JP2015213288A - Optical code, information transmission method, and authentication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an optical code with high confidentiality, requiring less labor for encryption/decryption.SOLUTION: Secret information D is encrypted to encrypted data Dx. A decryption key X required for decrypting the encrypted data Dx is encrypted to an encryption decryption key Xp with a public key P of a disclosure object person and is stored in an optical code together with public key information with which the encrypted data Dx, the encryption decryption key Xp, and the public key P may be identified. The optical code enable the disclosure object person who has a secret key p to decrypt the encryption decryption key Xp to the decryption key X and easily decrypt the encrypted data Dx to the secret information D.

Description

  The present invention relates to an optical code including confidential information that can be read only by a limited number of people, an information transmission method using the optical code, and an authentication method.

  Standards of general optical codes are standardized, and anyone can know the recorded contents by reading data using a smart phone or a mobile phone as a reading device. On the other hand, an optical code including confidential information disclosed only to those who have special authority has also been proposed (for example, Patent Document 1). The optical code described in Patent Document 1 stores confidential information encrypted with a common key so that an optical code reader that does not store the common key cannot read the confidential information.

  The inventor has also proposed a multi-valued two-dimensional code that can store data of 2 bits or more in one module. Specifically, a multilevel two-dimensional code is proposed in which a module is subdivided into fine regions (submodules) and color-coded in units of submodules (for example, Patent Document 2). In addition, a multilevel two-dimensional code in which modules are arranged in four or more colors has also been proposed (for example, Non-Patent Document 1).

JP 2009-9547 A JP 2014-85777 A Computer Security Symposium 2012 Proceedings CD 309-316 Publication place: IPSJ Published October 23, 2012

  By the way, in the optical code described in Patent Document 1, a common key is normally shared between the creator of the optical code (the sender of confidential information) and the disclosure target person (information receiver) who discloses the confidential information. Using the same common key repeatedly, an optical code for storing various information is created and information is transmitted. Here, with such an optical code, there is a risk of leakage to a third party when a common key is transferred between the optical code creator and the disclosure subject. In addition, when a malicious third party succeeds in reading confidential information even once by a brute force attack, not only the confidential information but also the information of the common key is leaked, and the same common key is used. There is a risk that all encrypted confidential information may be leaked. On the other hand, it is also proposed to encrypt the secret information with a public key (asymmetric key) instead of the common key, but using the public key increases the time for encryption and decryption. There's a problem.

  The present invention has been made in view of the present situation, and an object of the present invention is to provide an optical code that is highly confidential and requires less encryption and decryption.

  The present invention provides encrypted data obtained by encrypting secret information, at least one encryption / decryption key obtained by encrypting a decryption key for decrypting the encrypted data into the secret information with a public key, and the public key The optical code is characterized in that it stores public key information that can identify the key. Here, the public key information may be any information that allows the disclosure target person's reading device to identify the public key, and the public key itself may be included in the public key information.

  Since the optical code can be read only by the owner of the secret key that is paired with the encrypted public key of the encryption / decryption key, the creator of the optical code can use the public key of the person to be disclosed. If it uses, the optical code which can be read only by the said disclosure subject can be created. In such a configuration, the creator can create an optical code by obtaining the disclosure subject's public key, and the disclosure subject does not need to inform the creator of his / her private key, so it is necessary to read confidential information. The risk of leaking a secret key is low. For this reason, the optical code of the present invention has excellent secrecy compared to the conventional configuration.

  In the optical code of the present invention, the secret information is not encrypted with the public key of the person to be disclosed, and only the decryption key necessary for decrypting the secret information is encrypted with the public key. For this reason, in the present invention, the amount of data encrypted using the public key can be minimized, and encryption and decryption can be executed in a short time.

  In the present invention, the reading device reads the public key information stored in the optical code, and the public key specified by the public key information is paired with the secret key stored in the reading device. By determining whether or not, it is possible to determine whether or not the confidential information stored in the optical code can be read. For this reason, the optical code of the present invention has an advantage that it can be easily determined whether or not it can be read without trial and error.

  In the present invention, since the decryption key for decrypting the encrypted data is encrypted and stored in the optical code, a different decryption key can be used for each optical code. For this reason, even if a malicious third party succeeds in decrypting the encrypted data by brute force attack and knows the decryption key stored in the optical code, the confidential information stored in the other optical code is not stored. There is an advantage of not leaking.

  In the present invention, it is proposed that the decryption key is a common key used for encrypting the secret information.

  In such a configuration, since the encryption key used for encryption of the confidential information can be used as it is as a decryption key, it is possible to reduce the trouble of creating the optical code.

  Further, in the present invention, the secret information can be disclosed to a plurality of disclosure subjects who do not have a common secret key, and a plurality of public information pairs with a secret key possessed by each disclosure subject. A plurality of encryption / decryption keys, each of which is obtained by encrypting the decryption key using a key, are stored, and the public key information includes the public key used for generating the plurality of encryption / decryption keys. It is proposed that the information can be specified for each decryption key.

  In such a configuration, a plurality of disclosure subjects who do not share a secret key can read confidential information stored in the optical code using the secret key possessed by the individual. Further, such an optical code has an advantage that even if confidential information can be disclosed to a plurality of disclosure subjects, the secret key possessed by each disclosure subject does not leak to other disclosure subjects. In addition, although a plurality of encryption / decryption keys are stored in such an optical code, since only one encrypted data is stored, confidential information is disclosed to a plurality of disclosure targets without greatly increasing the amount of data. There is an advantage that you can. Further, since each disclosure target person can know which encryption / decryption key should be decrypted with the private key possessed by each person based on the public key information, the confidential information can be read in a short time.

  Further, in the present invention, at least one of the encryption / decryption keys is obtained by multiplexing the decryption key with a plurality of public keys, and the public key information is multiplexed with the plurality of public keys. It is proposed that the encrypted encryption / decryption key includes information capable of specifying the plurality of public keys and an order in which the plurality of public keys are used for encryption.

  In such a configuration, when possessing a different secret key for each group, it becomes possible to select a person who belongs to a plurality of groups as a subject of disclosure of confidential information. For example, in the case where a person who overlaps with the first group and the second group is to be disclosed, a first public key that is paired with a secret key possessed only by members of the first group, A double-encrypted encryption / decryption key is generated using a second public key paired with a private key possessed only by members of the second group. Since the decryption of the encryption / decryption key requires the secret key of the first group and the secret key of the second group, only the disclosure subject belonging to the first group and the second group overlaps. Can decrypt the encryption / decryption key. In such a configuration, since the public key information includes the use order of the public keys used for the multiple encryption of the encryption / decryption key, the use order of the public key is determined by trial and error. Can be decrypted without

  In addition, the optical code of the present invention has two modules in one module by arranging modules arranged in a matrix in four or more colors and / or subdividing into fine areas. It is proposed to be a multi-valued two-dimensional code configured to be able to store more than bits.

  In such a configuration, since a large amount of data can be stored compared to a normal two-dimensional code having the same number of modules, the size of the optical code is increased, or the area for storing the encrypted data is limited. In addition, it is possible to secure a sufficient area for storing data such as public key information and encryption / decryption keys.

  In addition, when the optical code of the present invention is a multi-valued two-dimensional code, a set of bits at the same position in a bit string of 2 bits or more stored in each module stores one bit in one module. Represents an optical code on the data, and the encrypted data, the encryption / decryption key, and the public key information are stored in a plurality of optical codes on the data represented by the set of bits at the same position. The encrypted data is stored in an optical code on the data different from the encryption / decryption key and the public key information, and the optical code on the data storing the encrypted data is stored in the secret An optical code on data for storing information is XORed with a predetermined encryption mask pattern to invert a part of the bit pattern to encrypt the confidential information. , The decryption key, the encrypted mask pattern to be information capable of specifying is proposed.

  In such a configuration, since the confidential information is encrypted and decrypted by the same XOR operation as the normal mask processing performed at the time of generating the optical code, the multi-value is compared with the case of performing individual encryption processing. It is possible to reduce the trouble of generating or reading a two-dimensional code. In addition, the optical code of the present invention can generate a large number of encryption mask patterns that can withstand a brute force attack, so that sufficient confidentiality can be ensured.

  As another aspect of the present invention, as a preparation stage, a receiver of secret information generates a secret key and a public key that is paired with the secret key in a portable communication terminal having a photographing function, and the secret key is stored as secret information. The secret information is disclosed to the sender of the information in association with the recipient's identification information, and the secret key is stored in the portable communication terminal, and the secret information sender encrypts the secret information and encrypts the encrypted data. Creating a decryption key for decrypting the encrypted data into the secret information with the public key to generate an encryption / decryption key; and a sender of the secret information, Creating an optical code for storing the encryption / decryption key and public key information that can identify the public key, and disclosing the optical code to a receiver of the secret information; and a receiver of the secret information, Mobile communication terminal And reading the optical code using the secret key, decrypting the encrypted decryption key into the decryption key with the secret key, and decrypting the encrypted data into the secret information with the decryption key. An information transmission method is proposed. Here, as a method of disclosing the optical code, the sender of the confidential information not only distributes the paper medium on which the optical code is printed, but also enables the optical code image to be viewed on a website or distributed by e-mail. To include.

  This method is an information transmission method via the optical code of the present invention, but the receiver of the confidential information (disclosure target person) uses the mobile communication terminal used to create the secret key for reading the optical code. By keeping the secret key in the mobile communication terminal without outputting it to the outside at all, the secrecy can be further enhanced.

  Further, as another aspect of the present invention, as a preparation stage, the members belonging to the group are notified of the common secret key and the public key paired with the secret key, and the public key is sent to the secret information sender. And the secret information sender encrypts the secret information having the members belonging to the group as the secret information receiver, creates encrypted data, and decrypts the encrypted data into the secret information. Encrypting a decryption key for use with the public key to generate an encrypted decryption key, and a sender of the secret information specifies the encrypted data, the encrypted decryption key, and the public key Proposing an optical code for storing possible public key information, and disclosing the optical code to the members.

  That is, this method is an information transmission method for transmitting confidential information limited to members of a required group via the optical code method. Since this information transmission method uses the optical code, it is excellent in secrecy.

  Further, as another aspect of the present invention, a step in which a predetermined communication terminal transmits information including identification information of the person to be authenticated to the server of the authenticator via the Internet, and the person to be authenticated received by the server A public key that is paired with a secret key stored in the portable communication terminal of the person to be authenticated based on the identification information of the person to be authenticated, and encryption obtained by encrypting the authentication information for authenticating the person to be authenticated Data, an encryption / decryption key obtained by encrypting a decryption key for decrypting the encrypted data with the public key, and public key information for specifying the public key used to generate the encryption / decryption key And the server transmits information including the encrypted data, the encryption / decryption key, and the public key information to the predetermined communication terminal via the Internet, A communication terminal An optical code for storing the encrypted data, the encryption / decryption key, and the public key information on the display screen based on the information received from the server; The communication terminal reads the optical code displayed on the display screen, decrypts the encryption / decryption key into the decryption key with the secret key, and decrypts the encrypted data into the authentication information with the decryption key An authentication method is proposed, comprising: a step; and the portable communication terminal of the person to be authenticated accesses the server via the Internet to perform authentication based on the authentication information.

  In such an authentication method, a person who wants to be authenticated without entering a password or the like is used by the person to be authenticated by using the portable communication terminal of the person to be authenticated that stores the secret key. Confirm identity.

  In the authentication method, it is proposed that the portable communication terminal of the person to be authenticated has a biometric authentication function that can identify the person to be authenticated. With this configuration, it is possible to prevent a malicious third party from impersonating the unauthorized person using the portable communication terminal of the person to be authenticated by using the biometric authentication function.

  As a specific example of the authentication method, it is proposed that the certifier is a bank, the person to be authenticated is an account holder of the bank, and the predetermined communication terminal is a personal computer. Is done.

  Conventionally, in bank online transactions, it is confirmed that the trader who operates the communication terminal is the account holder by entering the password. However, in this method, the password is leaked when entering the password. There is a fear. On the other hand, in such a configuration, the identity verification can be performed without leaking the secret key, so that the identity authentication can be performed more safely than before.

  As another example of the authentication method, the authenticator is a credit card company, the authenticated person is a member of a credit card of the credit card company, and the predetermined communication terminal is a store It is a POS terminal, and it is proposed that the identification information of the person to be authenticated is credit card information of the person to be authenticated.

  Conventionally, when making a credit card payment at a store, identity verification is performed by entering a signature or PIN code, but the signature may not be sufficiently verified by the store clerk, and the PIN code may be leaked when entered There is. On the other hand, in such a configuration, the identity verification can be performed without leaking the secret key, so that the identity authentication can be performed more safely than before.

  As another example of the authentication method, the server of the authenticator is a cash voucher management server, the person to be authenticated is a bearer of a registered cash voucher, and the predetermined communication terminal is the registered name It is proposed to be a terminal for confirming the type of cash voucher.

  In such a configuration, it is easy and safe to confirm the identity of the user for various vouchers such as admission tickets, shareholder special coupons, gift certificates, traveler's checks, etc. Can be done.

  As described above, according to the present invention, it is possible to provide an optical code that is highly confidential and can be easily encrypted and decrypted, and by using such an optical code, a highly confidential information transmission method. And an authentication method can be realized.

(A) is the schematic of the optical code 1 of Example 1, (b) is explanatory drawing which shows each area | region of the optical code 1 of Example 1 according to the function according to the pattern. It is explanatory drawing which shows the outline | summary of the transmission method of the confidential information D by the optical code. (A) is explanatory drawing which shows the encryption procedure in the optical code 1, (b) is explanatory drawing which shows the decoding procedure in the optical code 1. FIG. 6 is a chart showing a structure of stored data stored in an optical code 1. 3 is a flowchart showing a procedure for generating an optical code 1; (A) is a block diagram which shows the function of the reading program of the optical code 1, (b) is a chart which shows the content of a public key-private key list. 3 is a flowchart showing a procedure for reading an optical code 1; It is explanatory drawing which shows the outline | summary of the transmission method of the confidential information D by the optical code 1a of Example 2. FIG. (A) is explanatory drawing which shows the encryption procedure in the optical code 1a, (b) is explanatory drawing which shows the procedure for the subject person AB to decrypt the optical code 1a, and (c) is the disclosure. It is explanatory drawing which shows the procedure in which the subject C decodes the optical code 1a. It is a graph which shows the structure of the storage data memorize | stored in the optical code 1a. FIG. 10 is an explanatory diagram illustrating a public key registration procedure in the authentication system according to the third embodiment. It is explanatory drawing which shows the customer authentication procedure in the authentication system of Example 3. It is explanatory drawing which shows the authentication procedure of a member in the authentication system of Example 4. (A) is the schematic of the multi-valued two-dimensional code 2 of Example 2, (b) is explanatory drawing which shows each area | region of the multi-valued two-dimensional code 2 of Example 2 according to a pattern according to a function. is there. It is a chart which shows the contents of 16 kinds of standard colors. 3 is a conceptual diagram showing a data structure of a multi-valued two-dimensional code 2; 4 is a chart showing a structure of data stored in a multi-valued two-dimensional code 2. It is a flowchart which shows the production | generation procedure of the multi-valued two-dimensional code 2. It is a flowchart which shows the processing content of an encoding process. It is a graph which shows the content of an encoding table. It is a flowchart which shows the reading procedure of the multi-valued two-dimensional code 2.

  Embodiments of the present invention are described according to the following examples.

  The optical code 1 of this embodiment is obtained by applying the present invention to a QR code (registered trademark), and the basic configuration is the same as that of the QR code. Specifically, as shown in FIG. 1A, the optical code 1 is formed by arranging 21 square modules 4 in a matrix form, vertically and horizontally. The module 4 of the optical code 1 includes a light color module 4a arranged in a light color (white) and a dark color module 4b arranged in a dark color (black). As shown in FIG. 1B, the optical code 1 is composed of a functional pattern 7 and a coding area 8. The function pattern 7 is an area in which the color arrangement pattern of the module 4 is determined in advance, and includes a position detection pattern 11, a separation pattern 12, a timing pattern 13, and the like that assist optical reading of the optical code 1. The encoding area 8 is an area in which data is recorded according to the color arrangement pattern of each module 4, and a data code area 14 in which data code words and error correction code words are recorded, and codes indicating format information and model number information. The format information code area 15 is arranged. Since these configurations conform to the JIS standard for JIS codes (JIS X 0510: 2004), detailed description is omitted.

  The optical code 1 of the present embodiment sets a specific individual P as a disclosure subject of the confidential information D. As shown in FIG. 2, the optical code 1 is encrypted by using the public key P that is paired with the private key p possessed by the disclosure subject P at the time of creation, so that only the disclosure subject P can read the optical code 1. The secret information D stored in 1 can be read. Specifically, as shown in FIG. 3A, the secret information D is encrypted into the encrypted data Dx using the randomly generated common key X, and the common key X is further disclosed by the disclosure target person P. The encryption / decryption key Xp is encrypted with the public key P, and the encrypted data Dx is stored in the optical code 1 together with the encryption / decryption key Xp. As shown in FIG. 3B, since the disclosure target person P can decrypt the encryption / decryption key Xp into the common key X with the private key p possessed by the person to be disclosed, the encryption stored in the optical code 1 Data Dx can be decrypted into confidential information D.

  FIG. 4 shows the structure of stored data recorded in the data code area 14 of the optical code 1. The stored data includes a data part that stores actual data and an index part that indicates the position and size of each data included in the data part. In the data code area 14 of the optical code 1, the stored data is encoded and recorded with a correction code word attached.

  As described above, the data stored in the data part includes the encrypted data Dx obtained by encrypting the confidential information D and the common key X used for generating the encrypted data Dx by the public key P of the disclosure target person P. The encrypted encryption / decryption key Xp is included. The common key X is randomly generated when the optical code 1 is generated, and is used for both encryption and decryption of the confidential information D. This common key X is used only by the optical code 1 and is not reused by other optical codes. The data stored in the data portion includes public key information that can specify the public key P obtained by encrypting the encryption / decryption key Xp. According to such public key information, when the optical code 1 is read, whether or not the optical code 1 can be read only by confirming whether or not the private key p paired with the public key P is possessed. Can be easily determined. In the present embodiment, the public key P of the disclosure subject person P itself is stored as public key information.

Hereinafter, a method for generating the optical code 1 of the present embodiment will be specifically described.
As described above, the optical code 1 of the present embodiment stores the stored data in a QR code, and the optical code 1 generation method stores a step of generating stored data and the stored data. A step of generating a QR code. As described above, since the public key P of the disclosure target person P is necessary for the generation of the optical code 1, the creator of the optical code 1 creates the public key of the disclosure target person P in creating the optical code 1. P must be obtained from the person or a trusted third party.

Specifically, the optical code 1 can be generated by a computer or the like executing steps S1 to S8 shown in FIG. Hereinafter, steps S1 to S8 in FIG. 5 will be described.
Step S1: Preparation of confidential information The confidential information D disclosed only to the disclosure target person P is prepared.
Step S2: Preparation of Public Key Prepare public key P of disclosure subject person P. When the public key P of the disclosure subject person P is stored, the stored public key P is read out. If the public key P is not stored, the public key P is obtained by a reliable method. If possible, it is desirable to confirm with the certificate authority that the public key P to be used is that of the disclosure target person P.
Step S3: Generating a common key A common key X used to encrypt the secret information D is generated. The common key X is used only for encryption of the secret information D and is randomly generated.
Step S4: Generation of Encrypted Data The secret information D is encrypted into the encrypted data Dx using the generated common key X.
Step S5: Generation of Encryption / Decryption Key The common key X used for generation of the encrypted data Dx is encrypted using the public key P of the disclosure subject person P to generate the encryption / decryption key Xp.
Step S6: Generation of Public Key Information Public key information that enables the reading device to identify the public key P used for encryption is generated. In this embodiment, since the public key P itself is used as public key information, this step is not necessary.
Step S7: Generation of Storage Data Index data is assigned to the encrypted data Dx, the encryption / decryption key Xp, and the public key information to generate the storage data shown in FIG.
Step S8: Creation of Optical Code An optical code 1 for storing the created stored data is generated. Since these steps are the same as the existing QR code creation method, a detailed description is omitted.

  The optical code 1 created by the above method can be read by the disclosure subject P by distributing, posting, or faxing a paper print, sending an image by e-mail, or posting it on a website. It can be disclosed in a readable state by the apparatus. The confidential information D stored in the optical code 1 cannot be read by anyone other than the disclosure target person P. Therefore, the optical code 1 itself is not only disclosed to the disclosure target person P but also published in a newspaper or a magazine. Thus, it can also be widely disclosed in a form that includes non-disclosure subjects.

Below, the reading method of the optical code 1 of a present Example is demonstrated concretely.
The optical code 1 of the present embodiment can use a smartphone (mobile communication terminal) in which a reading program is installed as a reading device. The reading program has a plurality of functions as shown in FIG. Hereinafter, each function of the reading program will be described.
(1) Generation of public key and secret key A function for generating a pair of a public key and a secret key used for generating / reading an optical code. The secret key created here is stored without being output outside the apparatus.
(2) Download of public key and private key A function for downloading a public key and private key pair used for generating / reading an optical code from the outside via a communication function of a smartphone. The download of the public key and the private key is executed after performing secure authentication so that the private key is not leaked to a third party.
(3) Storage of public key and private key This function stores a public key / private key pair generated in the apparatus or downloaded from outside the apparatus in a public key-private key list. In the public key-private key list, as shown in FIG. 6B, the public key and the secret key corresponding to the public key are stored in association with each other. This public key-private key list is encrypted so that it cannot be referenced from outside the program and cannot be externally output.
(4) Public Key Notification This function notifies the public key stored in the public key-private key list to others via the communication function of the smartphone. With this function, the public key generated in the apparatus can be used by the creator of the optical code.
(5) Reading of optical code This is a function of taking an optical code by a photographing function of a smartphone and reading stored data stored in the optical code. Such a function is the same as an existing QR code reading program.
(6) Decryption of confidential information This is a function for decrypting confidential information D based on public key information or the like stored in stored data. A detailed decoding procedure will be described later.

The optical code 1 of a present Example can be read with the said smart phone through the step of S11-S17 shown in FIG. Hereinafter, steps S11 to S17 in FIG. 7 will be described.
Step S11: Shooting optical code Optical code 1 is shot with a smartphone.
Step S12: Reading Stored Data The smartphone reads stored data stored in the optical code 1 in accordance with an existing QR code reading method. Up to this step, it can be realized by a normal QR code reading program.
Step S13: Reading of the data part The smartphone reads the information stored in the index part, and extracts the public key information (public key P), the encryption / decryption key Xp, and the encrypted data Dx.
Step S14: Confirmation of Public Key-Private Key List The smartphone determines whether the public key P included in the public key information is stored in the public key-private key list. If it is determined that the public key P is not stored in the public key-private key list, the confidential information D cannot be read, so that information is displayed on the display screen, and the optical code 1 reading process is terminated. To do. If it is determined that the public key P is stored in the public key-private key list, the process proceeds to step S15.
Step S15: Decryption of Encryption / Decryption Key The smartphone reads out the secret key p paired with the public key P from the public key-private key list, and uses the secret key p to convert the encryption / decryption key Xp into the common key X. To decrypt.
Step S16: Decryption of Encrypted Data The smartphone decrypts the encrypted data Dx into the original secret information D using the decrypted common key X.

  As described above, the confidential information D included in the optical code 1 of the present embodiment can be read only by a reading device (smart phone) that stores the secret key p of the disclosure subject person P. Here, since the optical code 1 can be generated as long as the public key P of the disclosure target person P can be obtained, the disclosure target person P does not need to notify the creator of the optical code 1 of the secret key p. Therefore, if information is transmitted via the optical code 1, the risk of information leakage can be reduced as compared with the conventional configuration.

  Further, the optical code 1 of the present embodiment does not encrypt the secret information D itself with the public key P, but encrypts the common key X obtained by encrypting the secret information D with the public key P. Thus, there is an advantage that the encryption process and the decryption process can be minimized, and the process of creating and reading the optical code 1 is not complicated. In particular, in this embodiment, since the common key X is used for encryption of the secret information D, there is an advantage that the encryption / decryption key Xp can be easily generated from the common key X used for encryption of the secret information D. .

  Further, since the optical code 1 of the present embodiment includes public key information for specifying the public key P used for encryption of the encryption / decryption key Xp, a reading device is used when the optical code 1 is read. It is possible to easily determine whether the (smart phone) stores the secret key P necessary for decrypting the encryption / decryption key Xp, and there is an advantage that it is not necessary to perform trial and error when decrypting the encryption / decryption key Xp. .

  In addition, since the optical code 1 of the present embodiment uses the one-time common key X for encrypting the confidential information D, a malicious third party successfully decrypts the encrypted data Dx by a brute force attack. Even in this case, it is possible to secure the secret state of the secret key p of the disclosure subject person P, and to prevent leakage of other information disclosed to the disclosure subject person P.

  The optical code 1a of this embodiment is obtained by changing the data stored in the optical code 1 of the first embodiment. This optical code 1a is used when confidential information is disclosed to a plurality of disclosure subjects. Specifically, as shown in FIG. 8, the optical code 1a according to the present embodiment includes a person who belongs to both the group A and the group B (disclosure target AB) and a person who belongs to the group C (disclosure target). The person C) is the disclosure target person of the confidential information D. Specifically, each member of the groups A, B, and C is made public in advance to make a pair with the secret keys a, b, and c of the groups A to C to which the members belong. A pair of keys A, B, and C is notified. In the optical code 1a of the present embodiment, as shown in FIG. 9A, the common key X used to encrypt the secret information D into the encrypted data Dx is used as the public key A of the group A. The encryption / decryption key Xa is encrypted, and the encryption / decryption key Xa is encrypted to the encryption / decryption key Xab using the public key B of the group B. Further, the same common key X is encrypted into the encryption / decryption key Xc using the public key C of the group C. Then, the encrypted data Dx is stored in the optical code 1 together with the two encryption / decryption keys Xab and Xc. The encryption of the confidential information D is the same as that in the first embodiment. As shown in FIG. 9B, the disclosure subject AB that overlaps with the group A and the group B uses the secret key a of the group A and the secret key b of the group B to share the encryption / decryption key Xab. Since the key X can be decrypted, the encrypted data Dx stored in the optical code 1 can be decrypted into the confidential information D. Further, as shown in FIG. 9C, since the disclosure subject C belonging to the group C can decrypt the encryption / decryption key Xc into the common key X using the secret key c of the group C, it is stored in the optical code 1. The encrypted data Dx can be decrypted into the confidential information D.

  FIG. 10 shows a data structure of data stored in the optical code 1a. In this embodiment, two encryption / decryption keys Xab and Xc are stored in the data portion. The encryption / decryption key Xab is obtained by double-encrypting the common key X obtained by encrypting the encrypted data Dx with the public key A of the group A and the public key B of the group B. The other encryption / decryption key Xc is obtained by encrypting the common key X with the public key C of the group C.

  In this embodiment, the public key information includes three public keys A, B, and C used to generate the two encryption / decryption keys Xab and Xc, and each of the public keys A, B, and C and the encryption / decryption key. Calculation information for associating Xab and Xc is included. More specifically, the calculation information includes information indicating that the encryption / decryption key Xab is a double encryption of the two public keys A and B in the order of A → B, and the encryption / decryption key. And information indicating that Xc is encrypted with the public key C. According to such public key information, at the time of reading the optical code 1a, it is only necessary to confirm whether or not the reading device stores the secret keys a, b, c paired with the public keys A, B, C. It is possible to easily determine whether or not the optical code 1a can be read. In particular, the public key information includes calculation information that can specify the public keys A, B, and C used for encrypting the two encryption / decryption keys Xab and Xc for each of the encryption / decryption keys Xab and Xc. Thus, the reading device can know, without trial and error, which encryption / decryption keys Xab and Xc can be decrypted with the private keys a to c possessed by the reader. Further, since the calculation information includes the order in which the two public keys A and B are used for encryption with respect to the double-encrypted encryption / decryption key Xab, at the time of reading the optical code 1a, the reading device The encryption / decryption key Xab can be decrypted using the two secret keys a and b in an appropriate order without trial and error.

  Such an optical code 1a is distributed to each member of the groups A to C by distributing / posting / faxing what is printed on paper, sending an image by e-mail, or posting it on a website. If the information is disclosed in a readable state, the confidential information D can be transmitted to the disclosure target person. The confidential information D stored in the optical code 1a cannot be read by anyone other than the disclosure subject, and thus can be widely disclosed including the non-disclosure subject.

  The optical code 1a of the present embodiment can be read by a smartphone (portable communication terminal) in which the reading program described in the first embodiment is installed. Here, in this embodiment, since the members of the groups A to C share the secret keys a to c of the groups A to C to which they belong, preparation for transmitting the secret information D using the optical code 1a is performed. As a stage, members of each group A to C are allowed to download a pair of public keys A to C and secret keys a to c from a server operated by each group A to C using a reading program of a smartphone. A procedure for storing in the public key-private key list (see FIG. 6B) of the smartphone is performed. In addition, the public keys A to C notified to the members of the groups A to C can be downloaded by any person from a reliable server so that the creator of the optical code 1a (the sender of confidential information) can use it. Put it in a state. When using a group private key, a smartphone reading program accesses a predetermined authentication server to determine whether the secret key can be used in case the member leaves the group. You may comprise so that it may confirm. That is, only when the identification ID (student number, employee number, membership number, etc.) for each group given to the member is transmitted to the authentication server and confirmed to be a valid identification ID, the reading program is The secret information is read. This configuration is also effective when the secret key is leaked to anyone other than those who make up the group.

  As described above, in this embodiment, the optical code 1a includes a plurality of encryption / decryption keys Xab and Xc obtained by encrypting the common key X necessary for decryption of the secret information D with different public keys A, B, and C. Thus, a plurality of disclosure subjects (disclosure subject AB and disclosure subject C) having different secret keys a, b, and c can be set as disclosure targets of confidential information D. The optical code 1a of the present embodiment is created using the public keys A to C of the groups A to C, and the secret keys a to c of the groups A to C are unnecessary at the time of creation. There is an advantage that secret keys a to c necessary for decrypting D are difficult to leak. Further, in such a configuration, even if the confidential information D is disclosed to a plurality of disclosure subjects with one optical code 1a, the disclosure subject keeps the secret keys a, b, and c possessed by each disclosure secret from each other. I can leave. Further, since the optical code 1a only needs to store one piece of encrypted data Dx regardless of the number of persons to be disclosed, there is an advantage that the amount of data is hardly increased.

  The optical code 1a of the present embodiment stores an encryption / decryption key Xab obtained by multiply encrypting the common key X with the public key A of the member of the group A and the public key B of the member of the group B. Therefore, there is an advantage that a person who belongs to a plurality of groups A and B can be set as the disclosure target person AB of the confidential information D.

  In the first and second embodiments, the secret information is encrypted with the common key, and the encrypted common key is stored in the optical code as the encryption / decryption key. The secret information may be encrypted with the encryption key, and the decryption key corresponding to the encryption key may be stored in the optical code as the encryption / decryption key. In the first and second embodiments, the public key itself is stored as public key information. However, the public key information according to the present invention is public key as long as the public key can be specified on the reading side. There is no need to remember itself.

Next, an authentication system and an authentication method using the same optical code 1 as in the first embodiment will be described.
The authentication system of the present embodiment is incorporated in an online transaction system of a bank, and a bank customer (account holder) uses a communication terminal such as a personal computer to perform online transactions via the Internet 30. Is used to confirm that the operator is the account holder. Specifically, as shown in FIG. 12, the authentication system includes a bank WEB server 20, a database server 21 that stores a customer's public key, a personal computer 22 that the customer uses for online transactions, and a customer's possession. And a smartphone 23 (authenticated person's portable communication terminal). The WEB server 20, the personal computer 22, and the smartphone 23 are connected to the Internet 30, respectively.

  The WEB server 20 performs processing of all online transactions including customer identification. Further, the WEB server 20 includes a program for generating the optical code 1 of the first embodiment. The database server 21 stores the public key of each customer in association with customer information such as an account number, and is connected to the WEB server 20.

  The personal computer 22 is a general-purpose product, and is configured to be able to execute online transactions such as transfer by accessing the bank's WEB server 20 via the Internet 30 using a browser. The personal computer 22 may be a shared item that is used by other than the customer who conducts the online transaction.

  The smartphone 23 includes a camera (photographing function), a communication function for connecting to the Internet 30, and a biometric authentication function. In addition, an authentication program for performing an authentication procedure via the same optical code as in the first embodiment is installed in the smartphone 23. In this authentication program, the reading program described in the first embodiment is incorporated.

In such an authentication system, a procedure for registering the customer's public key in the database server 21 of the bank is required as a preparation stage for performing the authentication using the optical code. Specifically, in this embodiment, the customer's public key is registered in the database server 21 by sequentially executing the steps (1) to (6) in FIG. Details of the steps (1) to (6) are as follows.
(1) Application for authentication use The customer accesses the WEB server 20 of the bank via the authentication program of the smartphone 23, and makes a use application for authentication via the optical code. At this time, customer information such as an account number is also transmitted from the smartphone 23.
(2) Creation of authentication ID When the WEB server 20 receives an application for use of authentication, the WEB server 20 generates an authentication ID for the customer.
(3) Authentication ID notification The WEB server 20 transmits the generated authentication ID to the customer's smartphone 23.
(4) Generation / storage of private key and public key The authentication program of the smartphone 23 generates a private key / public key pair for use in authentication, and stores it in the public key-private key list in association with the received authentication ID. . As described above, the secret key generated here is stored in a state in which the secret key cannot be output to the outside of the smartphone 23 and cannot be referenced from other than the authentication program.
(5) Public Key Notification The authentication program of the smartphone 23 transmits an authentication ID and a public key to the WEB server 20.
(6) Storage of Authentication ID and Public Key The WEB server 20 stores the authentication ID and public key received from the customer's smartphone 23 in the database server 21 in association with customer information such as the customer's account number.

In the authentication system of the present embodiment, by sequentially executing the steps (1) to (11) in FIG. 12, the WEB server 20 authenticates that the operator of the personal computer 22 is the customer, and the personal computer 22 Allow online transactions at.
Details of the steps (1) to (11) are as follows.
(1) Authentication request A customer operates the personal computer 22 to access the bank WEB server 20 and inputs the authentication ID to request authentication via an optical code.
(2) Reading Public Key The WEB server 20 that has received the authentication request reads from the database server 21 the public key and customer information associated with the received authentication ID.
(3) Generation of authentication information The WEB server 20 generates authentication information used for customer authentication. The authentication information includes an authentication website address of the WEB server 20 and an authentication one-time password.
(4) Generation of optical code The WEB server 20 generates an optical code similar to that of the first embodiment using the public key as the confidential information. In other words, this optical code is intended for disclosure only for customers who have requested authentication, and the authentication information stored in the optical code is read only by the smartphone 23 that stores the private key of the customer who has requested authentication. Can do.
(5) Transmission of optical code The WEB server 20 transmits image data of the optical code to the personal computer 22 that has transmitted the authentication request.
(6) Display of optical code Based on the information received from the WEB server 20, the personal computer 22 displays the optical code on a display screen, and reads a message prompting the user to read the optical code and access the WEB server 20. Display on the display screen.
(7) Reading of optical code The customer operates the smartphone 23 and reads the optical code displayed on the display screen of the personal computer 22 by the authentication program.
(8) Authentication procedure based on authentication information The authentication program of the smartphone 23 decrypts the authentication information stored in the optical code using the secret key in the same manner as the reading method described in the first embodiment, and stores the authentication information in the authentication information. Based on this, the authentication website is accessed and the one-time password included in the authentication information is transmitted.
(9) Authentication When the WEB server 20 receives a one-time password from the smartphone 23 that has accessed the authentication website, it is determined that the authentication is successful. On the other hand, if the one-time password is incorrect, or if the authentication website is not accessed for a certain period of time after the optical code is transmitted to the personal computer 22, it is determined that the authentication has failed.
(10) Notification of authentication result The WEB server 20 transmits the authentication result to the personal computer 22 and displays the result on the display screen. If the authentication result is “success”, online transaction via the personal computer 22 is permitted.
(11) Online Transaction When the authentication result notified to the personal computer 22 is “success”, the customer operates the personal computer 22 to start an online transaction.

  As described above, in the authentication system of the present embodiment, by using the customer's smartphone 23, the bank side confirms that the operator of the personal computer 22 is the customer himself without causing the personal computer 22 to input a password or the like. Can authenticate. Therefore, if such an authentication system is used, even if the security of the personal computer 22 is not perfect, personal authentication can be performed safely and reliably in online transactions.

  Further, in such an authentication system, since the secret key necessary for reading the optical code is not generated by the customer's smartphone 23 and output to the outside, there is a low possibility that the customer's secret key is leaked. For this reason, in such an authentication system, the authentication information generated by the WEB server 20 can be reliably transmitted to the customer who is the disclosure subject without leaking to others.

  In this authentication system, since the smartphone 23 has a biometric authentication function, if the smartphone 23 is locked by the biometric authentication function so that only the user can use it, misuse by a third party can be prevented. Furthermore, since the customer carries the smartphone 23 on a daily basis, in the case of theft or loss, the customer can quickly notice and take countermeasures so that the secret key is not misused.

  This embodiment is a partial modification of the authentication system and authentication method of the third embodiment. The authentication system of the present embodiment is incorporated in a credit card settlement system, and is used to confirm that a credit card holder is a card holder when making a credit card settlement at a store. Specifically, as shown in FIG. 13, the authentication system includes a credit card company WEB server 20a, a database server 21a for storing a public key of a credit card member (hereinafter abbreviated as a member), a store POS terminal 24, credit card 25, and smartphone 23 owned by the member. Here, the WEB server 20a, the POS terminal 24, and the smartphone 23 are each connected to the Internet.

  The WEB server 20a is installed in a credit card company and performs overall credit card payment processing including identity authentication of a member (authenticated person). As will be described later, the authentication function of the WEB server 20a is substantially the same as that of the WEB server 20 of the third embodiment, and the WEB server 20a also includes a program for generating the optical code 1 of the first embodiment. Yes. The database server 21a stores each member's public key in association with member information such as a card number, and is connected to the WEB server 20a.

  The POS terminal 24 is installed in a supermarket or a convenience store, and has a card reader that can read the credit card information recorded on the credit card by a magnetic method or a non-contact method, and can display an optical code. A general-purpose display screen is provided.

  The smartphone 23 is substantially the same as that used in the authentication system of the third embodiment. The credit card 25 is an existing magnetic card or IC card. Detailed description thereof will be omitted.

  In such an authentication system, a procedure for registering the public key of the member who performs authentication using the optical code is required in the database server 21a of the credit card company as a preparation stage for performing authentication using the optical code. Since the public key registration procedure is substantially the same as that of the authentication system of the third embodiment (see FIG. 11), detailed description thereof is omitted.

In such an authentication system (settlement system), the steps of (1) to (13) in FIG. 13 are sequentially executed, so that the member is authenticated by the WEB server 20a and the settlement is performed. Details of the steps (1) to (13) are as follows.
(1) Reading credit card information A store clerk reads card information stored in a member's credit card using the card reader of the POS terminal 24.
(2) Payment request The POS terminal 24 transmits information necessary for payment such as a payment amount and card information to the WEB server 20a, and requests authentication via the optical code from the WEB server 20a.
(3) Reading Public Key The WEB server 20a that has received the authentication request reads the public key and member information associated with the received card information from the database server 21a.
(4) Generation of authentication information The WEB server 20a generates authentication information used for member authentication. The authentication information is the same as in the third embodiment.
(5) Generation of optical code The WEB server 20a generates an optical code using the authentication information as confidential information using the public key. Such steps are the same as in the third embodiment.
(6) Transmission of optical code The WEB server 20a transmits optical code image data to the POS terminal 24 that has transmitted the authentication request.
(7) Display of optical code Message that prompts the POS terminal 24 to display the optical code on the display screen based on the information received from the WEB server 20a and to read the optical code and access the WEB server 20a Is displayed on the display screen.
(8) Reading optical code The member operates the smartphone 23 and reads the optical code displayed on the display screen of the POS terminal 24 by the authentication program.
(9) Authentication procedure based on authentication information The smartphone 23 decrypts the authentication information stored in the optical code using the secret key, accesses the authentication website based on the authentication information, and is included in the authentication information. Send a one-time password. Such steps are the same as in the third embodiment.
(10) Authentication When the WEB server 20a receives a one-time password from a terminal that has accessed the authentication website, it is determined that the authentication is successful. On the other hand, if the one-time password is not correct, or if the authentication website is not accessed for a certain time after the optical code is transmitted to the POS terminal 24, it is determined that the authentication has failed.
(11) Settlement The WEB server 20a performs settlement according to the settlement request transmitted from the POS terminal 24 when the authentication is successful.
(12) Notification of result The WEB server 20a transmits the result of authentication and settlement to the POS terminal 24.
(13) Notification of result The POS terminal 24 displays the result of authentication and settlement received from the WEB server 20a on the display screen. When payment is completed, a receipt and receipt of card payment information are issued.

  As described above, according to the authentication system (settlement system) of the present embodiment, by using the smartphone 23 of the member (authenticated person), the person himself / herself can be paid at the time of credit card settlement without verifying the signature or entering the PIN code. Since authentication can be performed, compared with the conventional authentication method performed at the time of credit card payment, safer and more reliable personal authentication is possible.

  Although the authentication systems and authentication methods of Examples 3 and 4 are used for online bank transactions and credit card payments, the authentication system and authentication method of the present invention are not limited to such applications, and admission tickets. It can also be applied to the use of a voucher such as a shareholder special coupon, a gift certificate, a traveler's check, etc., in which the user is limited to a registered person, and who confirms the identity of the registered person at the time of use. In this case, the person to be authenticated becomes the registrant of the cash voucher, the cash voucher confirmation terminal is used instead of the personal computer 22 and the POS terminal 24, and the cash voucher management server is used as the WEB server.

  In the authentication systems and authentication methods of Embodiments 3 and 4, the WEB servers 20 and 20a create and transmit image data of optical codes, and the personal computer 22 and the POS terminal 24 display the optical codes on the display screen. However, instead of such a configuration, the WEB server 20, 20a creates and transmits storage data to be stored in the optical code, and the personal computer 22 or the POS terminal 24 that has received the storage data receives the storage data. An optical code to be stored may be generated and displayed on the display screen. Since the encrypted data included in the stored data cannot be read without the disclosure subject's private key, there is no risk of information leaking even if the stored data itself is transmitted to the personal computer 22 or the POS terminal 24.

In this embodiment, the present invention is applied to a multilevel two-dimensional code.
The multi-valued two-dimensional code 2 of this embodiment is compatible with the QR code (registered trademark). Specifically, as shown in FIG. 14A, the multi-valued two-dimensional code 2 is formed by arranging 21 square modules 4 vertically and horizontally in a matrix. The module 4 of the multi-valued two-dimensional code 2 is not composed of only bright and dark colors, but its basic structure is based on the QR code. That is, as shown in FIG. 14B, the multi-valued two-dimensional code 2 is composed of the function pattern 7 and the coding region 8 as in the case of the QR code. The function pattern 7 includes a position detection pattern 11, a separation pattern 12, a timing pattern 13, and the like, and the encoding area 8 includes a data code area 14 and a format information code area 15. The data code area 14 is divided into symbols 16 composed of eight modules, and one data code word or an error correction word that is a Reed-Solomon code is recorded according to the light and dark pattern of one symbol 16. Is done. Since these configurations are the same as those of the optical code 1 of the first embodiment and are compliant with the JIS standard (JIS X 0510: 2004) of the QR code, detailed description thereof is omitted.

  Although it is a monochrome image, it is not sufficiently represented in FIG. 14A, but each module 4 constituting the multi-valued two-dimensional code 2 is arranged in one of a plurality of types of reference colors having different RGB values. . As shown in FIG. 15, in this embodiment, there are 16 types of reference colors, and reference color codes from 0000 to 1111 are assigned in binary notation to each reference color. The color code is configured to represent 4-bit data recorded in each module 4. As described above, in the multilevel two-dimensional code 2 of the present embodiment, each module 4 in the encoding area 8 is arranged with 16 kinds of reference colors. Whereas only one bit of information can be recorded, the multilevel two-dimensional code 2 of this embodiment can record four bits of information per module. That is, in the multilevel two-dimensional code 2 of this embodiment, a storage density four times that of the QR code is realized.

  In the multilevel two-dimensional code 2 of this embodiment, a 4-bit data sequence stored in each module 4 is set as a set for each bit at the same position to form a four-layer data area. That is, in the 4-bit bit string recorded in one module 4, the most significant bit forms the first layer data area, the second bit forms the second layer data area, and the third bit. Forms the third layer data area and the last bit forms the fourth layer data area. Here, the data stored in the data area of each layer stores either “0” or “1” in one module, and is the same as the QR code on the data. That is, the multi-valued two-dimensional code 2 has a data structure in which four QR codes 3a, 3b, 3c, 3dy on data are stacked as shown in FIG. The QR codes 3a, 3b, 3c, 3dy on the data have the same number of modules as in the multilevel two-dimensional code 2, and the color of the module 4 of the multilevel two-dimensional code 2 is four QR codes 3a, 3b, 3c, and 3dy represent the colors of the modules at the same position. For example, the color of the module of m rows and n columns is “1” (black) for the QR code 3a of the first layer, “0” (white) for the QR code 3b of the second layer, and QR code 3c of the third layer. When “1” (black) and the QR code 3dy of the fourth layer are “0” (white), the m-row n-column module of the multi-valued two-dimensional code 2 has the color of the reference color code “1010”. Become.

  The multi-valued two-dimensional code 2 of the present embodiment, like the optical code of the first embodiment, designates a specific person P as a disclosure subject of the confidential information D. The encrypted data Dy obtained by encrypting the secret information D, the encryption / decryption key Yp obtained by encrypting the common key Y used for encrypting the secret information D with the public key P, and the public key information (public key P) Is memorized. And each data memorize | stored in the multi-valued two-dimensional code 2 is divided and recorded on the data code area | region of 4 layers QR code 3a, 3b, 3c, 3dy, as shown in FIG. Specifically, the index portion data is in the first layer QR code 3a, the public key information is in the second layer QR code 3b, the encryption / decryption key Yp is in the third layer QR code 3c, and the encryption The digitized data Dy is recorded in the QR code 3dy of the fourth layer. Here, in the multilevel two-dimensional code 2 of the present embodiment, the encryption process of the secret information D using the encryption mask pattern is performed for the fourth layer QR code 3dy for recording the encrypted data Dy. Has been done. The encryption process will be described later.

Below, the production | generation method of the said multi-valued two-dimensional code 2 is demonstrated.
FIG. 18 is a flowchart for generating the multilevel two-dimensional code 2. First, in step S100, four sets of data to be recorded in the multilevel two-dimensional code 2 are prepared. As shown in FIG. 17, the four sets of data include index part data, public key information (public key P), and encryption / decryption key to be recorded in four layers of QR codes 3a, 3b, 3c, and 3dy. Yp and confidential information D. At this stage, the confidential information D is not encrypted.

  In the next step S110, four QR codes 3a, 3b, 3c, and 3d that store four sets of data are generated in accordance with a normal QR code generation procedure. The QR codes 3a to 3d on these data are all generated according to the same version of the QR code standard so that they can be combined with each other.

  In the next step S120, the encryption mask process using the encryption mask pattern is executed for the data of the fourth layer QR code 3d for recording the confidential information D, and the QR code 3dy in which the confidential information D is encrypted is obtained. Generate. That is, in this embodiment, the QR code 3dy corresponds to the encrypted data Dy. The encryption mask process will be described later.

  By the procedure up to step S120, the first layer QR code 3a for recording the data of the index part, the second layer QR code 3b for recording the public key information (public key P), and the encryption / decryption key Yp are recorded. Data of the third layer QR code 3c and the encrypted fourth layer QR code 3dy for recording the secret information D are obtained. For these QR codes 3a, 3b, 3c, and 3dy, the modules at the same position are overlapped to synthesize the respective colors and converted into the color arrangement pattern of the module 4 of the multi-valued two-dimensional code 2 in step S200. Process.

In the encoding process S200, the color code of each module 4 of the multilevel two-dimensional code 2 is determined by synthesizing the QR codes 3a, 3b, 3c, and 3dy. Specifically, if the number of modules on one side of the multi-valued two-dimensional code 2 to be generated is N, N ² modules 4 exist in the multi-valued two-dimensional code 2 as a whole, and the QR codes 3a, 3b, Also in 3c and 3dy, there are N ² module color schemes. The color scheme for all the N ² modules 4 is determined one by one. More specifically, assuming that the vertical module index of the QR code is I and the horizontal module index is J, all modules can be expressed by combinations of I = 1 to N and J = 1 to N. The color of the module indicated by I and J is expressed by C (I, J). Further, if the QR codes 3a, 3b, 3c, and 3dy are represented by K, they can be represented by C (I, J, K). Here, K is 0 to 3.

  FIG. 19 is a flowchart showing the contents of the encoding process. In step S210, it is determined whether or not the module 4 specified by I and J is the module 4 constituting the function pattern 7. If it is determined that the module 4 is included in the function pattern 7, the color arrangement is determined based on the position of the module 4 in step S220. On the other hand, when it is determined that the module 4 is included in the encoding area 8, the color arrangement pattern of the QR codes 3a, 3b, 3c, and 3dy is read in the next step S230. Specifically, the color arrangement data of C (I, J, K) (K is 0 to 3) is read to identify whether each module is 0 or 1 (white or black). Next, in step S240, the color arrangement patterns of the modules of the QR codes 3a, 3b, 3c, and 3dy are combined. Specifically, for example, white / white / white (0010), a combination of the colors of the modules of the QR codes 3a, 3b, 3c, and 3dy of each layer is created. A combination of colors composed of a 4-bit bit string is a recording unit of four layers of data recorded in one module 4. Next, in step S250, a coding table for determining the color scheme of the module 4 is selected. As shown in FIG. 20, the encoding table is a one-to-one correspondence between the color combinations and the reference color code of the module 4. In step S260, using the selected encoding table, the color scheme of the module 4 is determined from the combination of four colors serving as a recording unit. In step S270, it is determined whether or not the above processing has been completed for all modules 4. If the processing of all modules 4 has been completed, the encoding processing is terminated.

  As described above, the multi-valued two-dimensional code 2 according to the present embodiment includes four pieces of data for recording the index part data, the public key information (public key P), the encryption / decryption key Yp, and the confidential information D. The above QR codes 3a, 3b, 3c, and 3dy are generated, and the QR codes 3a, 3b, 3c, and 3dy are combined to determine the color scheme of the multilevel two-dimensional code 2.

The encryption mask process will be described below.
In the encryption mask process, a mask process that is executed to facilitate the extraction of a module with an existing QR code is executed with a random mask pattern. In the encryption mask process, an encryption mask pattern is generated from a randomly generated 256-bit common key Y, and the mask pattern is overlapped with the data code area of the QR code 3d for recording the confidential information D, and an XOR operation is performed. As a result, the colors of some modules in the data code area 14 are reversed. Specifically, the module of the data code area is changed from “0 (bright color)” to “1 (dark color)” or “1 (dark color)” for a portion overlapping with “1 (dark color)” of the encryption mask pattern. Convert to “0 (light color)”. The encryption mask pattern is generated by arranging the bit pattern of the common key Y in a matrix so as to match the shape of the data code area to be processed.

  In the present embodiment, the QR code 3d that performs the encryption mask process has a data code area of 208 bits (8 bits × 26 symbols), so that 208 bits from the top of the common key Y are arranged in a matrix in a predetermined order. By arranging, an encryption mask pattern is generated. When the data code area 14 is 256 bits or more, the encryption mask pattern is generated by repeatedly using the bit pattern of the common key Y. In this embodiment, the common key Y generated with the encryption mask pattern encrypted with the public key P of the disclosure subject P is stored as the encryption / decryption key Yp.

The confidential information D stored in the multi-valued two-dimensional code 2 of this embodiment is to sequentially execute the steps S301 to S310 shown in FIG. 21 using a smartphone or the like installed with a reading program as a reading device. Can be read. Hereinafter, steps S301 to S310 in FIG. 21 will be described.
Step S301: Image input, image extraction An image including the multi-valued two-dimensional code 2 is photographed, and the multi-valued two-dimensional code 2 is detected based on the function pattern 7 included in the multi-valued two-dimensional code 2. An image of the two-dimensional code 2 is extracted.
Step S302: Identification of module color The image of each module 4 in the coding area 8 is cut out from the image of the multi-valued two-dimensional code 2, and the reference color of the 16 types of the module 4 is identified, and the coding area The color data of all 8 modules 4 is obtained.
Step S303: Color Decoding Based on a previously stored decoding table, the identified reference color of each module 4 is decoded into a 4-bit data string. The decoding table has substantially the same content as the encoding table (see FIG. 20) used when generating the multi-valued two-dimensional code 2, and the reference color code of each module 4 is black, black, black and white by this decoding table. It is converted into a combination of four colors (4-bit bit string) recorded in units of modules such as (1101).
Step S304: Combining QR Code Data The 4-bit data string decrypted for each module 4 is concatenated for each bit at the same position, index part data, public key information (public key P), and encryption / decryption key Data of four QR codes 3a, 3b, 3c, 3dy for recording Yp and secret information D is obtained.
Step S305: Decryption of unencrypted QR code Data of index part, public key information (public key P) stored in three QR codes 3a, 3b, 3c not subjected to encryption mask processing, encryption Decrypt the decryption key Yp.
Step S306: Reading public key information and encryption / decryption key Based on the data in the index part, the public key P and the encryption / decryption key Yp are read.
Step S307: Confirmation of possession of private key It is determined whether or not the private key p paired with the public key P included in the public key information is stored in the public key-private key list. If it is determined that the private key p is not held, the confidential information D cannot be read, so that information is displayed on the display screen, and the multi-valued two-dimensional code 2 reading process is terminated halfway. If it is determined that the private key p is held, the process proceeds to step S308.
Step S308: Decrypt the encryption / decryption key The secret key p paired with the public key P is used to decrypt the encryption / decryption key Yp into the common key Y.
Step S309: Encryption mask decryption processing The decrypted common key Y is arranged in a matrix in accordance with the data code area of the QR code 3dy, thereby generating an encryption mask pattern used when generating the multilevel two-dimensional code 2. To do. Then, the generated encryption mask pattern is overlapped with the data code area of the QR code 3dy to perform an XOR operation. With this process, the original QR code 3d that stores the confidential information D is restored.
Step S310: Reading confidential information According to a normal QR code reading procedure, the confidential information D is read from the restored QR code 3d.

  As described above, in this embodiment, the present invention is applied to the multi-valued two-dimensional code 2, so that a larger amount of data can be stored than the optical code 1 of the first embodiment having the same number of modules. Therefore, even when a relatively large amount of public key information and encryption / decryption keys are stored, there is an advantage that an area for storing confidential information can be secured without increasing the size of the optical code.

  Further, in the present embodiment, since the confidential information D is encrypted by the encryption mask process, there is an advantage that the encrypted data is difficult to decipher compared to the optical code 1 of the first embodiment. That is, since the encryption mask pattern is generated from a random bit pattern of the common key Y, the probability that the color of each module in the data code area of the QR code 3d is inverted by the XOR operation with the encryption mask pattern is 1/2. The QR code incorporates an error correction function that uses eight modules as correction units (symbols), but the probability that all the colors of the eight modules are not inverted in the encryption mask process is 1 Because of / 256, the average of 99% or more symbols are inverted in color of at least one module 4 by the encryption mask process. Therefore, the multi-valued two-dimensional code 2 of the present embodiment is read by almost all symbols when attempting to decode the data code word of the encrypted QR code 3dy without performing the encryption mask decoding process. An error will occur. Even if the error correction function of the QR code has the maximum correction capability, the error cannot be corrected if an error occurs in approximately 30% or more of the symbols as a whole. Therefore, the encryption mask decryption process is omitted, and the error correction function is the same as the normal QR code. When this reading method is performed, correction cannot be performed by the error correction process, and the reading process is terminated halfway. As described above, according to the encryption mask process, the colors of one or more modules 4 are inverted at almost all the symbols 16 constituting the data code area 14, so that the encryption by the encryption mask process has an error correction function. Will not be corrected by.

  In addition, as described above, when an attempt is made to read the encrypted QR code 3dy by the existing QR code reading method without performing the encryption mask decryption process, the error correction process exceeds the error correction function. Is detected and the reading of the multi-valued two-dimensional code 2 is terminated halfway. With a conventional encryption method, encrypted data can be obtained by an existing two-dimensional code reading method, so that a general-purpose decryption program can attempt to decrypt the encrypted data. Since the data cannot be read without performing the encryption mask decryption process, there is an advantage that it is resistant to attacks by a general-purpose decryption program.

  In the multilevel two-dimensional code 2 of this embodiment, there are 2208 encryption mask patterns used in the encryption mask process. This is so small that the possibility of applying the correct encryption mask pattern by brute force attack is negligible. The multi-valued two-dimensional code 2 has an error correction function based on the Reed-Solomon code, so even if it is not a completely correct encryption mask pattern, it may be decrypted by the error correction function. If the encryption mask pattern is used, sufficient metrological safety can be secured even if the influence of the error correction function is taken into account. In this embodiment, since the capacity of the data code area 14 is 208 bits, there are 2208 encryption mask patterns, but since the common key Y is 256 bits, the capacity of the data code area is 256 bits or more. In the case of the two-dimensional code, since 2256 kinds of encryption mask patterns can be applied, the metric safety is further increased. Thus, the multi-valued two-dimensional code 2 of the present embodiment has sufficient confidentiality.

  In the multi-valued two-dimensional code 2 reading process, the error correction process is passed and the data code word is decoded when an error is not detected by the error correction of the Reed-Solomon code. This is a case where an error can be corrected. Here, when a brute force attack that sequentially tests the common key Y is performed on the multi-valued two-dimensional code 2 of the present embodiment, an error occurs even when a mask pattern different from the encryption mask pattern is applied. In some cases, the correction process is passed and data different from the original data is decoded. In the multi-valued two-dimensional code 2 of this embodiment, even when the correction capability is set to the highest, 272 data code words (9 symbols = 72 bits) can be recorded in the data code area 14, so that the total In the hit attack, 272-1 types of data may be decrypted in addition to correct data. As described above, in the multi-valued two-dimensional code 2 of this embodiment, even if a brute force attack that sequentially tests the common key Y is attempted, there is a high possibility that erroneous data is decrypted. The possibility of decryption is extremely low and security is high. This security is not based on the computational security that takes an enormous amount of time to obtain a correct decoding solution, but is the information theoretical security of the pattern mask technique.

  In addition, embodiment of this invention is not limited to the form of the said Example, It can change suitably. For example, the optical code 1 of the above embodiment is an example in which the present invention is applied to the most general QR code, but the present invention can also be applied to optical codes other than the QR code. Further, the multi-valued two-dimensional code 2 of the above-described embodiment is obtained by arranging modules with various reference colors, but the present invention subdivides the modules into fine areas and arranges the colors in units of submodules. It can also be applied to multilevel two-dimensional codes.

DESCRIPTION OF SYMBOLS 1,1a Optical code 2 Multi-valued two-dimensional code 4 Module 4a Light color module 4b Dark color module 14 Data code area 20, 20a WEB server 21, 21a Database server 22 Personal computer 23 Smartphone 24 POS terminal 25 Credit card 30 Internet

Claims (13)

Encrypted data that encrypts confidential information,
At least one encryption / decryption key obtained by encrypting a decryption key for decrypting the encrypted data into the confidential information with a public key;
An optical code for storing public key information capable of specifying the public key.   The optical code according to claim 1, wherein the decryption key is a common key used for encrypting the confidential information. The confidential information can be disclosed to a plurality of disclosure subjects who do not have a common secret key,
Storing a plurality of encryption / decryption keys, each of which is obtained by encrypting the decryption key using a plurality of public keys paired with a private key possessed by each disclosure subject,
3. The public key information according to claim 1, wherein the public key information is information that can specify a public key used to generate the plurality of encryption / decryption keys for each of the encryption / decryption keys. 4. Optical code. At least one of the encryption / decryption keys is obtained by multiply encrypting the decryption key with a plurality of public keys,
The public key information includes information that can identify the plurality of public keys and an order in which the plurality of public keys are used for encryption with respect to an encryption / decryption key that has been encrypted with the plurality of public keys. The optical code according to any one of claims 1 to 3, wherein:   Modules arranged in a matrix are arranged in four or more colors and / or subdivided into fine areas so that two modules or more can be stored in one module. 5. The optical code according to claim 1, wherein the optical code is a multi-valued two-dimensional code. A set of bits in the same position in a bit string of 2 bits or more stored in each module represents an optical code on data storing 1 bit in one module,
In a plurality of optical codes on data represented by the set of bits at the same position, the encrypted data, the encryption / decryption key, and the public key information are stored,
The encrypted data is stored in an optical code on the data different from the encryption / decryption key and the public key information,
The optical code on the data storing the encrypted data is obtained by inverting a part of the bit pattern by performing an XOR operation on the optical code on the data storing the confidential information with a predetermined encryption mask pattern. It is an encryption of confidential information,
The optical code according to claim 5, wherein the decryption key is information that can identify the encryption mask pattern. As a preparation stage, the receiver of the secret information is a portable communication terminal having a photographing function, generates a secret key and a public key paired with the secret key, and associates the public key with identification information of the receiver of the secret information. And disclosing to the sender of the information and storing the secret key in the mobile communication terminal;
The sender of the secret information encrypts the secret information to create encrypted data, encrypts the decryption key for decrypting the encrypted data into the secret information with the public key, and uses the encryption / decryption key Generating step;
The sender of the secret information creates an optical code for storing the encrypted data, the encryption / decryption key, and public key information that can specify the public key, and the optical code is used as the receiver of the secret information. The steps disclosed in
The receiver of the secret information reads the optical code using the portable communication terminal, decrypts the encrypted decryption key into the decryption key with the secret key, and uses the decryption key to decrypt the encrypted data with the secret information. And a decoding step. As a preparation stage, notifying each member belonging to the group of a common secret key and a public key paired with the secret key, and disclosing the public key to a sender of confidential information;
The sender of the confidential information creates encrypted data by encrypting the confidential information with the members belonging to the group as the receiver of the confidential information, and uses a decryption key for decrypting the encrypted data into the confidential information. Enciphering with the public key to generate an encryption / decryption key;
The sender of the confidential information creates an optical code that stores the encrypted data, the encryption / decryption key, and public key information that can identify the public key, and discloses the optical code to the members An information transmission method comprising the steps of: A predetermined communication terminal transmitting information including identification information of the person to be authenticated to the certifier server via the Internet;
The server preparing a public key paired with a secret key stored in the mobile communication terminal of the authenticated person based on the received identification information of the authenticated person;
Encrypted data obtained by encrypting authentication information for authenticating the person to be authenticated, an encrypted decryption key obtained by encrypting a decryption key for decrypting the encrypted data with the public key, and the encrypted decryption key Generating public key information that can identify the public key used to generate
The server transmitting information including the encrypted data, the encryption / decryption key, and the public key information to the predetermined communication terminal via the Internet;
The predetermined communication terminal, on the basis of the information received from the server, displaying an optical code for storing the encrypted data, the encryption / decryption key, and the public key information on a display screen;
The portable communication terminal of the authenticated person reads the optical code displayed on the display screen, decrypts the encrypted decryption key into the decryption key with the secret key, and uses the decryption key to decrypt the encrypted data. Decrypting the authentication information into the authentication information;
An authentication method comprising: a step in which the portable communication terminal of the person to be authenticated accesses the server via the Internet and performs authentication based on the authentication information.   The authentication method according to claim 9, wherein the portable communication terminal of the person to be authenticated has a biometric authentication function capable of identifying the person to be authenticated. The certifier is a bank;
The authenticated person is an account holder of the bank;
The authentication method according to claim 9 or 10, wherein the predetermined communication terminal is a personal computer. The certifier is a credit card company,
The person to be authenticated is a member of a credit card of the credit card company,
The predetermined communication terminal is a POS terminal in a store,
The authentication method according to claim 9 or 10, wherein the identification information of the person to be authenticated is credit card information of the person to be authenticated. The certifier server is a cash voucher management server,
The person to be authenticated is a holder of a registered-type cash voucher,
11. The authentication method according to claim 9, wherein the predetermined communication terminal is a terminal for confirming the registered cash voucher.

Images