JP4638204B2 - Authentication system and authentication device - Google Patents

Description

The present invention relates to a technique for performing personal authentication using the information terminal device.

  The spread of digital cameras in recent years has surpassed conventional film cameras, and everyone has possessed them, and has permeated everyday life. In addition, the digital information society is improving convenience and our lifestyle. However, on the other hand, crimes due to impersonation, falsification, and unauthorized use are increasing.

  Preventing such negative acts is also a demand of the times, and ensuring security is an urgent need. In addition, various types of software have been developed for security on communication networks such as the Internet, but it is not sufficient.

  Therefore, there is a demand for a system that can transmit a personal authentication pattern based on biometrics from a mobile phone or digital camera possessed by an individual person and ensure security.

For example, in the past, identity authentication usually used passwords and random number generators. Recently, devices using biometrics that recognize fingerprints, irises, voices, human face contours, and DNA patterns have been commercialized. In addition to applying these technologies, not only authenticating the person on the mobile terminal device, but also transmitting such biometric data to another authentication device and authenticating the person there are disclosed.
Japanese Unexamined Patent Publication No. 64-061798 JP 2002-142256 A

  However, the above-described apparatus has a structure in which complicated software and hardware are combined, is expensive, and cannot be used easily. In addition, the system that sends the person's biometrics data to another authentication device, and authenticates the person there, only authenticates the use of the portable terminal device, and the character data or image data generated by the portable terminal device. Is transmitted to a third party, it is difficult for the receiver to determine the sender of the data reliably and easily. Furthermore, a system that uses a private key and a public key is troublesome for an individual to use easily, such as authentication of a public key by a recipient and decryption of a cipher. Thus, it is not easy to ensure security safely. It can be said that there was no means to cope with “cyber terrorism” such as “spoofing” and “virus attached data” that frequently occur in the general population.

The present invention is, when you send this person took in the information terminal equipment image and character data, etc. to a third party, the recipient whether from really the sender himself, such as those of the image and character data, special The purpose is to prevent damage caused by spoofed emails by impersonation by making it easy to check without any action.

The present invention is an authentication system using information terminal device, the information terminal device, a feature extraction means for feature extraction and pattern for personal authentication, a pattern for personal authentication with the feature extraction, authentication And transmitting means for transmitting the data in which the pattern is embedded to an authentication device, the authentication device receiving means for receiving the data in which the pattern is embedded, characterized in that it has an authentication unit for performing authentication based on the pattern for personal authentication, in accordance with the result of the authentication, and adding means for adding said identity information that can identify a person to data requiring authentication And

According to the present invention, information terminals sender authentication of data to be transmitted can be easily performed from the recipient will be able to easily check the sender.

  The best mode for carrying out the invention will be described below in detail with reference to the drawings. Here, a digital camera will be described as an example. However, the present invention is not limited to this, and it goes without saying that the present invention can be applied to, for example, a portable information terminal such as a camera-equipped mobile phone or a PDA (Personal Digital Assistants).

  In addition to the camera function, the features of the digital camera include identity authentication, which is a priority issue in the Internet and the digital society, and the contents of identity authentication are concealed in the image captured by the digital camera and are understood by a third party. It can be transmitted and used so that it cannot be deciphered.

  FIG. 1 is a block diagram illustrating an internal configuration of the digital camera according to the first embodiment. In FIG. 1, reference numeral 101 denotes an internal system bus, and various functional elements to be described later are connected to the system bus 101. Reference numeral 102 denotes a communication function antenna, which is not in the shape of a rod like a mobile phone but in the form of a small chip or a printed coil. Further, it is not necessary to bring this antenna 102 out of the camera body. Further, when a digital camera is provided with a mobile phone function, a rod-shaped antenna may be provided.

  Reference numeral 103 denotes a communication control unit, which has a transmission / reception function with public wireless networks such as PHS (Personal Handy phone System), B / T (Bluetooth), and IrDA (Infrared, infrared communication), weak wireless, and optical communication. . 124 is a public radio wave or a weak radio wave. Reference numeral 125 denotes an IrDA transmission / reception diode. A communication interface 104 connects the digital camera body and the communication control unit 103.

  The configuration of the communication control unit 103 and the wireless transmission frame format are publicly known, and a description thereof is omitted here.

  An arithmetic unit 105 is an arithmetic processor including a CPU and a DSP (digital signal processor). Further, a processor in which a CPU and a DSP are integrated may be used. In addition to image processing, this DSP performs JPEG (Joint Photographic Experts Coding Group) image compression, DCT (Discrete Cosine Transform), and Huffman coding, which is quantization and lossless coding. Perform irreversible high-efficiency encoding.

  A memory 106 includes a ROM and a RAM for operating the system, and a data memory used for image compression and encryption. An image processing unit 107 captures an image captured by the camera body, a fingerprint of the human body, and an iris pattern of the eye and performs image processing. This image processing is executed by the DSP of the arithmetic processor 105. Image compression is performed by the JPEG method. Furthermore, if text, audio, and a handwritten signature are superimposed on the low-frequency component of the image, ordinary mobile radio and the Internet can be used without being seen by a third party. Furthermore, since no special encryption is used, it is economical and excellent in convenience.

  Reference numeral 108 denotes an input / output interface that controls audio input from the 109 microphone, audio output to the 110 speaker, and output to the 111 strobe lamp. Here, the sound input from the microphone 109 is compressed and accumulated in the memory 105, and thereafter stored in the memory card 121 inserted into the digital camera via the external interface 123.

  Reference numeral 114 denotes an image input interface that controls input of an image captured by the digital camera. Reference numeral 112 denotes a camera lens, and reference numeral 113 denotes an image sensor (CCD). Reference numeral 115 denotes a camera finder, which inputs the iris of the human eye to the image sensor 116 as a pattern. Reference numeral 117 denotes a fingerprint reading unit that inputs a human hand fingerprint into the image sensor 116 as a pattern.

  Note that the image sensor 116 may also be used as the image sensor 113 that inputs a signal from the lens 112. The digital camera authenticates the person based on the biometrics of the iris of the human eye and the fingerprint pattern. Furthermore, a PDA, a camera-equipped mobile phone, or the like can be used for sending important documents, electronic signatures, and entering / leaving confidential locations.

  An operation unit interface 120 controls input / output of elements for operating devices such as the screen 118 and the function switch 119 of the digital camera. If it is a digital camera, the LCD screen 118 displays a scene and a necessary icon. In the case of a camera-equipped mobile phone, in addition to the camera input scene, a phone number and input / output characters of mail text are displayed.

  Reference numeral 123 denotes an external interface. A memory card 121 corresponds to various memory cards such as a CF (compact flash memory), an SD memory card, and an SM (smart media card). Reference numeral 122 denotes a communication interface with an external device. For example, a wired standard interface such as USB (Universal Serial Bus), IEEE1394, or SCSI can be used.

  Here, with reference to FIGS. 2 to 4, biometrics (a technique for identifying an individual based on fingerprints and eye patterns) in the first embodiment will be described. In the first embodiment, a case will be described in which sampling of a plurality of biometrics is housed in a single mechanism unit for the purpose of economic effect and miniaturization.

  FIG. 2 is a diagram illustrating a state where a scene subject is viewed from the camera finder. 2, reference numeral 201 denotes a camera finder, which corresponds to 115 shown in FIG. A half mirror 202 guides the optical axis 207 to the CCD 204 that samples the iris of the eye. The CCD 204 corresponds to the image sensor 116 shown in FIG. Reference numeral 203 denotes a lens that forms an image of the iris on the CCD 204. Reference numeral 205 denotes a camera lens, which is displayed as a marker in the finder indicating the range of the subject 206 when the single lens reflex system is not used.

  FIG. 3 is a diagram illustrating a configuration of a fingerprint reading unit that optically reads a human fingerprint. In FIG. 3, 301 is a human finger, 302 is a prism, and 303 is a combined lens unit. Reference numeral 304 denotes a CCD, which corresponds to the image sensor 116 shown in FIG. Reference numeral 305 denotes a light source for collecting fingerprints, which is a lamp such as an LED or a cathode ray tube. Reference numeral 306 denotes an optical axis of the light source 305. The combined lens units 302 and 303 and the light source 305 correspond to the fingerprint reading unit 117 shown in FIG.

  FIG. 4 is a diagram showing the configuration of the personal authentication unit in the first embodiment. Here, it is a figure which shows the structure which samples a some biometric (fingerprint, iris of an eye). As shown in FIG. 4, it is the structure which united FIG.2 and FIG.3 mentioned above. In FIG. 4, reference numeral 403 denotes a half mirror, which guides the fingerprint pattern of the human body and the iris pattern of the eye to the image sensor (CCD) 406. Reference numeral 401 denotes an optical axis from the viewfinder 201 and guides an iris pattern of the eye to the CCD 406. An optical axis 402 from the light source 305 and the prism 302 guides a fingerprint pattern to the CCD 406. Reference numeral 404 denotes a camera lens or finder marker.

  FIG. 5 is a diagram illustrating an appearance of the digital camera according to the first embodiment. In this digital camera, the personal authentication unit shown in FIG. 4 is mounted. 5A is a front view, and FIG. 5B is a rear view.

  In FIG. 5A, reference numeral 501 denotes a digital camera body. Reference numeral 502 denotes a camera lens, which corresponds to the lens 112 shown in FIG. Reference numeral 503 denotes a light emitting / receiving diode used in IrDA, optical communication, and the like, and corresponds to the diode 125 shown in FIG. Reference numeral 504 denotes a viewfinder. When the user sets the biometrics mode in advance from the switch (not shown) of the digital camera 501 and the icon, the feature of the iris of the eye is extracted, patterned, and stored in the memory. Can do.

  Reference numeral 505 denotes a wireless antenna, which has a bar antenna as shown in the figure when it has the function of a portable wireless telephone. As described with reference to the system configuration in FIG. 1, a small print antenna (not shown) built in the digital camera is sufficient for weak wireless support.

  In FIG. 5B, reference numeral 506 denotes a display unit for displaying information, and a liquid crystal panel is usually used. If the e-mail function is provided, the entered text and the mail sent from the other party are displayed. In the camera mode, a scene is displayed. A fingerprint pattern detection unit 507 corresponds to the fingerprint reading unit 117 shown in FIG. 1 and detects a fingerprint pattern from the fingertip when the digital camera is held.

  FIG. 6 is a schematic view when a sentence, a picture, and the like are taken with a digital camera. As described above, iris pattern features are extracted from the human eye 601 using the finder 504, and the fingerprint pattern detection unit 507 detects the pattern from the fingertip when the digital camera is held. Then, the subject 602 such as a sentence or a picture is imaged.

  Here, a process of transmitting a biometric pattern on a low-frequency component with few images in a captured video will be described.

  FIG. 7 is a diagram illustrating a captured image in which a feature pattern is embedded. In FIG. 7, reference numeral 701 denotes a captured image in which a pattern is embedded in a sentence, a painting, or a drawing. Reference numeral 702 denotes a sentence portion. Reference numeral 703 denotes a feature pattern in which an iris / fingerprint pattern is compressed by JPEG, DCT converted, and embedded in a gap between images.

  Note that this JPEG pattern is not noticeable unless it is enlarged to an extremely large size. If the JPEG pattern is enlarged to an extremely large size, other images become mosaic patterns and cannot be discriminated.

  In addition, the biometrics feature pattern can be decoded only by dedicated decoding software.

  Ordinary photos and videos are rarely noticed by people. Then, it is only possible to understand the mosaic of the DCT pattern after partial enlargement, and it is so trivial that the image looks distorted.

  FIG. 8 is a diagram showing an example of taking a continuous screen by JPEG motion. In this case, it is stored as a moving image plane, and the number of images is large, but the density is extremely small. A large amount of information can be stored by superimposing a biometric feature pattern on this low-frequency component with low density. Not only the personal authentication pattern but also the confidential text can be DCT converted and encoded and transmitted or stored in a memory medium to maintain confidentiality.

Reference numeral 801 denotes a photographic image taken with a digital camera, reference numeral 802 denotes a mountain which is a landscape, and reference numeral 803 denotes a cloud scene. Reference numerals 804 and 805 denote information encoded by DCT conversion. As shown in FIG. 8, a pattern is embedded in a gap between the sky, the sea, and a cloud of high-frequency components, images of mountains, etc., which are low-frequency components so as not to be seen by humans. Reference numerals 801a to 801n denote continuous subject images.
Here, fingerprints and eye iris biometrics extracted by the portable information terminal are registered in the authentication site or a server at a specific business location and stored as basic features, and the authentication site or server authenticates from the portable information terminal. Processing for verifying the identity by comparing and collating as required will be described.

  FIG. 9 is a flowchart showing the operation of the personal authentication request performed in the portable information terminal. First, in step S901, when a personal authentication request is made from the camera-equipped portable information terminal, the process proceeds to step S902, and setting is made so that biometric sampling for personal authentication is performed. In step S903, eye iris feature extraction is performed for personal authentication, and in step S904, fingerprint feature extraction is performed.

  Specifically, eye iris patterns are collected from the camera finder 504, feature extraction is performed, compressed and stored in the memory 106, fingerprint feature detection is performed by the fingerprint pattern detection unit 507, and compression is performed in the same manner. And stored in the memory 106.

  In step S901 described above, if no personal authentication request is made, the process proceeds to step S905.

  Next, in step S905, a desired subject is shot with the camera. In step S906, the captured image of the subject is compressed and stored in the memory 106.

  Next, in step S907, it is determined whether or not confidential data requiring personal authentication is transmitted, and whether or not biometric data for personal authentication is attached to the data. Here, in the case of YES, the process proceeds to step S908, and biometric data is attached. The attachment of biometric data here means that the fingerprint and iris patterns that prove the identity of the person are compressed with JPEG and embedded in the image of the subject photographed in step S905 as described with reference to FIG. And so on.

  In addition, if the text or design is not problematic even if seen by a third party, the personal authentication is DCT converted and embedded in the text, picture, or subject as shown in FIGS. If you want to keep confidential information including text, DCT transforms text and design after personal authentication and embeds it in the camera data. When the amount of text is large, it is efficient to embed confidential information in a subject photographed with JPEG motion and transmit it.

  In step S909, the image of the subject in which the personal authentication is embedded is transmitted to the registered personal authentication site, the transaction destination, or the customer's server. As a result, the received personal authentication site or server activates the decryption software installed in advance, reads the received biometric data, and performs authentication.

  FIG. 10 is a system configuration diagram in the embodiment. As shown in FIG. 10, this system includes a terminal device 1001 that represents a portable information terminal with a camera that acquires a personal authentication pattern, and an authentication server 1002 that can communicate therewith.

  Next, processing in the authentication server 1002 that receives and authenticates registration of personal authentication and confidential text that requires personal authentication will be described.

  FIG. 11 is a flowchart showing registration and authentication processing for personal authentication. First, in step S1101, data including an authentication code DCT-converted by the camera-equipped portable information terminal is received from the camera-equipped portable information terminal. In step S1102, it is determined whether or not personal authentication is registered. If it is registered, the process proceeds to step S1103, and the DCT-converted authentication code included in the received print image is decoded. Next, in step S1104, the person's biometric pattern is registered in the database.

  Even if it is strictly managed, it may be misused by a third party. Therefore, if it is a fingerprint, it is registered as a thumb and an index finger. It is desirable to register with different eyes, such as the right eye.

  If it is not registered in step S1102, the process proceeds to step S1105 to decrypt the received confidential data. In step S1106, the DCT-converted authentication code embedded in the data is decoded. Next, in step S1107, the personal authentication fingerprint pattern and iris pattern decoded in step S1106 are compared with the biometric pattern of the user registered in advance in the database. If they match as a result of the collation, a pre-registered signature and electronic seal stamp are imprinted on the data sent in step S1108. The signature and the electronic seal stamp at this time are image information registered in advance in the server by the person himself, and are pasted on a part of the data. What is necessary is just to be able to identify the person himself, and a photograph of the person's face is also preferable.

  Finally, in step S1109, the authentication site or server transmits the data with the signature and the electronic seal stamp to the sender or the third party to which the data is sent. If the collation result in step S1107 is denied, a message indicating that the collation was denied in step S1110 is returned to the portable information terminal that has transmitted the data.

  The data that has been signed and electronic seal stamped at the authentication site or server is sent again from the sender or directly from the authentication site or server to the third party of the destination. The third party of the destination can confirm the signature attached to the data and the electronic seal stamp with the data by printing with a display connected to the receiving device or a printer connected to the terminal. As a result, the receiver can identify the sender of the sent data and can perform actions such as browsing the data with confidence.

  In this way, biometric data for personal authentication is registered in advance as personal identification data on the personal authentication registration site and the personal authentication registration server of the company or organization, and if there is a request for signature or seal, it is verified. If you do, you can sign and seal the sent data.

  According to the embodiment described above, it is possible to easily extract a fingerprint for identity authentication and feature of an iris pattern by simply using a portable terminal device such as a digital camera without using a special identity authentication device. By registering these biometrics data in an authentication site on the web and an authentication server, it is possible to electronically sign data such as important documents and seal an electronic seal stamp. And it is possible to send the data with these electronic signatures and electronic seal stamps to a third party.

  Even if the present invention is applied to a system constituted by a plurality of devices (for example, a host computer, an interface device, a reader, a printer, etc.), it is applied to an apparatus (for example, a copying machine, a facsimile machine, etc.) comprising a single device. It may be applied.

  Another object of the present invention is to supply a recording medium in which a program code of software realizing the functions of the above-described embodiments is recorded to a system or apparatus, and the computer (CPU or MPU) of the system or apparatus stores the recording medium in the recording medium. Needless to say, this can also be achieved by reading and executing the programmed program code.

  In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium storing the program code constitutes the present invention.

  As a recording medium for supplying the program code, for example, a floppy (registered trademark) disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like is used. be able to.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Further, after the program code read from the recording medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

It is a block diagram which shows the internal structure of the digital camera in 1st Embodiment. It is a figure which shows the state which is looking at the subject of a scene from a camera finder. It is a figure which shows the structure of the fingerprint reading part which optically reads a human fingerprint. It is a figure which shows the structure of the personal authentication unit in 1st Embodiment. It is a figure which shows the external appearance of the digital camera in 1st Embodiment. It is a schematic diagram at the time of image | photographing sentences, pictures, etc. with a digital camera. It is a figure which shows the captured image with which the feature pattern was embedded. It is a figure which shows the example which image | photographed the continuous screen by JPEG motion. It is a flowchart which shows the operation | movement of the authentication request | requirement performed with a portable information terminal. It is a system configuration diagram of the present invention. It is a flowchart which shows the authentication process performed with an authentication apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 System bus 102 Antenna 103 Communication control part 104 Communication interface 105 Arithmetic processor 106 Memory 107 Image processing part 108 Input-output interface 109 Microphone 110 Speaker 111 Strobe lamp 112 Camera lens 113 Image sensor (CCD)
114 Image Input Interface 115 Viewfinder (Iris)
116 Image sensor (CCD)
117 Fingerprint reading unit 118 Screen 119 Switch 120 Operation unit interface 121 Memory card 122 Communication interface 123 External interface 124 Radio wave (weak radio wave)
125 diodes

Claims (7)

An authentication system using an information terminal device,
The information terminal device includes feature extraction means for extracting a pattern for personal authentication,
The feature extraction pattern for personal authentication is embedded in data that requires personal authentication, and transmission means for transmitting the data in which the pattern is embedded to an authentication device,
The authentication device includes receiving means for receiving data in which the pattern is embedded,
An authentication means for performing authentication based on the personal authentication pattern;
An authentication system comprising: an adding means for adding information that can identify the person to the data that requires the person authentication according to the result of the authentication.   The authentication system according to claim 1, wherein the authentication pattern is an iris pattern of a user's eye and a fingerprint pattern of a user's finger. The authentication device has a storage means for storing a personal authentication pattern,
The authentication system according to claim 1, wherein the authentication unit performs authentication using the stored personal authentication pattern.   The authentication device includes means for transmitting the data to the information terminal device or a device other than the information terminal device after adding information that can identify the person to the data. The authentication system according to claim 3.   The authentication system according to claim 1, wherein the data is image information.   The authentication system according to any one of claims 1 to 5, wherein the information for identifying the person is image information registered in advance. Receiving means for receiving, from the information terminal device, data in which an encoded personal authentication pattern is embedded with respect to data that requires personal authentication;
Conversion means for converting a personal authentication pattern from the received data;
Authentication means for performing authentication based on the converted identity authentication pattern;
An authentication apparatus comprising: an adding unit that adds information that can identify the person to the data that requires the person authentication according to the result of the authentication.

Images