JP6701314B2 - Portable device, control method thereof, and program - Google Patents

Description

  The present invention relates to wireless communication technology.

  Among communication technologies for direct communication between devices, a technology capable of providing various services according to the distance between devices has been developed by utilizing a technology that enables energy saving and long distance communication. An example of this technology is a technology called BLE (Bluetooth (registered trademark) Low Energy).

  For example, there is iBeacon (registered trademark) as a mechanism for using BLE. In this mechanism, first, the transmitter broadcasts a signal called Beacon including device information on the transmitting side by BLE. Then, the receiver is a mechanism capable of providing various services by using the device information included in the received signal and the distance information obtained together from the signal strength and the like. By using this mechanism, for example, when a Beacon signal is transmitted at a certain store and the customer's mobile terminal detects that signal at the store, a service can be provided to notify sales information according to the distance.

  In addition, as a conventional technique for notifying the distance between terminals and the like, Patent Document 1 discloses a technique in which wireless communication is used together with an ultrasonic signal generator and a receiver of each terminal.

JP, 2013-236255, A

  Various applications are conceivable for the above-described mechanism that uses a signal via wireless communication such as BLE. For example, when personal authentication is required to enter a room such as an office, a user always carries a security card or a mobile terminal with him. By mounting a signal transmitter such as Beacon on such a security card or a mobile terminal, it is possible to grasp the position of the user and provide various services according to the position.

  However, if a user's security card or mobile terminal always sends a signal directly or indirectly related to a user who travels between areas requiring authentication, the information of the signal is encrypted. However, there are concerns about security risks.

  Therefore, in order to solve the above problems, it is an object of the present invention to provide a mechanism capable of performing flexible control such as suppressing the transmission of a signal such as Beacon or changing the content according to a trigger such as authentication. To do.

In order to solve the above problems, a mobile device according to the present invention is a mobile device that communicates with an external system, and a receiving unit that receives data from the external system, which is a trigger for starting signal transmission, Control means for controlling the start of the function of transmitting a signal at a predetermined frequency or cycle using wireless communication in accordance with the received data,
The control means controls the stop of the started function when a request for stopping the function is received from the external system, or when a specified time has elapsed after the function is started, said signal identification information for identifying the user of the mobile equipment or mobile device include, in the external system, said identification information and said Rukoto managed.

  According to the present invention, it is possible to provide a mechanism capable of performing flexible control such as suppressing the transmission of a signal such as Beacon or changing the content according to a trigger such as authentication.

The figure which shows the structure of the network system in this invention. The figure which shows the example of the hardware constitutions of each apparatus in this invention The figure which shows the example of the software structure of each apparatus in this invention. The figure which shows the example of the various data tables which the certification server 130 utilizes in certification processing A diagram showing an example of a data table used in the mobile device 110. Flowchart for explaining the process in the authentication device according to the first embodiment Flowchart for explaining the process in the authentication server according to the first embodiment Flowchart for explaining the process in the mobile device according to the first embodiment 3 is a diagram showing an example of authentication device information used by the authentication device in Embodiment 1. FIG. FIG. 3 is a diagram showing an example of monitoring information using Beacon information in the first embodiment. FIG. 6 is a diagram showing an example of authentication history information stored in the data storage unit 330 according to the first embodiment. FIG. 6 is a diagram showing an example of history information including distance information according to the first embodiment. The figure which shows the example of the data table which the authentication server 130 manages in the example 2 of application. The figure which shows the example of the authentication apparatus information which the authentication apparatus 120 uses in the example 2 of an application. The figure which shows the example of the various data table which is utilized with application example 3 The figure which shows the modification of the portable device to which this invention can be applied. Flowchart for explaining the processing of the authentication server 130 in the second embodiment The figure which shows an example of the content in the warning notification in Example 2. FIG. 10 is a diagram showing an example of a history information management table in the second embodiment.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings.

(Example 1)
FIG. 1 is a diagram showing a configuration example of a basic network system in the present invention. The network system includes an authentication device 120 and an authentication server 130. The authentication device 120 and the authentication server 130 are an authentication system arranged in a user environment for realizing an authentication process and the like, and are connected to each other via a network 100 and can perform data communication. The authentication device 120 can also perform data communication with the mobile device 110 by communication 101. Regarding the communication 101, it is possible to perform communication in various forms such as a contact type and a non-contact type for authentication. Although the mobile device 110, the authentication device 120, and the authentication server 130 are configured as one unit in this embodiment, there may be a plurality of units.

  FIG. 2 is a block diagram for explaining a hardware configuration example of an apparatus, a device, and a server configuring the present invention.

  FIG. 2A is a block diagram showing an example of the hardware configuration of the mobile device 110.

  The CPU 201 generally controls each device connected to the system bus 210 according to a program stored in the ROM 203 which is a storage unit. The RAM 202 also functions as a main memory and a work area of the CPU 201. The ROM 203 stores various programs and data. The communication I/F 204 controls communication of the reader/writer response unit 205 and Beacon 206. The reader/writer response unit 205 responds to a data transmission/reception request from the authentication device 120 and transmits/receives data between two points. The reader/writer response unit 205 includes a contact type that directly contacts between two points to send and receive data, and a contactless type that sends and receives data by wireless communication. The Beacon 206 as a signal control unit is a signal transmission I/F, and controls the periodic transmission of a signal including an identifier or the like that can identify an individual portable device 110 and its user by an external system. This signal is transmitted to the wireless network, and the period or frequency of transmission may be fixed or arbitrarily changed. In the present invention, Beacon information is taken as an example of a signal whose transmission is controlled by the signal control unit, and will be described below. The process described in the present embodiment is realized by loading the program recorded in the ROM 203 into the RAM 202 and executing it by the CPU 201. In addition, the mobile device 110 may further include a display unit for controlling a display based on the held data, and a connection unit for connecting to the outside in a wired/wireless manner. The wired/wireless connection may be a connection using USB (Universal Serial Bus), Wi-Fi (Wireless Fidelity), or the like.

  FIG. 16 is a modified example of FIG. 2A and shows a mobile device 110 having a hardware configuration different from that of FIG. The present invention can be applied to the mobile device 110 having the configuration shown in FIG.

  The CPU 220, RAM 221, and ROM 222 are the same as the CPU 201, RAM 202, and ROM 203. The communication I/F 223 controls the reader/writer response unit 224. The reader/writer response unit 224 is similar to the reader/writer response unit 205.

  The expansion I/F 225 is a module expansion I/F and can control the module by connecting a module that transmits Beacon information (hereinafter, Beacon information transmission module). That is, by additionally connecting the module to a device that does not have the Beacon information transmission function, a mobile device that can perform the same control as in FIG. 2A can be provided.

  The Beacon information transmitting module includes a CPU 226, a RAM 227, a ROM 228, and a Beacon 229. The CPU 226 collectively controls each device according to a program stored in the ROM 228 that is a storage unit. The RAM 227 also functions as a main memory and a work area of the CPU 226. The ROM 228 stores various programs and data of the Beacon information transmitting module. Beacon 229 is similar to Beacon 206.

  In this embodiment, FIG. 2A will be used in the following description. Note that the portable device 110 shown in FIG. 2A and FIG. 16 is, for example, an IC card type device (security card) for identifying an individual and performing personal authentication. Other examples of the mobile device 110 may be a smartphone, eyeglass-type information device, wristwatch-type information device, car navigation system, robot, or the like. As for the authentication described below, it is also assumed that the device authentication and the vehicle body authentication are performed in addition to the personal authentication.

  FIG. 2B is a block diagram showing an example of the hardware configuration of the authentication device 120.

  The CPU 240 controls the entire operation of the authentication device 120. The CPU 240 generally controls each device connected to the system bus 250 according to a program stored in the ROM 242. The RAM 241 functions as a main memory of the CPU 240, a work area, etc., and is also used as an input information expansion area and an environment data storage area. The ROM 242 stores a control program executed by the CPU 240 and various data. The communication I/F 243 controls communication of the NIC 244, the reader/writer 245, and the Beacon 246. The NIC 244 is a connection I/F with the network and controls the transmission and reception of data with the authentication server 130. The reader/writer 245 transmits a data transmission/reception request, and transmits/receives data between two points according to a response from the mobile device 110. The reader/writer 245 is classified into a contact type that directly contacts between two points to transmit/receive data, and a non-contact type that transmits/receives data by wireless communication.

  The Beacon 246 as a signal receiving unit is an I/F for receiving a signal such as Beacon information, and controls the reception of Beacon information that can identify the mobile device 110. The external device connection I/F 247 controls an interface with an external device 248 such as an automatic door or a lock. The processing described in the present embodiment is realized by reading the program recorded in the ROM 242 into the RAM 241 as necessary and executing it by the CPU 240.

  Note that the Beacon 246 and the external device connection I/F 247 are incorporated in a control device (not shown) other than the authentication device 120 in the system. A plurality of control devices may be installed with different roles, and each of them has a hardware configuration such as ROM, RAM, and CPU, and can execute a predetermined control program. Specifically, when the Beacon information that can identify the mobile device 110 is received, the control device controls an interface with an arbitrary external device via the external device connection I/F. Specifically, when the control device receives the Beacon information including the predetermined identification information, the destination is designated and the elevator is called, the car engine is started, and the photographing by the network camera is started and ended. It is possible to control service provision. In addition, depending on the reception of the Beacon information, it is possible to turn on the power of the controlled device, output a message, or control to execute a command. In addition, even if you enter a membership store that requires operations such as authentication, we recommend using the control device in the store that receives the signal transmitted from the mobile device in response to the operation. It is also possible to provide a product or a predetermined message.

  The authentication device 120 and the other control devices can switch the control of the external device to be controlled according to the content of the Beacon information (identification information or the like) or the distance information found from the signal strength thereof. is there. For example, only when the control device receives the Beacon information including the specific identifier, which is the distance information indicating the relatively short distance, it is possible to control the network camera on the specific floor to start the photographing. ..

  According to the present invention, a user having the mobile device 110 authenticates with each of a plurality of authentication devices within the action range at home or at a company, and by the signal (Beacon information) transmitted from the mobile device 110 after authentication, You can automatically receive service provided by various devices.

  FIG. 2C is a block diagram showing an example of the hardware configuration of the authentication server 130.

  The CPU 260 controls the entire operation of the authentication server 130. The CPU 260 generally controls each device connected to the system bus 280 according to a program stored in the ROM 262. The RAM 261 functions as a main memory of the CPU 260, a work area, and the like, and is also used as an input information expansion area and an environment data storage area. The RAM 261 also includes an NVRAM (Non-volatile RAM: non-volatile RAM) area, and is configured so that the memory capacity can be expanded by an optional RAM connected to an expansion port (not shown). The ROM 262 stores a control program executed by the CPU 260 and various data. The display unit I/F 263 controls the interface with the display unit 270. The operation unit I/F 264 controls an interface with the operation unit 271 including buttons, a touch panel, a keyboard, a pointing device, and the like. The external memory I/F 265 controls access to an external memory 272 such as a flash memory or SSD (Solid State Disk). The external memory 272 functions as a storage medium that can be saved or read, and stores an operating system (OS) and applications. The communication I/F 266 controls the communication of the NIC 273. The NIC 273 is a connection I/F with a network, and controls transmission/reception of data with the authentication device 120. The processing described in the present embodiment is realized by reading the program recorded in the external memory 272 into the RAM 261 as necessary and executing it by the CPU 260. The program may be stored in the RAM 261 or the ROM 262 as well as the external memory 272.

  FIG. 3 is a block diagram for explaining a module configuration example of software of devices, devices, and servers that configure the present invention and its function. A program that realizes the function illustrated in FIG. 3 is stored in the ROM 203, the ROM 242, and the ROM 262 of each device and each server group. , These functions are realized.

  The authentication server 130 has a data storage unit 330, a communication unit 331, and a management unit 332.

  The communication unit 331 has a communication module that complies with the communication system with the authentication device 120. This communication module corresponds to an interface for performing data communication with the authentication device 120, and can perform data communication with the communication module included in the authentication device 120. The management unit 332 performs the authentication process by collating the user information list of the data storage unit 330 based on the authentication information transmitted from the authentication device 120 via the communication unit 331. Also, in response to a request from the authentication device 120, the authentication device information is acquired from the data storage unit 330 and transmitted. The data storage unit 330 stores a user information list/authentication device information list.

  FIG. 4 shows an example of a data table stored in the data storage unit 330. FIG. 4A is an example of the user information list. In this list, the user account (401), password (402), authentication information (403), UUID (404), major number (405), and minor number (406) are monitored. The user account (401)/password (402) is information used when a user accesses the network of the network system from a terminal (not shown) or the like. The authentication information (403) is authentication information used when authenticating a user using the mobile device 110, and authentication information corresponding to the mobile device 110 is also stored. At the time of authentication, the authentication information is used after being encrypted using a key or the like. The UUID (404) is identification information of the Beacon information transmitted by the mobile device 110. The major number (405) and the minor number (406) are numbers for identifying mobile devices having the same UUID.

  FIG. 4B is an example of information (list) about the authentication device stored in the data storage unit 330. In this list, the device ID (410), role information (411), and transmission control information (412) are managed. The device ID (410) is identification information that can uniquely identify an authentication device existing on the network. In the data table shown in FIG. 4B, it is assumed that there is an authentication device other than the authentication device 120 on the network. The role information (411) is information indicating the role of the authentication device. For example, information such as at which place and at which entrance the authentication device is installed is stored. The transmission control information (412) stores control information such as whether the mobile device 110 starts or stops transmission of Beacon information according to the authentication of the authentication device. Some or all of the data managed by the data storage unit 330 may be managed by an external storage device.

  The authentication device 120 includes a communication unit 320, an authentication processing unit 321, and a monitoring unit 322.

  The communication unit 320 communicates with the authentication server 130 via the NIC 244 according to the instruction of the authentication processing unit 321. The communication unit 320 has a communication module that conforms to the communication system with the authentication server 130. This communication module corresponds to an interface for performing data communication with the authentication server 130, and can perform data communication with the communication module included in the authentication server 130.

  The authentication processing unit 321 controls the communication unit 320 and performs an authentication process using the authentication information acquired from the mobile device 110 via the NIC 244, the reader/writer 245, or the like. In addition, a control request for starting or stopping the transmission of Beacon information is transmitted to the mobile device 110. The authentication processing unit 321 has a communication module that complies with the communication system with the authentication response unit 310 of the mobile device 110. This communication module corresponds to an interface for performing data communication with the authentication response unit 310 of the mobile device 110, and can perform data communication with the communication module included in the authentication response unit 310 of the mobile device 110. . The monitoring unit 322 monitors Beacon information transmitted from the mobile device 110. The monitoring unit 322 has a communication module that complies with the communication system with the transmitting unit 312 of the mobile device 110 via the Beacon 246. This communication module corresponds to an interface for receiving Beacon information transmitted from the communication module included in the transmission unit 312 of the mobile device 110.

  The mobile device 110, which is an authentication device for an individual or a machine, has an authentication response unit 310, a data storage unit 311, and a transmission unit 312.

  The authentication response unit 310 controls the response to the authentication request transmitted from the authentication device 120 via the reader/writer response unit 205, the reply of the authentication information of the data storage unit 311 and the like. Further, as a result of returning the authentication information, in response to a control request for starting or stopping the transmission of Beacon information transmitted from the authentication device 120, the transmission unit 312 is controlled to start/stop transmitting the Beacon information. The authentication response unit 310 has a communication module conforming to the communication system with the authentication processing unit 321 of the authentication device 120. This communication module corresponds to an interface for performing data communication with the authentication processing unit 321 of the authentication device 120, and can perform data communication with the communication module included in the authentication processing unit 321 of the authentication device 120. .. The data storage unit 311 stores authentication information/Beacon information.

  In response to an instruction from the authentication response unit 310, the transmission unit 312 starts or stops transmission of a signal including identification information that identifies the mobile device 110 or its user. More specifically, the start/stop of the transmission of Beacon information using BLE (Bluetooth (registered trademark) Low Energy) via Beacon 206 is controlled.

  FIG. 5 is an example of the authentication information/Beacon information stored in the data storage unit 311. This table includes authentication information (420), UUID (421), major number (422), and minor number (423). The authentication information (420), UUID (421), major number (422), and minor number (423) are synonymous with the data of the same name described in FIG.

  An authentication process of the authentication device 120 with the mobile device 110 and a process of requesting control of start/stop of transmission of Beacon information will be described with reference to a flowchart shown in FIG.

  First, in step S601, the authentication processing unit 321 transmits an authentication request. Regarding the authentication request, the request destination is not specified. For example, if there is a mobile device that is approaching, the authentication request will be received by the mobile device. In step S602, the authentication processing unit 321 determines whether or not there is a response to the request from the mobile device 110 that has received the authentication request. If it is determined that there is a response, the process proceeds to S603.

  In step S603, the authentication processing unit 321 identifies the authentication information included in the response from the mobile device 110 and issues an authentication instruction to the communication unit 320. Upon receiving the authentication instruction, the communication unit 320 transmits the specified authentication information together with the authentication request to the authentication server 130 and receives the authentication result. In step S604, the authentication processing unit 321 determines whether the authentication processing has succeeded based on the authentication result received from the communication unit 320. If it is determined that the authentication processing has succeeded, the process proceeds to S610, and if it is determined that the authentication process has failed, the process returns to S601.

  In step S<b>610, the authentication processing unit 321 requests the authentication server 130 via the communication unit 320 to acquire the authentication device information using the identifier (device ID) of the own device managed by the storage unit in the own device. To send. Then, the authentication device information returned as a response to the request is acquired. The authentication device information may be stored in the storage unit of the authentication device 120 itself without being acquired from the authentication server 130, or may be managed by another dedicated server.

  FIG. 9 is an example of the authentication device information acquired in S610. This information includes a device ID (430), role information (431), and transmission control information (432). The device ID (430), role information (431), and transmission control information (432) are the same as the device ID (410), role information (411), and transmission control information (412) described in FIG. 4B. .

  In S611, the authentication processing unit 321 determines whether or not to start transmitting a signal including specific identification information (Beacon information in this embodiment) based on the transmission control information included in the authentication device information acquired in S610. to decide. In the example of FIG. 9, since the information indicating "calling" is stored in the call control information (432), it is determined that the signal transmission should be started. If it is determined that the call is to be started, the process proceeds to S612, and if it is not determined that the call is to be started, the process proceeds to S613. In step S612, the authentication processing unit 321 transmits to the mobile device 110 a transmission request for starting transmission of a signal (Beacon information).

  In S613, the authentication processing unit 321 determines whether or not to stop transmission of a signal including specific identification information (Beacon information in this embodiment) based on the transmission control information included in the authentication device information acquired in S610. to decide. When it is determined that the signal transmission should be stopped, the process proceeds to S614, and when it is not determined that the signal transmission should be stopped, the process proceeds to S615. In step S<b>614, the authentication processing unit 321 transmits a stop request for stopping transmission of a signal (Beacon information) to the mobile device 110.

  In step S615, the authentication processing unit 321 controls the external device. The control of the external device may be performed by using the role information included in the authentication device information acquired in S610. In the example of FIG. 9, since the authentication device 120 is installed at the “entrance” of the external device “GateA”, the unlock instruction is given to “GateA”.

  So far, according to the processing example described with reference to FIG. 6, the user performs the authentication operation on the authentication device 120 using the mobile device 110 to open the “entrance” of “Gate A” illustrated in FIG. 9. When this is done, the transmission of Beacon information is automatically started from the mobile device 110.

  The monitoring unit 322 of the authentication device 120 receives the Beacon information and the distance information transmitted by the mobile device 110, and transmits the Beacon information and the distance information to the authentication server 130 to monitor the mobile device 110 or the Beacon information.

  FIG. 10 is an example of monitoring information based on Beacon information acquired from the mobile device 110. The UUID (440), major number (441) and minor number (442) are the same as the UUID (404), major number (405) and minor number (406) in FIG. The distance information (443) included in the monitoring information is information indicating the distance between the authentication device 120 and the mobile device 110, and indicates the distance between two points on the Beacon information transmitting side and the receiving side. For example, the distance information indicates one of "immediate", "near", "far", and "out of range" as the distance between two points. This information is analyzed based on the strength of the signal received at the Beacon information receiving side.

  As described above, the Beacon information may be monitored by one or more control devices (not shown) other than the authentication device 120. By the monitoring process of each control device, it is possible to control the provision of different services to the user holding the mobile device 110 according to the content of the Beacon information and the distance information to the mobile device 110.

  Authentication processing in the authentication server 130 will be described with reference to the flowchart shown in FIG. 7. When this processing is started, first, as shown in S700, the management unit 332 receives a request from the outside via the communication unit 331.

  In step S<b>701, the management unit 332 determines whether the request received via the communication unit 331 is a request for authentication processing from the authentication device 120. If it is determined that the authentication request is received, the process proceeds to S702, and if not, the process proceeds to S704. In step S702, the management unit 332 receives the authentication information together with the request from the authentication device 120, and performs the authentication process. The authentication process is performed by collating the user information list stored in the data storage unit 330 based on the authentication information received from the authentication device 120. The management unit 332 sends back the result of this authentication processing to the authentication device 120 via the communication unit 331.

  FIG. 4A is an example of the user information list stored in the data storage unit 330. The description of FIG. 4 is as described above. In the example of FIG. 4, when the authentication information received from the authentication device 120 is “gi9j39t74mks”, there is information that matches the authentication information (403), so the user account associated with the authentication information (“User A”). ) Is successfully authenticated. The authentication information is used after being encrypted using a (encryption) key or the like. The authentication method in this embodiment is only an example, and other authentication techniques for authenticating a user or a device can be used.

  In step S703, the management unit 332 records the result of the authentication processing in association with the user information as the authentication history information.

  FIG. 11 is an example of the authentication history information stored in the data storage unit 330 in S703. In the authentication history information, the information of the user account (“User A”) authenticated above, the authentication date and time (456), and the authentication location/device ID (457) are managed. The authentication date and time (456) stores the date and time when the authentication process is performed, and the authentication location/device ID (457) stores the identification information that can identify the authenticated authentication device 120.

  In step S704, the management unit 332 determines whether the request received via the communication unit 331 is an authentication device information acquisition request from the authentication device 120. If it is determined that the acquisition request has been received, the process proceeds to S705. If it is determined that the message has not been received, this process ends. In step S705, the management unit 332, based on the device ID received together with the acquisition request from the authentication device 120 via the communication unit 331, the authentication device information list stored in the data storage unit 330 (FIG. 4B). To match. If there is authentication device information associated with the received device ID, the information is returned to the authentication device 120. An example of the authentication device information returned as a result of the collation is shown in FIG. 9 as described above.

  The management unit 332 monitors the Beacon information transmitted from the mobile device 110. For example, the Beacon information and the distance information shown in FIG. 10 described above are received from the authentication device 120 and a control device (not shown) having a function of receiving Beacon information. In response to this reception, the distance information is stored in the data storage unit 330 as history information in association with the user information. Here, the user information to be linked can be specified from the identification information in the Beacon information.

  FIG. 12 is an example of history information including distance information stored in the data storage unit 330 for monitoring by the management unit 332. The reception date and time (466) stores the date and time when the Beacon information was received, and the reception location/reception device ID (467) is an identification that can identify the authentication device 120 and the control device (not shown) that received the Beacon information. Information is stored. The distance information (468) is the same as the distance information (443) in FIG. By centrally monitoring the Beacon information in this way, the authentication server 130 can grasp the current position of the mobile device 110, the movement history, and the like.

  Next, a process related to authentication in the mobile device 110 and a process related to control of transmission of Beacon information will be described using the flowchart shown in FIG.

  In step S801, the authentication response unit 310 determines whether an authentication request has been received from the authentication device 120. If it is determined that the authentication request has been received, the process proceeds to S802. In step S<b>802, the authentication response unit 310 acquires the authentication information from the data storage unit 311 and sends it back to the authentication device 120. FIG. 5 is an example of the authentication information/Beacon information stored in the data storage unit 311. The authentication information (420) in this is acquired and returned.

  In step S<b>803, the authentication response unit 310 determines whether or not a request to start transmission of a signal (Beacon information) including predetermined identification information is received from the authentication device 120 together with the authentication result. If it is determined that the start request is received, the process proceeds to S804, and if not, the process proceeds to S806.

  In step S<b>804, the authentication response unit 310 gives a start instruction to the transmission unit 312 to start transmission of the signal acquired from the data storage unit 311. Specifically, Beacon information including the UUID (421), the major number (422), the minor number (423), etc. as illustrated in FIG. 5 is periodically transmitted using a wireless communication technology such as BLE. Become so. If the transmission of Beacon information has already started, the transmission is continued as it is.

  In step S805, the authentication response unit 310 determines whether or not the signal transmission has timed out. Whether or not a time-out has occurred is determined by counting the elapsed time after starting transmission of the Beacon information and determining whether or not a predetermined time-out value stored in the data storage unit 311 has elapsed. If it is determined that the time-out has occurred, the process proceeds to S807.

  In S806, the authentication response unit 310 determines whether or not a request to stop transmission of a signal (Beacon information) including predetermined identification information is received from the authentication device 120 together with the authentication result. When it is determined that the stop request is received, the process proceeds to S807, and when it is determined that the stop request is not received, the present process is ended. In step S807, the authentication response unit 310 issues a stop instruction to the transmission unit 312 to stop signal transmission.

(Application example 1)
The determination of the timeout in S805 may be omitted. In that case, the mobile device 110 continues to make a call until it receives a request to stop sending Beacon information from the authentication device 120.

(Application example 2)
The time-out determination in S805 may be determined according to the call-out time-out value transmitted from the authentication device 120, instead of the predetermined time-out value stored in advance in the data storage unit 311 of the mobile device 110. This form will be described.

  In this example, the data storage unit 330 of the authentication server 130 stores a list of authentication device information as shown in FIG. In this list, values are set in the transmission timeout value (473) for some authentication device information. The device ID (470), role information (471), transmission control information (472), etc. are synonymous with the information of the same name described above. The management unit 332 of the authentication server 130 returns the authentication device information included in this list as a response to the authentication device information acquisition request from the authentication device 120.

  In S610, the authentication processing unit 321 of the authentication device 120 acquires the authentication device information including the transmission timeout value as shown in FIG.

  The authentication device information illustrated in FIG. 14 includes a device ID (480), role information (481), call control information (482), and a call timeout value (483). The device ID (480), role information (481), and transmission control information (482) are synonymous with the information of the same name described in FIG. The transmission timeout value (483) stores a timeout value in seconds after the transmission of Beacon information starts. In step S<b>612, the authentication processing unit 321 transmits this transmission timeout value to the mobile device 110 together with the transmission request for Beacon information. The mobile device 110 uses this transmission timeout value in the determination of the timeout in S805.

(Application example 3)
A mode in which the content of the Beacon information transmitted by the mobile device 110 is switched according to an instruction from the authentication device 120 is also possible. This form will be described.

  In S612, the authentication processing unit 321 of the authentication device 120 transmits the device ID of itself to the mobile device 110 together with a request to start signal transmission. The device ID transmitted here is the same as the information included in the authentication device information acquired in S610.

  In step S<b>803, the authentication response unit 310 of the mobile device 110 determines whether the authentication request, the start request, and the device ID have been received from the authentication device 120. When it is determined that the start request and the device ID have been received, the process proceeds to S804. Then, in step S804, the authentication response unit 310 instructs the transmission unit 312 to start transmitting the Beacon information. The Beacon information whose transmission is started here is information in which the device ID received from the authentication device 120 is reflected in the minor number of the Beacon information acquired from the data storage unit 311.

  FIG. 15A is an example of Beacon information transmitted by the transmission unit 312 in this application example. The UUID (490), the major number (491) and the minor number (492) are included. The minor number (492) stores the device ID received from the authentication device 120.

  In addition, all device IDs received in the past from a plurality of authentication devices including the authentication device 120 may be sequentially stored and managed. FIG. 15B is an example in which all device IDs received in the past are sequentially stored in the minor number (497). Further, the storage destination of the device ID is not limited to the minor number, but may be a major number or another storage area for Beacon information.

  The information stored in the Beacon information is not limited to the device ID, and may be any information as long as it is information transmitted by the authentication device 120. That is, it is possible to appropriately define the identification information necessary for controlling the provided service according to the service using this signal (Beacon information), and transmit the identification information from the mobile device 110.

  When the authentication result and the start request are transmitted from the authentication device 120 to the mobile device 110, it is possible to transmit information designating the content of the signal to be transmitted instead of the device ID. In that case, a plurality of Beacon information having different contents are stored in the data storage unit 311 of the mobile device 110, and the mobile device 110 selectively transmits a signal in S804 according to the designated information transmitted. Will control the start.

(Application example 4)
In step S802, the authentication response unit 310 of the mobile device 110 may receive the authentication result from the authentication device 120 as well as a request for starting transmission of a plurality of signals (Beacon information) having different contents to perform control. .. In this case, the Beacon information of the content stored in the data storage unit 311 of the mobile device 110 and the Beacon information based on the instruction from the authentication device 120 described in Application Example 3 are adjusted in transmission timing and cycle, It will be sent at the same time or at a different timing.

  Further, in S802, it is possible to receive and control both the start request and the stop request for transmitting the signal (Beacon information) together with the authentication result from the authentication device 120. In this case, the processing of S804 is applied to the Beacon information to be started based on the designation included in the start request, and signal transmission is started. Further, based on the designation included in the stop request, the processing of S807 is applied to the Beacon information to be stopped, and the signal transmission is stopped.

  According to the first embodiment, the user having the mobile device 110 authenticates with the authentication device in the system to control the start/stop of the transmission of the signal (Beacon information). Then, the authentication server 130 can monitor the user's authentication route and the like from the Beacon information transmitted by the monitored mobile device 110. In addition, a service corresponding to a signal (Beacon information) transmitted by the mobile device 110 is automatically provided to the user by a control device (not shown) or the like in response to an authentication operation by the user using the mobile device 110. become.

(Example 2)
In the first embodiment, the mode in which the mobile device 110 stops the transmission when a predetermined time-out value elapses after transmitting the signal (Beacon information) according to the authentication process has been described. In this embodiment, in consideration of security, a mode will be described in which the authentication server 130 notifies the user of a warning when the mobile device 110 detects that the mobile device 110 has moved out of a predetermined range after the signal is transmitted. ..

  The system configuration, the hardware configuration and the software configuration of each device that configures the system in the present exemplary embodiment are the same as those in the first exemplary embodiment.

  The monitoring process by the authentication server 130 will be described with reference to the flowchart shown in FIG.

  In step S1701, the management unit 332 refers to the history information management table (FIG. 19) to monitor the signal (Beacon information) transmitted by the mobile device 110. In S1702, as a result of the reference, it is determined whether or not the Beacon information to be monitored has moved outside the predetermined range. If it is determined that it has moved out of the range, the process proceeds to S1703, and if it is determined that it has not moved out of the range, the process proceeds to S1704.

  FIG. 19 is an example of a management table of history information including distance information stored in the data storage unit 330. User account (501), password (502), authentication information (504), UUID (505), major number (506), minor number (507), reception date and time (508), reception location/reception device ID included in the table (509) and distance information (510) are synonymous with information having the same name as in FIG.

  The email address (503) is the email address of the user of the mobile device 110. Explaining in the example of FIG. 19, the distance information with the reception location/reception device ID (509)=“123456” (authentication device 120) is out of the range from “Far” (no reception), and other Beacon information is received. When Beacon information is not received from the device, it is determined that the device has moved out of the range.

  Here, the term “outside the predetermined range” also includes a case where the distance information from all the authentication devices in the system is “far” or “outside the range”. Alternatively, the distance information from the specific authentication device may be “far” or “out of range”. The definition outside the predetermined range may be appropriately set by the system operator in consideration of security and the like.

  In step S1703, the management unit 332 sends a warning notification to the email address specified by the user information associated with the Beacon information determined to have moved outside the predetermined range. If the mobile device 110 is not a security card or the like but a terminal such as a smart phone that can receive electronic mail, this warning notification may be given to the mobile device 110.

  FIG. 18 is an example of the content of the warning notification. In 1801, the sender of the mail, the mail address of the destination, and the subject are displayed. The content of the warning notice is displayed in 1802. The warning notification includes contents for warning that a predetermined signal (Beacon information) is being inadvertently transmitted from a mobile device (security card or the like). In addition, an appropriate authentication route for stopping the signal is also included in the content.

  In step S1704, the management unit 332 determines whether to end the monitoring. When the administrator of the authentication server 130 instructs the authentication server 130 to end the monitoring, it is determined that the monitoring should be ended. If it is determined to end the monitoring, this process ends. If it is determined that the monitoring is not ended, the process returns to S1701.

  With this, the user can be notified by receiving the warning notification even when the mobile device 110 moves outside the predetermined range such as outside the office while transmitting Beacon information. become.

(Other embodiments)
The present invention includes an apparatus or system configured by appropriately combining the above-described embodiments and a method thereof.

  Here, the present invention is an apparatus or system that is a main body that executes one or more software (programs) that realizes the functions of the above-described embodiments. Further, the method for realizing the above-described embodiment executed by the apparatus or system is also one of the present invention. Further, the program is supplied to the system or device via a network or various storage media, and the program is read and executed by one or more computers (CPU, MPU, etc.) of the system or device. That is, as one of the present invention, the program itself or various computer-readable storage media storing the program is included. The present invention can also be realized by a circuit (for example, ASIC) that realizes the functions of the above-described embodiments.

Claims (11)

A mobile device that communicates with an external system,
From the external system, receiving means for receiving data that triggers the start of signal transmission,
A control means for controlling the start of the function of transmitting a signal at a predetermined frequency or cycle using wireless communication according to the received data,
The control means controls the stop of the started function when a request for stopping the function is received from the external system, or when a designated time has elapsed after the function is started,
The signal includes identification information for identifying a mobile device or a user of the mobile device ,
Wherein the external system, the portable device the identification information is characterized Rukoto managed.   The mobile device according to claim 1, wherein the designated time is designated by the external system.   3. The mobile device according to claim 1, wherein the control unit changes the content of a signal transmitted by using the function according to the content of the data received from the external system.   The control means transmits a signal having contents based on information managed by the portable device selected according to the contents of the data received from the external system by using the function. The portable device according to Item 1 or 2.   The receiving means receives, from the external system, data that triggers transmission of a signal in accordance with authentication performed using authentication information set in the mobile device. The mobile device according to any one of 1 to 4.   When it is detected that the mobile device has moved out of a predetermined range, a warning notification is issued to the mobile device specified by the identification information or the destination corresponding to the user of the mobile device. The mobile device according to any one of claims 1 to 5.   The mobile device according to claim 1, wherein the function uses Bluetooth (registered trademark) Low Energy as wireless communication.   8. The portable device includes at least one of an IC card type device, a terminal with a telephone function, eyeglass type information device, a wristwatch type information device, a car navigation system, and a robot. The mobile device according to item 1.   The mobile device according to claim 1, wherein the signal transmitted from the mobile device in response to the start of the function includes a UUID, a major number, and a minor number. A control method for a mobile device that communicates with an external system, comprising:
From the external system, a receiving step of receiving data that triggers the start of signal transmission,
A control step of controlling the start of the function of transmitting a signal at a predetermined frequency or cycle using wireless communication according to the received data,
In the control step, when a request for stopping the function is received from the external system, or when a designated time has elapsed after the function is started, the stop of the started function is controlled,
The signal includes identification information for identifying a mobile device or a user of the mobile device ,
It said external system, a control method wherein the identification information is characterized Rukoto managed.   A program for causing a computer to function as the means according to any one of claims 1 to 9.

Images