AUTHENTICATION SYSTEM AND SERVER DEVICE

Information

  • Patent Application
  • 20190102530
  • Publication Number
    20190102530
  • Date Filed
    September 29, 2018
    6 years ago
  • Date Published
    April 04, 2019
    5 years ago
Abstract
An identification device that stores identification information authenticates a user by using biometrics authentication information, and transmits the identification information to a server device. The server device receives speech data from a speech input and output device, recognizes speech identification information from the speech data, and permits the user corresponding to the identification information to log in when the received identification information and the speech identification information match each other.
Description
BACKGROUND
1. Field

The present disclosure relates to an authentication system or the like.


2. Description of the Related Art

In the related art, when a user uses a device such as a terminal device or a client device, use of biometric authentication for authenticating the user by using physical features is widely performed.


For example, an authentication system that realizes remote personal authentication by connecting local authentication using a fingerprint reading and inquiry card capable of communicating with a client personal computer (PC) and high-security remote authentication is disclosed (for example, see Japanese Unexamined Patent Application Publication No. 2001-312477).


A system in which a button integrally formed with a fingerprint sensor is attached to a mobile phone, user identification using a fingerprint and user agreement confirmation for payment are performed by operating the button once, and payment data is transmitted to a point of sale (POS) terminal from the mobile phone is disclosed (for example, see Japanese Unexamined Patent Application Publication No. 2003-271937).


A mobile key device that reduces the number of times a user performs biometrics authentication by preparing two mobile key devices capable of wirelessly communicating with each other, storing the context of authentication success and unlocking a control target device while the wireless communication is established, and locking the control target device again when the wireless communication. is disconnected is disclosed (for example, see Japanese Unexamined Patent Application Publication No. 2015-121910).


However, the method of the biometrics authentication of the related art is limited to one-to-one interaction that enables the terminal for authentication provided with the fingerprint sensor and the device capable of being operated when the authentication succeeds to directly communicate with each other. In such a method, when the user performs the authentication for a plurality of devices provided within the system (for example, meeting support system), pairing at the terminal and the devices are established as much as the number of devices.


When there is the plurality of devices within the system and the device to be used by the user is changed whenever the user uses the device, the system is constructed such that the biometrics authentication is able to be performed between all the client devices.


It is desirable to provide an authentication system or the like with high convenience and high safety by performing authentication by using an identification device capable of performing biometrics authentication and speech of a user.


SUMMARY

According to an aspect of the disclosure, there is provided an authentication system including a client device capable of processing a content corresponding to a user, an identification device that stores identification information, and a server device that communicates with the client device. The identification device includes an identification information transmission unit that authenticates the user by using biometrics authentication information, and transmits the identification information to the server device when the authentication is correctly performed. The server device includes an identification information storage unit that stores the identification information in association with the user, an identification information reception unit that receives the identification information from the identification device, a recognition unit that receives speech data from a speech input and output device, and recognizes speech identification information from the speech data, a login unit that permits the user corresponding to the identification information to log in when the identification information and the speech identification information match each other, and a content display control unit that causes the client device to display the content associated with the user permitted to log in by the login unit.


According to another aspect of the disclosure, there is provided a server device that communicates with a client device capable of processing a content corresponding to a user. The server device includes an identification information storage unit that stores identification information in association with the user, an identification information reception unit that authenticates the user by using biometrics authentication information, and receives the identification information to be transmitted from an identification device when the authentication is correctly performed, a recognition unit that receives speech data from a speech input and output device, and recognizes speech identification information from the speech data, a login unit that permits the user corresponding to the identification information to log in when the identification information and the speech identification information match each other, and a content display control unit that causes the client device to display the content associated with the user permitted to log in by the login unit.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a diagram for describing the entire structure of a meeting support system according to a first embodiment;



FIG. 2 is a diagram for describing a functional structure of a server device according to the first embodiment;



FIG. 3 is a diagram for describing a functional structure of a client device according to the first embodiment;



FIG. 4 is a diagram for describing a functional structure of an identification device according to the first embodiment;



FIG. 5 is a diagram illustrating an example of a data structure of device information according to the first embodiment;



FIG. 6 is a diagram illustrating an example of a data structure of address correspondence information according to the first embodiment;



FIG. 7 is a diagram illustrating an example of a data structure of content information according to the first embodiment;



FIG. 8 is a diagram for describing a processing flow according to the first embodiment;



FIG. 9 is a diagram for describing a processing flow according to the first embodiment;



FIG. 10 is a diagram illustrating as example of a data structure of device information according to a second embodiment;



FIG. 11 is a diagram for describing an operation example of a processing flow according to the second embodiment;



FIG. 12 is a diagram illustrating an example of a data structure of device information according to a third embodiment;



FIG. 13 is a diagram illustrating an example of a data structure of available client information according to the third embodiment;



FIG. 14 is a diagram for describing a processing flow according to the third embodiment;



FIG. 15 is a diagram illustrating an example of a data structure of device information according to a fourth embodiment;



FIG. 16 is a diagram illustrating an example of a data structure of question information according to the fourth embodiment;



FIG. 17 is a diagram for describing an operation example of a processing flow according to the fourth embodiment;



FIG. 18 is a diagram for describing the entire structure of a meeting support system according to a fifth embodiment;



FIG. 19 is a diagram for describing a functional structure of an identification device according to the fifth embodiment;



FIG. 20 is a diagram illustrating an example of a data structure of device information according to the fifth embodiment;



FIG. 21 is a diagram for describing a processing flow according to the fifth embodiment;



FIG. 22 is a diagram for describing a processing flow according to the fifth embodiment;



FIG. 23 is a diagram illustrating an example of a data structure of biometrics authentication information according to a sixth embodiment; and



FIG. 24 is a diagram for describing a processing flow according to the sixth embodiment.





DESCRIPTION OF THE EMBODIMENTS

Hereinafter, embodiments for implementing the present disclosure will be described with reference to the drawings. For the sake of convenience in description, although an example in which a display device of the present disclosure is applied to a display device integrally provided with a touch panel will be described as an embodiment, any display device may be applied as long as a user is able to perform operations on a content through an operation input by the user.


1. First Embodiment
1.1 Entire Structure

Initially, FIG. 1 illustrates an external appearance of a meeting support system 1 including a server device 10 to which the present disclosure is applied. The meeting support system according to the present embodiment is configured such that the server device 10, a client device 20, and an access point (AP) are connected to each other via a network (NW). An identification device 30 and a speech input and output device 40 are connected to the AP. In FIG. 1, the devices depicted in this drawing are connected to the same network, but the devices may be connected to each other via an external network such as the Internet. For example, the server device 10 may be disposed in a cloud environment.


1.2 Functional Structure
1.2.1 Server Device

Next, a functional structure of the server device 10 will be described with reference to FIG. 2. The server device 10 includes a control unit 100, a speech recognition unit 110, a speech data generation unit 120, a communication unit 130, and a storage unit 140.


The control unit 100 is a functional unit for controlling the entire server device 10. The control unit 100 realizes various functions by reading out various programs and executing the readout programs, and is constituted by, for example, a central processing unit (CPU).


The speech recognition unit 110 is a functional unit that recognizes speech data, converts the recognized speech data into text data, and outputs the text data. Any known method may be used as a technique used for identifying the speech data and converting the identified speech data into the text data. For example, Julius which is a general-purpose large vocabulary continuous speech recognition engine may be used. Speech data may be transmitted to an external service that performs speech recognition via the network, and a recognition result may be received from the external service.


The speech data generation unit 120 is a functional unit that generates data to be used to produce prescribed speech through the speech input and output device 40. For example, when the speech input and output device 40 is able to play a speech file, a speech file in a file format such as MPEG-1 Audio Layer-3 (MP3) or Advanced Audio Coding (AAC) is generated.


The communication unit 130 is a functional unit that enables the server device 10 to communicate with an external device. For example, the communication unit is realized by a network interface card (NIC) used in a wired/wireless local area network (LAN) or a communication module capable of being connected to 3G/LTE line.


The storage unit 140 is a functional unit that stores various programs or various data items to be used in the operation of the server device 10. For example, the storage unit 140 is constituted by, for example, a solid state drive (SSD) which is a semiconductor memory or a hard disk drive (HDD).


Particularly, the storage unit 140 stores device information items 142 which are information items obtained by associating identification devices 30 with users who own identification devices 30, address correspondence information items 144 obtained by client devices 20 with speech input and output devices 40, and content information items 146 that have a content to be displayed on the client devices 20 in association with the users.


The details of the device information items 142 will be described with reference to FIG. 5. Device IDs (for example, “1234-5678-9012”) for identifying the identification devices and user IDs (for example, “MU 119”) which are user identification information items for identifying the users are stored as the device information items 142. That is, it is assumed in the present embodiment that one identification device 30 is owned by one user correspondence relationship between the device IDs which are the identification information items of the identification devices 30 and the user IDs which are the user identification information items is stored as the device information items 142.


The device ID is a number capable of uniquely specifying the identification device 30. As the device ID, a serial number of the identification device 30 may be used or a character string determined by an administrator of the meeting support system 1 may be used. An address such as an Internet Protocol (IP) address or a media access control (MAC) address may be used, and any information may be used as long as information can uniquely specify the identification device 30.


The details of the address correspondence information items 144 will be described with reference s FIG. 6. Addresses (for example, “192.168.0.19”) of the speech input and output devices 40 and addresses (for example, “192.168.0.119”) of the client devices 20 are stored as the address correspondence information items 144. Although it has been described in the present embodiment that an IPv4 address is stored as the address, information items, such as an IPv6 address and a MAC address, which are capable of specifying the speech input and output device 40 and the client device 20 in the NW may be stored.


In the present embodiment, the combinations of the speech input and output devices 40 with the client devices 20 in one-to-one correspondence are used, and the correspondence relationship between these combinations is stored as the address correspondence information items 144. That is, when an operation of login is performed by using a prescribed speech input and output device 40, the login is performed for the corresponding client device 20.


For example, when there is a plurality of meeting rooms in which the users may use the meeting support system 1, it is assumed that one speech input and output device 40 and one client device 20 are prepared in each meeting room, and the speech input and output device 40 and the client device 20 are associated with each other for each meeting room. In this case, when an operation of login is performed by using the speech input and output device 40 installed in a certain meeting room, the login is permitted for the client device 20 installed in the meeting room.


The details of the content information items 146 will be described with reference to FIG. 7. The user IDs (for example, “MU119”) for identifying the users which are owners of the content information items, meeting names (for example, “specification review”), layout data items (for example, “lay1”) that define how to display content data items on the client devices 20, content data items (for example, “mtg.doc”) which are contents to be displayed on the client devices 20, and last update dates and times (for example, “2017/07/24 17:00”) when the content information items are finally updated are stored as the content information items 146.


The layout data is data that defines display configurations of the content data such as coordinates in which the content data is displayed, a height or a width of a display region, a magnification ratio, and a page number Display configurations of the content may be stored in a file, and a file name or a file path of the file may be stored as the layout data. In the present embodiment, the file name of the file in which display configuration information of the content is stored is stored as the layout data.


For example, as the content data items, data of a file in a presentation format may be stored with no change, or the file name or the file path of the file which is the substance of the content entity may be stored. In the present embodiment, the file name of the file which is the substance of the content is stored as the content data items.


The client device 20 is returned to be in a display state when the content information is stored by reading the layout data and the content data and displaying the content data on the client device 20 according to the configurations defined in the layout data. The content information may be stored according to an instruction of the user or when the meeting is ended. The content information including an operation (for example, a drawing operation) performed for the content data may be stored.


1.2.2 Client Device

Next, a functional structure of the client device 20 will be described with reference to FIG. 3. The client device 20 includes a control unit 200, a display unit 210, an operation detection unit 220, an image processing unit 230, a communication unit 240, and a storage unit 250.


The control unit 200 is a functional unit that controls the entire client device 20. The control unit 200 realizes various functions by reading out various programs and executing the readout programs, and is constituted by, for example, a CPU.


The operation detection unit 220 is a functional unit that detects an operation from the user. For example, the operation detection unit is constituted by a touch panel integrally provided with the display unit 210 or a hardware button. As a method of detecting the operation using the touch panel, any method such as an electrostatic capacity type, a pressure-sensitive type such as a resistance film type, and an infrared type may be applied.


The image processing unit 230 is a functional unit that processes an image to be displayed on the display unit 210. For example, sharpening or color adjusting as general image processing may be performed on image data.


The communication unit 240 is a functional unit that enables the client device 20 to communicate with an external device. For example, the communication unit 240 is realized by a NIC used in a wired/wireless LAN or a communication module capable of being connected to a 3G/LTE line.


The storage unit 250 is a functional unit that stores various programs or various data items to be used in the operation of the client device 20. For example, the storage unit 250 is constituted by an SSD which is a semiconductor memory or an HDD.


Particularly, the storage unit 250 stores content information items 252 that store the content data items received from the server device 10. In the present embodiment, only information items among the content information items 146 stored in the server device 10, which are requested from the client device 20 to the server device 10, are received and stored as the content information items 252.


1.2.3 Identification Device

Next, a functional structure of the identification device 30 be described with reference to FIG. 4. The identification device 30 includes a control unit 300, an operation detection unit 310, a communication unit 320, and a storage unit 340.


The control unit 300 is a functional unit that controls the entire identification device 30. The control unit 300 realizes various functions by reading out various programs and executing the readout programs, and is constituted by, for example, a CPU or a microcontroller.


The operation detection unit 310 is a functional unit that detects an operation of the user. For example, a button is provided on the identification device 30, and a state (of whether or not the button is pressed) of the button is detected.


The communication unit 320 is a functional unit that enables the identification device 30 to communicate with an external device. For example, the communication unit 320 is a functional unit capable of performing communication through a wireless LAN, and is Ethernet (registered trademark) or IEEE 802.11a/b/g/n as a communication scheme.


The storage unit 340 is a functional unit that stores various programs or various data items to be used in the operation of the identification device 30. For example, the storage unit 340 is constituted by a flash memory.


Particularly, the storage unit 340 stores device IDs 342 for identifying identification devices 30. For example, it is assumed that the device ID is constituted by a fixed-digit character string including alphanumeric characters and symbols and different device IDs are stored in different identification devices 30. In the present embodiment, an example in which the device ID 342 is constituted by numbers made of 12 digits will be described.


The character string stored as the device ID 342 may be displayed on a front surface of the identification device 30. By doing this, the user can view the device ID which is the identification information, and thus, there is no necessity of storing the identification information.


1.2.4 Speech Input and Output Device

The speech input and output device 40 includes a control unit that controls the speech input and output device 40, a speech input unit such as a microphone, a speech output unit such as a speaker, and a communication unit that enables the speech input and output device 40 to communicate with an external device. The speech input and output device 40 performs a control such that speech input through the speech input unit is converted into speech data, the speech data is transmitted to an external device, and speech data received from the external device is output by the speech output unit.


The speech input and output device 40 may be any type as long as the speech input and output device includes the speech input unit, the speech output unit, and the communication unit and is associated with the client device 20. For example, the speech input and output device may be a smartphone or a small computer such as a tablet, or a speech output unit such as a microphone or a speaker built in the client device 20 may be used. The speech input and output device 40 and the client device 20 may be connected to each other in a wired manner.


1.3 Flow of Processing

Next, a processing flow in the present embodiment will be described with reference to FIGS. 8 and 9. Initially, when the identification device 30 detects that the button of the identification device 30 is pressed through the operation of the user, the identification device 30 transmits the device ID of the identification device 30 to the server device 10 (S1002; Yes→S1004). When the server device 10 receives the device ID (S1006), the server device 10 enters a standby state for a prescribed time in order to receive speech data.


Thereafter, the user instructs the speech input and output device 40 to start a meeting through speech. The speech input and output device 40 transmits speech produced by the user while collecting the speech to the server device 10, as the speech data (S1008→S1010).


The server device 10 receives the speech data, and specifies the speech input and output device 40 which is a transmission source (S1012). In the present embodiment, an example in which the speech input and output device 40 transmits the speech data including the address of the speech input and output device 40 and the server device 10 specifies the speech input and output device 40 as the transmission source by using the transmitted address will be described.


Subsequently, the server device 10 performs the speech recognition of the speech data received by the speech recognition unit 110 from the speech input and output device (S1014). When the received speech data is a meeting start instruction as a result of the speech recognition, the speech data generation unit 120 generates the speech data for requesting speech identification information (S1016; Yes→S1018).


The speech identification information is information used obtained by performing the speech recognition of the speech data input from the user, and is information used to verify that the identification device 30 is operated by the user. In the present embodiment, since the device ID which is the identification information is received in S1006, the speech data generation unit generates speech requesting the speech identification information regarding the device ID.


The speech identification information may be the whole identification information or may be part of the identification information. When the speech identification information is part of the identification information, a portion of the identification information from what number of characters to what number of characters is designated as the speech identification information when the speech data for requesting the speech identification information is generated. The designation of the portion to be used as the speech identification information may be configured for the server device 10 in advance, or may be determined whenever the speech identification information is requested.


After the speech identification information is requested, the server device 10 extracts the speech identification information based on the speech input to the speech input and output device 40 by the user, and determines whether or not the extracted speech identification information matches the identification information. It is possible to verify that the identification device is operated by the user by determining whether or not the speech identification information matches the identification information.


As the case where the extracted speech identification information matching the identification information, there are the following cases.


(1) A case where the whole identification information is used as the speech identification information is a case where the speech identification information and the identification information are equal to each other (perfect matching).


(2) A case where part of the identification information is used as the speech identification information is a case where the speech identification information and information in a position designated as the portion of the identification information to be used as the speech identification information are equal to each other (partial matching).


In the present embodiment, an example in which the device ID which is the identification information is constituted by numbers made of 12 digits and the numbers of last 4 digits of the device ID are designated as the speech identification information will be described. That is, when the numbers of the last 4 digits of the device ID (identification information) received in S1006 match the speech identification information (partial matching), it is possible to verify that the identification device 30 is operated by the user. Accordingly, the speech data such as “Please input last 4 digits of device ID” is generated in S1018.


Subsequently, the speech data generated in S1018 is transmitted to the speech input and output device 40 specified in S1012 (S1020). When the server device 10 detects that the speech data which is not the meeting start instruction is received in S1016, processing based on a result obtained through the speech recognition is performed (S1016; No).


Thereafter, the speech input and output device 40 receives the speech data from the server device 10, and plays the received speech data (S1022→S1024). At this time, the user says the numbers of the last 4 digits among the device ID displayed on the front surface of the identification device 30 according to the played speech data. The speech input and output device 40 transmits the speech of the speech identification information of the user, as the speech data, to the server device 10 (S1026→S1028).


When the speech data is received, the server device 10 extracts the information corresponding to the numbers of the last 4 digits of the device ID, which is the speech. identification information from the speech data by performing the speech recognition of the speech (S1030→S1032→S1034). That is, in the present embodiment, since the numbers of the last 4 digits of the device ID constituted by the numbers made of 12 digits are used as the speech identification information, a portion corresponding to numbers of contiguous 4 digits is extracted from the speech data, and the portion is converted into the text data.


Subsequently, the server device 10 determines whether or not the device ID is received from the identification device 30 (S1052). When the device ID is received, the server device 10 determines whether or not the numbers of the last 4 digits of the device ID (identification information) received in S1006 and the numbers of 4 digits extracted in S1034 match each other (S1052; Yes→S1056).


When the device ID is not received from the identification device 30, the server device 10 determines whether or not timeout occurs (S1052; No→S1054). When a prescribed time elapses, the server device 10 determines that the timeout occurs, and the processing is ended (S1054; Yes). A standby time (for example, one minute) until the processing is performed after the timeout occurs may be configured for the server device 10 in advance or may be configured by the user.


A case where the device ID is not received from the identification device 30 in step S1052 is a case where an instruction to perform login is received from the speech input and output device 40 before the user operates the identification device 30 and the speech identification information is received. In this case, the client server 20 is on standby at a point of time when the speech identification information is received, and performs the processing in S1056 when the device ID is received from the identification device 30 through the operation of the user (S1052; Yes→S1056).


When the device ID and the speech identification information match each other, the server device 10 specifies the user ID corresponding to the device ID from the device information 142 (S1056; Yes→S1058). When the device ID and the speech identification information does not match each other, the server device 10 ends the processing (S1056; No).


Subsequently, the server device 10 specifies the address of the client device corresponding to the address of the speech input and output device 40 from the address correspondence information items 144 (31060). The server device 10 permits the login using the user ID specified in S1058 to the client device of the specified address (S1062).


Subsequently, the server device 10 transmits the user ID permitted to log in to the client device 20 having the address specified in S1060 (S1064). The client device 20 receives the user ID from the server device 10 (S1066), and the client device 20 can detect that the login using the received user ID is permitted.


Therefore, the client device 20 transmits a content request in order to receive a content to be displayed on the display unit 210 from the server device 10 (S1068). At this time, the client device 20 transmits the user ID permitted to log in.


When the server device 10 receives the content request, the server device 10 transmits a content related to the user ID permitted to log in from the content information items 146 to the client device 20 (S1070→S1072).


When the content information is received, the client device 20 activates a meeting application (S1074→S1076). The client device 20 displays content data included in the content information based on the layout data included in the received content information (S1078).


Although it has been described in the present embodiment that the server device permits the user to in, the client device may permit the user to log in. That is, the server device may transmit the user ID of which the identification information and the speech identification information match each other to the client device, and the client device may permit the login using the received user ID.


At this time, when the client device permits the login, information (login permission information) permitted to log in is transmitted from the client device to the server device. After the login permission information is received, the server device transmits the content of the user permitted to log in to the client device. By doing this, even when the client device permits the login, the server device can transmit the content related to the user to the client device that permits the login.


When there is a plurality of content information items associated with the user permitted to log in, the server device enables the user to select the content to be displayed based on the content information at the time of displaying the content based on the content information. A display for selecting content information as a display target among a plurality of content information items, the content information items may be displayed so as to be arranged in the order of a meeting name and a last update date and time, or a thumbnail of the content data items to be displayed may be generated and displayed based on the layout data and the content data.


According to the aforementioned embodiment, the user can display the content on the client device 20 through the operation performed for the identification device 30 and the speech input for the speech input and output device 40. In order to determine whether or not to log in through the operation performed on two different devices, even when the user unintentionally operates the identification device 30, since the login is not performed, the login is able to be performed only when the user desires to log in.


Since the speech input and output device 40 and the client device 20 are associated with each other, even when there is a plurality of structures of the speech input and output devices 40 and the client devices 20 within the same NW, only the client device 20 associated with the speech input and output device 40 which inputs the speech is able to be logged in.


In the present embodiment, the server device 10 can detect that the user owns the identification device 30 and can detect the address of the speech input and output device 40 which is the transmission source of the speech data, but does not perform the identification (authentication) of the user. However, as long as the meeting support system 1 is used in a limited place such as inside of a company, the user is limited. Accordingly, it is sufficient to specify an account of a certain user to be used and a position of the user.


That is, since the device ID to be displayed on the front surface of the identification device 30 is used as the speech identification information in a whole or part, the user may not remember the password or may not configure the password. Accordingly, it is possible to log in to the client device 20 with a simple operation, and it is possible to provide the meeting support system with high convenience.


2. Second Embodiment

Next, a second embodiment will be described. The second embodiment is an example in which a guest user temporarily uses the meeting support system. Since the entire structure, functional structure, and processing flow in the present embodiment is the same as those in the first embodiment in principle, different points will be mainly described.


The functional structure of the present embodiment, the device information items 142 in the first embodiment illustrated in FIG. 5 are replaced with a data structure of FIG. 10. Here, a time when the login is permitted last in S1066 is stored as the last login date and time (for example, “2017/07/26 13:02”). When the login is not performed so far, information indicating that the login is not performed may be stored, and a special value such as “N/A” may be stored.


As a login time limit (for example, “last login date and time+five hours”), the user determines a time limit in which the user can log in to the server device 10 by using the identification device 30 associated with the user. A determined data and time may be stored or a relative time from the last login date and time may be determined.


The processing flow in the present embodiment is obtained by adding a sequence illustrated in FIG. 11 after S1058 of the first embodiment. Here, when the user ID specified from the device ID is not the user ID of the guest user, the server device performs the processing subsequent to S1060 of the first embodiment (S2002; No→S1060).


For example, the determination of whether or not the user ID is the user ID of the guest user may be performed depending on whether or not a prescribed character is included in the user ID of the guest user. A flag indicating whether or not the user ID is the guest user may be stored as the device information 142, and the determination of whether or not the user ID is the user ID of the guest user may be performed depending on a state of the flag.


When the user ID is the user ID of the quest user, the server device obtains the login time limit of the device information 142 (S2002; Yes→S2004). When a current timing is not within the login time limit, the user is not able to log in to the meeting support system 1, and thus, the server device ends the processing (S2006; No).


When the current timing is within the login time limit, the server device stores the current timing as the last login date and time (S2006; Yes→32008). Thereafter, the server device performs the processing subsequent to S1060 of the first embodiment.


The quest user temporarily uses the meeting support system, and thus, the server device does not store the content information. Accordingly, when the operation of the login is performed by the quest user, the client device does not perform the request and display of the content, and performs only the activation of the meeting application.


According to the aforementioned embodiment, it, is possible to configure the guest user who temporarily uses the meeting support system in advance, and thus, it is possible to omit an effort in registering the device information in advance whenever the client device 20 is temporarily used by the guest user. The quest user can use the client device 20 until the configured time limit by renting the identification device 30. Accordingly, it is possible to expect improvements in convenience in terms of management.


Even though the identification device 30 is not returned, when the login time limit configured for the device ID configured for the identification device 30 is over, since the guest user is not able to log in to the identification device, it is possible to restrain the guest user from fraudulently using the identification device.


The administrator reconfigures the login time limit of the identification device 30 after the identification device 30 is returned, and thus, a different guest user can use the meeting support system 1 by using the same identification device 30. Accordingly, it is possible to reuse the identification device 30.


3. Third Embodiment

Next, a third embodiment will be described. The third embodiment is an example in which meeting clients to use the meeting support system are defined in advance. Since the entire structure, functional structure, and processing flow in the present embodiment is the same as those in the first embodiment in principle, different points will be mainly described.


In the functional structure of the present embodiment, the device information items 142 in the first embodiment illustrated in FIG. 5 are replaced with a data structure of FIG. 12. Here, a department name (for example, “development department”) is a name indicating a department or a group to which the user belongs.


Data that stores an address group of the client device available for each department name is stored in the storage unit 150. An example of the data is illustrated in FIG. 13. An address of one or a plurality of client devices may be stored or a character string of “ALL” indicating all the client devices may be stored in the available address group of the client device.


A processing flow of the present embodiment is obtained by adding a sequence illustrated in FIG. 14 after S1058 of the first embodiment. Here, when the user ID specified from the device ID is specified, the server device subsequently specifies the department name of the user (S1058→S3002).


The server device specifies the available address group of the client device from the specified department name (S3004). The server device specifies the address of the client device associated with the address of the speech input and output device 40 from the address correspondence information 144, and determines whether or not the address of the client device 20 is included in the available address group (S1060→S3006).


When the address of the client device 20 is not included in the available address group, the client device 20 associated with the speech input and output device 40 that transmits the meeting start instruction is not available (S3006; No). Accordingly, the server device generates the speech data indicating the client device is not available, and transmits the generated speech data to the speech input and output device 40 (S3008→S3010). The speech input and output device 40 notifies the user that the client device 20 is not available by receiving the speech data and playing the speech data (S3012→S3014).


When the address of the client device 20 is included in the available address group, the server device performs the processing subsequent to S1062 of the first embodiment (S3006; Yes→S1062).


Although it has been described above that the department name is stored as the device information 142, an attribute other than the department name may be stored. For example, an attribute such as a position name and authority name may be stored or the available address group of the client device may be configured for each attribute.


According to the present embodiment, it is possible to limit the available client device 20 based an the attribute of the user. Accordingly, it is possible to restrain a problem that the client device 20 of the own department is used by a user of a different department.


When information to limit access, such as management information, is stored in the storage unit of the client device 20, it is possible to perform management that enables only the user who belongs to a certain department or is at a certain position to use the client device 20. That is, it is possible to limit the user who can use the client device 20 based on the state of the client device 20.


4. Fourth Embodiment

Next, a fourth embodiment will be described. The fourth embodiment is an example in which an answer to a question configured in advance is used as the speech identification information, instead of using the device ID in a whole or part. Since the entire structure, functional structure, and processing flow in the present embodiment is the same as those in the first embodiment in principle, different points will be mainly described.


In the functional structure of the present embodiment, the device information items 142 in the first embodiment illustrated in FIG. 5 are replaced with a data structure of FIG. 15. Here, a registration keyword (for example, “Walter”) is a keyword determined by the user. Question 1 (for example, “Tokyo”) is an answer to a question predetermined in advance. A plurality of questions may be prepared.


The registration keyword may be stored when the device information is registered in the device information 142, or may be stored through the operation of the user. The registration keyword may be updated at any time. For example, the registration keyword for retrieving the content in the next meeting may be updated just before the meeting is ended.


The storage unit 140 stores a question content. The data structure that stores the question content is illustrated in FIG. 16. A question ID (for example, “question 1”) uniquely specifies the question, and the question content (for example, “what is your native prefecture?”) is a detailed content of the question. In the present embodiment, the question content and the answer to the question stored as the device information 142 are associated depending on the question ID.


In the processing flow of the present embodiment, S1016 to S1056 of the first embodiment are replaced with a sequence illustrated in FIG. 17. When the server device determines that the meeting start instruction is received, the server device identifies the user associated with the device ID received in S1006, and determines the question content given to the identified user (S1016→S4002).


For example, when one or a plurality of answers to the question is stored, a question for asking one of the registered answers may be determined. When the answer to the question is not registered, the server device may determine to ask the keyword.


Subsequently, the server device generates speech data for question in order to enable the user to speak the answer to the question content (S4004). When the answer to the question is asked, the speech data may be generated based on the question content. When the keyword is asked, the speech data of the content of “what is the registered keyword?” may be generated.


Subsequently, the server device transmits the generated speech data to the speech input and output device 40, receives the speech data from the speech input and output device 40, and performs the speech recognition of the speech (S1020 to S1032). When the answer to the question is correct as a result of the speech recognition, that is, when the answer of the question or the registered keyword matches the result of the speech recognition, the server device performs the processing subsequent to S1058.


When the answer to the question is not correct, the server device returns to S4002 (S4006; No→S4002). The user asks the answer to the question again in this case, but may ask the same question, or may a question different from the already asked question. The number of times the question is asked may be determined in advance. When the question is asked the determined number of times, the login is not performed, and the server device may end the processing.


According to the aforementioned embodiment, the login is performed by correctly replying the answer to the question determined for each user. That is, since the login is not able to be performed by the user who does not know the answer to the question, it is possible to expect improvements in security compared with a case where the user says the device ID displayed on the identification device 30.


5. Fifth Embodiment

Next, a fifth embodiment will be described. The fifth embodiment is an example in which the login is performed by using fingerprint authentication. The entire structure, functional structure, and processing flow of the present embodiment will be described with reference to the drawings. The same components and portions on which the same processing is performed as those in the first embodiment will be assigned the same references, and the description thereof will be omitted.


5.1 Entire Structure

The entire structure of the present embodiment will be described with reference to FIG. 18. FIG. 18 is an external appearance of a meeting support system 2 including a server device 10 to which the present disclosure is applied. The meeting support system according to the present embodiment is configured such that the server device 10, a client device 20, and an access point (AP) are connected to each other via a network (NW). An identification device 32 which is the identification device and the speech input and output device 40 which is the speech input and output device are connected to the AP. It has been illustrated in FIG. 18 that the devices illustrated in this drawing are connected to the same network, the devices may be connected to each other via an external network such as the Internet. For example, the server device 10 may be disposed in a cloud environment.


Between the meeting support system 1 and the meeting support system 2, the server device 10, the client device 20, and the speech input and output device 40 are the same, but the structure of the identification device 32 is different. The identification device 32 according to the present embodiment is a device capable of performing biometrics authentication of the user in addition to the detection of the operation of the user.


5.2 Functional Structure
5.2.1 Server Device

A functional structure of the server device 10 according to the present embodiment will be described. The functional structure of the server device 10 is substantially the same as the functional structure of the first embodiment, but the structure of the device information 142 is different.


A data structure of the device information 142 according to the present embodiment will be described with reference to FIG. 20. User IDs (for example, “MU119”) for identifying the user who owns the identification device and user names (for example, “Munakata”) are stored as the device information 142.


5.2.2 Identification Device

A functional structure of the identification device 32 is illustrated in FIG. 19. The identification device 32 includes a control unit 300, an operation detection unit 310, a communication unit 320, a biological information obtaining unit 330, and a storage unit 350. Here, the control unit 300, the operation detection unit 310, and the communication unit 320 are the same as those of the identification device 30 according to the first embodiment.


The biological information obtaining unit 330 is a functional unit for obtaining biological information of the user who uses the identification device 32. Fingerprints, blood vessels, or irises may be used as the biological information. In the present embodiment, in order for the identification device 32 to authenticate the user by using the fingerprint, the fingerprint is used as the biological information obtained by the biological information obtaining unit 330, and a fingerprint sensor for reading the fingerprint is used as the biological information obtaining unit 330.


The storage unit 350 is a functional unit that stores various programs or various data items to be used in the operation of the identification device 32. For example, the storage unit 350 is constituted by a flash memory.


Particularly, the storage unit 350 stores user IDs 352 for identifying the users who use the identification devices 32, biometrics authentication information items 354 to be used to perform the biometrics authentication of the users, available time limit information items 356 indicating time limits in which the authentication using the biometrics authentication information items 354 is able to be performed, and device IDs 358 for identifying the identification devices 32.


The biometrics authentication information 354 is information to be compared with the biological information read by the biological information obtaining unit 330. In the present embodiment, in order to read a pattern of the fingerprint of the user by using the fingerprint sensor as the biological information obtaining unit 330, the pattern of the fingerprint of the user of the identification device 32 is stored as the biometrics authentication information 354.


5.3 Processing Flow

Next, a processing flow according to the present embodiment will be described. In the processing flow of the present embodiment, FIGS. 8 and 9 that describe the processing flow of the first embodiment are replaced with FIGS. 21 and 22. The processing represented by the same references as the references in FIGS. 8 and 9 is the processing of the first embodiment, and the description thereof will be omitted.


When the meeting start instruction is issued by the user, the server device generates speech data for requesting any of the user names stored as the device information items 142 (S1016; Yes→S5002).


Subsequently, when the speech data is received from the speech input and output device 40, the server device performs the speech recognition, and determines whether or not a name that the user says matches any of the user names stored as the device information items 142 (S1030→S1032→S5004). When the name that the user says matches any of the user names stored as the device information items 142 as the result of the speech recognition of the speech data, the server device is on standby in order to receive the user ID to be transmitted from the identification device (S5004; Yes). When the name that the user says does not match any of the stored user names, the server device performs the processing of S5002 (S5004; No→S5002).


Initially, the identification device 32 reads out the available time limit information 356, compares the readout time limit with the current timing, and determines whether or not the current timing is within a time limit in which the identification device 32 is available (S5006). When the current timing exceeds the available time limit, the identification device 32 ends the processing (S5006; No).


When the current timing is within the available time limit, the identification device 32 is on standby until the identification device detects that the user touches the fingerprint sensor (S5006→S5008). When the user touches the fingerprint sensor, the identification device 32 subsequently reads the pattern of the fingerprint of the user, and performs the authentication (fingerprint authentication) of the user using the fingerprint (S5010). Here, when the pattern of the fingerprint read by the fingerprint sensor and the pattern of the fingerprint stored as the biometrics authentication information 354 of the identification device 32 may not match each other with sufficient precision, the identification device 32 determines that the fingerprint authentication fails, and ends the processing (S5010; No).


When the fingerprint authentication succeeds, the identification device 32 is on standby until the identification device detects that the button of the identification device 32 is pressed by the user (S5010; Yes→S5012). In this state, when the identification device 32 detects that the button is pressed by the user, the identification device 32 transmits the user ID 352 and information indicating the authentication succeeds to the server device 10 (S5014).


The server device 10 is on standby in order to receive the user ID after the determination of S5004 (S5016). Here, when a prescribed time elapses without receiving the user ID, the server device determines that timeout occurs, and ends the processing (S5052; No→S5054; Yes).


When the user ID is received, the server device determines that the user ID received from the identification device 32 and the user ID specified from the user name obtained by performing the recognizing the speech data received in S1030 match each other (S5052; Yes→S5056). The server device performs the processing of S1060 when the received user ID and the specified user ID match each other (S5056; Yes→S1060), and ends the processing when the received user ID and tine specified user ID do not match each other (S5056; No).


According to the aforementioned embodiment, since the identification device 32 performs the fingerprint authentication, it is possible to restrain the login of the user who is not the owner of the identification device 32, and it is possible to enable the user to log in in a state in which technical safety is further secured.


Although it has been described in the aforementioned processing flow that the user ID is transmitted to the server device 10 only when the fingerprint authentication succeeds in the identification device 32, the user ID and the authentication result may be transmitted. That is, information indicating that the authentication succeeds and the user ID are transmitted when the authentication succeeds, and information indicating that the authentication fails is transmitted to the server device 10 when the authentication fails. In this case, when the server device 10 detects that the fingerprint authentication fails many times in the same identification device 32, the identification device 32 may be unavailable. By doing this, it is possible to cope with the case where the user loses the identification device 32.


6. Sixth Embodiment

Next, a sixth embodiment will be described. The sixth embodiment is an example in which biometrics authentication information items of a plurality of users are stored in the identification device 32. Since the entire structure, functional structure, and processing flow in the present embodiment is the same as those in the fifth embodiment in principle, different points will be mainly described.


The user ID, the biometrics authentication information, and the available time limit information in association with each user of the plurality of users who use the identification devices 32 are stored in the storage unit 350 of the identification device 32. An example of the specific data structure is illustrated in FIG. 23. In the data structure illustrated in FIG. 23, fingerprint data of each user is stored as the biometrics authentication information. The available time limit may be stored for each user or one available time limit may he stored for one identification device 32, and a validated time limit of the identification device 32 may be determined and managed.


In the processing flow of the present embodiment, S5006 to S5014 of the fifth embodiment are replaced with a sequence illustrated in FIG. 24. When the identification device detects that the user touches the fingerprint sensor, the identification device determines whether or not the fingerprint obtained from the fingerprint sensor matches any of the fingerprint data items stored in the storage unit 350 with sufficient precision (S5006→S6002).


When the obtained fingerprint and any of the stored fingerprint data items do not match each other, the identification device ends the processing (S6002; No) the obtained fingerprint and any of the stored fingerprint data items match each other with sufficient precision, the identification device 32 specifies the available time limit associated with the matched fingerprint data, and determines whether or not a current date and time is within the available time limit (S6002; Yes→S6004). When the current date and time exceeds the available time limit, the identification device ends the processing (S6004; No).


When the current date and time is within the available time limit and the identification device 32 detects that the button of the identification device 32 is pressed, the identification device 32 specifies the user ID associated with the matched fingerprint data, and transmits the specified user ID to the server device 10 (36004; Yes→S5010→S6006). By performing the processing in this manner, the login of only the user for which the fingerprint authentication succeeds to the client device 20 is permitted.


According to the aforementioned embodiment, the identification devices 32 as much as the number of persons who use the meeting support system 1 may not be prepared. Accordingly, the button may be provided for each department or for each client device 20, and thus, it is possible to reduce costs. Since the number of identification devices 32 to be managed is reduced, it is possible to simplify the management of the identification device 32.


7. Modification Example

While the embodiments of the disclosure will be described in detail with reference to the drawings, the specific structure is not limited to the embodiments, and designs within the scope without departing from the gist of the disclosure are included in claims.


The aforementioned embodiments may be performed by combining the respective embodiments. For example, the available client devices 20 may be managed by using the identification devices 32 capable of performing the biometrics authentication by combining the third embodiment with the fifth embodiment.


The program operated in each device in the embodiments is a program (program causing a computer to function) that controls a CPU to realize the functions of the aforementioned embodiments. The information items used in these devices are temporarily accumulated in a temporary storage device (for example, random-access memory (RAM)) at the time of processing the information items, and are subsequently stored in various storage devices such as read-only memory (ROM), HDD, and SSD. The information items are read by the CPU, and are modified or written.


When the programs are distributed in the market, the programs may be distributed while programs are stored in a portable recording medium or may be transmitted to the server device computer connected via the network such as the Internet. In this case, a storage device of a server device computer is also included in the disclosure.


The present disclosure contains subject matter related to that disclosed in Japanese Priority Patent Application JP 2017-191550 filed in the Japan Patent Office on Sep. 29, 2017, the entire contents of which are hereby incorporated by reference.


It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and alterations may occur depending on design requirements and other factors insofar as they are within the scope of the appended claims or the equivalents thereof.

Claims
  • 1. An authentication system comprising: a client device capable of processing a content corresponding to a user;an identification device that stores identification information; anda server device that communicates with the client device,wherein the identification device includes an identification information transmission unit that authenticates the user by using biometrics authentication information, and transmits the identification information to the server device when the authentication is correctly performed, andthe server device includes an identification information storage unit that stores the identification information in association with the user,an identification information reception unit that receives the identification information from the identification device,a recognition unit that receives speech data from a speech input and output device, and recognizes speech identification information from the speech data,a login unit that permits the user corresponding to the identification information to log in when the identification information and the speech identification information match each other, anda content display control unit that causes the client device to display the content associated with the user permitted to log in by the login unit.
  • 2. The authentication system according to claim 1, wherein the server device further includes a user recognition unit that receives the speech data from the speech input and output device, and recognizes the user from the speech data, andthe login unit permits the user to log in when the identification information received by the identification information reception unit and the identification information corresponding to the user recognized by the user recognition unit match each other.
  • 3. The authentication system according to claim 1, wherein the server device further includes a management unit that manages the speech input and output device and the client device in association with each other, andthe content display control unit causes the client device corresponding to the speech input and output device that receives the speech data to display the content.
  • 4. The authentication system according to claim 1, wherein, when the content display control unit causes the client device to display the content, the content is displayed by restoring a display layout of the content to a display layout of the content when the user logs out.
  • 5. The authentication system according to claim 1, wherein the login unit permits the user corresponding to the identification information to log in when it is determined that the identification information and the speech identification information match each other and the user is able to log in to the client device corresponding to the speech input and output device.
  • 6. The authentication system according to claim 1, wherein the identification information transmission unit of the identification device transmits, to the server device, an authentication result obtained by authenticating the user by using the biometrics authentication information together with the identification information, andthe login unit of the server device permit the user corresponding to the identification information to log in when the identification information and the speech identification information match each other and the authentication result indicates that the authentication is correctly performed.
  • 7. A server device that communicates with a client device capable of processing a content corresponding to a user, the server device comprising: an identification information storage unit that stores identification information in association with the user;an identification information reception unit that authenticates the user by using biometrics authentication information, and receives the identification information to be transmitted from an identification device when the authentication is correctly performed;a recognition unit that receives speech data from a speech input and output device, and recognizes speech identification information from the speech data;a login unit that permits the user corresponding to the identification information to log in when the identification information and the speech identification information match each other; anda content display control unit that causes the client device to display the content associated with the user permitted to log in by the login unit.
Priority Claims (1)
Number Date Country Kind
2017-191550 Sep 2017 JP national