[0001]The present technology relates to systems and methods of providing location information.
Background technology
[0002]In recent years, mobile terminals such as mobile phones and smartphones have used radio signals (hereinafter, also referred to as "GNSS signals") from positioning satellite systems (GNSS) such as GPS (Global Positioning System). It has a positioning function to specify the current position.
[0003]
　An IMES (Indoor Messaging System) technology that enables seamless outdoor positioning and indoor positioning in combination with a GNSS signal by utilizing such a positioning function has been put into practical use. In the IMES technology, an IMES message compatible with the GNSS signal is wirelessly transmitted indoors where the GNSS signal does not reach. By receiving the IMES message in addition to the GNSS signal, the mobile terminal can specify the current position not only outdoors but also indoors.
Prior art literature
Non-patent literature
[0004]
Non-Patent Document 1: "IMES User Interface Specification (IS-IMES)", Japan Aerospace Exploration Agency, October 2016
Outline of the invention
Problems to be solved by the invention
[0005]
　Assuming the provision of various services using location information using IMES messages, it is necessary to guarantee the authenticity of location information. However, there is a new problem that there is no mechanism for guaranteeing the authenticity of the position information presented by the user who has received the existing IMES message.
[0006]
　One of the purposes of this technology is to consider such issues and to provide a new mechanism for guaranteeing the authenticity of the provided location information.
Means to solve problems
[0007]
　A location-based system that follows an aspect includes at least one message transmitter and authentication server that have times synchronized with each other. Each of at least one message transmitter has a generation means for generating an authentication code depending on the time and a unique code uniquely assigned to each message transmitter, and location information and time information and the generated authentication code. Includes a means of sending a message to include. The authentication server responds to an authentication request containing information in the message from a receiver that has received a message transmitted by any one of the message transmitters, and the time included in the authentication request. The authentication request is made by determining the validity of the authentication code included in the authentication request based on the information and the unique code uniquely assigned to the message transmitter corresponding to the location information included in the authentication request. Includes an authentication means for authenticating the authenticity of the location information included in, and a storage means for storing the location information for which the authenticity has been authenticated.
[0008]
　When the authentication means determines that the authentication code included in the authentication request is valid, it generates a challenge and sends it to the receiver of the source of the authentication request, and receives the transmitted challenge and the destination of the challenge. A means for determining the validity of the response included in the second authentication request in response to the second authentication request, which includes a response generated based on the information in the newly received message on the machine. May include.
[0009]
　When the authentication means determines that the authentication code included in the authentication request is valid, it sets a session for the receiver of the source of the authentication request and transfers the generated session to the receiver of the source of the authentication request. It may further include means of transmission.
[0010]
　The second authentication request may include identification information for identifying the configured session.
[0011]
　The authentication means may further include means for determining whether the session specified in the second authentication request is within a preset expiration date.
[0012]
　The authentication means may further include means for determining whether or not the time when the authentication code is received is within a preset expiration date from the time indicated by the time information used to generate the authentication code. ..
[0013]
　The authentication means further includes a means for issuing an authentication code corresponding to the authenticity-authenticated location information, and the storage means stores the authenticity-authenticated location information and the issued authentication code in association with each other. You may.
[0014]
　The storage means may output the location information corresponding to the authentication code included in the request in response to the request accompanied by the authentication code from the outside.
[0015]
　The authentication server may further include means of transmitting a unique code to each of at least one message transmitter.
[0016]
　The message transmitter may transmit a message compatible with the radio signal from the positioning satellite system.
[0017]
　According to another aspect, a location information providing method in a location information providing system including at least one message transmitter and an authentication server having times synchronized with each other is provided. The location information providing method includes a step in which each of at least one message transmitter generates an authentication code depending on a time and a unique code uniquely assigned to each message transmitter, and a step of generating an authentication code of at least one message transmitter. Each receiver sends a message containing location and time information and the generated authentication code, and the authentication server receives a message sent by one of at least one message transmitter. In response to an authentication request containing the information in the message from, the time information included in the authentication request and the unique code uniquely assigned to the message transmitter corresponding to the location information included in the authentication request Based on this, the validity of the authentication code included in the authentication request is determined to authenticate the authenticity of the location information included in the authentication request, and the step of storing the location information whose authenticity has been authenticated. including.
The invention's effect
[0018]
　According to one embodiment, it is possible to provide a new mechanism for guaranteeing the authenticity of the provided location information.
A brief description of the drawing
[0019]
FIG. 1 is a diagram for explaining a form of providing location information using an existing IMES message.
FIG. 2 is a schematic diagram showing an example of the overall configuration of a location information providing system according to the present embodiment.
FIG. 3 is a schematic diagram showing an example of a configuration related to the provision of an IMES-A message in a location information providing system according to the present embodiment.
FIG. 4 is a schematic diagram showing an example of a TOTP and IMES-A message generation process in an IMES transmitter of a location information providing system according to the present embodiment.
FIG. 5 is a diagram for explaining a method of synchronizing TOTP between an IMES transmitter and an authentication server in a location information providing system according to the present embodiment.
FIG. 6 is a diagram for explaining a TOTP generation process in an IMES transmitter and an authentication server in a location information providing system according to the present embodiment.
FIG. 7 is a diagram showing an example of a message type transmitted from an IMES transmitter constituting the location information providing system according to the present embodiment.
FIG. 8 is a diagram showing an example of a frame structure of a message format used as an IMES-A message in a position information providing system according to the present embodiment.
FIG. 9 is a diagram showing an example of a frame structure of a message format used as an IMES-A message in the position information providing system 1 according to the present embodiment.
FIG. 10 is a diagram showing an example of a message format related to a position authentication process output from an IMES receiver constituting an location information providing system according to the present embodiment.
FIG. 11 is a schematic diagram showing an example of a hardware configuration of an IMES receiver that can be used in a location information providing system according to the present embodiment.
FIG. 12 is a schematic diagram showing an example of a software configuration of an IMES receiver that can be used in a location information providing system according to the present embodiment.
[Fig. 13] Fig. 13 is a schematic diagram showing an example of a hardware configuration of an authentication server constituting a location information providing system according to the present embodiment.
FIG. 14 is a sequence diagram illustrating an outline of location authentication processing in a location information providing system according to the present embodiment.
FIG. 15 is a diagram for explaining the first-stage authentication of the position authentication process in the position information providing system according to the present embodiment.
FIG. 16 is a diagram for explaining the second stage authentication of the position authentication process in the position information providing system according to the present embodiment.
FIG. 17 is a sequence diagram illustrating management of an expiration date in a location authentication process in a location information providing system according to the present embodiment.
[Fig. 18] Fig. 18 is a diagram for explaining an example of a file management application using a location information providing system according to the present embodiment.
FIG. 19 is a diagram for explaining a configuration example for providing a Geofence function using a location information providing system according to the present embodiment.
[Fig. 20] Fig. 20 is a diagram for explaining a configuration example for realizing a car sharing system using a position information providing system according to the present embodiment.
[Fig. 21] Fig. 21 is a diagram for explaining a configuration example for realizing authorization of a credit card using a location information providing system according to the present embodiment.
Mode for carrying out the invention
[0020]
　Embodiments of the present invention will be described in detail with reference to the drawings. The same or corresponding parts in the drawings are designated by the same reference numerals and the description thereof will not be repeated.
[0021]
　
　FIG. 1 is a diagram for explaining a form of providing location information using an existing IMES message. With reference to FIG. 1, for example, an IMES message is transmitted from an IMES transmitter 200 # arranged indoors. The IMES message may include time information, timing signals, and the like, as well as location information for providing positioning services such as latitude, longitude, and floor (or height).
[0022]
　Mobile terminals such as mobile phones and smartphones basically have a positioning function for receiving a GNSS signal, and by using this positioning function, they also function as an IMES receiver 300 #. That is, the IMES receiver 300 # can specify the current position by receiving the IMES message.
[0023]
　For the installation of the IMES transmitter 200 # and the transmission of the IMES message from the IMES transmitter 200 #, the "IMES Transmitter Management Implementation Guidelines" and "Ground Complementary System (IMES) Transmitter" specified by the Japan Aerospace Exploration Agency (JAXA) It is necessary to comply with the "Terms of Use" and the "IMES Operation Definition" being developed by the IMES Consortium. Further, as the location information included in the IMES message, it is generally required to use the information corresponding to the location information code managed by a public institution (Geographical Survey Institute in Japan). The reliability of the IMES message (message) transmitted from the IMES transmitter 200 # is guaranteed by such a standard or the like.
[0024]
　However, the mechanism as described above only guarantees the reliability of the IMES message itself, and does not guarantee the position of the user who has acquired the position information or the like from the IMES message.
[0025]
　For example, it is assumed that the location information is acquired by using the IMES message received by the IMES receiver 300 #, and the acquired location information is provided by various services. Originally, the location information included in the IMES message transmitted from the IMES transmitter 200 # is notified to the service provider. The format of the IMES message is open to the public, and if you examine the contents of the IMES message, it is not impossible to forge the IMES message. In this case, the service provider is notified of the fake location information obtained from the forged IMES message, which makes it difficult to provide a legitimate service.
[0026]
　Therefore, the location information providing system according to the present embodiment provides a mobile terminal or a mechanism capable of proving when and where the user having the mobile terminal existed. That is, a mechanism for guaranteeing the authenticity of the time and place where each user was present is provided.
[0027]
　More specifically, in the location information providing system according to the present embodiment, in addition to the location information indicating each position of the IMES transmitter 200 #, an authentication code (Authentication) for guaranteeing the authenticity of the location information is provided. A message containing Code) is sent. In order to distinguish a message including such an authentication code from an existing IMES message, it is also referred to as an "IMES-A (Indoor Messaging System-Authentication) message" in the following description. When the IMES-A message is transmitted as a radio signal, the radio signal is also referred to as an "IMES-A signal".
[0028]
　In the present specification, "transmission of IMES-A signal" refers to the concept of "broadcasting" in which the IMES-A signal is transmitted without specifying the receiving side, and the IMES-A signal by specifying the receiving side. Can include the concept of "transmission" to transmit.
[0029]
　Details of the IMES-A message including the authentication code and the system or application using the IMES-A message will be described later.
[0030]
　By the mechanism provided by the location information providing system according to the present embodiment, security and authorization using location information can be applied to a wide range of applications.
[0031]
　In the following, for convenience of explanation, authentication for the location information provided by using the IMES-A message will be described, but the information to be authenticated is not limited to the location information and any information that can be included in the IMES-A message. Applicable to. Further, since the IMES-A message can realize an authentication function that cannot be provided by the GNSS signal, it may be transmitted not only indoors but also outdoors as long as it complies with laws and guidelines.
[0032]
　
　First, the overall configuration of the location information providing system according to the present embodiment will be described.
[0033]
　FIG. 2 is a schematic view showing an example of the overall configuration of the position information providing system 1 according to the present embodiment. With reference to FIG. 2, for example, at least one IMES transmitter 200 (hereinafter, may be referred to as “IMES-TX”) is arranged in an underground shopping mall 4, a building 6, or the like. The IMES transmitter 200 corresponds to a message transmitter that transmits or broadcasts a message. The IMES transmitter 200 may be arranged not only in the underground mall 4 or the building 6 but also in an underground parking lot or the like. Generally, it is assumed that the IMES transmitter 200 is arranged at an arbitrary position where the GNSS signal cannot be received.
[0034]
　The IMES-A message transmitted by each of the IMES transmitters 200 basically includes a position information (Position) and an authentication code. In addition, the IMES-A message may include time information and / or timing signals (Timing).
[0035]
　In the location information providing system 1 shown in FIG. 2, in order to realize the authentication function, each of the IMES transmitters 200 uses a common time with the authentication server 400. That is, at least one IMES transmitter 200 and the authentication server 400 have times synchronized with each other.
[0036]
　In order to acquire a common time between the IMES transmitter 200 and the authentication server 400, a GNSS signal, an external clock 104, or the like is used as an example.
[0037]
　Each of the IMES transmitters 200 may be individually provided with a configuration for using the GNSS signal or the clock 104, but in the position information providing system 1 shown in FIG. 2, the management station 100 is provided via the transmission line 2. Illustrates a configuration in which the control station 100 is connected to at least one IMES transmitter 200, and time information is transmitted from the management station 100 to each of the IMES transmitters 200.
[0038]
　More specifically, the management station 100 has a GNSS reception function for processing the GNSS signal received via the GNSS antenna 102 and / or a function for acquiring the time from the clock 104. ..
[0039]
　The clock 104 can utilize, for example, PTP (Precision Time Protocol) technology. Specifically, the synchronized time may be acquired according to the protocol specified in IEEE (Institute of Electrical and Electronic Engineers) 1588 (PTP) or IEEE 1588v2 (PTPv2). However, as will be described later, in the present embodiment, the authentication code may be generated in a cycle of about 1 second. In such a case, the synchronization performance is compared with that of PTP such as NTP (Network Time Protocol). Inferior technology may be adopted. Alternatively, standard radio waves or the like may be used.
[0040]
　Any network or wiring can be used as the transmission line 2. For example, as the transmission line 2, a signal line laid integrally with the transmission line, a transmission network of a cable television (CATV), or the like can be used.
[0041]
　Each of the IMES transmitters 200 generates an authentication code each time by using the time information from the management station 100 and the seed code managed securely. The seed code corresponds to a unique code uniquely assigned to each IMES transmitter 200.
[0042]
　In the present specification, the "authentication code" means additional information for guaranteeing the authenticity of the message transmitted from the IMES transmitter 200. In the present embodiment, as the "authentication code", a one-time password (TOTP: Time-Based One-Time Password) that depends on the generated time or the like is used. For convenience of explanation, the details will be described based on "TOTP" which is an example of the authentication code. However, the "authentication code" of the present invention is not limited to "TOTP" and is information for guaranteeing the authenticity of the message. , Anything may be used.
[0043]
　More specifically, each of the IMES transmitters 200 includes the time information and other information synchronized with the management station 100, the position information corresponding to the own machine, and the TOTP generated by the own machine, IMES-A. Send a signal.
[0044]
　When the IMES receiver 300 receives an IMES-A signal from any of the IMES transmitters 200, the IMES receiver 300 acquires position information and the like from the IMES-A message obtained by decoding the received IMES-A signal, and responds to the signal. Get TOTP. The IMES receiver 300 executes a position authentication process with the authentication server 400 based on the acquired TOTP, if necessary. As a result, the authenticity of the position information presented by the IMES receiver 300 is objectively guaranteed. The details of the location authentication process between the IMES receiver 300 and the authentication server 400 will be described later.
[0045]
　The authentication server 400 has a time synchronized with the IMES transmitter 200. More specifically, the authentication server 400 acquires an accurate time from the GNSS signal received via the GNSS antenna 432. Alternatively, the authentication server 400 may acquire the synchronized time from the clock 434 similar to the clock 104 described above.
[0046]
　That is, since the authentication server 400 has a common time with the IMES transmitter 200, if the seed code assigned to each IMES transmitter 200 is known, each of the IMES transmitters 200 Can know the TOTP that will be produced. Therefore, the authentication server 400 can determine the validity of the TOTP value associated with the position information presented by the IMES receiver 300 according to a predetermined logic, and the IMES receiver 300 presents based on this determination result. The authenticity of the location information to be used can be guaranteed.
[0047]
　As the seed code used by each of the IMES transmitters 200 for generating the TOTP, a unique code unique to each other internally held by each of the IMES transmitters 200 may be used. In this case, the authentication server 400 holds the unique code (seed code 425) held by each IMES transmitter 200 in the storage unit 410.
[0048]
　Alternatively, the seed code used by each of the IMES transmitters 200 to generate the TOTP may be provided from the authentication server 400 each time. In this case, the authentication server 400 provides, for example, the management station 100 with a time-varying (one-time) seed code. The management station 100 may provide the seed code from the authentication server 400 to each IMES transmitter 200 via the transmission line 2.
[0049]
　The seed code from the authentication server 400 may be provided for each IMES transmitter 200 connected to the management station 100. In this case, a process of notifying the corresponding seed code between the management station 100 and the specific IMES transmitter 200 is executed.
[0050]
　
　Next, a configuration related to provision of IMES-A message in the location information providing system 1 according to the present embodiment will be described.
[0051]
　FIG. 3 is a schematic diagram showing an example of a configuration related to the provision of the IMES-A message in the location information providing system 1 according to the present embodiment. With reference to FIG. 3, the location information providing system 1 includes a management station 100 and at least one IMES transmitter 200.
[0052]
　The management station 100 provides each IMES transmitter 200 with information for generating an IMES-A message (hereinafter, also referred to as “source information”). Further, a signal including source information propagating in the transmission line 2 is also referred to as a “source signal”.
[0053]
　More specifically, the management station 100 includes a source information generation unit 110 and a source signal modulation unit 120.
[0054]
　The source information generation unit 110 acquires time information, a timing signal, a clock signal, and the like included in the GNSS signal received via the GNSS antenna 102. The management station 100 may acquire information and signals included in the GNSS signal from the clock 104 instead of the GNSS signal.
[0055]
　As an optional configuration, the source information generation unit 110 may include the seed code provided by the authentication server 400 in the source information.
[0056]
　The source signal modulation unit 120 modulates the source information generated by the source information generation unit 110 to generate a source signal, and transmits or broadcasts the source signal to at least one IEMS transmitter 200. The source signal generation method may be appropriately designed according to the medium constituting the transmission line 2. For example, when using a transmission line constituting a CATV network, an empty frequency other than the frequency used in the CATV network may be used as a carrier wave.
[0057]
　The IMES transmitter 200 dynamically generates an IMES-A message using the source information provided by the management station 100, and transmits it as an IMES-A signal.
[0058]
　More specifically, the IMES transmitter 200 includes a source signal demodulation unit 210 and an IMES-A generation transmission unit 220.
[0059]
　The source signal demodulation unit 210 demodulates the source signal provided by the control station 100 and reproduces the source information.
[0060]
　The IMES-A generation transmission unit 220 uses the source information reproduced by the source signal demodulation unit 210 to generate an IMES-A message including a dynamically generated TOTP. Then, the IMES-A generation transmission unit 220 transmits the IMES-A signal generated by modulating the generated IMES-A message. The IMES-A generation transmission unit 220 preferably transmits an IMES-A signal compatible with the GNSS signal. That is, the IMES transmitter 200 may transmit a message or a radio signal compatible with the radio signal (GNSS signal) from the positioning satellite system (GNSS).
[0061]
　However, the present invention is not limited to this, and the IMES transmitter 200 may transmit a message or a wireless signal according to a specific standard.
[0062]
　FIG. 3 shows information (contents) included in each of the GNSS signal 103 received by the management station 100, the source signal 105 provided by the management station 100, and the IMES-A message 203 transmitted by the IMES transmitter 200. An example is shown.
[0063]
　As an example, the GNSS signal 103 includes a timing signal 1031, a clock signal 1032, a position information 1033, a time information 1034, and a leap second information 1035.
[0064]
　The timing signal 1031 provides, for example, a timing signal included in the GNSS signal, and includes, for example, a 1-second pulse signal (1PPS signal). The clock signal 1032 provides, for example, a frequency source included in the GNSS signal, and includes, for example, a 10 MHz pulse signal. The position information 1033 provides a positioning service, and includes, for example, information such as latitude, longitude, and floor. The time information 1034 and the leap second information 1035 provide the time information included in the GNSS signal. The time information 1034 includes, for example, information on the year, month, day, hour, minute, and second, and the leap second information 1035 includes information for correcting the leap second.
[0065]
　The source signal 105 includes a timing signal 1051, a clock signal 1052, a position information 1053, a time information 1054, a leap second information 1055, a device identification information 1056, and a seed code 1057.
[0066]
　The timing signal 1051, the clock signal 1052, the position information 1053, the time information 1054, and the Uru-second information 1055 are included in the GNSS signal 103, and include the timing signal 1031, the clock signal 1032, the position information 1033, the time information 1034, and the Uru. It is substantially the same as the second information 1035. Since the position information 1053 is often provided by each of the IMES transmitters 200, it may not be included in the source signal 105.
[0067]
　The device identification information 1056 and the seed code 1057 are information for generating TOTP in each of the IMES transmitters 200. More specifically, the seed code 1057 is a secure code for each IMES transmitter 200 provided by the authentication server 400. Depending on the scale of the system, the same seed code may be used among a plurality of IMES transmitters 200, but basically, a seed key is assigned to each IMES transmitter 200. In this case, a value indicating which IMES transmitter 200 is directed to is stored in the device identification information 1056, and the corresponding seed key value is stored in the seed code 1057.
[0068]
　That is, the device identification information 1056 and the seed code 1057 include the seed code and the identification information that identifies the IMES transmitter 200 to be provided to each IMES transmitter 200.
[0069]
　The IMES-A message 203 includes a timing signal 2051, a clock signal 2052, a position information 2053, a time information 2054, a leap second information 2055, and a TOTP 2036.
[0070]
　The timing signal 2051, the clock signal 2052, the time information 2054, and the Uru-second information 2055 are substantially the same as the timing signal 1031, the clock signal 1032, the time information 1034, and the Uru-second information 1035 included in the GNSS signal 103. Is.
[0071]
　The position information 2053 includes the position information uniquely provided by the IMES transmitter 200 that transmitted the IMES-A signal.
[0072]
　TOTP2036 includes a value of TOTP that is dynamically generated in the IMES transmitter 200 that transmitted the IMES-A signal.
[0073]
　By receiving the IMES-A message 203, the mobile terminal receives the IMES-A message 203, and in addition to the position information according to the current position of the mobile terminal, the authentication code (TOTP) for guaranteeing the authenticity of the position information and the accuracy. Time information can be acquired.
[0074]
　
　Next, generation of an IMES-A message including TOTP and TOTP in the IMES transmitter 200 will be described.
[0075]
　FIG. 4 is a schematic diagram showing an example of a TOTP and IMES-A message generation process in the IMES transmitter 200 of the location information providing system 1 according to the present embodiment.
[0076]
　With reference to FIG. 4, the IMES-A generation transmission unit 220 of the IMES transmitter 200 dynamically generates TOTP using the source information provided by the management station 100, and IMES-A including the generated TOTP. Generate a message.
[0077]
　In the present embodiment, the TOTP is generated by using the time information managed by the IMES transmitter 200 and a secure code called a seed code. Since the time information is updated each time, TOTP is also updated each time.
[0078]
　More specifically, the IMES-A generation transmission unit 220 includes a TOTP generation unit 222 and an IMES-A generation unit 224. The TOTP generation unit 222 accepts the time information and the seed code (seed code A or seed code B) as inputs, and calculates the TOTP from the two input variables. The TOTP generation unit 222 uses a TOTP generation function that inputs time information and a seed code.
[0079]
　As the seed code, a seed code A, which is a unique unique code for each IMES transmitter 200, or a seed code B, which is a unique unique code provided by the authentication server 400, is used. When the seed code A is used, its value is concealed except for the authentication server 400. When the seed code B is used, the seed code provided for each IMES transmitter 200 is transmitted from the authentication server 400 as a part of the source signal.
[0080]
　The TOTP generator 222 and the seed code A need to be kept secure, and these functions use, for example, a security chip called TPM (Trusted Platform Module) that provides tamper resistance by hardware. May be implemented.
[0081]
　The TOTP typically employs a hash-based message authentication code (HMAC). In this case, a cryptographic hash function is used as the TOTP generation function. As the TOTP generation function, for example, a function conforming to RFC6238 (TOTP: Time-Based One-Time Password Algorithm), which is a technical specification by the IETF (Internet Engineering Task Force), may be adopted.
[0082]
　More specifically, as the TOTP generation function, the hash function SHA (Secure Hash Algorithm) -2 (among the defined variations, for example, SHA-256 with a hash length of 256 bits or a hash length of 512 bits SHA-512) may be adopted. By using a TOTP generation function consisting of such a hash function, HMAC TOTP can be generated.
[0083]
　The longer the bit length of TOTP is, the more preferable it is. However, considering the message update cycle, transmission band, and the like, for example, a 64-bit length or a 128-bit length can be adopted.
[0084]
　It is preferable that the TOTP generation cycle in the IMES-A generation transmission unit 220 matches the transmission cycle of the IMES-A signal. For example, when the IMES-A message is updated every 3 seconds, it is preferable to generate (update) the TOTP every 3 seconds. Further, it is preferable that the length of the generated TOTP is designed to be suitable for the message format of the IMES-A message.
[0085]
　The IMES-A generation unit 224 combines the TOTP generated by the TOTP generation unit 222, the time information, the timing signal, and the clock signal included in the source signal, and the position information set for each IMES transmitter 200. By doing so, an IMES-A message is generated. The IMES-A generation unit 224 modulates the generated IMES-A message and transmits it as an IMES-A signal.
[0086]
　Since some delay element exists in the transmission line 2 from the management station 100 to the IMES transmitter 200, the IMES transmitter 200 uses the time information, timing signal, clock signal, etc. provided by the management station 100. Therefore, the time information synchronized with the management station 100 can be retained.
[0087]
　Here, the security performance of the seed code A and the seed code B will be described. The seed code A is stored in the IMES transmitter 200, and by mounting it using, for example, TPM or the like, high tamperability can be realized. However, if the IMES transmitter 200 is cracked in some way and the seed code A is leaked, the availability of the location information providing system 1 may decrease.
[0088]
　Assuming such a situation, a configuration may be adopted in which the seed code B is dynamically provided from the authentication server 400. The cycle in which the seed code B provided from the authentication server 400 to each of the IMES transmitters 200 is updated is appropriately determined according to the capability of the location information providing system 1 and the required security level. By dynamically providing the seed code from the authentication server 400, the security level can be further increased.
[0089]
　As will be described next, the same generation algorithm as the above-mentioned generation algorithm for generating the TOTP in the IMES transmitter 200 is also implemented in the authentication server 400.
[0090]
　
　Next, a method of synchronously generating TOTP between IMES transmitter 200 and authentication server 400 will be described. By synchronizing the TOTP between the two according to a scheme as described below, the true value of the TOTP at each time point can be known between the two. That is, the authentication server 400 keeps track of all the TOTPs transmitted by the IMES transmitter 200.
[0091]
　By utilizing such prior knowledge, it is possible to guarantee the authenticity of the position information by using TOTP added to the position information presented by the mobile terminal (IMES receiver 300).
[0092]
　As described above, in the position information providing system 1 according to the present embodiment, TOTP is used by using the unique codes (seed codes) assigned to the IMES transmitters 200 and the time information of each generation timing. Is dynamically generated. This TOTP has a unique value for each IMES transmitter 200. The cycle for generating (updating) TOTP is synchronized with the cycle for generating (updating) the IMES-A message (IMES-A signal) by the IMES transmitter 200. That is, the authentication server 400 grasps the true value of TOTP generated by each of the IMES transmitters 200 at an arbitrary time.
[0093]
　In order to surely grasp the true value of TOTP generated by each of the IMES transmitters 200 by the authentication server 400, (1) the time provided from a common time source between the IMES transmitter 200 and the authentication server 400. It is necessary to satisfy two conditions: that the information is held synchronously and (2) that the authentication server 400 knows the seed code assigned to each of the IMES transmitters 200.
[0094]
　FIG. 5 is a diagram for explaining a method of synchronizing TOTP between the IMES transmitter 200 and the authentication server 400 in the location information providing system 1 according to the present embodiment. With reference to FIG. 5, each of the IMES transmitters 200 periodically generates TOTP226 in the IMES-A generation transmitter 220. More specifically, the IMES-A generation transmission unit 220 has a TOTP generation unit 222 (see FIG. 4), and the time information 227 and the seed code 225 are input to the TOTP generation function 223 included in the TOTP generation unit 222. By doing so, TOTP226 is generated.
[0095]
　Hereinafter, since the time information 227 changes according to the generation timing n of the TOTP 226, it is described as "time T (n)", and the seed code 225 is set to a unique value among the IMES transmitters 200. It is described as "Seed1", "Seed2", "Seed3", and so on. Then, the TOTP 226 generated by using the time information 227 and the seed code 225 is described as "TOTP (Seed1, T (n))" to indicate that it depends on two variables.
[0096]
　The management station 100 provides the time information 227 using the GNSS signal received via the GNSS antenna 102 as a time source. The source signal demodulation unit 210 of the IMES transmitter 200 receives the source signal from the management station 100 and acquires the time information 227. The acquired time information 227 is input to the TOTP generation function 223. The IMES transmitter 200 acquires time information 227 substantially synchronized with the time provided by the GNSS signal.
[0097]
　Further, it is assumed that the seed code 225 is provided from the authentication server 400 in addition to the case where the seed code 225 is stored in the IMES transmitter 200 in advance.
[0098]
　On the other hand, the authentication server 400 holds the same seed code 425-1,425-2,425-3, ... As the seed code 225 used by each of the IMES transmitters 200. Further, the authentication server 400 receives, for example, a GNSS signal received via the GNSS antenna 432, and the time information 427 acquired from the received GNSS signal can be used.
[0099]
　Further, also in the authentication server 400, the TOTP generation function 423 having the same generation algorithm as the TOTP generation function 223 possessed by the IMES transmitter 200 can be used.
[0100]
　At this time, the time information 227 managed by the IMES transmitter 200 and the time information 427 available to the authentication server 400 are acquired from the same time source, and can be synchronized with high accuracy. Further, the seed code is shared between the IMES transmitter 200 and the authentication server 400.
[0101]
　As described above, the authentication server 400 has all the information used by each of the IMES transmitters 200 to generate the TOTP226. As a result, the authentication server 400 can sequentially generate TOTP426-1, 426-2, 426-3, ..., Which has the same value as the TOTP226 generated by each of the IMES transmitters 200 at each time. Since the authentication server 400 does not need to output the TOTP 426 to the outside, the TOTP 426 may be reproduced only when requested by the mobile terminal (IMES receiver 300).
[0102]
　As a method for sharing the seed code between the IMES transmitter 200 and the authentication server 400, the following two methods are typically assumed.
[0103]
　(1) Offline common method In the
　offline common method, the seed code is fixedly stored in each of the IMES transmitters 200 in advance, and the authentication server 400 manages the seed code fixedly assigned to the IMES transmitter 200. do.
[0104]
　That is, the authentication server 400 grasps the unique seed code held for each IMES transmitter 200 in advance, and TOTP is based on the seed code of each IMES transmitter 200 and the time information at each timing. To generate.
[0105]
　When the offline common method is adopted, there is no need to provide a network for sharing the seed code between the authentication server 400 and the IMES transmitter 200, so that there is an advantage that the system configuration can be simplified. ..
[0106]
　On the other hand, since the common seed code is fixedly determined, the tamper resistance of the IMES transmitter 200 and the authentication server 400 is relatively low. In the unlikely event that the seed code and generation algorithm are leaked, future TOTP may be predicted. Therefore, when the offline common method is adopted, it is preferable to implement it using a configuration having high tamper resistance such as TPM (Trusted Platform Module). The TPM can also be configured to damage the internal memory so that the stored values ​​cannot be read when physical reverse engineering is attempted.
[0107]
　(2) Online common method In the
　online common method, the authentication server 400 periodically generates a seed code and notifies the IMES transmitter 200. That is, the authentication server 400 may have a function of transmitting a seed code (that is, a unique code) to each of at least one IMES transmitter 200.
[0108]
　The seed code is preferably generated periodically for each IMES transmitter 200. A seed code is transmitted from the authentication server 400 to each of the IMES transmitters 200 via an arbitrary network. In the location information providing system 1 shown in FIG. 3, the seed code is transmitted from the authentication server 400 to the management station 100, and further transmitted from the management station 100 to the IMES transmitter 200 via the transmission line 2. Not limited to the configuration shown in FIG. 3, the seed code may be directly transmitted from the authentication server 400 to each of the IMES transmitters 200.
[0109]
　According to the online standardization method, the IMES transmitter 200 and the authentication server 400 do not have the information for generating future TOTPs exceeding the update cycle of the seed code, so that the IMES transmitter 200 and the authentication server 400 have. High tamper resistance can be achieved in either case.
[0110]
　It is necessary to provide a network for transmitting the seed code from the authentication server 400 to the IMES transmitter 200, and it is necessary to take measures to prevent leakage of the seed code in the transmission path from the authentication server 400 to the IMES transmitter 200. Therefore, the system configuration can be complicated as compared with the above-mentioned offline common method.
[0111]
　By using either of the above two methods, TOTP generation and standardization can be realized securely. However, the method is not limited to one of the above two methods, and the two methods may be combined. That is, the TOTP may be generated by combining the seed code stored in advance in the IMES transmitter 200 and the seed code distributed by the authentication server 400. Further, any secure method other than the above two methods can be adopted.
[0112]
　By the method as described above, the seed code and the generation algorithm are shared between the IMES transmitter 200 and the authentication server 400, so that the same TOTP can be generated at each generation timing.
[0113]
　FIG. 6 is a diagram for explaining a TOTP generation process in the IMES transmitter 200 and the authentication server 400 in the location information providing system 1 according to the present embodiment. With reference to FIG. 6, all the IMES transmitters 200 and the authentication server 400 have synchronized time information using a GNSS signal or the like as a time source.
[0114]
　When the TOTP generation timing is set to the time T (n), the time T (n) is incremented according to the transmission cycle Ts (for example, 3 seconds) of the IMES-A message. By using the TOTP generation function TOTP (Seed, T (n)), the same TOTP can be generated between each of the IMES transmitters 200 and the authentication server 400.
[0115]
　That is, at time T (0), the IMES transmitters 200-1, 200-2, and 200-3 have TOTP (Seed1, T (0)), TOTP (Seed1, T (1)), and TOTP (Seed1), respectively. , T (2)) is generated. On the other hand, regarding the authentication server 400, TOTP (Seed1, T (0)), TOTP (Seed1, T (1)), TOTP (Seed1, Seed1,) for each of the IMES transmitters 200-1, 200-2, and 200-3. Generate T (2)).
[0116]
　The same applies to the times T (1), T (2), T (3), ....
　In this way, the authentication server 400 can manage the TOTP generated by each of the IMES transmitters 200.
[0117]
　
　Next, an example of the format of the IMES-A message transmitted from the IMES transmitter 200 and the format for outputting the information included in the IMES-A message received by the IMES receiver 300 will be described. ..
[0118]
　(F1: Message format of IMES-A message)
　First, an example of the message format of the IMES-A message transmitted from the IMES transmitter 200 will be described. As an example, in the position information providing system 1 according to the present embodiment, an IMES-based signal is adopted. As for the IMES-A message, it is preferable that the IMES-A message can realize backward compatibility with the existing IMES message.
[0119]
　FIG. 7 is a diagram showing an example of a message type transmitted from the IMES transmitter 200 constituting the location information providing system 1 according to the present embodiment. With reference to FIG. 7, in addition to the four message types defined as existing IMES messages, the message format 270 may be adopted as the IMES-A message. The message shown in FIG. 7 is an example, and any message format may be used as long as it includes information necessary for providing location information.
[0120]
　Since MT0, MT1, MT3, and MT4 shown in FIG. 7 are known, detailed description will not be given here. Hereinafter, the message format of MT7 used as the IMES-A message will be described in detail.
[0121]
　8 and 9 are diagrams showing an example of the frame structure of the message format 270 used as the IMES-A message in the position information providing system 1 according to the present embodiment. The number of words in the message format 270 can be changed according to the intended use, and in addition to the case of only the message format shown in FIG. 8 (4 words / 1 page), the message format 270 is different from the message format shown in FIG. It is also possible to adopt a configuration (eight words / two pages in total) in combination with the message format shown in FIG. Further, it is also possible to adopt a configuration (12 words in total / 3 pages) in which the message format shown in FIG. 8 and the message format (4 words) shown in FIG. 9 are combined twice. The length (number of words) of such a message format may be appropriately adjusted according to the intended use.
[0122]
　As the message format 270 shown in FIG. 8, a GPSNav message compatible format may be adopted. When the IMES receiver 300 supports GPS, it has a message decoder that processes the message format 270, so that the time information can be the year, month, and day without modifying the existing message decoder. You can get the hours, minutes, and seconds.
[0123]
　Specifically, the message format 270 is composed of at least four words 271,272,273,274. Further, when adding TOTP (authentication code), the words 275, 276, 277, 278 shown in FIG. 9 may be combined. Each of the words 271,272,273,274,275,276,277,278 consists of 30 bits.
[0124]
　The first word 271 includes a preamble area 2711, a message type area 2712 in which information for specifying a message type is stored, a telemetry area 2713 in which telemetry information is stored, and a parity bit area 2714.
[0125]
　The second word 272 stores the counter area 2721 where the number of message counts is stored, the message page area 2722, the leap second area 2723, and the elapsed week from the reference date (for example, January 6, 1980). The GPS week area 2724 and the parity bit area 2725 are included. The leap second area 2723 stores information indicating the timing of the leap second to be inserted or deleted, and information indicating whether to insert or delete.
[0126]
　Since the message format 270 may be configured over a plurality of pages (4 words per page), the message page area 2722 stores information for identifying the page number of each message. Will be done.
[0127]
　The third word 273 includes a counter area 2731, a TOW (Time Of Week) area 2732, a LAS area 2733, a time source area 2734, and a parity bit area 2735. The TOW area 2732 stores a count value that is added by 1 count every 1.5 seconds starting from midnight on Sunday. When the message format 270 is transmitted every 3 seconds, the TOW area 2732 stores a value incremented by 2 counts between the preceding IMES-A message and the subsequent IMES-A message. become. The LAS area 2733 stores a state value of whether or not the leap second application is enabled.
[0128]
　The fourth word 274 is a counter area 2741, a leap second application week area 2742, a leap second application date area 2743, an applicable leap second area 2744, a transmitter ID 2745, a satellite healthy area 2746, and a parity bit area 2747. And include. The timing at which the leap second is applied is scheduled by the elapsed week stored in the leap second application week area 2742 and the day within the week stored in the leap second application date area 2743. The applicable leap second region 2744 defines the magnitude of the applied leap second. For example, the applicable leap second area 2744 stores information indicating whether "1 second" is applied as the leap second or "1 second" is applied. The transmitter ID 2745 stores identification information for identifying the IMES transmitter 200 that generated the IMES-A message.
[0129]
　With reference to FIG. 9, words 275,276,277,278 in message format 270 provide an area for transmitting TOTP. As will be described later, the words 275, 276, 277, 278 can transmit a total of 64-bit TOTP. 128-bit TOTP can be transmitted by continuously transmitting the same message format as words 275,276,277,278.
[0130]
　The fifth word 275 includes a counter area 2751, a control area 2752, a TOTP area 2753, and a parity bit area 2747. In the control area 2752, a control code indicating a procedure required for the position authentication process using TOTP is stored. In the TOTP area 2753, 6 bits of the data constituting TOTP are stored.
[0131]
　The sixth word 276 includes a counter area 2761, a message page area 2762, a TOTP area 2763, and a parity bit area 2764. 17 bits of the data constituting TOTP are stored in the TOTP area 2763.
[0132]
　The seventh word 277 includes a counter area 2771, a TOTP area 2772, and a parity bit area 2773. 21 bits of the data constituting TOTP are stored in the TOTP area 2772. The eighth word 278, like the seventh word 277, includes a counter area 2781, a TOTP area 2782, and a parity bit area 2783.
[0133]
　(F2: NMEA format output from the IMES receiver 300)
　Next, an example of a message format used at the application level in the IMES receiver 300 will be described. As such a message format, an extension of the existing NMEA format may be adopted.
[0134]
　That is, the information obtained by receiving the IMES-A message transmitted from the IMES transmitter 200 by the IMES receiver 300 and decoding the received IMES-A message is received from, for example, a general GPS receiving module. The data may be output in a format conforming to the format used when the data is output.
[0135]
　FIG. 10 is a diagram showing an example of a message format related to the position authentication process output from the IMES receiver 300 constituting the position information providing system 1 according to the present embodiment. The message format exemplified in FIG. 10 shows an example of a message format (IMASC) directed to the TOTP (authentication code) required for the location authentication process. In the IMASC message shown in FIG. 10, in addition to the location information, an authentication code (TOTP) associated with the location information is stored.
[0136]
　Not limited to the message format shown in FIG. 10, it is preferable to adopt a message format that makes it easy for various applications executed on the IMES receiver 300 to use the information contained in the IMES-A message.
[0137]
　
　Next, the configuration of the IMES receiver 300 will be described. The IMES receiver 300 is assumed to be a mobile terminal such as a mobile phone or a smartphone.
[0138]
　FIG. 11 is a schematic view showing an example of the hardware configuration of the IMES receiver 300 that can be used in the position information providing system 1 according to the present embodiment. With reference to FIG. 11, the IEMS receiver 300 includes a processor 302, a main memory 304, an output unit 306, an input unit 308, a flash memory 310, a mobile communication module 318, a GNSS module 320, and local communication. Includes module 322 and. The flash memory 310 stores, for example, an OS (Operating System) 312, an API (Application Program Interface) group 314, and an application group 316. These elements are connected via the internal bus 324.
[0139]
　The processor 302 realizes various functions by expanding the program stored in the flash memory 310 into the main memory 304 and executing the program. The main memory 304 is realized by a volatile memory such as a DRAM (Dynamic Random Access Memory) or a SRAM (Static Random Access Memory).
[0140]
　The output unit 306 includes a device that notifies the user of the result obtained by the arithmetic processing in the processor 302. For example, the output unit 306 includes a display or an indicator for visually notifying the user of information, and in this case, it is realized by using an LCD (Liquid Crystal Display), an organic EL (Electro Luminescence) display, or the like. .. Alternatively, the output unit 306 includes a microphone for aurally notifying the user of information.
[0141]
　The input unit 308 is a device that accepts operations from the user, and is realized by using, for example, a touch panel, a keyboard, a mouse, or the like arranged on the surface of the display.
[0142]
　The flash memory 310 is a non-volatile memory and stores various programs and data. OS312 provides an environment for executing various applications on the IMES receiver 300. The API group 314 is in charge of the basic processing necessary for executing the processing in the application group 316. The application group 316 includes various user applications and the like.
[0143]
　The mobile communication module 318 provides public wireless communication functions such as LTE (Long Term Evolution). The mobile communication module 318 exchanges data with a communication partner via a wireless base station or the like.
[0144]
　The GNSS module 320 receives the GNSS signal and acquires the information included in the received GNSS signal. If the IMES-A signal is compatible with the GNSS signal, the GNSS module 320 can also receive the IMES-A signal in addition to the GNSS signal. In this case, the information contained in the IMES-A message as described above is acquired by the GNSS module 320 and used for the processing executed by the processor 302.
[0145]
　The local communication module 322 exchanges data with other communication terminals according to a wireless communication standard such as a wireless LAN (Local Area Network) or Bluetooth (registered trademark).
[0146]
　FIG. 12 is a schematic diagram showing an example of a software configuration of the IMES receiver 300 that can be used in the location information providing system 1 according to the present embodiment. FIG. 12 mainly shows a configuration that uses the authentication function provided by the location information providing system 1.
[0147]
　More specifically, in the IMES receiver 300, the application 3162, the authentication API 3142, and the communication API 3144 are executed on the OS 312. Application 3162 is assumed to receive an arbitrary service using, for example, authenticated location information.
[0148]
　OS312 includes a hardware driver 3122. The hardware driver 3122 performs necessary processing by controlling various hardware elements (for example, mobile communication module 318, GNSS module 320, local communication module 322, etc. shown in FIG. 11) included in the IMES receiver 300. Realize.
[0149]
　The authentication API 3142 is a program in charge of the location authentication process as described later, executes the location authentication process with the authentication server 400 in response to the authentication request from the application 3162, and the execution result of the location authentication process. Return to application 3162. The authentication API 3142 can also acquire the information included in the IMES-A message from the hardware driver 3122 and pass the location information and the like included therein to the application 3162.
[0150]
　Information may be exchanged between the hardware driver 3122 and the authentication API 3142, for example, according to the NMEA format.
[0151]
　The communication API 3144 is a program in charge of communication processing, and in the position authentication processing according to the present embodiment, in response to the communication request from the authentication API 3142, necessary data is transmitted to the authentication server 400 via the hardware driver 3122. At the same time, the data from the authentication server 400 is returned to the authentication API as a communication result.
[0152]
　By configuring such a hardware driver 3122 and a hierarchical software element consisting of the authentication API 3142 and the communication API 3144, from the viewpoint of the creator of the application 3162, programming when using the authentication function according to the present embodiment. Can be facilitated. That is, if only the authentication request is given to the authentication API 3142 from the application 3162 side, the authentication result is returned, so that the authentication function according to the present embodiment can be easily incorporated into the existing application.
[0153]
　
　Next, the configuration of the authentication server 400 will be described. The authentication server 400 is typically implemented using a general-purpose server-type computer.
[0154]
　FIG. 13 is a schematic diagram showing an example of the hardware configuration of the authentication server 400 constituting the location information providing system 1 according to the present embodiment. With reference to FIG. 13, the authentication server 400 includes a processor 402, a main memory 404, an output unit 406, an input unit 408, a storage unit 410, a GNSS module 430, and a network communication module 438. In the storage unit 410, for example, the OS 412, the seed code generation program 414, the authentication program 416, the IMES transmitter master table 418, the IMES transmitter seed code master table 420, the challenge table 422, and the authentication code table 424 are stored. And are stored. These elements are connected via the internal bus 440.
[0155]
　The processor 402 realizes various functions by expanding the program stored in the storage unit 410 into the main memory 404 and executing the program. The main memory 404 is realized by a volatile memory such as DRAM or SRAM.
[0156]
　The output unit 406 includes a device that notifies the user of the result obtained by the arithmetic processing in the processor 402. For example, the output unit 406 includes a display or an indicator for visually notifying the user of information, and in this case, it is realized by using an LCD (Liquid Crystal Display), an organic EL (Electro Luminescence) display, or the like. ..
[0157]
　The input unit 408 is a device that receives an operation from the user, and is realized by using, for example, a keyboard and / or a mouse.
[0158]
　The storage unit 410 is a non-volatile storage for storing various programs and data, and is realized by using, for example, a hard disk drive (HDD). OS412 provides an environment for executing various applications on the authentication server 400. The seed code generation program 414 generates a seed code for each of the IMES receivers 300 at predetermined intervals. The authentication program 416 realizes the position authentication process as described later.
[0159]
　The IMES transmitter master table 418 contains information for managing the IMES receiver 300. More specifically, the IMES transmitter master table 418 includes identification information (individual ID) and location information (latitude, longitude, floor, etc.) assigned to each of the IMES receivers 300.
[0160]
　The IMES transmitter seed code master table 420 contains seed code values ​​assigned to each of the IMES receivers 300.
[0161]
　The challenge table 422 is a table for managing the value of the challenge issued in response to the position authentication request from any of the IMES receivers 300. The value is written in the challenge table 422 when the challenge is issued, and the entry is deleted when the expiration date set for each challenge has passed.
[0162]
　The authentication code table 424 is a table for managing the authentication code issued when a series of location authentication processes are successful. The value is written in the authentication code table 424 when the authentication code is issued by a series of location authentication processes, and the entry is deleted when the expiration date set for each authentication code elapses.
[0163]
　The GNSS module 430 receives the GNSS signal and acquires the time information and the like included in the received GNSS signal. The time information acquired by the GNSS module 430 is used for the position authentication process.
[0164]
　The network communication module 438 exchanges data with the management station 100, the IMES transmitter 200, or the IMES receiver 300 via an arbitrary network.
[0165]
　
　Next, the details of the position information providing method including the position authentication processing in the position information providing system 1 according to the present embodiment will be described. In the position information providing system 1 according to the present embodiment, the value of TOTP included in the IMES-A message generated by the specific IMES transmitter 200 at each transmission timing is between the other IMES transmitters 200 and the other IMES transmitters 200. It becomes unique with other transmission timings. That is, at the same transmission timing, the TOTPs included in the IMES-A messages transmitted from the plurality of IMES transmitters 200 have different values ​​from each other. Further, TOTPs transmitted from the same IMES transmitter 200 at different timings also have different values.
[0166]
　In this way, since the authentication server 400 has the time information synchronized with the IMES transmitter 200, it is possible to grasp all which IMES transmitter 200 is broadcasting what kind of TOTP. That is, by adopting TOTP according to the present embodiment, the authenticity of the position information included in the IMES-A message can be guaranteed.
[0167]
　On the other hand, since the IMES transmitter 200 broadcasts the IMES-A message to an unspecified number of people, the location information and the time information included in the IMES-A message are known. Therefore, in order to meet the "spoofing" security requirements for this information, in addition to the TOTP-based authentication for TOTP, Challenge-Handshake Authentication Protocol (CHAP) authentication based on TOTP is required. It is preferable to adopt two-step verification including. By adopting such two-step verification, spoofing can be prevented.
[0168]
　That is, by using TOTP according to the present embodiment, the authenticity of the position information included in the IMES-A message can be guaranteed, but as a more preferable form, two-step verification is adopted.
[0169]
　In the following description, the location authentication process when the two-step verification is adopted will be mainly described. Of the two-step verification, the first-step certification is referred to as "TOTP certification", and the second-step certification is referred to as "TOTP & CHAP certification".
[0170]
　FIG. 14 is a sequence diagram illustrating an outline of the position authentication process in the position information providing system 1 according to the present embodiment. With reference to FIG. 14, in the location information providing system 1, the IMES transmitter 200, the IMES receiver 300, and the authentication server 400 are linked to realize the authentication of the location information.
[0171]
　With reference to FIG. 14, first, the IMES transmitter 200 transmits an IMES-A message at predetermined intervals (sequence SQ1). As the IMES-A message, a plurality of message formats may be defined according to the type of information to be transmitted. For example, in the existing IMES specifications, the location information is included in the message type 0 (MT0) and the message type 1 (MT1). Therefore, the IMES transmitter 200 transmits an IMES message including the position information of MT0 or MT1. At the same time, the IMES transmitter 200 transmits an IMES-A message including the TOTP generated at the same transmission timing. For example, TOTP may be transmitted according to the message format specified as message type 7 (MT7) by extending the message format specified in the existing IMES specifications.
[0172]
　In this way, each of the IMES transmitters 200 has a generation function that generates a TOTP (that is, an authentication code) depending on the time and the seed code (that is, the unique code) that is uniquely assigned to each IMES transmitter 200. It also has a transmitting function for transmitting an IMES-A message including location information, time information, and a generated TOTP (authentication code).
[0173]
　The IMES receiver 300 receives the message format of MT0 or MT1 from the IMES transmitter 200 and the message of MT7, and includes information such as time information (date and time), TOTP, latitude, longitude, and floor, IMES-A. Get information 500. The IMES-A information 500 is acquired by the receiving function of the IMES receiver 300 (the GNSS module 320 shown in FIG. 11 and the hardware driver 3122 shown in FIG. 12).
[0174]
　In the IMES transmitter 200, the IMES-A information 500 is output from the receiving function to the authentication API 3142 (sequence SQ2). At this time, the IMES-A information 500 may be output according to a predetermined format defined as the NMEA format.
[0175]
　The authentication API 3142 executes the location authentication process with the authentication server 400 based on the acquired IMES-A information 500. The authentication server 400 makes an authentication request including the information in the IMES-A message from the IMES receiver 300 that has received the IMES-A message transmitted by any one of the IMES transmitters 200. Upon receipt, it is included in the authentication request based on the time information included in the authentication request and the seed code (unique code) uniquely assigned to the IMES transmitter 200 corresponding to the location information included in the authentication request. The validity of the TOTP (authentication code) is determined (see FIGS. 5 and 6 and the like). Based on the result of determining the validity of the TOTP (authentication code), the authenticity of the position information included in the authentication request from the IMES receiver 300 is authenticated (sequences SQ3 to SQ5 and sequences SQ8 to SQ11 shown in FIG. 14). .. Further, the authentication server 400 stores the location information whose authenticity has been authenticated in the storage unit 410 (authentication code table 424) or the like (sequence SQ12 shown in FIG. 14).
[0176]
　More specifically, as the first-stage authentication (TOTP authentication) of the location authentication process, the authentication API 3142 transmits IMES-A information 500 including TOTP to the authentication server 400 (sequence SQ3). Transmission of IMES-A information 500 to the authentication server 400 means a first-stage authentication request.
[0177]
　When the authentication server 400 receives the IMES-A information 500 from the authentication API 3142, the authentication server 400 determines the validity of TOTP based on the received IMES-A information 500 (sequence SQ4).
[0178]
　When it is determined that the TOTP is valid, the authentication server 400 sends an authentication acceptance notification 502 including a challenge associated with the confirmed TOTP to the authentication API 3142 (sequence SQ5).
[0179]
　The transmission of the authentication acceptance notification 502 from the authentication server 400 to the authentication API 3142 means that the first-stage authentication is successful. Then, the second stage authentication of the position authentication process is started.
[0180]
　More specifically, the IMES transmitter 200 transmits a new IMES-A message when a new transmission timing arrives (sequence SQ6). When the receiving function of the IMES transmitter 200 receives a new IMES-A message, the IMES-A information 520 included in the received new IMES-A message is output to the authentication API 3142 (sequence SQ7).
[0181]
　The authentication API 3142 generates a response (determination target) 504 based on the challenge included in the previously received authentication acceptance notification 502 and the new IMES-A information 520 (sequence SQ8). Then, the authentication API 3142 transmits the second-stage authentication request 522 including the generated response (determination target) 504 to the authentication server 400 (sequence SQ10). The transmission of this response (determination target) 504 means a second-stage authentication request.
[0182]
　When the authentication server 400 receives the second-stage authentication request 522 from the authentication API 3142, it determines the validity of the response (determination target) 504 included in the received second-stage authentication request 522 (sequence SQ11).
[0183]
　When it is determined that the response (determination target) 504 is valid, the authentication server 400 responds to the authentication API 3142 that the location authentication has been accepted (sequence SQ12). The authentication code 506 indicating that the location authentication has been accepted may be transmitted to the authentication API 3142. The authentication code 506 can be used as a certificate by which the authentication server 400 guarantees the authenticity of the location information.
[0184]
　In this way, the authentication server 400 issues the authentication code 506 corresponding to the location information whose authenticity has been authenticated. Then, in the storage unit 410 of the authentication server 400, the location information whose authenticity has been authenticated and the issued authentication code are stored in association with each other.
[0185]
　The authentication server 400 may transmit the fact that the location authentication has been accepted to the service provider that requests the authenticity of the location information presented by the IMES receiver 300 instead of the authentication API 3142.
[0186]
　The above procedure completes a series of location authentication processes. Hereinafter, more detailed processing contents of the first-stage and second-stage authentication will be described.
[0187]
　(I1: TOTP Authentication (First Stage Authentication))
　FIG. 15 is a diagram for explaining the first stage authentication of the position authentication process in the position information providing system 1 according to the present embodiment. With reference to FIG. 15, when the receiving function of the IMES receiver 300 receives the IMES-A message, the IMES-A information 500 is extracted from the received IMES-A message and output to the authentication API 3142. The IMES-A information 500 typically includes information such as time information, TOTP, latitude, longitude, floor, and the like. Such IMES-A information 500 may be output as an IMASC message defined in accordance with the NMEA format.
[0188]
　The authentication API 3142 of the IMES receiver 300 transmits the IMES-A information 500 to the authentication server 400 and requests the first stage authentication (TOTP authentication) (corresponding to the sequence SQ3 shown in FIG. 14).
[0189]
　In the authentication server 400, the authentication engine 450, which is realized by the processor 402 executing the authentication program 416 (see FIG. 11), manages the location authentication process. The sequence SQ4 shown in FIG. 14 is mainly composed of the processes of the sequences SQ41 to SQ44 shown in FIG.
[0190]
　More specifically, the authentication server 400 searches for the IMES transmitter 200 corresponding to the location information 5001 based on the location information 5001 included in the IMES-A information 500 received from the IMES receiver 300 (sequence SQ41). .. More specifically, the authentication server 400 extracts the location information 5001 from the IMES-A information 500 and refers to the IMES transmitter master table 418 to specify the IMES transmitter 200 that transmits the location information 5001. IMES-TX information 508 is acquired. The position information 5001 includes latitude, longitude, floor, and the like. The IMES-TX information 508 includes identification information (individual ID) assigned to the IMES receiver 300 that transmits the location information 5001.
[0191]
　If the corresponding IMES-TX information 508 cannot be acquired, the authentication request is determined to be unsuccessful, and the location authentication process is stopped.
[0192]
　Subsequently, the authentication server 400 corresponds to the received IMES-A information 500 based on the acquired IMES-TX information 508 and the time information 5002 included in the IMES-A information 500 received from the IMES receiver 300. TOTP (true value) 512 is generated (sequence SQ42). More specifically, the authentication server 400 refers to the IMES transmitter seed code master table 420 to acquire the seed code 510 corresponding to the IMES-TX information 508. Then, the authentication server 400 generates the TOTP (true value) 512 by inputting the acquired time information 5002 and the seed code 510 into the TOTP generation function.
[0193]
　Subsequently, the authentication server 400 checks the validity of the TOTP (determination target) 5003 included in the IMES-A information 500 received from the IMES receiver 300 (sequence SQ43). More specifically, the authentication server 400 determines whether or not the TOTP (determination target) 5003 included in the IMES-A information 500 received from the IMES receiver 300 matches the TOTP (true value) 512. The TOTP (true value) 512 follows the TOTP generation schedule in the IMES transmitter 200 managed by the authentication server 400. If the TOTP (judgment target) 5003 does not match the TOTP (true value) 512, it can be determined that the TOTP (judgment target) 5003 is invalid. In this case, the authentication request is determined to be a failure, and the location authentication process is stopped.
[0194]
　Subsequently, the authentication server 400 generates a session and a challenge corresponding to the TOTP (determination target) 5003 determined to be valid (sequence SQ44). More specifically, the authentication server 400 sets a session to be used for the second-stage authentication, and assigns a session ID for identifying the assigned session to the IMES receiver 300 that is the authentication request source. The session ID is preferably randomly determined. Further, the authentication server 400 generates a challenge according to an arbitrary function. The arbitrary function may determine the challenge according to a predetermined rule, or may determine the challenge at random.
[0195]
　Then, the authentication server 400 transmits an authentication acceptance notification 502 including the assigned session ID and the generated challenge to the IMES receiver 300, which is the authentication request source.
[0196]
　In this way, when the authentication server 400 determines that the TOTP (authentication code) included in the authentication request is valid, the process of generating a challenge and transmitting it to the IMES receiver 300, which is the source of the authentication request, and the said A process of generating a session for the IMES receiver 300 that is the source of the authentication request and transmitting the generated session to the IMES receiver 300 that is the source of the authentication request is executed.
[0197]
　Along with the transmission of the authentication acceptance notification 502, the authentication server 400 temporarily stores the set of the assigned session ID and the generated challenge in the challenge table 422. An expiration date is set in advance for the information stored in the challenge table 422, and when the expiration date has passed, the stored information is invalidated. That is, the information stored in the challenge table 422 is effectively referred to in the second stage authentication during the preset expiration date.
[0198]
　The authentication server 400 transmits an authentication acceptance notification 502 including a challenge associated with the TOTP whose validity has been confirmed to the authentication API 3142 (sequence SQ5). The transmission of this authentication API 3142 means an approval response to the first-stage authentication. Then, it follows the second stage of authentication.
[0199]
　(I2: TOTP & CHAP authentication (second-stage authentication))
　FIG. 16 is a diagram for explaining the second-stage authentication of the position authentication process in the position information providing system 1 according to the present embodiment. With reference to FIG. 16, when the authentication API 3142 of the IMES receiver 300 receives the authentication acceptance notification 502 from the authentication server 400 (sequence SQ5), the response (determination target) 504 is generated (sequence SQ8). More specifically, the authentication API 3142 acquires IMES-A information 520 from the receiving function. The IMES-A information 520, unlike the IMES-A information 500 used for the first stage authentication, includes newer time information and the corresponding TOTP. That is, the time information and TOTP included in the IMES-A information 520 are all updated from the time information and TOTP used for the first-stage authentication.
[0200]
　The authentication API 3142 of the IMES receiver 300 sets the challenge included in the authentication acceptance notification 502 received from the authentication server 400 in advance and the TOTP included in the IMES-A information 520 into a response generation function Response (Challenge, TOTP). By inputting, a response (judgment target) 504 is generated (sequence SQ81). Like the TOTP generation function, the response generation function may employ a hash-based message authentication code. This response generation function itself is shared between the authentication API 3142 and the authentication server 400.
[0201]
　Then, the authentication API 3142 of the IMES receiver 300 transmits the second-stage authentication request 522 including the generated response (judgment target) 504 to the authentication server 400, and requests the second-stage authentication (TOTP & CHAP authentication) (sequence). SQ82).
[0202]
　In the second stage authentication request 522, in addition to the generated response (judgment target) 504, the session ID included in the authentication acceptance notification 502 and the time information and position information included in the IMES-A information 520 received from the receiving function. Includes (latitude, longitude, floor, etc.). The second-stage authentication request 522 is transmitted from the IMES receiver 300 to the authentication server 400 (corresponding to the sequence SQ10 shown in FIG. 14).
[0203]
　The authentication server 400 starts the second-stage authentication based on the second-stage authentication request 522 received from the IMES receiver 300 (sequence SQ11 shown in FIG. 14). The sequence SQ11 shown in FIG. 14 is mainly composed of the processes of the sequences SQ111 to SQ115 shown in FIG.
[0204]
　More specifically, the authentication server 400 searches the IMES transmitter 200 corresponding to the location information 5201 based on the location information 5201 included in the second-stage authentication request 522 received from the IMES receiver 300 (sequence SQ111). ). More specifically, the authentication server 400 extracts the location information 5201 from the second-stage authentication request 522, and also refers to the IMES transmitter master table 418 to specify the IMES transmitter 200 that transmits the location information 5201. IMES-TX information 528 for the purpose is acquired.
[0205]
　If the corresponding IMES-TX information 528 cannot be acquired, the authentication request is determined to be unsuccessful, and the location authentication process is stopped.
[0206]
　Subsequently, the authentication server 400 receives the second-stage authentication request 522 based on the acquired IMES-TX information 528 and the time information 520 included in the second-stage authentication request 522 received from the IMES receiver 300. The TOTP (true value) 512 corresponding to is generated (sequence SQ112). More specifically, the authentication server 400 refers to the IMES transmitter seed code master table 420 to acquire the seed code 530 corresponding to the IMES-TX information 528. Then, the authentication server 400 generates the TOTP (true value) 532 by inputting the acquired time information 5202 and the seed code 530 into the TOTP generation function.
[0207]
　Subsequently, the authentication server 400 generates a response (true value) 534 corresponding to the second-stage authentication request 522 received from the IMES receiver 300 (sequence SQ113). More specifically, the authentication server 400 extracts the session ID 5204 included in the second-stage authentication request 522, and also refers to the challenge table 422 and has issued the session ID 5204 corresponding to the extracted session ID 5204. Get Challenge 538. Then, the authentication server 400 generates a response (true value) 534 by inputting the generated TOTP (true value) 532 and the acquired challenge 538 into the response generation function. For example, the authentication server 400 concatenates the generated TOTP (true value) 532 and the acquired challenge 538 with a character string, and inputs the result of the character string concatenation to the response generation function to obtain a response (true value) as a hash value. Value) 534 is generated.
[0208]
　Subsequently, the authentication server 400 checks the validity of the response (determination target) 5203 included in the second-stage authentication request 522 received from the IMES receiver 300 (sequence SQ114). More specifically, the authentication server 400 determines whether or not the response (determination target) 5203 included in the second-stage authentication request 522 received from the IMES receiver 300 matches the response (true value) 534. The response (true value) 534 is a result that reflects both the authentication result of the first stage executed earlier and the TOTP generation schedule in the IMES transmitter 200 managed by the authentication server 400. If the response (judgment target) 5203 does not match the response (true value) 534, from the transmission of the authentication acceptance notification 502 indicating the result of the first-stage position authentication processing to the reception of the second-stage authentication request 522. In the process of, it can be determined that there was some kind of fraud. In this case, the authentication request is determined to be a failure, and the location authentication process is stopped.
[0209]
　In this way, the authentication server 400 is generated based on the previously transmitted challenge and the information (IMES-A information 520) in the IMES-A message newly received by the IMES receiver 300 to which the challenge is transmitted. In response to the second-stage authentication request 522 including the response (judgment target) 5203 to be performed, the validity of the response (judgment target) 5203 included in the second-stage authentication request 522 is determined.
[0210]
　Subsequently, the authentication server 400 generates an authentication code 506 corresponding to the response (determination target) 5203 determined to be valid (sequence SQ115). More specifically, the authentication server 400 randomly determines the authentication code 506 and transmits it to the IMES receiver 300, which is the authentication request source. At the same time, the authentication server 400 stores the time information and the position information (latitude, longitude, floor, etc.) in the authentication code table 424 in association with the authentication code 506 transmitted to the authentication request source IEMS receiver 300.
[0211]
　The authentication code 506 stored in the authentication code table 424 of the authentication server 400 corresponds to the evidence for proving when and where the IMES receiver 300 existed. Therefore, the authentication server 400 reads the location information corresponding to the authentication code included in the request from the authentication code table 424 and outputs it in response to the request accompanied by the authentication code from the outside. An expiration date may be set in advance for the authentication code 506 stored in the authentication code table 424.
[0212]
　When the two-step verification is successfully completed, the authentication server 400 transmits the authentication code 506 to the authentication API 3142 of the requesting IMES receiver 300 (sequence SQ12). Then, a series of position authentication processes are completed.
[0213]
　(I3: Consistency of expiration date and time)
　Next, management of consistency of expiration date and time in the above-mentioned two-step verification will be described.
[0214]
　In the position information providing system 1 according to the present embodiment, TOTP generated based on the time information and the seed code is used for the position authentication process. There may inevitably be a time lag between the TOTP generation timing and the execution timing of the position authentication process for the TOTP. Therefore, in order to prevent attacks using such a time lag, as a condition for the effectiveness of TOTP, it is adopted that the elapsed time from the time used for generating the TOTP is within the expiration date. Alternatively, it may be adopted that the time is consistent.
[0215]
　In the following, three conditions of (1) TOTP expiration date, (2) consistency of TOTP generation time, and (3) session expiration date will be described. Any one or more of these conditions can be combined.
[0216]
　FIG. 17 is a sequence diagram for explaining the management of the expiration date in the position authentication process in the position information providing system 1 according to the present embodiment.
[0217]
　First, (1) the TOTP expiration date will be described. With reference to FIG. 17, for example, in the first-step authentication or the second-step authentication, the TOTP transmitted from the IMASC 300 to the authentication server 400 must be within the expiration date from the generation time of the TOTP.
[0218]
　For example, the time when the authentication server 400 receives the IMES-A information 500 including the TOTP used in the first-stage authentication request (that is, the first-stage authentication request time) is used to generate the received TOTP. It may be a condition for starting the first-stage authentication that the time is within a predetermined expiration date (that is, the TOTP expiration date) from the time indicated by the time information (that is, the first-stage TOTP generation time).
[0219]
　Similarly, the time when the authentication server 400 receives the second-stage authentication request 522 including the TOTP used in the second-stage authentication request (that is, the second-stage authentication request time) is for generating the received TOTP. It may be a condition for starting the second stage authentication that it is within the predetermined expiration date (that is, the TOTP expiration date) from the time indicated by the time information used (that is, the second stage TOTP generation time). ..
[0220]
　In this way, whether or not the time when the authentication server 400 receives the TOTP (authentication code) is within a preset expiration date from the time indicated by the time information used for generating the TOTP (authentication code). The security level can be further increased by determining.
[0221]
　For example, if the transmission cycle of the IMES-A message is 3 seconds, the TOTP expiration date may be set to about 30 seconds. The length of the TOTP expiration date is appropriately set according to the required security level and the like.
[0222]
　Next, (2) consistency of TOTP generation time will be described. This condition states that the time indicated by the time information used to generate the TOTP used in the second-stage authentication request (second-stage TOTP generation time) must be later than the first-stage authentication request time. It is a thing. Such consistency of the TOTP generation time may be a condition for the position authentication process. This is to prevent an attack that reuses the TOTP used in the first-stage authentication request.
[0223]
　Finally, (3) session expiration date will be described. The condition is that the time between the first stage authentication and the second stage authentication must be within the expiration date. More specifically, from the time when the authentication server 400 generates a session and a challenge (that is, the session / challenge generation time) to the time when the authentication server 400 receives the second-stage authentication request 522 (second-stage authentication request time). The condition of the location authentication process is that the time of is within the session expiration date.
[0224]
　As described above, the second-stage authentication request 522 transmitted from the authentication API 3142 to the authentication server 400 includes the session ID (identification information) for identifying the previously set session. Then, the authentication server 400 determines whether or not the session specified in the second-stage authentication request 522 is within the preset session expiration date.
[0225]
　The session expiration date may be set to, for example, about 3 minutes if the IMES-A message transmission cycle is 3 seconds. The length of the session expiration date is appropriately set according to the required security level and the like.
[0226]
　By setting the consistency of the expiration date and time as described above as the conditions for the location authentication process, the security level can be further enhanced.
[0227]
　(I4: Security enhancement measures) In the
　location information providing system 1 according to the present embodiment, sufficient security can be ensured by adopting the above-mentioned two-step verification. However, in order to further increase the security level, (1) security enhancement measures using additional information or (2) security enhancement measures using behavioral analysis results may be further implemented. By additionally implementing such security enhancement measures, the security level of the location information providing system 1 can be further enhanced.
[0228]
　(1) Security enhancement measures using additional information
　For example, in each of the first stage and the second stage, the IMES receiver 300 transmits additional information to the authentication server 400 to obtain the IMES receiver 300. It is also possible to authenticate the same session property with the authentication server 400.
[0229]
　As such additional information, when the IMES receiver 300 is a mobile terminal, it is uniquely assigned to each mobile terminal such as IMSI (International Mobile Subscriber Identity) or IMEI (International Mobile Equipment Identity). Identification information can be used. Alternatively, when the IMES receiver 300 uses public wireless communication, a cell ID indicating a connected cell or the like can be used as additional information.
[0230]
　Alternatively, when the IMES receiver 300 has a wireless LAN function, it is dynamic such as SSID (Service Set Identifier) ​​or Received Signal Strength Indicator (RSSI) of the connected access point. Information can be used as additional information.
[0231]
　In this way, in addition to the IMES-A message information output from the receiving function of the IMES receiver 300, the identification information or the environmental information of the IMES receiver 300, which is independent of the IMES-A message, can be used in the same session. From the attacker's point of view, it is necessary to separately collect multiple pieces of consistent information, which increases the difficulty of the attack. That is, by verifying the same sessionability using such additional information, it is possible to prevent user spoofing.
[0232]
　(2) Security enhancement measures using behavior analysis results Security enhancement measures using
　behavior analysis results aim to detect abnormalities or frauds in location authentication by learning past data.
[0233]
　The location information providing system 1 according to the present embodiment is mainly responsible for authenticating the authenticity of the location information presented by the IMES receiver 300. This authenticated position information corresponds to the existing position of the IMES receiver 300 at each time point, and the distance that can be moved per unit time is limited. Further, the change in the position information depends on the behavior of the user who owns the IMES receiver 300.
[0234]
　Therefore, for example, by learning the past movement history or action history of the user based on the temporal change of the position information, it is possible to detect an attack such as impersonation of the user. That is, it is possible to detect the impersonation of the user by the behavior analysis. Specifically, by adopting machine learning using techniques such as inductive logic programming (ILP) or reinforcement learning, such user impersonation can be detected.
[0235]
　Examples of logic that uses such behavioral analysis results include the following.
[0236]
　-If you are traveling a distance that cannot be moved within the time from the previous authentication to this authentication.
[0237]
　・ When the behavior deviates greatly from the past behavior pattern (for example, according to the past behavior history, it often exists in a specific area during the daytime on weekdays, but another area far away in the same time zone. When the position information indicating the position in is transmitted).
[0238]
　The above-mentioned abnormality detection pattern is an example, and an arbitrary abnormality detection pattern can be determined by machine learning.
[0239]
　It should be noted that the security enhancement measures as described above can be an index not only for improving the security level but also for calculating the creditworthiness of the location authentication itself for presenting to the application side.
[0240]
　(I5: Authenticity of data exchanged between the IMES receiver and the authentication server) In the
　location information providing system 1 according to the present embodiment, sufficient security is ensured by adopting the above-mentioned two-step authentication. It is possible to do. However, in order to further increase the security level, a mechanism for guaranteeing the authenticity of the data exchanged between the IMES receiver 300 and the authentication server 400 may be provided.
[0241]
　Specifically, the data exchanged between the IMES receiver 300 and the authentication server 400 is digitally signed by the transmitting device to indicate the authenticity of the data, and is added to the data received by the receiving device. The authenticity of the received data may be ensured by verifying the added electronic signature.
[0242]
　By exchanging data with such an electronic signature added, the security level can be further enhanced. The private key may be shared between the IMES receiver 300 and the authentication server 400 by using a known key exchange method, or a public key encryption method may be adopted.
[0243]
　
　Next, some application examples using the location information providing system 1 according to the present embodiment will be described.

WE CLAIMS

[Claim 1]A position information providing system
　having a time that is synchronized with each other, comprising at least one message transmitter and the authentication server,
　each of said at least one message transmitter
　　uniquely assigned to time and each message transmitter The 　authentication server includes 　　at least one of the generation means for generating an authentication code depending on a unique code,
　　and a transmission means for transmitting a message including location information and time information and the generated authentication code . In response to an authentication request containing the information in the message from the receiver that received the message sent by one of the message transmitters, the time information included in the authentication request and the time information included in the authentication request are included in the authentication request. By determining the validity of the authentication code included in the authentication request based on the unique code uniquely assigned to the message transmitter corresponding to the location information, the authenticity of the location information included in the authentication request is determined. A 　　location information providing system including an authentication means for authenticating the sex and a storage means for storing the location information whose authenticity has been authenticated.

[Claim 2]
　When the authentication means
　　determines that the authentication code included in the authentication request is valid, the means
　　for generating a challenge and transmitting the challenge to the receiver of the source of the authentication request, and the transmitted challenge and the transmission of the challenge. In response to the second authentication request, which includes the response generated based on the information in the newly received message in the previous receiver, the validity of the response included in the second authentication request is determined. The location information providing system according to claim 1, further comprising means for performing the authentication.
[Claim 3]
　When the authentication means determines that the authentication code included in the authentication request is valid, the authentication means sets a session for the receiver of the source of the authentication request, and receives the generated session from the source of the authentication request.
　The location information providing system according to claim 2, further comprising means for transmitting to the machine, wherein the second authentication request includes identification information for identifying the set session.
[Claim 4]
　The location information providing system according to claim 3, wherein the authentication means further includes means for determining whether or not the session specified in the second authentication request is within a preset expiration date.
[Claim 5]
　The authentication means further includes means for determining whether or not the time when the authentication code is received is within a preset expiration date from the time indicated by the time information used for generating the authentication code. The location information providing system according to any one of items 1 to 4.
[Claim 6]
　The authentication means further includes means for issuing an authentication code corresponding to the location information whose authenticity has been authenticated, and the
　storage means associates the location information whose authenticity has been authenticated with the issued authentication code. The location information providing system according to any one of claims 1 to 5, which is stored.
[Claim 7]
　The location information providing system according to claim 6, wherein the storage means outputs location information corresponding to the authentication code included in the request in response to a request accompanied by an authentication code from the outside.
[Claim 8]
　The location information providing system according to any one of claims 1 to 7, wherein the authentication server further includes means for transmitting the unique code to each of the at least one message transmitter.
[Claim 9]
　The position information providing system according to any one of claims 1 to 8, wherein the message transmitter transmits a message compatible with a radio signal from a positioning satellite system.
[Claim 10]
　A method of providing location information in a location information providing system including at least one message transmitter and an authentication server having a time synchronized with each other,
　wherein each of the at least one message transmitter is attached to a time and each message transmitter. A step of generating an authentication code depending on a uniquely assigned unique code, and a step
　of each of the at least one message transmitter transmitting a message including location information and time information and the generated authentication code. In
　response to the authentication request including the information in the message from the receiver that received the message transmitted by any of the message transmitters, the authentication server responds to the authentication request. By determining the validity of the authentication code included in the authentication request based on the time information included in the authentication request and the unique code uniquely assigned to the message transmitter corresponding to the location information included in the authentication request. , A
　location information providing method including a step of authenticating the authenticity of the location information included in the authentication request and a step of storing the location information whose authenticity has been authenticated.