JP2016035751A - Two-dimensional code with watermark, authentication system, authentication method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To properly perform authentication.SOLUTION: An authentication system 1 can determine whether or not watermark data (watermark moving image data) changing with the lapse of time has been successfully extracted from a two-dimensional code with watermark having the watermark moving image data embedded therein, and thereby properly authenticating the two-dimensional code with watermark. Even when the authentication system 1 cannot perform the authentication of the two-dimensional code with watermark with some reason, performs challenge and response authentication to perform authentication with practically no problem.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a watermarked two-dimensional code, an authentication system, an authentication method, and a program, and more particularly, to a watermarked two-dimensional code, an authentication system, an authentication method, and a program that can be appropriately authenticated.

  QR (Quick Response) code (registered trademark), which is a kind of two-dimensional code, embeds machine-readable information in printed materials. Recently, it has a monetary value as represented by airline tickets and tickets. The use of QR codes (registered trademark) is expanding (see, for example, Patent Document 1). For this reason, the development of a method for detecting forgery or duplication of a two-dimensional code represented by QR code (registered trademark) is an urgent issue.

  In order to solve the above problem, after separating the original image of the two-dimensional code into RGB color components, discrete wavelet transform is performed for each of R, G, and B colors to obtain an LL component, an LH component, an HL component, and Decompose into frequency components such as HH components. Then, a technology has been developed that embeds watermark information only in the HH component whose wavelet coefficient value (coefficient value) is smaller than the LH component and the HL component to generate a two-dimensional code with watermark information (see, for example, Patent Document 2). ).

  In the technique described in Patent Document 2, it is possible to prevent the watermark information from being lost due to information other than the watermark information appearing as noise from the HH component of the two-dimensional code containing the regular watermark information that has not been copied. On the other hand, since information other than the watermark information appears very strongly in the HH component of the two-dimensional code containing the non-regular watermark information copied (illegally copied) by a copier having a different density expression method, Watermark information is lost. Thereby, it becomes possible to detect the duplication of the two-dimensional code.

  In addition, the specification of patent documents 1 and 2, a claim, and the whole drawing shall be taken in this specification for reference.

JP 2006-318328 A WO2010 / 140639

  However, the two-dimensional code displayed on a display unit such as a display of a terminal device such as a mobile phone is displayed on the display unit of the terminal device because the effectiveness of the technique described in Patent Document 2 is unknown. There is a possibility that authentication performed using the two-dimensional code may not be performed properly.

  SUMMARY An advantage of some aspects of the invention is that it provides a watermarked two-dimensional code, an authentication system, an authentication method, and a program that can be appropriately authenticated.

In order to achieve the above object, a watermarked two-dimensional code according to the first aspect of the present invention is:
The image (cover image) in which the watermark is embedded is composed of the same still image data, and the watermark data that changes over time is embedded as a digital watermark.
It is characterized by that.

In the above watermarked two-dimensional code,
Using the three-dimensional frequency analysis such as discrete wavelet transform and discrete cosine transform, each frame image data and code data constituting the watermark data are embedded in the frequency component of the two-dimensional code to be embedded, Generated as moving image data composed of the two-dimensional code in which the frame image data and the code data are embedded in a frequency component,
You may do it.

In the above watermarked two-dimensional code,
AC coefficient data and / or DC coefficient data obtained by performing one-dimensional discrete cosine transform on time-series coefficient data in a specific frequency component of the two-dimensional code of each frame to be embedded using pseudo three-dimensional discrete cosine transform Embedded in code data constituting the watermark data, and generated as moving image data composed of the two-dimensional code in which the code data is embedded in the AC coefficient data and / or DC coefficient data.
You may do it.

In the above watermarked two-dimensional code,
The watermark data is a one-time password generated according to a predetermined rule.
You may do it.

In order to achieve the above object, an authentication system according to the second aspect of the present invention provides:
A terminal device for generating a first one-time password according to a predetermined rule and displaying a two-dimensional code including the first one-time password;
One-time password acquisition means for acquiring the first one-time password from the two-dimensional code displayed on the terminal device; and second one-time password generation means for generating a second one-time password according to the predetermined rule; An authentication device comprising: authentication means for performing authentication by determining whether or not the first one-time password and the second one-time password match;
It comprises.

In the above authentication system,
The terminal device generates a first time synchronization one-time password based on a current time as the first one-time password according to a first rule of the predetermined rules, and includes the first time synchronization one-time password Display the time synchronization two-dimensional code,
The one-time password acquisition means acquires the first time synchronization one-time password from the time synchronization two-dimensional code displayed on the terminal device,
The second one-time password generating means generates a second time-synchronized one-time password based on a current time as the second one-time password according to the first rule;
The authentication means includes first authentication means for performing authentication by determining whether or not the first time synchronization one-time password and the second time synchronization one-time password match.
You may do it.

In the above authentication system,
The authentication device
A challenge two-dimensional code generation means for generating a challenge two-dimensional code including a challenge code when the first authentication means determines that the first time synchronization one-time password and the second time synchronization one-time password do not match; ,
Challenge two-dimensional code display means for displaying the challenge two-dimensional code;
Further comprising
The terminal device uses, as the first one-time password, a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device in accordance with a second rule of the predetermined rules. Generating and displaying a response two-dimensional code including the first response code;
The one-time password acquisition means acquires the first response code from the response two-dimensional code displayed on the terminal device,
The second one-time password generating means generates a second response code corresponding to the challenge code as the second one-time password according to the second rule,
The authentication means includes second authentication means for performing authentication by determining whether or not the first response code and the second response code match.
You may do it.

In the above authentication system,
The terminal device displays a watermarked two-dimensional code in which watermark data is embedded as a digital watermark,
The authentication device further includes an extraction determination unit that performs authentication by determining whether the watermark data has been extracted from the watermarked two-dimensional code displayed on the terminal device,
The terminal device generates the first time synchronization one-time password when it is determined by the extraction determination means that the watermark data could not be extracted.
You may do it.

In the above authentication system,
In the two-dimensional code, the first one-time password is embedded as a digital watermark,
The one-time password acquisition means acquires the first one-time password embedded as a digital watermark from the two-dimensional code displayed on the terminal device.
You may do it.

In the above authentication system,
The first one-time password is periodically updated.
You may do it.

In order to achieve the above object, an authentication system according to the third aspect of the present invention provides:
An authentication device comprising: a challenge two-dimensional code generating means for generating a challenge two-dimensional code including a challenge code; and a challenge two-dimensional code display means for displaying the challenge two-dimensional code;
A terminal device that generates a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device according to a predetermined rule, and displays the response two-dimensional code including the first response code When,
Comprising
The authentication device
Response code acquisition means for acquiring the first response code from the response two-dimensional code displayed on the terminal device;
Response code generating means for generating a second response code corresponding to the challenge code according to the predetermined rule;
Authentication means for performing authentication by determining whether or not the first response code and the second response code match;
Is further provided.

In the above authentication system,
The terminal device displays a watermarked two-dimensional code in which watermark data is embedded as a digital watermark,
The authentication device further includes an extraction determination unit that performs authentication by determining whether the watermark data has been extracted from the watermarked two-dimensional code displayed on the terminal device,
The challenge two-dimensional code generation means generates the challenge two-dimensional code when it is determined that the watermark data could not be extracted by the extraction determination means.
You may do it.

In the above authentication system,
In the watermarked two-dimensional code, the watermark data that changes over time is embedded as a digital watermark.
You may do it.

In order to achieve the above object, an authentication method according to the fourth aspect of the present invention includes:
Authentication is performed by determining whether or not the watermark data has been extracted from the watermarked two-dimensional code in which watermark data that changes over time is embedded as a digital watermark.
It is characterized by that.

In order to achieve the above object, an authentication method according to the fifth aspect of the present invention includes:
The terminal device generating a first one-time password according to a predetermined rule;
The terminal device displaying a two-dimensional code including the first one-time password;
A one-time password acquisition step in which an authentication device acquires the first one-time password from the two-dimensional code displayed on the terminal device;
A second one-time password generating step in which the authentication device generates a second one-time password according to the predetermined rule;
An authentication step in which the authentication device performs authentication by determining whether or not the first one-time password and the second one-time password match; and
Is provided.

In order to achieve the above object, an authentication method according to the sixth aspect of the present invention includes:
A challenge two-dimensional code generation step, wherein the authentication device generates a challenge two-dimensional code including a challenge code;
A challenge two-dimensional code display step in which the authentication device displays the challenge two-dimensional code;
A terminal device generating a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device according to a predetermined rule;
The terminal device displaying a response two-dimensional code including the first response code;
A response code acquisition step in which the authentication device acquires the first response code from the response two-dimensional code displayed on the terminal device;
A response code generating step in which the authentication device generates a second response code corresponding to the challenge code according to the predetermined rule;
An authentication step in which the authentication device performs authentication by determining whether or not the first response code and the second response code match; and
Is provided.

In order to achieve the above object, a program according to the seventh aspect of the present invention provides:
In the computer of the authentication device,
One that generates a first one-time password according to a predetermined rule, and obtains the first one-time password from the two-dimensional code displayed on the terminal device that displays the two-dimensional code including the first one-time password. Time password acquisition procedure;
A second one-time password generation procedure for generating a second one-time password according to the predetermined rule;
An authentication procedure for performing authentication by determining whether or not the first one-time password and the second one-time password match;
Is executed.

  According to the present invention, it is possible to provide a watermarked two-dimensional code, an authentication system, an authentication method, and a program that can be appropriately authenticated.

It is a block diagram which shows the structural example of an authentication system. It is a block diagram which shows the structural example of a terminal device. (A) is a top view which shows an example of the two-dimensional code with a logo, (b) is a top view which shows an example of a two-dimensional code. It is a top view which shows an example of a digital watermark image. It is a block diagram which shows the structural example of an authentication apparatus. It is a flowchart which shows the detail of the authentication process in 1st Embodiment. It is a flowchart which shows the detail of the authentication process in 1st Embodiment. It is a flowchart which shows the detail of the authentication process in 2nd Embodiment. It is a flowchart which shows the detail of the authentication process in 3rd Embodiment. It is a flowchart which shows the detail of the authentication process in 3rd Embodiment. It is a flowchart which shows the detail of the authentication process in 4th Embodiment. It is a flowchart which shows the detail of the authentication process in 4th Embodiment. It is a flowchart which shows the detail of the authentication process in 4th Embodiment. It is a figure which shows the structural example of a two-dimensional code evaluation system. It is a block diagram which shows the function structure of the control part of the terminal device in a modification. It is a flowchart which shows the detail of a two-dimensional code evaluation process. It is a flowchart which shows the detail of a two-dimensional code evaluation process. It is a figure which illustrates an optimal solution and a corresponding basis function. It is a figure which illustrates the two-dimensional code with a watermark, the imaging result of a two-dimensional code with a watermark, and the imaging result of a duplicate two-dimensional code.

Hereinafter, modes for carrying out the present invention will be described.
[First Embodiment]

  First, the configuration of the authentication system according to the first embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram illustrating a configuration example of an authentication system.

  As shown in FIG. 1, the authentication system 1 includes a terminal device 10 and an authentication device 20.

  FIG. 2 is a block diagram illustrating a configuration example of the terminal device.

  The terminal device 10 includes, for example, a mobile phone, a smartphone, a tablet computer, and the like, and as illustrated in FIG. 2, the display unit 11, the imaging unit 12, the operation unit 13, the storage unit 14, and the control unit 15. It is equipped with.

  The display unit 11 includes, for example, an LCD (Liquid Crystal Display) and the like, and displays a watermarked two-dimensional code, a response two-dimensional code, and the like generated by the control unit 15. The watermarked two-dimensional code and response two-dimensional code are corrected according to the characteristics of the terminal device 10 and displayed on the display unit 11.

  The imaging unit 12 is configured by an imaging device such as a CCD (Charge-Coupled Device), for example, and images a challenge two-dimensional code indicating a challenge code displayed on the display unit 22 of the authentication device 20 illustrated in FIG.

  The operation unit 13 is operated by a user, and includes, for example, a touch panel. The user operates the operation unit 13 to instruct the generation of a watermarked two-dimensional code, or to instruct the reading of the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 shown in FIG.

  The storage unit 14 is composed of a non-volatile memory such as a flash memory, for example, and is installed with an application program for generating a watermarked two-dimensional code and a response two-dimensional code.

  Further, the storage unit 14 stores, for example, an account ID (Identification) for identifying the user of the terminal device 10.

  The control unit 15 includes, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The CPU uses the RAM as a work memory and stores it in the ROM, the storage unit 14, and the like. By appropriately executing the various programs, the operation of each unit of the terminal device 10 is controlled.

  In the present embodiment, the control unit 15 executes the application program stored in the storage unit 14, for example, the embedding target logo-added two-dimensional code 30 indicating the account ID stored in the storage unit 14. By embedding watermark data as a digital watermark in the frequency component, a watermarked two-dimensional code is generated and displayed on the display unit 11.

  FIG. 3A is a plan view showing an example of a two-dimensional code with a logo, and FIG. 3B is a plan view showing an example of a two-dimensional code.

  The logo-added two-dimensional code 30 is, for example, a still image displayed on the display unit 11 and, for example, a general-purpose two-dimensional code such as a QR (Quick Response) code (registered trademark) as shown in FIG. The code 31 is formed by superimposing a logo on which the user can visually recognize the contents.

  As shown in FIG. 3B, the two-dimensional code 31 includes three positioning symbols 32a, 32b, and 32c obtained by combining squares having a specific ratio. For example, a plurality of symbols are provided between the positioning symbols 32a, 32b, and 32c. Square cells are arranged in a matrix.

  In the two-dimensional code 31, the account ID is determined according to the distribution pattern of a cell having a predetermined lightness (black cell in this example) and a cell having a predetermined lightness or higher (white cell in this example) among a plurality of cells. It is shown.

  The logo-added two-dimensional code 30 shown in FIG. 3A is, for example, a circular cell (black cell in this example) having a predetermined lightness or higher in an area having a predetermined lightness or higher in a logo expressing the tadpole so as to be visible. Are formed by superimposing circular cells (in this example, white cells) having a predetermined brightness or higher in a region of the logo that is lower than the predetermined brightness.

  In the logo-added two-dimensional code 30, the account ID is indicated by the distribution pattern of an area of the logo that is less than the predetermined brightness and a cell that is less than the predetermined brightness, and an area of the logo that is greater than the predetermined brightness and the cell that is greater than the predetermined brightness. ing.

  Note that the information indicated by the logo-added two-dimensional code 30 is arbitrary and may have a monetary value such as a boarding pass or a ticket, or may be a URL (Uniform Resource Locator) or the like. The shape of the cell in the logo-added two-dimensional code 30 is arbitrary, and may be a circle, a polygon, a star, or the like as in the present embodiment.

  As an example of a method for embedding watermark data as a digital watermark in the frequency component of the logo-added two-dimensional code 30, a method using a real space method for directly manipulating gradation values, a discrete Fourier transform (DFT) ( Onishi, Oka, Matsui, “Watermark Signature Method for Images Using PN Sequences” 1997 Proceedings of Symposium on Cryptography and Information Security, SCIS '97 -26B, 1997), Discrete Wavelet Transform, DWT ) (Ishizuka, Sakai, Sakurai, “Experimental study on security and reliability of digital watermarking technology using wavelet transform”, 1997 Symposium on Encryption and Information Security Symposium, SCIS'97-26D, (1997), (Inoue, Miyazaki, Yamamoto, Katsura, “Digital Watermark Based on Wavelet Transform-Robustness to Image Compression and Conversion Processing” And-", 1998 Cryptography and Information Security Symposium Proceedings, SCIS'98-3.2.A, 1998) and methods using Discrete Cosine Transform (DCT) (Nakamura, Ogawa, Takashima," Digital " "Digital watermarking in the frequency domain for copyright protection of images", Proceedings of Symposium on Cryptography and Information Security 1997, SCIS '97 -26A, 1997). It should be noted that the above document is incorporated in this specification as a reference.

  When watermark data that does not change with time (does not change with time) is embedded as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using the discrete wavelet transform, the control unit 15 shown in FIG. 3D is divided into RGB components (RGB decomposition), and then subjected to discrete wavelet transform for each of R, G, and B colors to obtain a two-dimensional code with a logo. 30 is decomposed (band division) into frequency components such as an LL component, an LH component, an HL component, and an HH component.

  Since the frequency component obtained by using the discrete wavelet transform is two-dimensional data, it can be handled in the same way as image data. Also, watermark data embedded as a digital watermark in the two-dimensional code with logo 30 is also an image. Think of it as data. For example, the positioning symbol of the logo-added two-dimensional code 30 shown in FIG. 3A is matched with the watermark still image data 33 composed of the two-dimensional code having one module size of one side pixel shown in FIG. The watermark still image data 33 is embedded as a digital watermark in the logo-added two-dimensional code 30 by incrementing or decrementing the frequency components of black image regions such as 32a, 32b, and 32c.

  The control unit 15 shown in FIG. 2 performs an inverse discrete wavelet transform (IDWT) on each frequency component, and then integrates each RGB component (RGB integration) to generate a watermarked two-dimensional code. Generate. In a watermarked two-dimensional code generated using such a discrete wavelet transform, when the watermark still image data 33 is strongly embedded, a digital watermark becomes visible.

  On the other hand, FIG. 2 shows a case where watermark data without time change is embedded as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using discrete cosine transform (more specifically, two-dimensional discrete cosine transform). The control unit 15 shown in FIG. 3 converts the color mode of the logo-added two-dimensional code 30 shown in FIG. 3A from an RGB signal to a YIQ signal, thins out the color difference information of I and Q to 1/4, The channel image is divided into 8 × 8 pixel block units, and a two-dimensional discrete cosine transform is performed for each block to obtain a frequency component.

  The frequency component obtained by using the two-dimensional discrete cosine transform is two-dimensional data, but it is the frequency component of the entire image (or the entire block), so it is considered one-dimensional data unlike image data. The watermark data embedded as a digital watermark in the two-dimensional code 30 with a logo is also one-dimensional code data. In addition, by disposing one-dimensional watermark data (watermark code data) in a two-dimensional manner, a watermark still image composed of a two-dimensional code having one module size of one pixel as shown in FIG. 4B. It can be considered as data 34.

  The control unit 15 divides each element of the frequency component by the quantization matrix to cut a lot of information of the high frequency component so that 0 is arranged. Then, the control unit 15 divides the frequency component coefficient data (two-dimensional DCT coefficient data) into DC (Direct Current) coefficient data and AC (Alternating Current) coefficient data, and determines a predetermined number (specific frequency band) of each block. Is replaced with 0 or 1 in accordance with the watermark code data to embed the watermark code data (watermark code data without time change) as a digital watermark in the logo-added two-dimensional code 30.

  In the present embodiment, the watermark code data is embedded in DC coefficient data in a specific frequency band as described above. Of the 8 × 8 pixel block, one block corresponds to AC coefficient data, and the other 63 blocks correspond to DC coefficient data. In the conventional general and robust digital watermark embedding technique, watermark code data is embedded in AC component data. In this embodiment, watermark code data is embedded in a plurality of DC component data in a distributed manner. What DC component data is to be embedded with what strength may be determined by optimization. The watermark code data may be weakly embedded in the AC component data.

  Subsequently, the control unit 15 compresses the DC component separately by Huffman coding or arithmetic compression, and the AC component separately by run-length coding and Huffman coding.

  Then, the control unit 15 inversely quantizes the two-dimensional DCT coefficient data, performs inverse two-dimensional discrete cosine transform (IDCT) to obtain a YIQ signal, and inversely converts the YIQ signal into an RGB signal. As a result, a watermarked two-dimensional code is generated. In a watermarked two-dimensional code generated using such a two-dimensional discrete cosine transform, even if watermark code data is strongly embedded, the entire image is deteriorated and a digital watermark cannot be seen.

  On the other hand, when embedding watermark data with time change (changes with time) as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using the discrete wavelet transform, the control unit 15 Embeds each frame image data constituting the watermark moving image data one by one in each frequency component of the same logo-added two-dimensional code 30. Here, each frame image data of the watermark moving image data is composed of a two-dimensional code in which the size of one module is a few pixels, like the watermark still image data 33. Then, the control unit 15 converts the moving image data having the plurality of logo-added two-dimensional codes 30 embedded with each frame image data of the watermark moving image data into frame image data, and the watermarked two-dimensional code in which the digital watermark changes with time. To generate moving image data. The watermarked two-dimensional code generated in this way uses the still image data of the same two-dimensional code 30 with a logo, so when it is displayed on the display unit 11, it appears as a still image at first glance. However, in practice, the digital watermark is moving image data that slightly changes over time.

  On the other hand, when embedding watermark data with time change as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using discrete cosine transform (more specifically, pseudo three-dimensional discrete cosine transform), the control unit 15 Performs two-dimensional discrete cosine transform as described above on each frame image data of moving image data composed of the same logo-added two-dimensional code 30 to generate a plurality of the same DCT coefficient data. Further, the control unit 15 performs one-dimensional discrete cosine transform on DCT coefficient data (time-series coefficient data) in a specific frequency band of the logo-added two-dimensional code 30 of each frame to be embedded in the time-series direction. Then, the control unit 15 embeds as a digital watermark a plurality of types of watermark code data constituting watermark data with time change (watermark code data with time change) in each of the plurality of DC coefficient data and AC coefficient data. By going, a watermarked two-dimensional code whose digital watermark changes with time is generated. The watermarked two-dimensional code generated in this way also uses the still image data of the two-dimensional code 30 with the logo, so when displayed on the display unit 11, it appears as a still image at first glance. However, in practice, the digital watermark is moving image data that slightly changes over time.

  For quasi-three-dimensional discrete cosine transform, HUANG, Hui-Yu; YANG, Cheng-Han; HSU, Wen-Hsing. Video Watermarking Algorithm Based on Pseudo 3D DCT and Quantization Index Modulation. In: MVA. 2009. p. 207- The details are described in 210. etc. It should be noted that this document is incorporated herein by reference.

  Since the watermarked two-dimensional code whose digital watermark changes with time is moving image data, a frame ID for identifying each frame image data of the watermarked two-dimensional code is shown inside or outside the region. A synchronization pattern may be added. The synchronization pattern is added to, for example, the positioning symbols 32a, 32b, and 32c, and is a pattern that changes with time along with the digital watermark.

  In addition to the three-dimensional pseudo-discrete cosine transform, an electronic watermark may be embedded using any three-dimensional frequency transform such as a three-dimensional discrete cosine transform or a three-dimensional discrete wavelet transform. Specifically, a watermark is applied to the frequency component of the logo-embedded two-dimensional code 30 using a three-dimensional frequency analysis (three-dimensional frequency transformation) such as a three-dimensional discrete wavelet transform or a three-dimensional discrete cosine transform. Each frame image data constituting the moving image data is embedded. A watermarked two-dimensional code may be generated as moving image data including a logo-added two-dimensional code 30 in which each frame image data is embedded in the frequency component.

  In the present embodiment, the control unit 15 embeds watermark moving image data as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using discrete wavelet transform, so that the watermarked two-time watermark is changed. Generate dimension code.

  In addition, the control unit 15 generates a one-time password (response code) according to a challenge / response method by executing an application program stored in the storage unit 14. Specifically, the control unit 15 reads the challenge code indicated by the challenge two-dimensional code from the still image data of the challenge two-dimensional code obtained by imaging with the imaging unit 12. Subsequently, the control unit 15 synthesizes the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm (second rule) to generate a response code.

  Then, the control unit 15 displays a response code indicating a response code according to a distribution pattern of cells having a predetermined lightness (for example, black cells) and cells having a predetermined lightness or higher (for example, white cells). A dimension code is generated and displayed on the display unit 11.

  FIG. 5 is a block diagram illustrating a configuration example of the authentication device.

  The authentication device 20 is composed of, for example, a general-purpose two-dimensional code reader or the like, and includes an imaging unit 21, a display unit 22, a storage unit 23, and a control unit 24 as shown in FIG. In addition, the authentication apparatus 20 may be comprised from a mobile phone, a smart phone, a tablet computer etc. similarly to the terminal device 10, for example.

  The imaging unit 21 includes an imaging element such as a CCD, for example, and images a watermarked two-dimensional code, a response two-dimensional code, and the like displayed on the display unit 11 of the terminal device 10 illustrated in FIG.

  The display unit 22 is composed of an LCD, for example, and displays a challenge two-dimensional code or the like generated by the control unit 24.

  The storage unit 23 is composed of, for example, a hard disk drive or the like, and authenticates a watermarked two-dimensional code, generates a challenge two-dimensional code, and executes one-time password authentication (challenge-response authentication) of a challenge-response method. An application program or the like is installed.

  The storage unit 23 stores watermark still image data 33 embedded as a digital watermark in a watermarked two-dimensional code, and watermark data such as watermark moving image data and watermark code data. In this embodiment, since watermark moving image data is embedded as a digital watermark in a watermarked two-dimensional code, the watermark moving image data is stored in the storage unit 23.

  Furthermore, the storage unit 23 includes an account DB (Data Base) 230 that stores an account ID.

  The control unit 24 includes, for example, a CPU, a ROM, a RAM, and the like. The CPU uses the RAM as a work memory, and appropriately executes various programs stored in the ROM, the storage unit 23, and the like, whereby the authentication device 20 is used. Control the operation of each part. In addition, the RAM is provided with a random counter or the like that generates a random numerical sequence (random number).

  The control unit 24 executes the application program stored in the storage unit 23, and from the still image data or moving image data of the watermarked two-dimensional code obtained by imaging in the imaging unit 21, the storage unit 23. By determining whether or not a digital watermark that matches the stored digital watermark has been extracted, the authenticity (authentication) of the watermarked two-dimensional code is determined.

  When the watermark still image data 33 is embedded as a digital watermark in the watermarked two-dimensional code, the control unit 24 divides the watermarked two-dimensional code imaged by the imaging unit 21 into RGB components (RGB decomposition). , R, G, and B are subjected to discrete wavelet transform to decompose the watermarked two-dimensional code into frequency components such as LL component, LH component, HL component, and HH component (band division). Then, the control unit 24 normalizes the frequency component and determines whether or not the watermark still image data 33 matching the watermark still image data 33 stored in the storage unit 23 has been extracted. Authenticate the dimension code.

  On the other hand, when watermark code data that does not change with time is embedded as a digital watermark in the watermarked two-dimensional code, the control unit 24 changes the color mode of the watermarked two-dimensional code captured by the imaging unit 21 from the RGB signal. After converting to YIQ signal and thinning out the color difference information of I and Q to 1/4, the image of each channel of YIQ is divided into 8 × 8 pixel block units, and two-dimensional discrete cosine transform is performed for each block Find the frequency component. Then, the control unit 24 normalizes the frequency component, and determines whether or not the watermark code data without the time change that matches the watermark code data without the time change stored in the storage unit 23 can be extracted. Thus, the watermarked two-dimensional code is authenticated.

  On the other hand, when watermark moving image data is embedded as a digital watermark in the watermarked two-dimensional code, the control unit 24 adds the discrete wavelet as described above to each frame image data of the watermarked two-dimensional code. The watermarked two-dimensional code is authenticated by determining whether or not the watermark moving image data matching the watermark moving image data stored in the storage unit 23 has been extracted by performing conversion or the like.

  On the other hand, when watermark code data with a time change is embedded as a digital watermark in the watermarked two-dimensional code, the control unit 24 stores the watermarked two-dimensional code by performing pseudo three-dimensional discrete cosine transform, etc. The watermarked two-dimensional code is authenticated by determining whether or not the watermark code data with the time change matching the watermark code data with the time change stored in the unit 23 has been extracted.

  In the present embodiment, since the watermark moving image data is embedded as the digital watermark in the watermarked two-dimensional code as described above, the control unit 24 uses the discrete wavelet transform to add the watermarked two-dimensional code data. By determining whether or not the watermark moving image data matching the watermark moving image data stored in the storage unit 23 has been extracted from the moving image data of the dimension code, the watermarked two-dimensional code is authenticated.

  Specifically, when the watermarked two-dimensional code is captured and copied, the screen shot of the watermarked two-dimensional code becomes still image data. The moving image data cannot be extracted, and the authentication of the watermarked two-dimensional code fails.

  Further, the screen capture of the watermarked two-dimensional code becomes moving image data at a frame rate (30 fps), but it is difficult to accurately capture the watermark moving image data embedded in the watermarked two-dimensional code. Therefore, the control unit 24 cannot extract the watermark moving image data that matches the watermark moving image data stored in the storage unit 23 from the screen capture of the watermarked two-dimensional code. Fail.

  On the other hand, when the watermarked two-dimensional code is authentic, that is, not a duplicated one, the control unit 24 uses the watermark stored in the storage unit 23 from the moving image data of the watermarked two-dimensional code. Since watermark moving image data matching the moving image data can be extracted, the watermarked two-dimensional code is successfully authenticated.

  As described above, if the watermark moving image data matching the watermark moving image data stored in the storage unit 23 can be extracted from the moving image data of the watermarked two-dimensional code, the control unit 24 can authenticate the watermarked two-dimensional code. It is determined that the watermarked two-dimensional code has been successfully authenticated. On the other hand, if the control unit 24 cannot extract the watermark moving image data that matches the watermark moving image data stored in the storage unit 23 from the moving image data of the watermarked two-dimensional code, the watermarked two-dimensional code It is determined that the authentication of the watermarked two-dimensional code has failed, assuming that the code has been copied.

  However, even if the watermarked two-dimensional code is genuine, the screen display method and resolution of the display unit 11 of the terminal device 10 are not general, or a special protective film is applied, etc. The authenticity determination (authentication) of the watermarked two-dimensional code may fail for some reason, such as having

  Therefore, when the authentication of the watermarked two-dimensional code fails, the control unit 24 performs challenge / response authentication. Specifically, the control unit 24 extracts a random number from the random counter, generates a challenge two-dimensional code indicating a numerical sequence indicated by the random number as a challenge code, and displays the challenge two-dimensional code on the display unit 22. The challenge two-dimensional code indicates a challenge code according to a distribution pattern of cells having a predetermined lightness (for example, black cells) and cells having a predetermined lightness or higher (for example, white cells) among a plurality of cells. Yes.

  Subsequently, according to the same algorithm (second rule) as the terminal device 10, the control unit 24 obtains the challenge code indicated by the challenge two-dimensional code and the account ID indicated by the watermarked two-dimensional code imaged by the imaging unit 21. By combining, a response code similar to the response code generated in the terminal device 10 is generated.

  Then, the control unit 24 compares the generated response code with the response code indicated by the response two-dimensional code captured by the imaging unit 21, and determines that the authentication has succeeded if the two match. Otherwise, it is determined that authentication has failed.

  Next, operation | movement of an authentication system provided with said structure is demonstrated, referring drawings.

  The user entrusts the watermarked two-dimensional code displayed on the display unit 11 of the terminal device 10 to the imaging unit 21 of the authentication device 20. In the authentication device 20, the control unit 24 starts the authentication process by executing the application program stored in the storage unit 23 in response to the imaging unit 21 imaging the watermarked two-dimensional code. To do.

  6 and 7 are flowcharts showing details of the authentication processing in the first embodiment.

  First, in the authentication device 20, as shown in FIG. 6, a watermark moving image stored in the storage unit 23 from the moving image data of the watermarked two-dimensional code obtained by the control unit 24 picked up by the image pickup unit 21. By determining whether or not the watermark moving image data matching the image data has been extracted, the authenticity (authentication) of the watermarked two-dimensional code is performed (step S1).

  Here, when it is determined that the watermark moving image data could not be extracted (step S1; No), the control unit 24 extracts a random number from the random counter, indicating that the authentication of the watermarked two-dimensional code has failed, and the random number indicates A challenge two-dimensional code indicating a numerical string as a challenge code is generated (step S2).

  Further, the control unit 24 combines the challenge code indicated by the challenge two-dimensional code generated in the process of step S2 and the account ID indicated by the watermarked two-dimensional code imaged by the imaging unit 21 according to a predetermined algorithm. A response code is generated (step S3).

  And the control part 24 displays the challenge two-dimensional code produced | generated in the process of step S2 on the display part 22 (step S4).

  On the other hand, in the terminal device 10, the control unit 15 is instructed to read the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 by the operation of the operation unit 13 by the user (step S5; No). , Loop and wait.

  Then, in response to an instruction to read the challenge two-dimensional code (Step S5; Yes), the control unit 15 images the challenge two-dimensional code in the imaging unit 12 (Step S6).

  Next, the control unit 15 executes the application program stored in the storage unit 14 to indicate the challenge two-dimensional code from the still image data of the challenge two-dimensional code obtained by imaging in the imaging unit 12. The challenge code is read (step S7).

  Subsequently, the control unit 15 synthesizes the challenge code read in the process of step S7 and the account ID stored in the storage unit 14 according to the same algorithm as the authentication device 20 and generates it in the authentication device 20 A response code similar to the response code thus generated is generated (step S8).

  And the control part 15 produces | generates the response two-dimensional code which shows a response code (step S9), and displays it on the display part 11 (step S10).

  Thereafter, the user puts the response two-dimensional code displayed on the display unit 11 of the terminal device 10 on the imaging unit 21 of the authentication device 20.

  On the other hand, in the authentication device 20, as shown in FIG. 7, the control unit 24 responds to the imaging of the response two-dimensional code in the imaging unit 21 (step S11), and the response code generated in the process of step S3. The response code indicated by the response two-dimensional code is compared (step S12).

  Then, when the response codes do not match in the process of step S12 (step S13; Yes), the control unit 24 determines that the authentication has failed (step S14).

  On the other hand, when the watermark moving image data can be extracted in the process of step S1 (step S1; No), or when the response code matches in the process of step S12 (step S13; Yes). It is determined that the authentication is successful (step S15).

  As described above, according to the authentication system 1 according to the first embodiment, a watermark from a watermarked two-dimensional code in which watermark data (watermark moving image data) that changes with the passage of time is embedded as a digital watermark is used. By determining whether or not the moving image data has been extracted, the watermarked two-dimensional code can be properly authenticated.

In addition, the screen display method and resolution of the display unit 11 of the terminal device 10 are not general, or have special characteristics such as having a special protective film. Even if the authenticity (authentication) of the code cannot be performed, the challenge / response authentication increases the amount of time and effort of the user, but the authentication can be performed practically without any problem.
[Second Embodiment]

  Next, the configuration of the authentication system according to the second embodiment of the present invention will be described. In addition, the description is abbreviate | omitted about the structure similar to the authentication system 1 which concerns on said 1st Embodiment.

  The storage unit 14 is installed with an application program or the like for causing the terminal device 10 to function as a token and generating a time synchronization two-dimensional code.

  The control unit 15 executes the application program stored in the storage unit 14 to cause the terminal device 10 to function as a token, and generates a one-time password according to the time synchronization method. Specifically, the control unit 15 calculates (generates) a one-time password composed of a 6-digit numeric string based on the current time according to a predetermined algorithm (first rule). The one-time password is recalculated and updated periodically (for example, every 60 seconds). The update frequency of the one-time password can be arbitrarily set and changed. For example, the one-time password may be updated every 30 seconds.

  In addition, the control unit 15 embeds a one-time password as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID, generates a time-synchronized two-dimensional code, and displays it on the display unit 11. Then, each time the one-time password is updated, the control unit 15 embeds the updated one-time password as a digital watermark, updates the time-synchronized two-dimensional code, and displays it on the display unit 11.

  That is, in the time synchronization two-dimensional code, the one-time password embedded as a digital watermark in the frequency component of the logo-added two-dimensional code 30 is updated every 60 seconds. Since the time-synchronized two-dimensional code generated in this way uses the same image of the two-dimensional code 30 with the logo, when displayed on the display unit 11, it looks like a still image at first glance. Since the one-time password embedded as a digital watermark becomes moving image data or the like, it becomes moving image data. The frame rate of the time synchronization two-dimensional code varies depending on the update frequency of the one-time password, but is lower than the frame rate (30 to 60 fps) of normal moving image data.

  In the present embodiment, the time synchronization two-dimensional code is described as being periodically updated. However, the present invention is not limited to this, and for example, the time synchronization two-dimensional code is operated by the operation of the operation unit 13 by the user. It may be generated one by one in response to an instruction to generate a code. The time-synchronized two-dimensional code generated in this way is not only the two-dimensional code 30 with a logo, but also a one-time password embedded as a digital watermark becomes still image data and the like, and thus becomes still image data.

  The imaging unit 21 images a time synchronization two-dimensional code or the like displayed on the display unit 11 of the terminal device 10 illustrated in FIG.

  The storage unit 23 is installed with an application program or the like for executing time synchronization type one-time password authentication.

  The control unit 24 executes time synchronization type one-time password authentication by executing an application program stored in the storage unit 23. Specifically, the control unit 24 extracts (acquires) a one-time password embedded as a digital watermark from the moving image of the time-synchronized two-dimensional code captured by the imaging unit 21 and uses the same algorithm as that of the terminal device 10 Based on the current time, a one-time password is calculated (generated).

  Then, the control unit 24 compares the extracted one-time password with the calculated one-time password, determines that the authentication has succeeded if they match, and if they do not match, the authentication has failed. Is determined.

  In the authentication system 1 according to the second embodiment, since challenge / response authentication is not performed, the authentication device 20 may not include the display unit 22.

  Next, operation | movement of an authentication system provided with said structure is demonstrated, referring drawings.

  FIG. 8 is a flowchart showing details of the authentication processing in the second embodiment.

  First, in the terminal device 10, as shown in FIG. 8, the control unit 15 executes an application program stored in the storage unit 14, so that a six-digit numerical value is obtained based on the current time according to a predetermined algorithm. A one-time password composed of columns is calculated (step S21).

  Next, the control unit 15 embeds a one-time password as a digital watermark in the frequency component of the logo-added two-dimensional code 30 shown in the account ID to generate a time-synchronized two-dimensional code (step S22). It is displayed (step S23).

  Thereafter, the user puts the time synchronization two-dimensional code displayed on the display unit 11 of the terminal device 10 on the imaging unit 21 of the authentication device 20.

  On the other hand, in the terminal device 20, the control unit 24 executes the application program stored in the storage unit 23 in response to the imaging of the time-synchronized two-dimensional code in the imaging unit 21 (step S24). A one-time password embedded as a digital watermark is extracted from the moving image of the time-synchronized two-dimensional code imaged by the imaging unit 21 (step S25).

  Next, the control unit 24 calculates a one-time password based on the current time according to the same algorithm as the terminal device 10 (step S26).

  Subsequently, the control unit 24 compares the one-time password extracted in the process of step S25 with the one-time password calculated in the process of step S26 (step S27).

  If the control unit 24 determines that the one-time password does not match in the process of step S27 (step S28; No), it determines that the authentication has failed (step S29), while the one-time password is If they match (step S28; Yes), it is determined that the authentication has succeeded (step S30).

As described above, in the authentication system 1 according to the second embodiment, it is necessary to synchronize the time between the terminal device 10 and the authentication device 20 by performing one-time password authentication using the time synchronization method. However, it is easy for the user of the terminal device 10 to perform an operation for imaging the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 as in the authentication system 1 according to the first embodiment. And it can authenticate appropriately.
[Third Embodiment]

  Next, the configuration of the authentication system according to the third embodiment of the present invention will be described. In addition, the description is abbreviate | omitted about the structure similar to the authentication system 1 which concerns on said 1st and 2nd embodiment.

  In the present embodiment, an application program or the like for generating a response two-dimensional code is installed in the storage unit 14.

  The control unit 15 reads the challenge code indicated by the challenge two-dimensional code from the still image of the challenge two-dimensional code captured by the imaging unit 12. Subsequently, the control unit 15 combines the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm to generate a response code.

  Then, the control unit 15 embeds a response code as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID, generates a response two-dimensional code, and displays it on the display unit 11. In this embodiment, the response code embedded as a digital watermark is still image data or code data that does not change over time, but may be moving image data or code data that changes over time.

  The imaging unit 21 images a response two-dimensional code or the like displayed on the display unit 11 of the terminal device 10 illustrated in FIG.

  The storage unit 23 is installed with an application program or the like for generating a challenge two-dimensional code or performing challenge / response authentication.

  The control unit 24 performs challenge / response authentication by executing an application program stored in the storage unit 23. Specifically, the control unit 24 extracts a random number from the random counter, generates a challenge two-dimensional code indicating a numerical string indicated by the random number as a challenge code, and displays the challenge two-dimensional code on the display unit 22.

  In addition, the control unit 24 periodically extracts a random number from a random counter (for example, every 60 seconds), and generates and updates a challenge two-dimensional code indicating a numerical sequence indicated by the random number as a challenge code. The update frequency of the challenge two-dimensional code can be arbitrarily set and changed, and may be updated every 30 seconds, for example. For this reason, the challenge two-dimensional code becomes a moving image. The frame rate of the challenge two-dimensional code varies depending on the update frequency, but is lower than the frame rate (30 to 60 fps) of normal moving image data.

  In the present embodiment, the challenge two-dimensional code is described as being periodically updated. However, the present invention is not limited to this, and for example, the terminal device 10 may be a general-purpose sensor provided in the authentication device 20. Still image data may be generated one by one in response to detecting the user.

  Further, the control unit 24 synthesizes the challenge code indicated by the challenge two-dimensional code and the account ID indicated by the response two-dimensional code imaged in the imaging unit 21 according to the same algorithm as that of the terminal device 10. A response code similar to the response code generated in step 1 is generated.

  The control unit 24 extracts a response code embedded as a digital watermark from the still image of the response two-dimensional code captured by the imaging unit 21. Then, the control unit 24 compares the generated response code with the extracted response code, and determines that the authentication has succeeded if they match, and determines that the authentication has failed if they do not match. .

  Next, operation | movement of an authentication system provided with said structure is demonstrated, referring drawings.

  9 and 10 are flowcharts showing details of the authentication processing in the third embodiment.

  First, in the authentication device 20, as shown in FIG. 9, the control unit 24 executes an application program stored in the storage unit 23 to extract a random number from a random counter and challenge a numerical sequence indicated by the random number. A challenge two-dimensional code shown as a code is generated (step S31) and displayed on the display unit 22 (step S32).

  On the other hand, in the terminal device 10, until the control unit 15 instructs the reading of the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 by the operation of the operation unit 13 by the user (step S33; No). Loop and wait.

  Then, in response to the instruction to read the challenge two-dimensional code (Step S33; Yes), the control unit 15 images the challenge two-dimensional code in the imaging unit 12 (Step S34).

  Next, the control unit 15 executes the application program stored in the storage unit 14 to indicate the challenge two-dimensional code from the still image data of the challenge two-dimensional code obtained by imaging in the imaging unit 12. The challenge code is read (step S35).

  Subsequently, the control unit 15 synthesizes the challenge code read in the process of step S35 and the account ID stored in the storage unit 14 according to a predetermined algorithm to generate a response code (step S36).

  Then, the control unit 15 embeds a response code as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID to generate a response two-dimensional code (step S37) and displays it on the display unit 11 (step S37). Step S38).

  Thereafter, the user puts the response two-dimensional code displayed on the display unit 11 of the terminal device 10 on the imaging unit 21 of the authentication device 20.

  Then, in the authentication device 20, as shown in FIG. 10, the control unit 24 responds to the imaging of the response two-dimensional code in the imaging unit 21 (step S 39), and the step is performed according to the same algorithm as that of the terminal device 10. A response similar to the response code generated in the terminal device 10 is synthesized by combining the challenge code indicated by the challenge two-dimensional code generated in the process of S31 and the account ID indicated by the response two-dimensional code imaged in the imaging unit 21. A code is generated (step S40).

  In addition, the control unit 24 extracts a response code embedded as a digital watermark from still image data of a response two-dimensional code obtained by imaging in the imaging unit 21 (step S41).

  Subsequently, the control unit 24 compares the response code generated in the process of step S40 with the response code extracted in the process of step S41 (step S42).

  When the response code does not match in the process of step S42 (step S43; No), the control unit 24 determines that the authentication has failed (step S44), but the response code matches. (Step S43; Yes), it is determined that the authentication is successful (Step S45).

As described above, in the authentication system 1 according to the third embodiment, a challenge two-dimensional code once displayed on the display unit 22 of the authentication device 20 is obtained by the user of the terminal device 10 performing challenge-response authentication. Although it is necessary to perform an operation for imaging, it is possible to perform authentication appropriately even if the time is not synchronized between the terminal device 10 and the authentication device 20.
[Fourth Embodiment]

  Next, the configuration of an authentication system according to the fourth embodiment of the present invention will be described. In addition, the description is abbreviate | omitted about the structure similar to the authentication system 1 which concerns on said 1st-3rd embodiment.

  In the present embodiment, the storage unit 14 is installed with an application program and the like for causing the terminal device 10 to function as a token and generating a time synchronization two-dimensional code and a response two-dimensional code.

  The control unit 15 executes the application program stored in the storage unit 14 to cause the terminal device 10 to function as a token, and generates a one-time password according to the time synchronization method. Specifically, the control unit 15 calculates a one-time password composed of a 6-digit numeric string based on the current time according to a predetermined algorithm. The one-time password is recalculated and updated periodically (for example, every 60 seconds).

  In addition, the control unit 15 embeds a one-time password as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID, generates a time-synchronized two-dimensional code, and displays it on the display unit 11. Then, each time the one-time password is updated, the control unit 15 embeds the updated one-time password as a digital watermark, updates the time-synchronized two-dimensional code, and displays it on the display unit 11.

  Further, the control unit 15 reads the challenge code indicated by the challenge two-dimensional code from the still image data of the challenge two-dimensional code obtained by imaging in the imaging unit 12. Subsequently, the control unit 15 combines the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm to generate a response code.

  Then, the control unit 15 embeds a response code as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID, generates a response two-dimensional code, and displays it on the display unit 11.

  The imaging unit 21 images a time synchronization two-dimensional code, a response two-dimensional code, and the like displayed on the display unit 11 of the terminal device 10 illustrated in FIG.

  The storage unit 23 is installed with an application program or the like for performing one-time password authentication of a time synchronization method, generating a challenge two-dimensional code, or performing challenge-response authentication.

  The control unit 24 executes time synchronization type one-time password authentication by executing an application program stored in the storage unit 23. Specifically, the control unit 24 extracts a one-time password embedded as a digital watermark from the moving image data of the time-synchronized two-dimensional code obtained by imaging in the imaging unit 21 and is similar to the terminal device 10. According to the algorithm, a one-time password is calculated based on the current time.

  Then, the control unit 24 compares the extracted one-time password with the calculated one-time password, and determines that the authentication is successful if they match, and determines that the authentication fails if they do not match. .

  When authenticating such a time-synchronized two-dimensional code, it is necessary to synchronize the time between the terminal device 10 and the authentication device 20.

  When the time is shifted between the terminal device 10 and the authentication device 20 and authentication of the time synchronization two-dimensional code fails, the control unit 24 performs challenge / response authentication. Specifically, the control unit 24 extracts a random number from the random counter, generates a challenge two-dimensional code indicating a numerical string indicated by the random number as a challenge code, and displays the challenge two-dimensional code on the display unit 22.

  Further, the control unit 24 synthesizes the challenge code indicated by the challenge two-dimensional code and the account ID indicated by the response two-dimensional code imaged in the imaging unit 21 according to the same algorithm as that of the terminal device 10. A response code similar to the response code generated in step 1 is generated.

  The control unit 24 extracts a response code embedded as a digital watermark from still image data of a response two-dimensional code obtained by imaging in the imaging unit 21. Then, the control unit 24 compares the generated response code with the extracted response code, and determines that the authentication has succeeded if they match, and determines that the authentication has failed if they do not match. .

  Next, operation | movement of an authentication system provided with said structure is demonstrated, referring drawings.

  FIG. 11, FIG. 12, and FIG. 13 are flowcharts showing details of the authentication processing in the fourth embodiment.

  First, in the terminal device 10, as shown in FIG. 11, the control unit 15 executes an application program stored in the storage unit 14, thereby performing a six-digit numerical value based on the current time according to a predetermined algorithm. A one-time password composed of columns is calculated (step S51).

  Next, the control unit 15 embeds a one-time password as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID to generate a time-synchronized two-dimensional code (step S52). Displayed (step S53).

  Then the user. The time synchronization two-dimensional code displayed on the display unit 11 of the terminal device 10 is input to the imaging unit 21 of the authentication device 20.

  On the other hand, in the terminal device 20, the control unit 24 executes the application program stored in the storage unit 23 in response to the imaging of the time synchronization two-dimensional code in the imaging unit 21 (step S54). A one-time password embedded as a digital watermark is extracted from the moving image data of the time-synchronized two-dimensional code obtained by imaging in the imaging unit 21 (step S55).

  Next, the control unit 24 calculates a one-time password based on the current time according to the same algorithm as the terminal device 10 (step S56).

  Subsequently, the control unit 24 compares the one-time password extracted in the process of step S55 with the one-time password calculated in the process of step S56 (step S57).

  When the control unit 24 determines that the one-time password does not match in the process of step S57 (step S58; No), the control unit 24 extracts a random number from the random counter as a failure of time synchronization two-dimensional code authentication. Then, a challenge two-dimensional code indicating the numerical sequence indicated by the random number as a challenge code is generated (step S59) and displayed on the display unit 22 (step S60).

  On the other hand, in the terminal device 10, as shown in FIG. 12, until the control unit 15 is instructed to read the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 by the operation of the operation unit 13 by the user. (Step S61; No), loop and wait.

  Then, in response to an instruction to read the challenge two-dimensional code (Step S61; Yes), the control unit 15 images the challenge two-dimensional code in the imaging unit 12 (Step S62).

  Next, the control unit 15 executes the application program stored in the storage unit 14 to indicate the challenge two-dimensional code from the still image data of the challenge two-dimensional code obtained by imaging in the imaging unit 12. The challenge code is read (step S63).

  Subsequently, the control unit 15 synthesizes the challenge code read in the process of step S63 and the account ID stored in the storage unit 14 according to a predetermined algorithm to generate a response code (step S64).

  Then, the control unit 15 embeds a response code as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID, generates a response two-dimensional code (step S65), and displays it on the display unit 11 ( Step S66).

  Thereafter, the user puts the response two-dimensional code displayed on the display unit 11 of the terminal device 10 on the imaging unit 21 of the authentication device 20.

  Then, in the authentication device 20, as shown in FIG. 13, the control unit 24 responds to the imaging of the response two-dimensional code in the imaging unit 21 (step S 67), and the step is performed according to the same algorithm as the terminal device 10. A response similar to the response code generated in the terminal device 10 is synthesized by combining the challenge code indicated by the challenge two-dimensional code generated in the process of S59 and the account ID indicated by the response two-dimensional code imaged in the imaging unit 21. A code is generated (step S68).

  Further, the control unit 24 extracts a response code embedded as a digital watermark from the still image data of the response two-dimensional code obtained by imaging in the imaging unit 21 (step S69).

  Subsequently, the control unit 24 compares the response code generated in the process of step S68 with the response code indicated by the digital watermark extracted in the process of step S69 (step S70).

  When the response code does not match in the process of step S70 (step S71; No), the control unit 24 determines that the authentication has failed (step S72).

  In contrast, when the one-time password is matched in the process of step S57 (step S58; Yes), or the response code is matched in the process of step S70 (step S70; Yes). It is determined that the authentication is successful (step S73).

  As described above, in the authentication system 1 according to the fourth embodiment, if time synchronization is achieved between the terminal device 10 and the authentication device 20 by performing one-time password authentication of the time synchronization method, The user of the terminal device 10 is appropriate without performing an operation for imaging the challenge two-dimensional code displayed on the display unit 22 of the authentication device 20 as in the authentication system 1 according to the first and third embodiments. Can be authenticated.

  On the other hand, if the time is not synchronized between the terminal device 10 and the authentication device 20, the user of the terminal device 10 once displays on the display unit 22 of the authentication device 20 by performing challenge / response authentication. Although it is necessary to perform an operation for imaging the displayed challenge two-dimensional code, authentication can be appropriately performed.

  For this reason, in the authentication system 1 according to the fourth embodiment, mutual determination between the authentication system 1 according to the second embodiment and the authentication system 1 according to the third embodiment can be eliminated.

  In addition, this invention is not limited to the said embodiment, A various deformation | transformation and application are possible. Hereinafter, modifications of the above-described embodiment applicable to the present invention will be described.

  In the first embodiment, when watermark data with a time change is embedded as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using the pseudo three-dimensional discrete cosine transform, a semi-fragile moving picture type digital watermark In order to realize the above, the following two-dimensional code evaluation system may be used to determine by optimization whether the digital watermark is embedded in which frequency band. The details of this determination by optimization are described in WO2015 / 001908 and the like.

  FIG. 14 is a diagram illustrating a configuration example of a two-dimensional code evaluation system.

  As shown in FIG. 14, the two-dimensional code evaluation system includes a terminal device 10, a two-dimensional code replication device 203, and a two-dimensional code photographing device 205, and the terminal device 10 and the two-dimensional code photographing device 205 are Are connected via a wireless communication line or a wired communication line.

  In the present modification, the control unit 15 of the terminal device 10 embeds watermark data with time change as a digital watermark in the frequency component of the logo-added two-dimensional code 30 using pseudo three-dimensional discrete cosine transform. At that time, the control unit 15 uses, for example, a self-adaptive differential evolution method (JADE) which is one of the stochastic optimization algorithms, and how much the electronic watermark is transmitted to which frequency band among a plurality of frequency bands. In order to determine whether to embed at the embedding strength, the selection of the frequency band and the adjustment of the embedding strength are automatically performed. For self-adaptive differential evolution (JADE), JADE: Adaptive Differential Evolution With Optional External Archive (Published in: Evolutionary Computation, IEEE Transactions on (Volume: 13,? Issue: 5), Pages: 945-958, (Issue Date: Oct. 2009).

  Specifically, the control unit 15 applies a two-dimensional discrete cosine transform to each frame image data of moving image data composed of the same logo-added two-dimensional code 30 in order to reduce processing time, Next, frequency components are obtained by performing one-dimensional discrete cosine transform in the time series direction in each obtained frequency band. Then, the control unit 15 embeds watermark data with a time change in a frequency band selected from among a plurality of frequency bands obtained by the two-dimensional discrete cosine transform, embeds it as an electronic watermark by adjusting the embedding strength, Generate dimension code.

  The two-dimensional code photographing device 203 includes a mobile phone, a smartphone, a tablet computer, and the like, and at least a camera function capable of photographing a watermarked two-dimensional code displayed on the display unit 11 of the terminal device 10, and the camera function And a TFT liquid crystal display capable of displaying the watermarked two-dimensional code.

  The two-dimensional code duplicating device 203 is preferably composed of a mobile phone of the same model as the terminal device 10, a smart phone, a tablet computer, or the like, but if there is a certain consistency in function, the two-dimensional code duplicating device 203 is Any mobile phone may be used. Moreover, if it is an apparatus provided with the display which can display a watermarked two-dimensional code, and the camera function which can image | photograph the watermarked two-dimensional code displayed on the display part 11 of the terminal device 10, a mobile phone or a smart phone The present invention can be applied not only to a tablet computer but also to a two-dimensional code duplicating device 203.

  The two-dimensional code duplicating device 203 generates a watermarked two-dimensional code (hereinafter referred to as a duplicate two-dimensional code) by photographing the watermarked two-dimensional code displayed on the display unit 11 of the terminal device 10; indicate. Further, the two-dimensional code duplicating device 203 displays not only the duplicated two-dimensional code but also a watermarked two-dimensional code to be displayed on the display unit 11 of the terminal device 10.

  The two-dimensional code photographing device 205 photographs the two-dimensional code with watermark and the duplicate two-dimensional code that are alternately displayed on the two-dimensional code duplicating device 203.

  In this modification, the control unit 15 of the control device 10 extracts a digital watermark from the watermarked two-dimensional code and the duplicated two-dimensional code photographed by the two-dimensional code photographing device 205, and calculates the difference between the extraction rates. To do. Then, the control unit 15 evaluates the generated watermarked two-dimensional code using the calculated difference as an evaluation value.

  The control unit 15 selects an electronic watermark such as selection of a frequency band in which the electronic watermark is embedded and adjustment of the embedding strength of the electronic watermark, and evaluation of the watermarked two-dimensional code in which the electronic watermark of the design is embedded. For example, optimization is repeated for 120 generations, and it is determined in which frequency band and how much embedding strength is embedded in the digital watermark.

  FIG. 15 is a block diagram illustrating a functional configuration of the control unit of the terminal device.

  As illustrated in FIG. 15, the control unit 15 includes a difference calculation unit 1001, a solution candidate search unit 1002, and a two-dimensional code generation unit 1003.

  The difference calculation unit 1001 extracts a digital watermark from the watermarked two-dimensional code and the duplicated two-dimensional code photographed by the two-dimensional code photographing device 205, and calculates the difference between the extraction rates.

  The solution candidate search unit 1002 determines a solution candidate that is a combination of a frequency band in which the digital watermark is embedded and a parameter of the embedded strength of the digital watermark so as to maximize the difference (evaluation value) calculated by the difference calculation unit 1001. Perform a search. In other words, in the present modification, a threshold value of the difference (evaluation value) that can be assumed is set, and the solution candidate search unit 1002 determines the solution candidate until the difference (evaluation value) calculated by the difference calculation unit 1001 becomes equal to or greater than the threshold value. Search (generation of watermarked two-dimensional code). When a solution candidate whose difference (evaluation value) is equal to or greater than a threshold is found, the solution candidate is determined as an optimal solution.

  As another solution candidate search method, first, the solution candidate search unit 1002 generates an initial group of solution candidates by randomly determining parameters, and evaluates all solution candidates. Next, the solution candidate search unit 1002 generates a solution candidate for the next group according to the evaluation value and optimization algorithm of each solution candidate. For example, when a genetic algorithm is used, a combination of two solution candidates is reconstructed or non-restored by random or roulette selection based on evaluation values.

  Next, the solution candidate search unit 1002 applies two new solutions by applying an operation for exchanging a part of the parameter value set called crossover to the two extracted solution candidates (parent individuals). A candidate (child individual) is generated. The solution candidate search unit 1002 may perform an operation on a solution candidate generated by crossover, that is, an operation of randomly changing a part of a parameter set with a certain probability. In addition, the solution candidate search unit 1002 may add a child individual unconditionally to the next group, or may discard the child individual and add the parent individual to the next group when the parent individual is superior.

  The solution candidate search unit 1002 searches for solution candidates until the evaluation value of the best individual in the solution candidate group converges to a state where it has not been improved for a certain number of times. After the search is completed, the solution candidate search unit 1002 may output a plurality of solution candidate sets having the highest evaluation value (maximized) and whose parameter value sets are not similar to each other. In this case, the final solution candidate is selected by the user.

  Each time the solution candidate search unit 1002 searches for a solution candidate, the two-dimensional code generation unit 1003 generates a digital watermark based on the solution candidate and generates a watermarked two-dimensional code in which the digital watermark is embedded. And displayed on the display unit 11.

  As described above, in this modification, the evaluation value, which is the difference in the consistency between the digital watermarks extracted from the watermarked two-dimensional code and the duplicated two-dimensional code, which are alternately displayed in the two-dimensional code replication device 203, is obtained. By maximizing, when a watermarked two-dimensional code displayed on the display unit 11 of the terminal device 10 is duplicated by photographing, a watermarked two-dimensional code that can be reliably identified is generated. It becomes possible to do.

  Note that the method of maximizing the difference (evaluation value) is, for example, to determine a solution candidate having the highest difference (evaluation value) as an optimal solution among solution candidates obtained by a fixed number of search processes. Well, not particularly limited.

  In addition to the parameters including the frequency band in which the digital watermark is embedded, the embedding strength of the digital watermark, and the like, the solution candidates include parameters for constructing the logo-added two-dimensional code 30 to be embedded (for example, , The model number, color, module pattern, and gradation of the two-dimensional code 30 with a logo), the type of digital watermark, the parameters for constructing the digital watermark, and the method for embedding the digital watermark in the two-dimensional code 30 with logo (For example, wavelet transform, discrete cosine transform, etc.) and parameters (for example, mother wavelet etc.) may be included.

  Further, correction parameters (for example, color, brightness, gamma value, blur, etc.) of the terminal device 10 and the two-dimensional code duplicating device 203 may be added to the above-described solution candidates.

  In this case, the two-dimensional code generation unit 1003 generates a watermarked two-dimensional code in which a digital watermark is embedded. The display unit 11 sets correction parameters and displays the watermarked two-dimensional code generated by the two-dimensional code generation unit 1003. The two-dimensional code duplicating device 203 generates a duplicate two-dimensional code by photographing the two-dimensional code displayed on the display unit 11 of the terminal device 10, and sets and displays a correction parameter. The two-dimensional code photographing device 205 photographs the two-dimensional code with watermark and the duplicate two-dimensional code that are alternately displayed on the two-dimensional code duplicating device 203.

  The difference calculation unit 1001 extracts a digital watermark from the watermarked two-dimensional code and the duplicated two-dimensional code photographed by the two-dimensional code photographing device 205, and the above-described extraction results are sent to the terminal device 10 and the two-dimensional code duplicating device 203. Readjust the correction parameters. After the above process is repeated a predetermined number of times (for example, 5 times), the difference calculation unit 1001 calculates the difference in extraction rate as described in FIG.

  And the control part 15 evaluates the produced | generated two-dimensional code using the difference calculated in the difference calculation part 1001 as an evaluation value. In this way, by displaying the image data with correction according to the characteristics of the terminal device 10 and the two-dimensional code duplicating device 203, the authenticity of the watermarked two-dimensional code can be more stably determined. .

  Next, a processing flow of the two-dimensional code evaluation system according to this modification will be described.

  16 and 17 are flowcharts showing details of the two-dimensional code evaluation process.

  In the terminal device 10, the two-dimensional code generation unit 1003 generates a watermarked two-dimensional code in which a digital watermark is embedded as shown in FIG. 16 (step S101). The two-dimensional code generation unit 1003 displays the watermarked two-dimensional code generated in step S101 on the display unit 11 (step S102).

  The two-dimensional code replicating device 203 generates a duplicated two-dimensional code by photographing the watermarked two-dimensional code displayed on the display unit 11 of the terminal device 10 (step S131). The two-dimensional code duplicating device 203 alternately displays the watermarked two-dimensional code to be displayed on the display unit 11 of the terminal device 10 and the duplicated two-dimensional code generated in step S131 (step S132).

  The two-dimensional code photographing device 205 photographs the watermarked two-dimensional code and the duplicated two-dimensional code that are alternately displayed in the two-dimensional code duplicating device 203 (step S151). The two-dimensional code photographing device 205 transmits the photographed two-dimensional code with watermark and the duplicate two-dimensional code to the terminal device 10 (step S152).

  In the terminal device 10, as shown in FIG. 17, the difference calculation unit 1001 receives the watermarked two-dimensional code and the duplicated two-dimensional code from the two-dimensional code photographing device 205 (step S103). The difference calculation unit 1001 calculates the difference between the watermarked two-dimensional code received in step S103 and the duplicated two-dimensional code (step S104).

  The solution candidate search unit 1002 determines whether or not the evaluation value that is the difference calculated in step S104 is greater than or equal to a threshold value (step S105). In addition, as a search algorithm for a solution candidate in step S105, in addition to an end point search method such as a gradient method, a Newton method, a conjugate gradient method, a least square method, a tabu search, a burn-up method, a genetic algorithm, an ant colony optimization , Differential evolution methods, multi-point search such as particle swarm optimization, and hybrid methods of these algorithms can be used.

  When the evaluation value is less than the threshold (Step S105; No), the solution candidate search unit 1002 searches for another solution candidate (Step S106). After step S106, the process returns to step S101, and the two-dimensional code generation unit 1003 newly generates a watermarked two-dimensional code based on the other solution candidates. On the other hand, if the evaluation value is equal to or greater than the threshold value (step S105; Yes), the current solution candidate (a combination of the frequency band in which the digital watermark is embedded and the embedded strength parameter of the digital watermark) is determined as the optimal solution ( Step S107).

  FIG. 18 is a diagram illustrating an optimal solution and a corresponding basis function.

  In the optimal solution, as shown in FIG. 18, not only low frequency components (upper left side) and medium frequency components, but also high frequency components in the vertical direction (lower center) are used to embed a digital watermark, and the desired semi-fragile It can be seen that sex was realized.

  FIG. 19 is a diagram illustrating a watermarked two-dimensional code, a photographed result of a watermarked two-dimensional code, and a photographed result of a duplicated two-dimensional code.

  As shown in FIG. 19, it can be confirmed that the digital watermark embedded in the third and eighth frame image data is destroyed in the photographing result of the duplicate two-dimensional code. As a result, the authentication device 20 can reliably identify that the watermarked two-dimensional code has been copied.

  In the first embodiment, the watermarked two-dimensional code has been described as being generated by embedding a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID. However, the present invention is not limited to this. Instead, the watermarked two-dimensional code may be generated by embedding a digital watermark in the frequency component of a general-purpose two-dimensional code indicating an account ID.

  In the first embodiment, it has been described that challenge / response authentication is performed when authenticity determination (authentication) of a watermarked two-dimensional code fails. However, the present invention is not limited to this, and one-time password authentication using a time synchronization method may be performed when authentication of a watermarked two-dimensional code fails. Specifically, in the authentication device 20, when the control unit 24 determines that the watermark moving image data could not be extracted, the authentication unit 20 displays that the authentication of the watermarked two-dimensional code has failed, and the imaging unit 21 performs time synchronization two-dimensional Just loop and wait until the code is imaged. Thereafter, in the terminal device 10, the control unit 15 executes the processes of steps S <b> 21 to S <b> 23 shown in FIG. 8 in response to the instruction to generate the time synchronization two-dimensional code by the operation of the operation unit 13 by the user. In terminal device 20, control part 24 should just perform processing of Steps S24-S30 in response to having picked up a time synchronous two-dimensional code in image pick-up part 21. If the authenticity (authentication) of the watermarked two-dimensional code fails, one-time password authentication using the time synchronization method is performed. If one-time password authentication using the time synchronization method also fails, further challenge is performed. -Response authentication may be performed. Alternatively, only the two-dimensional watermarked code may be authenticated, and the time synchronization type one-time password authentication or challenge / response authentication may not be performed.

  In the first embodiment, in the terminal device 10, the control unit 15 generates a watermarked two-dimensional code by embedding watermark moving image data as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID. Explained as what to do. However, the present invention is not limited to this, and the control unit 15 embeds watermark data indicating a password corresponding to the account ID as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID. Alternatively, a watermarked two-dimensional code may be generated. In this case, the authentication device 20 stores the account ID and the password in the account DB 230 of the storage unit 23 in association with each other. In the authentication process, the control unit 24 detects a password corresponding to the account ID indicated by the watermarked two-dimensional code imaged by the imaging unit 21 from the account DB 230. Then, the control unit 24 determines whether or not watermark data indicating a password that matches the password detected from the account DB 230 has been extracted from the still image data of the watermarked two-dimensional code obtained by the imaging unit 21. By doing so, the authenticity determination (authentication) of the watermarked two-dimensional code may be performed.

  In the first embodiment, the control unit 15 responds according to the distribution pattern of cells having a predetermined lightness (for example, black cells) and cells having a predetermined lightness or higher (for example, white cells) among the plurality of cells. It has been described as generating a response two-dimensional code indicating a code. However, the present invention is not limited to this, and a response two-dimensional code may be generated by simply adding an account ID after the response code corresponding to the challenge code.

  In the first embodiment, the response two-dimensional code is based on a distribution pattern of a cell having a predetermined lightness (for example, a black cell) and a cell having a predetermined lightness or higher (for example, a white cell) among the plurality of cells. It has been described as being composed of a general-purpose two-dimensional code indicating a response code. However, the present invention is not limited to this, and the response two-dimensional code is similar to the logo-added two-dimensional code 30, the area of the logo below the predetermined brightness and the cell below the predetermined brightness, and the predetermined logo of the logo. A two-dimensional code with a logo indicating a response code may be used depending on a distribution pattern of a region of lightness or higher and a cell of predetermined lightness or higher. The response two-dimensional code may be generated by embedding a response code as a digital watermark in the frequency component of a general-purpose two-dimensional code indicating an account ID or a two-dimensional code with a logo, for example.

  In the first embodiment, in the authentication device 10, the control unit 15 generates a response code by combining the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm. As explained. However, the present invention is not limited to this, and the control unit 15 generates a response code by synthesizing the read challenge code and the password corresponding to the account ID according to a predetermined algorithm. May be. In this case, the authentication device 20 stores the account ID and the password in the account DB 230 of the storage unit 23 in association with each other. In the authentication process, the control unit 24 detects a password corresponding to the account ID indicated by the watermarked two-dimensional code imaged by the imaging unit 21 from the account DB 230. Subsequently, the control unit 24 generates a response code by synthesizing the challenge code indicated by the challenge two-dimensional code and the password detected from the account DB 230 according to a predetermined algorithm. Then, the control unit 24 performs challenge / response authentication by comparing the generated response code with the response code indicated by the response two-dimensional code captured by the imaging unit 21 to determine whether or not they match. What should I do?

  The control unit 15 may generate a response two-dimensional code by embedding a response code as a digital watermark in a frequency component of a general-purpose two-dimensional code indicating an account ID or a two-dimensional code with a logo. In this case, the authentication device 20 stores the account ID and the password in the account DB 230 of the storage unit 23 in association with each other. In the authentication process, the control unit 24 detects the password corresponding to the account ID indicated by the response two-dimensional code imaged by the imaging unit 21 from the account DB 230. Subsequently, the control unit 24 generates a response code by synthesizing the challenge code indicated by the challenge two-dimensional code and the password detected from the account DB 230 according to a predetermined algorithm. Then, the control unit 24 determines whether or not a response code that matches the generated response code can be extracted from the still image data of the response two-dimensional code obtained by imaging in the imaging unit 21. Response authentication may be performed.

  In the third embodiment, in the authentication device 10, the control unit 15 generates a response code by combining the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm. As explained. However, the present invention is not limited to this, and the control unit 15 generates a response code by synthesizing the read challenge code and the password corresponding to the account ID according to a predetermined algorithm. May be. In this case, the authentication device 20 stores the account ID and the password in the account DB 230 of the storage unit 23 in association with each other. In the authentication process, the control unit 24 detects a password corresponding to the account ID indicated by the time-synchronized two-dimensional code or the response two-dimensional code captured by the imaging unit 21 from the account DB 230. Subsequently, the control unit 24 generates a response code by synthesizing the challenge code indicated by the challenge two-dimensional code and the password detected from the account DB 230 according to a predetermined algorithm. Then, the control unit 24 determines whether or not a response code that matches the generated response code can be extracted from the still image data of the response two-dimensional code obtained by imaging in the imaging unit 21. Response authentication may be performed.

  In the fourth embodiment, in the authentication device 10, the control unit 15 generates a response code by combining the read challenge code and the account ID stored in the storage unit 14 according to a predetermined algorithm. As explained. However, the present invention is not limited to this, and the control unit 15 generates a response code by synthesizing the read challenge code and the password corresponding to the account ID according to a predetermined algorithm. May be. In this case, the authentication device 20 stores the account ID and the password in the account DB 230 of the storage unit 23 in association with each other. In the authentication process, the control unit 24 detects the password corresponding to the account ID indicated by the response two-dimensional code imaged by the imaging unit 21 from the account DB 230. Subsequently, the control unit 24 generates a response code by synthesizing the challenge code indicated by the challenge two-dimensional code and the password detected from the account DB 230 according to a predetermined algorithm. Then, the control unit 24 determines whether or not a response code that matches the generated response code can be extracted from the still image data of the response two-dimensional code obtained by imaging in the imaging unit 21. Response authentication may be performed.

  In the first, third, and fourth embodiments, the challenge two-dimensional code includes a cell having a lightness less than a predetermined lightness (for example, a black cell) and a cell having a lightness that is equal to or higher than a predetermined lightness (for example, a white cell) The distribution pattern is described as comprising a general-purpose two-dimensional code indicating a challenge code. However, the present invention is not limited to this, and the challenge two-dimensional code is similar to the logo-added two-dimensional code 30, the area of the logo below the predetermined brightness and the cell below the predetermined brightness, and the predetermined logo of the logo. It may be constituted by a two-dimensional code with a logo indicating a challenge code depending on a distribution pattern of a region having a lightness or higher and a cell having a predetermined lightness or higher. The challenge two-dimensional code may be generated, for example, by embedding a challenge code as a digital watermark in a general-purpose two-dimensional code indicating an account ID or a two-dimensional code with a logo.

  In the first, third, and fourth embodiments, the imaging unit 12 is provided on the same surface as the display unit 11 and the main camera provided on the surface of the terminal device 10 opposite to the display unit 11. When performing challenge / response authentication, the front camera is used to image the challenge two-dimensional code. In this way, unlike the case where the main camera is used, the surface of the terminal device 10 on which the display unit 11 and the front camera are provided is displayed on the imaging unit 21 of the authentication device 20 without inverting the terminal device 10. Because it is possible to perform challenge-response authentication simply by enforcing, it is possible to perform authentication at high speed. Further, even if there is an authentication failure for some reason, challenge / response authentication can be easily repeated.

  In the second and fourth embodiments, the time synchronization two-dimensional code has been described as being generated by embedding a one-time password as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID. However, the present invention is not limited to this, and the time synchronization two-dimensional code is generated by embedding a one-time password as a digital watermark in a frequency component of a general-purpose two-dimensional code indicating an account ID. May be. In addition, the time-synchronized two-dimensional code is a one-time password based on the distribution pattern of an area below a predetermined brightness and a cell below a predetermined brightness in a logo, and an area above a predetermined brightness and a cell above a predetermined brightness in the logo. It may be shown. Alternatively, the time-synchronized two-dimensional code uses a one-time password based on a distribution pattern of cells having a predetermined lightness (for example, black cells) and cells having a predetermined lightness or higher (for example, white cells) among a plurality of cells. It may be shown. In this case, the time synchronization two-dimensional code may be generated by embedding an account ID as a digital watermark in a frequency component of a general-purpose two-dimensional code indicating a one-time password or a two-dimensional code with a logo, for example.

  In the third and fourth embodiments, the response two-dimensional code is described as being generated by embedding a response code as a digital watermark in the frequency component of the logo-added two-dimensional code 30 indicating the account ID. However, the present invention is not limited to this, and the response two-dimensional code is generated by embedding a response code as a digital watermark in the frequency component of a general-purpose two-dimensional code indicating an account ID. Also good. In addition, the response two-dimensional code indicates a response code by a distribution pattern of an area of the logo that is less than the predetermined brightness and a cell that is less than the predetermined brightness, and an area of the logo that is greater than the predetermined brightness and a cell that is greater than the predetermined brightness. It may be. Alternatively, the response two-dimensional code indicates a response code by a distribution pattern of cells having a predetermined lightness (for example, black cells) and cells having a predetermined lightness or higher (for example, white cells) among a plurality of cells. It may be. In this case, the response two-dimensional code may be generated by embedding an account ID as a digital watermark in a frequency component of a general-purpose two-dimensional code or a two-dimensional code with a logo.

  In the first to fourth embodiments, the two-dimensional code 30 with a logo to be embedded is described as being still image data. However, the present invention is not limited to this, and the logo to be embedded is attached. The two-dimensional code 30 may be moving image data as described in, for example, Japanese Patent Application Laid-Open Nos. 2012-14626, WO2009 / 072363, and WO2010 / 097989. In this case, watermark data embedded as a digital watermark may be accompanied by a time change or may not be accompanied by a time change. A technique for embedding a digital watermark in moving image data is described in, for example, WO 2007/015452. In this specification, the specifications, claims, and entire drawings of Japanese Patent Application Laid-Open Nos. 2012-14662, WO2009 / 072363, WO2010 / 097989, and WO2007 / 015452 are incorporated by reference.

  In the first to fourth embodiments, the embedding target logo-added two-dimensional code 30 superimposes cell dots having a predetermined lightness or higher on a portion of the logo mark having a predetermined lightness or higher, while Cell dots of a predetermined brightness or higher are superimposed on the portion of less than the predetermined brightness, and the portion of the cell dots and logo marks having a predetermined brightness or higher of the cell dots and the logo mark of the predetermined brightness or higher and less than the predetermined brightness of the cell dots and logo marks of the predetermined brightness or lower. In the above description, the account ID is indicated by the distribution pattern (see Japanese Patent Application Laid-Open No. 2008-15642, for example). However, the present invention is not limited to this, and one or more colors of optical characteristics recognized as “0” by a general-purpose two-dimensional code reader and optical characteristics recognized as “1”. Any information can be applied as long as it expresses predetermined information using one or a plurality of colors. For example, a cell having a predetermined brightness or higher (brightness recognized as “1” by a general-purpose two-dimensional code reader) is superimposed on a logo mark having a brightness lower than a predetermined brightness (brightness recognized as “0” by a general-purpose two-dimensional code reader). In addition, the account ID may be indicated by the distribution pattern of the cell and the portion of the logo mark where the cell is not overlapped (see, for example, JP-A-2007-287004). In this specification, the specifications, claims, and entire drawings of Japanese Patent Application Laid-Open Nos. 2007-287004 and 2008-15642 are incorporated by reference.

  In the first to fourth embodiments, the QR code (registered trademark) is exemplified as the two-dimensional code. However, the present invention is not limited to this, and the two-dimensional code includes a data matrix, an aztec code. Other matrix type two-dimensional codes such as code one, array tag, box graphic code, maxi code, peri code, soft strip, CP code, carla code, and ultra code may be used. Alternatively, a stack type two-dimensional code in which one-dimensional barcodes such as PDF417, code 49, code 16k, and coder block are vertically stacked may be used.

  In the first to fourth embodiments, the program executed by the CPU of the control unit 15 has been described as being stored in advance in the ROM, the storage unit 14 or the like. Further, the program executed by the CPU of the control unit 24 has been described as being stored in the ROM, the storage unit 23, or the like in advance. However, the present invention is not limited to this, and by applying a program for executing the above-described processing to a general-purpose terminal device such as an existing smartphone, a tablet, or a personal computer, a framework, a workstation, etc. The terminal device 10 and the authentication device 20 according to the first to fourth embodiments may function.

  A method for providing such a program is arbitrary. For example, the program may be stored and distributed on a computer-readable recording medium (flexible disk, CD (Compact Disc) -ROM, DVD (Digital Versatile Disc) -ROM, etc.). Alternatively, the program may be stored in a storage on a network such as the Internet and provided by downloading it.

  Further, when the above processing is executed by sharing an OS (Operating System) and an application program, or by cooperation between the OS and the application program, only the application program may be stored in a recording medium or storage. It is also possible to superimpose a program on a carrier wave and distribute it via a network. For example, the program may be posted on a bulletin board (BBS: Bulletin Board System) on the network, and the program may be distributed via the network. Then, this program may be activated and executed in the same manner as other application programs under the control of the OS, so that the above processing can be executed.

  It should be noted that the present invention can be variously modified and modified without departing from the broad spirit and scope of the present invention. The above-described embodiment is for explaining an example of the present invention and does not limit the scope of the present invention.

DESCRIPTION OF SYMBOLS 1 Authentication system 10 Terminal apparatus 11 Display part 12 Imaging part 13 Operation part 14 Storage part 15 Control part 20 Authentication apparatus 21 Imaging part 22 Display part 23 Storage part 24 Control part 30 Two-dimensional code with logo 31 Two-dimensional code 33 Watermark still image Data 34 Watermark still image data 230 Account DB

Claims (17)

An image in which a watermark is embedded is composed of the same still image data, and watermark data that changes with the passage of time is embedded as a digital watermark.
A watermarked two-dimensional code. Using the three-dimensional frequency analysis such as discrete wavelet transform and discrete cosine transform, each frame image data and code data constituting the watermark data are embedded in the frequency component of the two-dimensional code to be embedded, Generated as moving image data composed of the two-dimensional code in which the frame image data and the code data are embedded in a frequency component,
The watermarked two-dimensional code according to claim 1. AC coefficient data and / or DC coefficient data obtained by performing one-dimensional discrete cosine transform on time-series coefficient data in a specific frequency component of the two-dimensional code of each frame to be embedded using pseudo three-dimensional discrete cosine transform Embedded in code data constituting the watermark data, and generated as moving image data composed of the two-dimensional code in which the code data is embedded in the AC coefficient data and / or DC coefficient data.
The watermarked two-dimensional code according to claim 1. The watermark data is a one-time password generated according to a predetermined rule.
The watermarked two-dimensional code according to any one of claims 1 to 3. A terminal device for generating a first one-time password according to a predetermined rule and displaying a two-dimensional code including the first one-time password;
One-time password acquisition means for acquiring the first one-time password from the two-dimensional code displayed on the terminal device; and second one-time password generation means for generating a second one-time password according to the predetermined rule; An authentication device comprising: authentication means for performing authentication by determining whether or not the first one-time password and the second one-time password match;
An authentication system comprising: The terminal device generates a first time synchronization one-time password based on a current time as the first one-time password according to a first rule of the predetermined rules, and includes the first time synchronization one-time password Display the time synchronization two-dimensional code,
The one-time password acquisition means acquires the first time synchronization one-time password from the time synchronization two-dimensional code displayed on the terminal device,
The second one-time password generating means generates a second time-synchronized one-time password based on a current time as the second one-time password according to the first rule;
The authentication means includes first authentication means for performing authentication by determining whether or not the first time synchronization one-time password and the second time synchronization one-time password match.
The authentication system according to claim 5. The authentication device
A challenge two-dimensional code generation means for generating a challenge two-dimensional code including a challenge code when the first authentication means determines that the first time synchronization one-time password and the second time synchronization one-time password do not match; ,
Challenge two-dimensional code display means for displaying the challenge two-dimensional code;
Further comprising
The terminal device uses, as the first one-time password, a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device in accordance with a second rule of the predetermined rules. Generating and displaying a response two-dimensional code including the first response code;
The one-time password acquisition means acquires the first response code from the response two-dimensional code displayed on the terminal device,
The second one-time password generating means generates a second response code corresponding to the challenge code as the second one-time password according to the second rule,
The authentication means includes second authentication means for performing authentication by determining whether or not the first response code and the second response code match.
The authentication system according to claim 6. The terminal device displays a watermarked two-dimensional code in which watermark data is embedded as a digital watermark,
The authentication device further includes an extraction determination unit that performs authentication by determining whether the watermark data has been extracted from the watermarked two-dimensional code displayed on the terminal device,
The terminal device generates the first time synchronization one-time password when it is determined by the extraction determination means that the watermark data could not be extracted.
The authentication system according to claim 6 or 7, wherein In the two-dimensional code, the first one-time password is embedded as a digital watermark,
The one-time password acquisition means acquires the first one-time password embedded as a digital watermark from the two-dimensional code displayed on the terminal device.
The authentication system according to any one of claims 5 to 8, wherein: The first one-time password is periodically updated.
The authentication system according to any one of claims 5 to 9, wherein An authentication device comprising: a challenge two-dimensional code generating means for generating a challenge two-dimensional code including a challenge code; and a challenge two-dimensional code display means for displaying the challenge two-dimensional code;
A terminal device that generates a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device according to a predetermined rule, and displays the response two-dimensional code including the first response code When,
Comprising
The authentication device
Response code acquisition means for acquiring the first response code from the response two-dimensional code displayed on the terminal device;
Response code generating means for generating a second response code corresponding to the challenge code according to the predetermined rule;
Authentication means for performing authentication by determining whether or not the first response code and the second response code match;
An authentication system further comprising: The terminal device displays a watermarked two-dimensional code in which watermark data is embedded as a digital watermark,
The authentication device further includes an extraction determination unit that performs authentication by determining whether the watermark data has been extracted from the watermarked two-dimensional code displayed on the terminal device,
The challenge two-dimensional code generation means generates the challenge two-dimensional code when it is determined that the watermark data could not be extracted by the extraction determination means.
The authentication system according to claim 11. In the watermarked two-dimensional code, the watermark data that changes over time is embedded as a digital watermark.
The authentication system according to claim 8 or 12, wherein: Authentication is performed by determining whether or not the watermark data has been extracted from the watermarked two-dimensional code in which watermark data that changes over time is embedded as a digital watermark.
An authentication method characterized by that. The terminal device generating a first one-time password according to a predetermined rule;
The terminal device displaying a two-dimensional code including the first one-time password;
A one-time password acquisition step in which an authentication device acquires the first one-time password from the two-dimensional code displayed on the terminal device;
A second one-time password generating step in which the authentication device generates a second one-time password according to the predetermined rule;
An authentication step in which the authentication device performs authentication by determining whether or not the first one-time password and the second one-time password match; and
An authentication method comprising: A challenge two-dimensional code generation step, wherein the authentication device generates a challenge two-dimensional code including a challenge code;
A challenge two-dimensional code display step in which the authentication device displays the challenge two-dimensional code;
A terminal device generating a first response code corresponding to the challenge code acquired from the challenge two-dimensional code displayed on the authentication device according to a predetermined rule;
The terminal device displaying a response two-dimensional code including the first response code;
A response code acquisition step in which the authentication device acquires the first response code from the response two-dimensional code displayed on the terminal device;
A response code generating step in which the authentication device generates a second response code corresponding to the challenge code according to the predetermined rule;
An authentication step in which the authentication device performs authentication by determining whether or not the first response code and the second response code match; and
An authentication method comprising: In the computer of the authentication device,
One that generates a first one-time password according to a predetermined rule, and obtains the first one-time password from the two-dimensional code displayed on the terminal device that displays the two-dimensional code including the first one-time password. Time password acquisition procedure;
A second one-time password generation procedure for generating a second one-time password according to the predetermined rule;
An authentication procedure for performing authentication by determining whether or not the first one-time password and the second one-time password match;
A program for running