JP6057471B2 - Authentication system and method using deformed graphic image - Google Patents

Description

  The present invention relates to an authentication technique for verifying the validity of a user who uses a computer.

  In recent years, fraud such as acquiring a large amount of mail accounts from web sites that provide free e-mail services and sending a large amount of junk e-mail using programs such as bots that automatically exchange with servers An act has occurred. In addition, in user-participating content generation systems such as electronic bulletin boards and blogs on the Internet, annoying acts such as acquiring an account using the same technique and posting advertisements that are completely unrelated to the contents of each content frequently occur.

Currently, in order to prevent such fraud and nuisance, CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Human)
Apart) is set as a website, and a system that distinguishes whether access via the Internet is by a human or a computer program and permits only human access has been developed.

  CAPTCHA presents an authentication image in which distorted characters are embedded with respect to the accessed one, and when the authentication image is read and the characters are correctly input, the accessed one is recognized as a human being. This certification is based on the fact that it is easy for humans to read distorted characters and the like, but difficult for computer programs. Until recently, the profits obtained from the above-mentioned fraud / nuisance act did not match the cost required to execute such a program capable of reading the authentication image, and CAPTCHA prevents such fraud / nuisance act. It was an effective method.

  However, protection by CAPTCHA is weakening year by year with the progress of character recognition technology in images by computers, for example, OCR (optical character recognition) technology. There is a report example that CAPTCHA breaks through with a probability of 35%. For such a situation, measures to make CAPTCHA difficult have been repeated, but as a result, there is a problem that it is difficult for humans to decipher.

  Therefore, for example, Patent Document 1 proposes an authentication method in which an image obtained by painting a part of an original image with a color far from the original color is presented to the user, and the user is allowed to select the correct color. In addition, as disclosed in Non-Patent Document 1, for example, a technique for distinguishing between a computer program and a human by repairing a distorted image by operating a slider bar has been developed.

JP 2012-173953 A

minteye, “minteye is breakthrough advertising”, [online], [searched August 30, 2013], Internet <URL: http://www.minteye.com/Advertiser/StartPage.aspx>

  However, in the conventional techniques such as Patent Document 1 and Non-Patent Document 1 described above, there is a risk that the barrier of access prevention by a computer program (bot) may be broken by further development of today's image recognition / image processing technology. Has occurred.

  For example, in the technique described in Patent Document 1, when generating an authentication image to be presented, it is necessary to paint a part of the image so that a human user can easily select a correct color. Since it is necessary to recognize the details of the original image, it is difficult to automatically perform the painting operation. As a result, it becomes difficult to prepare a large amount of authentication images to be presented to the user. For example, if all prepared patterns are stored in a computer, the computer can easily break an access blocking wall.

  On the other hand, in the technique described in Non-Patent Document 1, that is, a method of repairing a distorted image by operating a slider bar, a portion where the sum of edges (differential values of the image) is minimized (a portion where the line in the image is the shortest) ) Has been found to easily break the barrier to access.

  Furthermore, smartphones and tablet computers, which are the most popular terminals in recent years, use a touch panel as a main input interface. In such a terminal, it takes time to input characters as an answer to CAPTCHA. Therefore, an authentication technique that not only prevents access by a computer program but also enables an answer by a simple operation is desired.

  Therefore, the present invention provides an authentication system and an authentication method that can answer an image presented for authentication with an easier operation and can prevent access by a computer program such as a bot with a higher probability. With the goal.

According to the present invention, an authentication system having a terminal and an authentication server,
The terminal
Display control means for displaying an authentication image generated by transforming an image obtained by hollowing out a basic figure image including a plurality of distributed figure images with a recognition target image;
Image deformation control means capable of changing the degree of deformation of the displayed authentication image;
Terminal communication control means for transmitting information including deformation degree information, which is information on the degree of deformation in the displayed authentication image, to the authentication server, and the authentication server includes:
The deformation information included in the received information is compared with the authentication deformation information that is information on the degree of deformation in the authentication image that allows the recognition target image to be visually recognized, and the authentication image corresponding to the received deformation information. A degree-of-deformation determination means for determining whether or not there is a degree of deformation that makes the recognition target image visible
An authenticating system is provided that includes authenticating means for authenticating the terminal when the true degree of determination is made by the deformation degree determining means.

  Here, the authentication image according to the authentication system is an image obtained by performing a deformation that can define the degree of deformation with the value of one scalar variable with respect to the image obtained by hollowing out the basic graphic image with the recognition target image. It is also preferable.

  As one embodiment of the authentication system of the present invention, the authentication server includes an authentication image generating unit that generates an authentication image obtained by deforming an image obtained by hollowing out a basic graphic image with a recognition target image, and the generated authentication image. It is also preferable to further include authentication deformation degree determining means for determining authentication deformation degree information for enabling recognition of the recognition target image and server communication control means for transmitting the authentication image for which the authentication deformation degree information is determined to the terminal.

Further, in the above-described embodiment, the server communication control unit transmits information on the modification method applied when the authentication image generation unit generates the authentication image to the terminal, and the image deformation control unit receives the information. It is also preferable to deform the displayed authentication image based on the deformation method included in the information. In addition, this method of deformation is
(A) a method of rotating each of a plurality of graphic images included in a basic graphic image;
(B) From a group consisting of a method of enlarging or reducing each of a plurality of graphic images included in the basic graphic image, and (c) a method of dividing the basic graphic image into a plurality of regions and moving each of these regions. It is also preferable that it is one selected method.

  In the authentication system of the present invention, it is also preferable that the image deformation control means deforms the authentication image with a degree of deformation corresponding to the position of the operable slider on the displayed seek bar. Furthermore, the terminal has a touch panel, and the image deformation control means is displayed with a degree of deformation corresponding to the contact position on the finger or pointing device moving along a one-dimensional trajectory on the touch panel. It is also preferable to deform the authentication image.

  In the authentication system of the present invention, it is also preferable that the basic graphic image is an image in which a plurality of graphic images in which all end sides are curved are distributed. Furthermore, the recognition target image is also preferably an image in which all the edges are curved.

In the authentication system of the present invention, it is preferable that the authentication server further includes an authentication image storage unit that stores an authentication image generated in advance using each of the plurality of recognition target images. Furthermore, in the embodiment having the server communication control unit, the terminal communication control unit causes the request for service use to be transmitted to the authentication server, and the server communication control unit receives the authentication image when the request for service use is received. Is preferably transmitted to the terminal.

Furthermore, in the embodiment having the server communication control means described above, the authentication server includes a service providing server and an image generation server,
The service providing server includes a server communication control unit that transmits an authentication image request for requesting an authentication image to the image generation server, a deformation degree determination unit, and an authentication unit when receiving a request for service use from a terminal. Have
The image generation server includes an authentication image generation unit, an authentication deformation degree determination unit, and an image generation server communication that receives the authentication image request and transmits the generated authentication image and the determined authentication deformation degree information to the service providing server. It is also preferable to have a control means.

According to the present invention, there is further provided an authentication method for authenticating a terminal,
A first step of displaying an authentication image generated by deforming an image obtained by hollowing out a basic graphic image including a plurality of distributed graphic images with a recognition target image on the terminal so that the degree of deformation can be changed; ,
A second step of acquiring information including deformation degree information, which is information on the degree of deformation in the displayed authentication image;
The deformation information included in the acquired information is compared with the authentication deformation information that is information on the degree of deformation in the authentication image that allows the recognition target image to be visually recognized, and the authentication image corresponding to the acquired deformation information. A third step of determining whether or not there is a degree of deformation that enables the recognition target image to be visually recognized;
If a true determination is made in the third step, an authentication method is provided that includes a fourth step of authenticating the terminal.

  According to the authentication system and the authentication method of the present invention, an image presented for authentication can be answered with an easier operation, and access by a computer program such as a bot can be prevented with higher probability.

It is the schematic which shows one Embodiment of the authentication system by this invention. It is a schematic diagram which shows embodiment which produces | generates the authentication original image before a deformation | transformation from a basic figure image and a recognition object image. It is a schematic diagram which shows one Embodiment which deform | transforms an authentication source image and produces | generates an authentication image. It is a schematic diagram which shows other embodiment which deform | transforms an authentication source image and produces | generates an authentication image. It is a functional block diagram in one Embodiment of the server and terminal which comprise the authentication system by this invention. It is a function block diagram in other embodiment of the server and terminal which comprise the authentication system by this invention. It is a sequence diagram which shows one Embodiment of the authentication method by this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

[Authentication system]
FIG. 1 is a schematic diagram showing an embodiment of an authentication system according to the present invention.

  According to FIG. 1, the authentication system of the present embodiment includes an image generation server 1 and a service providing server 2 that are connected to each other via a network such as the Internet, and further via a network such as the Internet or an access network. An information terminal 3 capable of communication connection with the service providing server 2 is provided. Functionally, it can be considered that the image generation server 1 and the service providing server 2 constitute one authentication server.

  The information terminal 3 can be a smartphone or a tablet computer provided with a touch panel as an input interface. Moreover, a notebook computer provided with a mouse or a touch pad as an input interface, other personal computers, and the like may be used. Usually, a user (human) operates the information terminal 3 to exchange with a server through, for example, a browser, and uses services such as e-mail, electronic bulletin board, and blog.

  The service providing server 2 provides services such as an electronic mail, an electronic bulletin board, and a blog to the information terminal 3, and gives an account for the provision. At this time, it is determined whether or not the information terminal 3 is operated by a human, and an “authentication image” for authentication is transmitted to the information terminal 3 in order to give authentication only to the human (user). The image generation server 1 generates an “authentication image” for authentication in response to a request from the service providing server 2 and transmits it to the service providing server 2.

  When the service providing server 2 receives a service request, which is a request related to service use, from the information terminal 3 (step S1), the service providing server 2 transmits an authentication image request for requesting an “authentication image” to the image generation server 1 (step S2). . Upon receiving the authentication image request, the image generation server 1 selects one “basic graphic image” and one “recognition target image” selected from a large number of “basic graphic images” and “recognition target images” stored in advance. One “authentication image” is generated.

  Here, as will be described in detail later with reference to FIG. 2, the “basic graphic image” is an image including a plurality of distributed graphic images, and the “recognition target image” is an image such as a character, a symbol, or a graphic. is there. The “authentication image” is an image generated by deforming an image (authentication source image) obtained by hollowing out the “basic graphic image” with the “recognition target image”.

Next, the image generation server 1
(A) the generated “authentication image”;
(B) “Authentication deformation degree information”, which is information on the degree of deformation in the “authentication image” that allows the “recognition image” to be visible in the “authentication image”, is transmitted to the service providing server 2 (step S3). Here, the image generation server 1 transmits to the service providing server 2 together with “deformation method information” which is information on the deformation method used when generating the “authentication image”, which will be described in detail later. It is also preferable to do.

  Here, the “authentication image” generated by the image generation server 1 defines the degree of deformation (degree of deformation) with the value of one scalar variable for the image obtained by hollowing out the “basic graphic image” with the “recognition target image”. It is preferable that the image has undergone deformation that can be performed. As a result, the degree of deformation of the displayed “authentication image” can be changed, for example, by moving the slider on the seek bar. As a result, at the time of user authentication, it is possible to find out the degree of deformation that can visually recognize a “recognition target image” that is generally unrecognizable by a computer program, with an easy operation.

  Next, the service providing server 2 transmits the received “authentication image” to the information terminal 3 (step S4). Here, it is also preferable to transmit the “deformation method information” received from the image generation server 1 to the information terminal 3 together. The information terminal 3 displays the received “authentication image” and allows the user to change the degree of deformation of the “authentication image”. Specifically, for example, the user moves the finger while touching the slider of the seek bar displayed on the touch panel display, and changes the degree of deformation until the “recognition target image” is visually recognized in the “authentication image”.

  As a change mode, the user may change the degree of deformation of the “authentication image” by tapping an icon for changing the degree of deformation (for example, an icon for increasing the degree of deformation and an icon for decreasing the degree of deformation) once or more. Also in this case, the degree of deformation is determined by the value of one scalar variable called the number of taps. Further, the user may change the degree of deformation of the “authentication image” by an operation such as click-and-drag using the mouse. In addition, the user who presented the “authentication image” outputs text, emphasis display, voice, or the like that urges the user to change the deformation level of the “authentication image” so that the “recognition target image” can be visually recognized. It is also preferable. Furthermore, it is also preferable to display / install an icon or button that can determine the “authentication image” (the degree of deformation) whose degree of deformation has been changed by the user.

The information terminal 3 transmits “deformation degree information”, which is information on the degree of deformation in the “authentication image”, or information including the information (for example, the “authentication image” itself in which the deformation degree is changed) to the service providing server 2. (Step S5). The service providing server 2
(A) the received “deformation degree information” (included in the information);
(B) The “deformation degree information” received from the image generation server 1 is compared with authentication deformation degree information that is information on the degree of deformation in the “authentication image” that allows the “recognition target image” to be visually recognized. It is determined whether or not the “authentication image” corresponding to is in a degree of deformation that allows the “recognition target image” to be visually recognized.

  The service providing server 2 authenticates the information terminal 3 and notifies the information terminal 3 of the authentication when the true determination is made, that is, when it is determined that the “recognition target image” is in a degree of deformation. Or providing the requested service (step S6).

  As described above, in the authentication system and method of the present embodiment, the degree of deformation of the “authentication image” is simply changed until the user visually recognizes the “recognition target image” by an easy operation such as a seek bar slide operation. Thus, it is possible to distinguish whether the access subject is a human or a computer program (bot). That is, the user does not need to answer information (recognition target image) hidden in the “authentication image”, and can make a reply for authentication simply by performing an easier operation on the “authentication image”. .

  In general, image recognition is technically more advanced than character recognition. Therefore, in this authentication system and method, access by a computer program becomes more difficult than in the conventional technique for reading characters. In particular, recognizing the “recognition target image” from the cut-out portion of the “basic figure image” is because the outline of the “recognition target image” is missing in some places. It is very difficult. As a result, it is almost impossible to recognize the “basic graphic image” by adjusting the deformation degree of the “authentication image”.

  On the other hand, in human vision, the “recognition target image” can be visually recognized by the function of complementation in the brain despite the lack of the outline. Therefore, by using the “authentication image” according to the present invention, it is possible to reliably authenticate humans while preventing access by a computer program such as a bot with a sufficiently high probability.

[Authentication image]
FIG. 2 is a schematic diagram illustrating an embodiment in which an authentication source image before deformation is generated from a basic graphic image and a recognition target image.

  According to FIG. 2A, the authentication source image is an image obtained by hollowing out a “basic graphic image” including a plurality of distributed graphic images with a “recognition target image”. In the present embodiment, the plurality of graphic images constituting the “basic graphic image” are circular images having the same size (diameter) and black inside (for example, pixel value 255), and these circular images Are aligned in a distributed manner at each grid point position of the square grid on a white background (for example, pixel value 0). Further, the “recognition target image” is an image obtained by converting the character “?” Into a graphic in the present embodiment. In FIG. 2A, the boundary of the figure is represented by a broken line, but actually, the “recognition target image” does not have such a broken line boundary, and the inside and the end (for example, pixel value 0) are present. It is good also as an image which is white.

  To cut out a “basic figure image” in this “recognition target image”, superimpose the “recognition target image” on the “basic figure image” and then out of the figure image part (black part) of the “basic figure image” The color of the portion where the “recognition target image” is superimposed is set to the background color (white) of the “basic graphic image”. Here, the graphic image portion converted to the same color as the background color (white) can be regarded as a missing portion of the graphic image as a result.

  In the authentication source image generated in this way, the outline of the “?” Graphic image, which is the “recognition target image”, is divided. That is, only the edge of the graphic image portion cut out of the “basic graphic image” forms a contour portion. Here, according to human vision, the “recognition target image” which is the “?” Graphic image can be visually recognized by the function of complementation in the brain even though the outline is missing in this way.

  On the other hand, in the case of a computer program such as a bot, it is possible to recognize the edge of the cutout graphic image portion as an edge of the pixel value distribution. However, it is very difficult to recognize a “recognition target image” by estimating one contour from the edges of graphic image portions that are separated from each other. This is due to the fact that, even if the edges of two graphic image portions are adjacent to each other, it is generally difficult to determine these edges as two parts of one contour.

  According to FIG. 2B, as a modification mode, the “basic graphic image” includes a plurality of graphic images (circular images) that are not arranged in a square lattice but are randomly distributed. The “?” Graphic image that is the “recognition target image” is cut out from the “image”, and the authentication source image is generated. Even in this case, the “recognition target image” is visually recognized according to human vision, but on the other hand, the “recognition target image” cannot be generally recognized by the computer program. Thus, various modes are possible for the distribution of a plurality of graphic images of the “basic graphic image”.

  However, when the “basic graphic image” is cut out with the “recognition target image”, it is preferable to superimpose the “recognition target image” so that the outline of the “recognition target image” crosses the graphic image more than a predetermined level. Moreover, it is preferable that the plurality of graphic images are distributed in such a degree (density) that it is possible to do so. Accordingly, it is possible to more reliably ensure a situation in which the “basic target image” can be viewed from the “authentication image” by a human.

  Moreover, as the distributed graphic image, a plurality of types of shapes and sizes may be mixed. It is also possible to use images in which characters and symbols are made into figures. Furthermore, there may be graphic images partially overlapping each other. On the other hand, as the “recognition target image”, various images can be adopted as long as they are images of characters, symbols, figures, or the like.

  Moreover, it is preferable that the distributed figure image is a figure which makes all the edge sides curved like a circle or an ellipse. This is because, in human vision, a curved edge that is not related to the hollowed out image portion is less likely to be mistaken for the outline of the “recognition target image”, and the “recognition target image” is visually recognized. This is because it is difficult to disturb the situation. However, as shown in FIG. 2C, it is also possible to use a graphic image having a straight edge, for example, a square, a rectangle, a triangle, a rhombus, a star or a fan.

  Furthermore, it is preferable that the “recognition target image” is also an image in which all end sides are curved like “?” Described above. This is because, in a computer program such as a bot, even if the edges of two graphic image portions are adjacent to each other, these edges are curved in the case of a curved line as compared with the case of a straight line. Is more difficult to determine as being two parts of a contour. However, naturally, as shown in FIG. 2C, a graphic image having a straight edge, for example, a Chinese character graphic such as “Left” or an alphabetic character such as “A” is used as the “recognition target image”. It is also possible to use it.

  Further, the color and background color of the graphic image of the “basic graphic image” are naturally not limited to black and white, respectively. Each other gray scale color may be used, and the brightness of the color of the graphic image may be higher than the background color. In any case, it is preferable that there is a difference in brightness between the color of the graphic image and the background color so that the edge of the cutout graphic image portion can be easily recognized.

  Furthermore, the color and background color of the graphic image can be colors having various saturations and hues. However, it is preferable that the color and background color of the graphic image of the “basic graphic image” are a total of two colors such as black and white, or blue-violet and yellow, respectively. That is, it is preferable to use one color for a plurality of graphic images and use the other color for an image portion obtained by cutting out the background and the graphic image. Of course, it is also possible to use a plurality of colors for a plurality of graphic images and their backgrounds and to assign a plurality of colors to the “recognition target image”. However, by limiting the colors used to the two colors as described above, it is possible to more reliably avoid the situation where the computer program can complement the contours based on the color boundary / arrangement information.

  FIG. 3 is a schematic diagram illustrating an embodiment in which an authentication image is generated by deforming an authentication source image.

  According to FIG. 3A, the authentication source image is obtained by hollowing out a “basic graphic image” including a plurality of arranged circular images (graphic images) with a “recognition target image” that is a graphic character “?”. It is an image. Here, the authentication source image is deformed by rotating each circular image including the cutout image portion, and an “authentication image” is generated as shown in FIG. In this “authentication image”, each circular image including a hollowed portion rotates about its own center by 40 degrees (°) clockwise, and as a result, the “recognition target image” is not visually recognized. It is in a state.

  According to FIG. 3B, this “authentication image” is displayed on a screen of a touch panel display of the information terminal 3, for example, and a seek bar is also displayed on the screen. In this embodiment, the slider can be slid by moving the finger while bringing the finger into contact with the slider of the seek bar, and the rotation angle of each displayed circular image can be changed. Here, the degree of deformation of the “authentication image” is defined by one scalar value called the rotation angle θ of each circular image, and the value of the rotation angle θ (−180 ° <θ ≦ 180) at each position in the slider in one dimension. °) is associated. As described above, the “authentication image” according to the present invention can be changed to an image corresponding to the received degree of deformation upon receiving an instruction of the degree of deformation due to an external operation.

  Here, the user searches the slider position where the “recognition target image” appears (viewed) in the “authentication image” while sliding the slider with a finger. Next, when the “authentication image” is visually recognized, the operation on the seek bar is stopped, and the deformation determination icon (not shown) is tapped. At this time, the rotation angle θ representing the degree of deformation determined after being visually recognized is a value within a narrow angle range including 0 °.

  It should be noted that the method of rotating the graphic image may be different for each graphic image. For example, each graphic image may have a different rotation angle, or a clockwise rotation and a counterclockwise rotation may be mixed. Furthermore, there may be a graphic image that does not rotate. In any case, the degree of deformation of the “authentication image” due to the rotation of the graphic image may be defined by one scalar variable (for example, the slider position).

  FIG. 4 is a schematic diagram showing another embodiment for generating an authentication image by deforming an authentication source image.

  According to the embodiment of FIG. 4A, the “authentication image” is generated by enlarging or reducing each circular image (graphic image) including the cutout image portion to deform the authentication source image. . In this “authentication image”, each circular image including a hollowed out portion is enlarged or reduced at a predetermined enlargement ratio or reduction ratio with a predetermined position (for example, the center of itself) as the origin.

  Here, the plurality of graphic images constituting the “basic graphic image” are preferably graphics having different sizes. For example, the “basic graphic image” is preferably composed of circular images having various different diameter values. This avoids a situation in which the computer program changes the degree of deformation and estimates that it is an authentication source image (the degree of deformation is zero) when all the graphic images have the same size (diameter). be able to.

  Similarly, according to FIG. 4A, this “authentication image” is also displayed on the screen of the information terminal 3, for example, a touch panel display, and a seek bar is also displayed on the screen. In this embodiment, it is possible to change the enlargement ratio or reduction ratio of each circular image by bringing the finger into contact with the slider of the seek bar and moving the finger to slide the slider. Here, the degree of deformation of the “authentication image” is an enlargement ratio or a reduction ratio for each circular image, but if one is determined by any of the enlargement ratios or reduction ratios of the circular images, the enlargement ratios of the other circular images are determined. Alternatively, the reduction rate is also determined. Accordingly, the degree of deformation of the “authentication image” is defined by the value of one scalar variable, and a set of enlargement ratio or reduction ratio for each circular image can be associated with each position of the slider arranged in one dimension.

  Here, the user searches the slider position where the “recognition target image” appears (viewed) in the “authentication image” while sliding the slider with a finger. Next, when the “authentication image” is visually recognized, the operation on the seek bar is stopped, and the deformation determination icon (not shown) is tapped. At this time, the set of enlargement ratios or reduction ratios representing the determined degree of deformation falls within a set of values within a narrow range including the case where all the enlargement ratios or reduction ratios are zero.

  Note that the method of enlarging / reducing the graphic image may be different for each graphic image. For example, each graphic image may have a different enlargement ratio or reduction ratio, or an enlarged image and a reduced image may be mixed. Further, there may be a graphic image that is neither enlarged nor reduced. In any case, the degree of deformation of the “authentication image” by enlarging / reducing the graphic image may be defined by one scalar variable.

  According to the embodiment of FIG. 4B, the “authentication image” is generated by dividing the “basic graphic image” into a plurality of areas and moving each of the areas. In this “authentication image”, a “basic figure image” is divided into five regions arranged vertically, with a range including five circular images arranged side by side as one region, and these five regions are sequentially arranged from the top. The right side, the left side, the right side, the left side, and the right side are translated by a predetermined amount of movement.

  Similarly, according to FIG. 4B, this “authentication image” is also displayed on the screen of the information terminal 3 such as a touch panel display, and a seek bar is also displayed on the screen. In this embodiment, a finger can be brought into contact with the slider of the seek bar and the slider can be slid by moving the finger to change the amount of movement to the right or left side of each region. Here, the degree of deformation of the “authentication image” is the amount of movement for each region, but if one of the amounts of movement of any region is determined, the amount of movement of other regions is also determined. Accordingly, the degree of deformation of the “authentication image” is defined by the value of one scalar variable, and a set of movement amounts for each area can be associated with each position of the seek bar arranged in one dimension.

  Here, the user searches the slider position where the “recognition target image” appears (viewed) in the “authentication image” while sliding the slider with a finger. When the “authentication image” is visually recognized, the operation on the seek bar is stopped, and the deformation determination icon (not shown) is tapped. At this time, the set of movement amounts of the area representing the determined degree of deformation falls within a set of values within a narrow range including the case where all the movement amounts are zero.

  The method of dividing the “basic graphic image” is not limited to the above-described form. Further, the amount of movement and the direction of movement of each of the divided areas can be various forms. However, it is preferable that the division of the “basic graphic image” is performed so that the dividing line that determines the boundary of the region does not cross the graphic image. This is because when the dividing line crosses the graphic image and the separated parts of the graphic image belong to adjacent (different) areas, the computer program causes the separated parts to match the edges. This is because there is a possibility that the relative position of the region that becomes one graphic image is estimated as the position corresponding to the authentication source image.

  FIG. 5 is a functional configuration diagram of an embodiment of a server and a terminal constituting the authentication system according to the present invention.

[Image generation server 1]
In FIG. 5, the authentication system of the present embodiment includes an image generation server 1, a service providing server 2, and an information terminal 3. Among these, the image generation server 1 includes a communication interface 101 and a processor memory. Here, the processor memory includes an image generation server communication control unit 111, an authentication image generation unit 112, an authentication image storage unit 113, and an authentication deformation degree determination unit 114 as function components. The function is realized by executing.

  The authentication image generation unit 112 generates an “authentication image” obtained by transforming an image obtained by hollowing out the “basic graphic image” with the “recognition target image”. This “authentication image” makes it possible to visually recognize the “recognition target image” (authentication image) by adjusting the degree of deformation expressed by the value of one scalar variable.

Further, the authentication image generation unit 112 determines “deformation method information” that is information on the deformation method used when generating the “authentication image”. Here, the deformation method is, for example,
(A) A method of rotating each of a plurality of graphic images included in a “basic graphic image” as shown in FIG.
(B) A method of enlarging or reducing each of a plurality of graphic images included in the “basic graphic image” as shown in FIG. 4A, or (c) as shown in FIG. For example, the “basic graphic image” is divided into a plurality of areas and each of the areas is moved.

  In the case of the deformation method (a), the “deformation method information” can include information such as the deformation by rotation of the graphic image and the center, direction, and degree of rotation of each graphic image. Further, in the case of the deformation method (b), the “deformation method information” is a deformation caused by enlargement / reduction of a graphic image, and the origin of enlargement / reduction of each graphic image, the type of enlargement / reduction, and the degree thereof. Information can be included. Further, in the case of the deformation method (c), the “deformation method information” is information about the deformation by movement of the divided areas, the setting of each area (dividing line), the direction of movement of each area, and the degree thereof. Can be included.

  Actually, in order to display the “authentication image” on the touch panel display 302 of the information terminal 3 so that the degree of deformation can be changed, the information terminal 3 uses the “authentication image” acquired by, for example, the operation of the seek bar. It is necessary in advance to define how to deform. “Deformation method information” is transmitted to the information terminal 3 as this necessary rule.

  The authentication image storage unit 113 stores an “authentication image” generated in advance using each of a plurality of “recognition target images”. It is also preferable to generate and store an “authentication image” using each of a plurality of “basic graphic images”. By holding a large number of generated “authentication images” in advance or by holding a large number of “recognition target images” and “basic graphic images” in advance, a large number of users (information terminals 3) The request that requires authentication can be appropriately processed.

  The authentication deformation degree determination unit 114 determines “authentication deformation degree information” including information on the degree of deformation that makes it possible to visually recognize the “recognition target image” in the generated “authentication image”. Here, since the “authentication image” is generated by modifying the authentication source image, when the degree of deformation of the “authentication image” is changed to zero, the modified “authentication image” is the authentication source image. And the “recognition target image” is visible. Therefore, the “authentication deformation degree information” includes information that the degree of deformation takes a value within a predetermined range including zero.

  The image generation server communication control unit 111 communicates the “authentication image” generated in response to the received authentication image request and the determined “authentication deformation degree information”, and further the determined “deformation method information” as a communication interface. It is transmitted to the service providing server 2 via 101.

[Service providing server 2]
The service providing server 2 includes a communication interface 201 and a processor memory. Here, the processor memory includes a service providing server communication control unit 211, a deformation degree determination unit 212, an authentication unit 213, and a service processing unit 221 as function components, and executes a program. To realize its function.

  When the service providing server communication control unit 211 receives a service request from the information terminal 3 via the communication interface 201, the service providing server communication control unit 211 transmits an authentication image request for requesting an “authentication image” to the image generation server 1 via the communication interface 201. Let Further, the “authentication image” received from the image generation server 1 (“authentication deformation degree information” determined) is transmitted to the information terminal 3 via the communication interface 201. The service providing server communication control unit 211 may further cause the “deformation method information” received from the image generation server 1 to be transmitted to the information terminal 3 via the communication interface 201.

  When the deformation degree determination unit 212 receives “deformation degree information” that is a deformation result of the “authentication image” by the user's operation from the information terminal 3, the “deformation degree information” and the “deformation degree information” received from the image generation server 1. The “authentication deformation degree information” is compared, and the “authentication image” displayed on the information terminal 3 (corresponding to the received “deformation degree information”) is in a degree of deformation that makes it possible to visually recognize the “recognition target image”. Or not (whether or not the degree of deformation is within a predetermined range including zero).

Specifically, for example, in the case of deformation by rotation of the graphic image shown in FIG. 3B, the “authentication deformation information” indicates the range of the rotation angle θ of the graphic image to be authenticated as −θ _a <θ. <Θ _b (θ _a and θ _b are positive threshold constants) is included. In this case, when the rotation angle θ of the graphic image included in the “deformation degree information” received from the information terminal 3 is θ _ter , if −θ _a <θ _ter <θ _b , the value is displayed on the information terminal 3. If it is determined that the “authentication image” has a degree of deformation that allows the “recognition target image” to be visually recognized, and θ _ter ≦ −θ _a or θ _b ≦ θ _ter , the “recognition target image” can be viewed. It is determined that there is no degree of deformation.

  The authentication unit 213 is the transmission source of the “deformation degree information” when the deformation degree determination unit 212 determines that the true determination, that is, the “recognition target image” is in a degree of deformation that can be visually recognized. The information terminal 3 is authenticated.

  The service processing unit 221 outputs a service for the information terminal 3 that is the transmission source of the service request and has been authenticated by the authentication unit 213 to the service providing server communication control unit 211 so as to transmit to the information terminal 3.

[Information terminal 3]
The information terminal 3 includes a communication interface 301, a touch panel display 302, and a processor memory. Here, the processor memory includes a terminal communication control unit 311, a display control unit 312, and an image deformation control unit 313 as function configuration units, and realizes the functions by executing a program.

  The touch panel display 302 can detect the contact position on the display screen of the user's finger or the pointing device (pointer) held by the user, and can output information on the contact position to the image deformation control unit 313. In addition, a display signal from the display control unit 312 can be input to display an “authentication image” for authentication. The display control unit 312 causes the touch panel display 302 to display the “authentication image” received from the service providing server 2 and modified by the image deformation control unit 313 with a predetermined deformation mode and degree. .

  The terminal communication control unit 311 transmits a service request to the service providing server 2 via the communication interface 301 based on a request from the application processing unit that has input a service reception instruction by, for example, a user operation on the touch panel / display 302. . Further, the terminal communication control unit 311 sends information including “deformation degree information”, which is information on the degree of deformation of the “authentication image” displayed on the touch panel display 302, to the service providing server 2 via the communication interface 301. Send it.

  The image deformation control unit 313 can change the degree of deformation of the “authentication image” displayed on the touch panel display 302. Specifically, based on the “deformation method information” input (received) from the terminal communication control unit 313, the mode of deformation of the “authentication image” is grasped, and for example, an operation on the seek bar displayed on the touch panel display 302 The degree of deformation corresponding to the position of the slider is calculated, the deformation state of a plurality of graphic images (including the cutout portion) is determined, and the “authentication image” having the corresponding degree of deformation is displayed on the touch panel display 302. .

  Here, instead of the touch panel display 302, the degree of deformation of the “authentication image” can be changed by using a display and a mouse or a touch pad.

An authentication system different from the authentication system described above can be provided by using an authentication source image generated from a “basic graphic image” and a “recognition target image”. In this authentication system,
(A) The information terminal is executed by displaying an authentication source image obtained by hollowing out a “basic graphic image” including a plurality of distributed graphic images with a “recognition target image” as an authentication image, and visually viewing the displayed authentication image. Receiving the user's input operation, acquiring “recognition target information”, which is information related to the “recognition target image” that has been cut out, and transmitting the information including the acquired “recognition target information” to the authentication server ,
(B) The authentication server determines whether or not the “recognition target information” included in the received information matches the information related to the “recognition target image”. Authenticate the information terminal.

  In this case, an authentication source image obtained by hollowing out the “basic graphic image” with the “recognition target image” is used as the authentication image. With this authentication source image, if it is a human, the “recognition target image” can be visually recognized by the function of visual brain complementation, but it is very difficult to recognize the “recognition target image” with a computer program such as a bot. It is. As a result, it is possible to authenticate only humans by distinguishing humans from computer programs.

  In this authentication system, the user's input operation on the information terminal may draw or trace a visually recognized “recognition target image” with a pointing device such as a finger or a stylus on a touch panel or a touch pad, for example.

  FIG. 6 is a functional configuration diagram of another embodiment of a server and a terminal constituting an authentication system according to the present invention.

[Authentication Server]
In FIG. 6, the authentication system of this embodiment includes an authentication server 1 ′ and an information terminal 3. Here, the authentication server 1 ′ has a form composed of the image generation server 1 (FIG. 5) and the service providing server 2 (FIG. 5), and the functions of both servers are combined into one.

  Specifically, the authentication server 1 ′ includes an authentication server communication control unit 111 ′ corresponding to the image generation server communication control unit 111 (FIG. 5) and the service providing server communication control unit 211 (FIG. 5), and an authentication image generation unit 112. An authentication image generation unit 112 ′ corresponding to (FIG. 5), an authentication image storage unit 113 ′ corresponding to the authentication image storage unit 113 (FIG. 5), and an authentication modification corresponding to the authentication deformation degree determination unit 114 (FIG. 5). Degree determination unit 114 ′, deformation degree determination unit 212 ′ corresponding to deformation degree determination unit 212 (FIG. 5), authentication unit 213 ′ corresponding to authentication unit 213 (FIG. 5), and service processing unit 221 (FIG. 5) ) As a functional component.

In the authentication server 1 ′, compared with the system of FIG.
(A) Transmission / reception of an authentication image request (step S2 in FIG. 1);
(B) Transmission / reception of “authentication image”, “authentication deformation degree information”, and “deformation method information” (step S3 in FIG. 1) is replaced with input / output in the server. Even such an authentication server 1 ′ can constitute an authentication system according to the present invention, eliminate bots, etc., and give appropriate authentication to the user.

[Authentication method]
FIG. 7 is a sequence diagram showing an embodiment of an authentication method according to the present invention.

(S701) The image authentication server 1 previously generates and stores an “authentication image” from a plurality of “basic graphic images” and a large number of “recognition target images”.
(S702) The information terminal 3 transmits to the service providing server 2 a service request related to desired service use (such as e-mail, electronic bulletin board, and blog).
(S703) Upon receiving the service request, the service providing server 2 transmits an authentication image request for requesting an “authentication image” for authentication to the image generation server 1.

(S704) Upon receiving the authentication image request, the image generation server 1 selects one for authentication from “authentication images” generated and stored in advance.
(S705) The image generation server 1 provides the generated and selected “authentication image”, “deformation method information” used at the time of generation, and “authentication deformation level information” determined at the time of generation. Send to server 2.
(S706) The service providing server 2 transmits the received “authentication image” and “transformation method information” to the information terminal 3 that is the source of the service request.

(S707) The information terminal 3 displays the received “authentication image” on the display (touch panel display 302 (FIG. 3)).
(S708) The information terminal 3 transforms the “authentication image” displayed in response to an operation by the user (for example, operation of a seek bar).
(S709) The information terminal 3 acquires the deformation degree of the “authentication image” finally determined by the user as “deformation degree information”.

(S710) The information terminal 3 transmits the acquired “deformation degree information” or information including the “deformation degree information” (for example, the authentication image itself for which the degree of deformation has been determined) to the service providing server 2.
(S711) The service providing server 2 compares the received “deformation degree information” with the “authentication deformation degree information” acquired from the image generation server 1, and the “authentication image” can visually recognize the “recognition target image”. It is determined whether the degree of deformation is present (whether the degree of deformation is within a predetermined range including zero).
(S712) If the determination in step S711 is true (Yes), the service providing server 2 may send a notification of authentication to the information terminal 3, or a service corresponding to the service request May be sent.
(S721) On the other hand, if a false (No) determination is made in step S711, the service providing server 2 transmits an authentication failure notification, which is a notification indicating that authentication is not performed, to the information terminal 3.

  As a modification, the image generation server 1 stores a plurality of “basic graphic images” and a large number of “recognition target images” in advance in step S701, and in step S704, selects one “basic graphic image” and One “recognition image” may be selected to generate an “authentication image”. Further, as a further modification, the information terminal 3 can generate and display an “authentication image” from the “basic graphic image” and the “recognition target image” acquired or held. Furthermore, the image generation server 1 and the information terminal 3 may previously hold a “basic graphic image” and a “recognition target image”, respectively, or a “recognition target image” and a “basic graphic image”, respectively. In this case, the image generation server 1 transmits the retained “basic graphic image” (“recognition target image”) to the information terminal 3 via the service providing server 2, and the information terminal 3 receives the received “basic graphic image”. "(Recognition target image") and "recognition target image" ("basic graphic image") stored in advance, an "authentication image" is generated and displayed to the user.

  As described above in detail, according to the present invention, the user only changes the degree of deformation of the “authentication image” by an easy operation such as a seek bar operation so that the “recognition target image” can be visually recognized. Thus, it is possible to distinguish whether the access subject is a human or a computer program (bot). That is, the user can reply to the image presented for authentication with an easier operation.

  In general, image recognition is technically more advanced than character recognition. Therefore, in this authentication system and method, access by a computer program becomes more difficult than in the conventional technique for reading characters. In particular, since the contour of the “recognition target image” is divided in the “authentication image”, it is very difficult for the computer program to recognize the “recognition target image” by estimating the entire contour from the edge of the image. Become. As a result, access by a computer program such as a bot can be blocked with higher probability.

  For the various embodiments of the present invention described above, various changes, modifications, and omissions in the technical idea and scope of the present invention can be easily made by those skilled in the art. The above description is merely an example, and is not intended to be restrictive. The invention is limited only as defined in the following claims and the equivalents thereto.

1 Image generation server 1 ′ Authentication server 101, 101 ′, 201, 301 Communication interface 111 Image generation server communication control unit 111 ′ Authentication server communication control unit 112, 112 ′ Authentication image generation unit 113, 113 ′ Authentication image storage unit 114, 114 ′ Authentication Deformation Determining Unit 2 Service Providing Server 211 Service Providing Server Communication Control Unit 212, 212 ′ Deformation Determining Unit 213, 213 ′ Authentication Unit 221, 221 ′ Service Processing Unit 3 Information Terminal 302 Touch Panel Display 311 Terminal Communication Control Unit 312 Display control unit 313 Image deformation control unit

Claims (13)

An authentication system having a terminal and an authentication server,
The terminal
Display control means for displaying an authentication image generated by transforming an image obtained by hollowing out a basic figure image including a plurality of distributed figure images with a recognition target image;
Image deformation control means capable of changing the degree of deformation of the displayed authentication image;
Terminal communication control means for transmitting information including deformation degree information, which is information on the degree of deformation in the displayed authentication image, to the authentication server, and the authentication server includes:
The deformation information included in the received information is compared with authentication deformation information that is information on the degree of deformation in the authentication image that enables the recognition target image to be visually recognized, and corresponds to the received deformation information. A degree-of-deformation determination means for determining whether the authentication image to be is in a degree of deformation that enables the recognition target image to be visually recognized;
An authentication system comprising: an authenticating unit that authenticates the terminal when the deformation determination unit makes a true determination.   The authentication image is an image obtained by performing a deformation that can define a degree of deformation with a value of one scalar variable with respect to an image obtained by hollowing out the basic graphic image with the recognition target image. The authentication system according to claim 1. The authentication server is
Authentication image generation means for generating an authentication image obtained by performing the deformation on the image obtained by hollowing out the basic figure image with the recognition target image;
Authentication deformation degree determining means for determining the authentication deformation degree information that enables the recognition target image in the generated authentication image to be visually recognized;
3. The authentication system according to claim 1, further comprising server communication control means for transmitting the authentication image for which the authentication deformation degree information is determined to the terminal. The server communication control unit transmits information on a modification method applied when the authentication image generation unit generates the authentication image to the terminal.
The authentication system according to claim 3, wherein the image deformation control unit deforms the displayed authentication image based on the deformation method included in the received information.   The deformation method includes a method of rotating each of the plurality of graphic images included in the basic graphic image, a method of expanding or reducing each of the plurality of graphic images included in the basic graphic image, and the basic graphic image. The authentication system according to claim 4, wherein the authentication system is one method selected from the group consisting of a method of dividing each of the regions and moving each of the regions.   6. The authentication according to claim 1, wherein the image deformation control unit deforms the authentication image with a degree of deformation corresponding to a position of an operable slider on the displayed seek bar. system. The terminal has a touch panel,
The image deformation control unit is configured to deform the displayed authentication image with a degree of deformation corresponding to a contact position on a finger or pointing device that moves along a one-dimensional trajectory on the touch panel. The authentication system according to any one of claims 1 to 6.   The authentication system according to any one of claims 1 to 7, wherein the basic graphic image is an image in which a plurality of graphic images having curved edges at all ends are distributed.   The authentication system according to any one of claims 1 to 8, wherein the recognition target image is an image in which all edges are curved.   The authentication server according to claim 1, further comprising an authentication image storage unit that stores an authentication image generated in advance using each of a plurality of recognition target images. system. The terminal communication control means transmits a request for service use to the authentication server,
Said server communication control means, when receiving a request relating to the service, the authentication system according to any one of claims 3 to 5, characterized in that to transmit the authentication image to the terminal. The authentication server includes a service providing server and an image generation server,
When the service providing server receives a request for service use from the terminal, the server communication control means for transmitting an authentication image request for requesting the authentication image to the image generation server, the deformation degree determination means, The authentication means,
The image generation server receives the authentication image generation means, the authentication deformation degree determination means, and the authentication image request, and sends the generated authentication image and the determined authentication deformation degree information to the service providing server. The authentication system according to claim 3, further comprising: an image generation server communication control unit for transmission. An authentication method for authenticating a terminal,
A first step of displaying an authentication image generated by deforming an image obtained by hollowing out a basic graphic image including a plurality of distributed graphic images with a recognition target image on the terminal so that the degree of deformation can be changed; ,
A second step of acquiring information including deformation degree information, which is information on the degree of deformation in the displayed authentication image;
The deformation information included in the acquired information is compared with authentication deformation information that is information on the degree of deformation in the authentication image that enables the recognition target image to be visually recognized. A third step of determining whether or not the corresponding authentication image has a degree of deformation that enables the recognition target image to be visually recognized;
An authentication method comprising: a fourth step of authenticating the terminal when a true determination is made in the third step.

Images