JP2008040952A - Device authentication control system and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To avoid a function limitation due to the run-down of a battery or the like in a device authentication control system. <P>SOLUTION: This device authentication control system comprises a device 1 including: a function achieving means 10 for achieving functions including a transmitting and receiving functions; a first communication means 14; a notifying means 13; a photographing means 16; and a first control means 12 for controlling the respective means, and portable authentication keys 2B and 2C including: second communication means 20B and 20C; second control means 21B and 21C for controlling the second communication means 20B and 20C; and barcodes 20B and 20C with unique information written, wherein the photographing means 16 reads the barcodes 22B and 22C, and when the barcodes 22B and 22C coincide with information registered in the device 1, the function limitation of the function achieving means 10 is released. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention performs wireless communication between a device and a mobile authentication key, and device authentication control that restricts the function of the device (mobile phone) when the distance between the device (mobile phone) and the mobile authentication key is more than a certain distance. It relates to the system and its programs.

  In recent years, the functions of devices such as mobile phones or personal computers have become more sophisticated. For example, mobile phones have become related to money transfer such as electronic payments in addition to the basic functions of original calls. On the other hand, it has remarkable convenience for the user, but the degree of danger at the time of theft or loss is also very high.

  Therefore, in order to prevent the theft of the mobile phone, the user of the mobile phone holds the mobile authentication key and communicates a predetermined authentication code between the mobile phone and the mobile authentication key, There has also been proposed a mobile phone that can be used when both sides can confirm the authentication code (see, for example, Patent Document 1).

In Patent Document 1, it is shown that a mobile phone detects an authentication signal with a certain electric field strength from a mobile authentication key, and restricts the use of the mobile phone when the distance between them is more than a certain distance. ing.
Japanese Patent Laid-Open No. 11-88499

  However, in Patent Document 1, the battery of the mobile authentication key is consumed even under the condition that the distance between the device (mobile phone) and the mobile authentication key is within a certain distance and the function restriction of the device can be removed. Sometimes device restrictions cannot be lifted.

  In general, there is a method for canceling the solution by entering the password registered in the device in advance, but it is necessary to memorize the password, especially in an emergency. There are things that you can forget.

  Also, as a usage method, especially when multiple devices are shared by multiple members for business use, the same PIN number is often set and used for multiple devices, and methods that rely on the PIN number cannot maintain confidentiality. It had the problem that.

  The present invention solves the above-described conventional problems, and provides a device authentication control system and a program for the device authentication control system that can release the function restriction of the device even when the battery of the portable authentication key is consumed or a failure occurs. For the purpose.

In order to solve the above-described conventional problems, the present invention controls a function realization unit that implements a function including a call origination / incoming function, a first communication unit, a notification unit, a photographing unit, and each of the above units. Mobile authentication comprising: a device comprising a first control means; a second communication means; a second control means for controlling the second communication means; and a barcode in which unique information is written. And when the device is the portable authentication key and the first communication means and the second communication means cannot communicate, the first control means functions as the function realizing means. When the communication between the first communication unit and the second communication unit is performed and authentication is obtained and the information matches the information registered in the device, the function limitation of the function realizing unit is set. It is intended to be released.

  Then, when the bar code is read by the photographing means and collated by the first control means, if the unique information registered in the device is matched, the function restriction of the function realizing means is released.

  As a result, even if the battery of the mobile authentication key is exhausted and communication between the device and the mobile authentication key is disabled and the function implementation means is restricted, the device's photographing means can check the barcode of the mobile authentication key. The function restriction of the function realization means can be released.

  The device authentication control system of the present invention and the program thereof can release the device function restriction even when the battery of the mobile authentication key for releasing the function restriction of the device (cell phone) is exhausted or malfunction occurs. It is not possible to cancel the password by forgetting it like a number, and it is possible to maintain confidentiality when a plurality of devices are shared by a plurality of members for business use.

  According to a first aspect of the present invention, there is provided a function realizing means for realizing a function including a calling / receiving function, a first communication means, a notifying means, a photographing means, and a first control means for controlling the respective means. And a portable authentication key comprising a second communication means, a second control means for controlling the second communication means, and a barcode in which unique information is written. When the first authentication means and the second communication means cannot communicate with the portable authentication key, the first control means restricts the function of the function realizing means, and the first In the device authentication control system for releasing the function restriction of the function realization means when communication between the communication means and the second communication means can be performed, the bar code is read by the photographing means, and the first control means As a result of collating with If it matches broadcast was to cancel the function restrictions of the function implementing unit.

  As a result, when the battery of the mobile authentication key is exhausted with the device (mobile phone), the mobile device cannot communicate with the mobile authentication key. By reading the barcode attached to the mobile authentication key, it becomes possible to release the function restriction, so that it is not forgotten like a personal identification number, and in terms of maintaining confidentiality when shared by multiple members Can be improved.

  In the second invention, in particular, the device of the first invention has timer means, and the bar code is read by the photographing means and collated by the first control means, so that it matches the information registered in the device. In such a case, after the function restriction of the function realization means is released, the timer means measures and the function realization means is restricted after a predetermined time has elapsed.

  As a result, even if the device (mobile phone) is stolen or lost after authentication by bar code, the function is restricted when a predetermined time has passed, so a malicious third party It can be expected that the abuse by will be prohibited.

  In the third invention, in particular, when the control means of the younger brother 1 of the first or second invention uses the function in the function realization means, the function is not used, and the use of the calling / receiving function is not applied. Added function restrictions at the end of.

As a result, even if a legitimate user is unlucky during a call, for example, if the battery of the mobile authentication key is exhausted, the call being made at that time is not interrupted, and the function is restricted after the call ends (for example, the call Therefore, convenience is improved without sacrificing safety.

  A fourth invention is a program for causing a computer to execute at least one operation, particularly in the device authentication control systems of the first to third inventions, and includes a CPU, a RAM, a ROM, a storage device, an I / O, and the like. A part or all of the present invention can be easily realized as a program by cooperating hardware resources such as electrical information devices and computers.

  Also, by distributing the program on a recording medium or using a communication line, program distribution can be realized very easily compared to other means.

  Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

(Embodiment 1)
FIG. 1 is a diagram showing an example of the configuration of a device authentication control system according to the present invention.

  In FIG. 1, the mobile phone (device) 1 includes a function realization unit 10, a first control unit 12, a notification unit 13, and a first communication unit 14.

  Further, the function realization means 10 includes a settlement function 10A that performs important functions such as electronic settlement related to money granting, and a call origination / reception function 10B that is a normal outgoing / incoming function that a mobile phone originally has. . The details of the settlement function 10A and the call origination / reception function 10B are the same as those of the conventional patent, and thus the description thereof is omitted.

  The function limitation to the payment function 10A or the call origination / reception function 10B is the simplest and easy-to-understand implementation method of stopping the power supply to the circuit block (function realization means), but the execution of the software for realizing the function is stopped. Such a logical method may be used.

  The settlement function 10A is assumed to be a function of performing cash exchange such as access to a bank account or transfer to an account, and includes the exchange of money such as ticket gate processing in public transportation.

  Further, the first communication means 14 includes, for example, a medium distance communication means 14B capable of performing communication at a medium distance of several tens of centimeters to several meters, and a short distance communication means 14C capable of communicating only within a few centimeters, for example. ing.

  The mobile authentication keys 2B and 2C include second communication means 20B and 20C and second control means 21B and 21C, and the second control means 21B and 21C hold a unique ID code.

  The first control means 12 transmits the unique ID code at the time of communication with the cellular phone (device) 1, and the first control means 12 compares the unique ID code held by itself with the portable authentication keys 2B and 2C. It is determined whether or not (apparatus) 1 is an official authentication key.

  The mobile authentication keys 2B and 2C have exactly the same configuration and the same ID code, and are written in two parts for the sake of explanation. Only the positional relationship (communication possible distance) with the mobile phone (device) 1 is different.

The internal configurations of the medium-range communication unit 14B and the short-range communication unit 14C included in the first communication unit 14 will be described in detail later, and are omitted here.

  The medium-range communication described here assumes a distance of, for example, about several tens of centimeters to several meters, that is, has a mobile phone (device) 1 as belongings and wears a mobile authentication key 2B. . Short-distance communication assumes a state in which the mobile phone (device) 1 is in close contact with the mobile authentication key 2C at a close distance of, for example, several centimeters.

  When the distance between the mobile phone (device) 1 and the mobile authentication key 2B is about several tens of centimeters to several meters, the mobile authentication key 2B cannot communicate with the short-range communication means 14C, but the medium-range communication means Since communication with 14B is possible, the mobile phone (device) 1 can determine that the distance from the mobile authentication key 2B is about several tens of centimeters to several meters.

  In this case, the first control unit 12 restricts the settlement function 10A of the function realization unit 10 to be unusable and causes only the outgoing / incoming function 10B to function. Thereby, only a telephone call which is a basic function of the mobile phone (device) 1 can be performed.

  If the mobile phone (device) 1 moves away from the owner's mobile authentication key 2B due to theft or misplacement, the mobile phone (device) 1 communicates with the mobile authentication key 2B. Since the mobile authentication key 2B no longer exists, the notification means 13 notifies the user and warns the user.

  At the same time, the first control means 12 restricts all the functions of the function realization means 10 (here, the settlement function 10A and the outgoing / incoming function 10B) so that it cannot be used completely. Prevent abuse. Of course, it is also conceivable that the mobile authentication keys 2B and 2C are also provided with notification means for notification.

  When the user makes a payment, the user communicates with the short-range communication means 14C when the mobile phone (device) 1 is brought close to the mobile authentication key 2C in a pocket or the like, for example, several centimeters or less. The mobile phone (device) 1 can determine that the distance from the mobile authentication key 2C is several centimeters or less.

  In this case, the first control unit 12 releases all restrictions including the restriction of the settlement function 10A of the function realizing unit 10, and the user can perform settlement.

  Next, the communication distance change mechanism performed by the first communication means 14, that is, the medium distance communication means 14A (for example, communication is possible from several tens of centimeters to several meters) and the short distance communication means 14B (with a few centimeters or less). The mechanism for changing the communication distance to the communication possible) is realized by changing the transmission / reception strength of the radio wave. This mechanism will be described later with reference to FIG.

  FIG. 2 is a diagram illustrating an example of an internal configuration of the first communication unit 14 of the mobile phone 1 and the communication unit 20 of the younger brother 2.

  Attenuating means 140 for attenuating the antenna signal, first transmitting means 141, first receiving means 142, and first communication control means 143 are provided.

  The attenuation unit 140 is controlled by the first communication control unit 143 and can change the attenuation rate in at least the following two stages.

  The first communication distance is strong attenuation (for example, attenuated by about 50 to 60 dB) and short-distance communication (for example, communication distance of several centimeters or less).

  The second communication distance is medium distance communication (for example, communication distance of several tens of centimeters to several meters) without attenuation.

  By switching these communication distances, it is possible to detect the distance from the mobile authentication keys 2B and 2C and to perform an operation according to the distance.

  That is, if communication is not possible at the second communication distance (medium distance) but communication is possible at the first communication distance (short distance), it can be understood that the communication distance is short, and communication can be performed at the second communication distance (medium distance). If it is, it can be easily determined that the distance is medium.

  Further, if communication cannot be performed at the second communication distance (medium distance), it can be understood that the distance from the mobile authentication keys 2B and 2C is at least the second communication distance (for example, several meters or more).

  Of course, as described here, the method of changing the communicable distance using the attenuation means is merely an example, and it is possible to reduce the sensitivity by separating the transmitting / receiving antenna only in the case of short-range communication. Also, a method of estimating the distance between each other by simultaneously monitoring the received electric field strength is possible.

  Next, the operation when the barcodes 22B and 22C are attached to the mobile authentication keys 20B and 20C will be described with reference to FIGS.

  FIG. 3 is a diagram showing an example of use of the device authentication control system of the present invention.

  Normally, the function realizing unit 10 is controlled depending on whether the first communication unit and the second communication unit as described above are communicable. For example, the mobile authentication keys 20B and 20C are broken. Alternatively, when the built-in battery runs out and the second communication means 20B and 20C cannot operate, it may be inconvenient for the user due to unexpected function restrictions.

  Therefore, as shown in FIG. 3, the mobile phone 1 is brought close to the barcode 22, and the barcode 22 is read through the photographing means 16 (usually a digital camera function) provided in the mobile phone 1, and the information is first stored. When the control unit 12 analyzes and matches the information stored in the inside, the function realizing unit 10 does not depend on whether or not the first communication unit 14 can communicate as described above. To control the function.

  However, when the function restriction is canceled using such bar codes 22B and 22C, it is not preferable in terms of security to continue the function restriction release for a long time. It is preferable to set a limit (for example, about 3 minutes) on the duration of release and apply a side function restriction when a certain time has elapsed.

  In addition, even if a legitimate user is unlucky during a call, for example, if the battery of the portable authentication key runs out of power, the control means of the younger brother 1 realizes the function so that the call being made at that time is not interrupted. When the means uses the function, it is possible to apply the function restriction when the use of the outgoing / incoming function is finished without applying the function restriction.

  Further, it is desirable in terms of security that the barcodes described so far are more complex, such as three dimensions rather than two dimensions.

  Of course, in order to cancel the function using a method using such a bar code, a certain degree of function restriction is provided, for example, the settlement function 10A, which is a function related to money awarding, is prohibited, and only the outgoing / incoming function 10B is provided. It is also possible to use such as permitting or permitting only a specific call destination even in the case of only the outgoing / incoming function 10B.

  As described above, in the present embodiment, a barcode is provided on the portable key, and this barcode can be read by the photographing means of the device, and the device function can be restricted or released by comparing with the device information. Even when the battery of the portable key is consumed or broken, the device function restriction can be released.

  In the explanation so far, it has been explained that the device is a mobile phone. However, the present invention is not limited to this, and it can be applied to household devices, in-vehicle devices, etc., and the same effect can be expected. is there.

  In addition, in order to increase security when making payments, in addition to authentication with short-distance communication of several centimeters, double combination authentication, in which the payment function becomes effective only when bar code reading verification is established, is also a security aspect. Then it is very effective.

  Furthermore, it is possible to improve the security by including RFID (wireless IC tag) inside the barcode and providing the terminal with RFID reading means and using the unique ID information of the RFID.

  Note that the function realization means and control means described in the present embodiment include a CPU (or microcomputer), a RAM, a ROM, a storage / recording device, an electrical / information device equipped with an I / O, a computer, a server, etc. You may implement in the form of the program which cooperates a hard resource.

  In the form of a program, new functions can be easily distributed / updated and installed by recording them on a recording medium such as magnetic media or optical media, or distributing them using a communication line such as the Internet.

  As described above, the present invention avoids inconveniences caused by unexpected function restrictions such as failure or battery exhaustion in a device authentication control system that restricts functions of a terminal (mobile phone) depending on whether or not wireless communication is possible. Since security can be expected, a safer device (for example, a mobile phone with a payment function) can be provided.

The figure which shows an example of a structure of the apparatus authentication control system of Embodiment 1 of this invention. The figure which shows an example of the internal structure of the 1st communication means of Embodiment 1 of this invention, and a 2nd communication means. The figure which shows an example of use of the apparatus authentication control system of Embodiment 1 of this invention

Explanation of symbols

1 Mobile phone (equipment)
2B Mobile authentication key at a few meters from the mobile phone 2C Mobile authentication key at a few centimeters from the mobile phone 10 Function realization means 10A Settlement function 10B Incoming / outgoing function 12 First control means (on the communication partner side (Hold unique ID code)
14 First communication means 15 Timer means 16 Image taking means 20 Second communication means 20B Second communication means of the mobile authentication key 2B 20C Second communication means of the mobile authentication key 2C 21B Second control of the mobile authentication key 2B Means (retains unique ID code)
21C Second control means for the mobile authentication key 2C (holds a unique ID code)
22B, 22C barcode

Claims (4)

A device comprising a function realization means having a function including an outgoing / incoming function, a first communication means, a photographing means, and a first control means for controlling each means;
A mobile authentication key comprising a second communication means, a second control means for controlling the second communication means, and a barcode in which unique information is written;
When the device communicates with the mobile authentication key via the first communication means and the second communication means, and the mobile authentication key cannot be authenticated on the device side, the first The control means restricts the function of the function realizing means,
In the device authentication control system for releasing the function restriction of the function realization means when the communication between the first communication means and the second communication means is performed and authentication is obtained,
When the barcode is read by the photographing unit and collated by the first control unit, if the unique information registered in the device matches, the device authentication for canceling the function restriction of the function realization unit Control system. The device comprises a timer means,
When the bar code is read by the photographing means and collated by the first control means, if the information coincides with the information registered in the device, the function restriction means is released, and then the timer means The device authentication control system according to claim 1, wherein the device authentication control system limits the function of the function realization means after a predetermined time has elapsed. The first control means, when the function realization means uses a function, does not place a function restriction, and places a function restriction when the use of the outgoing / incoming call function ends, or The device authentication control system according to claim 2. The program for making a computer perform at least one in the apparatus authentication control system of any one of Claims 1-3.

Images