JP2023177613A - Security document and verification method of security document - Google Patents

Abstract

To provide a security document that is extremely difficult to counterfeit or alter and guarantees the authenticity.SOLUTION: The security document is formed on a base material by forming a plurality of pieces of information on the base material, calculating a summary value by concatenating the plurality of pieces of information, and encoding the summary value into a machine-readable code. And an authenticity verification method is provided that determines the authenticity by comparing the summary value of information formed on the security document and the information decoded from the machine-readable code.SELECTED DRAWING: Figure 2

Description

The present invention is a technique for preventing fraud in security documents such as banknotes, passports, IDs, qualifications, securities, etc., and particularly relates to a method for detecting and verifying tampering and falsification using machine-readable codes.

Document fraud, such as forgery, imitation, alteration, and falsification of security documents using digital devices such as scanners, printers, and color copiers, has become a social problem. Although it is difficult to define and classify these types of document fraud, in general, "counterfeiting" refers to the production of counterfeits that have similar appearance and characteristics to genuine products using materials equivalent to the genuine product. "Counterfeiting" means making a counterfeit product that has only a similar appearance to the genuine product without necessarily using the same materials as the genuine product, and "alteration" means making a fake product that has a similar appearance to the genuine product without necessarily using the same materials as the genuine product. ``falsification'' refers to the creation of a fake by replacing a part of the document with a genuine or fake item, and ``tampering'' refers to the creation of a fake by erasing, adding to, or rewriting the written information or printed design on the face of the document. (See Non-Patent Document 1).

As a countermeasure against these document frauds, "secure printing technology" is available. Characteristics of this technical field include the difficulty of producing prints using general commercial printing and the possibility of verifying the uniqueness of the original document (ability to determine authenticity). Authenticity determination includes, for example, measures against unauthorized falsification of the name of the holder of an ID document such as a passport. Tampering countermeasures using security printing technology are known as conventional techniques that mainly utilize chemical countermeasures, physical countermeasures, and redundancy of recorded information, which will be described in the next section, by means of detecting tampering traces.

As a chemical countermeasure for tampering detection, for example, in Patent Document 1, a solvent-detecting chemical such as a leuco dye or a phenolic substance is implemented in the printing base material or ink by means such as mixing or milling, and the ink is erased. It is a means of detecting traces of fraudulent activity by detecting the chemical reaction between the solvent used by the intended counterfeiter and the solvent-detecting chemical.

However, since this countermeasure is based on a chemical reaction, it does not work effectively against physical attacks such as peeling off and polishing of the printing layer (ink film) on the surface of the document. Furthermore, since the result of a chemical reaction is observed, depending on the compatibility with the solvent used by the counterfeiter, there may not be a sufficient color change that is perceptible to humans, making it difficult to detect fraud. Further, when the product comes into contact with sweat or everyday chemicals during use, unexpected reactions may occur frequently, or erroneous reactions may occur. Furthermore, the degree of color change due to reaction with a solvent is generally very small, and it is not easy for a general user who is not an expert in determining authenticity with knowledge of analysis and appraisal to judge.

As a physical measure to detect tampering, there is a method of protecting the information written on the face of the document by attaching a fragile film or a strong laminate film. The former works as a deterrent against fraud because the film is easily destroyed by special operations such as replacing the film layer or scratching, and has a mechanism that makes it difficult to repair. The latter makes it difficult to destroy in the first place due to the robustness of the film material, and functions as a proactive measure. These techniques are widely known as a typical technique for preventing the replacement of facial photographs in documents such as card-type IDs, and as a means of forming multiple layers of plastic and forming facial photographs on colored layers provided inside the substrate rather than on the surface of the base material. ing.

However, there are known methods of countermeasures against this problem, such as etching the film layer with a focused ion beam, cutting the surface in microns with a milling machine, and peeling off the film layer. It is also envisaged that the base material may be replaced by peeling off not only the photo area but also the entire layer of the ticket surface. Note that these countermeasures are mainly limited to cards whose printing base material is made of plastic, and cannot be effective measures for security documents made of thin paper base materials.

As other tampering detection countermeasures, for example, Patent Document 2 discloses a technique that utilizes cross-referenceability based on redundancy of written information on the face of a document. As a specific example, there is a method in which the printed name "Printing Taro" in the name column on the face of the document is printed as "Printing Taro" using minute letters in a ground pattern or the like that is the background of the name column. The person who determines the authenticity of a document detects unauthorized falsification by cross-referencing the name printed in the name column and the name in minute letters (approximately 400 microns in height) in the background pattern. .

However, it can function effectively if it is verified by a person skilled in the security printing industry who is familiar with the security specifications of the document face, or by the issuer of the security document concerned, but it cannot be used by ordinary people who do not have special knowledge to determine authenticity. It does not function effectively for the user. Furthermore, assuming that the forger has "knowledge" about the face specifications of the document equivalent to that of a person skilled in the art or the document issuer, the forger can This cannot be considered as a sufficient countermeasure because it is thought that it will be duplicated.

On the other hand, as a countermeasure other than secure printing, there is the use of information security technology. Information security technology involves applying a security mechanism to the "information" itself, which is attached to the face of a document, apart from the physical media of printing ink and base materials. For example, in Patent Document 3, the entire printed page is protected as an approved document, without the need for a special printing device, and even if the entire document is tampered with after the seal has been stamped, the tampering can be prevented. The purpose of the electronic approval information printing device and print verification device is to obtain an electronic approval information printing device and a print verification device that can discover the information, and as a means of solving the problem, the electronic approval information printing device is a public information generation means that generates public information from the private information of the stamp verifier. , a registration means for registering public information in advance in a database, a stamp information generation means for generating stamp information using confidential information for electronic information, and a conversion of stamp information generated by the stamp information generation means into a print format. The apparatus is characterized by comprising a stamp information converting means for converting the stamp information, and a stamp information printing means for printing the stamp information converted by the stamp information converting means. Further, this means also includes a search means for retrieving public information from the database.

Furthermore, in the embodiment in Patent Document 3, since digital signature information using a public key cryptosystem is used as verification information, it is assumed that an online public key authentication infrastructure is used. However, in the event of a natural disaster, there are concerns about ensuring effectiveness in the event of a loss of power or a failure of the certification infrastructure. Furthermore, the security of public-key cryptography relies on mathematical unidirectionality, in which the public key can be easily determined from the private key, but the reverse is extremely difficult, so the absolute confidentiality and maintenance of the private key is impossible. This is necessary, and a large amount of cost will be incurred.

Japanese Unexamined Patent Publication No. 182496/1983 Patent No. 4635160 Patent No. 2875450

ID card face security handbook, National Printing Bureau, February 2019 Yamakoshi et al. , Individuality evaluation for paper based artifact-metrics using transmitted light image, Proceedings Volume 6819, Secur ity, Forensics, Steganography, and Watermarking of Multimedia Contents X; 68190H (2008) Yamakoshi et al. , An artifact-metrics which utilizes laser speckle patterns for plastic ID card surface, Proceedings Volume 7618, Emerg ing Liquid Crystal Technologies V; 76180B (2010)

To summarize the technologies described in Patent Documents 1 and 2, in verifying the uniqueness of a security document, identifying traces of tampering or detecting the presence or absence of tampering requires analytical expert knowledge or familiarity with the security specifications of the document face. Therefore, it was difficult for general users to determine whether there was fraud.

Next, considering the issues with copies taken from the original security document, it is often the case that copies of various certificates such as resident records, passports, driver's licenses, etc. issued by public institutions are It is operated for various permitted uses. Because the base material of copies from original documents changes from special paper with slots, plastic cards, or booklet forms to general-purpose copy paper, it is easy to determine that the copies are not original documents. It is. Furthermore, depending on the performance of the duplicating device, the number of reproduced colors and resolution may be significantly reduced. For copies created under such circumstances, the mechanisms of the techniques disclosed in Patent Documents 1 and 2 do not work, and therefore it is not possible to detect whether or not the written information has been tampered with. As a result, fraudulent acts such as ``copying a tampered original document'' and ``copying a tampered copy'' are occurring frequently in certificate operation sites. These are designed to camouflage signs of tampering or other fraudulent activity through the copying process. Therefore, in addition to a means of verifying the originality (uniqueness) of a submitted security document, a means of verifying the integrity of a copy of the document (no errors or missing information) is required. There is.

Although the technology described in Patent Document 3 is capable of detecting whether or not a copy has been tampered with, it does not function at all in an emergency such as a power loss because it is based on the operation of an online authentication infrastructure and database. Further, although an IC card or a USB memory is assumed as a storage medium for the private key, the same applies when a failure occurs in which these storage media cannot be read. It is also assumed that an attacker (person who attempts document fraud) intentionally causes these defects in order to escape from the above-mentioned regular authentication means.

Furthermore, the technique disclosed in Patent Document 3 cannot guarantee the originality of a document on which desired certification matters are printed. Although there is a trend toward digitization of some security documents such as banknotes, passports, stamps, automobile driver's licenses, and various certificates and qualifications, the originality of the document itself and a means of confirming it are still required, and various security documents are required. It is equipped with advanced technology. Furthermore, it has not been an effective technique for countering "falsification", which is one type of document fraud. For example, intaglio printing, slotting, holograms, etc. are used on banknotes, facial photographs are used on various qualification cards, and IC chips are used on passports to ensure the authenticity of the document (authenticity or genuineness). However, there is a need for countermeasures against creating counterfeits by replacing parts or components of these genuine products with parts of other genuine products or fake products.

The present invention aims to solve the above-mentioned problems, and does not require analytical expert knowledge, familiarity with security design specifications, public information inquiry infrastructure, or concealment/maintenance of confidential information, and allows the creation of original security documents. The purpose of this document is to provide a security document and its verification method that can verify the authenticity, integrity, integrity of the copy, etc.

In the security document according to the present invention, when the unique value extracted from the base material of the security document by an arbitrary method and the information written on the face of the security document are connected to obtain security document information, a summary value of the security document information is calculated, and the summary value of the security document information is calculated. It is characterized by being encoded in the form of a machine-readable code and printed.

The security document verification method according to the present invention connects the unique value extracted from the base material of the security document, which is the document to be verified, with the information written on the face of the card to obtain the security document information of the document to be verified. The method is characterized in that it compares and verifies the summarized value and the decoding result of the machine readable code on the security document that is the document to be verified.

When the base material of a security document is a translucent material such as thin paper or plastic, the unique values extracted from the base material are extracted from the infrared transmitted light pattern obtained when the base material is irradiated with infrared light. It is characterized by a value that is

The security document verification method is that when the base material of the security document that is the document to be verified is a translucent material such as thin paper or plastic, the unique value extracted from the base material is determined by irradiating the base material with infrared light. It is characterized by being a value extracted from an infrared transmitted light pattern obtained from time to time.

If the base material of the security document is an opaque material used in ID cards, etc., the unique value extracted from the base material must be the value extracted from the speckle pattern generated when the base material is irradiated with laser light. It is characterized by

The security document verification method is such that when the base material of the security document that is the document to be verified is an opaque material used in ID cards, etc., the unique value extracted from the base material is generated when the base material is irradiated with laser light. It is characterized by being a value extracted from a speckle pattern.

In the security document according to the present invention, when the security document information is obtained by linking the information read from the security tint pattern printed in advance on the base material of the security document and the information written on the face of the card, a summary value of the security document information is calculated. The security document is characterized in that it is encoded in the form of a machine-readable code and printed on the face of the security document.

The security document information is the security document described in item number [0025], which is information that is a combination of at least the information read from the security tint pattern, the information written on the card, and any information shared in advance between the issuer and the verifier. .

The method for verifying a security document according to the present invention connects information read from a security tint pattern printed in advance on the base material of a security document, which is a document to be verified, with information written on the face of the card. The present invention is characterized in that the summary value calculated from the secure document information is compared and verified with the decoding result of the machine-readable code on the secure document, which is the document to be verified.

The security document information is the security document described in item number [0027], which is information that is a combination of at least the information read from the security tint pattern, the information written on the card, and any information shared in advance between the issuer and the verifier. verification method.

The information read from the security background pattern described in item number [0027] shall be dynamic and/or static information that is normally invisible to the naked eye and made visible in wavelength ranges such as infrared and/or ultraviolet. It is characterized by

The security document verification method described in item number [0028] is characterized by dynamic and/or static information that is normally invisible to the naked eye and made visible in a wavelength range such as infrared and/or ultraviolet. .

The information read from the security tint pattern described in item number [0027] is usually difficult to read with the naked eye and cannot be read using a magnifying glass, an optical filter, changing the viewing angle, observing with transmitted light, or copying with a copy machine. It is characterized by being dynamic and/or static information made readable by.

The security document information described in item number [0025] is a combination of at least the information read from the security background pattern including obfuscated information, the information written on the card, and any information shared in advance between the issuer and the verifier. Security document described in item number [0025] which is information.

The security document verification method described in item number [0027] is usually difficult to read with the naked eye, and can be made readable by using a magnifying glass, an optical filter, changing the viewing angle, observing with transmitted light, or copying with a copy machine. It is characterized by being dynamic and/or static information.

The security document information described in item number [0025] is a combination of at least the information read from the security background pattern including obfuscated information, the information written on the card, and any information shared in advance between the issuer and the verifier. A method for verifying the security document described in item number [0027], which is information.

The information written on the card is characterized in that it includes unique ID information of at least one secure element such as a hologram, RFID, etc. that is mounted in any form such as pasted or included on the base material of the security document.

The machine readable code is characterized in that it is printed so as to overlap with at least one secure element such as the hologram or RFID.

In the present invention, as explained in detail in Non-Patent Document 2, the infrared transmitted light image collected from the substrate is Since it is not possible to reconstitute each of the fine cellulose fibers that make up the material, this could serve as a basis for verifying the uniqueness of the paper base material. Moreover, even if an attacker falsifies a part of the information written on the card, the attacker cannot calculate a genuine summary value, so the verifier can reject the document as a fake document.

In the present invention, as explained in detail in Non-Patent Document 3, the speckle pattern collected from the base material can be used as phase information of the laser light source, even if an attacker is able to illegally obtain the speckle pattern image. Therefore, it is not possible to reconstruct the fine shape of the corresponding substrate surface from the speckle pattern, which is a so-called physically unidirectional function. Therefore, it can serve as a basis for verifying the uniqueness of the base material. Moreover, even if an attacker falsifies a part of the information written on the card, the attacker cannot calculate a genuine summary value, so the verifier can reject the document as a fake document.

In the present invention, even when information that is normally invisible to the naked eye in the security background pattern is used as part of the security document information, it is difficult for an attacker to infer necessary information from the security background pattern that covers almost the entire area of the card. Since it is difficult to calculate the true summary value, the attacker cannot calculate the true summary value. Therefore, the verifier can exclude the document as a fake document.

In the present invention, when generally difficult-to-read information in a security tint pattern is used as part of security document information, the difficult-to-read information of the security document can also be read from a copy made by a copying machine. Therefore, it is possible to detect falsification of the information written on a copy by comparing and verifying the summary value calculated from the security document information including the obfuscated information on the copy and the decoding result of the machine-readable code on the copy. .

The series of verification methods do not require online database queries and can be completed offline, ensuring effectiveness in emergencies. Additionally, since there is no need to hide or maintain secret information equivalent to the private key of an information security system using public key cryptography, it is also superior in operating costs.

Schematic diagram of a security document in the present invention Security document verification flow in the present invention Schematic diagram of a card-type security document according to the present invention A schematic diagram of a security document with a security tint pattern including invisible information according to the present invention Verification flow of security document with security tint pattern according to the present invention A schematic diagram of a security document with a security tint pattern including obfuscation information according to the present invention A schematic diagram of a copy of a security document with a security tint pattern including obfuscation information according to the present invention Schematic diagram of a security document with a security tint pattern including invisible information in Example 1 Schematic diagram of a security document with a security tint pattern including obfuscation information in Example 2 Schematic diagram of a copy of a security document with a security tint pattern including obfuscation information in Example 2 Infrared transmitted light image of recycled paper in the present invention Infrared transmitted light amount profile in the present invention Speckle pattern on the card surface in the present invention Schematic diagram of a speckle pattern photographing device according to the present invention

(Embodiment 1)
FIG. 1 shows a schematic diagram of a security document (1) in the present invention. The security document (1) is composed of a base material (2), a reading area for base material specific values (3), information written on the face of the card (4), and a machine-readable code (5). The base material (2) is not limited to a paper base material such as a sheet of paper, and may be in any form such as a booklet, a plastic card, or a label type sticker. It is assumed that the amount of light can be measured. The base material eigenvalue reading area (3) is shown only as a schematic representation, and may be part or all of the printed ticket surface shown in FIG. Examples of base material eigenvalues include various characteristics such as the degree of entanglement of the cellulose fibers that make up the paper, the luminescence distribution of special luminescent fibers mixed in the papermaking process, the drafting pattern, and the vibration characteristics of the paper. In either case, it indicates the feature quantity that can uniquely identify the individuality of the paper base material. It is determined by taking into account the cost of sampling and measuring data, the suitability of data size, etc. In this embodiment, an example of using an infrared transmitted light pattern imaged by an infrared flatbed scanner, which has excellent resistance to folds, wrinkles, stains, etc. of the base material, will be described. In addition to the document title, document holder, issuer, and certification information, the information written on the card face (4) can include any information that should be protected, such as facial photo information, which is not limited to text information. The detailed specifications of the machine-readable code (5) are determined in consideration of the information amount of the calculated summary value, the error correction rate, etc. The summary value stores a summary calculation result of a data string in which the base material specific value collected by an infrared flatbed scanner at the time of document issuance and the information written on the card face (4) are connected. Here, concatenation means combining multiple data strings that are handled separately into a single data string. According to general mathematical notation, it is written as (Base material eigenvalue | | Information written on the card). The summary value is also called a hash value and is a so-called one-way function. Any one of multiple types of hash functions called SHA, MD5, etc. may be used.

Note that the information stored in the machine-readable code (5) is not necessarily limited to the summary value, but may be the Advanced Encryption Standard (hereinafter referred to as AES), Triple Data Encryption Standard (hereinafter referred to as AES), in which the information written on the card (4) uses the base material unique value as the key. Encrypted data encrypted using a common key encryption method such as 3DES (hereinafter referred to as 3DES) may also be used. In this case, the integrity of the information written on the card (4) can be verified by comparing the encrypted data with the plain text resulting from decoding with the base material unique value.

In this embodiment, no security tint pattern is included; however, if a security tint pattern is included, an infrared transmitted light pattern formed by superimposing the base material (2) and the security tint pattern may be collected and utilized. good. Since minute positional deviations in the conveyance of the substrate by a printing device cannot be controlled manually, the minute positional deviations can be taken as base material specific values.

FIG. 2 shows the verification flow of the security document (1) in the present invention. First, the base material specific value of the document to be verified is input (S1). In principle, it is desirable that the method and equipment used for collecting and measuring the base material eigenvalues at the time of issuing the security document (1) implemented in [0043] be the same. In this embodiment, the same flatbed type scanner whose irradiation light source is in the infrared region is used when issuing a document. Next, the information written on the ticket face (4) is input (S2). This can be done by automatic input technology such as OCR, which is generally available on the market, or by manual input. Next, the base material specific value and the inputted ticket information (4) are connected (S3), and a summary value of the data string is calculated (S4). Next, the reading result (S5) of the machine readable code (5) printed on the security document (1) to be verified is compared with the summary value (S6). If they are the same, they are considered genuine, and if they are different, they are determined to be fake, and the comparison verification process is completed.

As shown in Figure 2, the raw material of the base material (2) is significantly different from the original of the security document (1), such as when the document to be verified is a copy made by a copying machine, and the reading of the base material eigenvalues (S1) is difficult. At the point of failure, a determination that the item is fake can be output and the comparison verification process can be completed.

(Embodiment 2)
FIG. 3 shows a schematic diagram of a card-type security document (6) according to the present invention. The card-type security document (6) consists of a card base material (7), a reading area for card base material specific values (8), information written on the card face (9), a machine-readable code on the card face (10), and a facial photograph (11). configured. The card base material (7) is formed from any opaque raw material such as plastic or paper (cotton fiber), but it is assumed that the surface reflected light can be measured when irradiated with laser light. Ru. The card base material specific value reading area (8) is shown only as a schematic representation, and may be part or all of the printed ticket surface shown in FIG. 3. Moreover, it may overlap with the area to which the facial photograph (11) and the card surface machine-readable code (10) are provided. An example of the base material eigenvalue is minute irregularities on the base material surface that are difficult to detect. In the case of plastic base materials, the fine surface shapes of rolling rolls and molds used in manufacturing processes such as rolling and injection have minute individual differences that cannot be artificially controlled. The surface of the plastic base material also has minute individual differences depending on the individual product and product lot. Differences in microscopic shapes on the surfaces of solids that exceed so-called control limits are used to identify base materials. The fine shape can be measured using any method, such as an enlarged photograph using reflected light from the base material surface or a contrast image of the base material surface taken with a precision scanner, but in this embodiment, a laser is applied to the base material surface. An example of the use of the speckle pattern obtained when irradiating will be described. Speckles are speckled light-dark patterns that occur when coherent light such as a laser is irradiated onto a diffusing surface such as paper, plastic, or metal. This occurs because the light scattered at each point on the diffusion surface interferes with each other in an irregular phase relationship corresponding to the microscopic irregularities on the surface of the card base material (7). Since this speckle pattern is unique to each card-type security document (6), it can be used to uniquely identify the document. The information written on the ticket face (9) can include any information that should be protected, such as the document title, document holder, issuer, certification information, and face photo information (11), which is not limited to text information. The detailed specifications of the card surface machine readable code (10) are determined in the same manner as [0043]. The summary value recorded in the card surface machine-readable code (10) stores the summary calculation result of a data string in which the card base material unique value and the card surface description information (9) are connected.

Note that the information stored in the machine-readable code (10) is not necessarily limited to the summary value, and the information written on the card surface (9) is the value of the information in the card base material unique value reading area (8) (card base material unique value). The encrypted data may be encrypted using a common key encryption method such as AES or 3DES using the key. In this case, the integrity of the information written on the card surface (9) can be verified by comparing it with the plain text of the decryption result using the information (used as a key) in the reading area (8) of the card base material unique value.

The basic configuration of the verification flow (FIG. 5) of the card-type security document (6) in the present invention is the same as that in FIG. 2. In the embodiment of the present invention, to read the unique values of the card base material, a general-purpose diode laser is irradiated onto the surface of the card base material (7), and the generated speckle pattern is imaged with a general-purpose CMOS camera (S1). Next, the information written on the card surface (9) is inputted by automatic input technology such as OCR that is generally available on the market or by manual input (S2), and the unique value of the card base material and the inputted information written on the card surface (9) are connected (S3). , calculates a summary value of the data string (S4). Next, the result of reading (S5) the machine readable code (10) printed on the card-type security document (6) to be verified is compared with the summary value (S6). If they are the same, they are considered genuine, and if they are different, they are determined to be fake, and the comparison verification process is completed.

In addition, the characteristics of the raw material of the card base material (7) are significantly different from the original card-type security document (6), such as when the document to be verified is a crudely duplicated card, and the reading of the base material's unique value (S1) is impossible. It is also possible to output the judgment that it is a fake and finish the comparison verification process.

(Embodiment 3)
FIG. 4 shows a schematic diagram of a security document (12) having a security tint pattern including invisible information according to the third embodiment. A security document (12) with a security tint pattern is composed of a base material (13), a security tint pattern (14) including invisible information, information written on the face of the card (17), and a machine-readable code (18). Here, the details of the base material (13), the information written on the ticket face (17), and the machine-readable code (18) are the same as those described in [0043]. Next, the circular window (16) shown in the partial enlarged view is camouflaged with a security tint pattern (14) containing invisible information, and the printed image with UV luminescent ink is visualized by the UV light source (19). It is an imitation. More specifically, the camouflaged UV luminescent ink image is the string "Secure" (15). Here, the image visualized by the UV light source (19) does not necessarily have to be human-readable information, but may be a machine-readable code (18). In this embodiment, as an example of invisible information, an image printed using UV luminescent ink is used. However, the present invention is not limited to this. Inks in wavelength ranges other than ultraviolet rays that are not sensitive, transparent inks, images with low brightness on substrates with high whiteness (13), use of glossy/non-glossy inks, emboss printing without ink, etc. on substrates (13) It may be applied by processing, etc. Although various embodiments are envisioned for the method of adding invisible information, it is generally assumed that the invisible information cannot be visually recognized with the naked eye and cannot be reproduced by copying with a copying machine.

Note that the information stored in the machine-readable code (18) is not necessarily limited to the summary value, but the information written on the ticket (17) can be converted to a common key encryption such as AES or 3DES using the character string "Secure" (15) as a key. It may also be encrypted data that is encrypted using an encryption method. In this case, the integrity of the information written on the card (17) can be verified by comparing it with the plain text of the decryption result using the character string "Secure" (15) (used as a key).

Note that when the invisible information is reproduced in a visible form by copying with a copying machine, the above-described function of detecting tampering with the information written on the card (17) in the copy produced by the copying machine is realized.

FIG. 5 shows a verification flow of a security document (12) with a security background pattern according to the present embodiment. The only difference from the verification flow shown in FIG. 2 is the reading of invisible information from the security background pattern (14) containing invisible information (S7), and the processes other than (S7) are the same.

The verification flow for a security document (12) with a security background pattern is to first convert the invisible information in the security background pattern (14) containing invisible information into visible information by irradiating it with a UV light source (19), and convert the visible information into arbitrary information. Read by method. Next, the information written on the ticket (17) is input (S2) by automatic input technology or manual input. Next, the visible information and the inputted ticket information (17) are connected (S3), and a summary value of the data string is calculated (S4). Next, the reading result (S5) of the machine readable code (18) printed on the security document (12) with the security background pattern to be verified is compared with the summary value (S6). If they are the same, they are considered genuine, and if they are different, they are determined to be fake, and the comparison verification process is completed.

As shown in FIG. 5, if the invisible information in the security tint pattern (14) containing invisible information is not made visible by irradiation with the UV light source (19) (S7), a determination that it is a fake is output and a comparison verification process is performed. processing can be completed.

(Embodiment 4)
FIG. 6 shows a schematic diagram of a security document (20) provided with a security background pattern including obfuscation information according to the present invention. A security document (20) with a security background pattern including obfuscated information is a security document (20) that includes a base material (21), a security background pattern (22) including obfuscated information, information written on the face of the card (23), and a machine-readable code (24). configured. Here, the security tint pattern (22) including obfuscation information has obfuscation information (25) in more detail. The difficult-to-read information (25) is usually information such as characters, symbols, figures, designs, etc. that are difficult to see and read with the naked eye. The difficult-to-read information (25) in this embodiment corresponds to copy check pattern characters such as those described in Japanese Patent No. 3268418. In the original security document, the copy check pattern characters are designed to have the same average dot ratio between the check pattern area and the background pattern area from both security and aesthetic perspectives, and from a macroscopic perspective, the perception of a difference in shade occurs. This is suitable as the embodiment because it is designed for maximum obfuscation so as to prevent it from happening. In the copy check pattern, as shown in the schematic diagram of the copy (FIG. 7), the characters "NPB" (26) are clearly displayed as a warning message to the attacker, making it easily readable. Here, regarding the visibility or readability quality of the difficult-to-read information (25) in the copy, it is sufficient that the information remains in the copy and can be visually recognized at most. Other examples of difficult-to-read information (25) include various latent images in which a specific pattern becomes visible only when the viewing angle is changed, and a specific pattern that becomes visible only when a specific optical filter is superimposed. Various latent images that are visualized, special indentations that are visible even under reflected light (reflected images can be copied), holograms (specific fixed images appear on copies), character height 400 microns There are small letters before and after.

Note that, for example, when using small characters as a means for adding the difficult-to-read information (25), depending on the resolution of the copy machine, the small characters may not remain sufficiently and may not be visible. In this case, the security ground pattern (22) containing the obfuscable information may be shared between the document issuer and the verifier in advance or by other means that can sufficiently remain in the copy. Redundancy is desirable.

Note that the information stored in the machine-readable code (24) is not necessarily limited to the summary value, and the information written on the ticket (23) can be encrypted with a common key such as AES or 3DES using the value of the obfuscation information (25) as a key. Encrypted data encrypted using a method may also be used. In this case, the integrity of the information written on the card (23) can be verified by comparing it with the plain text of the decryption result using the value of the obfuscation information (25) (used as a key). Similarly, verification by encryption and decryption using a common key encryption method such as AES or 3DES using a value of information shared in advance between the document issuer and the verifier as a key is also possible.

Using FIG. 5, a verification flow of a copy of a security document (20) having a security tint pattern including obfuscation information in this embodiment is shown. It is the same as [0056] except that in S7, difficult-to-read information (25) is read instead of invisible information. In S6, the summary value and the information in the machine-readable code (24) are compared and verified, and if they are the same, it means that the information written on the card (23) has not been tampered with, and if they are different, the information written on the card (23) has been tampered with. It is possible to detect In the document verification flow, first, the obfuscated information (25) in the security background pattern (22) containing the obfuscated information is read using an arbitrary method. Next, the information written on the ticket (23) is input (S2) by automatic input technology or manual input. Next, the difficult-to-read information (25) and the inputted ticket information (23) are connected (S3), and a summary value of the data string is calculated (S4). Next, the reading result (S5) of the machine-readable code (24) printed on the security document (20) with the security tint pattern including the obfuscated information to be verified is compared with the summary value (S6). do. If they are the same, they are considered genuine, and if they are different, they are determined to be fake, and the comparison verification process is completed.

As shown in Figure 7, if the obfuscated information (25) in the security background pattern (22) that includes obfuscated information cannot be read (S7), a determination that it is a fake or a copy is output and a comparison verification is performed. You can also complete the process. Furthermore, if the verification target is a copy and the obfuscation information (25) can be read, the process continues, and if the summary value and code information are verified (S6), it is determined that there is no tampering if they are the same. If they are different, it can be verified that they have been tampered with.

(Example 1)
An embodiment of the present invention will be described using a schematic diagram (28) of a security document to which an RFID label having a unique ID is attached. The security document in this example includes the information written on the ticket (29) (the characters "Print Taro" and "876543"), the RFID (30) as an example of a secure element having a unique ID, and the unique ID of the RFID (31) ( (The numbers "233445" are visualized for convenience), invisible information embedded in the security tint pattern that cannot be seen with the naked eye (32) (letters "KEY123"), RFID (30) and a machine-readable code printed in the form of a tick mark ( 33). The invisible information (32) used in this embodiment is small characters with a character height of about 280 um or less.

Next, a description will be given of what kind of document information summary value is actually calculated, encoded into the machine-readable code (33), and stored. The above-mentioned information is a character string that connects the information written on the ticket (29), the RFID unique ID (31), and the invisible information (32), and mathematically, it is (Print Taro 876543 | | 233445 | | KEY123) = "Print Taro 876543233445KEY123" (spaces are significant here). Next, the character string is converted into a byte array using UTF-8 (character encoding format), and then a summary value consisting of a 256-bit binary string is calculated using the summary value function "SHA256". When converting the summary value into a character string in hexadecimal notation in order to encode it into a machine-readable code (for example, QR code (registered trademark) or code 128), it becomes "1f5048fe0778829856b56b634946c305029d74495e3e6855ff804654634d02af". That is, a character string in hexadecimal notation is encoded and stored in the machine readable code (33).

As a first embodiment of the present invention, a method for verifying a security document to which an RFID label having a unique ID shown in FIG. 8 is attached will be described. Here, it is assumed that in the security document to be verified, the characters ``Print Taro'' in the name field have been illegally altered to ``Print Hanako'' by an attacker. The document verifier reads the invisible information (32) "KEY123" using a method previously shared with the document issuer, such as using a magnifying glass with a predetermined magnification and light source specifications. Similarly, a predetermined RFID reader reads out the RFID unique ID (31) "233445" stored in the RFID (30) attached to the face of the ticket. Connect the read information and the information written on the ticket (29) "Print Hanako 876543" in the same order as when creating the document, calculate the summary value in SHA256 using any existing method, and convert it to a string in hexadecimal notation. do. “The resulting character string is “b7a2772e39a1f6ecf230ccad7ab9a9d2dd7c5eba348c797e14e5a8e16515e9f3.” Next, the summary value "1f5048fe0778829856b56b634946c305029d74495e3e6855ff804654634d02af" stored in the machine readable code (33) printed on the ticket surface and the obtained character string "b7a2772e39a1f6ecf230ccad7ab 9a9d2dd7c5eba348c797e14e5a8e16515e9f3", it is possible to verify the presence or absence of tampering.

Furthermore, even if an attacker is able to falsify the information written on the card (29) as desired, he or she may be able to obtain invisible information that can only be visualized and read using a method shared in advance with the document issuer. Therefore, it is not possible to calculate a true summary value. In addition, even if the attacker preserves the information written on the ticket (29) as authentic and only replaces the unique ID (31) of the RFID by replacing the RFID (30), the authentic summary value can be calculated. This makes it possible to verify secure documents. Furthermore, since the RFID (30) has a machine readable code (33) in which the summary value is stored printed in the form of a tally mark, it has a physical deterrent effect against unauthorized replacement of the RFID (30).

(Example 2)
Embodiment 2 of the present invention will be described using a schematic diagram of a security document (34) on which a security background pattern including obfuscated information shown in FIG. 9 is printed. In this example, the security document (34) on which the security tint pattern including the obfuscated information is printed includes the information written on the card (35) (the characters "Print Taro" and "876543"), the machine-readable code (36) and the security document (34). It is composed of difficult-to-read information "NPB" (37) in the background pattern. Here, the difficult-to-read information "NPB" (37) is a so-called copy prevention pattern published in Japanese Patent No. 3268418, etc., and is optically copied by a copying machine or by a lenticular lens in a parallel line pattern. It has characteristics that can be decoded and visualized.

Next, a description will be given of what kind of document information summary value is calculated, encoded into a machine readable code (36), and stored. The above-mentioned information is a character string that is a concatenation of the information written on the ticket (35) and the difficult-to-read information "NPB" (37) in the security background pattern, and (Print Taro 876543 | | NPB) = "Print Taro 876543 NPB". Written. Next, after converting the character string into a byte array using UTF-8, a summary value consisting of a 256-bit binary string is calculated using the summary value function "SHA256", and in order to convert it into machine-readable code, the character string is expressed in hexadecimal notation. When converted into a column, it becomes "d920b22d2c86a206037ea22eafac965f90dc62f121799a9ba3f7c0d609a87886". The character string in hexadecimal notation is encoded and stored in the machine readable code (36).

As a second embodiment of the present invention, a copy (or equivalent to a tampered copy of the copy) (38) of the tampered document shown in FIG. 34) method for verifying copies will be explained. Here, it is assumed that in the copy to be verified (38), the characters "Printing Taro" in the name column have been altered to "Printing Hanako" (39) by an attacker. The document verifier reads out the information written on the ticket (35) and the obfuscated information "NPB" (40) that has become apparent through copying with a copying machine, connects them in the same order as when creating the document, and uses any existing method. A summary value using SHA256 is calculated and converted into a hexadecimal character string. The resulting character string is "bfd81286fc689897dfb42ad094e376b686a2b3318b13cd75c0484b365c54f2f1." Next, the summary value "d920b22d2c86a206037ea22eafac965f90dc62f121799a9ba3f7c0d609a87886" stored in the machine readable code (36) printed on the ticket surface and the obtained character string "bfd81286fc689897dfb42ad094 e376b686a2b3318b13cd75c0484b365c54f2f1", it is possible to verify the presence or absence of tampering.

Note that, in order to further enhance security, the document issuer can also calculate and use a summary value after concatenating other pre-shared information in addition to the obfuscation information.

(Example 3)
Figure 11 shows an infrared transmitted light image of 400 × 400 (pixels) taken from an area of approximately 25 × 25 (mm) of a thin paper base material used for security documents, and the amount of transmitted light of a part of it is 8 bits. FIG. 12 shows a profile displayed at a depth of . The detailed conditions of the paper base material and device used to collect the images are: Paper brand: PPC100 (recycled paper for copy machines), manufactured by Kishu Paper Co., Ltd., basis weight 65 g/m ² , infrared scanner (flatbed type): It is IR4000, made by iMeasure, uses a wavelength of 940 nm, has a resolution of 400 DPI, and has a depth of 8 bits. The unique value extracted from the infrared transmitted light image corresponds to the invisible information of Example 1 or the difficult-to-read information of Example 2, and can be used to calculate the summary value.

(Example 4)
An image of a speckle pattern generated when laser irradiation is applied to the surface of a card base material used for a card-type security document (FIG. 13) and a schematic diagram of its imaging device (FIG. 14) are shown. The specks pattern photographing device uses a general-purpose laser light source (42) installed to vertically irradiate a card-type security document (45) placed on a measurement stage through two convex lenses (41). ) (SMLX-D13, Kiko Giken, wavelength 675 nm, output 6.8 mw, irradiation size 8 x 2 mm), and a general-purpose CMOS camera (43 ) (DMK-41AF02, imaging source, pixel size: 4.65um, number of pixels: 1280 x 960 PIX). A 670 nm bandpass filter (44) or the like is attached to the CMOS camera to block environmental light. The unique value extracted from the photographed image of the speckle pattern corresponds to the invisible information of the first embodiment or the difficult-to-read information of the second embodiment, and can be used to calculate the summary value.

1 Security document 2 Base material 3 Base material specific value reading area 4 Card face information 5 Machine readable code 6 Card type security document 7 Card base material 8 Card base material specific value reading area 9 Card face information 10 Card face machine readable code 11 Face photo 12 Security document 13 with a security background pattern including invisible information Base material 14 Security background pattern including invisible information 15 Schematic diagram of information visualized by UV luminescent ink 16 Schematic diagram of UV irradiation area 17 Information written on the ticket face 18 Machine-readable code 19 UV light source 20 Security document 21 with a security background pattern including difficult-to-read information Base material 22 Security background-inhibit pattern 23 including difficult-to-read information Information on the card face 24 Machine-readable code 25 Hard-to-read information 26 Schematic diagram of a copy 27 Warning message characters “NPB”
28 Schematic diagram of security document with RFID label affixed 29 Information written on the card 30 RFID
31 Unique ID “233445” visualized for convenience
32 Invisible information 33 Machine-readable code similar to a tick mark 34 Security document 35 printed with a security ground pattern that includes difficult-to-read information 36 Information written on the ticket face 36 Machine-readable code 37 Hard-to-read information “NPB”
38 Schematic diagram of a copy of a falsified document 39 Information falsified as “Printing Hanako” 40 Revealed difficult-to-read information “NPB”
41 Two convex lenses 42 Laser light source 43 CMOS camera 44 Bandpass filter (670nm)
45 Card-type security document 46 Showing 30 degree angle

Claims (5)

At least a portion of the base material has the first information and the information written on the card,
i) A summary value of information that is a combination of the first information and the information written on the card; and ii) A machine readable machine that encodes either one of the encrypted data obtained by encrypting the information written on the card using the first information as a key. A security document having at least one code,
The first information is
A security document characterized by at least one selected from iii) a base material eigenvalue extracted from the base material, iv) invisible information, and v) obfuscation information. In the machine readable code, second information is further connected to the first information,
The second information is
vi) Any information shared in advance by the issuer of the security document and the verifier vii) Information formed on a hologram attached to or included in the base material viii) Information recorded on an RFID attached to or included in the base material The security document according to claim 1, characterized in that the security document is at least one selected from information. In the case of vii) and/or viii) in claim 2, the security document according to claim 2, wherein the machine readable code is formed at a position overlapping either the hologram or the RFID, or both. . A verification method including detecting tampering with a security document according to any one of claims 1 to 3,
Calculation means for calculating the summary value formed on the security document;
decoding means for decoding the machine readable code formed on the security document;
A method for verifying a security document, characterized in that the summary value obtained by the summary value calculation means and the information obtained by the decoding means are compared and verified to perform verification including tampering detection. A verification method including detecting tampering with a security document according to any one of claims 1 to 3,
A security document verification method comprising decoding the machine-readable code and comparing and collating information obtained by decoding the encrypted data with the information written on the ticket face to perform verification including tampering detection.

Images