JP2011128726A - Authentication device, authentication system, and authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication device, an authentication system and an authentication method for performing authentication by a simple operation, and for suppressing any illegal registration or access. <P>SOLUTION: The authentication device includes: a database in which a plurality of images are stored; an authentication image acquisition means for acquiring an image for authentication including a plurality of information items; and a reply image generation means for generating an image for a reply including a corresponding image corresponding to a part of information included in the image for authentication and a non-corresponding image which is not corresponding to the information included in the image for authentication based on the information included in the image for authentication and the information stored in the database. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an authentication apparatus, an authentication system, and an authentication method for performing user authentication.

  Currently, user participation type content generation systems such as electronic bulletin boards on the Internet, web logs, and Wiki are widely used. In many of such systems, a user can not only browse information but also freely post information by performing simple user registration or user authentication.

  However, annoying acts that exploit this feature are also increasing. For example, using a computer program called a “bot” that automatically interacts with the server, etc., obtain indiscriminately large numbers of accounts for such sites and post advertisements that are completely unrelated to the content of each site. It is an act of doing.

  Other nuisances include, for example, a free e-mail address acquisition service that automatically obtains a large number of e-mail addresses illegally using the “bots” mentioned above and unspecified using the acquired e-mail addresses. There is an act of sending indiscriminate spam mail to many people. Furthermore, the above-mentioned bot is used for the purpose of performing a nuisance act on the above-mentioned user participation type content generation system. Thus, computer programs such as bots are often used for various nuisances on the Internet.

  In recent years, in order to prevent nuisance, there is a system that determines whether a user is an actual person or a computer program such as the “bot” described above, and performs user authentication only when it is determined as a person. It has been devised. This system is generally called an anti-robot test, and presents information that can be identified by humans but cannot be identified by current computer programs or is difficult to identify as a test. The system performs user authentication only when this information is identified. Patent Document 1 describes a technique using an anti-robot test.

  For example, the above-described program such as a bot analyzes a message exchanged mainly with character information between a client and a server, and automatically generates a forged message from the client side. Therefore, in the anti-robot test, in order to send a message from the client side, it is necessary to obtain a result obtained by interpreting information that can be interpreted only by an actual human being in addition to the text information presented from the server side. Yes.

  Specifically, for example, an image including a plurality of characters and symbols rasterized as information other than character information is presented, and the result of reading characters and symbol strings in the image is input to a separately prepared input form. Type anti-robot test is often used. This makes use of the fact that it is difficult for a human to read characters in an image, but it is difficult to do this with a computer program. In addition, when the profit obtained by the nuisance is compared with the cost for causing a computer program such as a bot to read the characters in the image, the system utilizes the fact that the profit becomes smaller due to its difficulty. Patent Document 2 also describes that unauthorized authentication is prevented using an image.

  However, as character recognition technology in images by computers such as OCR (Optical Character Recognition) progresses, such defense is weakening year by year. Therefore, conventionally, attempts have been made to obstruct character recognition by OCR. A technique called Captcha (registered trademark), which is one of the attempts, uses image data using characters and symbols that are distorted or obscured.

  In recent years, image recognition technology by a computer has been improved, and a method of deceiving and breaking through a system using the above-described conventional anti-robot test is being devised. Therefore, the display method for performing user authentication is complicated, and even human beings often have difficulty in decoding.

  Further, in the above conventional system, every time user authentication is performed, numbers and alphabets displayed on the image must be input every time, and the operation is complicated. Furthermore, it is a system that is difficult to use for elderly people who are inconvenient for keyboard input, and is not preferable from the viewpoint of barrier-free toward an aging society that has been attracting attention in recent years.

  As a proposal for solving these problems, a method has been proposed in which a plurality of images are displayed and the user can be authenticated by clicking a predetermined image. However, there is a limit to the number of image patterns, and there is a problem that authentication can be easily broken by learning.

  As another proposal, a method of displaying information included in an authentication image as a word and allowing the user to select a correct answer has been proposed. However, this method requires the user to understand Japanese words. Therefore, in order to develop a system to which this method is applied worldwide, an option must be prepared for each language used. A comprehension level of words is also required.

  The present invention has been made in view of the above circumstances, and has been made to solve the problem. An authentication apparatus and an authentication system that can perform authentication with a simple operation and can suppress unauthorized registration and access. And an authentication method.

  In order to achieve the above object, the present invention employs the following configuration.

  The present invention is an authentication apparatus for authenticating a user, a database storing a plurality of images, an authentication image acquisition means for acquiring an authentication image including a plurality of information, and information included in the authentication image And a response image including a corresponding image corresponding to part of the information included in the authentication image and a non-corresponding image not corresponding to the information included in the authentication image based on the image stored in the database Answer image generating means for generating an image for use.

  In the authentication apparatus of the present invention, the image stored in the database is an image having a tag, and the authentication image includes a tag indicating at least a part of the plurality of information, and the answer image The generation unit acquires, as the corresponding image, an image having a tag that matches a tag included in the authentication image in the image stored in the database, and has a tag that does not match the tag included in the authentication image An image is acquired as the non-corresponding image.

  In the authentication apparatus of the present invention, the answer image generating unit generates the answer image so that the answer image includes a plurality of the corresponding images and the non-corresponding images.

  In the authentication apparatus according to the present invention, the answer image generation unit arranges the corresponding image and the non-corresponding image to form a matrix in the answer image.

  In the authentication apparatus of the present invention, the database stores a plurality of images corresponding to one piece of information included in the authentication image.

  The authentication apparatus according to the present invention further includes test image presenting means for using the authentication image and the answer image as one test image and presenting the test image to an external device.

  The authentication apparatus of the present invention further includes user authentication means for authenticating a user when the corresponding image included in the answer image is selected in the external device.

  In the authentication device according to the present invention, when the response image includes a plurality of the corresponding images, the user authentication unit selects all the corresponding images included in the response image in the external device. When prompted, user authentication is performed.

  In the authentication apparatus of the present invention, the authentication image acquisition unit acquires the authentication image from either the database or an external device.

  The present invention is an authentication system that includes an authentication device and a client device, and authenticates a user of the client device, wherein the authentication device includes a database storing a plurality of images and an authentication image including a plurality of information. A corresponding image corresponding to a part of the information included in the authentication image based on the authentication image acquisition means to acquire, the information included in the authentication image and the image stored in the database, and the authentication A reply image generating unit that generates a reply image including a non-corresponding image that does not correspond to information included in the image for authentication, and the authentication image and the reply image are one test image for the client device. When the corresponding image included in the answer image is selected in the test image presenting means to be presented as and the client device, the user authentication Has a user authentication means for performing, the.

  The present invention is an authentication method in an authentication system including an authentication apparatus having a database storing a plurality of images and a client apparatus, and authenticating a user of the client apparatus, and acquires an authentication image including a plurality of information. Based on an authentication image acquisition procedure, information included in the authentication image and the image stored in the database, a corresponding image corresponding to a part of the information included in the authentication image, and the authentication image A response image generation procedure for generating a response image including a non-corresponding image that does not correspond to information included in the information, and presenting the authentication image and the response image as one test image to the client device When the corresponding image included in the answer image is selected in the test image presentation procedure and the client device, the user's And user authentication procedure for testimony, to run.

  According to the present invention, authentication can be performed with a simple operation, and unauthorized registration and access can be suppressed.

It is a figure explaining an example of an authentication system system configuration concerning a first embodiment. It is a figure which shows an example of the hardware constitutions of the server of 1st embodiment. It is a figure explaining the functional structure of the apparatus which comprises the authentication system of 1st embodiment. It is a figure which shows an example of the image for authentication. It is a figure which shows an example of the image contained in an image group. It is a flowchart explaining operation | movement of the authentication system of 1st embodiment. It is a figure which shows the example of the screen where the test image of 1st embodiment was displayed. It is a figure which shows an example of the image shown as a conventional visual anti-robot test. It is a figure which shows another example of the image shown as a conventional visual anti-robot test. It is a figure which shows the example of the screen where the test image of 2nd embodiment was displayed. It is a figure which shows the 1st example of the image for reply of 2nd embodiment. It is a figure which shows the 2nd example of the image for reply of 2nd embodiment. It is a figure which shows the 3rd example of the image for reply of 2nd embodiment. It is a flowchart explaining operation | movement of the authentication system of 2nd embodiment. It is a figure explaining the classified image group. It is a figure explaining the functional structure of the apparatus which comprises the authentication system of 3rd embodiment. It is a 1st flowchart explaining operation | movement of the authentication system of 3rd embodiment. It is a 2nd flowchart explaining operation | movement of the authentication system of 3rd embodiment.

  The present invention displays a test image including a plurality of information and an answer image including an image corresponding to a part of the information included in the test image on the same screen. When an image corresponding to the information to be included is selected, it is authenticated that the user is a human being.

(First embodiment)
A first embodiment of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram illustrating an example of an authentication system system configuration according to the first embodiment. In FIG. 1, an authentication system 100 is a client / server system having a server 200 and clients 300A, 300B, and 300C (hereinafter collectively referred to as a client 300).

  In the present embodiment, when a user authentication request is issued from the client 300 to the server 200, the server 200 displays a determination screen for determining whether or not the user of the client 300 is a human on the client 300. Display. The server 200 determines whether the user of the client 300 is a human or an automated computer program based on the result input on the determination screen in the client 300.

  When the server 200 determines that the user of the client 300 is a human, the server 200 displays a user authentication screen on the client 300. That is, the server 200 of this embodiment is an authentication device that performs authentication of information received from the client 300.

  In the authentication system 100 according to the present embodiment, communication between the server 200 and the client 300 is performed via HTTP (HyperText Transfer Protocol) or HTTPS (HyperText Transfer Protocol Security) which is encrypted HTTP. The server 200 transmits information in the HTML (HyperText Markup Language) format and the like to the client 300 in response to a request from the client 300.

  The communication protocol used for communication between the server 200 and the client 300 is not limited to the above HTTP and HTTPS, and communication may be performed by other methods.

  In the authentication system 100 of the present embodiment, the server 200 and the client 300 are realized by a general computer having an arithmetic processing device such as a CPU (Central Processing Unit) and a storage device.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the server according to the first embodiment.

  The server 200 includes an arithmetic processing device 11, a memory device 12, a display device 13, an input device 14, an auxiliary storage device 15, a driver device 16, and an interface device 17, each of which is connected to the system bus B. Connected.

  The arithmetic processing unit 11 controls the server 200 according to a program stored in the memory device 12. The memory device 12 includes a RAM (Random Access Memory), a ROM (Read-Only Memory), and the like. The memory device 12 is a program executed by the arithmetic processing device 11, data necessary for processing in the arithmetic processing device 11, and arithmetic processing. Data obtained by the processing in the device 11 is stored. A part of the area of the memory device 12 is allocated as a work area used for processing in the arithmetic processing unit 11.

  The display device 13 displays various information necessary under the control of the arithmetic processing device 11. The input device 14 includes a mouse, a keyboard, and the like, and is used for inputting various information necessary for the server 200 to perform processing.

  The auxiliary storage device 15 is composed of, for example, a hard disk and stores data such as programs for executing various processes.

  The interface device 17 is a communication device for the server 200 to perform network communication with the outside. A program that realizes the processing in the authentication method performed by the server 200 may be downloaded via the network by the interface device 17 and installed in the auxiliary storage device 15. When the server 200 has an interface such as a USB (Universal Serial Bus) for connecting to an external storage device, the program may be read from the external storage medium by USB connection.

  A program that realizes processing in the authentication method performed by the server 200 may be provided to the server 200 by the storage medium 18 such as a CD-ROM (Compact Disk Read-Only Memory). That is, when the storage medium 18 storing the program is set in the driver device 16, the driver device 16 reads the program from the storage medium 18, and the read program is transferred to the auxiliary storage device 15 via the system bus B. Installed. When the program is activated, the arithmetic processing unit 11 starts its processing according to the program installed in the auxiliary storage device 15.

  The medium for storing the program is not limited to a CD-ROM, and any medium that can be read by a computer may be used.

  The client 300 according to the present embodiment has the same hardware configuration as that of the server 200, and a description thereof will be omitted.

  Next, with reference to FIG. 3, the function of the apparatus which comprises the authentication system 100 of this embodiment is demonstrated. FIG. 3 is a diagram for explaining the functional configuration of the devices constituting the authentication system of the first embodiment.

  The server 200 according to the present embodiment includes an authentication unit 210, a test image generation unit 220, a test image presentation unit 230, a communication unit 240, a service unit 250, a control unit 260, and a database 270. The client 300 of this embodiment includes an input unit 310, a display unit 320, a communication unit 330, and a control unit 340.

  First, the function of the server 200 will be described.

  The authentication unit 210 according to the present embodiment includes a determination unit 211 and a user authentication unit 212. The authentication unit 210 uses the determination unit 211 to determine whether the user of the client 300 is a person based on information received from the client 300. Further, the authentication unit 210 of this embodiment performs user authentication by the user authentication unit 212. Details of the processing of the determination unit 211 will be described later.

  The test image generation unit 220 includes an authentication image acquisition unit 221 and an answer image generation unit 222, and generates an answer image corresponding to the authentication image to be a test image. The authentication image acquisition unit 221 acquires an authentication image 271 stored in a database 270 described later. The answer image generation unit 222 generates an answer image corresponding to the authentication image 271 using images included in the image group 272 stored in the database 270. Details of generation of the authentication image 271, the image group 272, and the answer image will be described later.

  The test image presentation unit 230 presents the test image presentation unit 221 to the client 300 as a test image. At this time, the test image presenting unit 230 presents the authentication image and the answer image so that they are displayed on the same screen in the client 300.

  The communication unit 240 is an interface for performing communication with the client 300. The service providing unit 250 provides a service to the client 300 in response to a service request instruction received from the client 300 when the authentication by the authentication unit 210 is successful. The control unit 260 performs various controls of the server 200 including the authentication unit 210, the answer image generation unit 220, the test image presentation unit 230, the communication unit 240, and the service providing unit 250.

  The database 270 is provided, for example, in the auxiliary storage device 15 and stores an authentication image 271 and an image group 272 for generating an answer image. The authentication image 271 and the image group 272 according to this embodiment will be described below with reference to FIGS.

  FIG. 4 is a diagram illustrating an example of an authentication image, and FIG. 5 is a diagram illustrating an example of an image included in an image group.

  The authentication image 271 of the present embodiment includes a plurality of information (images) and a tag indicating the plurality of information. For example, the authentication image 271 shown in FIG. 4 is an image in which a child is holding a cat, there is a table next to it, and apples, bananas, and cups are placed on the table. The authentication image 271 includes a plurality of pieces of information (images) “children”, “cats”, “tables”, “apples”, “bananas”, and “cops”. The authentication image 271 includes a tag indicating the plurality of information.

  An image group 272 shown in FIG. 5 is a set of images showing one concept. The image group 272 includes images in which each of a mobile phone, an apple, a grape, a rabbit, and the like shows one concept. Each image included in the image group 272 also includes a tag indicating the concept of the image. For example, the image 272A included in the image group 272 includes a tag indicating “apple”, and the image 272B includes a tag indicating “grape”.

  Next, functions of the client 300 of this embodiment will be described. In the client 300, the input unit 310 inputs various instructions from the user of the client 300. The various instructions are, for example, a service request instruction for receiving a service provision such as a Web service from the server 200.

  The display unit 320 displays an image or the like on a display device such as a liquid crystal display device (not shown) of the client 300. The communication unit 330 is an interface unit for performing communication with the server 200. The control unit 340 performs various controls of the client 300 including the input unit 310, the display unit 320, and the communication unit 330 described above.

  Next, the operation of the authentication system 100 of this embodiment will be described with reference to FIG. FIG. 6 is a flowchart for explaining the operation of the authentication system of the first embodiment.

  In the authentication system 100 of the present embodiment, when an authentication request is made from the client 300 (step S601), the server 200 acquires the authentication image 271 from the database 270 by the authentication image acquisition unit 221 (step S602). When the authentication image 271 is acquired, the test image generation unit 220 analyzes the tag of the authentication image 271 (step S603). For example, the tag of the authentication image 271 includes information such as “children”, “cats”, “apples”, and “bananas” as shown in FIG.

  Next, the reply image generation unit 222 selects a predetermined number of images from the image group 272 in the database 270 to generate a reply image.

  The reply image generation unit 222 according to the present embodiment includes an image corresponding to information included in the authentication image 271 (hereinafter, “corresponding image”) and an authentication image 271 based on the tag analysis result of the authentication image 271. An image that does not correspond to the information to be displayed (hereinafter referred to as a non-corresponding image) is selected. At this time, the sum of the number of corresponding images and the number of non-corresponding images is the number of images acquired from the image group 272.

  First, the reply image generation unit 222 acquires a corresponding image from the image group 272 based on the tag analysis result in step S603 (step S604). Then, the reply image generation unit 222 selects and acquires the number of non-corresponding images obtained by subtracting the number of corresponding images from the predetermined number from the image group 272 (step S605). Then, the reply image generation unit 222 generates a reply image by arranging the acquired corresponding image and the non-corresponding image (step S606). That is, the answer image of the present embodiment is a set of a plurality of images acquired from the image group 272.

  In the present embodiment, there may be one corresponding image or a plurality of corresponding images included in the answer image. The number of corresponding images included in the answer image may be set in advance by, for example, an administrator of the system, or may be determined randomly using a random number or the like. Also, the number of images used when generating the answer image may be set in advance, or may be determined at random using a random number or the like. Further, the arrangement of the corresponding image and the non-corresponding image may be determined at random each time an answer image is generated.

  When the answer image is generated by the answer image generator 222, the test image generator 220 temporarily stores the number of corresponding images included in the answer image and the tag of the corresponding image (step S607). .

  Then, the server 200 presents the authentication image 271 and the answer image to the client 300 as test images by the test image presenting unit 230 (step S608). At this time, the test image presenting unit 230 presents the authentication image 271 and the answer image to the client 300 so that they are displayed on the same screen.

  In the client 300, the test image presented from the server 200 is displayed on the display device (step S609). FIG. 7 is a diagram illustrating an example of a screen on which a test image according to the first embodiment is displayed. Although not shown in FIG. 7, a message such as “Please select one included in the left image from the right images” may be displayed on the test image 71 at the same time.

  Further, in this embodiment, as shown in FIG. 7, the authentication image 271 and the answer image 72 are displayed on the same screen. In the example of FIG. 7, six images are selected from the images included in the image group 272 as the answer image 72, and two “apples” and “cops” are corresponding images. Therefore, in step S607 in FIG. 6, the number of corresponding images is two, and “apples” and “cops” are temporarily stored as tags of the corresponding images. The answer image 72 may be an image obtained by randomly arranging images acquired from the image group 272.

  Returning to FIG. 6, when an image is selected from the answer images by the user of the client 300 in the test image 71 (step S610), the selection result is passed to the server 200. The server 200 determines whether the selection result is correct by the determination unit 211 of the authentication unit 210 (step S611).

  Hereinafter, determination by the determination unit 211 will be described. The determination unit 211 of the present embodiment reads the number of corresponding images stored in step S607 and the tag of the corresponding image. In step S610, it is determined whether or not the number of images selected on the client 300 side and the tag of the selected image match the corresponding image and the tag of the corresponding image.

  For example, in the case of the test image 71 of FIG. 7, there are two corresponding images, and the tags of the corresponding images are “apple” and “cop”. Therefore, the determination unit 211 determines that the answer is correct when two images are selected from the answer image 72 in step S610 and the tags of the two selected images indicate “apple” and “cop”, respectively.

  In the present embodiment, the answer image 72 may be correct only when the number of corresponding images matches all the tags of the corresponding images. In this way, a test image with a high degree of difficulty can be obtained. For example, when a plurality of corresponding images are included in the reply image 72, it may be determined that the answer is correct if one of the plurality of corresponding images is selected. For example, when there are three corresponding images, it is possible to make a correct answer if two of the corresponding images are selected.

  If it is determined that the answer is correct in step S611, the authentication unit 210 instructs the client 300 to present a user authentication image by the user authentication unit 212 (step S612). In the client 300, when user information is input to the user authentication screen (step S613), the user authentication unit 211 determines whether or not the input user information is legitimate information (step S614). The user information is, for example, a user ID and a password. If it is determined in step S611 that the answer is incorrect, the server 200 returns to the process of step S608.

  If the user is not authenticated in step S614, the server 200 returns to the process of step S610. If the user information is legitimate, the user is authenticated and the authentication process is terminated.

  As described above, in the present embodiment, the answer image is generated based on the image group and the authentication image stored in the database so as to include an image corresponding to the information included in the authentication image. When an image corresponding to information included in the authentication image is selected from the answer images, it is determined that the user on the client side is a human.

  Therefore, in this embodiment, it is possible to determine whether the client user is a human or a robot with a simple operation.

  Conventionally, for example, an image as shown in FIG. 8 has been presented to the user on the client side as a visual anti-robot test. FIG. 8 is a diagram illustrating an example of an image presented as a conventional visual anti-robot test. An image 91 shown in FIG. 8 is an image including rasterized characters and symbols.

  The image 91 is rasterized characters and symbols, which can be read by humans as “NkpGJN”, but it has been difficult for a conventional robot to recognize this. When trying to make the robot recognize the image 91, it must have a special character recognition function such as an OCR function. Furthermore, it has been difficult to recognize characters or symbols that are distorted or obscured as in the image 91 using the OCR function.

  That is, when trying to make the conventional robot recognize the image 91, it is necessary to provide the robot with an OCR function that has been subjected to advanced learning. Since it is technically very difficult and costly to provide such an OCR function in a robot, it is very difficult to implement such robots indiscriminately, in large quantities, and at low cost. there were.

  However, in recent years, OCR technology has become more sophisticated and lower in cost, and even conventional methods are not necessarily safe methods. In addition, since safety is taken into consideration, there is a problem that it is difficult to decipher an image presented to the user, and complicated input is required.

  Conventionally, there is also a method of presenting the image shown in FIG. 9 to a user on the client side as a visual anti-robot test. FIG. 9 is a diagram showing another example of an image presented as a conventional visual anti-robot test.

  In the example of FIG. 9, a method is used in which information included in the image 92 is displayed as a word and the user selects a correct answer. In FIG. 9, for the image 92 including apples, the answer options are 1, apple, 2, banana, 3, frying pan, 4, cat, 5, cow, and so on. However, with this method, the user needs to understand Japanese words, and in order to develop a world wide, it was necessary to prepare choices for each language used. The level of word comprehension was also required.

  In the present embodiment, the above-described conventional problems are solved. For example, in the test image 71 of the present embodiment, the “apple” included in the authentication image 271 and the “apple” included in the response image 72 can be easily recognized as the same concept by humans. However, for example, when the authentication image 271 is a photograph and the answer image 72 is a set of illustration images, these two “apple” images are completely different images for the bot. It is very difficult to recognize two images with the same concept.

  In this embodiment, the image presented to the user can be easily decoded as compared with the conventional case, and more complicated input is not required. Furthermore, in this embodiment, since character information is not used, language and word comprehension are not required.

  Therefore, according to the present embodiment, authentication can be performed with simple operations worldwide, and unauthorized registration and access can be suppressed.

  In the present embodiment, the user authentication is first performed after determining whether or not the user of the client 300 is a human being in FIG. 6, but the present invention is not limited to this. In the present embodiment, for example, after the user authentication process from step S612 to step S614 is executed, the determination process from step S602 to step S611 may be executed.

(Second embodiment)
A second embodiment of the present invention will be described below with reference to the drawings. The second embodiment of the present invention is different from the first embodiment in that various variations are given to the answer image. Therefore, in the following description of the second embodiment, only differences from the first embodiment will be described, and those having the same functional configuration as the first embodiment will be described in the description of the first embodiment. The same reference numerals as those used are assigned, and the description thereof is omitted.

  The test image generation unit 220 of the present embodiment may generate a test image 71A shown in FIG. 10, for example. FIG. 10 is a diagram illustrating an example of a screen on which a test image according to the second embodiment is displayed.

  In the present embodiment, the reply image generation unit 222 arranges the images selected from the image group 272 so as to form a 3 × 3 rectangular matrix, and generates a reply image 72A. If the answer image is a rectangular matrix of N × M (N and M are natural numbers) in this way, the viewability can be improved. Furthermore, by making the arrangement order of the images constituting the answer image 72A random, variations of the answer images can be made more complicated.

  FIG. 11 to FIG. 13 are other examples when the answer image is a rectangular matrix. FIG. 11 is a diagram showing a first example of the answer image of the second embodiment, FIG. 12 is a diagram showing a second example of the answer image of the second embodiment, and FIG. It is a figure which shows the 3rd example of the image for reply of 2nd embodiment.

In the present embodiment, when the answer image is a rectangular matrix and the arrangement of the images is random, assuming that the answer image is an aggregate of n images, the following number 1 is obtained for each authentication image 271. As many images as possible can be created. Therefore, it is possible to obtain a high defense effect against unauthorized authentication by the bot.

  In the present embodiment, a plurality of images representing the same concept may be prepared in the image group 272. For example, the apple image included in the reply image 72C in FIG. 12 is an apple image that is still a circle. The apple image included in the answer image 72D of FIG. 13 is an apple image cut in half. If it is a human being, both can be recognized as an image representing an apple which is the same concept. However, for the bot, both images are completely different, and it is difficult to recognize that they are the same.

  Further, for example, the cup image of the answer image 72D in FIG. 13 is an image shown in two dimensions. You may prepare the image which represented this cup in three dimensions. For humans, a cup displayed in two dimensions and a cup displayed in three dimensions can be recognized as the same concept. However, since the robot recognizes it as a completely different image, it is difficult to recognize it as the same image.

  In this way, by providing a plurality of corresponding images for one piece of information included in the authentication image, it is possible to increase variations of the answer images.

  Hereinafter, with reference to FIG. 14, generation of an answer image when a plurality of images representing the same concept are prepared in the image group 272 in the present embodiment will be described. FIG. 14 is a flowchart for explaining the operation of the authentication system of the second embodiment.

  The processing from step S1401 to step S1403 in FIG. 14 is the same as the processing from step S601 to step S603 in FIG.

  In FIG. 14, when the analysis of the tag of the authentication image 271 is completed, the response image generation unit 222 classifies the images stored in the image group 272 for each tag (step S1404). FIG. 15 is a diagram for explaining the classified image group. In the present embodiment, the images in the image group 272 are classified for each image having the same tag.

  For example, in FIG. 15, when the tag A is an apple, an image whose tag is an apple is set as one group A. An image included in group A is an image showing the same concept of an apple. For example, the image A1 of group A is an image of an apple with a circle, and the image A2 is an image of an apple cut in half.

  Further, for example, when the tag B is a cup, images with the tag being a cup are classified as one group (group B). The image B1 of the group B may be a two-dimensional cup image, for example, and the image B2 may be a three-dimensional cup image. Similarly, for example, an image having the tag C in the image group 272 is classified as a group C.

  Returning to FIG. 14, when the image group 272 is classified, the reply image generation unit 222 selects one image from each classified group (step S1405). For example, the reply image generation unit 222 selects the image A1 from the group A, selects the image B2 from the group B, and selects the image C1 from the group C.

  Next, the reply image generation unit 222 selects a corresponding image based on the image selected in step S1405 and the tag analysis result in step S1403 (step S1406).

  For example, if it is known in step S1403 that the authentication image 271 includes the tag A and the tag C, the response image generation unit 222 selects the image A1 selected from the group A as the corresponding image of the tag A. To do. Similarly, the reply image generation unit 222 selects the image C1 selected from the group C as the corresponding image of the tag C. Then, the reply image generation unit 222 selects a non-corresponding image from images other than the images included in the group A and the group C, and generates a reply image.

  As described above, in this embodiment, first, the images of the image group 272 are classified into groups for each tag, and one image is selected from the group. Then, an answer image is generated using the image selected from each group. When selecting an image from each group, a specific image may be selected at random.

  The processing from step S1407 to step S1416 is the same as the processing from step S605 to step S614 in FIG.

  In this way, if a plurality of images corresponding to one concept are prepared in the image group 272, the variation of the answer images can be further increased, and unauthorized registration and access can be made more difficult. it can.

(Third embodiment)
A third embodiment of the present invention will be described below with reference to the drawings. The third embodiment of the present invention is different from the first embodiment in that an authentication image is acquired from the outside. Therefore, in the following description of the third embodiment, only differences from the first embodiment will be described, and those having the same functional configuration as the first embodiment will be described in the description of the first embodiment. The same reference numerals as those used are assigned, and the description thereof is omitted.

  FIG. 16 is a diagram for explaining a functional configuration of an apparatus configuring the authentication system of the third embodiment. The server 200A of the authentication system 100A according to the present embodiment includes a test image generation unit 220A and a database 270A.

  The test image generation unit 220A includes an authentication image acquisition unit 221A and an answer image generation unit 222. The database 270A stores an image group 272.

  In this embodiment, the authentication image is not stored in the database 270A. The authentication image acquisition unit 221A of this embodiment acquires an authentication image from outside the server 200A. The outside of server 200A is, for example, an image server connected via a network.

  The operation of the authentication system 100A of this embodiment will be described below with reference to FIG. FIG. 17 is a first flowchart for explaining the operation of the authentication system of the third embodiment.

  In this embodiment, when an authentication request is made from the client 300 (step S1701), the server 200A acquires an image to be an authentication image from an external image server or the like by the authentication image acquisition unit 221A (step S1702). . The image acquired here is an image having a tag indicating information included in the image. The authentication image acquisition unit 221A of the present embodiment may download an image via a network, for example.

  When the server 200A acquires the authentication image, the test image generation unit 220 analyzes the tag of the authentication image (step S1703). Next, the answer image generation unit 220 includes an image that can be a corresponding image of the authentication image in the image group 272 based on the image tag included in the image group 272 and the analysis result of the tag of the authentication image. Whether or not (step S1704).

  If there is an image that can be a corresponding image in the image group 272 in step S1704, the processing in step S1705 and subsequent steps is performed. The processing from step S1705 to step S1715 is the same as the processing from step S604 to step S614 in FIG.

  If there is no image that can be a corresponding image in the image group 272 in step S1704, the process returns to step S1702 to acquire another authentication image.

  As described above, in this embodiment, every time an authentication request is made from the client 300, a new authentication image is acquired. Therefore, the authentication image and the response image do not have a predetermined pattern, and illegal registration is performed. And access can be made even more difficult.

  In the present embodiment, a corresponding image that is a correct answer is determined in advance in the image group 272, and an authentication image can be acquired based on the corresponding image. FIG. 18 is a second flowchart for explaining the operation of the authentication system of the third embodiment.

  In this embodiment, when an authentication request is made from the client 300 (step S1801), the server 200A determines an image to be a corresponding image in the image group 272 by the test image generation unit 220 (step S1802). Next, the authentication image acquisition unit 221A searches an external image server or the like using the image tag determined as the corresponding image as a search key (step S1803), and acquires an image including the tag serving as the search key as an authentication image. (Step S1804).

  When the authentication image is acquired, the server 200A executes the processing after step S1805. The processing from step S1805 to step S1816 is the same as the processing from step S603 to step S614 in FIG.

  In the process shown in FIG. 18, since the corresponding image is determined before the authentication image is acquired, the authentication image including the corresponding image can be acquired.

  In the present embodiment, images included in the image group 272 may also be acquired from an external image server or the like. In this case, for example, the server 200A may access an external image server or the like every predetermined period to acquire a plurality of images and store them as the image group 272 in the database 270A. The server 200 </ b> A can delete a part of the images included in the image group 272, or can newly acquire and add an image from an external image server.

  Furthermore, in this embodiment, an authentication image based on a specific theme or the like may be acquired. In the present embodiment, for example, when there is an object to be advertised, an image related to the object is acquired as an authentication image, so that it can also serve as an advertisement.

  For example, if you want to use an image for authentication as an advertisement for sweets, the photo is “a child who eats promotional material (candy). Next to the dog, the child wears a hat.” For example, images such as “dog” and “hat” are included.

  In addition, since the authentication system 100A according to the present embodiment performs authentication using characters, any character can be inserted into the authentication image. For example, a promotional image such as “Summer trip is OO” can be included in a beach image (including the sea, umbrellas, and dogs). You can also put the letters “△△ ice cream in hot summer”. There is no problem in authentication even if advertising characters that are completely unrelated to the authentication image are included.

  Further, the authentication image of the present embodiment may be a still image or a moving image.

  As mentioned above, although this invention has been demonstrated based on each embodiment, this invention is not limited to the requirements shown in the said embodiment. With respect to these points, the gist of the present invention can be changed without departing from the scope of the present invention, and can be appropriately determined according to the application form.

100, 100A authentication system 200, 200A server 210 authentication unit 211 determination unit 212 user authentication unit 220, 220A test image generation unit 221, 221A authentication image acquisition unit 222 answer image generation unit 230 test image presentation unit 270, 270A database 272 Image group 300 clients

JP 2008-262549 A JP 2008-250911 A

Claims (11)

An authentication device for authenticating a user,
A database that stores multiple images,
Authentication image acquisition means for acquiring an authentication image including a plurality of pieces of information;
Based on the information included in the authentication image and the image stored in the database, a corresponding image corresponding to a part of the information included in the authentication image and not corresponding to the information included in the authentication image And an answer image generating means for generating an answer image including a non-corresponding image. The image stored in the database is an image having a tag,
The authentication image includes a tag indicating at least a part of the plurality of pieces of information,
The answer image generating means includes
In the image stored in the database, an image having a tag that matches the tag included in the authentication image is acquired as the corresponding image, and an image having a tag that does not match the tag included in the authentication image is acquired as the non-image. The authentication apparatus according to claim 1, which is acquired as a corresponding image. The answer image generating means includes
The authentication apparatus according to claim 1, wherein the answer image is generated such that the answer image includes a plurality of the corresponding images and the non-corresponding images. The answer image generating means includes
The authentication device according to any one of claims 1 to 3, wherein in the answer image, the corresponding image and the non-corresponding image are arranged to form a matrix. The database includes
The authentication apparatus according to claim 1, wherein a plurality of images corresponding to one piece of information included in the authentication image are stored.   The authentication apparatus according to claim 1, further comprising: a test image presenting unit configured to use the authentication image and the answer image as one test image and present the test image to an external device.   The authentication apparatus according to claim 6, further comprising a user authentication unit configured to authenticate a user when the corresponding image included in the answer image is selected in the external device. When the plurality of corresponding images are included in the answer image,
The user authentication means includes
The authentication device according to claim 7, wherein when all the corresponding images included in the answer image are selected in the external device, user authentication is performed. The authentication image acquisition means includes
The authentication device according to any one of claims 1 to 8, wherein the authentication image is acquired from either the database or an external device. An authentication system that includes an authentication device and a client device, and authenticates a user of the client device,
The authentication device
A database that stores multiple images,
Authentication image acquisition means for acquiring an authentication image including a plurality of pieces of information;
Based on the information included in the authentication image and the image stored in the database, a corresponding image corresponding to a part of the information included in the authentication image and not corresponding to the information included in the authentication image An answer image generating means for generating an answer image including a non-corresponding image;
Test image presenting means for presenting the authentication image and the answer image as one test image to the client device;
An authentication system comprising: user authentication means for authenticating the user when the corresponding image included in the answer image is selected in the client device. An authentication method in an authentication system that includes an authentication device having a database storing a plurality of images and a client device, and authenticates a user of the client device,
An authentication image acquisition procedure for acquiring an authentication image including a plurality of pieces of information;
Based on the information included in the authentication image and the image stored in the database, a corresponding image corresponding to a part of the information included in the authentication image and not corresponding to the information included in the authentication image A response image generation procedure for generating a response image including a non-corresponding image;
A test image presentation procedure for presenting the authentication image and the answer image as a single test image to the client device;
An authentication method for executing, in the client device, a user authentication procedure for authenticating the user when the corresponding image included in the answer image is selected.