生成用プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004418A1 (fr) * 2003-07-04 2005-01-13 Nippon Telegraph And Telephone Corporation Procede de mediation dans un rpv a acces a distance et dispositif de mediation
JP2009239431A (ja) * 2008-03-26 2009-10-15 Nec Corp 仲介システム、仲介方法および仲介用プログラム
JP2010187282A (ja) * 2009-02-13 2010-08-26 Nec Corp 暗号鍵生成システム、暗号鍵生成方法および暗号鍵生成用プログラム

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015207873A (ja) * 2014-04-18 2015-11-19 日本放送協会 受信装置
JP2015232816A (ja) * 2014-06-10 2015-12-24 日本電信電話株式会社 認証システムおよびその動作方法
WO2016141972A1 (fr) * 2015-03-10 2016-09-15 ETH Zürich Authentification à deux facteurs sur la base d'un son ambiant
WO2023145985A1 (fr) * 2022-01-26 2023-08-03 엘지전자 주식회사 Dispositif d'affichage

Also Published As

Publication number Publication date
JPWO2013125414A1 (ja) 2015-07-30

Similar Documents

Publication Publication Date Title
Mayrhofer et al. Shake well before use: Intuitive and secure pairing of mobile devices
Karapanos et al. {Sound-Proof}: Usable {Two-Factor} authentication based on ambient sound
Schürmann et al. Secure communication based on ambient audio
RU2433560C2 (ru) Проверка синхронизации для аутентификации устройства
WO2017069118A1 (fr) Dispositif d'authentification personnelle, procédé d'authentification personnelle, et programme d'authentification personnelle
KR20190031989A (ko) 블록체인 기반의 전자 계약 처리 시스템 및 방법
Cao et al. Sec-D2D: A secure and lightweight D2D communication system with multiple sensors
Prasad et al. Efficient device pairing using “human-comparable” synchronized audiovisual patterns
US10764035B2 (en) Control methods of decryption key storage server, biometric information storage server, and matching server in authentication system
US20200034551A1 (en) Systems and methods for providing interactions based on a distributed conversation database
WO2013125414A1 (fr) Système d'authentification mutuelle, serveur d'authentification mutuelle, procédé d'authentification mutuelle et programme d'authentification mutuelle
KR102332662B1 (ko) 생체정보를 이용한 인증 방법 및 장치
US20140380052A1 (en) Message filtering method and system
CN103916725A (zh) 一种蓝牙耳机
US10638318B2 (en) Optical chaos based wireless device fingerprinting
Shah et al. Towards a lightweight continuous authentication protocol for device-to-device communication
Nguyen et al. Using ambient audio in secure mobile phone communication
Lee et al. ivPair: Context-based fast intra-vehicle device pairing for secure wireless connectivity
JP2014138404A (ja) 相互認証システム、端末装置、相互認証サーバ、相互認証方法および相互認証プログラム
CN109889532A (zh) 基于环境上下文的物联网设备安全认证与密钥协商方法
Luo et al. Ambient audio authentication
Shang et al. AudioKey: a usable device pairing system using audio signals on smartwatches
Nguyen et al. Pattern-based alignment of audio data for ad hoc secure device pairing
Sandosh et al. State-of-the-Art of Voice Assistance Technology, Mitigating Replay Attacks: A Comprehensive Discussion
Sigg et al. AdhocPairing: Spontaneous audio based secure device pairing for Android mobile devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13751400

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2014500673

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13751400

Country of ref document: EP

Kind code of ref document: A1