KR102146088B1 - User Authentication System using OCR - Google Patents

Abstract

The present invention relates to a user authentication system using optical character recognition, and the technical problem to be solved is an authentication system that is easy and simple like knowledge-based authentication and does not enter a password, so that password leakage is impossible. Thus, it is to provide a user authentication system using optical character recognition that performs user authentication.
To this end, the present invention provides a user terminal for transmitting an ID and a text image; An authentication server that receives an ID and text image from a user terminal and uses the ID and text image when registering a user or logging in to a user; An optical character recognition server for receiving a text image from an authentication server, extracting text information using an optical text recognition method, and transmitting the text information to an authentication server; And a database server in communication with the authentication server.

Description

User authentication system using optical character recognition {User Authentication System using OCR}

The present invention relates to a user authentication system using optical character recognition.

With the spread of smart devices and the expansion of information and communication technology-based services from a local network environment to a cloud environment, the range of information distribution is expanding. In this way, information infringement accidents are increasing with the expansion to the cloud environment. In particular, in the cloud environment using virtualization service technology, the possibility of personal information protection is very high, so personal authentication technology and various methods for protecting personal information Is discussed, and research to apply it is actively underway.

In general, the authentication system is a system that authenticates all processes that confirm whether the subject requesting the authority to access information has the authority, and authentication is performed using authentication factors classified into possession-based, knowledge-based, and characteristic-based. . Recently, in order to protect information from hacking, the financial sector or the game industry is proceeding with a two-step authentication requesting a one-time password such as OTP (One Time Password) after one-step authentication using ID and password. However, the OTP generator that can receive the OTP service must always be kept, and the OTP authentication program installed in the smartphone has a problem that the procedure for issuing OTP is difficult and cannot be used if there is no battery. Although two-step authentication is more secure than one-step authentication, it is not necessarily used by many people because the authentication process is complex and takes a long time, and companies that provide authentication services are not mandatory.

Knowledge-based authentication is the most used authentication factor at present, and it is a service that many people use because it has the advantage of easy and simple authentication using an ID or email address and password. However, if the password used for knowledge-based authentication is complicated and long managed, it is difficult for the person to memorize it, and in many cases, numbers (birthday, social security number, mobile phone number, etc.) or words (English initials, family English names, etc.) are used. There is a drawback that is easy to be exposed to the outside. In addition, since the same password is often used by multiple sites, there is a problem that if the password is exposed on one site, it can cause great damage, and it is difficult to recognize even if the password is exposed. As a research that allows users to easily and simply perform authentication using a smart device that can be carried at all times, there is an authentication method using a QR code. When a user enters an ID or pin code at the site to log in, a QR code containing information for authentication is displayed on the screen. When a user shoots a QR code through a camera using an application of his or her smart device, the authentication process proceeds by performing authentication on the server. It is used in WeChat, Line, and WhatsApp services, and it has been evaluated as safe in that it can easily log in without using an account name or password and generates random secret codes. However, recently, a technology that can hack user authentication using QRLJacking, which is called QR code-based login system hijacking, is under threat.

The above-described information disclosed in the background technology of the present invention is only for improving an understanding of the background of the present invention, and thus may include information not constituting the prior art.

The problem to be solved of the present invention is an authentication system that is easy and simple like knowledge-based authentication, and it is impossible to leak a password because it does not enter a password. User authentication using optical character recognition that performs user authentication using characters read using an image It is to provide the system.

In addition, the problem to be solved of the present invention is to perform authentication using text information read from an image, and since it has a characteristic that authentication is impossible even with slight image deformation, it has high security and does not require memorizing difficult and complicated passwords. It is to provide a user authentication system using recognition.

A user authentication system using optical character recognition according to an embodiment of the present invention,

A user terminal for transmitting an ID and text image;

An authentication server that receives an ID and text image from a user terminal and uses the ID and text image when registering a user or logging in to a user;

An optical character recognition server for receiving a text image from an authentication server, extracting text information using an optical text recognition method, and transmitting the text information to an authentication server; And

It may include a database server that communicates with the authentication server.

The authentication server generates first string information by randomly extracting characters using random number information from the character information received from the optical character recognition server upon user registration, and generates a first one-way hash using the first string information, The ID, the first one-way hash, and random number information may be transmitted to and stored in the database server.

The authentication server receives the random number information used for user registration from the database server when the user logs in, generates second string information by using the random number information in the text information recognized from the text image received when the user logs in, and generates the second string information. A second one-way hash may be generated using the information, and the second one-way hash may be compared with the first one-way hash stored in the database server.

The authentication server may discard the text image after user registration.

The authentication server may discard the text image received when the user logs in after the user logs in.

The optical character recognition server may include Google Cloud Vision API.

The ID may include an email address.

In addition, a user authentication system using optical character recognition according to an embodiment of the present invention includes a user terminal for transmitting an ID and a text image; An authentication server receiving an ID and text image from a user terminal and using the ID and text image when registering a user or logging in to a user; An optical character recognition server for receiving a text image from the authentication server, extracting text information using an optical text recognition method, and transmitting the text information to the authentication server; And a database server communicating with the authentication server, wherein the authentication server generates first string information by randomly extracting characters using random number information from character information received from the optical character recognition server upon user registration, and the first A first one-way hash is generated by using the character string information, and ID, first one-way hash, and random number information may be transmitted to and stored in a database server.

The authentication server receives the random number information used for user registration from the database server when the user logs in, generates second string information by using the random number information in the text information recognized from the text image received when the user logs in, and generates the second string information. A second one-way hash may be generated using the information, and the second one-way hash may be compared with the first one-way hash stored in the database server.

The present invention provides a user authentication system using optical character recognition that performs user authentication using characters read using an image as an authentication system that is easy and simple like knowledge-based authentication and does not enter a password, so that password leakage is impossible.

In addition, the present invention proceeds with authentication using text information read from an image, and because it has a characteristic that authentication is impossible even with a slight image modification, it has high security and user authentication using optical character recognition that does not require memorizing difficult and complex passwords. System.

1 is a diagram showing the configuration of a user authentication system using optical character recognition according to an embodiment of the present invention.
2 is a flowchart illustrating a user registration process in a user authentication system using optical character recognition according to an embodiment of the present invention.
3 is a flowchart illustrating a user login process in a user authentication system using optical character recognition according to an embodiment of the present invention.
4 is a capture screen showing an example of a user registration screen in a user authentication system using optical character recognition according to an embodiment of the present invention.
5 is a capture screen showing an example of a user registration success screen in a user authentication system using optical character recognition according to an embodiment of the present invention.
6 is a capture screen showing an example of a user authentication failure screen in a user authentication system using optical character recognition according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The embodiments of the present invention are provided to more completely describe the present invention to those of ordinary skill in the art, and the following examples may be modified in various other forms, and the scope of the present invention is as follows. It is not limited to the examples. Rather, these embodiments are provided to make the present disclosure more faithful and complete, and to completely convey the spirit of the present invention to those skilled in the art.

Also, as used herein, the term “and/or” includes any and all combinations of one or more of the corresponding listed items. In addition, the meaning of "connected" in the present specification means not only the case where the member A and the member B are directly connected, but also the case where the member A and the member B are indirectly connected by interposing the member C between the member A and member B do.

The terms used in this specification are used to describe specific embodiments, and are not intended to limit the present invention. As used herein, the singular form may include the plural form unless the context clearly indicates another case. Further, as used herein, "comprise, include" and/or "comprising, including" refers to the mentioned shapes, numbers, steps, actions, members, elements, and/or groups thereof. It specifies existence and does not exclude the presence or addition of one or more other shapes, numbers, actions, members, elements, and/or groups.

In addition, the terminal, server, and/or other related devices or components according to the present invention may be implemented using any suitable hardware, firmware (e.g., on-demand semiconductor), software, or a suitable combination of software, firmware and hardware. have. For example, various components of a terminal, server and/or other related device or component according to the present invention may be formed on one integrated circuit chip or on separate integrated circuit chips. In addition, various components of the terminal and the server may be implemented on a flexible printed circuit film, and may be formed on the same substrate as a tape carrier package, a printed circuit board, or a terminal and a server. In addition, various components of a terminal and a server may be processes or threads running on one or more processors in one or more computing devices, which execute computer program instructions in order to perform various functions mentioned below. Can interact with other components. Computer program instructions are stored in a memory that can be executed on a computing device using standard memory devices such as, for example, random access memory. Computer program instructions may also be stored in other non-transitory computer readable media such as, for example, a CD-ROM, a flash drive, or the like. In addition, those of ordinary skill in the art related to the present invention may understand that functions of various computing devices are combined with each other, integrated into one computing device, or functions of a specific computing device, without departing from the exemplary embodiments of the present invention, It should be recognized that it can be distributed across fields.

For example, a terminal and a server according to the present invention include a central processing unit, a mass storage device such as a hard disk or a solid state disk, a volatile memory device, an input device such as a keyboard or mouse, and an output device such as a monitor or printer. It can be run on a commercial computer.

1 is a diagram showing the configuration of a user authentication system 100 using optical character recognition according to an embodiment of the present invention.

As shown in FIG. 1, the user authentication system 100 using optical character recognition according to an embodiment of the present invention includes a user terminal 110, an authentication server 120, an optical character recognition server 130, and a database server. It may include (140). All of these components may be connected to each other to enable communication through the Internet communication network 150.

In addition, the user authentication system 100 according to an embodiment of the present invention may operate based on a web service. The authentication server 120 for providing a service using a web browser of the user terminal 110 may simultaneously process a web service and authentication. In addition, the authentication server 120 may be communicatively connected with the optical character recognition server 130 that performs optical character recognition using a character recognition module, and may be used for authentication using the recognized characters. Authentication information may be stored in the database server 140.

The user terminal 110 may transmit the ID and text image to the authentication server 120 through the Internet communication network 150. Here, the ID may be, for example, not limited to, but may be any one of a user's e-mail address, a user-designated letter, number, special character, or a combination thereof. In addition, the user terminal 110 is not limited, for example, but may be any smart device with a built-in camera or capable of interlocking with a camera, or a computing device capable of storing and processing image files. A user registration process and/or a user login process, that is, a user authentication process may be performed through the user terminal 110.

The authentication server 120 may receive and process an ID and text image from the user terminal 110 through the Internet communication network 150. For example, the authentication server 120 may use an ID and a text image when registering a user, or use the ID and a text image when logging in a user. In addition, the authentication server 120 may itself include, for example, an optical character recognition module or server to be described below.

The optical character recognition server 130 may receive and process a character image from the authentication server 120 through the Internet communication network 150. For example, the optical character recognition server 130 may extract character information from a character image using an optical character recognition method and return it to the authentication server 120.

As an example, but not limited to, the optical character recognition server 130 may include a Google Cloud Vision API. Google Cloud Vision API is an image analysis service provided by Google that operates on a cloud basis. It recognizes individual objects in images using a machine learning model and classifies them into thousands of categories, or various types of content ranging from adult content to violent content. It provides a function to monitor inappropriate content. Because REST API is provided, the user can provide information on image files locally or remotely, and the metafile for this can be received in JSON structure, making it easy to extract and process information.

In the present invention, among various functions of the Google Cloud Vision API, text information can be read from an image by using the OCR function, and this information can be used for user authentication.

Table 1 below shows various service information provided by Google Cloud Vision API.

Characteristic Explanation Label detection It recognizes and returns objects (transportation, animals, food, etc.) in the image. Explicit
Content detection It detects the degree of risk or soundness of an image (adult content, medical content, violent content, etc.). Logo detection It finds the same logo as the company logo in the image. land mark
Detect It finds famous landmarks (names of buildings or natural landscapes such as Namsan Tower and Gyeongbokgung Palace) in the image. Optical character recognition It detects, extracts, and returns text information along with the identity of the language (Korean, English, Japanese, etc.) in the image. Face detection It finds a person's face in the image. In addition to returning the position of the eyes, nose, and mouth, as well as analyzing facial expressions, the emotional state is analyzed and returned. Image properties It retrieves general attributes of the image, such as the dominant color and appropriate cropping hints. Web detection Find similar images on the Internet.

The database server 140 communicates with the authentication server 120 through the Internet communication network 150, which can store user authentication information when registering a user, and transmits the user authentication information to the authentication server 120 when a user logs in. I can do it.

With this configuration, the authentication system 100 according to the present invention can perform an authentication operation related to user registration and user login. For example, the authentication server 120 generates first string information by randomly extracting characters using random number information from the text information received from the optical character recognition server 130 when registering a user, and uses the first string information. Thus, the first one-way hash is generated, and the ID, the first one-way hash, and the random number information may be transmitted to and stored in the database server 140.

In addition, the authentication server 120 receives the random number information used for user registration from the database server 140 when the user logs in, and uses the random number information to the character information recognized from the text image received when the user logs in to the second string. It is possible to generate information, generate a second one-way hash using the second string information, and compare the second one-way hash with the first one-way hash stored in the database server 140.

2 is a flowchart illustrating a user registration process in the user authentication system 100 using optical character recognition according to an embodiment of the present invention.

As shown in FIG. 2, the user transmits an image file including an ID and text to the authentication server 120 having a web server function during the registration process through the user terminal 110.

The authentication server 120 extracts and encrypts character information using the optical character recognition server 130 and stores the encrypted information together with the ID in the database server 140.

Since the information used for encryption during the registration process is not known to the user, there is no problem of leakage or loss of passwords occurring in the process of processing passwords in the same way as text input, and authentication is processed from the user's point of view because only images are used. Has a simple structure.

The detailed operation for user registration is as follows.

① The user transmits an email address and image file to be used for authentication to the authentication server 120 using the user terminal 110.

② The authentication server 120 checks user information and proceeds with a user registration process if it is not a registered user.

③ The authentication server 120 extracts text information from the transmitted image using the optical text recognition server 130.

④ The authentication server 120 extracts a random character using random number information from the extracted character information and creates a new character string using this.

⑤ The authentication server 120 generates a one-way hash using the newly created character string and destroys the image information.

⑥ Finally, the authentication server 120 stores the email address, password (ie, one-way hash), and random number information used for random character extraction in the database server 140 to complete the registration.

3 is a flowchart illustrating a user login process in the user authentication system 100 using optical character recognition according to an embodiment of the present invention.

As shown in FIG. 3, the user transmits an image file including an ID and text to the authentication server 120 having a web server function through the user terminal 110 for login.

The authentication server 120 extracts character information using the optical character recognition server 130 and compares the one-way hash generated by using the character information with a user hash previously registered in the database server 140.

There is an advantage in that it is difficult to infer which image to use even if someone peers from the side because it is impossible to log in if an image with an exact match of the recognized characters is not used.

Detailed operations for user login are as follows.

① The user transmits an email address and image file to be used for authentication to the authentication server 120 using the user terminal 110.

② The authentication server 120 checks the user information and, in the case of a registered user, proceeds with the user login process.

③ The authentication server 120 extracts text information from the transmitted image using the optical text recognition server 130.

④ The authentication server 120 receives a random number used for user registration from the database server 140. In addition, the authentication server 120 creates a new character string using a random number from the extracted character information.

⑤ The authentication server 120 generates a one-way hash using the newly created character string and destroys the image information.

⑤ The authentication server 120 compares the generated one-way hash information with the hash information received from the database server 140 to perform user authentication.

[ Example ]

To implement the authentication system according to the present invention, an Apache server was used as an authentication server (web server), a Python flask was used as a web framework, and a function module was configured in Python. The database server is configured to support processing of large amounts of data using MariaDB.

Table 2 below shows a table used for user authentication. The table was made USERS. The configured field is divided into an id used as an information separator, an email storing a user email address, and a passwd storing a user password. The information stored in the passwd field is hash information and cannot be used directly even if it is exposed to the outside.

Field Type Etc id INTEGER PRIMARY KEY
AUTO INCREMENT
NOT NULL email VARCHAR(100) NOT NULL passwd VARCHAR(255) NOT NULL

Table 3 shows a table for storing random numbers for extracting random characters used to generate one-way hashes used for user authentication. The table was taken as RANDS. The configured field is divided into an id used as an information separator, a rand that stores a random number, and a user_id that stores a separator of the USERS table as a foreign key.

Field Type Etc id INTEGER PRIMARY KEY
AUTO INCREMENT
NOT NULL rand VARCHAR(100) NOT NULL user_id INTEGER FOREIGN KEY(USERS.id)
NOT NULL

4 is a capture screen showing an example of a user registration screen in a user authentication system using optical character recognition according to an embodiment of the present invention.

As shown in FIG. 4, an email address and image file to be used when registering a user are transmitted to an authentication server through an Internet communication network using a user terminal such as a user smartphone or a user computer.

5 is a capture screen showing an example of a user registration success screen in a user authentication system using optical character recognition according to an embodiment of the present invention.

As shown in FIG. 5, when the user registration is correctly processed, the authentication server displays the extracted characters, the extracted random characters, the random number information, and the generated one-way hash through the screen of the user terminal. In addition, the authentication server shows the received email address through the screen of the user terminal.

Here, the image used for registration was an image with text cut off so that it was difficult for others to infer.

6 is a capture screen showing an example of a user authentication failure screen in a user authentication system using optical character recognition according to an embodiment of the present invention.

As shown in Fig. 6, the authentication server shows a screen in which authentication has failed and an image used through the user terminal. The image used for authentication is an image in which the text is fully visible, showing that it is difficult for users to infer the image for authentication.

On the other hand, the Korea Internet & Security Agency suggested universality and uniqueness as the standards of suitability of the identity verification method. In providing authentication services, economic and legal feasibility (clarity of service) should be discussed, and versatility of alternative means and reliability of authentication should be discussed from the perspective of users. In the present invention, as authentication technology, applicability (applicability, application cost, technology neutrality, utilization of existing infrastructure), security (offline attack response, online attack response, transaction manipulation attack response), convenience (use of possession, issuance, convenience of education) ) Is high.

-Applicability

Applicability refers to whether it can be applied to various environments and various devices. The present invention can be easily applied to a smart device that has a built-in camera or can link a camera or a device capable of storing image files. Since the optical character recognition technology can also be applied by the device itself, various financial services, game services, etc. It can be seen that it can be widely used for authentication services.

-Security

Security refers to the ability to respond to continuously evolving hacking. The present invention uses an image file that is easy to store and handle, but it is difficult to use the image text inside even if someone looks at it because it uses the text in the image, and if you take a picture of the contents such as a book and use it, the same text is recognized. It is difficult to predict, and it can be seen that it can be applied as a defense against hacking.

- convenience

Convenience refers to whether it is an authentication technology that can be easily applied to authentication anytime, anywhere because it is easy to use and portable. It can be seen that the user authentication system using optical character recognition proposed in the present invention is easy to hold because it can utilize an image that can be easily obtained through a web search or a picture taken using a user's smart device. In addition, even if there is no picture, it can be seen that authentication can be easily performed because it can be easily obtained if the source or location of the corresponding image is known.

Recently, the number of smartphone users is rapidly increasing, and according to the Pew Research Center's announcement, as of March 2015, Korea ranked fourth with a penetration rate of 83.0% after the UAE (90.8%), Singapore (87.7%) and Saudi Arabia (86.1%). Is being recorded. Among them, 33,929,961 people, or 82% of the adult population who can exert economic influence through financial payment services, use smartphones. With the development of information technology, various authentication methods have been introduced, but they are not safe from hacking, and information management of accounts remains a personal problem. In the present invention, it is possible to provide an authentication service that can easily and conveniently perform authentication while securing security from the standpoint of a service provider and a user. The authentication system according to the present invention can be used for authentication by using an always portable smartphone or by using an email address and an image file in a personal computer that is frequently used. Image files are easy to store and acquire, but users can safely protect authentication information because authentication is performed using characters in image files. Using the present invention as a cornerstone, it is possible to consider even a multi-combination authentication algorithm combining text information with deep learning-based object recognition, and the present invention can be applied to a cloud-based system for document and file management.

What has been described above is only one embodiment for implementing a user authentication system using optical character recognition according to the present invention, and the present invention is not limited to the above-described embodiment, as claimed in the following claims. Without departing from the gist of the present invention, anyone of ordinary skill in the field to which the present invention pertains will have the technical spirit of the present invention to the extent that various changes can be implemented.

100; Authentication system according to an embodiment of the present invention
110; User terminal
120; Authentication server
130; Optical character recognition server
140; Database server
150; Internet network

Claims (11)

A user terminal for transmitting an ID and text image;
An authentication server that receives an ID and text image from a user terminal and uses the ID and text image when registering a user or logging in to a user;
An optical character recognition server for receiving a text image from an authentication server, extracting text information using an optical text recognition method, and transmitting the text information to an authentication server; And
Includes a database server in communication with the authentication server,
The authentication server generates first character string information by randomly extracting characters using random number information from character information received from the optical character recognition server upon user registration, and generates a first one-way hash using the first character string information. , ID, first one-way hash and random number information to be transmitted to the database server and stored,
The authentication server receives the random number information used for user registration from the database server when the user logs in, generates second string information by using the random number information in the character information recognized from the text image received when the user logs in, and the second A user authentication system for generating a second one-way hash using string information, and comparing the second one-way hash with the first one-way hash stored in the database server. delete delete The method of claim 1,
The authentication server discards the text image after user registration, a user authentication system. The method of claim 1,
The authentication server is a user authentication system that discards the text image received when the user logs in after the user logs in. The method of claim 1,
The optical character recognition server is a user authentication system, which is Google Cloud Vision API. The method of claim 1,
ID includes an email address, user authentication system. delete delete delete delete

Images