Electronic device authentication system
The authentication system for electronic devices uses data acquisition and machine learning to authenticate users based on their behavior patterns, ensuring high security and user-friendliness by locking devices on unauthorized access and notifying users of potential misuse.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SEMICON ENERGY LAB CO LTD
- Filing Date
- 2026-04-06
- Publication Date
- 2026-06-18
AI Technical Summary
Existing electronic device authentication systems face challenges in providing high security, user-friendliness, and minimizing personal information leakage while ensuring minimal inconvenience to users.
An authentication system for electronic devices incorporating data acquisition, storage, and multiple authentication means, including biometric methods, that learns user behavior patterns through sensors to authenticate users based on their usage habits and tendencies.
The system provides a highly secure, user-friendly, and accurate authentication method that minimizes personal information leakage by locking devices when unauthorized access is detected and notifying users of potential misuse.
Smart Images

Figure 2026099923000001_ABST
Abstract
Description
Technical Field
[0001] One aspect of the present invention relates to an electronic device. One aspect of the present invention relates to an information terminal device. The present invention relates to an authentication system.
[0002] Note that one aspect of the present invention is not limited to the above technical field. The technical field of one aspect of the present invention disclosed in this specification and the like includes semiconductor devices, display devices, light-emitting devices, power storage devices, storage devices , electronic devices, lighting devices, input devices, input / output devices, their driving methods, or their manufacturing methods, as an example. A semiconductor device refers to all devices that can function by utilizing semiconductor characteristics.
Background Art
[0003] In recent years, information terminal devices such as mobile phones such as smartphones, tablet-type information terminals, and notebook PCs (personal computers) have become widely popular. Such information terminal devices often contain personal information and the like, and various authentication technologies have been developed to prevent unauthorized use.
[0004] For example, Patent Document 1 discloses an electronic device provided with a fingerprint sensor in a push button switch section.
Prior Art Documents
Patent Documents
[0005]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0006] One aspect of the present invention provides an authentication system for electronic devices with a high level of security. One of the challenges is to provide a user-friendly authentication system for electronic devices. One of the challenges is to create an authentication system for electronic devices that is less inconvenient for users. One of the objectives is to provide a system, or a highly accurate electronic device authentication system. One of the challenges is to provide it. Alternatively, electronic devices that minimize the risk of personal information leakage. One of our objectives is to provide an authentication system for devices.
[0007] Furthermore, the description of these problems does not preclude the existence of other problems. One approach does not require that all of these issues be resolved. The title can be extracted from descriptions such as the specification, drawings, and claims. [Means for solving the problem]
[0008] One aspect of the present invention is an electronic device having authentication means, data acquisition means, and data storage means. This is an authentication system for devices. The data retention means is for a first user who has been registered in advance. The system accumulates first data related to the usage status and generates a first data set containing multiple first data. It has the function of acquiring data. The data acquisition means acquires the usage status of a second user operating the electronic device. It has a function to acquire second data relating to the state. The authentication means acquires the first data set and the second data Based on the data, a function to authenticate that the second user is the first user, and the second It has a function to lock electronic devices when the user is not authenticated. The data retention means has the function of deleting the first data included in the first data group.
[0009] Also, in the above, it is preferable that the authentication means has a function of updating the first data group using the second data. Preferably.
[0010] One aspect of the present invention is an authentication system for an electronic device having a first authentication means, a second authentication means, a data acquisition means, and a data holding means. The data holding means accumulates first data related to the usage state of a pre-registered first user and has a function of generating a first data group including a plurality of first data. The first authentication means has a function of authenticating that a second user operating the electronic device is the first user, and a function of releasing the locked state of the electronic device when the second user is authenticated. The data acquisition means has a function of acquiring second data related to the usage state of the second user in a state where the locked state of the electronic device is released. The second authentication means has a function of authenticating that the second user is the first user based on the first data group and the second data, and a function of setting the electronic device in a locked state when the second user is not authenticated. Further, the data holding means has a function of deleting the oldest first data among the plurality of first data included in the first data group. Preferably, it accumulates first data related to the usage state of a pre-registered first user and has a function of generating a first data group including a plurality of first data. Preferably, the first authentication means has a function of authenticating that a second user operating the electronic device is the first user, and a function of releasing the locked state of the electronic device when the second user is authenticated. Preferably, the data acquisition means has a function of acquiring second data related to the usage state of the second user in a state where the locked state of the electronic device is released. Preferably, the second authentication means has a function of authenticating that the second user is the first user based on the first data group and the second data, and a function of setting the electronic device in a locked state when the second user is not authenticated. Preferably, the data acquisition means has a function of acquiring second data related to the usage state of the second user in a state where the locked state of the electronic device is released. Preferably, the second authentication means has a function of authenticating that the second user is the first user based on the first data group and the second data, and a function of setting the electronic device in a locked state when the second user is not authenticated. Preferably, the second authentication means has a function of authenticating that the second user is the first user based on the first data group and the second data, and a function of setting the electronic device in a locked state when the second user is not authenticated. Preferably, the data holding means has a function of deleting the oldest first data among the plurality of first data included in the first data group. Preferably, the data holding means has a function of deleting the oldest first data among the plurality of first data included in the first data group. Preferably, the data holding means has a function of deleting the oldest first data among the plurality of first data included in the first data group.
[0011] Also, in the above, it is preferable that the second authentication means has a function of outputting the second data as one first data to the data holding means when the second user is authenticated. Preferably. Preferably.
[0012] Also, in the above, it is preferable that the first data and the second data include one or more of the attitude information of the electronic device, the information on the position of the hand touching the electronic device, and the position information. Preferably.
[0013] Also, in the above, the first data group preferably includes one or more of the startup history of application software, startup time, usage time, setting information, operation history, and the startup order of a plurality of application software.
[0014] Also, in the above, the second authentication means preferably has a function of authenticating the second user using anomaly detection. At this time, the second authentication means preferably has a function of authenticating the second user based on inference using machine learning.
[0015] Also, in the above, the first authentication means preferably includes any one or more of face authentication, fingerprint authentication, vein authentication, voiceprint authentication, iris authentication, code input authentication, and pattern input authentication.
Advantages of the Invention
[0016] According to one aspect of the present invention, it is possible to provide an authentication system for an electronic device with a high security level. Or, it is possible to provide a user-friendly authentication system for an electronic device. Or, it is possible to provide an authentication system for an electronic device that is less likely to bother the user. Or, it is possible to provide an authentication system for an electronic device with high accuracy. Or, it is possible to provide an authentication system for an electronic device in which the risk of leakage of personal information is suppressed.
[0017] Note that the description of these effects does not prevent the existence of other effects. Note that one aspect of the present invention does not necessarily have to have all of these effects. Note that other effects can be extracted from the descriptions in the specification, drawings, claims, etc.
Brief Description of the Drawings
[0018] [Figure 1] Figure 1 shows an example of the system configuration. [Figure 2] Figures 2A and 2C illustrate a method for measuring the inclination angle. [Figure 3] Figures 3A to 3D show examples of data storage configurations. [Figure 4] Figure 4 is a flowchart illustrating the operation of the system. [Figure 5] Figure 5 is a flowchart illustrating the operation of the system. [Figure 6] Figures 6A to 6E show examples of how electronic devices are used. [Figure 7] Figure 7 shows an example of the configuration of an information processing device. [Modes for carrying out the invention]
[0019] The embodiments will be described below with reference to the drawings. However, many embodiments are described. It can be implemented in different ways, without deviating from its purpose and scope. Those skilled in the art will readily understand that the form and details can be modified in various ways. Therefore, the present invention This shall not be interpreted as being limited to the contents described in the following embodiments.
[0020] In the configuration of the invention described below, the same part or part having a similar function is The same reference numerals are used consistently across different drawings, and explanations of their repetition are omitted. When referring to the function of [this], the hatch pattern is the same, and sometimes no specific symbol is assigned.
[0021] In each figure described herein, the size, layer thickness, or area of each component is not specified. This may be exaggerated for clarity. Therefore, it is not necessarily limited to that scale. I can't.
[0022] In this specification, ordinal numbers such as "the first," "the second," etc., are used to avoid confusion of constituent elements. This is added for the purpose of providing a numerical limit, and is not intended to limit the number of items.
[0023] (Embodiment 1) This embodiment describes an electronic device according to one aspect of the present invention and an authentication system for the electronic device. I will reveal it.
[0024] In the drawings attached to this specification, the components are classified by function and shown as independent of each other. Although a block diagram is shown as a lock, the actual components are completely separated by function. This is difficult because one component may be involved in multiple functions, or one function may be involved in multiple components. It's possible that this could happen naturally.
[0025] [Example of system configuration] Figure 1 shows a block diagram of a system 10 according to one embodiment of the present invention. System 10 is a first Authentication means 11, second authentication means 12, data acquisition means 13, data storage means 14 The system 10 has the following features. The system 10 can be incorporated into electronic devices such as information terminals.
[0026] The first authentication means 11 is used when a user (also called a second user) operating an electronic device, Whether or not the user is a pre-registered user (also called the first user or true user) To make a judgment (also called authentication). The first authentication means 11 determines that the second user is the first user When it is determined that this is the case, that is, when authentication is successful, the device will unlock the electronic device. To have the ability.
[0027] Authentication methods applicable to the first authentication means 11 include, for example, password entry and pattern input. Authentication methods using user input, such as fingerprint authentication, vein authentication, or voiceprint authentication. Authentication methods that utilize the user's biometric information, such as authentication, facial recognition, and iris recognition (biometric authentication) Examples include (also known as).
[0028] The second authentication means 12 is a data group 20 held in the data holding means 14 and data acquisition Based on the data 22 obtained by means 13, the second user using electronic equipment The system determines whether the user is the first user who has been registered in advance. The authentication means 12, when it determines that the second user is not the first user, uses an electronic device. It can be locked.
[0029] The data acquisition means 13 acquires data from the second user authenticated by the first authentication means 11. A function to acquire data 22 relating to the usage status of a child device, and a second authentication method for the said data 22 It has a function to output to stage 12.
[0030] The data 22 acquired by the data acquisition means 13 includes the attitude information of the electronic device, and the electronic device Various types of information can be cited, such as information about the position of hands and fingers touching something, and information about the location of electronic devices.
[0031] Typical orientation information for electronic devices includes information about the tilt angle of the electronic device. The data acquisition means 13 is configured to include an acceleration sensor, which allows for the tilt of the electronic device. It can measure angles.
[0032] Figures 2A and 2B illustrate the method for measuring the tilt angle using an acceleration sensor. For simplicity, we will explain the uniaxial inclination here.
[0033] Figures 2A and 2B show the electronic device 10A, which has an acceleration sensor 13A, viewed from the side. A schematic diagram of the time is shown. Also, Figures 2A and 2B show the vertical of the electronic device 10A. Figure 2A shows the situation where gravitational acceleration G is applied in the direction. Figure 2B shows the state where the object is held flat, while Figure 2A shows the state where it is tilted by an angle θ. In this case, the electronic device 10A is not given any acceleration other than the acceleration due to gravity G. It will be assumed that it does not exist.
[0034] Here, the acceleration sensor 13A receives input in the extension direction (X direction) of the electronic device 10A. Assume that an output value A[a] proportional to the magnitude of velocity a can be output. In the state shown in Figure 2A. Since no acceleration is applied in the horizontal direction, the output value is A[0].
[0035] Regarding the state shown in Figure 2B, Figure 2C shows the gravitational acceleration G in the direction of extension of the electronic device 10A. A schematic diagram is shown, decomposed into the X direction and the thickness direction (Y direction). Acceleration applied in the X direction G X And the acceleration G given in the Y direction. Y It is given by the following equation, using the acceleration due to gravity G. ru.
[0036]
number
[0037] Therefore, the output value A[G] of the acceleration sensor 13A X ] is determined by the angle θ. Furthermore, by using the above formula, the output value A[G] of the acceleration sensor 13A can be calculated. X ] from, electronic device 1 The inclination angle θ of 0A can be calculated.
[0038] The above explains how to measure the tilt angle using an acceleration sensor.
[0039] The data 22 acquired by the data acquisition means 13 includes the hands and fingers of the user touching the electronic device. When using location information, the data acquisition means 13 is a device such as an electronic device housing. The device can be configured to include sensors that detect contact with fingers or other body parts.
[0040] Furthermore, when using location information of electronic devices as data 22, the data acquisition means 13 For example, GPS (Global Positioning System) A receiving device capable of receiving the STEM signal can be used. Alternatively, the location information of the electronic device can be used. One way to obtain it is by accessing the wireless LAN (Local Area Network). Methods that utilize the location information of a phone, or the distance between a cell phone base station and an electronic device. Methods for estimating information are used.
[0041] Additionally, the movement speed of the electronic device can be used as data 22. For example, the above position The speed of movement can be estimated from the changes in information over time. Furthermore, the above acceleration sensor can be used. Furthermore, the movement speed can be estimated from the movement speed. The number of steps can be estimated. For example, if the estimated speed of movement is about 5 km / h, If it can be estimated that the person is walking and moving at around 10 km / h, then it is likely they are running or riding a bicycle, etc. It can be estimated that it is traveling at a speed exceeding 30 km / h, and if it is a car, motorcycle, or train, It can be estimated that they are moving by means of [unspecified means].
[0042] Information that can be used as data 22 includes the user's usage status of electronic devices. Various information related to this can be used. For example, the startup time of electronic devices, applications Application software launch history, the order in which multiple application software is launched, specific application The time from when the application software is launched until it is closed, for a specific application software Examples include the frequency of startup. Also, information on volume settings when playing music and videos, and interface data. - Browsing history information from web browsers, search terms entered when using search software, etc. Items purchased through online shopping, transaction information via internet banking Information that can identify an individual, such as reports, can be used as data 22. For example, The acquired data 22 is obtained without using any special sensor device or the like as the data acquisition means 13. It is possible.
[0043] Furthermore, information that can be used as data 22 includes information input by the user. Information related to the operation can also be used. For example, the operation of text input using a touch panel. Speed of operation, speed of typing on a keyboard, or speed of mouse, touchpad, etc. Examples include input trajectories using pointing devices such as touch panels and styluses. This type of information input is unique to the user, and therefore, it can be used to identify an individual. It can be suitably used as data. At this time, the various input means described above can be used The configuration can also serve as a means for acquiring data 13.
[0044] The data holding means 14 has the function of holding a data group 20 consisting of multiple data, and data The data retention means 14 has a function to delete old data included in group 20. It can also be said that it has the function of generating, managing, or updating group 20.
[0045] As shown in Figure 1, the data group 20 consists of multiple data (data 21(1), data 21( 2) etc. Furthermore, in the following discussion, each data point included in data group 20 will be distinguished. If not necessary, it will be explained as Data 21.
[0046] Each data 21 includes data 22 acquired by the data acquisition means 13. This is the data output from the second authentication means 12 to the data holding means 14. Also, data 2 In each case, time information is added. Typical examples of time information include data acquisition means 1. Information about the time the data was acquired by method 3 is provided.
[0047] Furthermore, if time-series data is used as the data 22 acquired by the data acquisition means 13, In other words, it includes multiple data elements acquired within a predetermined period, and each data element If the acquisition times differ, the time information associated with data 22 will be limited to one. This is preferable. In this case, the data 22 contains information about the acquisition time of each data element. It is preferable to make it a finished product.
[0048] In Figure 1, the data 21(1) contained in data group 20 is time information, time t1 This means data with the annotation added. Similarly, data 21(2) is time information, time t This means data with a 2 added to it. Here, time t1 is a time earlier than time t2. The larger the number, the newer the data.
[0049] The data retention means 14 is newly equipped with data 21 input from the second authentication means 12. And are stored. Here, the data holding means 14 stores multiple data included in the data group 20. It is preferable that the system has a function to delete the oldest data among the data points 21.
[0050] Figure 3A schematically shows the data holding means 14 and the data group 20. Here, As data group 20, n data 21(1) to data 21(n) are, The data is held in the data holding means 14. Here, out of n data 21, data 21(1 ) is the oldest data, and data 21(n) is the newest data.
[0051] The data retention means 14 deletes data 21 that has exceeded a certain period of time from the data group 20. It has the ability. Figure 3B simulates the process of deleting data 21(1) from data group 20. This is shown formulaically. In this process, at least data 21(1) from data group 20 is It is sufficient that the data is excluded, and the excluded data 21 is taken from the storage device of the data retention means 14. You may delete the data itself, or you may retain the excluded data without deleting it.
[0052] Furthermore, the data retention means 14 stores the data 21 input from the second authentication means 12. It has the function of adding to group 20. In Figure 3C, the data input from the second authentication means 12 This schematic diagram illustrates how to add the most recent data point, 21(n+1), to the data set 20. It is showing.
[0053] The data 21 that make up data group 20 are, for example, from the past year, the past six months, or the past year. This can be data from within the last three months, for example. Note that data older than one year is also acceptable. You may use option 1, but consider changes in the first user's electronic device usage and behavioral patterns. To address this, it is preferable to construct the data set 20 using data 21 from within the last year. This is especially true if the user is a child, as the rate of change described above is rapid as they grow. As data 21 that makes up data group 20, very recent data (for example, within the last 3 months) is used. It is preferable that they be present.
[0054] The number of data points 21 contained in data group 20 affects the accuracy of the judgment of the second authentication means 12. Therefore, depending on the method used for the second authentication means 12, the determination is made considering accuracy and processing speed. For example, when the second authentication means 12 performs anomaly detection based on the k-nearest neighbor method. The number of data points 21 included in the data group 20 is 100 or more, preferably 500 or more. More preferably, using 1000 or more units is preferable because it enables highly accurate anomaly detection. stomach.
[0055] Here, the frequency of deletion of data 21 by the data retention means 14 is, for example, in advance Data older than a specified period (e.g., one year) can be deleted at any time. Oh, if the frequency of deletion is higher than the frequency of addition of data 21, then the data in data group 20 Since the number of data 21 decreases, the frequency of deletion can be reduced. On the other hand, if data 21 is added... If the frequency of deletion is higher than the frequency of addition, the number of data points 21 in data group 20 will increase. Therefore, the frequency of deletion can be increased. Here, data 21 in data group 20 If all of the data is recent (for example, within the last week), then authentication by the second authentication method 12 The accuracy may decrease. Therefore, in cases where the frequency of adding data 21 is high, Instead of deleting the oldest data first, the data within data set 20 is thinned out. It is preferable to adjust the number of 21. The frequency of adding data 21 is determined by the second authentication means. It can be controlled by 12.
[0056] Furthermore, as shown in Figure 3D, the data holding means 14 receives data 2 from the second authentication means 12. When 1(n+1) is added, the oldest data 21(1) is deleted. This is also good. As a result, the data holding means 14 always holds the same number of data (in this case, n items) 2 Since a data set 20 containing 1 will be retained, there is no need to adjust the number of data points. This allows for a simplification of the process.
[0057] Next, the operation of the second authentication means 12 will be explained.
[0058] The second authentication means 12 is authenticated by the first authentication means 11 and is used by users operating electronic devices. Perform the authentication process (hereinafter also referred to as the authentication process) to authenticate the user (second user). The verification process involves the data group 20 held in the data holding means 14 and the data acquisition means 13. This is done using the acquired data 22.
[0059] First, the authentication process by the second authentication means 12 will be explained. The authentication process should preferably employ anomaly detection (also known as outlier detection) techniques. Typical methods of detection include detection methods based on the distance between data points and methods based on data density. Detection methods include methods based on the statistical distribution of data, and methods based on the angle between data points. There are several methods. Distance-based detection methods include nearest neighbor method, k-nearest neighbor method, and subspace method. One detection method based on density is local outlier factor (LOF). Methods such as the r-Factor method and the iForest (Isolation Forest) method. Yes, there is. As a detection method based on statistical distributions, Hotelling's T2 The method uses a Gaussian mixture distribution. These methods include kernel density estimation. As for detection methods based on angles between data points, Methods such as ABOD (Angle Based Outlier Detection) exist. In addition, another method is the Support Vector Machine (SVM). There are methods using vector machines. As for support vector machines, In particular, the use of a One Class SVM is preferred.
[0060] Anomaly detection performed in the authentication process by the second authentication means 12 is performed using machine learning inference. This may be done more frequently. In particular, it may be done by inference using neural networks. Preferred. When machine learning is used, the second authentication means 12 is trained using the data set 20. The configuration can have a learning model. The second authentication means 12 has the learning model Based on the output value when data 22 is input to the log, it determines whether data 22 is a normal value or abnormal. It is possible to infer whether it is a value.
[0061] When using machine learning, when the dataset 20 is updated, the updated dataset 20 is used. It is preferable to use this to generate or update a new learning model. Alternatively, the learning model may be used In contrast, by performing reinforcement learning using the newly added data 22, the learning model is updated. That's fine.
[0062] The following describes an example of anomaly detection using the k-nearest neighbors method. The multiple data points 21 and 22 included in group 20 are treated as vectors. Here, the dimension of the vector is determined according to data 21 and data 22, for example, As mentioned earlier, data representing the tilt of an electronic device in one axis direction will be a one-dimensional vector, while data representing the tilt in two axes will be a one-dimensional vector. In the case of the slope, it becomes a two-dimensional vector.
[0063] Next, we have a sphere centered on data 22 and containing k instances of data 21 (where k is an integer greater than or equal to 1). When considering this, the radius of the sphere can be taken as the anomaly score R1 of data 22. Here, The constancy R1 may also be defined as the distance from data 22 to the k-th closest data 21. The distance in question can typically be expressed as the Euclidean distance, but standardized Euclidean distance Distance, Mahalanobis distance, Manhattan distance, Chebyshev distance, Minkowski distance, etc. Depending on the type of data (22), the optimal distance can be used.
[0064] The anomaly score R1 of the data 22 calculated as described above exceeds the pre-set threshold. If this occurs, it can be determined that data 22 is an outlier. In other words, the second authentication method Stage 12 is when a second user operating an electronic device accesses a first user who has been pre-registered. It can be determined that it is not a tide.
[0065] On the other hand, if the anomaly score R1 does not exceed the threshold, it is not determined that data 22 is an anomaly. Since it cannot be determined, it can be considered a normal value. At this time, the second authentication means 12 is the second The user can be determined to be the first user.
[0066] The above is an explanation of the k-nearest neighbors method.
[0067] The above is an explanation of the authentication process.
[0068] The second authentication means 12 is that the authentication process determines that the second user is not the first user. When it is determined that this is the case, the electronic device can be put into a locked state. On the other hand, the second user If it is determined that the user is the primary user, the login status of the electronic device will be maintained.
[0069] When the login state of the electronic device is maintained, the second authentication means 12 then retrieves the data. The device may remain in a waiting state until data 22 is output from the acquisition means 13. Alternatively, Even if you request the data acquisition means 13 to acquire data 22 after the specified time has elapsed good.
[0070] Furthermore, the second authentication means 12, through the above authentication process, enables the second user to authenticate the first user When it is determined that it is a user, the data 22 used in the authentication process is used as the latest data 21. The data can be output to the data holding means 14. The data set 20 is always authenticated by both the first authentication means 11 and the second authentication means 12. It only includes data about the user who was selected, and there is a risk that information about other users may be mixed in. Because there is no such issue, the accuracy of authentication can be maintained at a high level.
[0071] The above is a description of the operation of the second authentication method 12.
[0072] Here, the system 10 has a first authentication means 11, a second authentication means 12, and data acquisition. Some functions of means 13 and data storage means 14 are provided by a server located separately from the electronic device. -This configuration may be implemented using the following methods. In particular, the computational scale of the first or second authentication means. If the amount is large, the data is sent to an external server via the network for part of the calculation. By having the server execute this, the scale of the computation of the first or second authentication means It can be reduced.
[0073] Here, the first authentication means 11, the second authentication means 12, and the data acquisition means 13 shown in Figure 1, Furthermore, it is particularly preferable that the data storage means 14 be configured so that processing is completed within a single electronic device. It seems so. Data 22 and Data Group 20 contain information for identifying and distinguishing individuals. Therefore, transmitting such information to an external party via a network could lead to the data being misused. The risk increases. Therefore, by completing the processing within a single electronic device, the security is extremely high. This enables the realization of a highly reliable authentication system. Furthermore, the processing is handled by a single electronic device. This is not limited to, but also applies to multiple electronic devices connected to an individual's home area network, or It can also be used as a configuration for sending and receiving data between electronic devices within a local network, such as in a company. stomach.
[0074] [Example of System 10 operation] The following describes an example of the operation of the system 10. Figure 4 shows the operation of the system 10. This is a flowchart of the operation. The flowchart shown in Figure 4 is from step S0 to step It has a hop S6.
[0075] In step S0, the operation begins. For example, the power to an electronic device is turned on. When the display is touched, or when the orientation of the electronic device changes significantly, Then, the operation begins. At this time, the electronic device is in a locked state.
[0076] In step S1, authentication processing is performed by the first authentication means 11 (first authentication). If authenticated, proceed to step S2. If not authenticated, the electronic device The system remains locked and returns to step S1.
[0077] In step S2, the electronic device is unlocked and the system is logged in. It can be done.
[0078] In step S3, data 22 is acquired by the data acquisition means 13. The data acquisition means 13, in response to a request from the second authentication means 12, uses the acquired data 22 to... This can be output to the authentication means 12.
[0079] In step S4, authentication processing is performed by the second authentication means 12 (second authentication). If authenticated, proceed to step S5. If not authenticated, proceed to step We will be moving to S6.
[0080] In step S5, the second authentication means 12 puts the data 22 used for authentication into one data The data is output to the data holding means 14 as TA21. The data holding means 14 receives the newly input data. Based on data 21, update data set 20.
[0081] Furthermore, in step S5, the data holding means 14 retrieves old data from the data group 20. You may update the data set 20 by deleting 21. The timing of removal is not limited to step S5, but can be done periodically at predetermined intervals. It may be done (for example, once a day or once a week), and Data 21 Even if data 21 is deleted after a predetermined period has elapsed based on time information, good.
[0082] In step S5, the second authentication method determines whether or not to perform the update of the data group 20. It is preferable that it is controlled by stage 12. That is, the data 22 used for authentication is There may be cases where the data is not stored in the data storage means 14 and the data group 20 is not updated. If the data acquisition means 13 acquires data 22 at a high frequency, then data 22 is acquired. Each time the data group 20 of the data holding means 14 is updated, multiple data within the data group 20 There is a risk that the proportion of new data in Data 21 will be too large. Therefore, the second The authentication means 12, based on the time information of each data 21 included in the data group 20, It is preferable to adjust the update frequency of group 20.
[0083] In step S5, after the update of data group 20 is completed, the process proceeds to step S3. This allows the authentication process by the second authentication means 12 to continue during the period the electronic device is in use. It can be repeated. Therefore, it is possible to authenticate users with extremely high accuracy. Yes, it is possible. Also, since the acquisition of data 22 by the data acquisition means 13 is repeated, The number of data 21 stored in the data group 20 can be increased, and by the second authentication means 12 This allows for a higher accuracy in the authentication process.
[0084] If authentication is not performed in step S4, then in step S6, lock the electronic device. The system transitions to a log-off state, and the system logs off. This occurs when operating electronic devices. The second user will no longer be able to use the electronic device. Then, step S1 is repeated. It will transition to [this].
[0085] The above is an explanation of the flowchart shown in Figure 4.
[0086] Here, as shown in Figure 5, the process may proceed to step S7 after step S6. In Step S7, if the electronic device is misused by a pre-registered primary user... Notifies you of the possibility that something is wrong (alarm notification).
[0087] For example, one method of alarm notification is to notify other electronic devices owned by the first user. To display the message, send it to a pre-registered email address or social media account. Sending messages in various forms, such as text, audio, or video, can be done in many ways. This is possible. Furthermore, the alarm notification is sent not only to the first user, but also to the seller of the electronic device. It is preferable to be able to pre-configure the system to notify telecommunications carriers or the police, etc. .
[0088] Furthermore, it is preferable to simultaneously notify the location information of the electronic device when an alarm is issued. Also, information regarding the usage history of electronic devices (for example, information about purchasing products via the internet or It is preferable to also notify the customer of the transaction status (such as financial transactions) when financial transactions are conducted.
[0089] The above is an explanation of an example of the system's operation.
[0090] [Specific example] The following describes a specific case in which an electronic device to which an authentication system according to one aspect of the present invention is applied is used. Let me explain a typical example.
[0091] Figure 6A shows user 50 operating electronic device 55. In 55, an authentication system according to one aspect of the present invention is applied. User 50 is an electronic device There are 55 owners, and 50 users are already registered in the authentication system.
[0092] Figure 6B shows the tilt θ1 of the electronic device 55 when used by user 50, and user 5 This schematically shows the position of the 0 in the 51 position.
[0093] Figure 6C shows a malicious user 50X operating the electronic device 55. Yes. User 50X differs from User 50 in height, build, and other physical characteristics (appearance). Yes, they are.
[0094] Figure 6D shows the tilt θ2 of the electronic device 55 when used by user 50X, and the user The position of eye 51X at 50X is schematically shown. The inclination θ2 is smaller than the inclination θ1, and The Zar 50X appears to use electronic devices in a more horizontal position than the User 50. This can be understood. Also, the distance between the eyes and the electronic device 55 is different for user 50 and user 50X. It can be seen that this is the case. The distance in question is measured by, for example, a distance measurement method using infrared light. It is possible.
[0095] Since the electronic device 55 is to which an authentication system according to one aspect of the present invention is applied, user 50 Even if X bypasses the first authentication of electronic device 55 by fraudulent means, the tilt of electronic device 55 By detecting the distance between the electronic device 55 and the eye 51X, etc., the user 5 If 0X is determined to be different from user 50, it can immediately enter a locked state. The Xer50X will be locked immediately no matter how many times the first authentication is bypassed. Therefore, the authentication system can force user 50X to abandon any fraudulent use. .
[0096] Furthermore, as shown in Figure 6E, the user 50 receives notifications to the wearable device 56. And you can find out that someone may have attempted to misuse the electronic device 55. The user 50 uses a wearable device 56 to check the location information of the electronic device 55. You can contact your telecommunications carrier to disable your electronic devices, or report it to the police. And, such responses can be carried out quickly.
[0097] Here, unauthorized use is detected based on the tilt of the electronic device 55 and the distance between the electronic device 55 and the eye. I have shown an example, but it is not limited to this, and various types of information mentioned above can be used. For example The system acquires location information from electronic devices 55 and detects locations outside the user 50's usual range of activity. By the way, when the use of electronic device 55 continues for a certain period of time, it is determined that there is a risk of it being used illegally. You can also refuse.
[0098] Also, two or more pieces of information (for example, information about the tilt of the electronic device and information about the position of the electronic device) It is preferable to configure the system to perform user authentication in a complex manner using the user's information. The more types of information used for identification, the higher the accuracy of user identification can be. This is preferable. For example, when the owner of an electronic device is traveling, their usual range of activity is different. Even when using electronic devices in different locations, user authentication is performed using other information. This prevents false positives and ensures security without causing stress to the user. It is possible to maintain a high quality level.
[0099] The above is an explanation of the specific example.
[0100] One aspect of the present invention is an authentication system that recognizes the habits and tendencies of a true user when using an electronic device. Because authentication can be performed using behavioral patterns, etc., electronic devices can be misused. It is difficult to do so, and it is an extremely secure authentication system. It appears that another user with malicious intent was able to bypass the initial authentication process through fraudulent means and unlock the account. Even if, without giving the malicious user time to misuse the electronic The device can be instantly locked. Furthermore, if a malicious user uses the electronic device... Because it is possible to immediately notify the true user when someone attempts to use the device, The user can take a quick response. Also, when performing the second authentication process, the system Since the system does not require users to perform any authentication actions, true users are not aware of it. It allows users to continue using electronic devices without causing stress to true users. There are hardly any.
[0101] This embodiment may be appropriately combined with other embodiments described herein, at least in part. They can be implemented in combination.
[0102] (Embodiment 2) In this embodiment, an information processing system capable of realizing an authentication system according to one aspect of the present invention is provided. An example of the hardware configuration of the device will be described. The electronic device exemplified in Embodiment 1 is The following is an example of an information processing device.
[0103] Figure 7 shows a block diagram of the information processing device 100 exemplified below. Information Processing Device 100 This includes the arithmetic unit 101, memory module 102, communication module 103, and display module. Module 104, fingerprint sensor module 111, accelerometer module 112, camera module Joule 113, GPS module 114, physical button 115, sensor module 116 Sound module 121, vibration module 122, fragrance module 123, lighting module It includes a 124 module, a battery module 105, and an external interface 106, etc. ru.
[0104] The information processing device 100 displays images using the display module 104. Because it can do this, it can also be called an image display device.
[0105] For the sake of simplicity, the following explanation will focus on the information processing device 100, excluding the arithmetic unit 101. If no distinction is made between the constituent elements, each constituent element is referred to as a component or module. It is sometimes called "Ru".
[0106] Note that the information processing device 100 does not need to have all of the components shown in Figure 7. Furthermore, it may have components other than those shown in Figure 7.
[0107] Each component is connected to the arithmetic unit 101 via the bus line 110. ru.
[0108] In Embodiment 1, the function of the first authentication means 11 is the calculation unit 101, memory module Module 102, fingerprint sensor module 111, camera module 113, physical button 115, This can be achieved by one or more of the following: and the sensor module 116, etc. The function of authentication means 12 is realized by the arithmetic unit 101 and the memory module 102, etc. It is possible. In addition, the function of the data acquisition means 13 is the acceleration sensor module 112, Camera module 113, GPS module 114, physical button 115, sensor module This can be achieved by one or more of the following: 116, and the sound module 121, etc. Furthermore, the function of the data holding means 14 is provided by the calculation unit 101 and the memory module 102, etc. It can be achieved.
[0109] The arithmetic unit 101 is, for example, a central processing unit (CPU). It can function as a g Unit. The arithmetic unit 101 controls each component. It has the function of doing so.
[0110] Signals are transmitted between the arithmetic unit 101 and each component via the bus line 110. The arithmetic unit 101 receives input from each component connected via the bus line 110. It has functions for processing incoming signals and functions for generating signals to output to each component. This allows for comprehensive control of each component connected to the bus line 110.
[0111] Furthermore, the IC of the arithmetic unit 101 or other components has a channel formation region. It is also possible to use transistors that utilize oxide semiconductors to achieve extremely low off-current. Yes, it is possible. Because the transistor has an extremely low off-current, it can be used as a memory element. It is used as a switch to hold the charge (data) that flows into a capacitive element that functions as such. This ensures that the data retention period can be extended over a long period. This characteristic is utilized in the calculation unit 1 By using it for registers 01 and cache memory, the arithmetic unit 101 is operated only when necessary. In other cases, the information of the previous processing is saved to the memory element, - Off-computing becomes possible, and the power consumption of the information processing device 100 is reduced. It is possible.
[0112] The arithmetic unit 101 interprets and executes instructions from various programs using the processor. Then, it performs various data processing and program control. Programs that can be executed by the processor. This may be stored in the memory area of the processor, or in the memory module 102 It may be stored in [a different location].
[0113] The arithmetic unit 101 includes a CPU as well as a DSP (Digital Signal Processor). Processors, GPUs (Graphics Processing Units), etc. Other microprocessors can be used individually or in combination. Microprocessor FPGA (Field Programmable Gate A rray) and FPAA (Field Programmable Analog Array) PLDs (Programmable Logic Devices) such as ay This configuration can also be considered as the result of that process.
[0114] The arithmetic unit 101 may have main memory. The main memory is RAM (Random). Volatile memory such as ROM (Read-On Memory) and ROM (Read-On Memory) It can be configured to include non-volatile memory such as (ly Memory).
[0115] Examples of RAM provided in main memory include DRAM (Dynamic Random-Accessed RAM). (DOM Access Memory) is used, and a virtual workspace is used for the arithmetic unit 101. The memory space is allocated and used accordingly. The operator stored in memory module 102 Running system, application program, program module, program Data and other information are loaded into RAM for execution. The program and program module are directly accessed and operated by the arithmetic unit 101. .
[0116] On the other hand, ROM does not require rewriting of the BIOS (Basic Input / Output). It can store the system (put System) and firmware, etc. As ROM, Mask ROM and OTPROM (One Time Programmable ROM) d Only Memory), EPROM (Erasable Programmable EPROM can be used (e.g., Read Only Memory). This is a UV-EPROM (Ultra-V) that allows for the erasure of stored data by ultraviolet irradiation. iolet Erasable Programmable Read Only Me mory), EEPROM (Electrically Erasable Program Examples include ammable read-only memory (AMMable Memory) and flash memory. It can be done.
[0117] Furthermore, it is preferable for the arithmetic unit 101 to have a processor that is more specialized for parallel processing than the CPU. For example, GPU, TPU (Tensor Processing Unit), NPU (Neural Processing Unit) and other parallel processing capable programmers It is preferable to have a processor with a large number of processor cores (tens to hundreds). As a result, the arithmetic unit 101 can perform calculations related to neural networks at high speed. Cut.
[0118] The memory module 102 could be, for example, flash memory, MRAM (Magnesium-ion-based RAM). toresistive Random Access Memory), PRAM(P hase change RAM), ReRAM (Resistive RAM), Fe Non-volatile memory elements such as RAM (Ferroelectric RAM) were applied. Memory devices, or DRAM (Dynamic RAM) or SRAM (Static RAM) Memory devices using volatile memory elements such as M) may also be used. For example, hardware Disk drives (Hard Disk Drive: HDD) and solid state drives Using a storage media drive such as an SSD (Solid State Drive) It's okay to be there.
[0119] Furthermore, an external interface 106 can be connected to a removable HDD or SS via a connector. Storage devices such as D, and recording media such as flash memory, Blu-ray discs, and DVDs. The media drive can also be used as memory module 102. The Joule 102 is not built into the information processing device 100, but is stored in an external memory module. It may also be used as `Lure 102`. In that case, it is connected via the external interface 106. Alternatively, the system may be configured to exchange data wirelessly via the communication module 103. It's okay to have it.
[0120] The communication module 103 can communicate via the antenna. For example, the arithmetic unit 1 In response to an instruction from 01, the information processing device 100 is connected to a computer network. It controls the control signal and transmits the signal to the computer network. Internet, intranet, extranet, PAN (Personal Ar ea Network), LAN, CAN (Campus Area Network) , MAN (Metropolitan Area Network), WAN (Wide Area Network), GAN (Global Area Network), etc. The information processing device 100 can be connected to the computer network and communication can be performed. Furthermore, if multiple methods are used for communication, the antenna will be configured according to the respective communication method. You may have multiple copies.
[0121] The communication module 103 is equipped with, for example, a high-frequency circuit (RF circuit) for transmitting and receiving RF signals. This is what you should do. High-frequency circuits use electromagnetic signals and electrical signals in the frequency band defined by the laws of each country. To convert between numbers and signals and use the electromagnetic signals to communicate wirelessly with other communication devices. This is the circuit. A practical frequency range of several tens of kHz to several tens of GHz is generally used. The high-frequency circuit connected to the antenna is a high-frequency circuit that supports multiple frequency bands. It has a section, and the high-frequency circuit section includes an amplifier, mixer, filter, DSP, and RF transistor. It can be configured to include a receiver, etc. When performing wireless communication, a communication protocol or As a communication technology, LTE (Long Term Evolution) (registered trademark), 4th LTE-Advanced or 5th generation mobile communication compatible with the next-generation mobile communication system Standards compatible with the system (5G), etc., 3GPP (Third Generation Communication standards established by Partnership Project (registered trademark), or IEEE (Inst itute of Electrical and Electronics Engineering Communication standards defined by neers (registered trademark) can be used.
[0122] Furthermore, the communication module 103 has the function of connecting the information processing device 100 to a telephone line. It may also be used. Furthermore, the communication module 103 uses broadcast radio waves received by the antenna to Even if it has a tuner that generates a video signal to output to the display module 104 good.
[0123] The display module 104 includes a display panel, a display controller, and a sourced It includes drivers, gate drivers, etc. It can display images on the display surface of the display panel. Furthermore, the display module 104 also has a projection unit (screen), and the display panel The image displayed on the display surface of the device may be projected onto the screen. In this case, When a material that transmits visible light is used as the screen, the image is displayed superimposed on the background image. This makes it possible to realize an R device.
[0124] Display elements that can be used in display panels include liquid crystal elements, organic EL elements, and inorganic EL elements. LED elements, microcapsules, electrophoretic elements, electrowetting elements , electrofluidic elements, electrochromic elements, MEMS elements and other display elements The term "child" can be used.
[0125] Furthermore, a touch panel with touch sensor functionality can also be used as the display panel. In that case, the display module 104 is the touch sensor controller, sensor A configuration including drivers, etc., would be appropriate. The touch panel would consist of a display panel and a touch sensor. To create an on-cell type touch panel or an in-cell type touch panel that integrates these elements. It is preferable that on-cell or in-cell touch panels be thin and lightweight. Furthermore, on-cell or in-cell touch panels can reduce the number of components. Therefore, costs can be reduced.
[0126] The fingerprint sensor module 111 has the function of acquiring the user's fingerprint information. The sensor module 111 has a configuration that includes a sensor and a sensor controller. It is possible. The fingerprint sensor module 111 acts as a sensor, using visible light or infrared light. Optical fingerprint sensors using technologies such as capacitive fingerprint sensors and surface acoustic wave fingerprint sensors Various sensors, such as sensors, can be used.
[0127] The acceleration sensor module 112 has the function of measuring acceleration and detecting the attitude of the device. It is possible to do so. The acceleration sensor module 112 can use, for example, a capacitive method, a piezoresistive method. The system will have an acceleration sensor, such as a thermal detection type, and a sensor controller. This is possible. Alternatively, a configuration with a gyroscope sensor may be used instead of an accelerometer.
[0128] The camera module 113 can be configured to include an image sensor and a controller. For example, when the physical button 115 is pressed, or when the display module 104 is touched... Still images or videos can be captured by operating the control panel, etc. The image or video data can be stored in the memory module 102. The image or video data can be processed by the calculation unit 101. Also, the camera module 1 13 may use the illumination module 124 as a light source for shooting. Illumination module 12 4 may use a lamp such as a xenon lamp, a light-emitting element such as an LED or an organic EL, etc. Alternatively, as a light source for shooting, the light emitted by the display panel of the display module 104 may be used. In that case, not only white light but also light of various colors may be used for shooting.
[0129] The GPS module 114 may be configured to include an antenna and a receiving circuit that receives GPS signals. The GPS module 114 can accurately acquire the current position information. Note that the communication module 103 can also acquire position information by using a wireless LAN access point, or estimate position information from the distance between the device and the base station of a mobile phone.
[0130] The physical buttons 115 can use buttons associated with functions such as power on, power off, volume adjustment, input of numbers and characters, selection, and determination. Also, by operating the physical buttons 11 5, the device may have a function to resume from the sleep state or transition to the sleep state.
[0131] The sensor module 116 includes a sensor unit and a sensor controller. The sensor controller receives an input from the sensor unit, converts it into a control signal, and outputs it to the arithmetic unit 101 via the bus line 11 0. In the sensor controller, error management of the sensor unit may be performed, or calibration processing of the sensor unit may be performed. Note that the sensor controller may be configured to include a plurality of controllers that control the sensor unit.
[0132] The sensor unit included in the sensor module 116 preferably includes a photoelectric conversion element that detects visible light, infrared light, ultraviolet light, etc. and outputs the detection intensity. At this time, the sensor unit can be called an image sensor unit. In addition, the sensor module 116 preferably has a light source that emits visible light, infrared light, or ultraviolet light in addition to the sensor unit. In particular, when the sensor module 116 is used to detect a part of the user's face, having a light source that emits infrared light enables high-sensitivity imaging without causing the user to feel glare.
[0133] Also, the sensor module 116 may be configured to include various sensors having functions of measuring, for example, force, displacement, position, speed, acceleration, angular velocity, rotational speed, distance, light, liquid, magnetism, temperature, chemical substances, sound, time, hardness, electric field, current, voltage, electric power, radiation, flow rate, humidity, gradient, vibration, odor, or infrared light.
[0134]
[0135] The sound module 121 includes a voice input unit, a voice output unit, a sound controller, etc. The voice input unit has, for example, a microphone or a voice input connector. The voice output unit has, for example, a speaker or a voice output connector. The voice input unit and the voice output unit are each connected to the sound controller and connected to the arithmetic unit 101 via the bus line 110. The voice data input to the voice input unit is converted into a digital signal by the sound controller and processed by the sound controller and the arithmetic unit 101. On the other hand, the sound controller generates an audible analog voice according to an instruction from the arithmetic unit 101. It generates a signal and outputs it to the audio output unit. The audio output connector on the audio output unit has earphones. It is possible to connect audio output devices such as phones, headphones, and headsets, and sound will be transmitted to these devices. The audio generated by the controller is output.
[0136] The vibration module 122 includes a vibration element and a vibration controller that controls the vibration element. This configuration can be used. The vibration element can be a vibration motor (eccentric motor), a resonant amplifier, etc. Tuners, magnetostrictive elements, piezoelectric elements, etc., which can convert electrical signals and magnetic signals into vibrations. A component can be used.
[0137] The vibration module 122, in response to instructions from the calculation unit 101, controls the vibration frequency of the vibration element. By controlling the amplitude, the duration of the vibration, etc., the vibrating element can be vibrated in various vibration patterns. It is possible.
[0138] The fragrance module 123 contains a fragrance agent and a heating device that heats the fragrance agent, or a device that vibrates it. The configuration can include a vibration device and a controller that controls these devices. It is preferable that the air fresheners be replaceable so that users can freely choose according to their preferences. It is fine. As a fragrance, liquid, gel, or solid forms can be used.
[0139] The fragrance module 123, in response to instructions from the arithmetic unit 101, adjusts the amount of fragrance from the fragrance agent. It can be controlled. Also, by having a configuration that allows two or more types of air fresheners to be attached, different It becomes possible to select a scent or to spray a combination of two or more scents. .
[0140] The lighting module 124 may be configured to include a lighting fixture and a lighting controller. As the lighting fixture, various lighting devices such as a light bulb and a fluorescent lamp can be used in addition to a lighting panel in which organic EL elements or LED elements are arranged in a planar or strip shape. In particular, it is preferable to use a lighting device capable of changing chromaticity and illuminance.
[0141] The lighting module 124 can control the illuminance and color tone of lighting by the lighting controller according to an instruction from the arithmetic unit 101.
[0142] The battery module 105 may be configured to include a secondary battery and a battery controller. Typical examples of the secondary battery include a lithium ion secondary battery and a lithium ion polymer secondary battery. The battery controller can have functions such as supplying the power stored in the battery to each component, receiving the power supplied from the outside and charging the battery, and controlling the charging operation according to the battery charge state. For example, the battery controller can be configured to include a BMU (Battery Management Unit) or the like. The BMU performs functions such as collecting cell voltage and cell temperature data of the battery, monitoring overcharge and over-discharge, controlling the cell balancer, managing the battery degradation state, calculating the state of charge (SOC) of the battery, and controlling fault detection.
[0143] Examples of the external interface 106 include an external port provided in the information processing apparatus 100 and capable of connecting an external device by a connector.
[0144] Furthermore, the external ports on the external interface 106 include, for example, a keyboard and a mouse. Devices such as input means like mice, output means like printers, and storage means like HDDs. This allows for a configuration where connections can be made via cables. Typical examples include USB terminals. It also has external ports, including a LAN connection terminal, a digital broadcast receiving terminal, and AC power. It may also have terminals for connecting an adapter. Furthermore, it may support not only wired connections but also infrared and visible light Alternatively, a configuration may be provided that includes a transceiver for optical communication using ultraviolet light or the like.
[0145] The above is a description of the hardware configuration of the information processing device 100.
[0146] This embodiment may be appropriately combined with other embodiments described herein, at least in part. They can be implemented in combination. [Explanation of symbols]
[0147] 10: System, 10A: Electronic equipment, 11: Authentication means, 12: Authentication means, 13: Data acquisition Data acquisition means, 13A: acceleration sensor, 14: data holding means, 20: data group, 21: data 22: Data, 50: User, 50X: User, 51: Eye, 51X: Eye, 55: Electric Sub-device, 56: Wearable device, 100: Information processing device, 101: Arithmetic unit, 102 :Memory module, 103:Communication module, 104:Display module, 10 5: Battery module, 106: External interface, 110: Bus line, 11 1: Fingerprint sensor module, 112: Accelerometer module, 113: Camera module 114: GPS module, 115: physical button, 116: sensor module, 12 1: Sound module, 122: Vibration module, 123: Aroma module, 124: Lighting module
Claims
[Claim 1] An authentication system for an electronic device having authentication means, data acquisition means, and data storage means, The data holding means has the function of accumulating first data relating to the usage status of an electronic device used by a first user that has been registered in advance, and generating a first data group that includes a plurality of the first data. The data acquisition means has a function to acquire second data relating to the usage status of an electronic device being used by a second user operating the electronic device. The authentication means has a function to authenticate that the second user is the first user based on the first data set and the second data, The device has a function to lock the electronic device when the second user is not authenticated, maintain the login state of the electronic device when authenticated, and output the second data to the data holding means. The data holding means has a function to update the first data group by deleting the first data included in the first data group and adding the second data to the first data group when the authentication means outputs the second data. The authentication means has a function to perform anomaly detection based on inference using a neural network. The neural network has the function of generating a new learning model or updating an existing learning model when the first data set is updated using the second data. The first data and the second data include information on the tilt angle of the electronic device and information on the distance between the eye and the electronic device. The tilt angle of the electronic device is measured using an acceleration sensor provided in the information acquisition means. The distance between the eye and the electronic device is measured by a ranging method using infrared light. Authentication system for electronic devices.