WO2017073448A1 - Dispositif d'authentification mutuelle et procédé d'authentification mutuelle - Google Patents

Dispositif d'authentification mutuelle et procédé d'authentification mutuelle Download PDF

Info

Publication number
WO2017073448A1
WO2017073448A1 PCT/JP2016/081085 JP2016081085W WO2017073448A1 WO 2017073448 A1 WO2017073448 A1 WO 2017073448A1 JP 2016081085 W JP2016081085 W JP 2016081085W WO 2017073448 A1 WO2017073448 A1 WO 2017073448A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
digital signal
authentication information
unit
analog signal
Prior art date
Application number
PCT/JP2016/081085
Other languages
English (en)
Japanese (ja)
Inventor
史彦 赤羽
Original Assignee
日本電産サンキョー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電産サンキョー株式会社 filed Critical 日本電産サンキョー株式会社
Priority to CN201680063127.5A priority Critical patent/CN108351934A/zh
Publication of WO2017073448A1 publication Critical patent/WO2017073448A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation

Definitions

  • the present invention relates to a mutual authentication device and a mutual authentication method, and more particularly to a mutual authentication device and a mutual authentication method for performing mutual authentication between a higher-level device and a lower-level device.
  • Such a card reader is configured to perform mutual authentication with a computer such as an ATM (Automated Teller Machine), which is a host device, in order to improve security.
  • a computer such as an ATM (Automated Teller Machine), which is a host device
  • Patent Document 1 as an example of such a card reader, in a mutual authentication system in which a higher-level device and a lower-level device mutually authenticate, even when the lower-level device has a plurality of subordinate devices, it is easy to construct a mutual authentication system A mutual authentication system and a mutual authentication method are described.
  • a control unit that controls the entire card reader, an encryption magnetic head that is a subordinate device arranged in the card reader, and a host device perform mutual authentication.
  • Patent Document 1 has a complicated configuration related to encryption / decryption. That is, unless a circuit having a complicated configuration is mounted, it is not possible to detect replacement with an unauthorized device.
  • An object of the present invention has been made in view of such a situation, and is to provide a mutual authentication device that can easily detect replacement with an unauthorized device even if the configuration is simplified.
  • the problem of the present invention has been made in view of such a situation, and by providing a mutual authentication method capable of easily detecting replacement with an unauthorized device even if the configuration is simplified. is there.
  • the mutual authentication apparatus performs mutual authentication between an A / D conversion unit that receives an analog signal having a continuous waveform in time series from another apparatus and converts it into a received digital signal, and the other apparatus.
  • Authentication information storage means for storing authentication information for authentication, and authentication for verifying the displacement pattern of the received digital signal converted by the A / D converter with the authentication information stored in the authentication information storage means
  • the authentication information includes a period for verifying the analog signal, a sampling period, and verification data for verifying the displacement pattern.
  • the mutual authentication apparatus of the present invention further includes an authentication information resetting unit that resets the authentication information at a specific timing, and the transmission digital signal creation unit is configured to reset the authentication information reset by the authentication information resetting unit.
  • the transmission digital signal is generated based on information, and the D / A converter converts the transmission digital signal corresponding to the reset authentication information generated by the transmission digital signal generation unit into an analog signal. And transmitting to the other apparatus.
  • the mutual authentication method of the present invention receives an analog signal that is a time-series continuous waveform from another device, converts it into a received digital signal, and performs authentication for mutual authentication with the other device. And the converted displacement pattern of the received digital signal is authenticated by comparing the stored authentication information, and if the authentication is successful, the transmission digital of the displacement pattern corresponding to the stored authentication information A signal is generated, the generated transmission digital signal is converted into an analog signal, and transmitted to the other device.
  • a mutual authentication device that easily converts an unauthorized device even if simplified by digitally converting an analog signal transmitted from another device and verifying the displacement pattern by collating them.
  • the analog signal transmitted from another device is digitally converted, and this displacement pattern is collated and authenticated, so that it is possible to easily detect a change to an unauthorized device even if simplified.
  • a method can be provided.
  • FIG. 1 is a block diagram showing a system configuration of a mutual authentication system X according to an embodiment of the present invention.
  • the mutual authentication system X is an ATM having a card issuing function.
  • Kiosk terminals In addition to this ATM, Kiosk terminals, transportation ticket issuing systems, point card issuing systems such as convenience stores, member card issuing systems for retail stores, card issuing / payment systems for gaming machines, entrance / exit management It may be a system or the like.
  • the mutual authentication system X includes a card 3 for reading and writing, a writing card reader 1 (mutual authentication device), and a host device 2.
  • the card reader 1 is a motor reader type card reader / writer device.
  • the card reader 1 is connected to the host device 2 and executes various processes according to commands from the host device 2. Examples of the card reader include a magnetic card reader, a contact type IC card reader, and a non-contact type IC card reader. The detailed configuration of the card reader 1 will be described later.
  • the host device 2 is an embedded PC for ATM or the like.
  • the host device 2 includes a control unit, a storage unit, various interfaces, and the like, and controls the card reader 1.
  • the card 3 is a contact type or non-contact type IC card and / or a magnetic card.
  • the card 3 is a plastic card such as rectangular vinyl chloride having a thickness of about 0.7 to 0.8 mm.
  • an integrated circuit chip (IC chip) is embedded in the plastic substrate of the card 3 and an IC terminal is disposed on the surface.
  • an IC chip and an antenna coil are embedded in the plastic substrate.
  • a magnetic card a magnetic stripe for recording magnetic data is formed on the surface.
  • the card may be a PET (polyethylene terephthalate) card having a thickness of about 0.18 to 0.36 mm, a paper card having a predetermined thickness, or the like.
  • the card stores information such as user information and money value information.
  • the mutual authentication system X is a scanner that reads photos and characters on the card surface, a crusher that crushes the collected card, a card collection and return module that collects the card, and prints on the card surface.
  • a card printer or the like may be provided.
  • FIG. 1 the system configuration related to mutual authentication of the card reader 1 and the host device 2 is described with particular attention.
  • the card reader 1 and the host device 2 can execute the same mutual authentication process. Therefore, in the following, the configuration related to mutual authentication of the card reader 1 will be described with particular attention.
  • the card reader 1 includes a control unit 10, an A / D conversion unit 20, a storage unit 30 (authentication information storage unit), a D / A conversion unit 40, and an interface unit 50.
  • the control unit 10 is a control calculation means such as a CPU (Central Processing Unit).
  • the control unit 10 controls reading and writing of information on the card 3.
  • the card reader 1 can also encrypt and decrypt information read or written by the card 3.
  • the A / D converter 20 receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal that is a digital signal that can be handled by the controller 10 or the like. For this reason, the A / D conversion unit 20 is connected to the D / A conversion unit 41 of the host device 2 by a dedicated wiring or the like.
  • the analog signal input by the A / D conversion unit 20 is expressed by, for example, a continuous and temporal voltage change. In addition, a specific bias or the like is applied to this voltage. For example, if the number of quantization bits is 8 bits, the minimum value is 0 to the maximum value 255, and if it is 16 bits, the minimum value is 0 to the maximum value 65535.
  • the A / D conversion unit 20 acquires the received digital signal at a sampling frequency of 11 kHz to 48 kHz, for example.
  • the A / D converter 20 may store the received digital signal in a buffer or the like of the storage unit 30 using DMA (Direct Memory Access) or the like.
  • the storage unit 30 is a non-temporary recording medium such as a RAM (Random Access Memory), a ROM (Read Only Memory), or a flash memory.
  • the storage unit 30 controls the entire card reader 1, communicates with the host device 2, and displays a control program for executing various processes, an OS (Operating System), temporary data of each process, and various states. Stores status information, setting information indicating various settings, and the like.
  • the D / A converter 40 converts a digital signal into an analog signal according to an instruction from the controller.
  • the D / A conversion unit 40 is connected to the A / D conversion unit 21 of the host device 2 by a dedicated wiring or the like.
  • the interface unit 50 includes various interface circuits and physical layers for connecting to communication lines such as USB (Universal Serial Bus), RS-232C, and LAN (Local Area Network).
  • the interface unit 50 transmits and receives various kinds of information to and from the host device 2 via a communication line.
  • the various information includes various commands including an authentication start trigger and an authentication information reset trigger described later.
  • Each unit including the A / D conversion unit 20 and the D / A conversion unit 41 may be configured as a System On Chip or the like built in the control unit 10.
  • the card reader 1 conveys the card 3, a sensor of a mechanical type, an optical type, a magnetic type or the like that detects insertion of the card 3 or a position in the conveyance path, a sensor circuit that acquires this state, and the like.
  • a transport mechanism including a motor, a roller and the like, a motor circuit for driving the transport mechanism, a magnetic head for reading information on the card 3 inserted in the transport path, and writing information on the card,
  • a Read / Write circuit and a demodulation circuit for controlling the magnetic head are included.
  • the control unit 10 includes an authentication processing unit 100, a transmission digital signal creation unit 110, and an authentication information resetting unit 120 as functional configurations. These functional units can be realized by the control unit 10 expanding and executing the OS and the control program stored in the storage unit 30. Moreover, the control part 10 becomes a hardware resource for implement
  • the authentication processing unit 100 stores in the storage unit 30 a displacement pattern of a digital signal (hereinafter referred to as “received digital signal”) obtained by converting the analog signal received from the host device 2 or the like by the A / D conversion unit 20.
  • the authentication information 300 thus verified is verified.
  • the authentication processing unit 100 collates the displacement pattern of the received digital signal with the displacement pattern corresponding to the authentication information 300, and determines that the authentication is successful if the displacement pattern matches. Judge as failure.
  • the transmission digital signal creation unit 110 creates a digital signal (hereinafter referred to as “transmission digital signal”) to be transmitted to the higher-level device 2 and the like based on the displacement pattern corresponding to the authentication information 300 stored in the storage unit 30. .
  • the transmission digital signal creation unit 110 may process the transmission digital signal by specific conversion including inversion of the signal when creating the transmission digital signal.
  • the transmission digital signal creation unit 110 starts authentication in response to the authentication start trigger from the higher-level device 2.
  • This authentication start trigger is a command indicating the start of authentication.
  • the transmission digital signal creation unit 110 creates a transmission digital signal corresponding to the displacement pattern corresponding to the authentication information 300 when the host device 2 is requested to authenticate.
  • the authentication information resetting unit 120 resets the authentication information 300 in the storage unit 30 at a specific timing. This specific timing is when the time specified by the standard has elapsed for the card reader 1, when a situation such as repair or replacement occurs due to damage or failure, or when a specific instruction from the user is received. .
  • the authentication information resetting unit 120 resets the period, the sampling period, and the verification data for verifying the analog signal of the authentication information resetting unit 120 using a random number generator or the like.
  • the authentication information resetting unit 120 transmits an authentication information resetting trigger to the higher-level device 2.
  • the authentication information reset trigger is a command indicating resetting of the authentication information 300 and / or the authentication information 301.
  • the authentication information resetting unit 120 causes the transmission digital signal creation unit 110 to create a transmission digital signal based on the reset authentication information 300.
  • the authentication information resetting unit 120 converts the transmission digital signal corresponding to the reset authentication information 300 into an analog signal by the D / A conversion unit 40 and transmits the analog signal to the host device 2.
  • the host device 2 can also create authentication information 301 corresponding to the reset authentication information 300 and store it in the storage unit 31.
  • the authentication information 300 includes, for example, a period during which an analog signal transmitted from the host device 2 is collated, a sampling cycle, and collation data.
  • the period for verifying the analog signal is information indicating how long the analog signal is received from the time of transmission of the host device 2 of the authentication start trigger. .
  • This time can be set in units of several microseconds to several seconds.
  • This verification time includes “delay” which is the time from the authentication start trigger until the analog signal is actually started to be transmitted.
  • the verification time may include a time during which an analog signal is actually output. When the time when the analog signal is actually output and the verification time are different, the analog signal is output for a time longer or shorter than the verification period.
  • the sampling period is a value indicating a period for acquiring time series data from the received digital signal. That is, the value corresponds to the period of acquisition (monitoring) for comparison of analog signals. For example, a period longer than the actual sampling frequency when the analog signal is converted into a received digital signal by the A / D converter 20 can be designated as the sampling period.
  • This sampling cycle can be changed by designation from the host device 2.
  • the structure which uses an irregular period according to a specific numerical sequence etc. may be sufficient instead of a fixed space
  • the collation data is data such as an array (matrix, array) for collating the time-division displacement pattern of the analog signal received from the host device 2.
  • the verification data is configured, for example, as displacement pattern data of time-series data acquired at the above-described sampling period within the verification period from the received digital signal. It is also possible to retain the received digital signal acquired from the previous host device 2 as the verification data as it is.
  • the transmission digital signal creation unit 111 of the host device 2 is configured to create transmission digital data in which time series data is embedded in random digital waveform data, for example, every time authentication is started. With this configuration, it is possible to compare whether or not the received digital signal of the card reader 1 is the same as the previously received digital signal, and to detect the presence or absence of hacking.
  • the authentication information 300 may include information on the number of quantization bits of the A / D conversion unit 20, information on an allowable range of quantization errors, and the like.
  • the host device 2 includes a control unit 11 similar to the control unit 10 of the card reader 1, an A / D conversion unit 21 similar to the A / D conversion unit 20, and a storage unit 30 in the mutual authentication process and configuration of the present embodiment.
  • a similar storage unit 31, a D / A conversion unit 41 similar to the D / A conversion unit 40, and an interface unit 51 similar to the interface unit 50 are included.
  • the control unit 11 of the host device 2 includes an authentication processing unit 101 similar to the authentication processing unit 100 related to the functional configuration of the control unit 10 of the card reader 1, a transmission digital signal generation unit 111 similar to the transmission digital signal generation unit 110, and An authentication information resetting unit 121 similar to the authentication information resetting unit 120 is included.
  • the storage unit 31 of the host device 2 includes authentication information 301 corresponding to the authentication information stored in the storage unit 30 of the card reader 1.
  • the host device 2 is another device and the card reader 1 is its own device, but conversely even if the host device 2 is its own device and the card reader 1 is another device. Good.
  • FIG. 2 is a flowchart of the mutual authentication process according to the embodiment of the present invention.
  • FIG. 3 is a conceptual diagram showing a specific example of the mutual authentication process shown in FIG.
  • the mutual authentication system X according to the mutual authentication process of the present embodiment includes the host device 2 and the card reader 1 as the lower device, and outputs analog signals from the card reader 1 and analogs of the card reader 1. A signal input or an analog signal output from the host device 2 and an analog signal input of the card reader 1 are connected. For this reason, the card reader 1 which is the lower device accepts the authentication by the authentication start trigger from the higher device 2.
  • the output side converts the transmission digital signal into an analog signal via the D / A converters 40 and 41 and outputs the analog signal
  • the input side converts the analog amount into the reception digital via the A / D converters 20 and 21. replace.
  • the output side and the input side mutually input and output analog signals that are displaced with time. That is, the output side and the input side authenticate each other using an analog signal as a medium. Therefore, the authentication information 300 and 301 are stored in common, the analog signal is converted into a digital signal, the mutual displacement patterns are collated (compared), and the authenticity between the host device 2 and the card reader 1 is confirmed. meet.
  • the time (period) for outputting the analog signal is a specific time.
  • control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
  • Step S201 The authentication information resetting unit 121 of the higher-level device 2 performs an authentication start trigger process.
  • the authentication information resetting unit 121 transmits an authentication start trigger to the card reader 1 via the interface unit 51 (timing T201).
  • Step S202 The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process.
  • the transmission digital signal creation unit 111 creates a transmission digital signal having a displacement pattern based on the authentication information 301 and transmits it from the D / A conversion unit 41 to the card reader 1 (timing T202).
  • the transmission digital signal creation unit 111 creates random but continuous digital waveform data as an example of the transmission digital signal, and then refers to the authentication information 301.
  • the time-series data of the sampling period s of the verification period L is embedded in this digital waveform data.
  • the data at the sampling period s is data used for verification by the card reader 1.
  • the transmission digital signal creation unit 111 creates a transmission digital signal having a length corresponding to the output time of the analog signal. That is, the transmission digital signal creation unit 111 may create a transmission digital signal that is output longer than the verification period L, as shown in FIG. Further, the transmission digital signal creation unit 111 may not create all the transmission digital signals at once, but may sequentially create them and perform D / A conversion for transmission.
  • Step S101 The A / D converter 20 of the card reader 1 performs an analog signal reception process.
  • the A / D converter 20 receives an analog signal from the host device 2 and performs A / D conversion into a received digital signal.
  • Step S102 The authentication processing unit 100 of the card reader 1 performs an authentication process.
  • the authentication processing unit 100 performs authentication by collating the displacement pattern of the received digital signal converted by the A / D conversion unit 20 with the authentication information 300 stored in the storage unit 30.
  • the authentication processing unit 100 acquires and collates data with a sampling period s after the delay d during the collation period L in the received digital signal.
  • the authentication processing unit 100 determines that the displacement angle or the like (displacement pattern) of the data acquired at the sampling period s is within a specific error range from the verification data in the authentication information 300. Collation is performed based on whether or not they are the same. By collating with the data displacement pattern in this way, errors due to level fluctuations, noise, and the like can be suppressed. Further, the authentication processing unit 100 can compare whether the received digital signal is exactly the same as the previously received digital signal with reference to the buffer of the storage unit 30.
  • Step S103 The authentication processing unit 100 of the card reader 1 determines whether the authentication is successful. If the displacement pattern is the same within a specific error range, the authentication processing unit 100 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 100 advances a process to step S104. On the other hand, when the displacement pattern does not match within a specific error range, the authentication processing unit 100 determines No as an unauthorized device. In No, the authentication process part 100 advances a process to step S107. As a result, authentication is not performed by a method in which an analog signal is recorded and reproduced by a digital recorder or the like, and security can be improved. If the received digital signal is the same as the previously received digital signal, the authentication processing unit 100 may determine No as abnormal data because it is an abnormal data.
  • Step S104 When authentication is successful (in the case of Yes), the transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing.
  • the transmission digital signal creation unit 110 creates, for example, a signal obtained by inverting the reception digital signal as a transmission digital signal as a displacement pattern corresponding to the authentication information 300.
  • the transmission digital signal creation unit 110 can generate a signal obtained by inverting the reception digital signal as it is.
  • the transmission digital signal generation unit 110 may generate random but continuous digital waveform data and embed data obtained by inverting the time-series data of the sampling period s of the verification period L of the authentication information 301. .
  • Step S105 The D / A converter 40 of the card reader 1 performs an analog signal return process.
  • the D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits it to the host device 2 (timing T101).
  • Step S106 The authentication processing unit 100 of the card reader 1 performs normal operation start processing. Since the authentication is successful, the authentication processing unit 100 starts normal operation of the card reader 1. Thereby, reading / writing of the card
  • Step S107 If the authentication fails (No), the authentication processing unit 100 of the card reader 1 performs an operation stop process.
  • the authentication processing unit 100 puts the card reader 1 in a stopped state or the like, assuming that it is an abnormal signal. Thereby, the process for the card reader 1 of the mutual authentication process is completed. At this time, the card 3 may be stored in the card reader 1. Further, the authentication processing unit 100 may store information indicating that it has been stopped in the storage unit 30 as a log (not shown).
  • the host device 2 receives the transmitted return analog signal in step S105 of the card reader 1 (timing T101).
  • Step S203 The A / D converter 21 performs a return analog signal reception process.
  • the A / D converter 21 receives an analog signal output from the D / A converter 40 of the card reader 1 for a specific time, regardless of whether the authentication is successful or unsuccessful, and converts it into a received digital signal.
  • Step S204 The authentication processing unit 101 of the higher-level device 2 performs an authentication result verification process.
  • the authentication processing unit 101 converts the amplitude of the received digital signal converted by the A / D conversion unit 21 by inverting it. Then, the authentication processing unit 101 performs authentication by comparing with the authentication information 301 in the storage unit 31 in the same manner as the authentication processing in step S102 of the card reader 1 described above.
  • Step S205 The authentication processing unit 101 of the host device 2 determines whether the authentication result is normal. If the displacement patterns collated using the authentication information 301 are the same within a specific error range, the authentication processing unit 101 determines that the authentication is successful and determines Yes. In Yes, the authentication process part 101 complete
  • Step S206 If the authentication fails (No), the authentication processing unit 101 performs an operation stop process.
  • the authentication processing unit 101 notifies an error with a display unit, an LED, or the like (not shown) of the host device 2 and stops the operation. Thereby, the process of the upper level apparatus 2 of the mutual authentication process is completed. At this time, the fact that the authentication result is abnormal may be recorded in a log (not shown) of the storage unit 31. Thus, the mutual authentication process according to the embodiment of the present invention is completed.
  • FIG. 4 is a flowchart of authentication information resetting processing according to the embodiment of the present invention.
  • the authentication information 300 of the card reader 1 and / or the authentication information 301 of the host device 2 according to the embodiment of the present invention is set at the time of factory shipment or the like. For this reason, normally, the initial verification information 300 and 301 verification period, sampling cycle, and verification data displacement pattern are adjusted to match at the time of shipment. However, it may be necessary to update these at a specific timing.
  • the authentication information resetting unit 121 of the host device 2 resets the authentication information 301, and at that time, the authentication information reset trigger and a part of the reset authentication information 301 are transferred to the card reader 1.
  • the transmission digital signal of the authentication information 301 that has been transmitted and reset is D / A converted by the creation D / A conversion unit 41 and transmitted to the card reader 1. This is received by the card reader 1, the time and analog amount displacement are recorded, and the authentication information 300 is updated.
  • control unit 10 of the card reader 1 executes the control program stored in the storage unit 30 using hardware resources, and the control unit 11 of the host device 2 is stored in the storage unit 31. This can be realized by executing the control program using hardware resources.
  • the authentication information resetting unit 121 of the host device 2 performs an authentication information resetting trigger process. 121 updates the authentication information 301 in the storage unit 30 and transmits an authentication information reset trigger (timing T211). In this process, when the above-mentioned specific timing is reached, a user such as an administrator such as ATM performs a switch or button operation on an input unit (not shown) of the host device 2 or a timer (not shown). Etc.) is transmitted. The authentication information resetting unit 121 receives these and updates the authentication information 301 in the storage unit 30.
  • the authentication information resetting unit 121 creates verification data for the authentication information 301 using a random number generator or the like. Further, the authentication information resetting unit 121 can update the verification period and the sampling cycle of the authentication information 301 with a random number generator or the like. For example, according to the example of FIG. 3A, the authentication information resetting unit 121 can also reset the delay d, the verification period L, the sampling period s, and the like related to the authentication information 301.
  • the authentication information resetting unit 121 transmits an authentication information resetting trigger to the card reader 1 via the interface unit 51 after resetting the authentication information 301. At this time, the authentication information resetting unit 121 may transmit a verification period including the reset delay, a sampling period, and the like from the interface unit 51. Encryption or the like may be used for these transmissions.
  • Step S212 The transmission digital signal creation unit 111 and the D / A conversion unit 41 of the host device 2 perform an analog signal transmission process.
  • the transmission digital signal creation unit 111 creates a transmission digital signal based on the authentication information 301, converts it into an analog signal by the D / A conversion unit 41, and transmits it to the card reader 1 (timing T212). This process is performed in the same manner as step S202 in FIG.
  • Step S111 The A / D converter 20 of the card reader 1 performs an analog signal reception process. This process is performed in the same manner as step S101 in FIG.
  • the authentication information resetting unit 120 of the card reader 1 performs authentication information storage processing.
  • the authentication information resetting unit 120 creates updated authentication information 300 based on the received authentication information reset trigger and the received digital signal converted by the A / D conversion unit 20 and stores the updated authentication information 300 in the storage unit 30.
  • the authentication information resetting unit 120 may store the verification period including the reset delay, the sampling period, and the like as a part of the updated authentication information 300.
  • Step S113 The transmission digital signal creation unit 110 of the card reader 1 performs transmission digital signal creation processing.
  • the transmission digital signal creation unit 110 creates a transmission digital signal for returning the updated authentication information 300. This process is also performed in the same manner as step S104 in FIG.
  • Step S114 The D / A converter 40 of the card reader 1 performs an analog signal return process.
  • the D / A conversion unit 40 converts the transmission digital signal into an analog signal and transmits the analog signal to the host device 2 (timing T111). This process is also the same as step S105 in FIG.
  • the host device 2 receives the transmitted return analog signal in step S114 of the card reader 1 (timing T111).
  • Step S213 The A / D converter 21 performs a return analog signal reception process.
  • the A / D conversion unit 21 acquires an analog signal output from the D / A conversion unit 40 of the card reader 1 for a specific time, and converts it into a received digital signal.
  • Step S214 The authentication information resetting unit 120 performs reply authentication information storage processing.
  • the authentication information resetting unit 120 acquires the received digital signal and stores it in a buffer (not shown) of the storage unit 31.
  • the authentication information resetting unit 120 may verify whether the received digital signal is abnormal data as in the authentication result verification process in step S204 of FIG. Thus, the authentication information resetting process according to the embodiment of the present invention is completed.
  • the card reader 1 may reset the authentication information 300 and transmit it to the host device 2 to perform the same processing.
  • the card reader 1 receives an analog signal that is a time-series continuous waveform from the host device 2 and converts it into a received digital signal, and the host device 2.
  • a D / A conversion unit 40 that converts the transmission digital signal created by the transmission digital signal creation unit 110 into an analog signal and transmits the analog signal to the host device 2 is provided.
  • the host device 2 receives an analog signal having a continuous waveform in time series from the card reader 1 and converts it into a received digital signal, and a card reader.
  • a storage unit 31 that stores authentication information 301 for mutual authentication with the authentication unit 1, and an authentication information 301 that stores a displacement pattern of the received digital signal converted by the A / D conversion unit 21 in the storage unit 31.
  • An authentication processing unit 101 that verifies and authenticates and a transmission digital signal generation unit 111 that generates a transmission digital signal of a displacement pattern corresponding to the authentication information 301 stored in the storage unit 31 when the authentication processing unit 101 succeeds in authentication.
  • a D / A conversion unit 41 that converts the transmission digital signal created by the transmission digital signal creation unit 111 into an analog signal and transmits the analog signal to the card reader 1.
  • the input side compares the stored displacement pattern of the analog signal with the displacement pattern of the received analog signal. It is determined that the device is normal. If they do not match, it is determined that the device is abnormal. With this configuration, even if the configuration is simplified, it is possible to easily detect replacement with an unauthorized device. That is, it is possible to reliably determine whether the relationship between the host device 2 and the card reader 1 is a correct combination while having a simple configuration as compared with the technique described in the conventional patent document 1, and the replacement with an unauthorized device is possible. Can be detected.
  • the card reader 1 and the host device 2 of the present embodiment have a simplified configuration, it is possible to reduce the manufacturing cost by reducing the scale of the circuit related to mutual authentication.
  • cost can be reduced. That is, the mutual authentication function can be realized with the minimum necessary hardware.
  • the card reader 1 and the host device 2 of the present embodiment do not use digital encryption or the like that is restricted for reasons such as defense or confidentiality. This eliminates the need for export procedures and reduces costs.
  • a complete digital is obtained by attaching a measuring instrument or the like to the communication unit of the upper device and the lower device and monitoring. It is possible to acquire a signal. In the case of such a digital signal, there is a possibility that the encryption key may be deciphered by detailed analysis of the monitor, and there is no security risk.
  • the analog signals of the card reader 1 and the host device 2 of this embodiment do not include a digital encryption key or the like even if the analog signals themselves are acquired, security risks can be reduced.
  • an authentication method using a conventional analog signal there has been an authentication method in which an image such as a sound waveform or a fingerprint is acquired and converted into data. These are characterized by the image itself such as the waveform of the user's voice and the fingerprint that needs to be authenticated.
  • it is necessary to select a location that is a feature of the authentication method in the card reader 1 and the host device 2 of the present embodiment, a general waveform can be used, and even if it is stolen, there is no problem. Further, it is not necessary to select a location that is a specific feature.
  • the authentication information 300 of the card reader 1 and the authentication information 301 of the host device 2 include a period for collating analog signals, a sampling cycle, and collation data for collating displacement patterns. It is characterized by.
  • noise and the like are of a certain degree even if the A / D conversion and D / A conversion accuracy of the host device and the lower device are not high. Even if it is mixed only, it is possible to reliably collate the received digital signal after A / D conversion and the displacement pattern of the authentication information. For this reason, it is possible to deal with combinations of products that require a certain level of security, and it is also possible to apply to combinations of products that do not require a high level of security. Further, the present invention can be applied to products that are low in cost and do not have high accuracy in A / D conversion and D / A conversion.
  • the card reader 1 of the present embodiment includes an authentication information resetting unit 120 that resets the authentication information 300 at a specific timing, and the transmission digital signal creation unit is an authentication reset by the authentication information resetting unit 120.
  • the transmission digital signal is created from the information 300, and the D / A conversion unit 40 converts the transmission digital signal created by the transmission digital signal creation unit and corresponding to the reset authentication information 300 into an analog signal and converts it to an upper level. It transmits to the apparatus 2, It is characterized by the above-mentioned.
  • the host device 2 of this embodiment includes an authentication information resetting unit 121 that resets the authentication information 301 at a specific timing, and the transmission digital signal creation unit is reset by the authentication information resetting unit 121.
  • the D / A converter 41 converts the transmission digital signal corresponding to the reset authentication information 301 generated by the transmission digital signal generator into an analog signal.
  • the present invention can be similarly used for an apparatus that reads or writes information on another information medium that handles monetary value information.
  • the present invention can be applied to a device that reads or writes magnetic information with respect to a passbook in which a magnetic stripe is formed. With this configuration, it is possible to easily perform mutual authentication for an apparatus that performs processing on an information medium.
  • the waveform of the analog signal is collated by the displacement angle or the like (displacement pattern) has been described.
  • a configuration is also possible in which the waveform of the received digital signal itself is compared with the waveform of the received digital signal received previously.
  • the auto-correlation and the like are calculated using the received digital signal obtained by previously acquiring the waveform of the received digital signal obtained by A / D converting the analog signal from the host device 2 and stored in the buffer as the authentication information 300. Compare. With this configuration, the configuration can be simplified and mounting becomes easy.
  • the example is described in which the host device 2 and the card reader 1 include the A / D conversion units 20 and 21 and the D / A conversion units 40 and 41, respectively.
  • a combination in which the output side / input side is fixed as in the upper apparatus / lower apparatus may be used. That is, the host device 2 includes the D / A conversion unit 41 and does not include the A / D conversion unit 21, and the card reader 1 includes the A / D conversion unit 20 and does not include the D / A conversion unit 40, or The host device 2 includes the A / D converter 21 and does not include the D / A converter 41, and the card reader 1 includes the D / A converter 40 and does not include the A / D converter 20. May be.
  • two of the A / D converters 20 and 21 and the D / A converters 40 and 41 can be reduced, and the cost can be reduced.
  • the authentication information resetting process can be configured to be performed only at the time of factory shipment. Thereby, security can be improved. That is, in order to further improve security, it is possible to make it impossible to reset the authentication information 300 and 301 at the installation location.
  • an authentication start trigger and an authentication information reset trigger may be transmitted by outputting a specific burst signal or the like from the D / A converters 40 and 41.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Health & Medical Sciences (AREA)
  • Electromagnetism (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

La présente invention concerne un dispositif d'authentification mutuelle pouvant détecter facilement un remplacement par un dispositif non autorisé, même lorsque la configuration de ce dispositif d'authentification mutuelle est simplifiée. Par exemple, une partie de conversion A/N (20) d'un lecteur de carte (1) reçoit un signal analogique, c'est-à-dire une forme d'onde continue chronologiquement, en provenance d'un dispositif hôte (2), et convertit ce signal analogique en signal numérique. Une unité de mémorisation (30) mémorise des informations d'authentification (300) à utiliser pour l'authentification mutuelle avec le dispositif hôte (2). Une partie de traitement d'authentification (100) authentifie un motif de déplacement du signal numérique reçu, qui a été converti par la partie de conversion A/N (20), en le comparant aux informations d'authentification (300) mémorisées par l'unité de mémorisation (30). Lorsque l'authentification par la partie de traitement d'authentification (100) est réussie, une partie de génération de signal numérique de transmission (110) génère un signal numérique de transmission ayant un motif de déplacement qui correspond aux informations d'authentification (300) mémorisées par l'unité de mémorisation (30). Une partie de conversion N/A (40) convertit le signal numérique de transmission généré par la partie de génération de signal numérique de transmission (110) en signal analogique, et transmet ce signal analogique au dispositif hôte (2).
PCT/JP2016/081085 2015-10-30 2016-10-20 Dispositif d'authentification mutuelle et procédé d'authentification mutuelle WO2017073448A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201680063127.5A CN108351934A (zh) 2015-10-30 2016-10-20 相互认证装置及相互认证方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-214828 2015-10-30
JP2015214828A JP6453202B2 (ja) 2015-10-30 2015-10-30 相互認証装置及び相互認証方法

Publications (1)

Publication Number Publication Date
WO2017073448A1 true WO2017073448A1 (fr) 2017-05-04

Family

ID=58630144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/081085 WO2017073448A1 (fr) 2015-10-30 2016-10-20 Dispositif d'authentification mutuelle et procédé d'authentification mutuelle

Country Status (3)

Country Link
JP (1) JP6453202B2 (fr)
CN (1) CN108351934A (fr)
WO (1) WO2017073448A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021044475A1 (fr) * 2019-09-02 2021-03-11 アイマトリックスホールディングス株式会社 Système d'analyse de texte, et système d'évaluation de caractéristiques pour échange de messages utilisant ledit système

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000307567A (ja) * 1998-10-16 2000-11-02 Matsushita Electric Ind Co Ltd デジタル著作物保護システム
JP2000330872A (ja) * 1999-03-15 2000-11-30 Sony Corp データ処理装置、データ処理システムおよびその方法
JP2015008490A (ja) * 2014-08-06 2015-01-15 日立コンシューマエレクトロニクス株式会社 コンテンツ配信システムおよびコンテンツ配信方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549490A (zh) * 2003-05-12 2004-11-24 四川大学 一种能够进行身份认证及语音信号保密通信的方法及装置
JP4919690B2 (ja) * 2006-04-19 2012-04-18 シーイエス エレクトロニカ インダストリア エ コメルスィオ リミタダ 磁気カード読み取りシステム
US8068533B2 (en) * 2008-02-02 2011-11-29 Zanio, Inc. Receiver for GPS-like signals
CN102289618A (zh) * 2011-07-19 2011-12-21 中山大学深圳研究院 一种基于心电信号进行身份识别的方法及装置
US20130187764A1 (en) * 2012-01-20 2013-07-25 Alien Technology Corporation Dynamic analog authentication
CN104868999B (zh) * 2014-04-28 2016-05-11 福建爱特点信息科技有限公司 一种基于脑电波波形特征的挑战型动态口令认证方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000307567A (ja) * 1998-10-16 2000-11-02 Matsushita Electric Ind Co Ltd デジタル著作物保護システム
JP2000330872A (ja) * 1999-03-15 2000-11-30 Sony Corp データ処理装置、データ処理システムおよびその方法
JP2015008490A (ja) * 2014-08-06 2015-01-15 日立コンシューマエレクトロニクス株式会社 コンテンツ配信システムおよびコンテンツ配信方法

Also Published As

Publication number Publication date
JP6453202B2 (ja) 2019-01-16
CN108351934A (zh) 2018-07-31
JP2017084281A (ja) 2017-05-18

Similar Documents

Publication Publication Date Title
US8322608B2 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
US20050061875A1 (en) Method and apparatus for a secure RFID system
CN110232429B (zh) 用户认证系统和用于登记指纹参考数据的方法
JP5736689B2 (ja) セキュリティ管理システム及びセキュリティ管理方法
US9118643B2 (en) Authentication and data integrity protection of token
US20080028227A1 (en) Information processing system, information processing apparatus, mobile terminal and access control method
JP2013168143A (ja) 不正変更からのパッケージ保護
JP2008181178A (ja) ネットワーク出力システム、認証情報登録方法、および認証情報登録プログラム
US20150128258A1 (en) Authentication mode reporting
JP5183517B2 (ja) 情報処理装置及びプログラム
JP2003030613A (ja) 記憶装置及び記憶装置を備えたデータ処理装置
CN108229202A (zh) 一种智能卡自动全检方法及装置、计算机装置、存储介质
JP6453202B2 (ja) 相互認証装置及び相互認証方法
JP4185680B2 (ja) 記憶装置
US20200004608A1 (en) Information processing device and information processing method
WO2001026046A1 (fr) Carte a microcircuit, et dispositif, systeme et procede de production de cartes a microcircuit
JP2010128510A (ja) 生体情報認証システム
JP5322788B2 (ja) 情報処理装置及び情報処理方法及びプログラム
KR20070109488A (ko) 보안성이 우수한 플래쉬 메모리가 내장된 지문인식 마우스
US11777746B2 (en) Mutual authentication system and mutual authentication method
EP3072094B1 (fr) Équipment et méthode d'identification biométrique
JP7516133B2 (ja) 決済装置
JP5386860B2 (ja) 決済システム、決済処理装置、正当性検証装置、正当性検証要求処理プログラム、正当性検証処理プログラム、及び正当性検証方法
JP5740644B2 (ja) 電子機器装置、そのペアリング処理方法及びペアリング監視方法
JP6129489B2 (ja) 生体情報取得装置、生体認証システムおよび生体情報取得方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859678

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859678

Country of ref document: EP

Kind code of ref document: A1