JP5353492B2 - Authentication apparatus, authentication method, and authentication program - Google Patents

Description

  The present invention relates to an authentication device, an authentication method, and an authentication program in a service on a computer network.

  Today, user participation type content generation systems such as electronic bulletin boards on the Internet, so-called blogs, and Wikis are widely used. In such a system, the user can freely post information not only by browsing information but also by performing simple user registration. However, by exploiting this and using computer programs such as so-called “bots” that automatically interact with the server, we obtain indiscriminate and mass accounts of such sites and have nothing to do with the contents of each site Annoying acts, such as posting unreasonable advertisements, are increasing.

  In addition, even in the free email address acquisition service, this “bot” automatically acquires a large number of addresses, and using these illegally acquired email addresses, indiscriminate spam to unspecified people Various nuisances on the Internet such as sending

  In order to prevent such annoying behavior, a system has been devised that discriminates whether the user is actually a human or the “bot” described above, and allows the service only when the user is identified as a human. . Such a system is commonly called an anti-robot test, which is identifiable to humans and presents as a test information that is indistinguishable or difficult with current computer programs, and only allows services if it is identified. To do.

  For example, a “bot” analyzes a message between a client and a server that are mainly exchanged with character information, and automatically generates a forged message. Therefore, in this system, when there is a message such as requesting a service from the client side, the server side presents information other than character information that can be interpreted only by an actual person, for example, Let the person interpret it. The server side determines whether or not the client user is a human based on the interpretation result.

  In the visual anti-robot test, as information other than such character information, for example, an image including a plurality of rasterized characters and symbols is presented, the characters and symbol strings in the image are read, and the results are prepared separately. To complete the input form. This test takes advantage of the fact that humans can easily read characters in images, but are difficult with computer programs. In addition, this test is an effective method to prevent nuisance because the benefits obtained from the nuisance described above are not commensurate with the cost required to execute such a program.

  However, as character recognition technology for images in computers, such as OCR (Optical Character Recognition) progresses, such protection is weakened year by year. As an attempt to obstruct the character recognition by OCR, for example, in a technique called Captcha (registered trademark of Carnegie Mellon University), image data using characters and symbols that are distorted or obscured is used.

  Also, in the authentication image presented to the client side, by creating an image that does not provide an edge due to the difference in image density between the background and characters, symbols, etc., a pattern that cannot recognize characters, symbols, etc. in the computer program is created The technique which performs is proposed (for example, refer patent document 1).

  However, in view of the recent improvement in image recognition technology by computers, it is technically easy to deceive and break through the above-described system, and it cannot be denied that the strength of the system is weakened.

  The present invention has been made in view of the above points, and provides an authentication apparatus, an authentication method, and an authentication program that can improve security by performing appropriate user authentication in a service on a computer network. With the goal.

  In order to achieve the above object, the present invention is an authentication device that authenticates a user based on input information from the user, and includes a first image that is determined to be visible to a human and the human An authentication image generating means for generating an authentication image that is combined with a second image that is impossible and can be recognized by the computer, and the authentication image generated by the authentication image generating means is the user An authentication image presenting means for presenting and an authentication means for authenticating whether or not the user is a person based on information input based on the authentication image presented by the authentication image presenting means. Features.

  In addition, the present invention is an authentication method in an authentication apparatus for authenticating a user based on input information from the user, and the first image that is determined to be viewable by a human and the human being cannot be viewed. An authentication image generation procedure for generating an authentication image in combination with a second image determined to be recognizable by the computer, and an authentication for presenting the authentication image generated by the authentication image generation procedure to the user And an authentication procedure for authenticating whether or not the user is a person based on information input based on the authentication image presented by the authentication image presentation procedure.

  Further, the present invention is an authentication program for authenticating the user based on input information from the user, wherein the computer is configured such that a first image determined to be visible to a human and the human is not visible. Yes, an authentication image generating unit that generates an authentication image in combination with a second image that is determined to be recognizable by the computer, and an authentication image generated by the authentication image generating unit is presented to the user. An authentication program for functioning as an authentication image presenting means and an authentication means for authenticating whether or not the user is a human by information input based on the authentication image presented by the authentication image presenting means is there.

  According to the present invention, security is improved by performing appropriate user authentication in a service on a computer network.

It is a figure which shows the structural example of the authentication system which concerns on this embodiment. It is a figure which shows the function structural example of the authentication system which concerns on this embodiment. It is a figure which shows the hardware constitutions of the server apparatus which concerns on this embodiment. It is a flowchart which shows the 1st process example of the authentication process which concerns on this embodiment. It is a flowchart which shows the 2nd process example of the authentication process which concerns on this embodiment. It is an example of the image for authentication used in the conventional authentication system. It is a figure which shows the 1st example of the image for authentication which concerns on this embodiment. It is a figure which shows the 2nd example of the image for authentication which concerns on this embodiment. It is a figure which shows the 3rd example of the image for authentication which concerns on this embodiment. It is a figure which shows the 4th example of the image for authentication which concerns on this embodiment. It is a figure which shows the 5th example of the image for authentication which concerns on this embodiment. It is a figure which shows the 6th example of the image for authentication which concerns on this embodiment (the 1). It is a figure which shows the 6th example of the image for authentication which concerns on this embodiment (the 2).

  Hereinafter, embodiments of the present invention will be described in detail.

<Authentication system>
FIG. 1 is a diagram illustrating an example of a configuration of an authentication system according to the present embodiment. As shown in FIG. 1, the authentication system 1 is, for example, a visual anti-robot system, and includes client devices 10A and 10B (hereinafter collectively referred to as the client device 10) and a server device (authentication device) 20. Connected via network. The number of devices shown in FIG. 1 is not particularly limited in the present invention.

  The client device 10 and the server device 20 are computer devices including a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like.

  The communication between the client device 10 and the server device 20 is performed via, for example, HTTP (HyperText Transfer Protocol) or HTTPS (HyperText Transfer Protocol Security) that is encrypted HTTP. Note that the communication protocol used in the communication between the client device 10 and the server device 20 is not limited to HTTP and HTTPS in the present invention.

  Information from the server device 20 is transmitted to the client device 10 in, for example, an HTML (HyperText Markup Language) format.

  In the authentication system 1, for example, when a user receives a service such as a web service from the server device 20, when the client device 10 is used to request authentication from the server device 20, the server device 20 For example, an authentication (test) image including rasterized characters, symbols and the like is presented as a visual anti-robot test. The user reads characters, symbol strings, and the like drawn on the authentication image, inputs information such as the read characters and symbol strings to the client device 10, and transmits the input information from the client device 10 to the server device 20. To do.

  The server device 20 determines whether or not the input information such as characters and symbol strings transmitted by the user is the same as the correct characters and symbol strings arranged in the authentication image. Determines that the user is a human. Thereafter, the server device 20 presents a user authentication screen, and the user inputs a user name and a password on the presented user authentication screen.

  The server device 20 determines whether or not the input user name and password are those of the authorized user. If the entered user name and password are those of the authorized user, the server device 20 actually displays the content posting form. Start providing services.

  Whether the authentication system 1 has the above-described configuration and the user using the client device 10 is an actual human or an automated computer program using the authentication image of the server device 20. Determine about.

<Functional configuration of authentication system>
FIG. 2 is a diagram illustrating an example of a functional configuration of the authentication system according to the present embodiment. As illustrated in FIG. 2, the client device 10 includes an input unit 110, a display unit 120, a communication unit 130, and a control unit 140. The server device (authentication device) 20 includes an authentication unit 210, an authentication image generation unit 220, an authentication image presentation unit 230, a communication unit 240, a service providing unit 250, and a control unit 260.

  First, each functional unit included in the client device 10 will be described. The input unit 110 inputs various instructions from a user (user) of the client device 10. For example, a service request instruction for receiving a service such as a Web service from the server device 20.

  The display unit 120 displays an authentication (test) image, a user authentication image, or the like presented from the server device 20 on a display device such as a liquid crystal display device (not shown) of the client device 10. The communication unit 130 is an interface unit for performing communication with the server device 20, for example. The control unit 140 performs various controls of the client device 10 including the input unit 110, the display unit 120, and the communication unit 130.

  Next, each functional unit included in the server device 20 will be described. The authentication unit 210 of the server device 20 determines (authenticates) whether the user is an actual person or a computer program such as an automated “bot” based on user input information acquired from the client device 10.

  Here, the user input information acquired from the client device 10 is information such as characters and symbol strings read and input by the user of the client device 10 from the authentication (test) image presented by the server device 20. It is. The server device 20 acquires input information input by the user of the client device 10 via the communication unit 240.

  The authentication unit 210 uses the acquired user input information as the image character information shown in the first image that is determined to be viewable (recognizable) by a normal person among the images drawn in the authentication image. If they match, the user is determined to be human.

  On the other hand, the authentication unit 210 determines that the acquired input information of the user cannot be visually recognized (recognized) among the images drawn on the authentication image and can be recognized by the computer. When the image character information shown in the second image matches the image character information shown by the combination of the first image and the second image, the user determines that the computer program is automated.

  Here, the image character information shown in the first image or the second image is, for example, a character string made up of a plurality of imaged characters, symbols, etc. included in the first image or the second image. Etc. Note that the first image and the second image constituting the authentication image will be described later.

  Further, the authentication unit 210 performs user authentication of the client device 10 based on the user name, password, and the like acquired from the client device 10. These authentication processes will be described later.

  The authentication image generation unit 220 generates an authentication (test) image for performing an anti-robot test in response to an authentication request made in response to a service request of the client device 10. The authentication image is generated by a combination of a first image that is determined to be visible to humans and a second image that is not visible to humans and is determined to be recognizable by the computer.

  The first image generated by the authentication image generation unit 220 is, for example, a plurality of characters, symbols, and the like generated by a background color composed of the first color and a second color different from the first color. It consists of character information. It is determined that at least one or more of character image information such as characters and symbols generated by the second color shown in the first image is generally visible (recognizable) by humans.

  Here, the color difference between the first color and the second color is equal to or greater than the human visual threshold, and the first image has a background color composed of the first color and a background color composed of the first color. And a character string generated by a second color whose color difference is greater than or equal to a human visual threshold, and image character information such as a symbol string. It should be noted that image character information such as characters and symbols generated by the second color is distorted by rasterization and may be partially missing, and can be read by ordinary humans. Etc., as long as they can be recognized.

  The second image generated by the authentication image generation unit 220 is, for example, a plurality of characters, symbols, and the like generated by a background color composed of the first color and a third color different from the first color. It consists of character information. At least one or more of character image information such as characters and symbols generated by the third color shown in the second image is generally determined to be unrecognizable (recognizable) by humans and recognized by the computer. Judged to be possible.

  Here, the color difference between the first color and the third color is less than the human visual threshold, and the second image has a background color that is the first color and a background color that is the first color. And a character string generated by a third color whose color difference is less than the human visual threshold, and image character information such as a symbol string. Further, for example, the brightness difference between the first color and the third color may be substantially equal.

  The color difference between the first color and the third color, which is the background color, is, for example, human in the CIE 1976 Lab color space (L * a * b * color system) defined by the International Certification Committee (CIE). It may be present in a direction substantially coincident with the blue-yellow axis direction of the color response space opposite to the color vision.

  In addition, the authentication image generation unit 220 converts image character information such as characters and symbols that constitute the second image into characters, symbols, and the like that are smaller than image character information such as characters and symbols that constitute the first image, for example. For example, characters, symbols, etc. constituting the first image and the second image may be generated by random characters, types of symbols, number, random order, etc. each time the authentication image is displayed. You may produce | generate so that it may be displayed.

  A specific example of the authentication image generated by the authentication image generation unit 220 will be described later.

  The authentication image presentation unit 230 presents the authentication image generated by the authentication image generation unit 220 to the client device 10.

  The communication unit 240 is an interface unit for performing communication with the client device 10. The service providing unit 250 provides a service to the client device 10 in response to a service request instruction received from the client device 10 when the authentication by the authentication unit 210 is successful.

  The control unit 260 performs various controls of the server device 20 including the authentication unit 210, the authentication image generation unit 220, the authentication image presentation unit 230, the communication unit 240, and the service providing unit 250 described above.

<Hardware configuration of server device>
Next, the hardware configuration of the server device (authentication device) 20 will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a hardware configuration according to the present embodiment.

  In FIG. 3, first, the server device 20 is a computer device, and is an input device 21, an output device 22, a drive device 23, an auxiliary storage device 24, and a memory device that are mutually connected by a system bus. 25, an arithmetic processing unit 26, and an interface unit 27.

  The input device 21 includes a keyboard and a mouse, and is used for inputting various signals. The output device 22 includes a display device and is used to display various windows and data, an authentication image generated in the present embodiment, and the like. The interface device 27 includes a modem, a LAN card, and the like, and is used for connecting to a network.

  The server device 20 acquires various requests, input information input by the user of the client device 10, and the like from the plurality of client devices 10 provided outside via the network by the interface device 27.

  The authentication program according to the present embodiment is at least a part of various programs that control the server device 20. The authentication program is provided, for example, by distributing the recording medium 28 or downloading from the network. The recording medium 28 on which the authentication program is recorded is a recording medium such as a CD-ROM, a flexible disk, a magneto-optical disk, etc. for recording information optically, electrically or magnetically, a ROM (Read Only Memory), a flash. The present invention can be provided using various types of recording media such as a semiconductor memory that electrically stores information such as a memory.

  When the recording medium 28 storing the authentication program is set in the drive device 23, the authentication program is installed from the recording medium 28 to the auxiliary storage device 24 via the drive device 23.

  Further, the authentication program may be downloaded from the network and installed in the auxiliary storage device 24 via the interface device 27.

  The memory device 25 stores the installed authentication program and stores necessary files, data, and the like. The memory device 25 reads and stores the authentication program from the auxiliary storage device 24 at startup. The arithmetic processing unit 26 implements various processes as described later according to the authentication program stored in the memory device 25.

<First processing example of authentication processing>
FIG. 4 is a flowchart illustrating a first processing example of the authentication processing according to the present embodiment. In FIG. 4, the server device 20 performs authentication processing for determining whether or not the user (user) operating the client device 10 is an actual person in the processing of S11 to S13, and the processing of S14 to S16. An authentication process is performed to determine whether or not the user is a legitimate user.

  As shown in FIG. 4, the server device 20 acquires an authentication request from the client device 10 via the communication unit 240 (S10). Here, the authentication request from the client device 10 is, for example, a request accompanying a service provision request for the user to receive a service from the server device 20, and the server device 20 is requested via the client device 10. Required.

  Next, the server device 20 presents an authentication (test) image to the client device 10 (S11). Here, the authentication image generation unit 220 of the server device 20 generates an authentication image, and the authentication image presentation unit 230 presents the authentication image generated by the authentication image generation unit 220 to the client device 20. . Subsequently, the display unit 120 of the client device 10 displays the authentication image presented by the server device 20.

  Next, the server device 20 acquires character strings such as characters and symbols from the client device 10 (S12). Here, the character string input from the client device 10 is a character string or the like (test result) in which an actual human visually observes the authentication image presented in S11 and inputs a readable character string or the like with the input unit 110. Alternatively, for example, a character string or the like obtained as a result of character recognition of the authentication image presented in S11 by image analysis software or the like installed in the client device 10 is performed.

  Next, the server device 20 determines whether or not the test result information acquired in the process of S12 is correct (correct answer) (S13). Here, the authentication unit 210 displays the test result information acquired in S12 on the authentication image presented in S11, and images such as characters and symbols shown in the first image that is determined to be visible to humans. Judgment (authentication) is performed by comparing whether or not the character information matches.

  When the test result information matches the image character information such as characters and symbols shown in the first image and the test result information is determined to be correct (YES in S13), the server device 20 authenticates to the client device 10. A screen is displayed (S14). Here, the authentication screen displayed in the process of S14 is an authentication screen for user authentication configured by, for example, a user name (user identification character string) input form and a password input form. . This authentication screen prompts the user to input authentication information.

  Next, the server device 20 acquires, for example, a user name and password as authentication information from the client device 10 (S15). Here, the user name and password acquired by the server device 20 are input by the user using the input unit 110 of the client device 10 in the predetermined input area displayed on the authentication screen displayed in the process of S14. Is.

  Next, the server device 20 determines whether or not the user is a regular user based on the user name and password information acquired in S15 (S16). Here, the authentication unit 210 makes a determination by comparing the authentication information such as the user name and password acquired in the process of step S15 with the user information managed by the storage unit such as the memory device 25 of the server device 20 ( Authentication).

  If it is determined that the user is an authorized user (YES in S16), the process is terminated, and for example, the service providing unit 250 of the server device 20 starts providing a service such as displaying a content posting form on the client device 10. To do.

  If it is determined in the above-described processing of S13 that the test result information does not match the image character information such as characters and symbols shown in the first image and the test result information is incorrect (NO in S13). , The process returns to S11. If it is determined in step S16 that the user is not an authorized user (NO in step S16), the process returns to step S14.

  Through the processing described above, the server device 20 performs authentication processing to determine (authenticate) whether or not the user of the client device 10 is an actual person.

  Note that the order of the authentication process for determining whether or not the user shown in S11 to S13 shown in FIG. 4 is a human and the authentication process for determining whether or not the user is a regular user shown in S14 to S16 may be reversed. . FIG. 5 is a flowchart illustrating a second processing example of the authentication processing according to the present embodiment. When the request from the client device 10 to the server device 20 is an account acquisition of the server device 20, the processing shown in S20 to S23 may be performed as shown in FIG. 5, and then user registration may be started. . The processes in S20 to S23 shown in FIG. 5 are the same as the processes in S10 to S13 in FIG.

<Conventional image for authentication>
Next, a conventional authentication image will be described with reference to FIG. FIG. 6 is an example of an authentication image used in a conventional authentication system. The authentication image shown in FIG. 6 is an authentication image presented from the server device 20 to the client device 10 in the process of S11 of FIG. 3, for example.

  The authentication image shown in FIG. 6 can generally be read as “NkpGJN” by separating the character portion from the background image if it is a human. However, in order for the computer program to recognize such characters and symbols rasterized as an image, a special character recognition function such as the above-described OCR is required. Further, with the conventional OCR, as shown in FIG. 6, it is difficult to recognize characters and symbols that are further distorted or obscured.

  Therefore, if the user of the client device 10 is a so-called “bot”, at least the OCR function must be provided in order to read the authentication image described above. Even if the client device 10 has an OCR function, it is difficult to read a character, a symbol, or the like that is distorted or obscured as shown in FIG. An advanced learning OCR was required.

  This is technically very difficult, and it is costly to make OCR with a higher level of learning, so it is indiscriminate, mass and low cost using computer programs. It was very difficult to implement.

  Therefore, in a conventional authentication system (visual anti-robot test system), the user of the client device 10 is an actual person or an automated computer program using an authentication screen as shown in FIG. It was determined whether there was. However, in view of the recent advancement of OCR technology and cost reduction, even such a method has never been a safe method.

  Next, examples of authentication images according to the present embodiment that solve the above-described problems will be described with reference to FIGS.

<First Example of Authentication Image>
FIG. 7 is a diagram illustrating a first example of an authentication image according to the present embodiment. The authentication images illustrated in FIGS. 7 to 13 are examples of authentication (test) images presented from the server device 20 to the client device 10 in the process of S11 illustrated in FIG. 4, for example.

  FIG. 7 is an image composed of, for example, 8 bits per pixel, and the image shown in FIG. 7A is a first example of an authentication image presented in the server device 20. The authentication image shown in FIG. 7A has a character group (for example, AAA) composed of the second color shown in FIG. 7C on the background 30 composed of the first color shown in FIG. 7B. 40 and a third color group of characters (for example, BC) 50 shown in FIG. 7 (d) are superimposed (overlaid) with an opacity of 100%.

  The background 30 shown in FIG. 7B is filled with, for example, a pixel value 128, and the character group (eg, AAA) 40 shown in FIG. 7C is filled with, for example, a pixel value 140. FIG. A character group (for example, BC) 50 shown in d) is filled with a pixel value 130, for example.

  Further, the shape of the character group 40 shown in FIG. 7C is distorted, and the shape of the character group 50 shown in FIG. 7D is not distorted.

  Here, the character group 40 shown in FIG. 7C has a large contrast with the background 30 shown in FIG. Therefore, in the image (first image T1) displayed as shown in FIG. 7A by superimposing the character group 40 shown in FIG. 7C on the background 30 shown in FIG. In particular, a human can easily visually recognize the character group 40 with respect to the background 30.

  That is, for example, in the case of an image composed of 8 bits per pixel, a normal human being has a difference of, for example, a maximum of about 5 and a minimum of about 1 in pixel values between the background color and the color of the character group. It is possible to visually recognize the character group from the background color.

  In addition, since the color value space currently used for the setting of the pixel values described above is not completely equal to human perception, the minimum color difference visible to humans is slightly different depending on the color gamut. For example, in the color difference (ΔE * ab) of the CIE 1976 Lab color space, although it varies depending on the color gamut, a variation of about 3 to 1 occurs. When this is converted into RGB (for example, sRGB) pixel values of a display or the like, if there is a difference of about 5 to 1, a normal person can separate and visually recognize a character group from the background color.

  However, the character group 50 shown in FIG. 7D has a small contrast with the background 30 even though there is a difference in pixel values with respect to the background 30 shown in FIG. Therefore, in the image (second image T2) displayed as shown in FIG. 7A by superimposing the character group 50 shown in FIG. 7D on the background 30 shown in FIG. In particular, it is impossible for a human to visually recognize the character group 50 separately from the background 30.

  For example, in the case of an image composed of one pixel 8 bits which is a monochrome image, there is a difference of about 5 in terms of pixel value between the background color and the color of the character group described above. When it is possible to separate and visually recognize a character group, for example, when the pixel value is not about 1 or so, it is impossible for a normal human to separate and visually recognize the character group from the background color. . The same applies to a color image made up of 8 bits for each RGB color.

  On the other hand, if it is a “bot” having a normal OCR function, the character group 50 shown in FIG. 7D is superimposed on the background 30 shown in FIG. The character group 50 can also be recognized in the image (second image T2) displayed as shown in FIG.

  Therefore, when the authentication image shown in FIG. 7A is presented, the character group 40 is read and answered as “AAA” in the case of a normal person. Note that if the “bot” does not have the OCR function, it is impossible to read the character group 40 and the character group 50 shown in FIG. 7C and FIG. It is impossible to answer the authentication image shown in (a).

  Further, if the “bot” has the OCR function but cannot read and read the distorted character group 40 as shown in FIG. 7C, it is shown in FIG. 7D. Since only the undistorted character group 50 is detected, “BC” is answered to the authentication image shown in FIG.

  Further, if the “bot” has an OCR function capable of reading and reading the distorted character group 40 shown in FIG. 7C, in addition to the distorted character group 40 shown in FIG. 7C. In order to detect the character group 50 shown in FIG. 7 (d), “AAAABC” is answered to the authentication image shown in FIG. 7 (a).

  In the present embodiment, for example, as the answer in the process of S13 in FIG. 4, the server device 20 sets only “AAA” shown in the character group 40 in FIG. 7C as the correct answer. Further, the server device 20 regards an answer such as “BC” shown in the character group 50 or “AAABC” in which the character group 40 and the character group 50 are combined as an incorrect answer because the answer is “bot”.

  Thus, if the “bot” tries to answer the same character string or the like as the answer visually input by a normal human, an advanced character that can detect the distorted character group 40 shown in FIG. In addition to the need for the OCR function, it is necessary to determine whether or not a human can visually recognize the character group 50 shown in FIG. 7D, and more complicated image processing is required. .

<Second Example of Authentication Image>
Next, a second example of the authentication image will be described with reference to FIG. FIG. 8 is a diagram illustrating a second example of the authentication image according to the present embodiment.

  FIG. 8 shows an image expressed using, for example, the CIE 1976 Lab color space (L * a * b * color system) defined by the CIE. Here, in the L * a * b * color system, the color is represented by coordinates in a uniform space composed of the lightness L * and the chrominance index a * b *.

  The authentication image shown in FIG. 8A is a second example of the authentication image presented in the server device 20. The authentication image shown in FIG. 8A has a character group (for example, AAA) made of the second color shown in FIG. 8C on the background 31 made of the first color shown in FIG. 8B. 41 and a character group (for example, BC) 51 of the third color shown in FIG. 8D are superimposed (overlaid) with an opacity of 100%.

  The background 31 shown in FIG. 8B is filled with, for example, (L *, a *, b *) = (91, −51, −15), and a character group (for example, AAA) shown in FIG. ) 41 is filled with, for example, (L *, a *, b *) = (60, 20, 20), and a character group (for example, BC) 51 shown in FIG. a *, b *) = (90, −50, −14).

  Further, the shape of the character group 41 shown in FIG. 8C is distorted, and the shape of the character group 51 shown in FIG. 8D is not distorted.

  Here, the character group 41 shown in FIG. 8C has a large color difference from the background 31 shown in FIG. Therefore, in the image (first image T1) displayed as shown in FIG. 8A by superimposing the character group 41 shown in FIG. 8C on the background 31 shown in FIG. Furthermore, a human can easily visually recognize the character group 41 with respect to the background 31.

  Therefore, for example, in the case of an image represented by the L * a * b * color system, an ordinary human being has a background if there is a color difference of about ΔE * ab = 2 between the background color and the color of the character group. It is possible to visually recognize the character group separately from the color.

  However, the character group 51 shown in FIG. 8D has a small value even though there is a color difference with respect to the background 31 shown in FIG. Therefore, in the image (second image T2) displayed as shown in FIG. 8A by superimposing the character group 51 shown in FIG. 8D on the background 31 shown in FIG. In addition, it is impossible for a human to visually recognize the character group 51 from the background 31.

  That is, for example, in the case of an image represented by the L * a * b * color system, a normal human being can use the background color to the character group if there is no difference between the background color and the character group, for example, less than ΔE * ab = 2. It is impossible to separate and visually recognize.

  On the other hand, if it is a “bot” having a normal OCR function, the character group 51 shown in FIG. 8D is superimposed on the background 31 shown in FIG. The character group 51 can also be recognized in the image (second image T2) displayed as shown in FIG.

  Therefore, when the authentication image shown in FIG. 8A is presented, the character group 41 is read and answered as “AAA” in the case of a normal person. If the “bot” does not have the OCR function, it is impossible to read the character group 41 and the character group 51 shown in FIG. 8C and FIG. ) Cannot be answered for the authentication image shown in FIG.

  If the “bot” has the OCR function but cannot read and interpret the distorted character group 41 shown in FIG. 8C, the distorted character shown in FIG. Since only the missing character group 51 is detected, “BC” is answered to the authentication image shown in FIG.

  Further, if the “bot” has an OCR function capable of reading and reading the distorted character group 41 shown in FIG. 8C, in addition to the distorted character group 41 shown in FIG. 8C. In order to detect the character group 51 shown in FIG. 8D, “AAAABC” is answered to the authentication image shown in FIG.

  In the present embodiment, for example, the server device 20 sets only “AAA” shown in the character group 41 as a correct answer as an answer in the process of S13 of FIG. Further, the server device 20 makes an answer such as “BC” shown in the character group 51 or “AAABC” in which the character group 41 and the character group 51 are combined as an incorrect answer because the answer is “bot”.

  In this way, if the “bot” tries to answer the same character string or the like as an answer that is visually recognized and input by a normal human, an advanced character that can detect the distorted character group 41 shown in FIG. In addition to the need for the OCR function, it is necessary to determine whether or not a human can visually recognize the character group 51 shown in FIG. 8D, and more complicated image processing is required. .

<Third example of authentication image>
Next, a third example of the authentication image will be described with reference to FIG. FIG. 9 is a diagram illustrating a third example of the authentication image according to the present embodiment.

  FIG. 9 is an image represented using, for example, the CIE 1976 Lab color space (L * a * b * color system) defined by CIE, as in FIG.

  The authentication image shown in FIG. 9A is a third example of the authentication image presented in the server device 20. The authentication image shown in FIG. 9A has a character group (for example, AAA) made of the second color shown in FIG. 9C on the background 32 made of the first color shown in FIG. 9B. 42 and a character group (for example, BC) 52 composed of the third color shown in FIG. 9D are superimposed (overlaid) with an opacity of 100%.

  The background 32 shown in FIG. 9B is filled with, for example, (L *, a *, b *) = (50, 50, 50), and a character group (for example, AAA) 42 shown in FIG. 9C. Is filled with, for example, (L *, a *, b *) = (75, −20, −20), and the character group 52 (for example, BC) shown in FIG. a *, b *) = (50, 48, 45).

  Further, the shape of the character group 42 shown in FIG. 9C is distorted, and the shape of the character group 52 shown in FIG. 9D is not distorted.

  Here, the character group 42 shown in FIG. 9C has a large color difference with respect to the background 32 shown in FIG. Therefore, in the image (first image) displayed as shown in FIG. 9A by superimposing the character group 42 shown in FIG. 9C on the background 32 shown in FIG. A human can easily visually recognize the character group 42 with respect to the background 32.

  However, the character group 52 shown in FIG. 9D has a small value even though there is a color difference with respect to the background 32 shown in FIG. 9B, and the character group 52 shown in FIG. For the lightness “(L *) = (50)”, the lightness of the character group 52 shown in FIG. 9D is “(L *) = (50)”, and the background 32 and the character group 52 There is no brightness difference between.

  In general, it is known that when a human recognizes an edge in a visual field, the contribution of brightness is the largest. Therefore, for example, if the difference between the background 32 shown in FIG. 9B and the foreground (here, the character group 52) shown in FIG. Therefore, the character group 52 in FIG. 9D may be visually recognized.

  Therefore, as described above, the human visual sensitivity is the highest between the background 32 shown in FIG. 9B and the character group 52 shown in FIG. 9D, that is, the greatest contribution to the human visual sensitivity. Do not give a brightness difference. As a result, in the image (second image T2) displayed with the character group 52 superimposed on the background 32 as shown in FIG. 9A, the character group 52 is more reliably separated from the background 32 and can be visually recognized by humans. Can be prevented.

  For example, in the case of an image represented by the L * a * b * color system, humans are more sensitive to lightness (L *) direction differences than to a * or b * direction differences. Since the visual sensitivity is high, the brightness difference serving as a perception threshold is preferably set to 0.3 or less, for example.

  On the other hand, as described above, in the case of a “bot” having a normal OCR function, the character group 52 shown in FIG. 9D is detected as shown in FIG. It is possible to recognize the character group 52 in the image (second image T2) displayed as shown in FIG.

  Therefore, when the authentication image shown in FIG. 9A is presented, the character group 42 is read and answered as “AAA” in the case of a normal person. If the “bot” does not have the OCR function, the character group 42 and the character group 52 shown in FIGS. 9C and 9D cannot be read. ) Cannot be answered for the authentication image shown in FIG.

  Further, if the “bot” has the OCR function but cannot read and read the distorted character group 42 shown in FIG. 9C, the distorted character shown in FIG. Since only the group 52 is detected, “BC” is answered to the authentication image shown in FIG.

  In addition to the distorted character group 42 shown in FIG. 9C, a “bot” having an OCR function that can read and read the distorted character group 42 shown in FIG. In order to detect the character group 52 shown in FIG. 9D, “AAAABC” is answered to the authentication image shown in FIG.

  In the present embodiment, for example, the server device 20 sets only the character string “AAA” shown in the character group 42 as the correct answer as the answer in the process of S13 of FIG. In addition, the server device 20 regards an answer such as “BC” shown in the character group 52 or “AAABC” in which the character group 42 and the character group 52 are combined as an incorrect answer because the answer is “bot”.

  In this way, if the “bot” tries to answer the same character string or the like as the answer visually input by a normal human, an advanced OCR that can detect the distorted character group 42 shown in FIG. It is necessary not only to have a function, but also to determine whether or not a human can visually recognize the character group 52 shown in FIG. 9D, and more complicated image processing is required.

<Fourth Example of Authentication Image>
Next, a fourth example of the authentication image will be described with reference to FIG. FIG. 10 is a diagram illustrating a fourth example of the authentication image according to the present embodiment.

  FIG. 10 is an image expressed using, for example, the CIE 1976 Lab color space (L * a * b * color system) defined by CIE, as in FIG.

  The authentication image shown in FIG. 10A is a fourth example of the authentication image presented in the server device 20. The authentication image shown in FIG. 10A is a character group (for example, AAA) made of the second color shown in FIG. 10C on the background 32 made of the first color shown in FIG. 10B. 42 and a character group (for example, BC) 53 composed of the third color shown in FIG. 10 (d) are superimposed (overlaid) with an opacity of 100%.

  The background 32 shown in FIG. 10B is filled with, for example, (L *, a *, b *) = (50, 50, 50), and a character group (for example, AAA) 42 shown in FIG. 10C. Is filled with, for example, (L *, a *, b *) = (75, −20, −20), and a character group (for example, BC) 53 shown in FIG. a *, b *) = (50, 50, 60).

  Further, the shape of the character group 42 shown in FIG. 10C is distorted, and the shape of the character group 53 shown in FIG. 10D is not distorted.

  Here, the character group 42 shown in FIG. 10C has a large color difference with respect to the background 32 shown in FIG. Therefore, in the image (first image T1) displayed as shown in FIG. 10A by superimposing the character group 42 shown in FIG. 10C on the background 32 shown in FIG. In addition, a human can easily visually recognize the character group 42 with respect to the background 32.

  However, the character group 53 shown in FIG. 10D has a small value even though there is a color difference with respect to the background 32 shown in FIG. 10B, and the difference with respect to the background 32 shown in FIG. It exists only in the direction along the b * axis, which is the blue-yellow axis, in the CIEL * a * b * space, which is the color response space opposite to human color vision. Here, the character group 53 is “(b *) = (60)” with respect to the background 32 “(b *) = (50)”.

  In general, when a human recognizes an edge in a visual field, it is known that the contribution of the stimulus in the blue-yellow axis direction described above is the smallest. Therefore, for example, if the difference between the background 32 shown in FIG. 10B and the foreground (here, the character group 53) shown in FIG. Therefore, there is a possibility that the character group 53 shown in FIG.

  Therefore, as described above, the human visual sensitivity is the lowest between the background 32 shown in FIG. 10B and the character group 53 shown in FIG. b * A difference only in the axial direction is given. As a result, as shown in FIG. 10A, in the image (second image T2) displayed by superimposing the character group 53 on the background 32, the visual recognition of the character group 53 with respect to the background 32 can be prevented more reliably. .

  On the other hand, as described above, in the case of a “bot” having a normal OCR function, the character group 53 shown in FIG. 10D is shown in FIG. The character group 53 can be recognized also in the image (second image T2) displayed as shown in FIG.

  Accordingly, when the authentication image shown in FIG. 10A is presented, the character group 42 is read and answered as “AAA” in the case of a normal person. If the “bot” does not have the OCR function, the character group 42 and the character group 53 shown in FIGS. 10C and 10D cannot be read. ) Cannot be answered for the authentication image shown in FIG.

  Further, if the “bot” has the OCR function but cannot read and interpret the distorted character group 42 shown in FIG. 10C, the distorted character shown in FIG. Since only the group 53 is detected, “BC” is answered to the authentication image shown in FIG.

  In addition to the distorted character group 42 shown in FIG. 10D, a “bot” having an OCR function capable of reading and reading the distorted character group 42 shown in FIG. In order to detect the character group 53 shown in FIG. 10D, “AAAABC” is answered to the authentication image shown in FIG.

  In the present embodiment, for example, the server device 20 sets only the character string “AAA” shown in the character group 42 as the correct answer as the answer in the process of S13 of FIG. Further, the server device 20 regards an answer such as “BC” shown in the character group 53 or “AAABC” in which the character group 42 and the character group 53 are combined as an incorrect answer because the answer is “bot”.

  In this way, if the “bot” tries to answer the same character string as the answer visually input by a normal human, an advanced OCR that can detect the distorted character group 42 shown in FIG. Not only is the function required, but it is necessary to determine whether or not a human can visually recognize the character group 53 shown in FIG. 10D, and more complicated image processing is required.

<Fifth Example of Authentication Image>
Next, a fifth example of the authentication image will be described with reference to FIG. FIG. 11 is a diagram illustrating a fifth example of the authentication image according to the present embodiment.

  FIG. 11 is an image expressed using, for example, the CIE 1976 Lab color space (L * a * b * color system) defined by CIE, as in FIG.

  The authentication image shown in FIG. 11A is a fifth example of the authentication image presented in the server device 20. The authentication image shown in FIG. 11A is a character group (for example, AAA) 42 made of the second color shown in FIG. 11C on the background 32 made of the first color shown in FIG. 11D is an image in which a character group (for example, BC) 54 having the third color shown in FIG. 11D is superimposed and displayed (overlaid) with an opacity of 100%.

  The background 32 shown in FIG. 11B is filled with, for example, (L *, a *, b *) = (50, 50, 50), and a character group (for example, AAA) 42 shown in FIG. Is filled with, for example, (L *, a *, b *) = (75, −20, −20), and a character group (for example, BC) 54 shown in FIG. a *, b *) = (50, 50, 60).

  Further, the shape of the character group 42 shown in FIG. 11C is distorted, and the shape of the character group 54 shown in FIG. 11D is not distorted, but is drawn in a smaller size.

  Here, since the character group 42 shown in FIG. 11C has a large color difference with respect to the background color shown in FIG. 11B, the character group shown in FIG. 11C is added to the background 32 shown in FIG. In the image (first image T1) displayed as shown in FIG. 11A by superimposing 42, generally, a human can easily visually recognize the character group 42 against the background 32. .

  However, the character group 54 shown in FIG. 11D has a small value despite the color difference with respect to the background shown in FIG. 11B, and the difference with respect to the background shown in FIG. It exists only in the direction along the b * axis which is the blue-yellow axis in the CIEL * a * b * space which is the opposite color response space.

  In general, when a human recognizes an edge in the field of view, it is known that the contribution of the stimulus in the blue-yellow direction described above is the smallest. Therefore, for example, if the difference between the background 32 shown in FIG. 11B and the foreground (character group 54 in this case) shown in FIG. Therefore, there is a possibility that the foreground character group 54 shown in FIG.

  Therefore, as described above, the human visual sensitivity is the lowest between the background 32 shown in FIG. 11B and the character group 54 shown in FIG. 11D, that is, the human visual sensitivity has the smallest contribution. Brightness b * A difference only in the axial direction is given. Thereby, as shown in FIG. 11A, in the image (second image T2) displayed by superimposing the character group 54 on the background 32, it is possible to more reliably prevent the character group 54 from being visually recognized with respect to the background 32. .

  Moreover, the character group 54 of FIG.11 (d) is drawn by the size smaller than the character group 42 of FIG.11 (b), for example. In general, human visual characteristics have a property that the detection sensitivity rapidly decreases in a region having a high spatial frequency. That is, it has a characteristic that it is not good at detecting a finer structure.

  Therefore, the character group 54 shown in FIG. 11D is drawn with a smaller size (for example, a size smaller than the character group 53 shown in FIG. 10D). As a result, as shown in FIG. 11A, in the image (second image T2) displayed by superimposing the character group 54 on the background 32, it is possible to more reliably prevent the character group 54 from being visually recognized with respect to the background 32. it can. For example, the character group 54 shown in FIG. 11D may be drawn in a small size that cannot be visually recognized by humans.

  On the other hand, as described above, in the case of a “bot” having a normal OCR function, the character group 54 shown in FIG. 11D is detected as shown in FIG. The character group 54 can also be recognized in the image (second image T2) displayed as shown in FIG.

  Therefore, when the authentication image shown in FIG. 11A is presented, the character group 42 is read and answered as “AAA” in the case of a normal person. Note that if the “bot” does not have the OCR function, it is impossible to read the character group 42 and the character group 54 shown in FIG. 11C and FIG. ) Cannot be answered for the authentication image shown in FIG.

  Further, if the “bot” has the OCR function but cannot read and interpret the distorted character group 42 shown in FIG. 11C, the distorted character shown in FIG. Since only the group 54 is detected, “BC” is answered to the authentication image shown in FIG.

  In addition to the distorted character group 42 shown in FIG. 11C, a “bot” having an OCR function capable of reading and reading the distorted character group 42 shown in FIG. In order to detect the character group 54 shown in FIG. 11 (d), “AAAABC” is answered to the authentication image shown in FIG. 11 (a).

  In the present embodiment, for example, the server device 20 sets only “AAA” shown in the character group 42 as the correct answer as the answer in the process of S13 of FIG. Further, the server device 20 regards an answer such as “BC” shown in the character group 54 or “AAABC” in which the character group 42 and the character group 54 are combined as an incorrect answer because the answer is “bot”.

  In this way, if the “bot” tries to answer the same character string or the like as the answer that is input by being visually recognized by a normal human being, an advanced character that can detect the distorted character group 42 shown in FIG. In addition to the need for the OCR function, it is necessary to determine whether or not a human can visually recognize the character group 54 shown in FIG. 11D, and more complicated image processing is required.

  As described above, in the first to fifth examples of the authentication image, an advanced OCR function is necessary when trying to answer the same character string or the like as an answer visually input by a normal person. In addition, since it is necessary to introduce a more sophisticated algorithm into image processing for determining whether or not a human can visually recognize, the cost for implementing this inevitably increases.

  That is, both the technical difficulty and cost for passing the visual anti-robot test as shown in the first to fifth examples of the authentication image are increased, so annoying using the “bot”. Anyone who wants to do an action will need more sophisticated hardware or will be forced to reduce the number of nuisance actions per unit time, making the nuisance action less realistic.

  It should be noted that the characters and symbol strings included in the visual anti-robot test image are preferably different for each session.

<Sixth Example of Authentication Image>
Next, a sixth example of the authentication image will be described with reference to FIGS. FIG. 12 is a diagram (No. 1) illustrating a sixth example of the authentication image according to the present embodiment. FIG. 13 is a diagram (No. 2) illustrating a sixth example of the authentication image according to the present embodiment.

  In the sixth example of the authentication image, the server device 20 displays the first image that can be visually recognized by the human and the second that is not visible to the human and that can be recognized by the computer each time the authentication image is displayed. The characters, the types, the number, the order (arrangement), the size, etc. of the image character information constituting the image are displayed at random.

  For example, as shown in FIG. 12A and FIG. 13A, a character group 43 and a character group 44 that can be visually recognized by humans, a character group 55 and characters that cannot be visually recognized by humans and can be recognized by a computer. The type, size, shape, order (arrangement), etc. of the characters constituting each of the groups 56 are changed and presented at random.

  Note that the authentication image shown in FIG. 12A has a character group (for example, ARN) composed of the second color shown in FIG. 12C on the background 32 composed of the first color shown in FIG. ) 43 and a character group (for example, GE) 55 of the third color shown in FIG. 12D are superimposed (overlaid) with an opacity of 100%.

  The background 32 shown in FIG. 12B is filled with, for example, (L *, a *, b *) = (50, 50, 50), and a character group (for example, ARN) 43 shown in FIG. Is filled with, for example, (L *, a *, b *) = (75, −20, −20), and a character group (for example, GE) 55 shown in FIG. a *, b *) = (50, 50, 60).

  Also, the authentication image shown in FIG. 13A is a character group (for example, PKF) made of the second color shown in FIG. 13C on the background 32 made of the first color shown in FIG. ) 44 and a character group (for example, XZ) 56 of the third color shown in FIG. 13D are superimposed (overlaid) with an opacity of 100%.

  The background 32 shown in FIG. 13B is filled with, for example, (L *, a *, b *) = (50, 50, 50), and a character group (eg, PKF) 44 shown in FIG. 13C. Is filled with, for example, (L *, a *, b *) = (75, −20, −20), and a character group (for example, XZ) 56 shown in FIG. a *, b *) = (50, 50, 60).

  For example, as shown in FIGS. 12 (a) and 13 (a), each time an authentication image is displayed (for each test), for authentication between a character group that can be visually recognized by a human and a character group that cannot be visually recognized. By randomly changing the order of placement in the image, it is difficult for the “bot” to guess the position of a character string or the like that is not visible to normal humans, and to deceive the test. And “bot” can be discriminated.

  At the same time, for each test, the type and number of characters and symbols that can be visually recognized by humans and the type and number of characters and symbols that cannot be visually recognized may be changed randomly. Further, it can be surely eliminated.

  In the first to sixth examples of the authentication image described above, only a specific color is described as an example of the background color and the character color, but the color is not actually limited to the color shown in the present embodiment. Any combination of colors that are generally visible to humans for the background and text color, and colors that are generally not visible to humans for the background and text color good. Further, the background color can be displayed not in the entire authentication image but in a part of the area around which characters, symbols, and the like are displayed.

  As described above, according to the embodiment of the present invention, security is improved by performing appropriate user authentication in a service on a computer network.

The invention made by the present inventor has been specifically described based on the preferred embodiments. However, the present invention is not limited to that described in the above embodiments, and various modifications can be made without departing from the scope of the invention. Is possible.

1 Authentication System 10 Client Device 20 Server Device (Authentication Device)
21 input device 22 output device 23 drive device 24 auxiliary storage device 25 memory device 26 arithmetic processing device 27 interface device 28 recording medium 110 input unit 120 display unit 130 communication unit 140 control unit 210 authentication unit 220 authentication image generation unit 230 for authentication Image presentation unit 240 Communication unit 250 Service providing unit 260 Control unit

JP 2008-262549 A

Claims (8)

An authentication device for authenticating the user based on input information from the user,
Authentication image generation means for generating an authentication image that combines a first image that is determined to be visible to a human and a second image that is not visible to the human and is determined to be recognizable by a computer When,
Authentication image presenting means for presenting the authentication image generated by the authentication image generating means to the user;
An authentication apparatus comprising: authentication means for authenticating whether or not the user is a person based on information input based on the authentication image presented by the authentication image presenting means. The second image is
The authentication apparatus according to claim 1, comprising a background color and image character information generated by a color whose color difference with respect to the background color is less than the human visual threshold.   The authentication apparatus according to claim 2, comprising: the background color; and image character information generated by a color having a substantially same brightness difference with respect to the background color.   3. A color difference between a background color constituting the second image and the image character information is present in a direction substantially coincident with a blue-yellow axis direction of a color response space opposite to human color vision. Or the authentication apparatus of 3. The image character information constituting the second image is
The authentication apparatus according to any one of claims 2 to 4, wherein the authentication apparatus is smaller than image character information constituting the first image. The image character information constituting the first and second images is:
The authentication apparatus according to any one of claims 1 to 5, wherein the authentication device is displayed by a random number of characters, a number of symbols, and a random order each time it is displayed. An authentication method in an authentication device for authenticating the user based on input information from the user,
An authentication image generation procedure for generating an authentication image by combining a first image that is determined to be visible to a human and a second image that is not visible to a human and is determined to be recognizable by a computer; ,
An authentication image presentation procedure for presenting the authentication image generated by the authentication image generation procedure to the user;
And an authentication procedure for authenticating whether or not the user is a person based on information input based on the authentication image presented by the authentication image presentation procedure. An authentication program for authenticating the user based on input information from the user,
Computer
Authentication image generation means for generating an authentication image that combines a first image that is determined to be visible to a human and a second image that is not visible to the human and is determined to be recognizable by a computer When,
Authentication image presenting means for presenting the authentication image generated by the authentication image generating means to the user;
An authentication program for functioning as an authentication unit that authenticates whether or not the user is a person based on information input based on the authentication image presented by the authentication image presenting unit.