According to a method of generating a key of the present invention, a first device and a second device are first brought into contact with one vibrator. In this state, the vibrator generates vibration. A first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device detect the vibration. Subsequently, the first device notifies the second device of a first feature value based upon the detection result of the first acceleration sensor. The second device notifies the first device of a second feature value based upon the detection result of the second acceleration sensor. Then the first device compares the notified second feature value with the first feature value and generates a key based upon the comparison result. The second device compares the notified first feature value with the second feature value and generates a key based upon the comparison result.
|
1. A key generation apparatus comprising:
an acceleration sensor configured to detect an acceleration of the apparatus that is produced in accordance with vibration generated by a vibrator when the apparatus and another apparatus are brought into contact with the vibrator without aggregately holding and shaking the apparatus and the other apparatus;
a transmitter configured to transmit a first feature value based upon the detection result of the acceleration sensor to the other apparatus;
a receiver configured to receive a second feature value based upon an acceleration generated in the other apparatus from the other apparatus; and
a key generator configured to compare the second feature value received by the receiver with the first feature value to generate a key based upon the comparison result.
22. A method of generating a key, comprising:
generating vibration with a vibrator in a state in which a first device and a second device are brought into contact with the vibrator without aggregately holding and shaking the first device and the second device and detecting the vibration with a first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device;
transmitting, from the first device, a first feature value based upon the detection result of the first acceleration sensor to the second device;
receiving, in the first device, a second feature value based upon the detection result of the second acceleration sensor from the second device; and
comparing, in the first device, the received second feature value with the first feature value to generate a key based upon the comparison result.
12. A non-transitory computer-readable recording medium for storing a program executable in an apparatus comprising an acceleration sensor, a data communication part, and a processor, the program executing a procedure with the processor, the procedure comprising:
a detection step of detecting, with the acceleration sensor, an acceleration of the apparatus that is produced in accordance with vibration generated by a vibrator when the apparatus and another apparatus are brought into contact with the without aggregately holding and shaking the apparatus and the other apparatus;
a transmission step of transmitting, with the data communication part, a first feature value based upon the detection result of the acceleration sensor to the other apparatus;
a reception step of receiving, with the data communication part, a second feature value based upon an acceleration generated in the other apparatus in accordance with vibration generated by the vibrator from the other apparatus; and
a key generation step of comparing the second feature value received by the reception step with the first feature value to generate a key based upon the comparison result.
2. The key generation apparatus as recited in
the transmitter is configured to transmit, to the other apparatus, a plurality of first feature values based upon the detection result of each of the plurality of the on-intervals,
the receiver is configured to receive, from the other apparatus, a plurality of second feature values based upon the detection result of each of the plurality of the on-intervals, and
the key generator is configured to generate one key based upon a plurality of comparison results obtained by comparing one of the plurality of first feature values with one of the plurality of second feature values that corresponds to the one of the plurality of first feature values.
3. The key generation apparatus as recited in
5. The key generation apparatus as recited in
a vibrator controller controlling the vibrator to generate and stop vibration in accordance with intervals having a randomly determined length in which vibration is generated and stopped;
a quantizer dividing a detection result of vibration for a period including the interval by the acceleration sensor into time windows each having a predetermined time length to quantize each of the time windows; and
a feature value generator generating the first feature value based upon the detection result quantized by the quantizer.
6. The key generation apparatus as recited in
7. The key generation apparatus as recited in
the quantizer quantizes existence of the vibration, and
the feature value generator generates the first feature value based upon the number of time windows in a continuation interval including time windows continuously holding the same quantized value.
8. The key generation apparatus as recited in
9. The key generation apparatus as recited in
the feature value generator includes:
a value changer configured to change a quantized value of either one of a beginning time window, which is the first time window of the continuation interval, and an ending time window, which is a time window right after the last time window of the continuation interval, and
a candidate generator configured to generate a first candidate value based upon the number of time windows in a continuation interval continuously holding the same quantized value when the changed quantized value is applied to the time window in question,
the transmitter is configured to transmit the first candidate value in addition to the first feature value,
the receiver is configured to receive a second candidate value generated in the same manner as the first candidate value in addition to the second feature value, and
the key generator is configured to compare one of the second feature value and the second candidate value received by the reception means with one of the first feature value and the first candidate value to generate a key based upon the comparison result.
10. The key generation apparatus as recited in
the transmitter is configured to transmit, to the other apparatus, a hash value of the first feature value that is obtained by the hasher or hash values of the first feature value and the first candidate value that are obtained by the hasher as a first hash value, instead of the first feature value or instead of the first feature value and the first candidate value,
the receiver is configured to receive a hash value of the second feature value or hash values of the second feature value and the second candidate value as a second hash value, instead of the second feature value or instead of the second feature value and the second candidate value, and
the key generator is configured to compare the second hash value received by the receiver with the first hash value to generate a key based upon the comparison result.
11. A key generation system comprising a plurality of key generation apparatuses as recited in
13. The non-transitory computer-readable recording medium as recited in
in the detection step, an on-interval in which vibration is generated and an off-interval in which no vibration is generated are continuously repeated a plurality of times, and a plurality of on-intervals are detected by the acceleration sensor,
in the transmission step, a plurality of first feature values based upon the detection result of each of the plurality of the on-intervals are transmitted to the other apparatus,
in the reception step, a plurality of second feature values based upon the detection result of each of the plurality of the on-intervals are received from the other apparatus, and
in the key generation step, one key is generated based upon a plurality of comparison results obtained by comparing one of the plurality of first feature values with one of the plurality of second feature values that corresponds to the one of the plurality of first feature values.
14. The non-transitory computer-readable recording medium as recited in
15. The non-transitory computer-readable recording medium as recited in
16. The non-transitory computer-readable recording medium as recited in
a control step of generating and stopping vibration in accordance with intervals having a randomly determined length in which vibration is generated and stopped;
a quantization step of dividing a detection result of vibration for a period including the interval by the acceleration sensor into time windows each having a predetermined time length to quantize each of the time windows; and
a feature value generation step of generating the first feature value based upon the detection result quantized in the quantization step.
17. The non-transitory computer-readable recording medium as recited in
18. The non-transitory computer-readable recording medium as recited in
in the quantization step, existence of the vibration is quantized, and
in the feature value generation step, the first feature value is generated based upon the number of time windows in a continuation interval including time windows continuously holding the same quantized value.
19. The non-transitory computer-readable recording medium as recited in
20. The non-transitory computer-readable recording medium as recited in
the feature value generation step includes:
a step of changing a quantized value of either one of a beginning time window, which is the first time window of the continuation interval, and an ending time window, which is a time window right after the last time window of the continuation interval, and
a step of generating a first candidate value based upon the number of time windows in a continuation interval continuously holding the same quantized value when the changed quantized value is applied to the time window in question,
in the transmission step, the first candidate value is transmitted in addition to the first feature value,
in the reception step, a second candidate value generated in the same manner as the first candidate value is received in addition to the second feature value, and
in the key generation step, one of the second feature value and the second candidate value received by the reception means is compared with one of the first feature value and the first candidate value, and a key is generated based upon the comparison result.
21. The non-transitory computer-readable recording medium as recited in
the program further includes a hash step of outputting a hash value from an input value,
in the transmission step, a hash value of the first feature value that is obtained in the hash step or hash values of the first feature value and the first candidate value that are obtained in the hash step are transmitted as a first hash value to the other apparatus instead of the first feature value or instead of the first feature value and the first candidate value,
in the reception step, a hash value of the second feature value or hash values of the second feature value and the second candidate value are received as a second hash value, instead of the second feature value or instead of the second feature value and the second candidate value, and
in the key generation step, the second hash value received in the reception step is compared with the first hash value, and a key is generated based upon the comparison result.
23. The method as recited in
in the detecting, an on-interval in which vibration is generated and an off-interval in which no vibration is generated are continuously repeated a plurality of times, and a plurality of on-intervals are detected by first and second acceleration sensors,
in the transmitting, a plurality of first feature values based upon the detection result of each of the plurality of the on-intervals are transmitted to the second device,
in the receiving, a plurality of second feature values based upon the detection result of each of the plurality of the on-intervals are received from the second device, and
in the key generating, one key is generated based upon a plurality of comparison results obtained by comparing one of the plurality of first feature values with one of the plurality of second feature values that corresponds to the one of the plurality of first feature values.
24. The method as recited in
25. The method as recited in
controlling the vibrator to generate and stop vibration in accordance with intervals having a randomly determined length in which vibration is generated and stopped;
dividing a detection result of vibration for a period including the interval by the acceleration sensor into time windows each having a predetermined time length to quantize each of the time windows; and
generating the first feature value based upon the detection result quantized in the quantizing.
26. The method as recited in
27. The method as recited in
in the quantizing, existence of the vibration is quantized, and
in the feature value generating, the first feature value is generated based upon the number of time windows in a continuation interval including time windows continuously holding the same quantized value.
28. The method as recited in
29. The method as recited in
the feature value generating includes:
changing a quantized value of either one of a beginning time window, which is the first time window of the continuation interval, and an ending time window, which is a time window right after the last time window of the continuation interval, and
generating a first candidate value based upon the number of time windows in a continuation interval continuously holding the same quantized value when the changed quantized value is applied to the time window in question,
in the transmitting, the first candidate value is transmitted in addition to the first feature value,
in the receiving, a second candidate value generated in the same manner as the first candidate value is received in addition to the second feature value, and
in the key generating, one of the second feature value and the second candidate value received by the receiving is compared with one of the first feature value and the first candidate value, and a key is generated based upon the comparison result.
30. The method as recited in
in the transmitting, a hash value of the first feature value that is obtained in outputting or hash values of the first feature value and the first candidate value that are obtained in the outputting are transmitted as a first hash value to the other apparatus instead of the first feature value or instead of the first feature value and the first candidate value,
in the receiving, a hash value of the second feature value or hash values of the second feature value and the second candidate value are received as a second hash value, instead of the second feature value or instead of the second feature value and the second candidate value, and
in the key generating, the second hash value received in the reception step is compared with the first hash value, and a key is generated based upon the comparison result.
|
This application is a National Stage of International Application No. PCT/JP2011/080583 filed Dec. 27, 2011, claiming priority based on Japanese Patent Application No. 2010-293094 filed Dec. 28, 2010, the contents of all of which are incorporated herein by reference in their entirety.
The present invention relates to generation of a key for controlling steps of a cryptographic algorithm.
Secure and usable mutual authentication systems have been demanded in order to perform ad hoc data transmission between devices having a wireless interface. The following examples have been known as technology relating to such mutual authentication systems.
For example, some techniques using PIN (Personal Identification Number) have been known for mutual authentication between devices having a wireless interface. Those techniques are hereinafter referred to as “Related Art 1.”
As in Patent Literature 1, there have also been known techniques of detecting whether a button provided in a device is pushed, generating a unique group connection ID, and using the unique group connection ID as a common key (authentication key) for mutual authentication. Those techniques are hereinafter referred to as “Related Art 2.”
In Non-Patent Literature 1, devices each having a non-contact IC reader are held up over each other to exchange keys. The devices mutually use those keys as authentication keys. Those techniques are hereinafter referred to as “Related Art 3.”
Patent Literature 2 and Non-Patent Literatures 2 to 6 disclose means using an acceleration sensor, which is more advantageous in implementation cost than a non-contact IC reader. In those references, the same motion is supplied to two devices having an acceleration sensor from an external source (for example, those devices are vigorously shaken). Thus, a common variation is shared with those devices. Based upon such a common variation, an authentication key is shared with those devices. Those techniques are hereinafter referred to as “Related Art 4.”
In Related Art 1, data with a large number of digits should be inputted without any error in order to obtain high cipher strength by a sufficient key length. Such a process is troublesome and difficult. Therefore, there has been a problem in usability.
In Related Art 2, to push a button is a process that can readily be performed by anyone. When a button is accidentally or intentionally pushed by a third party, an authentication key is needlessly provided to the third party. Thus, there has been a problem in security.
In Related Art 3, a non-contact IC reader should be mounted on each of devices that are to be subjected to mutual authentication. Thus, there has been a problem in cost for those devices.
In Related Art 4, a user should aggregately hold two devices and vigorously shake those devices. Such an operation may be difficult in itself.
Furthermore, in Related Art 4, since two devices are aggregately held, many restrictions are imposed on the size, shape, weight of the devices, and the like. In order to apply this technology to a device, the device should have a size and a shape that allow two devices to be held aggregately. Thus, it is difficult or even impossible to apply this technology if one of two devices is a fixed device or if any one of two devices has a shape, size, or weight that makes it difficult to hold those two devices aggregately.
Moreover, in Related Art 4, since two devices are aggregately held and shaken, each of the devices should have a resistance to such vibration. Generally, a user of a device is not specified in a design phase. Supposing that an unspecified user vibrates a device, the device should be designed with some margins of the vibration resistance in consideration of individual differences in amplitude or speed of vibration to be applied. In this regard, there is also a restriction on design of the device.
Patent Literature 1: JP-A 2001-36638
Patent Literature 2: JP-A 2008-311726
Non-Patent Literature 1: SDK for FeliCa Products, the Internet (http://www.sony.co.jp/Products/felica/pdt/data/SDK_Products.pdf).
Non-Patent Literature 2: J. Lester, B. Hannaford, and G. Borriello, “Are You With Me?”—Using accelerometers to determine if two devices are carried by the same person, Pervasive 2004, LNCS 3001, pp. 33-50, 2004.
Non-Patent Literature 3: Y. Huynh and B. Schiele, Analyzing features for activity recognition, sOc-EUSAI '05, pp. 159-163, 2005.
Non-Patent Literature 4: D. Bichler, G. Stromberg, M. Huemer, and M. Low, Key generation based on acceleration data of shaking processes, UbiComp 2007, LNCS 4717, pp. 304-417, 2007.
Non-Patent Literature 5: R. Mayrhofer and H. Gellersen, Shake well before use: Authentication based on accelerometer data, Pervasive 2007, LNCS 4480, pp. 144-161, 2007.
Non-Patent Literature 6: Takahiro Minami, Yuichi Nino, Jun Noda, Yoshitaka Nakamura, and Hiroyuki Seki, Key Generation from Human Movements for Secure Device Pairing, the Internet (http://www-higashi.ist.osaka-u.ac.jp/˜y-nakamr/research/csec/44csec.pdf).
It is an object of the present invention to provide key generation technology that does not require a user's difficult operation such as aggregately holding and shaking two devices and that has loose restrictions on the shape, size, weight of devices, and the like, and to provide mutual authentication technology based upon this key generate technology.
According to the present invention, a method of generating a key includes a vibration detection step in which a vibrator generates vibration in a state in which a first device and a second device are brought into contact with the vibrator and a first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device detect the vibration, a transmission step in which the first device transmits a first feature value based upon the detection result of the first acceleration sensor to the second device, a reception step in which the first device receives a second feature value based upon the detection result of the second acceleration sensor from the second device, and a key generation step in which the first device compares the received second feature value with the first feature value and generates a key based upon the comparison result.
Furthermore, according to the present invention, a computer-readable storage medium stores a program executable in an apparatus having an acceleration sensor, data communication means, and a processor. The program executes, with the processor, a procedure including a detection step of detecting, with the acceleration sensor, an acceleration of the apparatus that is produced in accordance with vibration generated by a vibrator when the apparatus and another apparatus are brought into contact with the vibrator, a transmission step of transmitting, with the data communication means, a first feature value based upon the detection result of the acceleration sensor to the other apparatus, a reception step of receiving, with the data communication means, a second feature value based upon an acceleration generated in the other apparatus in accordance with vibration generated by the vibrator from the other apparatus, and a key generation step of comparing the second feature value received by the reception step with the first feature value and generating a key based upon the comparison result.
According to the present invention, a first device and a second device are brought into contact with the same vibrator, and the vibrator is vibrated. Thus, the first and second devices are supplied with vibration from the same vibration source. A key is generated based upon this vibration. Therefore, a user's operation such as aggregately holding and shaking the first and second devices is not required. Furthermore, the first and second devices do not need to be aggregately held in order to generate a key. Mere contact of those devices with the vibrator suffices. Accordingly, design restrictions on the size, outside shape, weight of the devices, and the like are remarkably loosened. Thus, one of the devices may be of a fixed type. Moreover, the amplitude, speed of the vibration applied to those devices, and the like can be grasped in advance from the specification of the vibrator. Therefore, it is not necessary to consider individual differences of the amplitude or speed of vibration by unspecified users. In this regard, design restrictions can also be loosened.
A key generation system 100 according to an exemplary embodiment of the present invention will be described below.
(1) As shown in
For example, each of the first device (Device A) 1 and the second device (Device B) 2 is a device having an acceleration sensor, a key generator, and a communication part as illustrated in
As shown in
Although
The first and second communication parts 14A and 14B are communication interface devices that can communicate data with each other. It does not matter whether the first and second communication parts are of wireless or wire, the number and types of networks connecting the first and second communication parts, and the like. For convenience, the first and second communication parts 14A and 14B preferably comprise a wireless communication interface but may be a wire communication interface. When the first device (Device A) 1 and the second device (Device B) 2 are cellular phone terminals, the first and second communication parts 14A and 14B may be wireless communication devices operable to perform wireless communication with a base station of a mobile communication network, infrared communication devices such as IrDA (Infrared Data Association), which is provided on most of cellular phone terminals, or transceivers for short-distance wireless communication such as Bluetooth.
As shown in
Generally, a cellular phone terminal comprises a vibrator to generate vibration for informing a user of an incoming call or the like. Such a vibrator may be used as the vibrator 4 of the vibration device 3. When the first device (Device A) 1 and the second device (Device B) 2 are both a cellular phone terminal, both of the devices have a vibrator 4. In such a case, the vibrator of one of the devices serves as a vibrator used for key generation in the exemplary embodiment of the present invention.
Next, an operation for generating a key will be described.
(2) First, as shown in
(3) Then, as shown in
(4) Subsequently, the first device (Device A) 1 and the second device (Device B) 2 detect vibration with the first and second acceleration sensors 10A and 10B, respectively.
(5) The first and second vibration quantizers 11A and 11B respectively divide outputs of the first and second acceleration sensors 10A and 10B into time windows having a predetermined length and quantize a value of each of the divided time windows.
Depending upon states and methods of contact between the first device (Device A) 1, the second device (Device B) 2, and the vibration device 3, some differences are produced in analog values of the acceleration detected by the first and second acceleration sensors 10A and 10B. Therefore, if a key is generated based upon analog values of the acceleration, it is difficult to generate the same key having a key length sufficient for practical use on both of the first device (Device A) 1 and the second device (Device B) 2.
In contrast, as shown in
(6) Subsequently, the first feature vector generator 12A generates a first feature vector group of Vfa0, Vfa1, Vfa2, . . . based upon the output values of the first acceleration sensor 10A that have been divided into time windows and quantized. Furthermore, the first feature vector generator 12A generates candidate vector groups corresponding to the feature vectors of the first feature vector group, i.e., a candidate vector group Vca01, Vca02, Vca03, . . . corresponding to the first feature vector Vfa0, a candidate vector group Vca11, Vca12, Vca13, . . . corresponding to the second feature vector Vfa1, and a candidate vector group Vca21, Vca22, Vca23, . . . corresponding to the third feature vector Vfa2.
Similarly, the second feature vector generator 12B generates a second feature vector group Vfb0, Vfb1, Vfb2, . . . and also generates candidate vector groups corresponding to the feature vectors of the second feature vector group, i.e., a candidate vector group Vcb01, Vcb02, Vcb03, . . . corresponding to the first feature vector Vfb0, a candidate vector group Vcb11, Vcb12, Vcb13, . . . corresponding to the second feature vector Vfb1, and a candidate vector group Vcb21, Vcb22, Vcb23, . . . corresponding to the third feature vector Vfb2.
Hereinafter, the first feature vector group of Vfa0, Vfa1, Vfa2, . . . , which are generated by the first device (Device A) 1, is collectively denoted by Vfai where i is an integer more than 0 and is a time-series index of feature vectors. The candidate vector group corresponding to the first feature vector Vfa0 of the first feature vector group that is generated by the first device (Device A) 1 is collectively denoted by Vca0j where j is an integer more than 0 and is a time-series index of candidate vectors. The first candidate vector groups generated by the first device (Device A) 1 are collectively denoted by Vcaij.
The feature vectors and the candidate vectors generated by the second device (Device B) 2 are defined in the same manner as described above. Specifically, the second feature vector group of vfb0, Vfb1, Vfb2, . . . , which are generated by the second device (Device B) 2, is collectively denoted by Vfbi where i is an integer more than 0 and is a time-series index of feature vectors. The candidate vector group corresponding to the first feature vector Vfb0 of the second feature vector group that is generated by the second device (Device B) 2 is collectively denoted by Vcb0j where j is an integer more than 0 and is a time-series index of candidate vectors. The second candidate vector groups generated by the second device (Device B) 2 are collectively denoted by Vcbij.
A feature vector is generated by combining the number of time windows in an interval continuously holding the same quantized value, i.e., a continuation interval, with the quantized value. For example, a feature vector has a structure in which a quantized value is connected to a binary notation of the number of time windows in which the quantized value continues.
Quantized values of time windows illustrated in
A candidate vector is generated by changing, into other values, one or both of the beginning time window and the ending time window of the continuation interval for which a feature vector has been generated and, as with a feature vector, combining the number of time windows in an interval continuously holding the same quantized value with the quantized value. A beginning time window of a continuation interval is the first time window of the continuation interval. An ending time window of a continuation interval is a time window right after the continuation interval. In a state in which one or both of quantized values of the beginning time window and the ending time window have been changed, a candidate vector is generated based upon the number of time windows in a continuation interval of time windows continuously holding the same quantized value.
The candidate vectors have three types. A first one of the candidate vectors is generated by changing a quantized value of a beginning time window of a continuation interval without changing a quantized value of an ending time window of the continuation interval. A second one of the candidate vectors is generated by changing a quantized value of an ending time window of a continuation interval without changing a quantized value of a beginning time window of the continuation interval. A third one of the candidate vectors is generated by changing quantized values of a beginning time window and an ending time window of a continuation interval. Among these three types, the third type generated by changing both of a beginning time window and an ending time window results in shifting the whole continuation interval and thus has the same value as a feature vector. Therefore, the third type does not need to be generated. In the example illustrated in
Candidate vectors are generated along with feature vectors in this manner for the following reason: A first vector group including the first feature vector group and the first candidate vector group generated by the first device (Device A) 1 and a second vector group including the second feature vector group and the second candidate vector group generated by the second device (Device B) 2 are compared with each other. If there is matched vectors in both of the vector groups, a key is generated based upon the matched vectors. The “matched” vectors include not only matched vectors between the first feature vector group and the second feature vector group, but also matched vectors between the first feature vector group and the second candidate vector group, matched vectors between the first candidate vector group and the second feature vector group, and matched vectors between the first candidate vector group and the second candidate vector group.
Such a comparison is made between the first vector group and the second vector group for the following reason: As described later in the operation (10), the first device (Device A) 1 and the second device (Device B) 2 generate key pieces based upon the matched feature vectors/candidate vectors and concatenate a predetermined number of key pieces to generate a key. Therefore, at least a predetermined number of matched feature vectors/candidate vectors are required to generate a key.
Meanwhile, detection timing of the acceleration may differ between the first acceleration sensor 10A and the second acceleration sensor 10B depending upon a state of contact between the first device (Device A) 1, the second device (Device B) 2, and the vibration device 3. In such a case, the beginning or ending timing of the continuation interval differs between the first device (Device A) 1 and the second device (Device B) 2. Therefore, feature vectors generated by the first device (Device A) 1 and the second device (Device B) 2 do not match with each other. If such mismatching occurs many times, it becomes difficult to generate a required number of key pieces from comparison between feature vectors.
In view of such circumstances, the beginning quantized value and the ending quantized value of a continuation interval in which feature vectors have been generated are changed. The continuation interval subjected to such changes is a sort of adjustment of the difference in assumed detection timing. Thus, candidate vectors are generated based upon the changed continuation interval and subjected to comparison between the first device (Device A) 1 and the second device (Device B) 2 in addition to the feature vectors. Accordingly, the difference of the detection timing can be absorbed to some degree. As a result, an authentication key having a key length sufficient for practical use can be shared with Devices A and B.
Furthermore, when the devices are brought into contact with each other, pulselike vibration may be generated only in one of the devices because the device is held in an unstable manner by hands, for example. Such vibration may be mixed as a noise, so that a pulselike quantized value is generated. In order to cope with such a pulselike quantized value, the first and second feature vector generators 12A and 12B may modify a value of the time window having the pulselike quantized value prior to the generation of the first and second feature vector groups and the first and second candidate vector groups. Assuming three consecutive time windows Wn−1, Wn, and Wn+1 where n is a natural number, the time window having a pulselike quantized value refers to a time window Wn having a value that is different from Wn−1 and Wn+1 having the same value. The time window having a pulselike quantized value is Wn=1 where Wn−1=Wn+1=0, or Wn=0 where Wn−1=Wn+1=1. If time windows are sufficiently shortened, such a pulselike quantized value may be considered as an error. Such an error can be eliminated if a value of such a time window is modified so as to be equal to values of its preceding and following time windows.
For example, the quantized value of the second time window from the right in
(7) Furthermore, as shown in
(8) All of the second hash values H(Vfbi) and H(Vcbij) generated in the operation (7) by the second device (Device B) 2 are transmitted to the first device (Device A) 1 via the first and second communication parts 14A and 14B. Similarly, all of the first hash values H(Vfai) and H(Vcaij) generated in the process (7) by the first device (Device A) 1 are transmitted to the second device (Device B) 2 (Step S42).
(9) The first key generator 13A of the first device (Device A) 1 compares a plurality of first hash values including the hash values H(Vfai) of the first feature vectors Vfai and the hash values H(Vcaij) of the corresponding first candidate vectors generated by the first feature vector generator 12A of the first device (Device A) 1, with a plurality of second hash values including the hash values H(Vfbi) of the second feature vectors Vfbi corresponding to the first feature vector Vfai and the hash values H(Vcbij) of the second candidate vectors, which have been received from the second device (Device B) 2 via the first communication part 14A. Thus, the first key generator 13A compares a group of first hash values corresponding to the ith one Vfai of the first feature vectors with a group of second hash values corresponding to the ith one Vfbi of the second feature vectors. If any of the hash values in one of the groups matches with any of the hash values in the other group, then a feature vector or a candidate vector corresponding to that hash value is used as a key piece (Step S43). If there is no hash value matched between the former group and the latter group, then no key piece is generated based upon the first feature vectors Vfai. This holds true for the second device (Device B) 2.
As described above, a plurality of candidate vectors corresponds to one feature vector. Therefore, either one of the groups of the hash values includes a hash value of one feature vector and hash values of a plurality of candidate vectors corresponding to that feature vector. For example, it is assumed that the first hash value H(Vfa0) of the first group A matches with the second hash value H(Vcb01) of the second group B when a first group A of the first hash values including the hash value H(Vfa0) of the first feature vector Vfa0 and the hash values H(Vca00) and H(Vca01) of the first candidate vectors corresponding to the first feature vector Vfa0 is compared with a second group B of the second hash values including the hash value H(Vfb0) of the second feature vector Vfb0 and the hash values H(Vcb00) and H(Vcb01) of the second candidate vectors corresponding to the second feature vector Vfb0. In this case, it is assumed that the first feature vector Vfa0 matches with the second candidate vector Vcb01. Thus, the first key generator 13A of the first device (Device A) 1 sets the first feature vector Vfa0 as a key piece. The same comparison is also made in the second device (Device B) 2, and the same results are obtained. Therefore, the second key generator 13B sets the second candidate vector Vcb01 as a key piece. In this example, the first feature vector of the first group A matches with the second candidate vector of the second group B. The first and second feature vectors of both of the groups may match with each other, or the first and second candidate vectors of both of the groups may match with each other.
(10) The operations (7) to (9) are performed for all of the feature vectors (Step S44). In other words, 1 is added to the current value of i, and the operations (7) to (9) are repeated.
(11) The number of key pieces obtained in the operation (10) is compared with a threshold for the number of key pieces. If the number of key pieces exceeds the threshold, the key pieces are concatenated to each other to generate a key (Step S45).
(12) The first device (Device A) 1 and the second device (Device B) 2 perform authentication using the generated key. Examples of authentication include challenge-response authentication. In the challenge-response authentication, the first device (Device A) 1 generates a random value, which is called a challenge, and sends it to the second device (Device B) 2. When the second device (Device B) 2 receives this challenge, it performs an arithmetic process by combining the key generated in the operation (11) by the second device (Device B) 2 with the challenge received from the first device (Device A) 1. As a result, the second device (Device B) 2 generates a hash value and sends it as a second response to the first device (Device A) 1. When the first device (Device A) 1 receives the response, it performs a similar arithmetic process with use of the challenge previously generated and the key generated in the operation (11) by the first device (Device A) 1 to thereby generate a first response. The first device (Device A) 1 compares the first response with the second response received from the second device (Device B) 2. If the first and second responses match with each other, the first device (Device A) 1 authenticates the second device (Device B) 2.
(13) The first device (Device A) 1 sends data encrypted with the key to the second device (Device B) 2. The second device (Device B) 2 decrypts the encrypted data with use of the key.
As shown in
Similarly, as shown in
As shown in
When a device does not actively request authentication by itself, it may not necessarily have a vibrator 21 and a vibrator controller 22. Either one of Device A and Device B may have a vibrator and a vibrator controller.
Specifically, each of the devices is implemented by an information processing device such as a personal computer operating in accordance with a program. All of a plurality of supposed devices may have the same configuration. Each of
Respective portions illustrated in
When the devices are held in contact with each other, the vibrator controller 22 controls an operation of the vibrator 21 such that turning on and turning off are continuously repeated multiple times while it dynamically varies the length of intervals in which the vibrator is turned on (on-interval) and the length of intervals in which the vibrator is turned off (off-interval). Thus, the acceleration sensor 10 of each of the devices held in contact with each other is directed to detect vibration in the on-intervals and not to detect vibration in the off-intervals. A plurality of intervals are detected by the acceleration sensor 10. Such an operation is implemented by, for example, PWM controllability of a vibrator motor provided in a cellular phone. The vibrator controller 22 is actuated on only one of the devices that perform mutual authentication based upon an external user's operation. The number of feature vectors and corresponding candidate vectors can be increased by increasing the number of on-off repetitions, so that more key pieces can be generated. Therefore, it becomes possible to generate a key having a greater key length.
The vibration quantizer 11 obtains a magnitude a_avg of an averaged acceleration measured in a steady state of the acceleration sensor 10 beforehand. The magnitude a_avg is used to eliminate measurement errors that are different from one sensor to another. When the vibration quantizer 11 obtains time-series data of the acceleration from the acceleration sensor 10 through the operation of the vibrator controller 22, it divides the time-series data into small intervals (windows) having a size of W_onoff. At that time, a window and a subsequent window may be overlapped at a certain rate, for example, a rate of 50%. Then a magnitude a_w of an average acceleration in a window is compared with a_avg. If the difference is not less than a certain value, the window is quantized into “1.” Otherwise, the window is quantized into “0.”
The feature vector generator 12 compares quantized values of a window. The feature vector generator 12 modifies a window having a different quantized value (a window that is judged as being pulselike) in comparison with quantized values of one preceding window and one following window such that the quantized value of the window in question is equal to the quantized values of the preceding and following windows. Then the feature vector generator 12 combines the number of windows in an interval continuously holding a quantized value of “1” or “0” (continuation interval), with the quantized value so as to generate a feature vector. For example, as shown in
For example, the key generator 13 performs one-way hash on the feature vector in time sequence and makes an exchange with another. If at least one of the candidates matches, that candidate is used as a key piece. If a ratio of the number of windows for which key pieces have been obtained to the total number of windows is equal to or higher than a predetermined threshold, then all of the resultant key pieces are concatenated to each other to generate a common key. Mutual authentication is performed based upon the common key. The mutual authentication part may use conventional well-known technology, such as challenge-response authentication.
Next, an operation of a key generation system in which the first and second devices 20A and 20B are provided as Device A and Device B, respectively will be described. In the following description, the first vibrator 21A of Device A is operated to generate a key, and the second vibrator 21B of Device B is not operated.
As described above, according to this example, for example, the length of intervals of turning vibration on and turning vibration off is randomly varied in a dynamic manner by a PWM (Pulse Width Modulation) control of a vibrator provided in a cellular phone. Two devices that are brought into contact with each other to collect this variation of intervals with an acceleration sensor can share a common key used for authentication. At that time, the vibration generated by the vibrator is so fine that possible errors can be absorbed. Therefore, an authentication key having a practical key length can be shared with the two devices.
While the present invention has been particularly shown and described with reference to exemplary embodiments (and examples) thereof, the present invention is not limited to the aforementioned embodiments (and examples). It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the claims.
The present application is based upon and claims the benefit of priority from Japanese Patent Application No. 2010-293094, filed on Dec. 28, 2010, the disclosure of which is incorporated herein in its entirety by reference.
Seki, Hiroyuki, Nakamura, Yoshitaka, Noda, Jun
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
7907901, | Sep 13 2007 | HUAWEI TECHNOLOGIES CO , LTD | Method and apparatus to enable pairing of devices |
8421595, | Jul 05 2006 | Valley Technologies, LLC | Method, device, server and system for identity authentication using biometrics |
20080159529, | |||
20100049659, | |||
20110010551, | |||
CN101101687, | |||
CN1961327, | |||
JP200136638, | |||
JP2008311726, | |||
JP2009063563, | |||
JP2010187282, | |||
WO2008075638, | |||
WO2009109930, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Dec 27 2011 | NEC Corporation | (assignment on the face of the patent) | / | |||
Dec 27 2011 | NATIONAL UNIVERSITY CORPORATION NARA INSTITUTE OF SCIENCE AND TECHNOLOGY | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Date | Maintenance Schedule |
Oct 20 2018 | 4 years fee payment window open |
Apr 20 2019 | 6 months grace period start (w surcharge) |
Oct 20 2019 | patent expiry (for year 4) |
Oct 20 2021 | 2 years to revive unintentionally abandoned end. (for year 4) |
Oct 20 2022 | 8 years fee payment window open |
Apr 20 2023 | 6 months grace period start (w surcharge) |
Oct 20 2023 | patent expiry (for year 8) |
Oct 20 2025 | 2 years to revive unintentionally abandoned end. (for year 8) |
Oct 20 2026 | 12 years fee payment window open |
Apr 20 2027 | 6 months grace period start (w surcharge) |
Oct 20 2027 | patent expiry (for year 12) |
Oct 20 2029 | 2 years to revive unintentionally abandoned end. (for year 12) |