KR101748136B1

KR101748136B1 - Method for certification using digital image, application system, and authentication system thereof

Info

Publication number: KR101748136B1
Application number: KR1020150131135A
Authority: KR
Inventors: 김동진; 박경자; 심충섭; 이진원; 김대진; 김우현
Original assignee: 주식회사 씽크풀
Priority date: 2015-06-26
Filing date: 2015-09-16
Publication date: 2017-06-28
Also published as: KR20170001931A; KR20170001932A; KR20170001933A; KR20170001934A; KR20170001930A; KR101725219B1

Abstract

An application system installed in a portable terminal is disclosed. The application system comprising: an image acquisition module for acquiring at least one digital image directed to an object through an image capturing means of a portable terminal; a transmitter for transmitting the at least one digital image acquired by the image acquisition module to an authentication system Wherein when the at least one digital image is received by the authentication system, based on the received at least one digital image, whether the digital image has captured a three-dimensional physical object or a two-dimensional image Is authenticated, authentication is performed to authenticate a user corresponding to the object or whether the object is actually photographed, and the image acquisition module is configured to acquire at least one of the at least one digital image To an active light image And said object characterized in that for obtaining a plurality of images taken from different angles.

Description

TECHNICAL FIELD [0001] The present invention relates to an authentication method using a digital image, an application system therefor, a digital image determination system, and an authentication system,

The present invention relates to a system and method for authenticating a user using a digital image, and more particularly, to a system and method for authenticating a user using verification information that can be obtained by a digital image.

Recently, various online services such as online commerce, internet banking, online certificate issuance and the like have been provided. Because of the nature of these services, it is very important that they authenticate themselves to ensure that the user has the right to use the service.

The most obvious authentication method is to visit a bank or a certificate issuing organization directly. However, since the visit is very cumbersome, the facial photograph, own identification card or other authentication means are scanned or photographed and transmitted to the certification body online. Non-face authentication technology is emerging that performs identity verification through transmitted pictures.

However, when the current non-face authentication technology is used, there is a problem that a problem that the photo is stolen, forged or exploited by a hacker or the like can not be prevented.

In addition, there are cases where a car insurance company provides a service for checking mileage or black box installation and discounting insurance premiums. At this time, there are cases where forged pictures are transmitted, Even if you do not have the possession of the other person as if you are holding a photo of the person is pretending to be increasing.

As the number of cases of counterfeiting or theft of digital images such as online photographs is increasing, a method for confirming the validity of digital images is widely required.

Korean Unexamined Patent Application Publication No. 10-2005-0009415, "Mutual authentication method using image image and computer readable recording medium recording program for executing this method"

SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a digital image authentication method, a digital image authentication method, a digital image authentication method, And to provide a system and method that can be used.

It is another object of the present invention to provide a system and method for judging whether or not a digital image has taken a real object.

An application system installed in a portable terminal for realizing the technical idea of the present invention includes an image acquisition module for acquiring at least one digital image targeted at an object through image shooting means of a portable terminal, And a communication module for sending the at least one digital image from the at least one digital image to the authentication system, wherein, when the at least one digital image is received, It is determined whether a three-dimensional object or a two-dimensional image is captured, and an authentication process for authenticating a user corresponding to the object or whether the object is photographed is performed. The image acquisition module may include an image acquisition module Obtaining at least one of the images for lighting the active images, and the object is characterized in that each pickup a plurality of images taken from a different angle.

When the illumination active image is received by the authentication system, it is determined whether or not the image characteristic that appears when the two-dimensional image is photographed with the illumination device activated is displayed in the illumination active image, and the authentication process is performed .

The authentication system is configured to receive a plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed while the lighting apparatus is activated, and learn the image characteristics through machine learning or deep learning .

Wherein the image acquisition module obtains a lighting inactive image of the object with the lighting active image and the lighting device of the portable terminal deactivated and generates an illumination inactive image based on the lighting active image and the lighting inactive image difference And the authentication process is performed.

Wherein the image acquisition module controls the portable terminal to photograph a plurality of the objects at different angles, captures the object at a predetermined angle, and displays the captured angle of the portable terminal through a sensor included in the portable terminal It is determined whether the angle is changed to a specific angle, and if it is determined that the angle is changed to the specific angle, the object can be photographed.

Wherein the specific angle is selected by the image acquisition module or the authentication system and the authentication process performed by the authentication system determines whether or not the degree of change of the shooting angle of the received plurality of digital images corresponds to the specific angle And a process for generating the image data is included.

Wherein at least one digital image transmitted to the authentication system is obtained by the image acquisition module and is based on a first image based on a user's first face image displayed on the object and a second face image on which a user's real face is captured And a second image.

Wherein at least one of the first image or the second image is an illumination active image.

The application system may further include an editing module for arranging the first image and the second image in a first area and a second area of a predetermined UI and comparing the first image and the second image.

The application system determines respective positions indicating a specific region from the first face image and the second face image, and arranges the first face image and the second face image so as to overlap each other based on the respective positions The editing module may further include an editing module.

Wherein the editing module uses the first face image itself or the first face image as an image obtained by image processing based on an image attribute of the second face image as the first image, And using the 2-faced image as the second image, the image processed by image processing based on the image attribute of the first facial image.

The image acquisition module may acquire the first image and the second image simultaneously or within a predetermined time difference through each of a plurality of image acquisition means provided in the portable terminal.

An application system installed in a mobile terminal for achieving the technical idea of the present invention includes an image acquisition module for acquiring at least one digital image for an object through an image shooting means of the portable terminal, And a determination module that determines whether the digital image is an image of a three-dimensional object or a two-dimensional image, based on the at least one digital image obtained when at least one digital image is acquired, Wherein the image acquisition module obtains at least one of the at least one digital image as a light active image or obtains a plurality of images of the object photographed at different angles.

According to an aspect of the present invention, there is provided a digital image determination system including an acquisition module for acquiring at least one digital image that is intended for a predetermined object, and an acquisition module for acquiring at least one digital image based on at least one digital image acquired by the acquisition module. A determination module for determining whether the image is a three-dimensional object or a two-dimensional image, wherein the determination module is based on at least one lighting active image included in the at least one digital image, And determining whether the digital image is a three-dimensional object image or a two-dimensional image image, based on a plurality of images captured at different angles from the object included in the at least one digital image, So that the digital image captures a three-dimensional object Whether the captured image of a two-dimensional recognition is characterized in that to determine whether.

The determination module may determine whether an image characteristic that appears when the two-dimensional image is photographed while the illumination device is activated appears in the illumination active image.

Wherein the determination module receives a plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed while the illumination device is activated, and learns the image characteristic through machine learning or deep learning .

Wherein the acquisition module acquires the illumination active image and the illumination inactive image photographed with the illumination device of the portable terminal inactive, and the determination module performs the determination based on the illumination active image and the illumination inactive image . &Lt; / RTI >

An authentication system for achieving the technical idea of the present invention includes an image receiving module for acquiring at least one digital image directed to an object from a portable terminal, and an image receiving module for receiving the digital image, It is judged whether the image is a three-dimensional object image or a two-dimensional image image, and an authentication process is performed to authenticate a user corresponding to the object or whether the object is photographed Wherein the determination module determines whether the digital image is a three-dimensional object image or a two-dimensional image image based on at least one lighting active image included in the at least one digital image, The method of claim 1, wherein the object Whether the another recording the digital image is a three-dimensional physical object based on the plurality of images taken at different angles can be characterized in that it is determined whether or not the recording of images in two dimensions.

A method for achieving the technical idea of the present invention includes the steps of acquiring at least one digital image that is intended for a predetermined object by a digital image determination system, Wherein the step of determining whether the digital image has taken a three-dimensional object or a two-dimensional image includes the steps of: determining whether the digital object has taken a physical object or a two-dimensional image; , The digital image determination system determines whether the digital image has taken a three-dimensional object or a two-dimensional image based on at least one lighting active image included in the at least one digital image Or the object contained in the at least one digital image And determining whether the digital image is a three-dimensional object or a two-dimensional image based on a plurality of images taken at different angles.

Wherein the step of determining whether the digital image has taken a three-dimensional object or a two-dimensional image based on at least one lighting active image included in the at least one digital image comprises: And determining whether an image characteristic that appears when the illumination device is activated is displayed in the illumination active image.

The digital image determination method may include receiving the plurality of images in which the three-dimensional object is photographed and the plurality of images in which the two-dimensional image is photographed, and performing machine learning or deep learning The method may further include learning the image characteristic through the image processing unit.

Wherein the at least one digital image comprises the lighting active image and a lighting inactive image photographed with the lighting device of the portable terminal deactivated, wherein the at least one digital image comprises at least one lighting active image included in the at least one digital image The step of determining whether the digital image has taken a three-dimensional object or a two-dimensional image may comprise performing the determination based on the lighting active image and the lighting inactive image have.

According to an embodiment of the present invention, it is possible to use a digital image to perform powerful and simple non-face authentication or validity of the digital image (that is, a digital image is photographed by a legitimate user or an object Quot ;, which means that the user is occupied) can be determined.

Further, a primary authentication is performed through a target system (e.g., a mobile communication company system, a credit card company system, or a payment mediation system, an identification card authentication system, etc.) Since the authentication is performed, stronger authentication can be performed.

According to an embodiment of the present invention, when the verification information used for validity verification of a digital image is inserted into metadata, the metadata is encrypted and inserted into a digital image and decrypted to extract metadata. Can be prevented.

According to an embodiment of the present invention, the verification information may include auto information (e.g., photographing time, photographing position, etc.) of a digital image to be automatically inserted by the photographing means. There is an effect that it is possible to prevent the verification information from being manipulated by the user by inserting insertion information in place of the auto information.

Further, among the pieces of verification information, the insertion information inserted by the application system is inserted into the meta data or the image itself (e.g., steganography technique, watermark, stamp, etc.) .

Also, according to an embodiment of the present invention, two or more of the facial, ID, and unique authenticated objects of the user of the portable terminal may be authenticated using a plurality of digital images photographed together or individually Therefore, it is possible to obtain an effect of further enhancing the authenticity of the object to be occupied when the image of the object to be authenticated is acquired .

Particularly, in the case where an image in which a user's face is photographed and an image in which a user's face is displayed (for example, ID card, employee ID, etc.) is transmitted to the authentication system, the reliability of the user authentication is increased by comparing the user's face images It is possible to prevent an unauthorized user from attempting to be falsely authenticated by the photographing action alone. If the face is different, it may be burdensome for an unauthorized user to photograph his / her face, and his or her face may be stored in the authentication system and used as evidence for future illegal use.

In addition, when the user's face and the object are simultaneously photographed (for example, the front and rear cameras of the portable terminal are used to simultaneously photograph the object and the user's face, or the user's face and the object are photographed together) Or if the authentication is to be taken within a certain time, this effect can be increased.

Further, it is possible to prevent an unauthorized authentication attempt by verifying whether the digital image used at the time of authentication is an image obtained by photographing a real object or an image obtained by photographing an image.

According to an embodiment of the present invention, one of the user's face and the object may be photographed first, and the other one may be photographed while the application stores the image, so that the user's face and the object are placed in one digital image Or the second image is taken while the first digital image is inserted so that the user's face and the object are made to coexist in one digital image so that the comparison authentication of the legitimate user can be made easier, It is possible to prevent an attempt to obtain a false authentication and also to improve the efficiency of digital image storage.

According to an embodiment of the present invention, when the object to be photographed is an ID card having a face image, the face of the object image is extracted and the screen of the digital image is arranged so as to correspond to the face image of the user, There is an effect that can be done.

Further, the application system according to the embodiment of the present invention permits the digital image to be transmitted within a predetermined time after the digital image is acquired, and the authentication system also permits authentication only when the digital image is received within a predetermined time, It is difficult to perform artificial manipulation or change of the insertion information on the side of the user.

According to the embodiment of the present invention, the photographing time of the digital image and the time when the authentication system receives the digital image satisfy a predetermined condition, or the photographing position of the digital image and the photographing position of the portable terminal Face authentication or the validity of the digital image when the position satisfies a predetermined condition or when the identification information of the portable terminal and the identification information of the portable terminal confirmed by the authentication system correspond to each other, There is an effect that it is difficult to manipulate or change the image.

Also, when authentication is performed using a plurality of digital images, the insertion information is divided into a plurality of digital images and inserted, thereby enhancing security.

Further, when the insertion information inserted in the digital image for authentication includes the one-time information received from the authentication system, the insertion information itself can have a one-time effect, so that there is an effect that excellent security can be obtained. There is an effect that the image can be prevented from being reused in authentication.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 is a conceptual illustration of an authentication system using a digital image according to an embodiment of the present invention.
2 is a flowchart illustrating an authentication method using a digital image according to an exemplary embodiment of the present invention.
3 is a block diagram showing a schematic configuration of an authentication system using a digital image according to an embodiment of the present invention.
4 is a flowchart illustrating an example of an authentication method using a digital image according to an embodiment of the present invention.
5 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention.
6 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention.
7 shows an example of an application system according to an embodiment of the present invention.
8 is a flowchart illustrating an operation process of an application system according to an embodiment of the present invention.
9 is a flowchart illustrating an operation procedure of an application system according to another embodiment of the present invention.
FIG. 10 is a diagram for explaining a process of authenticating a user using a plurality of images according to the technical idea of the present invention.
11 is a view for explaining a concept of judging an image taken image and a real image according to the technical idea of the present invention.
Fig. 12 shows a schematic configuration of a digital image judgment system according to the technical idea of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

In this specification, terms such as "comprise," "comprising," and the like are intended to specify that there are stated features, numbers, steps, operations, elements, parts or combinations thereof, But do not preclude the presence or addition of one or more other features, steps, operations, elements, components, or combinations thereof.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

Hereinafter, the present invention will be described in detail with reference to the embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

1 is a conceptual illustration of an authentication system using a digital image according to an embodiment of the present invention. 1, an authentication system (hereinafter referred to as an 'authentication system') 100 using a digital image is used to implement an authentication method using a digital image according to an embodiment of the present invention .

The authentication system 100 can receive a digital image from the portable terminal 200 and verify the validity of the digital image. Here, the fact that the digital image is valid may mean that the digital image is an image photographed by a portable terminal of a user to be authenticated. It may also mean that the user is occupying an object that is the object of the digital image. Accordingly, the technical idea of the present invention is to allow a user to capture an object occupied by the user and to verify the validity of the digital image photographed by the object, so that when the object is an object (for example, an ID card or the like) And can be used for confirming the reliability of the counter party when the object is a transaction object.

The authentication system 100 may receive the digital image directly from the portable terminal 200. [ Alternatively, if the portable terminal 200 uploads the digital image to a predetermined external system (for example, a social network system, an image publishing service providing system, or the like), the validity verification system may receive the digital image from the external system It is possible. Alternatively, after the digital image photographed from the portable terminal 200 is transmitted to a predetermined other terminal (e.g., a user's computer), the other terminal may transmit the digital image to the authentication system 100. [ Accordingly, in the present invention, a method of receiving the digital image by the authentication system 100 can be variously performed in association with the portable terminal 200.

According to an embodiment, the authentication system 100 may be implemented in the form of being included in a given target system (e.g., a mobile carrier system, a card company system, or a payment mediation system (e.g., VAN, PG system, . In the case where the technical idea of the present invention is used for commerce (for example, a used transaction), the system may be included in the system for commerce.

The target system 300 may be a system capable of authenticating a user in a predetermined manner. For example, when the target system 300 is a mobile communication company system, the mobile communication company system uses the phone number of the mobile terminal registered in the mobile communication company system and personal information (name, date of birth, sex, It is possible to confirm whether the information (identification information) is legitimate. Of course, a predetermined one-time information may be transmitted to the portable terminal of the user to check whether the portable terminal is occupied by the user.

In this specification, the mobile communication company system refers to a system of a mobile communication network provider providing mobile communication services to the mobile terminal 200, as well as a system of information or services provided by the mobile communication network operator, To the mobile terminal 200. The mobile terminal 200 may be connected to the mobile terminal 200 via a network. For example, the agent system may provide the location information of the portable terminal 200 to the authentication system 100 based on information provided from a mobile communication network provider, determine the legitimacy of the identification information to be described later, Authentication service may be provided.

When the target system 300 is a card company system, the card company system compares identification information (e.g., name and card information) input by a user or identification information of a photographed card with registration information stored in the card company system, The validity of the information may be judged.

The target system 300 may be a payment mediation system. When the target system 300 is a payment mediating system (e.g., VAN, PG, etc.), the payment mediating system may determine whether the user's card is valid according to the technical idea of the present invention. For example, the settlement intermediation system may attempt to settle the card using the user information or the card information included in the identification information received by the authentication system 300. The validity of the card can be determined by checking from the card company system whether or not the card can be normally settled. Of course, you can also cancel the payment after checking the validity.

According to the technical idea of the present invention, an authentication method with enhanced security is provided by using a predetermined authentication method that can be performed by the target system 300 and authenticating a user by further using verification information included in a digital image can do.

In the present invention, a digital image does not only mean a single image but also includes an image (for example, an image frame included in a moving image) that can be provided by a moving image or other method.

The authentication system 100 and the portable terminal 200 may be directly or indirectly connected to each other through a wired / wireless network to transmit / receive various information and / or data necessary for the technical idea of the present invention to implement the technical idea of the present invention .

Meanwhile, the authentication system 100 may extract the first verification information included in the received digital image.

The first verification information may be embedded in the digital image in various ways to write information such as watermark, steganography, stamp, etc. to the image.

According to an embodiment, the first verification information may include information (e.g., name, date of birth, resident number, card information, etc.) displayed on an object (e.g., ID card, card, etc.) of the digital image.

In one embodiment, the first verification information may be included in the digital image in the form of metadata. The first verification information may be a part of the metadata included in the digital image. Metadata is structured data about data and is data that describes other data. In particular, the metadata of a digital image includes photograph information such as exposure, flash usage, resolution, and photo size, information (device manufacturer, device identification, model name, etc.) of the device that captured the digital image, Time information, geographical position information of the photographed place, and the like as metadata.

The first verification information may include information inserted into the digital image by the application system 400 according to the technical idea of the present invention and may be automatically inserted by the image capturing application installed in the portable terminal 200 Information (e.g., photographing time, photographing position, etc., hereinafter referred to as " auto information "). The auto information may be generally included in the metadata of the digital image.

According to the embodiment of the present invention, since the auto information is written in plain text which can be easily changed or manipulated by the user, the application system 400 according to the embodiment of the present invention can automatically transmit the auto information to the authentication system (E.g., encryption, hash, and the like) in a format that can be recognized only by the user (e.g., the user 100) can insert the coded information into the metadata in place of the auto information. Alternatively, the insertion information may be inserted into the meta data separately from the auto information. At this time, the authentication system 100 may utilize the insertion information as the verification information instead of the auto information.

A representative format for storing metadata of a digital image is, but not limited to, an EXchangeable Image File format (Exif).

The digital image may also be an identification card, a user's card, or other object expected to be occupied by the user. The object of the digital image may be designated by the authentication system 100.

In one embodiment, the authentication system 100 may include information on location of a place where the digital image is captured, identification information of a device that has photographed the digital image, And at least one of the time information can be extracted as the first verification information. To this end, the portable terminal 200 may be provided with predetermined software or applications for implementing the technical idea of the present invention.

Meanwhile, the authentication system 100 can acquire the second verification information.

The second verification information is information corresponding to the first verification information, and may be information corresponding to the portable terminal.

The fact that the second verification information corresponds to the first verification information may mean that the second verification information is the same kind of information as the first verification information. Or that the second verification information includes the same kind of information as the information included in the first verification information. For example, if the first verification information is location information, the second verification information may be at least location information, and if the first verification information includes location information, device identification information, and time information, The verification information may include at least location information, device identification information, and time information.

Meanwhile, the authentication system 100 may receive at least a part of the second verification information from the portable terminal 200, and in some cases, the authentication system 100 may receive an object system corresponding to the portable terminal 200 , 300). For example, the authentication system 100 may directly receive the location information of the mobile terminal 200 from the mobile terminal 200, and may transmit the location information of the mobile terminal 200 corresponding to the mobile terminal 200 300 to receive the location information of the portable terminal 200. For example, the mobile communication company system 300 corresponding to the mobile terminal 200 may be a mobile communication company system to which the mobile terminal subscribes or an agent system linked to the mobile communication company system.

The method for the mobile communication company system 300 to grasp the location information of the mobile terminal 200 may be various methods such as a method using GPS or a method using LBS (Location Based Service).

The fact that the authentication system 100 receives information from the mobile communication company system 300 may mean that the authentication system 100 directly receives information from the mobile communication company system 300, Or agency) to receive information indirectly. For example, in the latter case, the authentication system 100 may request information from a given intermediary system (or agency system), in which case the intermediary system receives information from the mobile communication company system 300, Information can be transmitted to the system 100.

The mobile communication company to which the portable terminal 200 subscribes may be a communication company that provides voice communication network or data communication network so that the portable terminal 200 can perform voice or data communication. And the mobile communication company system 300 may be connected to each other through a wire / wireless network to transmit / receive various information and / or data necessary for the technical idea of the present invention.

The portable terminal 200 may be a computing device including a smart phone having a camera function, a tablet PC, a PDA (Personal Digital Assistant), a handheld device having a wireless connection function, or a processing device connected to another wireless modem Lt; / RTI >

Of course, according to an embodiment, the authentication system 100 may be included in the target system 300 and implemented. That is, the target system 300 may perform authentication according to the technical idea of the present invention.

2 is a flowchart briefly illustrating an authentication method using a digital image according to an embodiment of the present invention.

2, the portable terminal 200 captures a digital image (S100), and transmits the digital image to the authentication system 100 (S110). 2 illustrates a case where the portable terminal 200 directly transmits a digital image to the authentication system 100. The digital image is transmitted to the authentication system 100 through another device or system corresponding to the portable terminal 200, (100) as described above. The portable terminal 200 may be provided with an application system 400 for implementing the technical idea of the present invention as will be described later.

The authentication system 100 may extract the first verification information from the metadata included in the digital image or from the image information (S120). The first verification information may mean information to be verified according to the technical idea of the present invention. For example, the photographing position, photographing time, identification information (e.g., device identification information, OS identification information, and / or phone number) of the portable terminal 200 and the like may be included in the first verification information. According to an embodiment, the information displayed on the object displayed on the digital image (for example, personal information displayed on the ID card, card information displayed on the card, personal information displayed on the financial account, etc.) may be included.

In addition, the first verification information may include insertion information artificially inserted by the application system 400 according to an embodiment of the present invention, and may be automatically generated by the image capturing means (application, camera sensor, etc.) As described above.

An example of the insertion information may be a photographing position of a digital image, a photographing time, identification information of the portable terminal 200, and may be one-time information received from the authentication system 100, as described later. Or identification information of an object (for example, card information, serial number of ID card, etc.) capable of identifying an object to be a target of the digital image may be insertion information. The insertion information may be such information itself, or may be information that is transformed (e.g., encrypted, hashed, or a combination of a plurality of pieces of information) in a predetermined manner. Accordingly, the insertion information may be information generated based on at least one of a photographing position of the digital image, a photographing time, identification information of the portable terminal 200, one-time information, and identification information of the object.

Meanwhile, the authentication system 100 may acquire the second verification information corresponding to the first verification information and corresponding to the portable terminal 200. The authentication system 100 can acquire at least a part of the second verification information from the portable terminal 200 or the target system 300 corresponding to the portable terminal 200, for example, the mobile communication company system.

The authentication system 100 may then verify the validity of the digital image by comparing the first verification information and the second verification information. Once the validity of the digital image is verified, the authentication system 100 may determine that the user requesting authentication is authenticated as a legitimate user.

The authentication system 100 and method as described above may be used for non-face-to-face authentication. In this case, the digital image transmitted by the portable terminal 200 may be a facial image or an ID image of the user of the portable terminal, or other authentication means (for example, a financial transaction account, a transaction account screen, a financial card (IC card, , Or a unique identity authentication means capable of authenticating the user with a security device such as a security card or an OTP), and the digital image can be used for non-face-to-face authentication. The authentication system 100 can verify that the ID card or the like to be used for the non-face-to-face authentication is photographed by the user's own mobile terminal, thereby verifying that the ID card or the like is occupied by the user at the time of photographing the ID card It can provide technical ideas.

FIG. 3 is a block diagram illustrating a schematic configuration of an authentication system 100 according to an embodiment of the present invention. 3, the authentication system 100 includes an image receiving module 110, an extraction module 120, an acquisition module 130, a verification module 140, an identification information authentication module 150, a decryption module 150, (160). In accordance with an embodiment of the present invention, some of the components described above may not correspond to components that are essential to the implementation of the present invention, and in accordance with an embodiment, the authentication system 100 may further It goes without saying that many components may be included. For example, the authentication system 100 may include other components (e.g., an image receiving module 110, an extraction module 120, an acquisition module 130, a verification module A control module (not shown) that can control the functions and / or resources of the authentication module 140, the identification information authentication module 150 and / or the decryption module 160, and the like).

The authentication system 100 may include hardware resources and / or software necessary to implement the technical idea of the present invention, and does not necessarily mean a single physical component or a single device . That is, the authentication system 100 may mean a logical combination of hardware and / or software provided to implement the technical idea of the present invention. If necessary, the authentication system 100 may be installed in a separate apparatus to perform respective functions And may be embodied as a set of logical structures for realizing the technical idea of the present invention. In addition, the authentication system 100 may mean a set of configurations separately implemented for each function or role for implementing the technical idea of the present invention. For example, the image receiving module 110, the extraction module 120, the acquisition module 130, the verification module 140, the identification information authentication module 150, and / Or may be located in the same physical device. According to the embodiment, the image receiving module 110, the extraction module 120, the acquisition module 130, the verification module 140, the identification information authentication module 150, and / or the decryption module 160, The combination of the constituent software and / or hardware may also be located in different physical devices, and configurations located in different physical devices may be organically coupled to implement each of the modules.

In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware But can be easily deduced to the average expert in the field of the present invention.

The image receiving module 110 may receive a digital image from the portable terminal 200 or may receive the digital image through a predetermined terminal or system photographed by the portable terminal 200.

The extraction module 120 may extract first verification information included in the received digital image. As described above, the first verification information may be embedded in the digital image in various ways (for example, watermark, steganography, digital stamp, etc.) for inserting information into the image information itself, And the extraction module 120 may extract the first verification information from the digital image by a predetermined extraction method corresponding to a manner in which the first verification information is embedded in the digital image.

In one embodiment, the first verification information may be embedded in the digital image in the form of metadata. The first verification information may be a part of the metadata included in the digital image. The metadata may be included in the digital image and may be data regarding the digital image itself. As described above, the metadata of the digital image may be in Exif format, but is not limited thereto.

The extraction module 120 may extract only a part of the metadata of the digital image as the first verification data.

According to an embodiment, the first verification information may include at least one of position information of a place where the digital image is photographed, identification information of the portable terminal 200 that photographed the digital image, or time information of the digital image .

The location information may be Global Positioning System (GPS) information.

The identification information of the portable terminal 200 may be unique identification information assigned to the portable terminal 200 and may include identification information of the portable terminal 200 such as a phone number of the portable terminal 200, And the like.

The authentication system 100 may use both the location information of the place where the digital image is photographed, the identification information of the device that photographed the digital image, or the time information of the photographed digital image, Only a few of them can be used to validate digital images.

Meanwhile, in one embodiment, the metadata included in the digital image may be data encrypted with a predetermined encryption method for preventing forgery and falsification. In this case, the portable terminal 200 photographing the digital image may include a predetermined encryption device or encryption software for encrypting the metadata, or a coding means such as a hash solution, May be included in the application system 400. Also, the authentication system 100 may include a decryption module 160 for decrypting the metadata using a decryption method corresponding to the encryption method, and the extraction module 120 may extract, from the decrypted metadata, The verification information can be extracted.

The encryption / decryption method used in the authentication system 100 according to an embodiment of the present invention may be a symmetric key or a scheme based on an asymmetric key structure (e.g., a public key structure (PKI)), but is not limited thereto, Various encryption / decryption schemes may be used. It is needless to say that various hash algorithms known in the art can be applied to the hash scheme.

Meanwhile, the acquisition module 130 may correspond to the first verification information, and may acquire second verification information corresponding to the portable terminal. It should be understood that the second verification information may be varied according to the implementation of the first verification information.

The information corresponding to the portable terminal means information about the portable terminal which is collected by the portable terminal, received from the portable terminal, or collected or grasped by a predetermined system (for example, a portable communication system) interlocked with the portable terminal It can mean. Meanwhile, since the information included in the second verification information includes information corresponding to the first verification information, when the first verification information includes the location information of the place where the digital image is photographed, The second verification information may include identification information of the portable terminal when the first verification information includes identification information of a device that has photographed the digital image, If the first verification information includes time information on the digital image, the second verification information may include time information indicating that the digital image was received from the portable terminal.

According to an embodiment, the acquisition module 130 can specify a portable terminal that has transmitted the digital image or a portable terminal previously designated by the user, as a portable terminal corresponding to the second verification information.

When the first verification information includes the location information of the place where the digital image is photographed, the acquiring module 130 acquires the location information of the portable terminal 200 from the portable terminal 200 or the portable terminal 200 From the target system 300 (e. G., Mobile carrier system). In the former case, the mobile terminal 200 may include a predetermined GPS module capable of acquiring its own position information, acquires GPS information indicating its own position using the GPS module, and transmits the acquired GPS information to the authentication system 100 Lt; / RTI > In the latter case, it is needless to say that the mobile communication company system 300 can confirm the location of the mobile terminal 200 such as LBS.

When the digital image is transmitted through the network, the acquisition module 130 determines that the digital image is transmitted to the authentication system (e.g., 100 may be regarded as the time at which the digital image is received from the portable terminal 200, that is, the second verification information. The time difference between the first verification information and the second verification information may be within a certain range to validate the digital image.

If the first verification information includes identification information of the portable terminal 200 that has captured the digital image, the identification information of the portable terminal 200 may be transmitted to the portable terminal 200 or the portable terminal 200, From the target system 300, which corresponds to < / RTI >

The verification module 140 may verify the validity of the digital image by comparing the first verification information and the second verification information.

More specifically, when the first verification information includes the location information of the place where the digital image is photographed, the verification module 140 determines whether the location of the location where the digital image was photographed and the location of the portable terminal Is satisfied.

The fact that two positions satisfy a predetermined position condition may mean that the two positions correspond to a predefined positional relationship. For example, if the distance between the position of the place where the digital image is photographed and the position of the portable terminal is within a predetermined limit distance, the verification module 140 determines the position of the place where the digital image is photographed, It can be determined that the position satisfies the positional condition.

If the first verification information includes the identification information of the device that captured the digital image, the verification module 140 determines whether the identification information of the photographed device and the identification information of the portable terminal match the digital image It can be judged.

If the first verification information includes the time information on the digital image taken, the verification module 140 determines that the time when the digital image was photographed and the time when the digital image was received from the portable terminal is a predetermined time condition It can be judged whether or not it is satisfied.

The satisfaction of a predetermined time condition between two times may mean that the two times correspond to a predefined time relationship. For example, when the difference between the time at which the digital image is photographed and the time at which the digital image is received from the portable terminal is within a predefined limit time, the verification module 140 determines the time at which the digital image was photographed, It can be determined that the time when the digital image was received from the terminal satisfies the time condition.

When the position of the digital image and the position of the portable terminal satisfy a predetermined positional condition, the verification module 140 determines whether the digital image is identical with the identification information of the photographed device and the identification information of the portable terminal The verification module 140 determines whether the digital image is photographed, when the digital image is photographed, and when the digital image is received from the portable terminal, The identification information of the terminal, and / or the time at which the digital image is photographed, respectively. And judges that the digital image is valid or legitimate when it is judged that the position at which the digital image is photographed, the identification information of the portable terminal, and / or the time at which the digital image was photographed is legitimate.

Meanwhile, the digital image may be any one of a facial image of the user of the portable terminal, an ID image, a unique authentication object, or an image of an object to be occupied by the portable terminal, Images can be used for non-confidential self-certification.

Here, the inherent identity authentication object refers to, for example, a variety of authentication objects such as a financial transaction account, a financial transaction confirmation, a financial transaction account screen, a financial card (credit card, debit card, etc.) Object.

According to an embodiment, the authentication system 100 may perform non-face-to-face authentication, and for this purpose, the authentication system 100 may include an identification information authentication module (not shown) 150).

The identification information authentication module 150 can determine the legitimacy of the identification information input from the user. According to an embodiment, the identification information may refer to information displayed on the object (for example, personal information displayed on an identification card in the case of an identification card, card information or personal information displayed on a credit card in the case of a credit card). The identification information may mean information that the user has to be authenticated in order to be authenticated as a legitimate person.

Therefore, the legitimacy of the identification information may refer to a case where the identification information corresponds to information registered in advance (for example, information registered in the target system 300). Or when card information (for example, card number or the like) is included in the identification information as described later, it means that the card corresponding to the card information is a card capable of authenticating the user himself or a card capable of actual payment It is possible.

The identification information does not necessarily have to be completely input by the user. The user can input only a part of the identification information by using the portable terminal 200 or a terminal (e.g., a computer, a PDA or the like) used by the user. In this case, the remaining part of the identification information may be information obtained by the digital image. The authentication system 100 may obtain the remaining portion of the identification information from the digital image to identify the entire identification information. The remaining part of the identification information may be information displayed on an object of the digital image. For example, the user's personal information (e.g., name, resident number, date of birth, etc.) displayed on the ID card, card information (e.g., card number, ). &Lt; / RTI > Then, the identification information authentication module 150 may identify the identification information by combining a part of the identification information inputted from the user and the remaining part obtained from the digital image, and judge the legitimacy of the identification information by using the specified identification information have.

According to an embodiment, identification information may not be input by the user. For example, the identification information may be a combination of the information displayed on the object and the verification information included in the digital image. Alternatively, the identification information may be information displayed on the object and the identification information (e.g., telephone number, device identification information, O / S ID, etc.) of the portable terminal identified by the authentication system 100. Or the information displayed on the object (e.g., card information and / or user personal information) may be the identification information. Alternatively, information (for example, user's personal information) displayed on the object and information included in the verification information (e.g., identification information of the portable terminal) may be the identification information. Or identification information of the portable terminal, which is recognized by the authentication system 100 when the portable terminal communicates with the authentication system 100, It is possible.

For example, the identification information may be changed according to the target system 300. The object to be photographed by the portable terminal 200, that is, the object of the digital image, may also be changed according to the target system 300.

For example, the identification information may include information necessary for a personal authentication (for example, authentication of the cellular phone itself) conventionally provided by the mobile communication company system. That is, the phone number of the mobile terminal 200 and personal information of the user (e.g., name, date of birth, resident number, sex, etc.) may be included in the identification information. In this case, the object of the digital image may be an object (e.g., ID card, etc.) in which the personal information of the user is displayed.

The identification information may include information necessary for authentication (e.g., credit card authentication) conventionally provided by a credit card company system. Card information and user's personal information may be included in the identification information, and the object of the digital image may be an object (e.g., a card) corresponding to the card information.

When the identification information includes the identification information of the portable terminal 200 and the personal information of the user, the legitimacy of the identification information is determined based on the information registered in the target system 300 corresponding to the portable terminal 200, Can be confirmed by judging whether or not it corresponds to the identification information. The target system 300 may receive the identification information from the authentication system 100, determine whether the received identification information corresponds to the registered information, and transmit the result to the authentication system 100. Alternatively, the authentication system 100 may transmit predetermined information to the authentication system 100 so that the authentication system 100 can determine the legitimacy of the identification information. Since the target system 300 compares the registration information with the identification information, it is a concept corresponding to the so-called owner authentication of the portable terminal 200, so that the target system 300 can acquire the occupancy of the portable terminal 200 Further authentication may be performed. For example, the disposable password may be transmitted to the portable terminal 200 and the disposable password may be received through the portable terminal 200 or the terminal to successfully execute the occupancy authentication. If it is determined that the identification information is valid, the authentication system 100 may transmit the result of the determination.

On the other hand, when the identification information includes card information and personal information, the authentication system 100 determines whether the information registered in the card issuing system through the target system 300 corresponding to the card information, for example, As shown in FIG. According to another embodiment, the subject system 300 may be, for example, a payment intermediary system (e.g., VAN, PG). The settlement intermediation system can check whether the card corresponding to the card information is valid, i.e., whether the card is usable, using the card information. For example, the settlement intermediation system can perform a settlement check for validity determination rather than a settlement time for actual settlement using the card information. The settlement time may be a process of requesting the card company system to settle the settlement with the card information and the arbitrarily set settlement amount. Then, the card issuer system can transmit a signal to proceed the settlement only when the card is a valid card, and the settlement intermediation system can simply check whether the card is valid or not. The process of verifying whether or not the card is valid may be performed in a manner in which the payment mediating system is exclusively used for validity authentication of the card in cooperation with the card issuer system, It may also be possible to cancel the settlement finally.

The digital image may further include verification information (e.g., a photographing position, a photographing time, identification information of the portable terminal 200) for verifying the validity of the digital image, as described above. In this case, The authentication of the user can be succeeded.

When the digital image is an ID image, the extraction module 120 extracts information (for example, a resident registration number, an address, a name, a name, and the like) necessary for legitimacy of the identification information from the ID image through optical character recognition (OCR) Sex, etc.) can be read. In some cases, the identification photograph included in the ID image can be extracted. Of course, the reading of the information necessary for the legitimacy of the identification information may be performed by the application system 400 installed in the portable terminal 200. [ The information extracted by the extraction module 120 may be used as part of the identification information, or may be used as verification information to be compared with the identification information after the validity of the identification information is determined.

When the digital image is an image of a unique authentication object, the digital image may include predetermined information (e.g., a unique serial number of the credit card, a card number, an expiration date, a financial account number, etc., (E.g., a unique serial number of the device, a unique serial number of the secure card, etc.) may be included in the digital image, and the extraction module 120 extracts information necessary for the identification information from the digital image A unique serial number of the OTP device, such as a unique serial number of the credit card, a card number, an expiration date, a financial account number, etc., a unique serial number of the secure card, etc.) or a validity of the identification information is compared with the identification information It is possible to extract the verification information to be the object.

In the case where the information displayed on the object of the digital image is used as the verification information, the information input by the user may be input as the identification information. For example, when the user inputs his or her own mobile phone and personal information as the identification information, the identification information authentication module 150 can confirm the legitimacy of the identification information through the target system 300. Then, the verification module 140 compares the verification information obtained by the extraction module 120 with the identification information (for example, the personal information displayed on the identification card) If the personal information included in the information matches, the user can finally be authenticated as a legitimate user.

When the user inputs the card information and the personal information as the identification information, the identification information authentication module 150 can determine the legitimacy of the identification information through the subject system 300. When the validity of the identification information is confirmed, the verification module 140 compares the verification information (e.g., card information and / or user name) acquired by the extraction module 120 with the identification information, (In other words, when the information displayed on the card matches the information included in the identification information), the user can finally be authenticated as a legitimate user.

Verification information (e.g., personal information or card information) acquired by the extraction module 120 may be used as part of the identification information. In this case, the identification information authentication module 150 may generate verification information by using a part of the identification information input by the user and verification information obtained by the extraction module 120 (e.g., a password of a card or a part of card information Etc.), and confirms the legitimacy of the specified identification information through communication with the target system 300 corresponding thereto. In this case, the process of comparing the identification information again with the verification information obtained by the extraction module 120 may be omitted. If the validity of the identification information is confirmed by the identification information authentication module 150, Module 140 may authenticate that the user is a legitimate user. Of course, at this time, a process for verifying the validity of the digital image may be performed by the verification module 140, and the validity of the digital image may be further verified to certify that the user is a legitimate user.

In some implementations, all of the identification information (e.g., card information and personal information) may be obtained by the extraction module 120. In this case, if the validity of the identification information is confirmed by the identification information authentication module 150, the verification module 140 may authenticate the user as a legitimate user. However, in this case, since the acquisition channel of the identification information is the digital image, the validity of the digital image may be further verified to enhance the security, so that the user may authenticate that the user is a legitimate user.

In one embodiment, the digital image may be an image of two or more of the user's face, identification, or unique identity-authenticated object together. For example, a financial account or a credit card may be photographed in a single image together with the face of the user of the mobile terminal or an identification card. Alternatively, the authentication system 100 may receive a plurality of digital images each of which is directed to different objects.

When the digital image received by the authentication system 100 includes two or more means for authenticating the principal, there is an effect that the security of the principal authentication is strengthened.

The extraction module 120 can identify two or more objects included in the digital image or the plurality of digital images through image processing on the digital image, respectively, and the identification information authentication module 150 and the verification module 140 May perform user authentication based on each identified object (e.g., the identity verification means) as described above. In this case, the verification module 140 may determine that the non-face-to-face authentication is successful only when all the identified objects are authenticated, and in this case, the security can be greatly enhanced.

Alternatively, the verification module 140 may determine whether the information displayed on each identified object corresponds to each other. For example, if a user name is displayed on each object, the verification module 140 may determine that the user is authenticated if the user name displayed on each object corresponds to each other.

In some implementations, the verification module 140 may determine whether the different types of information displayed on each object correspond to each other. For example, the first type of information (e.g., user name, date of birth, etc.) is displayed in the first object (e.g., ID card) (E.g., card information, account number, OTP identification number, etc.) may be displayed. In this case, the verification module 140 determines whether the first type of information and the second type of information correspond to each other based on predetermined information registered by the verification module 140, .

In any case, the verification module 140 may further determine whether the information displayed on each of the plurality of objects corresponds to each other when the images of the plurality of objects are received through one or more digital images, It can be determined that the authentication is successful. If it is determined that two or more identified authentication means are not the same person, the verification module 150 may determine that the authentication of the user is failed, Verification module 150 may perform non-face-to-face authentication based on at least one of the identified two or more identity authentication means.

According to an embodiment of the present invention, when an image transmitted to the authentication system 100 includes a first object and a second object, or includes a first digital image and a second object including a first object When the second digital image is transmitted to the authentication system 100, the first object may be an object (for example, ID, employee ID, etc.) in which the user's face image is displayed, May be the face of the user photographed by the user. In the present invention, the face image of the user photographed by the portable terminal means not only a single photograph but also at least one photograph including facial and / or lateral photographs. As the number of photographs such as the user's face and side photographs increases, the accuracy of the user authentication can be improved. However, the number of photographs to be photographed can be selected because the user's inconvenience increases. Therefore, although the user's facial image is described as one photograph in the embodiment of the present invention, the average user of the present invention can easily understand that the face image of the user may be a plurality of photographs.

According to the technical idea of the present invention, the user authenticates the first object (e.g., ID card) on which his / her face is displayed and the image (or the first object image and the second object image) To the system 100 so as to perform the identity authentication. In this case, the authentication system 100 may merely determine that the authentication of the user is successful by merely receiving the photographed image of the first object and the second object. Of course, authentication may be performed only when the first and second objects are compared with each other by a staff member of the authentication system 100, and the employee determines that the comparison result is the same person. When the authentication process is performed by the authentication system 100, a comparison operation is performed visually by an employee of the authentication system 100. When the terminal of the employee determines that the same face is a predetermined face, For example.

In this case, an effect similar to offline face-to-face authentication (for example, a process of presenting an ID card off-line and comparing the face of the user face and the ID card with the naked eye by the authentication side) can be obtained. Depending on the implementation, the authentication system 100 may determine whether the facial image displayed on the first object and the captured user's face image (second object) represent the same person, through a predetermined automated solution And the authentication of the user may be successful according to the determination result.

According to an embodiment of the present invention, when the first object is an ID card having a facial image, the authentication system 100 may include a target system (e.g., a related system of the Ministry of Public Administration and Security in case of a resident registration card, The related system of the National Police Agency, the related system of the Ministry of Foreign Affairs in the case of a passport, etc.), it is possible to discriminate the authenticity of the identification card. The target system determines whether or not information (for example, photograph, resident number, name, date of issuance or name, date of birth, license number, serial number, etc.) described in the ID card agrees with information registered in itself, To the system 100. Then, the authentication system 100 can determine that the user's own authentication is successful only when the ID is not forged as a result of the determination of the target system. The authentication system 100 may first determine whether the ID card is authentic, and then compare the face image according to the technical idea of the present invention through a predetermined solution or allow the employee to perform comparison of the face image. Or the authenticity of the identification card after the comparison of the facial images is successful.

As a result, it is possible to prevent an unauthorized user from altering the facial image on the ID card so that false authentication of the user is performed by discriminating the authenticity of the ID card in cooperation with the target system.

Meanwhile, according to the technical idea of the present invention, at least one of the application system 400 or the authentication system 100 may include a face image included in the first object or a face image captured by the portable terminal Image processing of at least one of the images.

The image processing may include, for example, scaling one of the first face image (the image included in the identification card) or the second face image (the face image taken by the portable terminal) to the same or similar size as the other one . According to an embodiment of the present invention, an image adjustment process may be included in which an image is changed or an image is filtered so as to have the same or similar color, roughness, or brightness as the other image. In any case, the image processing may be performed in such a way that the image attributes of the first face image and / or the second face image are compared with a relative image (e.g., a second face image in the case of a first face image, Based on the image attributes (e.g., size, color, illuminance, and / or brightness, etc.) of the first face image (which means first face image).

After this image processing process is performed, the authentication system 100 or the application system 400 may perform an image arrangement process to facilitate comparison of the first face image and the second face image.

The image arrangement process may include arranging the first face image and the second face image after the image processing is performed in a first area and a second area, respectively, which are predefined on a predetermined UI. The first face image and the second face image can be confirmed at the same time through the image arrangement process, thereby increasing the efficiency of the comparison process. This image processing and image placement process may be performed, for example, by an editing module (not shown) included in the application system 400.

Depending on the implementation, only the image placement process may be performed without the image processing process. In this case, the first face image and the second face image may be arranged in the first region and the second region as described above, so that a predetermined solution or a user can easily compare the first face image and the second face image.

If the second face image is a plurality of photographs, the arrangement area can be appropriately adjusted according to the number of photographs. For example, an ID photo may be arranged first, a plurality of face photographs may be simply arranged, or a plurality of photographs may be arranged side by side with the ID photo up or down. Or you could put a photo of your ID at the center and put a lot of photos around it. It will be appreciated by those of ordinary skill in the art that the manner of placement may vary.

An example of an image placement process is shown in Fig.

FIG. 10 is a diagram for explaining a process of authenticating a user using a plurality of images according to the technical idea of the present invention.

10A shows an example of a first digital image 10 for a first object (e.g., an ID card) on which a face 11 of the user is displayed, FIG. 10B shows an example of a face of the user, And the second digital image 20 captured by the second digital camera 20 is shown.

The application system 400 may then apply the at least one of the first face image 11 of the user included in the first digital image 10 or the second face image 21 included in the second digital image 20 Image processing can be performed. Although Fig. 10C illustrates an example in which image processing is performed on the first face image 11, the image processing on the second face image 21 may be performed, and the two images 11 and 21 It is needless to say that the predetermined image processing may be performed for each of the plurality of image processing units.

In any case, the image processing may refer to a process in which the image attributes (e.g., size, color, brightness, and / or illumination) are changed to facilitate comparison of the two images 11 and 21 with each other.

The application system 400 may then perform an image placement process for two face images as shown in FIG. 10C.

The image placement process includes a process of placing an image so that two face images 11, 21 can be identified at the same time. For example, as shown in FIG. 10C, the first face image 11-1 after the image processing is performed may be arranged in a predetermined first area, and the second face image 21-1 after the image processing is performed It is possible to arrange the second face image 21 in which the image processing is not performed, in the second predetermined area. The first region and the second region do not necessarily have to be arranged horizontally as shown in FIG. 10C, but may be disposed vertically or in some embodiments, the first region and the second region overlap each other. When the first region and the second region are arranged so as to overlap with each other, image processing is performed on one of the face images as transparent or translucent (or in a faint color), and the other face image is displayed on a specific portion , Eye, nose, or eye, specific point on the nose, etc.).

For example, from each of the first face image and the second face image, the editing module can determine each position indicating a specific region. Then, based on the respective positions, the first face image (or the first face image subjected to the image processing) and the second face image (or the second face image processed with the image) can be arranged to overlap with each other. Of course, any one of the face images can be displayed as transparent or translucent. In such a case, the comparison between the facial images can be easily performed depending on whether or not the specific region is displayed overlapping and how much the remaining regions overlap the same or similarly.

In any case, the first area and the second area can be arranged so that the first face image and the second face image can be easily compared with each other.

A comparison image (i.e., as shown in FIG. 10C) obtained as a result of performing the image placement process may then be transmitted by the application system 400 to the authentication system 100, The comparison image can be transmitted to a predetermined employee terminal. Then, the employee can determine that the authentication of the user is successful if the two images of the face are judged to be the same person through the comparison image. Of course, the employee terminal may send a success signal to the authentication system 100. [

According to an embodiment, the authentication system 100, which has received the comparison image (i.e., as shown in FIG. 10C) obtained as a result of performing the image arrangement process by the application system 400, Can determine whether two face images are the same person.

On the other hand, the image processing and / or image placement process may be performed by the authentication system 100. The application system 400 may send the first digital image 10 and the second digital image 20 to the authentication system 100 or the first face image 11 and the second face 20, The digital image including the image 21 may be transmitted to the authentication system 100.

The authentication system 100 may then image the first face image 11 and / or the second face image 21 and perform an image placement process to generate the comparison image. For this, the authentication system 100 may include a predetermined editing module (not shown). Of course, the authentication system 100 may perform only the image placement process.

On the other hand, when a user attempts to authenticate a user by using a first digital image that is an object of a user's face (for example, an ID) and a second digital image that a user's face is photographed, (For example, enlargement) of a face image displayed on the object (for example, an ID card) instead of photographing the face image. In this case, the authentication system 100 may cause the user to be successfully authenticated.

Therefore, the technical idea of the present invention provides a technical idea that can distinguish whether a predetermined digital image is an image of a real object or a photograph (or image) of the object, that is, a two-dimensional image.

According to an example, authentication can be determined to be successful only when the object (for example, ID card) and the face of the user are simultaneously captured by the front camera and the rear camera of the portable terminal 200, as described above. That is, the application system 400 may be implemented to simultaneously photograph the object and the user's face with the front camera and the rear camera for the technical idea of the present invention. In such a case, the above-described problem may be solved.

Alternatively, the authentication system 100 may determine whether the image corresponding to the physical object has photographed the two-dimensional image (or photograph), or whether the user's face in the actual three-dimensional environment, that is, You can also verify it. For example, it is also possible to distinguish whether an image received through machine learning or deep learning is a photograph of a two-dimensional photograph or a three-dimensional actual real face after learning a plurality of images.

Or whether the authentication system 100 side has photographed the face image (or photograph) displayed on the object by the second digital image based on the resolution or the image quality of the second digital image, It may be judged whether or not it is photographed.

According to an embodiment, when the second digital image is captured, the application system 400 may control a predetermined lighting device (e.g., a flash) installed in the portable terminal 200 to be activated. The lighting device may be activated automatically or may be induced to be activated by a user. The image acquisition module 410 included in the application system 400 allows the illumination device to emit light when capturing a user's face through the portable terminal 200, . In the case of performing such a control, the degree of reflection of the light when the face is photographed and when the face is photographed may differ so as to clearly distinguish it from a predetermined solution or the naked eye. That is, when reflection of light and photographing of a two-dimensional photograph are taken when a real object in a three-dimensional space is photographed on and off, reflection of light may have different image characteristics.

Of course, in order that the reflection characteristic of the light may well appear in the image, the application system 400 may guide and / or control the image capturing so that the image can be photographed while maintaining a certain distance from the object, . Or control such that an object to be imaged (e.g., ID, face, object, etc.) has a certain size on the entire image.

For example, when a photograph is photographed with a fresh light, a relatively large amount of light is reflected on the photographed photograph, or the light emission effect itself by the fresh light appears on the photograph. On the other hand, There may be no phenomenon or it may be relatively small. Therefore, the predetermined solution or staff provided in the authentication system 100 divides the difference into predetermined image recognition methods, and automatically determines whether the second digital image is a captured image of a real object or a captured image of a photo (or image) Or by visual inspection.

Depending on the implementation, this problem may be solved by shooting the user's face at a plurality of angles. For example, since the face image displayed on the ID card is an image whose face is normally directed to the front, the application system 400 allows the user to set the face image taken at a predetermined angle (e.g., front) So that the plurality of face images can be transmitted to the authentication system 100. In this case, the image of the real object at an angle that can not be obtained when the real object (e.g., the user's face) is photographed is photographed by the authentication system (100), it is possible to solve the above-described problems.

In some cases, an unauthorized user can take images photographed at different angles with respect to a specific object (e.g., a face), and when each of the fraudulent users photographs the respective images, the real object of the specific object is photographed (Or even if the particular object is not part of the user's body) authentication may be successful.

In order to solve such a problem, the image acquisition module 410 of the application system 400 may photograph the physical object at an angle (automatically or manually), and then determine whether the mobile terminal rotates at a certain angle, It is possible to judge whether or not it is moving by a distance. The image acquisition module 410 may receive the degree of rotation or the degree of motion of the portable terminal 200 from a sensor (for example, an inertial sensor or the like) provided in the portable terminal 200. When it is determined that the movement corresponding to the specific angle or the specific distance has been performed, the image acquisition module 410 may photograph the real object again. For example, the image acquisition module 410 may guide the portable terminal 200 to rotate clockwise or counterclockwise about the user's body after photographing the object at a predetermined angle. When the mobile terminal 200 is rotated by the specific angle or the specific distance, the user can guide the user to stop the rotation and then photograph the physical object automatically or manually.

As a result, the image acquisition module 410 may photograph the real object at a predetermined angle, and then photograph the real object again after moving a predetermined angle or distance. A plurality of images of the physical object captured and controlled by the image acquisition module 410 may be transmitted to the authentication system 100 through a communication module. In such a case, even if an unauthorized user is holding a plurality of images photographed at a plurality of angles with respect to a specific object, it is impossible to know how the angle or distance is determined by the image acquisition module 410, . Of course, the image acquisition module 410 or the authentication system 100 may arbitrarily determine the angle or the distance each time the authentication process is performed. In such a case, the possibility that the authentication is successful may be very low, if an unauthorized user uses a captured image of the two-dimensional image to disguised as if the real object was photographed (or if the real object is a face, disguised as a person).

Through the above-described technical idea, it is verified that a malicious user shoots a photograph or an image (e.g., a face image displayed on an ID card) without shooting the real object (his / her face) And the authentication system 100 may fail to authenticate the user if the second digital image received from the application system 400 is a photograph of a photograph or an image of the real object (the user's face) .

The technical idea that can distinguish whether a predetermined digital image of the present invention is an image obtained by photographing a physical object or an image obtained by photographing a photograph (or an image) from which the physical object is photographed is not limited to user authentication, It can also be widely used to authenticate whether or not it is authenticated.

For example, when a user performs a commercial transaction such as a transaction for a used article, there is a case where an image of an article not owned by the seller is uploaded to a predetermined service page to conduct a fraudulent transaction.

In this case, the application system 400 and / or the authentication system 100 can verify whether the image is an image of a real object or an image of the object, through the technical idea as described above.

For example, the image acquisition module 410 of the application system 400 may acquire at least one digital image (e.g., a three-dimensional object such as an object to be authenticated as possessed by the user or a three- (For example, a camera sensor or the like) of the portable terminal 200.

The communication module 430 may then transmit the at least one digital image to the authentication system 100.

The authentication system 100 receives at least one digital image from the communication module 430, and generates an image (hereinafter, referred to as " digital image " (Hereinafter, referred to as an 'image pickup image') or a two-dimensional image corresponding to the object (hereinafter referred to as an 'image pickup image'). And based on the result, authentication of the user corresponding to the object or whether the real object of the object is photographed can be performed by the authentication system 100. [

At this time, the digital image obtained and transmitted by the application system 400 may be one or a plurality of digital images. An image acquired by the application system 400 and transmitted to the authentication system 100, either one or multiple, will be defined as an image for authentication.

Then, the authentication image includes an image (hereinafter referred to as an " image ") in which the object (e.g., the article held by the user or the face of the user) is photographed , &Quot; illumination active image "). To this end, the image acquisition module 410 may control the portable terminal 200 to activate the lighting device automatically or manually as described above.

According to another embodiment, the authentication image may include a plurality of images obtained by photographing the object at different angles as described above. At least one of the plurality of images may be a light-activated image, and all of the plurality of images may be an image (hereinafter, referred to as a 'light-inactive image') in a state in which the illumination device is not activated.

According to the technical idea of the present invention, in order to judge whether at least one digital image photographed with respect to the object (for example, an article carried by a user or a user's face, etc.) is a real image or an image photographed image, The system 400 and / or the authentication system 100 may utilize a lighting active image and utilize a plurality of images photographed at different angles. To this end, the authentication system 100 may include a predetermined determination module 170.

When the illumination active image is used, the determination module 170 of the authentication system 100 determines whether or not the light received from the communication module 430 has been received from the communication module 430 in a state in which the information about the image characteristic appearing in the image- It is possible to determine whether the image characteristic appears in one image or a plurality of images.

The image characteristics that appear in the image capture image in the active illumination state may be, for example, an image feature associated with the reflection of the illumination.

For example, in the case of a live image in the active illumination state, the degree of reflection of the illumination may be small or absent, and in the case of the image taken image in the active illumination state, the degree of reflection of the illumination may be large. Or at least the actual image in the illumination active state is different between the degree of reflection of the light of the real object part and the degree of reflection of the background part, The degree of reflection of the portion of the illumination may be substantially the same. The authentication system 100 thus defines the real image in the light activated state and other image characteristics that appear in the image captured image, and thereby determines whether the digital image received from the application system 400 is a real image or an image captured image Can be determined. Of course, it may be different depending on the shooting environment of the object (e.g., the article held by the user or the face of the user).

In order to understand such image characteristics, the determination module 170 may include a predetermined learning module (not shown). The learning module (not shown) may receive a plurality of images as inputs and perform learning. For example, when a plurality of images (image shooting image and real image) are inputted in a lighting active state with respect to a predetermined object (for example, an article held by a user or a face of a user) Information about whether or not it is input as input parameters.

The learning module may then derive image features that appear in the image capture image in the active illumination state through various types of learning algorithms. For example, the image shown in Fig. 11A is an image pickup image in an active illumination state for a specific object (for example, a remote controller), and the image shown in Fig. 11B is a light for a specific object It shows the real image in the active state.

11, the image pickup image in the active illumination state has the same or similar reflected characteristics of the illumination of the object portion (e.g., the remote control portion) and the background portion, while the real image of the illumination active state is the object portion For example, the remote control portion) and the reflected characteristics of the illumination of the background portion may be dissimilar. Therefore, the reflection characteristics of the illumination of the object portion and the background portion may be learned as the image characteristics of the image capture image in the illumination active state. Of course, in the case where learning is performed by inputting a plurality of images in addition to these characteristics, various image characteristics can be learned by the learning module.

After the learning is performed, the determination module 170 determines whether the digital image is an image of a two-dimensional digital image or a three-dimensional real object based on the learning result of the learning module It is possible to determine whether the image is a photographed image.

The learning algorithm used by the learning module may be various types of machine learning or deep learning using a neural network. However, the learning algorithm is not limited to this, and may be a learning operation Any such possible algorithm can be used.

On the other hand, when the image characteristic is derived through the learning as described above, the authentication system 100 may receive only one digital image from the application system 400, May be determined. However, for more precise judgment, the authentication image may include the lighting active image and the lighting inactive image for a given object (e.g., an article carried by a user or a user's face, etc.). That is, the image acquisition module 410 may obtain both an illumination active image and a lighting disabled image for the same object, and may transmit the acquired images to the authentication system 100. [ Then, the authentication system 100 can perform an authentication process to more clearly determine whether the received images based on the illumination active image and the illumination inactive image are a real image or an image capture image.

For example, the determination module 170 may obtain image differences between the lighting active image and the lighting inactive image. It goes without saying that the information on the image difference can more clearly indicate the reflection characteristic of the illumination. Accordingly, the determination module 170 can determine whether the received images are image-captured images by determining whether the acquired information has the image characteristics of the image-captured image have. Of course, even in this case, the image characteristic may be grasped by the authentication system 100 in advance by learning, or may be grasped in various other ways.

Also, as described above, the authentication image may include a plurality of images in which the object (e.g., an article held by a user or a user's face) is photographed a plurality of times at different angles. The determination module 170 may determine whether the authentication image is a real image or an image capture image based on the plurality of images.

According to an example of determining whether the authentication image is a real image or an image-captured image based on the plurality of images, the determination module 170 may determine whether the same object (e.g., The user may determine that the authentication process has been successful by only receiving a plurality of images of the captured images. However, as described above, if an unauthorized user has a plurality of images taken at different angles, there is a risk that wrong authentication may be performed. Accordingly, after the application system 400 photographs the object at a predetermined angle as described above, it determines whether the photographing angle of the portable terminal is changed to a specific angle through a sensor included in the portable terminal, It may control the mobile terminal 200 to photograph the object when it is determined that the object has changed to an angle. The particular angle (or specific distance) may be arbitrarily selected by the image acquisition module or the authentication system. In this case, the application system 400 and the authentication system 100 may share information about the specific angle (or a specific distance) through communication, and the authentication system 100 may perform the authentication process A process of determining whether the degree of change of the photographing angle of the received plurality of digital images corresponds to the specific angle may be included. In this case, authentication can be judged to be successful by the authentication system 100 only when images with a difference in an arbitrarily selected angle (or distance) are received, so that an unauthorized user can not recognize the object (for example, Etc.), even if they have a plurality of images taken at different angles. Of course, such an effect may exist even when the application system 400 controls to shoot the next image only when the specific angle is changed after the image is taken at a predetermined angle.

In addition, as described above, both the image (real image) in which the user's face is photographed for user authentication and the image in which the user's face is displayed (for example, ID) 100), the image of either one of the two images may be a light-activated image.

As a result, according to the technical idea of the present invention, regardless of whether or not the verification information is used, the application system 400 transmits a predetermined object (for example, an article owned by the user or the like) to the authentication system 100 through the above- The user's face, etc.), and can authenticate whether the physical object of the object has been photographed or not by judging whether the digital image is an image photographed image or a real image .

According to another embodiment of the present invention, whether or not the predetermined digital image determined by the determination module 170 is a real image or an image taken image must be performed by the authentication system 100 Maybe not.

According to an exemplary embodiment of the present invention, the determination process performed by the determination module 170 (i.e., determining whether a predetermined digital image is a real image or an image captured image) may be performed by the application system 400. [ The application system 400 may include a determination module 440 for this purpose.

In this case, when the image acquisition module 410 acquires at least one digital image for an object through the image shooting means of the portable terminal 200, the determination module 440 determines whether the image acquisition module 410 receives the at least one digital image, It is possible to determine whether the digital image is a three-dimensional object image or a two-dimensional image image, based on at least one digital image obtained through the two- In addition, the determination module 440 may include a learning module (not shown) as described above, and image characteristics as described above may be learned by a learning module included in the application system 400. [ In some implementations, learning of image characteristics may be performed by the authentication system 100, and a learning module included in the determination module 440 may receive a result of performing the learning.

Also, as described above, the image acquisition module 410 included in the application system 400 may acquire at least one of the at least one digital image as a light active image, or may acquire a plurality And the determination module 440 can determine whether the authentication image is a real image or an image taken image based on the at least one digital image thus obtained, that is, the authentication image .

The application system 400 may transmit the authentication image to the authentication system 100 only when the authentication image is a real image as a result of the determination by the determination module 440. [

The technical idea for determining whether the digital image photographed for a predetermined object is a real image or an image photographed image as described above according to the present invention is an application system 400 installed in the portable terminal 200 ) Or the authentication system 100, as shown in FIG.

That is, any system having data processing capability (hereinafter, referred to as a 'digital image determination system') for realizing the technical idea of the present invention can implement the above technical idea.

A schematic configuration of the digital image judgment system is shown in Fig.

12 shows a schematic configuration of a digital image determination system 500 according to the technical idea of the present invention.

Referring to FIG. 12, the digital image determination system 500 may include an acquisition module 510 and a determination module 520.

The digital image determination system 500 may be implemented in the application system 400 installed in the portable terminal 200 described above and may be implemented in the authentication system 100 but may be implemented in any data processing system .

The acquisition module 510 included in the digital image determination system 500 may acquire at least one digital image (an image for authentication) that is intended for a predetermined object. The acquisition module 510 may acquire the authentication image from the image capturing means provided in the digital image determination system 500 when the digital image determination system 500 includes the image capturing means. According to an embodiment, the acquisition module 510 may obtain the authentication image through communication with the outside. Wherein the authentication image may include at least one lighting active image that targets the object as described above. According to an embodiment, the authentication image may include a plurality of images obtained by photographing the object at different angles.

Then, the determination module 520 determines whether the digital image is a three-dimensional object image or a two-dimensional image image, based on the authentication image acquired by the acquisition module 510 .

The determination process performed by the determination module 520 may be the same as that of the determination module 170 included in the authentication system 100.

As a result, the technical idea of the present invention to determine whether a digital image is a real image or an image taken image can be implemented by various data processing systems (i.e., the digital image determination system 500) in various environments.

On the other hand, the authentication system 100 judges whether or not the authentication information (for example, photographing time, photographing position, and / or identification information of the portable terminal) You can reduce the risk. The application system 400 installed in the mobile terminal can insert the verification information as the insertion information for each image as described above.

In particular, when a first digital image that is the object of the first object and a second digital image that is the object of the second object are used for authentication, the authentication system 100 determines the shooting time of the first digital image, 2 It is possible to judge whether the photographing time of the digital image satisfies a predetermined time condition. The time condition may be when the two images are photographed at the same time or within a predetermined time difference. In the case of photographing at the same time, for example, the first object and the second object may be photographed simultaneously using the front camera and the rear camera of the portable terminal. According to an embodiment, the application system 400 may be controlled so as to simultaneously photograph the first object (e.g., identification card with a face marked) and the second object (e.g., a face of the user) The application system 400 and / or the authentication system 100 may be implemented so that the authentication of the user is only successful if the authentication of the user is successful.

When the user's face is photographed and transmitted, there is an effect that an attempt by an unauthorized user to actually authenticate the user with false information can be reduced.

In another embodiment, the digital image may be a face of the user, an identification card, or an image taken together with a unique identity verification object and an occupancy verification object.

Here, the object to be occupied confirmation may refer to various articles or devices that need to be confirmed that the user of the portable terminal has occupied or possessed. For example, when the user of the portable terminal desires to sell a used article, it is necessary to confirm that the user of the portable terminal occupies a used article. Therefore, in this case, the used goods may be an object to be occupied. For example, the digital image may be a financial transaction book or financial account confirmation and a single image of the object to be verified at a time. Since the digital image may be an image obtained by photographing the means for authenticating the user and the object to be occupied together, there is an effect that the reliability of the possession of the owner of the portable terminal is strengthened.

4 is a flowchart specifically illustrating an authentication method using a digital image according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the portable terminal 200 captures an ID image P (S200) and transmits it to the authentication system 100 (S210).

Then, the authentication system 100 can extract the first verification information inserted in the received ID photo (S220). The first verification information may be included in the metadata or may be embedded in the image information in a predetermined manner (e.g., watermark, steganography, stamp, etc.).

The first verification information may include location information of a place where the digital image is photographed, identification information of a device that photographed the digital image, and / or time information when the digital image was photographed. This information can be used to validate the digital image. Also, as described above, the first verification information may include information displayed on an object of the digital image, and such information may be used for authentication of a user as described above.

Therefore, the authentication system 100 can acquire, for example, positional information VP1 of a place where the digital image is photographed, identification information VI1 of a device that photographed the digital image, and / It is possible to extract the photographed time information VT1.

Meanwhile, the authentication system 100 may correspond to the first verification information, and may acquire second verification information corresponding to the portable terminal.

More specifically, the authentication system 100 may acquire time information VT2 of the portable terminal 200 transmitting the ID picture (S230). Alternatively, the authentication system 100 can receive the location information of the portable terminal 200 from the mobile communication company system 300 corresponding to the portable terminal 200 or the portable terminal 200 (S231) Identification information may be received from the mobile terminal 200 or the mobile communication company system 300 corresponding to the mobile terminal 200 at step S232.

The authentication system 100 then determines whether the location VP1 of the location where the digital image was captured and the location VP2 of the portable terminal 200 satisfy a predetermined location condition, (VT1) at which the digital image was photographed and a time (VT2) at which the digital image was received from the portable terminal (200), whether or not the identification information (VI1) The validity of the ID photo can be verified by determining whether the predetermined time condition is satisfied (S240).

If it is determined that the ID photo is valid, the authentication system 100 can directly authenticate the user who transmitted the ID photo as a legitimate user or authenticate the user through a predetermined process (S250) . For example, the process may be a validation of the identification information. Alternatively, the user may be authenticated by checking whether the information (for example, name, date of birth, resident number, etc.) stored in the authentication system 100 matches the information obtained from the object of the digital image.

5 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention. It will be readily apparent to one of ordinary skill in the art that the order of execution of the processes shown in FIG. 5 may be easily changed as needed.

Referring to FIG. 5, the user may transmit identification information for identity authentication to the authentication system 100 through a predetermined terminal (S300). Of course, according to an embodiment, the identification information may be transmitted through the portable terminal 200.

Also, the authentication system 100 may receive a digital image from the portable terminal 200 (S310). Then, the authentication system 100 may transmit the identification information to the target system 300 (S320). The target system 300 can confirm the validity of the received identification information and transmit the result to the authentication system 100 (S330, S340).

Also, the authentication system 100 may obtain verification information from the digital image (S330-1). The verification information may simply be information displayed on an object of the digital image. The verification information may also include information embedded in the digital image to determine the validity of the digital image, as described above.

Then, the authentication system 100 may determine whether the identification information is valid and whether the verification information (e.g., personal information, card information, etc.) and the identification information correspond to each other (S350). If the verification information and the identification information correspond to each other, the user can authenticate that the user is a legitimate user (S360). Of course, according to an embodiment of the present invention, the authentication system 100 further verifies the validity of the digital image and authenticates the user as a legitimate user until authentication of the digital image is validated S360).

6 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention. It will be readily appreciated by those of ordinary skill in the art that the order of execution of the processes illustrated in FIG. 6 may also be readily modified as needed.

6, the user may transmit only the first partial identification information to the authentication system 100 through the terminal or the mobile terminal 200 (S400). In addition, the user may transmit the digital image photographed by the portable terminal 200 to the authentication system 100 through a predetermined terminal or the portable terminal 200 (S410).

Then, the authentication system 100 may extract second partial identification information, which is a remaining part of the identification information, from the digital image (S430). The authentication system 100 can identify the identification information using the extracted second partial identification information and the received first partial identification information (S430).

Then, the authentication system 100 can confirm the legitimacy of the identification information through communication with the target system 300 corresponding to the identification information (S440, S450, S460).

If the validity of the identification information is confirmed, the authentication system 100 may authenticate the user as a legitimate user (S470). According to an embodiment, the validity of the digital image may be verified as described above, and the validity of the digital image may be verified to finally authenticate the user as a legitimate user (S470).

7 shows an example of an application system according to an embodiment of the present invention.

Referring to FIG. 7, the application system 400 may refer to a system in which an application for implementing the technical idea of the present invention and the hardware of the portable terminal 200 are combined and implemented.

The application system 400 may include an image acquisition module 410 and an insertion module 420. The application system 400 may further include a communication module 430.

The image acquisition module 410 may acquire a digital image photographed through an image photographing means (for example, a camera application and / or a camera) included in the portable terminal 200. The digital image may be an image photographed by the portable terminal 200 on a predetermined object as described above. The object may be an object designated by the authentication system 100.

The insertion module 420 may insert the insertion information into the digital image acquired by the image acquisition module 410. The insertion information may refer to information that is artificially inserted by the application system 400 among the verification information included in the digital image as described above. In addition to the insertion information, the verification information may include information automatically included in the digital image by the image photographing unit, and may be defined as auto information to distinguish the information from the insertion information.

According to the technical idea of the present invention, when the insertion information is inserted into the digital image and the digital image in which the insertion information is inserted is transmitted to the authentication system 100, the insertion information can be verified by the authentication system 100 . If the validity of the insertion information is determined by the authentication system 100, the validity of the digital image or the user of the portable terminal can be authenticated.

As described above, the insertion module 420 may insert the insertion information into the metadata of the digital image. Alternatively, the insertion module 420 inserts the embedded information into the image information of the digital image in a predetermined manner (e.g., steganography, watermark, Etc.).

When the insertion information is embedded in the metadata, the metadata may be data that can be easily accessed and manipulated by general users as compared with the case where the insertion information is inserted into the image information. Therefore, the insertion module 420 can encrypt or insert the insertion information in a predetermined position. Of course, the encrypted or hashed insertion information can preferably be decrypted or verified by the authentication system 100 only. Of course, when the insertion information is the hashed information, the authentication information may be stored in the authentication system 100 in advance. The insertion information may be, for example, one-time information transmitted by the authentication system 100 or may include identification information of the object to be subjected to the identification information and / or the digital image of the portable terminal 200 have.

Meanwhile, the metadata may include information on the auto information (for example, the photographing position and the photographing time of the digital image), and the auto information may be the verification information to be verified. In this case, there is a risk that the auto information can be easily manipulated by the user as described above.

Therefore, the inserting module 420 may insert the inserted information (for example, encryption, encoding, etc.) into the auto information by replacing the auto information inserted in the meta data by the image photographing means in a predetermined manner . The modified insertion information can be restored only by the authentication system 100, so that when the auto information is further changed or manipulated, the authentication system 100 can recognize this and can treat the authentication or verification as failed.

According to an embodiment, the auto information may be inserted into the metadata separately (encrypted or encoded) corresponding to the auto information while being stored in the metadata. In this case, the validity of the digital image or the user can be authenticated using the insertion information instead of the auto information, so that even if the user operates the auto information, the authentication mechanism can operate effectively.

According to one embodiment, the inserting module 420 inserts the insertion information into the digital image or acquires the digital image if authentication of the subject provided by the target system 300 is successful through the target system 300 .

For example, the portable terminal 200 may request authentication of the authentication system 100, and the authentication system 200 may communicate with the target system 300 via the target system 300 ) To perform authentication of the user provided by the user. The subject authentication provided by the subject system 300 may be to authenticate whether the predetermined identification information corresponds to the registration information registered in the subject system 300 as described above. Or may be a conventional mobile phone authentication, card issuer authentication, or the like.

The communication module 430 included in the application system 400 may receive a result signal of the authentication result provided by the target system 300 from the authentication system 100 and / or the target system 300 , Or may be requested to proceed with the additional process from the authentication system 100 that has confirmed the identity verification result without receiving the authentication result signal.

According to an exemplary embodiment of the present invention, the authentication system 100 may transmit an image transmission request to the application system 400 upon confirming that authentication of the user is successful through the target system 300. That is, the image transmission request may be transmitted to the application system 400 when it is determined that the authentication of the user is successful, wherein the image transmission request is a request to the user to take a digital image, It may mean a request to insert insertion information according to the technical idea of the invention. The insertion module 420 may insert predetermined insertion information into the digital image.

For example, when the target system 300 is a mobile communication company system, the mobile terminal 200 can authenticate a mobile phone provided by the mobile communication company system. Then, the application system 400 can receive a signal indicating that the authentication of the mobile phone 200 is successful. If the authentication of the mobile phone 200 is successful, the application system 400 inserts insertion information (for example, identification information of the mobile terminal 200 Device identification information, OS identification information, etc.), image capturing time, photographing position, etc.).

According to the embodiment, the application system 400 may be notified of an additional process such as photographing a predetermined object from the authentication system 100, The user can shoot the object through the portable terminal 200, and the application system 400 can insert the information into the digital image targeted for the object.

In this case, since authentication of the mobile phone 200 is successful, it can be authenticated that the owner of the mobile terminal 200 occupies the mobile terminal 200. Also, if the validity of the insertion information is authenticated, it can be authenticated that the object is photographed by the portable terminal 200. Therefore, it is verified that the legitimate owner of the portable terminal 200 possesses the object with the portable terminal 200, so that the effect of the enhanced personal authentication can be obtained.

On the other hand, identification information may be required for the authentication of the subject provided by the target system 300, as described above. For example, the personal information (e.g., name, sex, date of birth, or resident registration number) or cell phone number or card information may be the identification information.

When the user's personal information is displayed on the object, at least some of the user's personal information to be included in the identification information can be automatically recognized and used without the user having to input the information displayed on the object. For example, the user can perform the act of photographing the object without inputting the user's personal information using the portable terminal 200 or a predetermined terminal. The user personal information may then be recognized by the application system 400 or may be recognized by the authentication system 100 and / or the target system 300 so that the identity authentication provided by the target system 300 may be performed have. In this case, not only the user's convenience is enhanced but also the user can carry out the authentication of the user while holding the object.

The identification information (e.g., hardware identification information, OS identification information, and / or telephone number) of the mobile terminal 200 may be inserted into the digital image as the insertion information as described above. When the user authentication using the digital image is successful as described above, for example, the authentication of the user provided by the mobile communication company system, which is the target system 300, is successful and the legitimacy of the identification information of the mobile terminal 200, The device having the identification information of the mobile terminal 200 is recognized as belonging to the user requesting the authentication (and / or the user is recognized as occupied) It can be said that The authentication system 100 may store the identification information of the portable terminal 200 that has successfully authenticated the user. When the digital image is received by the authentication system 100, If the identification information of the terminal corresponds to the identification information already stored (i.e., the identification information of the terminal that has succeeded in user authentication), it is determined that the identity authentication has succeeded even if the authentication result of the user through the target system 300 is not separately confirmed It is possible.

According to an embodiment, an application system for implementing the technical idea of the present invention, which can be implemented as an independent application or an application included in another application (e.g., an application such as a financial institution) The identification information of the portable terminal 200 of the user can be confirmed. Then, the authentication system 100 can store the identification information of the portable terminal 200 of the user installed with the application system through communication with the application system (after the authentication of the user of the portable terminal 200 is successful) When the digital image is received by the authentication system 100, if the identification information of a predetermined terminal inserted as insertion information in the digital image corresponds to identification information already stored, Even if the authentication result of the user is not confirmed, it is possible to confirm that the portable terminal equipped with the application system is the device which has passed the authentication of the user and judge that the authentication of the user is successful.

When the identification information of the portable terminal 200 inserted in the digital image is already verified by the authentication system 100, the identification information of the portable terminal 200 is used as information indicating a legitimate user's device . Therefore, when the digital image including the identification information of the portable terminal 200 is received by the authentication system 100 and the identification information of the portable terminal 200 is stored in the authentication system 100, It is possible to determine that the authentication of the user is successful without performing the authentication of the user through the authentication unit 300.

Similarly, the portable terminal 200 may insert the insertion information based on the identification information and the card information of the portable terminal 200 into the digital image in a predetermined manner (for example, simply combining, encrypting, and / or hashing) . When the user is authenticated using such a digital image, it is possible to determine that the authentication of the user is successful without separately performing the card authentication through the target system 300.

Meanwhile, the application system 400 may include a communication module 430.

The communication module 430 may communicate with the authentication system 100.

The communication module 430 may transmit the digital image having the embedded insertion information to the authentication system 100. At this time, the communication module 430 may transmit the digital image acquired by the image acquisition module 410 to the authentication system 100 for a predetermined time (for example, several seconds) from the acquisition time. Of course, the insertion information can be inserted before transmission. In this case, since there is little time margin for the insertion information to be forged by the user, security is improved. Of course, the communication module 430 does not transmit the digital image stored in the portable terminal 200 to the authentication system 100, but only the digital image newly photographed by the portable terminal 200 A function controlled to be transmitted to the system 100 may be implemented.

According to an example, the communication module 430 may receive an image transmission request from the authentication system 100 requesting transmission of a digital image. The image transmission request may be transmitted to the mobile terminal 200 through a messaging method such as SMS or may be transmitted to the application system 400 through a push message method. Various embodiments may be possible.

When the user selects the image transmission request, the image photographing means can be activated. Then, the user can shoot a predetermined object, and the digital image from which the object is captured can be acquired by the image acquisition module 410. [ The insertion module 420 may then insert the insertion information into the digital image and send the inserted digital image to the authentication system 100 corresponding to the image transmission request within a predetermined time. In such a case, the forgery and falsification of the insertion information may be very difficult.

According to an embodiment, the insertion module 420 may set the predetermined insertion information so that the insertion information is taken together with the digital image when the user captures a predetermined object. As described above, the order of execution of the processes shown in the embodiment can be variously and easily changed as needed, and the shooting method can be varied, so that the average expert in the technical field of the present invention can easily deduce.

Meanwhile, the communication module 430 may receive information to be included in the insertion information from the authentication system 100. Here, the insertion information may be one-time information generated by the authentication system 100.

The one-time information is received from the authentication system 100, and the one-time information received by the communication module 430 may be inserted into the digital image as insertion information. At this time, the insertion information may include only the one-time information, and other information may be inserted as the insertion information together with the one-time information.

Alternatively, the insertion information may be generated based on one-time information and other information. At this time, the insertion information is extracted by the authentication system 100, and the one-time information can be restored based on the extracted insertion information . In any case, the digital image may be embedded with insertion information based on the one-time information (that is, information including only one-time information, information including one-time information or information generated based on one-time information and other information) have.

When the insertion information based on the one-time information is inserted into the digital image, the insertion information becomes information that can not be reused, thereby enhancing security. Accordingly, there is an effect that the user can not use the image once captured by the user for authentication again. This has the effect of preventing the user from succeeding in authentication even when the user acquires the user's portable terminal or illegally acquires the image.

The authentication system 100 can verify whether the one-time information corresponds to the information transmitted by the user while verifying the insertion information, thereby authenticating the validity of the digital image or the user.

In addition, when the user is authenticated using the digital image as described above, a digital image on which a plurality of objects are captured may be used. In this case, the information displayed on the plurality of objects corresponds to each other, Can be authenticated.

On the other hand, when a plurality of objects are included in each of the plurality of digital images, that is, one of the first digital images is included in the first object and the second object is included in the second digital image.

At this time, if the insertion information to be inserted is specified, the insertion module 420 may insert the insertion information into the first digital image and the second digital image by dividing the insertion information. Of course, the verification information may be included in each digital image, as described above, or the insertion information may be embedded in each digital image by the application system 400.

The first digital image and the second digital image may then be transmitted to the authentication system 100 by the communication module 430 and the first digital image and the second digital image may be transmitted by the authentication system 100, The insertion information segmented from each of the digital images can be obtained and the insertion information can be specified. The authentication system 100 may then verify the insertion information and authenticate the user accordingly.

In this case, even if the insertion information inserted in one of the digital images is forged, authentication can not be successfully performed by the authentication system 100 unless the digital image inserted in the remaining digital images is forged or modified to correspond to the original insertion information. It can bring about synergy of excellent security.

8 is a flowchart illustrating an operation process of an application system according to an embodiment of the present invention.

Referring to FIG. 8, the authentication system 100 may transmit an image transmission request to the mobile terminal 200 (S500). Of course, the user may voluntarily proceed without an image transfer request.

When the image transmission request is received, the user can activate the application system 400 (S510). The application system 400 can photograph / acquire an image by controlling the image capturing means installed in the portable terminal 200 (S520). Then, predetermined insertion information may be inserted into the obtained digital image (S530). Then, the application system 400 may transmit the digital image to the authentication system 100 within a predetermined time (S540), and the authentication system 100 may transmit the insertion information only for the digital image transmitted within a predetermined time And validates the validity of the digital image or the user according to the result (S550).

9 is a flowchart illustrating an operation procedure of an application system according to another embodiment of the present invention.

Referring to FIG. 9, the application system 400 installed in the portable terminal 200 can specify insertion information (S600). The insertion information may be entered by the user, determined by the image capturing means, or transmitted from the authentication system 100. Or may be determined automatically by the portable terminal 200. [

The application system 400 may then control the image capturing means to obtain the first digital image and the second digital image (S610, S630). Then, the application system 400 divides the insertion information in a predetermined manner, inserts the divided first partial insertion information into the first digital image, and inserts the divided second partial insertion information into the second digital image (S620, S640). According to the embodiment, the order of acquisition of the digital image and the insertion order of the partial insertion information can be variously changed.

The application system 400 may then transmit the first digital image and the second digital image to the authentication system 100 at step S650 and the authentication system 100 may generate the first partial insertion information and the second partial image information from each digital image, 2 partial insertion information can be obtained. As a result, the insertion information can be confirmed (S660), the validated insertion information can be verified, and the validity of the digital image or the user can be authenticated according to the result (S670).

According to another embodiment of the present invention, the application system 400 may include an image acquisition module 410 and a communication module 430. The image acquisition module 410 may acquire a digital image targeted to a predetermined object as described above and the communication module 430 may transmit the acquired digital image to the authentication system 100. [

The authentication system 100 can confirm whether the information displayed on the object and the identification information of the portable terminal correspond to registration information registered in the target system 300 connected to the authentication system through communication with the target system 300 have. In addition to the legitimacy of the identification information, the occupancy authentication of the portable terminal 200 can be performed by the target system 300. In this case, the conventional authentication of the cellular phone can be performed.

In some embodiments, the authentication system 100 may further determine the validity of the verification information included in the digital image, in addition to authenticating the user of the portable terminal 200 in conjunction with the subject system 300 The validity of the verification information must be confirmed before authenticating the user. The verification information may be, for example, a photographing time, a photographing position, or the like of a digital image that is automatically inserted into the digital image, and may be information that is artificially inserted by the insertion module 420 included in the application system 400 The identification information and / or the one-time information of the mobile terminal 200, etc.). The fact that the validity of the verification information is authenticated means that the validity information includes a case where at least one of the plurality of different information is authenticated.

The authentication system 100 according to the technical idea of the present invention can not be used only for the non-face-to-face authentication, and the authentication system 100 according to the technical idea of the present invention needs to prevent the forgery or theft of the photo And can be employed in various services and systems. For example, a system of an automobile insurance company that provides a service that checks the mileage or black box installation and provides discounts on insurance premiums, or even if you do not have the goods to be sold at the time of sale of the used goods, An authentication system 100 according to the technical idea of the present invention can be applied to a used goods trading system for preventing the case of pretending to own the object.

On the other hand, according to an embodiment, the authentication system 100 may include a processor and a memory for storing a program executed by the processor. The processor may include a single-core CPU or a multi-core CPU. The memory may include high speed random access memory and may include non-volatile memory such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state memory devices. Access to the memory by the processor and other components can be controlled by the memory controller. Here, when the program is executed by a processor, the program may cause the authentication system 100 according to the present embodiment to perform the above-described authentication method.

Meanwhile, the authentication method according to the embodiment of the present invention may be implemented in the form of a program-readable program command and stored in a computer-readable recording medium. Also, the control program and the target program according to the embodiment of the present invention may be stored in a computer- And the like. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of software.

Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner.

Examples of program instructions include machine language code such as those produced by a compiler, as well as devices for processing information electronically using an interpreter or the like, for example, a high-level language code that can be executed by a computer.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

It is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. .

Claims

1. An application system installed in a portable terminal,
An image acquiring module for acquiring at least one digital image targeted at an object through an image photographing means of the portable terminal;
And a communication module for transmitting the at least one digital image acquired by the image acquisition module to an authentication system,
Wherein, when the at least one digital image is received by the authentication system, it is judged whether the digital image is a three-dimensional object image or a two-dimensional image image based on the received at least one digital image And an authentication process of authenticating a user corresponding to the object or authenticating whether the object is photographed is performed,
Wherein the image acquisition module comprises:
Obtain at least one of the at least one digital image as a light active image,
A system in which a plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed are received in a state in which the illumination device is activated, and the image characteristics of the light active image are learned through machine learning or deep learning Wherein the authentication system determines whether the digital image is a three-dimensional object image or a two-dimensional image image, according to a learning result.

delete

1. An application system installed in a portable terminal,
An image acquiring module for acquiring at least one digital image targeted at an object through an image photographing means of the portable terminal;
And a communication module for transmitting the at least one digital image acquired by the image acquisition module to an authentication system,
Wherein, when the at least one digital image is received by the authentication system, it is judged whether the digital image is a three-dimensional object image or a two-dimensional image image based on the received at least one digital image And an authentication process of authenticating a user corresponding to the object or authenticating whether the object is photographed is performed,
Wherein the at least one digital image transmitted to the authentication system comprises:
A first image based on a user's first face image displayed on the object and a second image based on a second face image on which the user's real face is captured,
Wherein the image acquisition module comprises:
And acquires the first image and the second image simultaneously or within a predetermined time difference through each of a plurality of image acquiring means provided in the portable terminal.

delete

8. The system of claim 7,
And an editing module for arranging and comparing the first image and the second image in a first area and a second area of a predetermined UI.

1. An application system installed in a portable terminal,
An image acquiring module for acquiring at least one digital image targeted at an object through an image photographing means of the portable terminal;
And a communication module for transmitting the at least one digital image acquired by the image acquisition module to an authentication system,
Wherein, when the at least one digital image is received by the authentication system, it is judged whether the digital image is a three-dimensional object image or a two-dimensional image image based on the received at least one digital image And an authentication process of authenticating a user corresponding to the object or authenticating whether the object is photographed is performed,
Wherein the at least one digital image transmitted to the authentication system comprises:
A first image based on a user's first face image displayed on the object and a second image based on a second face image on which the user's real face is captured,
Wherein the application system or the authentication system comprises:
An editing module for determining respective positions indicating a specific region from the first face image and the second face image and arranging the first face image and the second face image so as to overlap and to make a comparison based on the respective positions, Lt; RTI ID = 0.0 > 1, < / RTI >

11. The system of claim 9 or 10,
The first face image itself; or
Using the first face image as the first image with the image processed based on the image attribute of the second face image,
Wherein the second image is an image obtained by processing the second face image itself or the second face image based on an image attribute of the first face image as the second image.

delete

1. An application system installed in a portable terminal,
An image acquiring module for acquiring at least one digital image targeted at an object through an image photographing means of the portable terminal; And
When the at least one digital image is acquired through the image acquisition module, determines whether the digital image is a three-dimensional object image or a two-dimensional image image, based on the acquired at least one digital image And a determination module,
Wherein the image acquisition module comprises:
Obtain at least one of the at least one digital image as a light active image,
Wherein the determination module comprises:
A plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed are received in a state in which the illumination device is activated, and the image characteristics of the illumination active image are learned through machine learning or deep learning, And determines whether the digital image is a three-dimensional real object or a two-dimensional image according to the result.

An acquisition module for acquiring at least one digital image intended for a given object; And
A determination module for determining whether the digital image is a three-dimensional object image or a two-dimensional image image based on the at least one digital image acquired by the acquisition module,
Wherein the determination module comprises:
Determining whether the digital image has taken a three-dimensional object or a two-dimensional image based on at least one lighting active image included in the at least one digital image,
Wherein the determination module comprises:
A plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed are received in a state in which the illumination device is activated, and the image characteristics of the illumination active image are learned through machine learning or deep learning, And determining whether the digital image is a three-dimensional object or a two-dimensional image according to a result of the determination.

delete

In an authentication system,
An image receiving module for acquiring at least one digital image of an object from a portable terminal; And
It is determined whether the digital image is a three-dimensional object or a two-dimensional image, based on at least one digital image received by the image receiving module, And a determination module that performs an authentication process of authenticating whether or not the object is photographed,
Wherein the determination module comprises:
Determining whether the digital image has taken a three-dimensional object or a two-dimensional image based on at least one lighting active image included in the at least one digital image,
Wherein the determination module comprises:
A plurality of images in which a three-dimensional object is photographed and a plurality of images in which a two-dimensional image is photographed are received in a state in which the illumination device is activated, and the image characteristics of the illumination active image are learned through machine learning or deep learning, And determines whether the digital image is a three-dimensional real object or a two-dimensional image.

A digital image determination system comprising: obtaining at least one digital image intended for a given object;
Determining whether the digital image has taken a three-dimensional object or a two-dimensional image based on the acquired at least one digital image,
Wherein the step of determining whether the digital image captures a three-dimensional object or a two-
Wherein the digital image determination system comprises at least one illumination active image included in the at least one digital image, a plurality of images in which a three-dimensional object is photographed and a plurality of photographed images Judges whether the digital image is a three-dimensional object image or a two-dimensional image image based on the learning result of the image characteristic of the illumination active image learned through machine learning or deep learning Wherein the digital image determination method comprises the steps of:

A computer program installed in a data processing apparatus and recorded in a computer-readable recording medium for performing the method according to claim 19.

delete