JP2003346154A - Character string authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To realize the enhancement of security in electronic settlement by confirming an identity when the electronic settlement is performed. <P>SOLUTION: In this electronic settlement, a pre-described first character string is collated with a second character string described on a medium, and based on the collated results, it is determined whether the first and second character strings are identical to each other or not. The electronic settlement can confirm whether a person who performs the proceedings is the person in question or not. Thus the security in the electronic settlement can be enhanced. <P>COPYRIGHT: (C)2004,JPO

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a character string authentication system, and more particularly, to a character string authentication system suitable for use in signature authentication using an input / output device such as a copying machine in authentication at the time of electronic settlement.

[0002]

2. Description of the Related Art With the spread of the Internet, virtual shops have increased on the Internet, and electronic commerce has been conducted. As a result, Internet security issues have been raised. The extreme example is a case where a credit card number is transmitted without any processing such as encryption at the time of electronic settlement, and is decrypted by a third party, or is diverted.

[0003] In a report of the "Study Group on Electronic Payment, Electronic Cash, and Improvement of Its Use Environment" published by the Telecommunication Bureau of the Ministry of Posts and Telecommunications on April 15, 1996, "In electronic commerce, 1. 1. Is the (transaction information) stolen by a third party? 2. Is the communication (transaction) partner genuine? 3. Is the communication content (transaction information) altered or falsified in the middle? There is concern that the other party will not be denied the fact that this has happened, and it is necessary to eliminate such concerns by developing and utilizing cryptographic technology. "

[0004] As a solution to the security problem, the use of encryption technology is widely practiced. Some e-mails have a function of encrypting a message to conceal communication contents and a function of verifying tampering of a message with an electronic signature and authenticating a sender. PGP (Pret
ty Good Privacy) and S / MIME (Se
cure / Multipurpose Internet
t Mail Extensions) is famous.

[0005] A typical method of an electronic signature is a digital signature by a public key encryption method. The user creates a different pair of encryption key pairs and manages one of them as a secret key. In addition, the other is made public to the public as a public key. When transmitting data, the user encrypts the data with his / her own secret key (signing key) and sends it to the other party. The other party decrypts the data using the public key (verification key) corresponding to the sender's private key. I do. In this case, only the data encrypted with the private key corresponding to the public key (under the control of the user) can be decrypted using the public key. You can confirm that the signature was done. A typical example of this encryption method is RSA (Rivest Sha).
mir Adleman) encryption.

[0006] The WWW browser has an encryption protocol SS.
L (Secure Sockets Layer) is implemented, and secure communication can be performed on the Internet.

[0007]

However, an electronic signature does not correspond in all cases, and an electronic signature alone is not sufficient as a means for confirming the identity. Even if the security of communication is improved by the encryption technology, it cannot be said that the security is truly improved unless the authentication of the user is sufficient.

[0008] For example, when electronic payment is made with a credit card, electronic payment can be made by anyone other than the owner of the credit card. As far as a credit card is concerned, information necessary for settlement, such as the name of the member, the member number, and the expiration date of the card, are described on the card. Therefore, it can be easily used by anyone other than the owner. In addition, since most information is described in the credit card usage statement, electronic payment is possible without a credit card. Therefore, it is indispensable to establish the means for confirming the identity as well as to improve the encryption technology.

SUMMARY OF THE INVENTION The present invention has been made in view of the above-described problems, and has as its object to improve the security of electronic settlement by enabling confirmation of personality when performing electronic settlement.

[0010]

A character string authentication system according to the present invention includes a medium supply means for supplying a medium for writing a character string, and a first character for reading a first character string described in advance. Column reading means, second character string reading means for reading a second character string written on a medium supplied from the medium supply means, and the second character string read by the first character string reading means. A character string collating means for collating the first character string with the second character string read by the second character string reading means, and the first character string collating means based on a collation result of the character string collating means. It is characterized by comprising determining means for determining whether a character string is the same as the second character string.

[0011] Since the present invention has the above-mentioned technical means, by performing signature authentication at the time of electronic payment, it is possible to prevent payment by anyone other than the person and to improve the security of electronic payment.

[0012]

Next, an embodiment of a character string authentication system according to the present invention will be described with reference to the accompanying drawings.

(First Embodiment) Hereinafter, a first embodiment of a character string authentication system according to the present invention will be described. Generally, as a system for inputting and outputting images, as shown in FIG.
A so-called multi-function digital copier 200 is known. This is a scanner 202 that reads an original image recorded on paper or the like, and a printer 20 that outputs the read image or an image sent from a host computer (not shown) to a medium such as paper.
3 and these scanners 20
2. A device controller 204 for controlling the operation of the printer 203 or performing various image processing, an operation unit 201 for providing the user with operation of the apparatus, and a memory 205 for temporarily or permanently storing image data and a processing program.
And a hard disk 206.

Next, the image input / output unit will be described in detail. FIG. 3 is a schematic sectional view of a reader (reading) unit and a printing unit. The document feeder 301 of the reader unit includes:
Originals are placed one by one on the platen glass 30 in order from the last page.
2, and after the original reading operation is completed, the original on the platen glass 302 is discharged.

When the original is conveyed onto the platen glass 302, the lamp 303 is turned on, and the scanner unit 304 is started to move to scan the original. The reflected light from the original at the time of this exposure scanning is reflected by mirrors 305 and 30.
The light is guided to a CCD image sensor (hereinafter, referred to as a CCD) 309 by 6, 307 and a lens 308. The image of the document thus scanned is read by the CCD 309.

The image data output from the CCD 309 is transferred to a printer after being subjected to predetermined processing. The laser driver 310 of the printer unit drives the laser light emitting unit 311 and causes the laser light emitting unit 311 to emit laser light corresponding to the image data output from the reader unit.

The laser beam is applied to the photosensitive drum 312, and a latent image corresponding to the laser beam is formed on the photosensitive drum 312. A developer is attached to the latent image portion of the photosensitive drum 312 by a developing device 313.

At timing synchronized with the start of laser beam irradiation, recording paper is fed from one of the cassettes 314 and 315 and transported to the transfer section 316 to record the developer adhered to the photosensitive drum 312. Transfer to paper.
The recording paper on which the developer is loaded is conveyed to the fixing unit 317, and the developer is fixed on the recording paper by the heat and pressure of the fixing unit 317. The recording paper that has passed through the fixing unit 317 is discharged by a discharge roller 318.
The discharged recording paper is stored in each pin by the sorter 321 to sort the recording paper.

Here, when the sorting is not set by the sorter 321, the recording paper is stored in the uppermost pin. When double-sided recording is set, the discharge roller 31 is used.
After the recording paper is conveyed to the position of
Is rotated in the reverse direction, and guided to the re-feeding conveyance path 320 by the flapper 319. If multiple recording is set, the recording paper is guided to the re-feeding conveyance path 320 by the flapper 319 so as not to be conveyed to the discharge roller 318.
The recording sheet guided to the re-feeding conveyance path 320 is fed to the transfer unit 316 at the timing described above.

In recent years when the Internet has become widespread, the above-described devices are not limited to a specific network (LAN) as shown in FIG.
It is widely connected to the world through 8.

FIG. 1 is a block diagram of a character string authentication system according to the present invention. 101 is a communication network such as the Internet. Reference numeral 102 denotes a support center for hardware and software. Reference numeral 103 denotes a hardware or software sales company. 104 is
A web server connected to the Internet and providing specific services to Internet users.

Reference numeral 105 denotes an electronic money server which performs a settlement process between a financial institution 106 such as a bank and a consumer client. Reference numeral 107 denotes a service provider that performs connection processing between the terminal of the individual user and the Internet 101.

Reference numeral 108 denotes a firewall which connects the inside of the LAN network shown below to an external communication network (Internet) and performs security management and the like.

Reference numeral 109 denotes a device management server which manages each device such as the file server 110, the mail server 111, the personal computer 112, and the printer 113 connected to the LAN network, and manages data such as user management and billing information. . Reference numeral 110 denotes a file server that manages data and the like, and outputs the data to the multifunction machine 200 and the printer 113 as needed. Reference numeral 114 denotes a signature management server that manages the registered handwritten signature.

A multifunction machine 200 mainly has functions such as image input / output. In the multifunction machine 200, reference numeral 201 denotes an operation unit for operation by a user, and 202 denotes an operation unit 2
01 and an image scanner 203 for inputting an image in accordance with an instruction from the personal computer 112.
And a printer that prints data from the file server 110.

Reference numeral 204 denotes the operation unit 201 and the personal computer 112
Scanner 202 or printer 20 based on instructions from
3. A device controller that controls input / output of image data between the memory 205, the hard disk 206, and the personal computer 112.
Control is performed such that the embedded image data is stored in the memory 205 or the hard disk 206 as necessary, output to the personal computer 112, or printed by the printer 203.

A printer 113 prints image data from the personal computer 112 or the file server 110 on a recording medium. Reference numeral 112 denotes a personal computer connected as a terminal device, browses information provided from the web server 104 via the Internet 101, and transmits image data to the multifunction machine 200 or the printer 113.
Can be output to

Here, the configuration described below from the firewall 108 shown in FIG.
7 may be with an individual user connected to the Internet 101 via the Internet.

Conventionally, the above-described apparatus has been installed in an office or a school, and has been used for copying a document. However, at present, it is also being placed in convenience stores and supermarkets, and is expected to be used as a multimedia terminal in the future.

The expected background is shown in FIG.
This is because these devices are not limited to a specific network (LAN) but are widely connected to the world via a firewall 108 as shown in FIG. In other words, the multi-function digital copying machine 200 can communicate not only from within a specific network but also from all over the world.

Next, a description will be given of a method using signature authentication as a means for confirming personality at the time of electronic settlement in electronic commerce using the multifunction machine 200 in such an environment.

In electronic commerce, a settlement method using a credit card is generally used. FIG. 4 shows a general credit card.

Normally, a credit company or card name 401 and a member number 40
2, card expiration date 403, member name 404, etc. are described. Also, on the back of the credit card 405,
There is a magnetic unit 406 and a signature unit 407. Member information including surface information is registered in the magnetic unit 406 and can be read by a dedicated reader. Further, in the signature section 407, a self-signature 408 for confirming the identity and a member number 409 are described.

In general transactions other than electronic commerce,
The trader reads the magnetic information of the magnetic unit 406 with a card reader to check the validity of the card, and the card user himself / herself signs a predetermined sheet, and determines the self-signature and the self-signature 408 described on the card. The trader verifies the identity by collating. Once the card ’s validity and identity have been verified,
The sale is completed.

On the other hand, in electronic commerce, since the Internet is used, the validity of the card can be confirmed, but it is difficult to confirm the identity of the card. for that reason,
Payments can be made by anyone other than the person. For example, the main card information can be obtained by plagiarizing the card or plagiarizing the payment details, and the information can be used illegally based on the information. In the past, electronic payments that could only be made in a specific place can now be performed by anyone using terminals such as convenience stores and supermarkets.

In this embodiment, means for confirming the identity of a machine used by an unspecified majority is proposed. The present embodiment will be described using a multifunction machine 200 that performs digital processing.

FIG. 5 shows an example of the operation unit 201 of the multifunction machine 200. The operation unit 500 is a touch panel that includes a liquid crystal display, and switches a screen by touching a predetermined position on the display.

FIG. 5 shows an example of a screen at the time of copying. The mode switching unit 501 can switch modes such as copy 502, fax 503, and electronic payment 504. When the copy 502 is selected, the status of the device is displayed on the display unit 505. 50
Reference numeral 6 denotes a copy magnification setting unit, and the set magnification is displayed on the display unit 509. Reference numeral 507 denotes a paper size selection unit, and the selected paper size is displayed on the display unit 510. Reference numeral 508 denotes a copy mode selection unit for copying. The number of copies set on the numeric keypad (not shown) is 5
11 is displayed.

At the time of electronic settlement, the operation unit 600 shown in FIG.
Electronic payment mode 604 is selected. The status display unit 605 displays a message urging signature authentication, and a series of procedures is displayed on the procedure display unit 606. Procedure display section 606
For example, the credit card is placed on the scanner 202 (specifically, the platen glass 302 shown in FIG. 3) with the credit card surface 400 facing up according to the instructions shown in FIG.

Here, when an OK button 607 is pressed, the self-signature 408 and the member number 409 written on the back surface 405 of the credit card are read in advance. At this time, the self-signature 408 and the member number 409 are subjected to character recognition by character recognition processing. When the reading is completed, as shown in FIG.
“Reading completed” is displayed on the status display unit 705.

When the reading is completed, the signature verification sheet 801 for authentication shown in FIG. 8 is discharged from the printer unit of the main body. The signature collation form 801 includes a member number column 80
2. There is a name column 803 in which a member number and a name that have been subjected to read character recognition processing are described. However, the member number column 802 and the name column 803 are not necessarily required. The signature collation sheet 801 has a self-signed column 804 in which a self-signed one written on a credit card is self-signed. FIG. 9 shows a state in which the self-signature 905 is self-signed in the self-signature column 904.

After finishing the self-signing, the signature collation sheet 801 is placed on the scanner 202 with the character portion facing down. More specifically, as shown in FIG. 10, the signature collation paper 801 is placed on the platen glass 1002 of the scanner unit 1001 by the abutting unit 1.
It is preferable that the positions of 003 coincide with each other. However, it is not necessary to take this into account in a device having a document orientation detection / correction function. In addition, position correction may be performed by rotation or the like during the character recognition processing.

After arranging the self-signed signature collation sheet 901 at a predetermined position on the scanner unit 1001, according to the instruction shown on the procedure display unit 1106, as shown in FIG.
A button 1107 is pressed.

The device controller 204 collates the self-signature 408 described in the credit card in advance with the self-signature 905 described in the signature collation sheet 901.
The matching method may be a well-known pattern matching, and is not limited thereto.

Since the self-signature 408 and the self-signature 905 have different sizes, when the self-signature 408 is read by the scanner 202, the device controller 204 changes the size to a desired size, or the self-signature 905 is transmitted to the device controller 204. For example, the matching operation may be performed by changing the size to a desired size.

When the collation is completed by the above operation, FIG.
As shown in the figure, "collation completed" is displayed on the status display section 1205, and the collation rate is displayed on the collation rate display section 1206. Further, when the identity is recognized based on the collation rate, the fact that the user is authenticated is displayed on the procedure display unit 1207, and electronic settlement is performed by the device controller 204. The criteria for determining the personality are variable and can be set according to the importance of the settlement.

Further, when the collation rate becomes 100%, it is possible to determine that the self-signature is forged and determine that the settlement is impossible. With this setting, it is possible to suppress settlement using a copy (copy) of the self-signature.

On the other hand, when the personality is not recognized, the electronic settlement is not performed. In addition, the operation record is left in the memory 205 or the hard disk 206 to prepare for a tracing search for unauthorized use. Further, a notification may be sent to an appropriate organization via the support center 102 or the like.

In the present embodiment, the multi-function machine for performing digital processing has been described. However, the machine for performing analog processing may be any machine equipped with a device controller having a network interface.
The foregoing is feasible. In the present embodiment, a credit card has been described as an example, but the present invention is not limited to this.

According to the present embodiment, a multi-function machine 20 having a network interface
By performing handwritten signature authentication using 0, electronic payment can be made from a multimedia terminal or the like used by an unspecified number of people installed in a convenience store or supermarket. In addition, biometrics (biological information) that authenticates based on human characteristics is used as a means of confirming personality
Since the authentication system is used, the confirmation accuracy of the identity is improved, and the security in electronic payment is improved. Furthermore, since a handwritten signature is performed on paper, unlike a tablet or a digitizer, the trajectory of a character can be followed, so that signature verification can be performed as if writing a character on a daily basis.

(Second Embodiment) In the first embodiment,
Self-signed 408 written on credit card in advance
Is compared with the handwritten signature 905 which is not described in advance. However, in order to further improve the security level, the signature management server 114 may be compared with a self-signed signature registered in advance. With this configuration, the security level can be further improved.

(Third Embodiment) In the first embodiment,
Although a static signature check such as pattern matching is used as an authentication method, a dynamic signature check may be used. The dynamic signature verification uses, for example, three-dimensional time-series information peculiar to an individual, such as a signature shape, speed, writing order, and pen pressure. Although it is possible to imitate the shape of the sign to some extent, the writing speed, writing order, pen pressure, etc., are highly dependent on the individual, so this is an effective means for authenticating personality.

For example, self-signed 408 written in advance on the credit card and handwritten signature 905 not described in advance are collated by static signature collation. The security level can be further improved by employing a configuration in which a self-signed certificate registered in advance is verified by dynamic signature verification.

[0054]

As described above, according to the present invention,
Since the first character string described in advance and the second character string described on the medium are compared to determine whether they are the same or not, when electronic settlement is performed, Since it is possible to confirm whether or not the person who performs the procedure is the person, the security of electronic settlement can be improved.

According to another feature of the present invention, a first character string described in advance, a second character string described on a medium, and a second character string stored in an external storage device in advance. Since it is determined whether the character strings are the same or not by collating with the character string of No. 3, the security of the electronic settlement can be further improved when performing the electronic settlement.

[Brief description of the drawings]

FIG. 1 is a block diagram of a character string authentication system according to the present invention.

FIG. 2 is a block diagram illustrating a configuration of a multifunction machine.

FIG. 3 is a schematic sectional view of a reader (reading) unit and a printer.

FIG. 4 is a schematic diagram of a credit card.

FIG. 5 is a schematic view showing an operation unit screen of the multifunction machine.

FIG. 6 is a schematic diagram showing an operation unit screen of the multi-function machine.

FIG. 7 is a schematic diagram showing an operation unit screen of the multifunction machine.

FIG. 8 is a schematic view of a signature authentication sheet.

FIG. 9 is a schematic view of a signature authentication sheet.

FIG. 10 is a schematic diagram illustrating a procedure for reading a signature collation sheet with a scanner.

FIG. 11 is a schematic diagram showing an operation unit screen of the multifunction machine.

FIG. 12 is a schematic view showing an operation unit screen of the multifunction machine.

[Explanation of symbols]

101 Internet (communication network) 102 Support Center 103 Sales Company 104 web server 105 Electronic Money Server 106 financial institutions (banks, etc.) 107 Service Provider 108 Firewall 109 Device management server 110 File Server 111 mail server 112 PC 113 Printer 114 Signature Management Server 200 multifunction machine 201 Operation unit 202 Image Scanner 203 Printer 204 Device Controller 205 memory 206 Hard Disk

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) // G06F 15/00 330 G06F 15/00 330B

Claims (12)

[Claims] 1. A medium supply means for supplying a medium for writing a character string, and a first means for reading a first character string described in advance
Character string reading means, a second character string reading means for reading a second character string written on a medium supplied from the medium supply means, and a first character string reading means. A character string collating means for collating the first character string with the second character string read by the second character string reading means; and 1
A character string authentication system, comprising: a determination unit configured to determine whether the character string is the same as the second character string. 2. The first character string reading means or the second character string reading means.
2. The character string authentication system according to claim 1, wherein the character string reading means has a scaling function. 3. The first character string reading means or the second character string reading means.
The character string authentication system according to claim 1, wherein the character string reading means has a character recognition function. 4. The character string authentication system according to claim 1, wherein a criterion of said determination means can be changed. 5. The character string authentication system according to claim 1, wherein the determination unit can make the determination result unacceptable when the matching degree in the character string matching unit is complete. . 6. A medium supply means for supplying a medium for writing a character string, and a first means for reading a first character string described in advance.
Character string reading means, a second character string reading means for reading a second character string written on a medium supplied from the medium supply means, and a third character stored in an external storage device in advance Transmission request means for requesting transmission to receive a string; reception means for receiving the third character string requested by the transmission request means; and the first character string read by the first character string reading means. Character string matching means for comparing the first character string, the second character string read by the second character string reading means, and the third character string received by the receiving means, Based on the collation result of the character string collation means, the first
A character string authentication system comprising: a determination unit configured to determine whether the character string of the second character string, the second character string, and the third character string are the same. 7. The apparatus according to claim 1, wherein the character matching unit is configured to select one of the first character string, the second character string, and the third character string.
7. The character string authentication system according to claim 6, wherein the collation is performed by three combinations. 8. The first character string reading means or the second character string reading means.
7. The character string authentication system according to claim 6, wherein the character string reading means has a scaling function. 9. The first character string reading means or the second character string reading means.
The character string authentication system according to claim 6, wherein the character string reading means has a character recognition function. 10. The character string authentication system according to claim 6, wherein a criterion of said determination means can be changed. 11. The character string authentication system according to claim 6, wherein the judgment unit can make the judgment result unacceptable when the degree of coincidence of the collation by the character string collation unit is perfect. . 12. A character having three or more types of character strings and a plurality of matching means for matching two or more of the character strings, wherein the matching means is changed according to a combination of the character strings. Column authentication system.