JP7791601B1 - Authentication device, authentication method, and program - Google Patents

Abstract

An authentication device is provided that can prevent processing from being executed in response to authentication performed in a situation not intended by a user.
[Solution] The authentication device 1 comprises first and second receiver sets 11 and 12 that receive an authentication request sent from the device to be authenticated 2, a device authentication unit 13 that uses the received authentication request to determine whether the device to be authenticated 2 is legitimate, an identification unit 14 that identifies the position of the device to be authenticated 2 based on the difference in strength of the authentication requests received by the first and second receiver sets 11 and 12, respectively, an area determination unit 15 that determines whether the identified position is included in an authentication area R2 shown on the floor, and an output unit 16 that outputs information regarding the execution of a predetermined process for a user 5 carrying the device to be authenticated 2 when it is determined that the device to be authenticated 2 is legitimate and that the position of the device to be authenticated 2 is included in the authentication area R2.
[Selected Figure] Figure 1

Description

The present invention relates to an authentication device that receives an authentication request sent from a device to be authenticated and performs authentication.

Conventionally, authentication devices are known that receive an authentication request sent from a device to be authenticated and perform authentication (see, for example, Patent Document 1). By performing authentication using such an authentication request, it is possible to perform hands-free authentication that does not require user operation, for example.

International Publication No. 2020/080301

However, hands-free authentication has the problem that authentication may occur in situations unintended by the user, be deemed valid, and transactions such as payments may be carried out.

The present invention has been made to solve the above-mentioned problems, and aims to provide an authentication device etc. that can prevent predetermined processing from being executed in response to authentication performed in a situation not intended by the user.

To achieve the above object, one aspect of the present invention provides an authentication device comprising: a first receiver set including one or more first receivers that receive an authentication request transmitted from a device to be authenticated, the authentication request including authentication information used to authenticate the device to be authenticated; a second receiver set including one or more second receivers that receives the authentication request transmitted from the device to be authenticated; a device authentication unit that performs device authentication using the authentication information included in the authentication request received by at least one of the one or more first receivers and the one or more second receivers to determine whether the device to be authenticated that transmitted the authentication request is legitimate; an identification unit that identifies the position of the device to be authenticated based on the difference in strength between the authentication requests received by the first and second receiver sets; an area determination unit that performs area determination to determine whether the position of the device to be authenticated identified by the identification unit is within an authentication area shown on the floor; and an output unit that outputs information related to the execution of a predetermined process for the user carrying the device to be authenticated when the device authentication determines that the device to be authenticated is legitimate and the area determination determines that the position of the device to be authenticated is within the authentication area.

With this configuration, if the device to be authenticated is determined to be valid during device authentication and the location of the device to be authenticated is included in the authentication area, a predetermined process can be executed. For example, if the user does not enter the authentication area indicated on the floor, the predetermined process can be prevented from being executed. Therefore, it is possible to prevent the predetermined process from being executed in response to authentication performed in a situation that the user does not intend.

Furthermore, in an authentication device according to one aspect of the present invention, the authentication area may be indicated by a mat placed on the floor.

With this configuration, for example, the position of the authentication area can be changed by changing the position of the mat.

Furthermore, in an authentication device according to one aspect of the present invention, the authentication area may be displayed on the floor surface.

Furthermore, an authentication device according to one aspect of the present invention may further include a display unit that displays the authentication area on the floor surface.

This configuration makes it possible, for example, to more easily change the display position of the authentication area.

Furthermore, in an authentication device according to one aspect of the present invention, the display unit may change the display position of the authentication area.

With this configuration, for example, when a user enters the authentication area after changing the display position, a specified process can be performed.

Furthermore, in an authentication device according to one aspect of the present invention, the output unit may output information regarding the execution of a predetermined process when the device to be authenticated is determined to be valid in the device authentication and when the area determination determines that only the position of the device to be authenticated is included in the authentication area.

This configuration allows specified processing to be performed when there is only one authenticated device to be authenticated in the authentication area.

An authentication device according to one aspect of the present invention may further include a sensor that acquires information about the authentication area, and a number acquisition unit that acquires the number of people present in the authentication area using the information acquired by the sensor, and the output unit may output information regarding the execution of a predetermined process when the device to be authenticated is determined to be valid in the device authentication, the area determination determines that the position of the device to be authenticated is included in the authentication area, and the number of people acquired by the number acquisition unit is one.

This configuration allows specified processing to be performed when only one user carrying the device to be authenticated is present in the authentication area.

Furthermore, in an authentication device according to one aspect of the present invention, the sensor may be a weight sensor that acquires the weight in the authentication area, or an image sensor that acquires an image of the authentication area.

In addition, an authentication device according to one aspect of the present invention may further include a status output unit that performs a first output when the device to be authenticated is determined to be valid in device authentication and the area determination determines that the location of the device to be authenticated is not included in the authentication area, performs a second output when the device to be authenticated is determined to be valid in device authentication and the area determination determines that the location of the device to be authenticated is included in the authentication area and execution of a predetermined process has not been completed, and performs a third output when execution of the predetermined process has been completed.

This configuration allows the user to know the authentication results, judgment results, and the status of the execution of a specified process, such as whether the specified process can be executed or whether the execution of the specified process has been completed.

Furthermore, in an authentication device according to one aspect of the present invention, the status output unit may perform a fourth output when the area determination unit determines that the positions of two or more devices to be authenticated are included in the authentication area.

With this configuration, for example, the fourth output can be generated, making it possible to know why a specified process is not being performed.

Furthermore, in an authentication device according to one aspect of the present invention, the predetermined processing may be a payment processing.

Furthermore, in an authentication device according to one aspect of the present invention, the predetermined process may be an unlocking process.

An authentication method according to one aspect of the present invention is an authentication method processed using a first receiver set including one or more first receivers, a second receiver set including one or more second receivers, a device authentication unit, an identification unit, an area determination unit, and an output unit, and includes the steps of: one or more first receivers included in the first receiver set receiving an authentication request transmitted from a device to be authenticated, the authentication request including authentication information used to authenticate the device to be authenticated; one or more second receivers included in the second receiver set receiving the authentication request transmitted from the device to be authenticated; and the device authentication unit detecting the authentication information included in the authentication request received by at least one of the one or more first receivers and one or more second receivers. The method includes a step of performing device authentication using the authentication information to determine whether the authenticated device that transmitted the authentication request is valid; a step of the identification unit identifying the position of the authenticated device based on the difference in strength of the authentication requests received by the first and second receiver sets; a step of the area determination unit performing area determination to determine whether the identified position of the authenticated device is included in an authentication area shown on the floor; and a step of the output unit outputting information regarding the execution of a predetermined process for the user carrying the authenticated device when the device authentication determines that the authenticated device is valid and the area determination determines that the position of the authenticated device is included in the authentication area.

An authentication device according to one aspect of the present invention can prevent a predetermined process from being executed in response to authentication performed in a situation not intended by the user.

FIG. 1 is a block diagram showing a configuration of an authentication device according to an embodiment of the present invention. FIG. 10 is a diagram illustrating an authentication area in the embodiment. FIG. 10 is a diagram illustrating an authentication area in the embodiment. FIG. 2 shows an example of an authentication area set in front of a vending machine according to the embodiment. A flowchart showing the operation of the authentication device according to the embodiment. FIG. 2 is a block diagram showing another example of the configuration of the authentication device according to the embodiment. FIG. 2 is a block diagram showing another example of the configuration of the authentication device according to the embodiment. FIG. 2 shows an example of the configuration of a computer system according to the embodiment.

The authentication device and authentication method according to the present invention will be described below using embodiments. Note that in the following embodiments, components and steps with the same reference numerals are the same or equivalent, and repeated explanations may be omitted. The authentication device according to this embodiment outputs information regarding the execution of a predetermined process for the user carrying the device to be authenticated when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated is included in the authentication area shown on the floor.

Figure 1 is a block diagram showing the configuration of an authentication device 1 according to this embodiment. The authentication device 1 according to this embodiment includes a first receiver set 11, a second receiver set 12, a device authentication unit 13, an identification unit 14, a region determination unit 15, and an output unit 16. If necessary, the authentication device 1 may further include a status output unit 17. The authentication device 1 according to this embodiment may perform device authentication to determine whether the authenticated device 2 carried by the user 5 is authentic, and region determination to determine whether the authenticated device 2 is included in the authentication region R2 displayed on the floor. Based on these results, the authentication device 1 may output information to cause the execution unit 51 to execute a predetermined process. The predetermined process performed by the execution unit 51 may be, for example, a payment process, a lock-opening process, or any other process performed on the user 5 carrying the authenticated device 2 determined to be authentic. The payment process may enable the user 5 to purchase a product or receive a service. The payment process may be performed, for example, at a POS register or a vending machine. Additionally, the unlocking process may allow user 5 to enter a house, a hotel room, a conference room, etc.

Note that while Figures 1 and 3 show a situation in which user 5 is holding the authenticated device 2 in his/her hand, "user 5 carrying the authenticated device 2" means, for example, that the authenticated device 2 moves in accordance with user 5's movements, and user 5 does not necessarily have to be holding the authenticated device 2 in his/her hand. The authenticated device 2 may be placed, for example, in user 5's clothing pocket or bag. Also, while Figure 1 shows a case in which authentication device 1 receives an authentication request from one authenticated device 2 carried by one user 5, authentication device 1 may receive authentication requests from multiple authenticated devices 2 carried by multiple users 5, for example.

The authentication device 1 may or may not have, for example, an execution unit 51. In the latter case, the authentication device 1 may, for example, control the execution of a predetermined process in the execution unit 51 of an external device.

The device to be authenticated 2 may be, for example, a smartphone, tablet terminal, PDA (Personal Digital Assistant), laptop computer, transceiver, or other portable information terminal with communication capabilities, or it may be other devices.

The first receiver set 11 includes one or more first receivers 11a. Each of the one or more first receivers 11a receives an authentication request transmitted from the device to be authenticated 2, the authentication request including authentication information used to authenticate the device to be authenticated 2. The device to be authenticated 2 may transmit the authentication request, for example, via radio waves. The first receiver set 11 may be located at a first location. The authentication request may include, for example, a user identifier of the user 5 carrying the device to be authenticated 2 transmitting the authentication request, or a device identifier identifying the device to be authenticated 2. The user identifier may be, for example, the user's telephone number, address such as email address, name, etc., or a character string unique to the user. The device identifier may be, for example, the address of the device or a character string unique to the device. The device address may be, for example, a physical address such as a MAC address, or some other address.

The second receiver set 12 includes one or more second receivers 12a. Each of the one or more second receivers 12a receives an authentication request transmitted from the authenticatee device 2. The second receiver set 12 may be located at a second location different from the first location. Note that the second receiver set 12 may be the same as the first receiver set 11, except for the location where it is located.

From the perspective of achieving more accurate location identification of the device to be authenticated 2, it is preferable that the first receiver set 11 include multiple first receivers 11a, and the second receiver set 12 include multiple second receivers 12a. As shown in FIG. 1, for example, the first receiver set 11 may include four first receivers 11a, and the second receiver set 12 may include four second receivers 12a, but the number of receivers included in the first and second receiver sets 11, 12 may be between one and three, or may be five or more. Each receiver 11a, 12a included in the first and second receiver sets 11, 12 is capable of acquiring the strength of the radio wave of the authentication request.

If the first receiver set 11 includes multiple first receivers 11a, the first position may be, for example, the position of the center of gravity of the multiple first receivers 11a. More specifically, the position of the center of gravity of each first receiver 11a may be identified, and the position of the center of gravity of the identified multiple center of gravity may be set as the first position. The multiple first receivers 11a may be located, for example, close to each other, or may be located at separate locations. Even in the latter case, it is preferable that the multiple first receivers 11a are included within the range of the distance from the first position to the second position. The same applies to the second position of the second receiver set 12.

The first receiver 11a and the second receiver 12a may or may not include a wireless receiving device such as an antenna for receiving radio waves. The first receiver 11a and the second receiver 12a may be implemented by hardware, or by software such as a driver that drives the receiving device.

The authentication request, which is a radio wave, may be, for example, a pulse wave transmitted intermittently, or a continuous wave transmitted continuously. Furthermore, any wireless communication standard may be used to transmit and receive the authentication request. For example, the authentication request may be communicated via Bluetooth Low Energy (BLE), Bluetooth Basic Rate (BR)/Enhanced Data Rate (EDR), wireless LAN (IEEE 802.11), IEEE 802.15.4 such as ZigBee (registered trademark), or any other wireless communication standard. It is preferable that the authentication request be transmitted and received via short-range wireless communication such as BLE, Bluetooth BR/EDR, or wireless LAN.

The frequency of the radio waves for the authentication request is not particularly limited, but may be, for example, a frequency in the range of 300 MHz to 300 GHz. Furthermore, the device to be authenticated 2 may, for example, transmit the authentication request by broadcast or by unicast. Transmitting the authentication request by broadcast is preferable because it allows the authentication request to be transmitted without specifying the communication partner. This embodiment mainly describes the case where the device to be authenticated 2 transmits the authentication request by broadcast. It is preferable that the device to be authenticated 2 transmits the authentication request without receiving a transmission instruction from the user 5. The device to be authenticated 2 may, for example, transmit the authentication request in response to receiving a predetermined beacon or the like. In response to receiving this beacon, the device to be authenticated 2 may, for example, transmit the authentication request only once, or for a predetermined period of time, or may continuously transmit the authentication request while receiving this beacon. This beacon may, for example, be transmitted in an area where authentication using the authentication request is performed. As an example, the authentication device 1 may transmit the beacon. In this case, the authentication device 1 may further include a transmitter for transmitting the beacon.

The authentication information included in the authentication request may include any information that can be used to authenticate the device to be authenticated 2. For example, it may include cryptographic information obtained by encrypting unique information, which is unique information. The unique information may include, for example, a time, a random number, a count value, or a one-time password. The unique information may be information specific to the authentication request. That is, the unique information corresponding to the cryptographic information included in each authentication request may be different. The unique information may be, for example, information generated by the device to be authenticated 2 or information transmitted from the authentication device 1 to the device to be authenticated 2. In the latter case, challenge-response authentication may be performed by the authentication device 1. If the unique information is transmitted from the authentication device 1, the authentication device 1 may further include a transmission unit that transmits the unique information. This embodiment mainly describes the case where the unique information is generated by the device to be authenticated 2. Like the cryptographic information described above, it is preferable that the authentication information include different information for each authentication request. This is to prevent the authentication information from being reused by a malicious third party. For example, the cryptographic information may be information obtained by encrypting a user identifier and unique information. In this case, the encryption information may be considered to be information including, for example, a user identifier and authentication information.

The unique information may be encrypted using, for example, a common key cipher or a public key cipher. That is, the encryption key used to encrypt the unique information may be, for example, a common key or a public key corresponding to the authentication device 1. If the encryption key is a common key, it is preferable that the authentication device 1 and the device to be authenticated 2 have the same common key. It is also preferable that the common key be different for each device to be authenticated 2.

The device to be authenticated 2 may or may not be in line of sight from the authenticating device 1. In the latter case, the user 5 may carry the device to be authenticated 2, for example, in a pocket or bag.

The device authentication unit 13 performs device authentication using authentication information included in an authentication request received by at least one of one or more first receivers 11a and one or more second receivers 12a to determine whether the authenticated device 2 that sent the authentication request is legitimate. For example, if the authentication information includes cryptographic information in which unique information is encrypted, the authenticated device 2 that sent the authentication information may be determined to be legitimate if the unique information corresponding to the cryptographic information matches the unique information stored in the authentication device 1 that corresponds to the authenticated device 2 that sent the authentication information. Otherwise, the authenticated device 2 that sent the authentication information may be determined to be invalid. Whether the unique information corresponding to the cryptographic information matches the unique information stored in the authentication device 1 may be determined, for example, by whether the unique information obtained by decrypting the cryptographic information matches the unique information stored in the authentication device 1, or by whether the cryptographic information matches the result of encrypting the unique information stored in the authentication device 1.

When unique information is acquired by the device to be authenticated 2, the unique information stored in the authentication device 1 may be, for example, acquired by a method similar to that used to acquire unique information by the device to be authenticated 2. Furthermore, when the device to be authenticated 2 receives unique information from the authentication device 1, the unique information stored in the authentication device 1 may be, for example, unique information sent by the authentication device 1 to the device to be authenticated 2.

If the cryptographic information included in the authentication information is encrypted with a common key, the device authentication unit 13 may, for example, read the common key stored on a specified recording medium in association with the authentication information and the user identifier included in the authentication information, and use the read common key to decrypt the cryptographic information, or may use the read common key to encrypt the unique information stored in the authentication device 1. If the cryptographic information included in the authentication information is encrypted with a public key, the device authentication unit 13 may, for example, read the private key from a specified recording medium and use the read private key to decrypt the cryptographic information, or may read the public key from a specified recording medium and use the read public key to encrypt the unique information stored in the authentication device 1.

The device authentication unit 13 may perform device authentication using a single authentication request, or may perform device authentication using multiple authentication requests received within a specified period. For authentication using multiple authentication requests, see, for example, Patent Document 1 above.

The identification unit 14 identifies the location of the authenticated device 2 based on the difference in strength of the authentication requests received by the first and second receiver sets 11 and 12, respectively. The difference in strength of the authentication requests may be, for example, the difference in received signal strength indicator (RSSI) of the authentication requests. Furthermore, if the first and second receiver sets 11 and 12 include two or more receivers, the difference in strength may be, for example, the difference in representative values of multiple received signal strengths acquired by the two or more receivers in the first and second receiver sets 11 and 12, respectively. The representative value may be, for example, the average value, median value, etc. Furthermore, if the first and second receiver sets 11 and 12 include two or more receivers, it is preferable that the two or more receivers have equivalent performance. For example, it is preferable that the antenna gains of the two or more receivers included in the first receiver set 11 or the second receiver set 12 are the same. When determining the location of the wave source using the intensity difference of the received authentication request, for example, an Apollonius circle or line corresponding to the difference in reception intensity can be determined using the reception intensity of the authentication request received by the first and second receiver sets 11, 12 and the first and second positions of the first and second receiver sets 11, 12, and the position on the Apollonius circle, line, or within the circle can be determined as the location of the device to be authenticated, or the location of the device to be authenticated 2 can be determined by other methods.

Furthermore, the position identified by the identification unit 14 may be, for example, a point-like position, or a linear, planar, or three-dimensional position. In this embodiment, the case where the point-like position of the device to be authenticated 2 is identified by the identification unit 14 will be mainly described. The identified position may be, for example, a position on a two-dimensional plane, or a position in three-dimensional space. In this embodiment, the former case will be mainly described. When identifying a planar position, the identification unit 14 may, for example, identify whether the position of the device to be authenticated 2 is within the authentication region R2.

Since the method of determining the location of a wave source using the difference in the received strength of radio waves is already known, a detailed description thereof will be omitted. For such a method of determining the location of a wave source, please refer to the following document, for example:
Literature: International Publication No. 2020/080314

The area determination unit 15 performs area determination to determine whether the position of the device to be authenticated 2 identified by the identification unit 14 is within the authentication area R2 displayed on the floor. When the user 5 is carrying the device to be authenticated 2, the position of the device to be authenticated 2 can be considered to be essentially the position of the user 5. Therefore, when the area determination unit 15 determines that the position of the device to be authenticated 2 is within the authentication area R2, it can be considered that the user 5 carrying the device to be authenticated 2 is present in the authentication area R2. It is preferable that the authentication area R2 be displayed in a way that allows the user 5 to easily visually distinguish between the authentication area R2 and other areas in the real environment. The area determination unit 15 may also read information indicating the authentication area R2 stored on a recording medium (not shown) and use the read information indicating the authentication area R2 to determine whether the identified position of the device to be authenticated 2 is within the authentication area R2. For example, the information indicating the authentication area R2 may be information indicating the outline of the authentication area R2.

As one example, authentication area R2 may be displayed on the floor. The authentication area R2 displayed on the floor may be, for example, an area painted on the floor, an area partitioned by attaching tape to the floor, or an area displayed by the display unit 21 (described below). As another example, authentication area R2 may be indicated by a mat placed on the floor. In this case, for example, an area on the mat placed on the floor may become authentication area R2. In this case, the position of authentication area R2 can be changed by changing the position of the mat. If the position of the mat is changed, it is preferable that the new position of the mat, i.e., the new position of authentication area R2, be stored in a recording medium (not shown) as information indicating authentication area R2.

It is also preferable that the user 5 can easily visually distinguish between the authentication area R2 and other areas in real space. As an example, the authentication area R2 displayed on the floor may be marked with a symbol indicating that it is the authentication area R2, such as "OK," and other areas may be marked with a symbol indicating that it is not the authentication area R2, such as "NG."

As shown in the plan view of FIG. 2A, the region R1 in which the position of the device to be authenticated 2 is identified by the identification unit 14 may include an authentication region R2 and a non-authentication region R3. The non-authentication region R3 may be a region in the region R1 other than the authentication region R2. For example, as shown in FIG. 2A, when the position P1 of the device to be authenticated 2 is identified by the identification unit 14, the region determination unit 15 may determine in the region determination that the position P1 of the device to be authenticated 2 is included in the authentication region R2.

As another example, as shown in the plan view of FIG. 2B, the region R1 in which the position of the device to be authenticated 2 is identified by the identification unit 14 may include an authentication region R2, a gray region R4 surrounding the authentication region R2, and a non-authentication region R3 outside of these. The non-authentication region R3 may be an area in region R1 other than the authentication region R2 and gray region R4. It is preferable that the device to be authenticated 2, i.e., the user 5, is not present in the gray region R4. Therefore, guidance or the like may be provided in real space to discourage the user from standing in the gray region R4. By providing the gray region R4, it becomes possible to more accurately determine whether the position of the device to be authenticated 2 is included in the authentication region R2.

The order of device authentication by the device authentication unit 13 and area determination by the area determination unit 15 does not matter. For example, area determination may be performed after device authentication. In this case, area determination may be performed only for devices to be authenticated 2 that are determined to be valid in device authentication. Also, for example, device authentication may be performed after area determination. In this case, device authentication may be performed only for devices to be authenticated 2 that are determined to be included in authentication area R2 in area determination. Whether the device to be authenticated 2 that is the subject of device authentication and the device to be authenticated 2 that is the subject of area determination are the same device may be determined, for example, using a user identifier or device identifier included in the authentication request. Also, for example, device authentication and area determination may be performed independently for the device to be authenticated 2 that sent the authentication request.

When the device authentication unit 13 determines that the authenticated device 2 is valid in device authentication and the area determination unit 15 determines that the location of the authenticated device 2 is included in the authentication area R2, the output unit 16 outputs information regarding the execution of a predetermined process for the user carrying the authenticated device 2. If this is not the case, the output unit 16 may, for example, not output any information, or may output information to prevent the predetermined process from being executed. The output regarding the execution of the predetermined process may, for example, be an output indicating that the execution of the predetermined process is permitted, or an output for causing the predetermined process to be executed. It is preferable that the output regarding the execution of the predetermined process results in the predetermined process being executed. For example, when purchasing an item from a vending machine, the predetermined process, which is a payment process, may be executed when the user 5 presses the product selection button on the vending machine after the output unit 16 has output information regarding the execution of the predetermined process.

On the other hand, if at least in device authentication it is determined that the authenticated device 2 is not valid, the predetermined process may not be executed, and if at least in area determination it is determined that the position of the authenticated device 2 is not included in the authentication area R2, the predetermined process may not be executed. The predetermined process may be executed, for example, by the execution unit 51. If the predetermined process executed by the execution unit 51 is a payment process, the output unit 16 may, for example, output a user identifier or device identifier included in the authentication request to the execution unit 51 when outputting information related to the execution of the process. The execution unit 51 may then execute the payment process using payment information linked to the output user identifier or device identifier. The payment information is information used to make a payment, and may be, for example, credit card or electronic money information.

For example, if a user 5 carrying a legitimate device to be authenticated 2 is present within the authentication area R2, the output unit 16 may output a signal to cause a predetermined process to be executed. As a result, the user 5 may, for example, be able to purchase a product or unlock a door to their home. On the other hand, if a user 5 carrying a legitimate device to be authenticated 2 is not present within the authentication area R2, the output unit 16 may output a signal to prevent a predetermined process from being executed, or may not output a signal to cause a predetermined process to be executed. As a result, the user 5 may, for example, be prevented from making a payment to purchase a product or unlocking a door to their home. In this way, the user 5 can determine whether a predetermined process, such as a payment process or an unlocking process, is to be executed depending on whether they are present within the authentication area R2 indicated on the floor. This prevents a predetermined process from being executed in situations unintended by the user 5. On the other hand, when a user 5 carrying a legitimate device to be authenticated 2 is present in the authentication area R2, a predetermined process can be performed automatically using the authentication request sent from the device to be authenticated 2, allowing the user 5 to perform predetermined processes such as payment processing and unlocking processing hands-free.

In addition, the output unit 16 may output information regarding the execution of a predetermined process for the user carrying the authenticated device 2, for example, when the device authentication unit 13 determines that the authenticated device 2 is valid during device authentication and the area determination unit 15 determines that the location of the authenticated device 2 has been included in the authentication area R2 for more than a predetermined time since the reference time point. This allows the predetermined process to be executed when the user 5 remains in the authentication area R2 for more than a predetermined time since the reference time point, and prevents the predetermined process from being executed even if the user 5 is only in the authentication area R2 for a short time. Therefore, even if the user 5 unintentionally enters the authentication area R2, the predetermined process can be prevented from being executed by immediately exiting the authentication area R2, and the predetermined process can be executed according to the user 5's intention. The reference time point may be, for example, the time when the user 5 enters the authentication area R2, the time when the user 5 performs some operation, such as pressing a product selection button on a vending machine, or another predetermined time point. The predetermined time may be, for example, about 1 to 5 seconds, or about 2 to 4 seconds. In this way, the predetermined time may be a short time.

The status output unit 17 may output information regarding the status of authentication and the status of execution of a predetermined process. For example, the status output unit 17 may output a first output when the device authentication determines that the authenticated device 2 is valid and the area determination determines that the location of the authenticated device 2 is not included in the authentication area R2. The status output unit 17 may output a second output when the device authentication determines that the authenticated device 2 is valid and the area determination determines that the location of the authenticated device 2 is included in the authentication area R2 and the execution of the predetermined process has not been completed. The status output unit 17 may output a third output when the execution of the predetermined process has been completed. The third output may be output when the device authentication determines that the authenticated device 2 is valid and the area determination determines that the location of the authenticated device 2 is included in the authentication area R2 and the execution of the predetermined process has been completed. The status output unit 17 may receive information regarding the completion of the predetermined process, for example, from the execution unit 51. The first to third outputs are assumed to be different outputs. Different outputs may be, for example, outputs with different output content, or outputs with different output methods or devices that perform the output.

The output from the status output unit 17 may be, for example, a display on a display device (e.g., an LCD display or an OLED display), a lit or flashing lamp, transmission via a communication line to a specified device, audio output via a speaker, printing by a printer, storage on a recording medium, or delivery to another component. The status output unit 17 may or may not include a device that performs the output (e.g., a display device, communication device, speaker, etc.). The status output unit 17 may be realized by hardware, or by software such as a driver that drives those devices.

As an example, the first output may be an output indicating that the user 5 is not in the authentication area R2, the second output may be an output indicating that the predetermined process is waiting to be completed, and the third output may be an output indicating that the predetermined process has been completed. By providing such outputs, the user 5 can learn about the progress of processes related to device authentication, area determination, and the execution of the predetermined process. Also, as an example, the first output may be an output recommending that the user move to the authentication area R2 when they wish to execute the predetermined process. Then, in response to this output, the user 5 may move to the authentication area R2, and after the area determination determines that the position of the device to be authenticated 2 is included in the authentication area R2, the output unit 16 may output information regarding the execution of the predetermined process.

The status output unit 17 may, for example, display character strings or graphics indicating the contents on a display device, output audio indicating the contents from a speaker, or transmit information indicating the contents to the device to be authenticated 2. The status output unit 17 may, for example, perform the first to third outputs using two or more output devices. As an example, the status output unit 17 may display the first output on a display device, output the second output as audio from a speaker, and transmit the third output to the device to be authenticated 2 via a communication device. Note that the output method does not matter as long as the user 5 can understand which of the first to third outputs is being performed.

When the first to third outputs are the transmission of information to the device to be authenticated 2, the device to be authenticated 2 may output information corresponding to the received information. As an example, the device to be authenticated 2 may vibrate when receiving information corresponding to the first output, output a sound corresponding to the second output when receiving information corresponding to the second output, and output a sound corresponding to the third output when receiving information corresponding to the third output.

Furthermore, the first to third outputs may each be the illumination of a lamp of a different color. As shown in FIG. 3, if the predetermined process is payment for purchasing a product in the vending machine 50, the first to third outputs may be, for example, the illumination of the first to third lamps 41-43. As an example, the first output may be the illumination of the first red lamp 41, the second output may be the illumination of the second green lamp 42, and the third output may be the illumination of the third blue lamp 43.

Next, the operation of the authentication device 1 will be explained using the flowchart in Figure 4.

(Step S101) The first and second receiver sets 11 and 12 determine whether an authentication request has been received. If an authentication request has been received, the process proceeds to step S102; if not, the process of step S101 is repeated until an authentication request is received.

Note that when device authentication is performed using multiple authentication requests, the authentication request reception process in step S101 may be repeated, for example, until reception of the multiple authentication requests is complete. After multiple authentication requests have been received, the process may proceed to step S102.

(Step S102) The device authentication unit 13 performs device authentication using the authentication request received by either the first or second receiver set 11, 12.

(Step S103) If the device authentication in step S102 determines that the authenticated device 2 that sent the authentication request is valid, proceed to step S104; if not, return to step S101.

(Step S104) The identification unit 14 identifies the location of the authenticated device 2 using the authentication requests received by the first and second receiver sets 11 and 12. If multiple authentication requests are received, the location of the authenticated device 2 may be identified using the authentication request received latest, for example, the authentication request received last.

(Step S105) The area determination unit 15 performs area determination to determine whether the position of the device to be authenticated 2 identified in step S104 is included in the pre-set authentication area R2.

(Step S106) If the area determination in step S105 determines that the position of the device to be authenticated 2 is included in the authentication area R2, proceed to step S108; if not, proceed to step S107.

In addition, if an output regarding the execution of a predetermined process is generated when the device authentication determines that the authenticated device 2 is valid and the area determination determines that the location of the authenticated device 2 has been included in the authentication area R2 for more than a predetermined time from the reference time, step S106 may determine whether the area determination determined that the location of the authenticated device 2 has been included in the authentication area R2 for more than a predetermined time from the reference time. In this case, an area determination history, which is a pair of the reception time of the authentication request and the result of the area determination related to the authentication request, may be stored on a recording medium (not shown), and this history may be used to determine whether the location of the authenticated device 2 has been included in the authentication area R2 for more than a predetermined time from the reference time. Furthermore, when this determination is made, the first output may indicate that the device authentication determines that the authenticated device 2 is valid and that the area determination does not determine that the location of the authenticated device 2 has been included in the authentication area R2 for more than a predetermined time from the reference time. Furthermore, when this determination is made, a message may be output to the user 5 indicating that the predetermined process will not be performed if the authenticated device 2 leaves the authentication area R2 before the predetermined time has passed since the reference time. This output may be performed by, for example, the status output unit 17. In this case, it is preferable that device authentication be performed repeatedly, for example, each time an authentication request is received from a device to be authenticated 2. Note that, for example, after the first authentication request received from a device to be authenticated 2 is determined to be valid by device authentication, only area determination may be performed for authentication requests sent from that device to be authenticated 2, without device authentication being performed.

(Step S107) The status output unit 17 performs the first output. Then, the process returns to step S101.

(Step S108) The status output unit 17 performs a second output.

(Step S109) The output unit 16 outputs information regarding the execution of a predetermined process. For example, the execution unit 51 may execute the predetermined process in response to this output, or the execution unit 51 may become capable of executing the predetermined process in response to this output, and then the predetermined process may be executed in response to the user 5 performing a predetermined operation, such as selecting a product.

(Step S110) The status output unit 17 determines whether the execution of the predetermined process has been completed. If the execution of the predetermined process has been completed, the process proceeds to step S111; if not, the process of step S110 is repeated until the execution of the predetermined process is completed. Note that the status output unit 17 may determine that the execution of the predetermined process has been completed when it receives from the execution unit 51 a notification that the execution of the predetermined process has been completed. Furthermore, if the completion of the execution of the predetermined process is not received even after a predetermined time has elapsed after an output regarding the execution of the predetermined process, the status output unit 17 may determine that a timeout has occurred and return to step S101.

(Step S111) The status output unit 17 performs the third output. Then, the process returns to step S101.

The series of processes shown in the flowchart of FIG. 4 is a process using an authentication request sent from one device to be authenticated 2. If authentication requests are sent from multiple devices to be authenticated 2, the series of processes shown in the flowchart of FIG. 4 may be executed in parallel for each of the multiple devices to be authenticated 2. The order of the processes in the flowchart of FIG. 4 is an example, and the order of the steps may be changed as long as similar results are obtained. In the flowchart of FIG. 4, the process may also end due to a power-off or an interrupt to end the process.

Next, the operation of the authentication device 1 according to this embodiment will be explained using a specific example. In this specific example, the predetermined process is the payment process in the vending machine 50 shown in Figure 3, i.e., the payment process for purchasing a product. In this specific example, the authentication device 1 is included inside the vending machine 50. In this specific example, as shown in Figure 3, an authentication area R2 is set in the front of the vending machine 50, and the user 5 can visually recognize it.

First, assume that user 5 carrying a legitimate device to be authenticated 2 approaches vending machine 50. The device to be authenticated 2 then receives a beacon transmitted from authentication device 1 inside vending machine 50, and in response, transmits an authentication request. At this point, assume that user 5 is located outside authentication area R2. The authentication request is received by the first and second receiver sets 11 and 12 of authentication device 1, and is passed to the device authentication unit 13. The received signal strength of the authentication request from the multiple first receivers 11a in the first receiver set 11 and the received signal strength of the authentication request from the multiple second receivers 12a in the second receiver set 12 are passed to the identification unit 14 (step S101).

When the device authentication unit 13 receives the authentication request, it performs device authentication using the authentication information included in the authentication request (step S102). Assume that this device authentication determines that the device to be authenticated 2 is legitimate (step S103). The device authentication unit 13 then passes a message to the output unit 16 indicating that the device to be authenticated 2 is legitimate.

Upon receiving the received signal strength, the identification unit 14 acquires a representative value of the received signal strength acquired by the multiple first receivers 11a and a representative value of the received signal strength acquired by the multiple second receivers 12a, and identifies the location of the authenticated device 2 using the difference between the representative values of the received signal strength and the first and second positions, which are the positions of the first and second receiver sets 11, 12, and passes this to the area determination unit 15 (step S104).

When the identified position of the device to be authenticated 2 is received, the area determination unit 15 performs area determination to determine whether the position is included in the authentication area R2 (step S105). Assume that this area determination determines that the position of the device to be authenticated 2 is not included in the authentication area R2 (step S106). The area determination unit 15 then passes information to the output unit 16 indicating that the position of the device to be authenticated 2 is not included in the authentication area R2.

Upon receiving the device authentication result and the area determination result, the output unit 16 passes the device authentication result and the area determination result to the status output unit 17. The status output unit 17 then turns on the red first lamp 41 in response to them (step S107). Furthermore, because the output unit 16 has determined that the position of the device to be authenticated 2 is not included in the authentication area R2, it does not output any information regarding the execution of the payment process. As a result, the execution unit 51 does not execute the specified process. Furthermore, the lighting of the red first lamp 41 informs the user 5 that they are not present in the authentication area R2 and therefore cannot purchase products from the vending machine 50.

Next, assume that user 5 enters authentication area R2. As in the process described above, device authentication is determined to be valid, and this time, the area determination also determines that the location of the authenticated device 2 is included in authentication area R2 (steps S101 to S106). Based on these determination results, the output unit 16 passes the device authentication results and area determination results to the status output unit 17. Upon receiving the device authentication results and area determination results, the status output unit 17 turns off the red first lamp 41 and turns on the green second lamp 42 accordingly (step S108). In this way, user 5 is informed that he or she can purchase a product from the vending machine 50. Furthermore, the output unit 16 outputs information regarding the execution of the payment process to the execution unit 51 of the vending machine 50 (step S109). In this case, after the output unit 16 has output regarding the execution of the payment process, when the user 5 presses a button to select a product from the vending machine 50, the execution unit 51 may perform the payment process for the user 5, i.e., the process of charging for the product selected by the user 5. This charging may be, for example, using a pre-set credit card or electronic money.

When the payment process is complete, the execution unit 51 notifies the status output unit 17. Upon receiving notification that the payment process is complete (step S110), the status output unit 17 turns off the green second lamp 42 and turns on the blue third lamp 43 (step S111). In this way, the user 5 is notified that the payment has been completed.

For example, if another person is in front of the vending machine 50, user 5 can avoid being charged for the product selected by that other person by not entering authentication area R2.

As described above, with the authentication device 1 according to this embodiment, when the position of the device to be authenticated 2 that is determined to be valid in device authentication is included in the authentication area R2, a predetermined process is executed. Therefore, for example, by preventing a user 5 carrying a valid device to be authenticated 2 from entering the authentication area R2 shown on the floor, it is possible to prevent a predetermined process, such as a payment process, from being executed in a situation that the user 5 does not intend. On the other hand, when the user 5 is in the authentication area R2, a predetermined process is executed, so the user 5 can perform the predetermined process hands-free without having to operate the device to be authenticated 2, etc.

In addition, by the status output unit 17 producing the first to third outputs, the user 5 can learn from these outputs whether or not a specified process can be executed and the status regarding the execution of the specified process.

In this embodiment, we have described a case in which output related to the execution of a predetermined process is generated when the device authentication determines that the device to be authenticated 2 is valid and the area determination determines that the location of the authenticated device 2 is included in the authentication area R2. However, this is not necessarily the case. As an example, the output unit 16 may generate output related to the execution of a predetermined process when the device authentication determines that the authenticated device 2 is valid and the area determination determines that only the location of the authenticated device 2 is included in the authentication area R2. In this case, if the area determination determines that the locations of two or more authenticated devices 2 are included in the authentication area R2, output related to the execution of a predetermined process does not need to be generated. This is because when the authentication area R2 includes the locations of two or more authenticated devices 2, if both of the two or more authenticated devices 2 are determined to be valid in the device authentication, it would be unclear which authenticated device 2 the predetermined process will be performed on. Furthermore, even if only one of two or more devices 2 to be authenticated is determined to be valid in device authentication, it may be unclear whether the user 5 carrying that valid device 2 is in the authentication area R2 of their own volition, so no output regarding the execution of a specified process may be generated.

Furthermore, the status output unit 17 may perform a fourth output when, for example, the area determination unit 15 determines that the positions of two or more devices to be authenticated 2 are included in the authentication area R2. In this case, the user 5 can know from the fourth output that a predetermined process will not be executed because the positions of two or more devices to be authenticated 2 are included in the authentication area R2. The fourth output may be displayed on a display device, output as audio from a speaker, or transmit information, just like the first to third outputs, except that the first to fourth outputs are different from each other. As an example, the fourth output may be the lighting of an orange fourth lamp.

In addition, in this embodiment, the authentication area R2 may be displayed on the floor surface by, for example, the display unit 21. In this case, as shown in FIG. 5, the authentication device 1 may further include, for example, a display unit 21 for displaying the authentication area R2 on the floor surface. As an example, the display unit 21 may be a projector for displaying an image indicating the authentication area R2 on the floor surface. As another example, the display unit 21 may be a display placed on the floor surface. It is preferable that this display be strong enough to allow the user 5 to stand on it.

The display unit 21 may or may not include a display device (e.g., a projector or LCD display) that displays the authentication area R2. The display unit 21 may be implemented by hardware, or by software such as a driver that drives the display device.

When the authentication area R2 is displayed on the floor, the display unit 21 may, for example, change the display position of the authentication area R2. In this case, information indicating the current position of the authentication area R2 may be passed from the display unit 21 to the area determination unit 15. The area determination unit 15 may then use the current position of the authentication area R2 received from the display unit 21 to determine whether the position of the identified device to be authenticated 2 is included in the authentication area R2.

As an example, the display unit 21 may change the display of the authentication area R2 so that the size of the authentication area R2 becomes smaller when there are many people near the authentication area R2, and may change the display of the authentication area R2 so that the size of the authentication area R2 becomes larger when there are few people near the authentication area R2. For example, if the authentication device 1 further includes a sensor 31 and a number of people acquisition unit 32 (described below), the display unit 21 may change the display of the authentication area so that the number of people included in the authentication area R2 acquired by the number of people acquisition unit 32 is one or less.

As another example, when the device to be authenticated 2 is determined to be valid during device authentication, the display unit 21 may display the authentication area R2 in a location that does not include the current position of the device to be authenticated 2. The display unit 21 may, for example, obtain the position of the device to be authenticated 2 from the identification unit 14. In this way, when the user 5 enters the authentication area R2, that is, when the user 5 wishes to perform a specified process, the specified process can be executed.

In addition, in this embodiment, whether or not a user 5 is present in the authentication area R2 may be determined using something other than an authentication request transmitted from the device to be authenticated 2. In this case, as shown in FIG. 6, the authentication device 1 may further include a sensor 31 that acquires information about the authentication area R2, and a number acquisition unit 32 that acquires the number of people present in the authentication area R2 using the information acquired by the sensor 31. The sensor 31 may be, for example, a weight sensor that acquires the weight in the authentication area R2, or an image sensor that acquires an image of the authentication area R2. The weight in the authentication area R2 may be, for example, the weight of an object present in the authentication area R2. The sensor 31 may also be a sensor other than a weight sensor or an image sensor, for example, a range sensor such as LiDAR.

If the sensor 31 is a weight sensor, the number of people acquisition unit 32 may, for example, divide the weight acquired by the weight sensor by a standard weight per person (e.g., 50 kg), and use the quotient, i.e., the value obtained by truncating the decimal point, as the number of people present in the authentication area R2.

If the sensor 31 is an image sensor, the number of people acquisition unit 32 may detect people in a range corresponding to the authentication area R2 in the captured image acquired by the image sensor, and the number of people detected may be taken as the number of people present in the authentication area R2.

In this case, the output unit 16 may output information regarding the execution of a predetermined process when the device authentication determines that the authenticated device 2 is valid, the area determination determines that the position of the authenticated device 2 is included in the authentication area R2, and the number of people acquired by the number acquisition unit 32 is one.

By doing this, it is possible to confirm that user 5 is present in authentication area R2 using information acquired by sensor 31, so that predetermined processing can be executed when user 5 is more reliably present in authentication area R2. It is also possible to prevent predetermined processing from being executed when two or more people are present in authentication area R2.

Furthermore, when the sensor 31 and the number of people acquisition unit 32 are used to acquire the number of people present in the authentication area R2, the situation output unit 17 may, for example, produce a first output when the device to be authenticated 2 is determined to be valid in the device authentication and the area determination determines that the position of the device to be authenticated 2 is not included in the authentication area R2; produce a second output when the device to be authenticated 2 is determined to be valid in the device authentication and the area determination determines that the position of the device to be authenticated 2 is included in the authentication area R2; the number of people acquired by the number of people acquisition unit 32 is one person; and the execution of the specified processing has not been completed; produce a third output when the execution of the specified processing has been completed; and produce a fourth output when the number of people acquired by the number of people acquisition unit 32 is two or more people.

In this embodiment, the authentication device 1 has been described primarily as having two receiver sets, i.e., first and second receiver sets 11 and 12. However, the authentication device 1 may have three or more receiver sets. That is, the authentication device 1 may have first to Nth receiver sets arranged at first to Nth positions, respectively. N is an integer greater than or equal to two. The first to Nth receiver sets may also be similar to the first and second receiver sets 11 and 12. For example, the Kth receiver set may include one or more receivers. K is any integer from 1 to N. It is preferable that the first to Nth positions are different from each other. Furthermore, when N is three or more, for example, when determining positions by triangulation, it is preferable that the first to Nth positions do not lie on a single straight line. However, if this is not the case, the first to Nth positions may lie on a single straight line. Furthermore, when N is 4, for example, when position identification is performed by triangulation, it is preferable that the first to fourth positions are not the vertices of a parallelogram. However, if this is not the case, the first to fourth positions may be the vertices of a parallelogram. Thus, when the authentication device 1 has first to N receiver sets, the identification unit 14 may identify the position of the device to be authenticated 2 based on the intensity difference of the authentication requests received by the first to N receiver sets. This position identification may be performed, for example, by repeatedly identifying an Apollonius circle or line based on the intensity difference of the authentication requests received by each of the first to N receiver sets for different combinations of two receiver sets among the first to N receiver sets, thereby identifying multiple Apollonius circles or lines, and then identifying a position on the identified Apollonius circle, line, or circle as the position of the device to be authenticated 2, or by other methods.

Furthermore, in the above embodiments, each process or function may be realized by centralized processing using a single device or a single system, or may be realized by distributed processing using multiple devices or multiple systems.

Furthermore, in the above embodiments, the exchange of information between components may be performed, for example, by one component outputting information and the other component receiving information if the two components exchanging information are physically different; or, if the two components exchanging information are physically the same, by shifting from the processing phase corresponding to one component to the processing phase corresponding to the other component.

In addition, in the above embodiments, information related to the processing performed by each component, such as information accepted, acquired, selected, generated, transmitted, or received by each component, and information such as thresholds, formulas, and addresses used in processing by each component, may be stored temporarily or for a long period of time on a recording medium (not shown), even if not explicitly stated in the above description. Furthermore, the storage of information on this recording medium (not shown) may be performed by each component or a storage unit (not shown). Furthermore, the reading of information from this recording medium (not shown) may be performed by each component or a reading unit (not shown).

Furthermore, in the above embodiments, if the information used by each component, such as thresholds, addresses, and various setting values used by each component in processing, may be changed by the user, the user may or may not be able to change that information as appropriate, even though this is not explicitly stated in the above description. If the information is changeable by the user, the change may be realized, for example, by a reception unit (not shown) that receives a change instruction from the user, and a change unit (not shown) that changes the information in response to that change instruction. The reception unit (not shown) may receive the change instruction from an input device, may receive information transmitted via a communication line, or may receive information read from a specified recording medium, for example.

Furthermore, in the above embodiment, if two or more components included in the authentication device 1 have a communication device, an input device, etc., the two or more components may physically have a single device, or may have separate devices.

In addition, in the above-described embodiments, each component may be configured using dedicated hardware, or components that can be realized by software may be realized by executing a program. For example, each component may be realized by a program execution unit such as a CPU reading and executing a software program recorded on a recording medium such as a hard disk or semiconductor memory. During execution, the program execution unit may execute the program while accessing the memory unit or recording medium. The software that realizes the authentication device 1 in the above-described embodiments is a program such as the following: In other words, this program may cause a computer to execute the following steps: receiving, by a first receiver set including one or more first receivers, an authentication request transmitted from the device to be authenticated, the authentication request including authentication information used to authenticate the device to be authenticated; receiving, by a second receiver set including one or more second receivers, the authentication request transmitted from the device to be authenticated; performing device authentication to determine whether the device to be authenticated that transmitted the authentication request is legitimate using the authentication information included in the authentication request received by at least one of the one or more first receivers and the one or more second receivers; identifying the position of the device to be authenticated based on the difference in intensity of the authentication requests received by the first receiver set and the second receiver set; performing area determination to determine whether the identified position of the device to be authenticated is within authentication area R2 shown on the floor; and outputting information related to the execution of a predetermined process for the user carrying the device to be authenticated if the device authentication determines that the device to be authenticated is legitimate and the area determination determines that the position of the device to be authenticated is within authentication area R2.

Note that in the above program, the steps of receiving information and outputting information do not include processing that can only be performed by hardware, such as processing performed by a modem or interface card in the step of receiving information.

This program may also be executed by being downloaded from a server or by being read from a specific recording medium (for example, an optical disk such as a CD-ROM, a magnetic disk, or a semiconductor memory). This program may also be used as part of a program product.

Furthermore, this program may be executed by a single computer or multiple computers. In other words, it may perform centralized processing or distributed processing.

Figure 7 shows an example of a computer system 900 that executes the above program to realize the authentication device 1 according to the above embodiment. The above embodiment can be realized by computer hardware and a computer program executed on the computer hardware.

In FIG. 7, the computer system 900 includes an MPU (Micro Processing Unit) 911, a ROM 912 such as a flash memory that stores programs such as a boot-up program, application programs, system programs, and data, a RAM 913 connected to the MPU 911 that temporarily stores application program instructions and provides temporary storage space, a touch panel 914, a wireless communication module 915, and a bus 916 that interconnects the MPU 911, ROM 912, and the like. The computer system 900 may include, for example, multiple wireless communication modules 915 corresponding to the first and second receiver sets 11 and 12, or may be connected to multiple wireless communication modules corresponding to the first and second receiver sets 11 and 12. Instead of the touch panel 914, the computer system 900 may also include a display and input devices such as a mouse and keyboard. The computer system 900 may also include other storage media such as a hard disk.

A program that causes the computer system 900 to execute the functions of the authentication device 1 according to the above embodiment may be stored in ROM 912 via the wireless communication module 915. The program is loaded into RAM 913 when executed. The program may also be loaded directly from the network.

The program does not necessarily have to include an operating system (OS) or third-party program that causes the computer system 900 to perform the functions of the authentication device 1 according to the above embodiment. The program may include only instructions that call appropriate functions or modules in a controlled manner to achieve the desired results. How the computer system 900 operates is well known, and a detailed description will be omitted.

Furthermore, the above-described embodiments are merely examples for specifically implementing the present invention and do not limit the technical scope of the present invention. The technical scope of the present invention is indicated by the claims, not by the description of the embodiments, and is intended to include modifications within the literal scope of the claims and their equivalents.

REFERENCE SIGNS LIST 1 authentication device 11 first receiver set 11a first receiver 12 second receiver set 12a second receiver 13 device authentication unit 14 identification unit 15 area determination unit 16 output unit 17 situation output unit 21 display unit 31 sensor 32 number of people acquisition unit

Claims (15)

a first receiver set including one or more first receivers that receive an authentication request transmitted from an authenticatee device and including authentication information used to authenticate the authenticatee device;
a second receiver set including one or more second receivers for receiving an authentication request transmitted from the authenticatee;
a device authentication unit that performs device authentication by using authentication information included in an authentication request received by at least one of the one or more first receivers and the one or more second receivers to determine whether a device to be authenticated that has transmitted the authentication request is legitimate;
an identification unit that identifies the location of the prover based on a difference in strength of the authentication requests received by the first and second receiver sets, respectively;
an area determination unit that performs area determination to determine whether the position of the device to be authenticated identified by the identification unit is included in an authentication area shown on the floor;
an output unit that outputs information about the execution of a predetermined process for a user carrying the device to be authenticated when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated has been included in the authentication area for more than a predetermined time from a reference time point;
and a status output unit that performs a first output when the device to be authenticated is determined to be valid in the device authentication and when the area determination determines that the position of the device to be authenticated is not included in the authentication area, performs a second output when the device to be authenticated is determined to be valid in the device authentication and when the area determination determines that the position of the device to be authenticated is included in the authentication area and execution of the specified processing has not been completed, and performs a third output when execution of the specified processing has been completed . The authentication device of claim 1, wherein the authentication area is indicated by a mat placed on the floor. The authentication device of claim 1, wherein the authentication area is displayed on the floor surface. The authentication device of claim 3, further comprising a display unit that displays the authentication area on the floor surface. The authentication device of claim 4, wherein the display unit changes the display position of the authentication area. The authentication device of claim 1, wherein the output unit outputs information regarding the execution of the specified process when the device authentication determines that the device to be authenticated is valid and the area determination determines that only the location of the device to be authenticated is included in the authentication area. a sensor for acquiring information about the authentication area;
a number-of-people acquisition unit that acquires the number of people present in the authentication area using information acquired by the sensor,
The authentication device according to claim 1, wherein the output unit outputs information regarding the execution of the predetermined process when the device to be authenticated is determined to be valid in the device authentication, when the area determination determines that the position of the device to be authenticated is included in the authentication area, and when the number of people acquired by the number acquisition unit is one. The authentication device of claim 7, wherein the sensor is a weight sensor that acquires the weight in the authentication area, or an image sensor that acquires an image of the authentication area. 9. The authentication device according to claim 1, wherein the situation output unit performs a fourth output when the area determination unit determines that the positions of two or more of the authenticated devices are included in the authentication area. An authentication device according to any one of claims 1 to 8, wherein the predetermined processing is a payment processing. An authentication device according to any one of claims 1 to 8, wherein the predetermined process is an unlocking process. 9. The authentication device according to claim 1, wherein the reference time point is a time point at which the user enters the authentication area. 9. The authentication device according to claim 1, wherein the reference time point is a time point at which a user performs a predetermined operation. An authentication method performed using a first receiver set including one or more first receivers, a second receiver set including one or more second receivers, a device authentication unit, an identification unit, a region determination unit, an output unit , and a status output unit ,
receiving an authentication request transmitted from an authenticatee device by the one or more first receivers included in the first receiver set, the authentication request including authentication information used to authenticate the authenticatee device;
receiving an authentication request sent from the authenticatee device by the one or more second receivers included in the second receiver set;
a step in which the device authentication unit performs device authentication by using authentication information included in an authentication request received by at least one of the one or more first receivers and the one or more second receivers to determine whether the authenticated device that has transmitted the authentication request is legitimate;
the identifying unit identifying the location of the prover based on a difference in strength of the authentication requests received by the first and second receiver sets, respectively;
a step in which the area determination unit performs area determination to determine whether the specified position of the device to be authenticated is included in an authentication area indicated on a floor;
the output unit outputs information about the execution of a predetermined process for a user carrying the device to be authenticated when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated has been included in the authentication area for more than a predetermined time from a reference time point;
the status output unit performs a first output when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated is not included in the authentication area, performs a second output when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated is included in the authentication area and execution of the specified processing has not been completed, and performs a third output when execution of the specified processing has been completed . On the computer,
receiving, by a first receiver set including one or more first receivers, an authentication request transmitted from an authenticatee device, the authentication request including authentication information used to authenticate the authenticatee device;
receiving the authentication request sent from the prover by a second receiver set including one or more second receivers;
performing device authentication using authentication information included in an authentication request received by at least one of the one or more first receivers and the one or more second receivers to determine whether or not a device to be authenticated that has transmitted the authentication request is legitimate;
determining the location of the prover based on a difference in strength of authentication requests received by the first receiver set and the second receiver set, respectively;
performing area determination to determine whether the identified position of the authenticated device is included in an authentication area indicated on the floor;
a step of outputting an output relating to the execution of a predetermined process for a user carrying the device to be authenticated when the device authentication determines that the device to be authenticated is valid and the area determination determines that the location of the device to be authenticated has been included in the authentication area for more than a predetermined time from a reference time point;
a program for executing the steps of: performing a first output when the device to be authenticated is determined to be valid in the device authentication and when the area determination determines that the position of the device to be authenticated is not included in the authentication area; performing a second output when the device to be authenticated is determined to be valid in the device authentication and when the area determination determines that the position of the device to be authenticated is included in the authentication area and the execution of the specified processing has not been completed; and performing a third output when the execution of the specified processing has been completed .