KR20030074568A - System for preventing document from forging/alternating - Google Patents

Abstract

PURPOSE: A system for preventing forgery and alteration of a document is provided to prevent illegal access and duplication of a document output by off-line, and detect the forgery and alteration when a document is issued and transmitted to a client by on-line in a government office, a company, etc. CONSTITUTION: An additional forgery and alteration preventing device(40) protect a document being issued to a document issue web server(20). A forgery and alteration preventing device(50) prevents the duplication, controls an access to the web server(20) on the Internet, and restricts a use of a document related to a DRM(Digital Right Management). If a user(10) connects to the document issue web server(20) and requests to issue a document in the forgery and alteration preventing device(40), the forgery and alteration preventing device(40) receives and processes data from a server(30) of an information supply institution. The document issue web server(20) transmits the processing result to the user(10).

Description

Anti-counterfeit / falsification system {SYSTEM FOR PREVENTING DOCUMENT FROM FORGING / ALTERNATING}

The present invention relates to the prevention of forgery and forgery of documents on / offline, and particularly to the issuance of documents and the illegal access and duplication in the transmission and reception of documents online for civil complaints or customer users in public offices or other organizations or companies. The present invention relates to a document forgery / falsification prevention system having a function of preventing and detecting copying and forgery of a document printed offline.

Recently, due to the development of the Internet and computers, information such as various documents and data are digitized by computers, and various procedures that have been performed offline such as various document issuance procedures and processing as the Internet, email, and digital storage media have been deployed online. It is made faster and easier in the phase. For example, it was possible to perform various financial transactions only by going to a bank, and now it is possible to conveniently check accounts or transfer money at home / office using internet banking. In addition, the income deduction certificate was obtained through various card companies and insurance companies at the end of each year, but now it can be issued and printed online at any time through the Internet.

As such, online document issuance systems having a general concept for receiving documents and the like online have the configuration shown in FIG. 1. As shown in FIG. 1, the user 10 does not directly access the server 30 managed by the information provider, but accesses a website managed by a separate document issuing web server 20 and registers a user. After going through the usual procedures, you can get the documents you need. At this time, between the document issuing web server 20 and the user 10 and the document issuing web server 20 and the server 30 of the information provider, in order to avoid hacking or leakage of information from the outside, a public key is commonly used. Based on Infrastructure (PKI), it has a configuration that exchanges data with each other through encryption of data.

Based on the above systems, especially in recent years, the government has oriented towards e-government, computerizing the processing of all civil service services and making it easy for people to receive and use various certificates. Some civil documents will be issued directly, and in the future, each individual's home will be able to obtain various civil documents directly by accessing the Internet using a computer.

However, due to the nature of the electronic documents issued online, not only can you easily make copies or variations of the originals, but also distribute them easily. There is a problem that can lead to a weakening of corporate or national competitiveness.

Therefore, the demand for electronic document protection technology is increasing rapidly, and various technologies and methods in the field of technology and service are being developed to prevent illegal distribution and use. As an example of such a method, a specific certification number was assigned at the time of issuing civil documents and various documents and printed on the documents, thereby determining whether the documents were authentic. Patent application 2001-0038490, which discloses such a case, will be described with reference to FIGS. 2 and 3. 2 is an operation flowchart of a civil service providing apparatus in the prior art, and FIG. 3 illustrates an example of a civil document provided by a service by a civil service providing apparatus.

As shown in FIG. 2, when a user who has registered as a user registers a civil document and pays the cost thereof (steps 100 to 150), the server providing the service requests the civil document to be issued to the public office, and at the same time, the civil document. Send the information of registered members necessary for the issuance of the government office server. Accordingly, the public office server, which is requested to issue the civil documents, searches the database, reads the civil documents requested by the registered member, and transmits them to the service server along with the authentication number. Then, the service server stores the issued civil documents and authentication numbers in the database and sends them to the member information terminal. Accordingly, the member requesting issuance of the civil document can receive the civil document requested through his information terminal, and can print it in the form shown in FIG. 3 (steps 160 to 180).

In the case of submitting the issued civil documents to the civil document receiving institution through email transmission or offline, the civil document receiving institution may request the service server to retrieve the authentication number to verify the authenticity of the received civil documents. In addition, if the search request for authenticity with the above authentication number is from different agencies, the same document is submitted to more than one institution, which means that the latter civil document is abnormally copied and used. Step 240).

In this case, however, the authentication number is used to indicate that the corresponding civil document is normally issued as shown in FIG. 3, and the service that issued the certificate to determine whether the online certificate is normal. Although the authentication number was searched by accessing the server, this has a security problem in consideration of frequent hacking. Moreover, the above-mentioned civil service provision device simply supports online application of civil documents and prints them out through the applicant's own or surrounding printers, and provides security and forgery problems and copy protection in providing information to the applicant. It has a big drawback in that it has no countermeasures at all.

In particular, the form of the civil documents provided in the above-described prior art has the same form for specific matters, but is different from the civil documents of the type shown in FIG. 4 which is currently used to attach an import certificate or an import certificate. .

In the case of the official document shown in Fig. 4, the import certificate or the import certificate (hereinafter referred to as 'import import') shall be attached according to the provisions of the law. Revenues are issued by a specific institution and sold only at post offices and financial institutions or specific sales offices according to the provisions of the law, so users should visit them directly to purchase and use them. The following problems arise when the service that can issue the current civil petitions online is issued as described above, or whether the service is issued online. That is, the problem of forgery and alteration of cognition, and how to prevent illegal use of issued cognition.

Therefore, online issuance of import stamps or documents with a seal is required to prevent counterfeiting or duplicate use at the stage of transmission from leakage in the transmission stage. In particular, import stamps or seals can only be supplied in the form of images, so they can be easily forged or tampered with on a computer. Therefore, it is necessary to prevent them in order to issue civil documents and various documents online.

In addition, there is a matter to be solved along with the implementation of the online complaint service in the above manner. Basically, various types of techniques for authentication or copy protection have been proposed for various types of document files themselves such as certificate documents transmitted from government offices or the like at the request of users. However, after a document file, which is a digital file, is output through a printer or the like, there is a problem in that unauthorized copying and use of the document file can not be prevented.

In order to prevent illegal copying using a copy function of an image scanner or a digital copying machine for documents and documents provided in a conventionally printed form, Korean Patent Publication No. 2000-51665 (Invention: Prevention of illegal copying of a digital color copying machine) Instruction printing method) proposed an illegal copy prevention instruction printing method that prints by copying an instruction indicating that copying is performed in the process of processing an image by reading the document.

In addition, Japanese Patent Application Laid-Open No. 2001-6644 (name of the invention: an image processing apparatus, a pattern detection method, an image processing control method, and a recording medium) prints a special pattern on the back side of a document so as not to damage the readability of the original document. A technique that can prevent fraudulent copying by a copying machine and the like while preventing easy separation of a pattern and a pattern has been proposed.

In addition to the techniques described above, prints can be identified with the naked eye but are printed with ink of a color outside the sensitivity range of the copier (Japanese Patent Application Laid-Open No. 59-114566), and prints whose images are disturbed by copying and become unidentifiable (Japanese Patent) 53-83831) and various forms of technology, such as printed matter by the combination of two colors (refer to Unexamined-Japanese-Patent No. 1-263686) which become substantially indistinguishable by reproduction, and become indistinguishable by copying.

However, the techniques proposed above have a problem of using a special printing paper or a special copier or a special ink that can recognize the printing paper. In addition, there is a problem that the copy is not properly detected depending on the state of the printer or printer.

Moreover, the biggest problem of the above-mentioned prior arts is that the original certificate cannot be restored off-line, and thus only the verification of the copy can be made based only on the physical state.

Also, in case of various documents and documents issued online, it is likely that the receiving and outputting of the documents is a personal computer, not a public institution. Therefore, the output of such documents is also output through a special paper or a special device as described above. It is printed on plain paper using a normal printer. Therefore, in using a printed document, there is a problem that it must be forged / modified or authenticated as an original rather than a copy.

To solve this problem, first, digital watermarking technology can be used for copyright protection or forgery prevention of digital data, and digital rights protection technology for controlling the use right to prevent reuse of issued data (Digital Right Management). Later called 'DRM'. Digital watermarking technology is a technology for copyright protection of multimedia contents and has been started in earnest in the late 1990s. Basically, it is a technology that hides an image in the image or hides the text data in the image so that the naked eye can distinguish it. Watermarking technology can be classified into fragile watermarking technology, which easily breaks watermarks, as opposed to robust watermarking technology that is resistant to external manipulation or attack. Fragile watermarking technology is used to prevent forgery of contents, but this technique also has a vulnerability that determines that the image is forgery when the image is compressed or converted.

In recent years, Semi-Fragile watermarking has been developed by the present applicant, which is robust to technologies such as compression and format conversion, but has a characteristic of breaking during forgery, and thus may be suitable as a forgery prevention technology. Semi-Fragile watermarking technology mainly inserts and detects an image in BMP format, and inserts and detects watermarking technology in Discrete Cosine Transform (DCT) which is widely used in compression format. It is a trend that is being used.

DRM technology is a copyright management technology for digital content, and it can be said to be a system technology that securely delivers various contents from a content provider (CP) to a client and prevents the customer from illegally distributing the content. By using this technology, a part can be implemented in which a specific user is given a right corresponding to the user and the content can be used only according to the right.

In addition, in the certificates generated using the DRM technology described above, the import recognition and the seal have been tamper-resistant, but the following problems may occur. For example, instead of using the certificate issued by the user at the time of issuance request (for example, the number of issuance information, etc.), the user can continuously store and reuse the certificate using the characteristics of the digital file. There is a problem of illegal distribution.

The prior art as described above has a variety of problems already mentioned, the purpose of the document forgery / forgery prevention system according to the present invention to solve these problems is as follows.

1. It provides the main functions of the public key infrastructure (PKI), which is already built and used to provide information online, through interworking with anti-counterfeiting and forgery prevention systems.

2. The original certificate of the document issued in accordance with the present invention protects data with PKI by applying encryption / integrity processing technique.

3. The original certificate of the document is inserted into the anti-counterfeiting code to restore the original offline. At this time, when the forgery / modulation prevention code is damaged, the watermark is used to check forgery / modulation of important data. In addition, forgery / forgery prevention codes and watermarks use their own encryption and integrity techniques to prevent forgery of the original code.

4. The copy protection code is included in the issued document according to the present invention and the output is not outputted as a document so that the existence of the copy protection code is not known so that the copy protection function is further improved.

5. For documents issued in accordance with the present invention, in order to minimize the security threat that occurs when using the previously issued issuing number, the issuing number may be used by adopting a secure, secure issuing number and the original on-line. When verifying the security of the web page and the original verification to strengthen the authentication for the user.

6. In order to prevent illegal manipulation of user's issued document in the system according to the present invention, provide a screen control and printer output control function for the user's web browser and block illegal access to the web server without this function. do.

7. The system according to the present invention applies a DRM technique to prevent illegal printing of the certificate by controlling the number of prints in real time.

1 is a diagram showing a schematic configuration of a document issuance system of a general concept.

2 is a flowchart illustrating a process of issuing a certificate online in the related art.

3 is a diagram illustrating an example of a certificate generated by the issuing process of FIG. 1.

4 is a diagram illustrating an example of certificates.

5 is a diagram schematically showing the basic configuration of a document forgery / falsification prevention system according to the present invention.

Figure 6 is a block diagram showing the functional division of the configuration of the forgery prevention device installed on the document issuance web server side in the document forgery / forgery prevention system according to the present invention.

7 is a block diagram showing functionally divided the configuration of the forgery prevention device installed on the user side in the document forgery / forgery prevention system according to the present invention.

8A and 8B are diagrams showing an example of forgery detection online by using a safety issue number.

FIG. 9A shows a scanned image of an output original certificate and an image reconstructed from an anti-forgery prevention code included in the image, and FIG. 9B shows a portion of the entire image of FIG. to be.

FIG. 10 is a diagram illustrating an example of checking whether a document is forged or not by detecting a watermark using important data included in a watermark included in the stamp of the original certificate.

※ Description of the main parts of the drawings

10 ... User 20 ... Document Issuing Web Server

30 ... Information Agency Server

40 ... Forgery and alteration prevention device on the web server side

50 ... anti-counterfeiting device on the user's side

110 ... interlocking unit 120 ... DRM server unit

130 ... watermark generator 140 ... metafile generator

150 ... HTML processing unit 160 ... forgery prevention code generation unit

170 ... Encryption 200 ... Database

300 ... Web browser 310 ... Metafile decoder

320 ... Copy protection 330 ... URL control

340 ... Web page protector 350 ... Print control

360 ... forgery detection unit

Document forgery / forgery prevention system according to the present invention to achieve the above object is

In the document forgery / forgery prevention system for preventing forgery / forgery in the document issuance system that receives the document requested from the user via the Internet from the information provider server server and provides the document through the document issuing web server,

Operating in conjunction with the document issuing web server, watermarking the seal or recognition to be inserted into the original certificate file according to the document issuance request from the user side, and converting the original certificate file into a document file in print form, The original certificate file is arranged in a pattern of a predetermined size to generate a forgery prevention code, and a metafile including a document file and a forgery prevention code converted into a watermarking process and a print form is generated, and the web file is encrypted. First forgery and alteration prevention means for preventing forgery and alteration of the original certificate file on / offline by transmitting to the user side through a server; And

A second device installed on the user side to decrypt and display the encrypted metafile on the screen, and to perform printing control on the displayed result and forgery of the document issued through the web server on / offline. Characterized in that it comprises a forgery and alteration prevention means.

Hereinafter, with reference to the accompanying drawings will be described in more detail with respect to the document forgery / forgery prevention system according to the present invention.

5 is a diagram schematically showing the basic configuration of a document forgery / falsification prevention system according to the present invention.

As shown in FIG. 5, the document forgery / falsification prevention system according to the present invention has a user 10 requesting issuance of a document through the web server 20 and compared with the conventional system shown in FIG. 1. Regarding the document, the basic configuration and function of receiving the data on the original certificate from the information provider server 30 and issuing it to the user 10 are the same. However, it is provided with a separate anti-counterfeiting device 40 to prevent forgery / forgery of the documents issued to the document issuing web server 20 side, and at the same time to prevent copying on the user 10 side, on the Internet There is a substantial difference in that it has a different type of anti-counterfeiting device 50 having the function of controlling the access to the web server 20 and the use of issued documents in relation to DRM.

In addition, in the forgery and forgery prevention device on the web server 20 side, the user 10 requests the issuance of documents by connecting according to the service provided by the document issuing web server 20, according to the content of the information provider Received predetermined data from the server 30 is shown to go through the process of transferring the result of the processing in the forgery and alteration prevention device 40 from the document issuance web server 20 to the user 10 side, on the other hand Contents requested by the user 10 in the document issuing web server 20 using the Internet service provided by the forgery and alteration prevention device 40 installed on the web server 20 providing the document issuing service on the Internet. In accordance with the predetermined data from the server 30 of the information provider can be processed in the forgery prevention device 40 and transmit the result to the user 10 side.

In addition, in the document forgery / forgery prevention system is installed on the document issuance web server 20 or separately installed on the user 10 side with the forgery and forgery prevention device 40 to operate in conjunction with the document issuance web server 20 A separate forgery and alteration prevention device 50 is installed to perform a function for preventing and detecting forgery and alteration.

According to the function of the operation of the document forgery / forgery prevention system according to the present invention having the configuration as described above 1) forgery prevention function in issuing a document online in response to a user's request, 2) the issued document offline It can be divided into anti-forgery prevention function, 3) detection of forgery / falsification on / offline, and 4) GPKI-based provision.

The operation as described above will be described with reference to a block diagram illustrating the configuration of the forgery / falsification preventing device 40 installed on the server side in the document forgery / falsification prevention system shown in FIG.

First, as illustrated in FIG. 6, the forgery and alteration prevention device 40 on the web server side operates in conjunction with the document issuing web server 10 through the linking unit 110 for requests transmitted from the user 10 side. do. The interlocking unit 110 converts the format or form of the data transmitted from each other to a suitable form for the connection between the document issuing web server 10 and the forgery and alteration prevention device 40, so that the documents are issued to each other. If there is mutual compatibility between the web server 10 and the anti-counterfeiting device 40, there is no need to install separately.

The anti-counterfeiting device 40 is a DRM server serving as a control unit that performs a request for information to the information provider server 30 and an operation control for other components of the anti-forgery device 40 according to a user's HTTP request. The watermark generation unit 120 receives the image from the database 200 that stores data about various graphic images (for example, the image of the document issuance agency and fees) and performs a watermarking process. (130), the HTML processing unit 150, which serves to insert data extraction and control code for the original certificate (HTML), the forgery prevention code into which the encryption and integrity check code is inserted using the original certificate (HTML) Forgery prevention code generation unit 160 for generating a, metafile generator 140 for generating a metafile from the data processed from the watermark and the original certificate and the metafile password And an encryption unit 170 for transmitting to the DRM server unit 120.

The counterfeit prevention function in issuing a document online for a user's request, which is a basic operation of the forgery prevention apparatus having the above configuration, will be described.

The user 10 accesses the Internet using a web browser installed on a PC, accesses a website to which a function according to the present invention is added, and performs a general user registration process. Requests issuance of the necessary documents. At this time, the request is made to the document issuing web server 20 in a certain format according to the HTTP method. The data (HTTP request) transmitted to the document issuing web server 20 is transmitted to the forgery prevention device 40. At this time, the document is issued through the interlocking unit 110 interworking between the web server 20 and the forgery prevention device 40.

At this time, the HTTP request transmitted to the forgery prevention device 40 is transmitted to the DRM server unit 120 in an encrypted state through the GPKI. The DRM server unit 120 decrypts the encrypted HTTP request. The DRM server unit 120 requests necessary information to the information provider server 30 that decrypts the decrypted HTTP request and provides the document requested by the user, and the server 30 requests the original certificate (HTML) requested by the user. The file is transferred to the DRM server unit 120. In this case, the original certificate file transmitted from the information provider server 30 is also transmitted to the DRM server unit 120 through a process of encryption and decrypted the encrypted HTTP request from the user 10. Decrypt the original certificate file.

The DRM server unit 120 generates a safety issue number using the original certificate file. This safety issuance number is used to check whether the forgery is forged online, and this part will be described later in more detail. The generated security issue number is transmitted to the metafile generation unit 140 through a separate encryption operation. The safety issuance number can be generated and used by the system to collect unique information such as issuance documents, applicants, issuing time, etc., and to generate a unique number that can be characterized from such information. Can be. In addition, this security issuance number is recorded before it is encrypted, together with information for issuing the original certificate in a separate storage location or database for verification of forgery online.

The original certificate file transmitted from the information provider server 30 includes only the actual data to be included in the document issued as data in HTML format, and the seal of the issuing authority that can prove that such issuance document is formally issued by a specific institution. In addition, a separate image showing a cover (hereinafter referred to as "awareness") relating to a fee such as recognition is required. The image data is stored in a separate database 200, and the DRM server unit 120 includes a database for including the image of the seal and recognition of the issuer to be displayed in the issued document when the original certificate file is received. Ask 200. After issuing a document containing an image online, a watermarking process is included to check whether the document is forged or not. Therefore, the DRM server unit 120 sends information on the required seal and recognition to the watermarking generation unit 130, and the watermarking generation unit 130 sends a request for an image of the required seal and recognition on the basis of this information. 200) to receive the necessary image data.

The watermarking generation unit 130 receives an image of the seal and recognition and generates and inserts a watermark on the image. When creating a watermark, a watermark is generated and inserted using the most important data in the document as a unique key. Various methods have already been proposed for the watermark embedding method, and in many applications already filed by the present applicant, for example, patent applications Nos. 2000-01096, 2001-01940, 2001-84207, etc. The proposed method can be applied and processed, and any other possible method can be applied. When the watermarking process for the images indicating the seal and recognition is completed, the data is transferred to the metafile generator 140.

In addition, the DRM server unit 120 transmits the file to the HTML processing unit 150 to analyze the original certificate file. The HTML processing unit 150 extracts important data from the original certificate file and inserts a page \ division and integrity check code on the original certificate file. Data transmitted from the information provider server 30 generally includes only information of necessary items, not information for output. For example, in the case of issuance of a resident registration copy, the information provided by the information provider server 30 does not provide information printed on a visual paper, but includes only personal information about the applicant and his / her family. I'm just doing it.

Therefore, the HTML processing unit 150 analyzes the file after receiving the original certificate file and processes it so that it can be output in a constant form such as a printed form. In this case, the page separator code may be inserted in consideration of the printed form. In addition, the integrity check code is generated and inserted to check the forgery protection against the original certificate file. In order to prevent forgery and alteration, a technique for generating an integrity check code by inserting a predetermined method into the original and inserting it into the original is a well-known technique that is already widely used. Therefore, a detailed description of the generation and insertion of the check code will be omitted. The original certificate to which the extracted important data and the integrity check code are added as described above is transmitted to the metafile generator 140.

In addition, the DRM server unit 120 also transmits the original certificate file to the forgery prevention code generation unit 160. The forgery prevention code generation unit 160 generates the forgery prevention code into which the encryption and integrity check codes are inserted using the original certificate file, and transmits the forgery prevention code to the metafile generation unit 140. The forgery prevention code is generated by encrypting the original certificate file, which is a digital document, by a predetermined encryption method, compressing it again, and forming it into a pattern having a predetermined size in order to convert it into an image. A specific method for generating the forgery prevention code as described above is disclosed in detail in Patent Application No. 2002-31112 filed by the present applicant.

In the metafile generator 140, watermarked images such as data from the above components, that is, a security issue number from the DRM server unit 120 and a seal and recognition generated by the watermark generator 130, may be used. Data, the important data extracted from the original certificate file from the HTML processing unit 150, the original certificate file into which the page classification and integrity check codes are inserted, and the encryption and integrity check codes from the forgery prevention code generation unit 160 are inserted. Generates a metafile by receiving anti-counterfeiting code. In addition to the above information, this metafile additionally includes the authority to use this file for users who have issued the original certificate online, for example, the restriction on the number of times, the period of use, etc. of the original certificate. Information may be received from the database 200 and included.

The metafile generator 140 is formed to include various kinds of information as described above, and then transferred to the encryption unit 170. The encryption unit 170 generates an integrity check code from the metafile, inserts it, and performs encryption using a predetermined key. At this time, the encryption key uses the session key generated when connecting with the user. As for the encryption method, various methods are provided in the past, and any method may be applied. After the encryption is completed, the file is transferred to the DRM server unit 120.

The DRM server unit 120 transfers the encrypted metafile to the user 10 through the interlocking unit 110 to complete the forgery prevention processing for documents issued online. In this way, the forgery prevention document delivered to the user 10 can be checked and printed through the forgery and alteration prevention device installed in the system of the user 10.

FIG. 7 is a block diagram illustrating a functionally divided configuration of a forgery prevention device installed on a user side in a document forgery / falsification prevention system according to the present invention, and may be processed in a web browser or a separate dedicated browser. The forgery and alteration preventing device formed on the user side is composed of a plurality of functional modules that operate individually functionally. As shown in FIG. 7, the metafile decryption unit 310 for decrypting the encrypted metafile provided from the web server 20, the copy protection unit 320 for preventing illegal copying of the metafile, The URL control unit 330 for controlling the access from the URL other than the authorized URL by controlling the URL accessing the web server 20 through the browser, and related on the screen such as copying or capturing the web page. Web page protection unit 340 for limiting the function, control of the printer for various certificates and the print control unit 350 for controlling the number of times that can be output through the printer and issued documents on / offline And a forgery detection unit 360 that detects and checks forgery or not. The forgery and alteration prevention apparatus 50 may include components for performing a function for preventing various types of forgery and alteration, and the components mentioned above are exemplary and are not necessarily limited thereto.

The function of the forgery and alteration prevention device 50 formed on the user 10 side as described above will be described in more detail with reference to FIG. 8.

First, since the metafile transmitted from the web server 20 is already transmitted to the user 10 in an encrypted state, the web browser 300 sends the metafile to the decryption unit 310 to decrypt the encrypted metafile. The decrypted data is converted into a document in standard HTML format and displayed on the browser window. At this time, decryption of the encrypted metafile is performed using a session key generated from the user's system. The integrity check is performed on the decrypted metafile and compared with the integrity check code inserted in the metafile. If the result matches, decryption of the encrypted metafile is performed and the corresponding HTML document is displayed in the web browser 300. If not, the user 10 is notified that there is a problem with the metafile.

As described above, even when the user accesses the document issuing web server 20 through the web browser 300 and receives necessary information, the user accesses a URL other than the authorized URL to control the URL that the user accesses to control access. The URL control unit 330 is provided for this purpose.

In addition, the web page protection unit 340 controls mouse control, keyboard control, and menu operation of the web browser 300 while the web browser 300 is running. For example, to prevent some copies of the document, you can prevent the viewing and editing / copying / saving of the source by clicking the mouse or right-clicking on the screen of the web browser, and in the case of keyboard, screen capture (PrtScreen), Open a new window (Ctrl + N), the user's arbitrary printing (Ctrl + P) and the like can not be performed. Also, copy / edit / save control in menu, unauthorized copy control (send mail), etc. can automatically delete temporary files downloaded to user's PC or file control for temporary directory, and control clipboard to make unauthorized copy of screen. You can protect your web pages using a variety of methods, including controlling them.

The print control unit 350 inserts and outputs a watermark, a forgery prevention code, a copy protection code, and the like, controls a printer spool file, and controls a network printer and a virtual printer. In addition, by controlling items such as the number of prints, file printing, etc. among the items appearing on the print at the time of printing, the user can not control arbitrarily. Furthermore, for the number of issuance, after checking the integrity related to the print information included in the metafile, the number of printers of the document can be controlled according to the result.

The control of various items of the printer is to control the print commands included in the web browser by controlling the commands provided by Windows. Since the control itself is general, detailed description thereof will be omitted. In addition, a watermark, a forgery prevention code, and a copy protection code may be generated and output for each DPI for each type of printer.

The copy protection code is generated considering the characteristics of the printer used by the user. This copy protection code is not displayed at the time of printing using the printer according to the characteristics of the printer information of the user who requested the issuance of the original certificate from the web server. By allowing certain characters to be displayed in the copy protection code, it is possible to immediately check whether the document is directly printed by the user who issued the document or copied through a copy machine. For this technique, see patent applications 2002-24640 and 2002-31112 filed by the present applicant.

In the above, in the document forgery / forgery prevention system according to the present invention shown in Figure 5, the respective components for the forgery prevention device 40 and 50 installed on the document issuing web server 20 and the user 10 side, respectively And the operations between them, and after that, the operation of the forgery detection unit 360 which performs the function of detecting the forgery for the document by dividing the document issued by the system into on / offline will be described.

First, a method of detecting a forgery online is a detection method using a safety issue number. When the user 10 requests the issuance of a specific document, the DRM server unit 120 in the forgery prevention device 40 of the web server 20 generates a safety issue number and includes the other information mentioned above. Included in the meta file to be delivered to the user (10) side. When the metafile is output by a print command or the like on the web browser 300 through decryption or the like, an output such as that of FIG. 8A can be obtained. At this time, the printout shows a safety issue number at the upper left, a copy protection code at the lower left, and a forgery prevention code at the lower right. In this case, the positions where the illustrated numbers, codes, etc. are printed are shown as an example and are not particularly limited to any positions.

On the other hand, if you enter the safety issue number displayed at the top of this printout online, check the integrity of the safety issue number, and if there is no problem, go to the original inquiry homepage and convert the safety issue number to the original issue number through the process of decryption. By automatically checking the data shown in FIG. 8B on the screen, it is possible to check whether or not forgery. If there is a problem with the safety issuance number, that is, if the safety issuance number in the printed output is a manipulated number, the integrity check will fail, so a separate guide window is opened to indicate that the document has been manipulated. Normally, if a legitimate user receives a document and enters the security issue number printed on this document to verify it, there are few problems. However, if you want to check the information on the document by directly accessing the server side through another path, etc., rather than accessing the server side legally through the copy protection device installed on the user side through an illegal method such as hacking. There is a further advantage in that it can be prevented.

In the above case, it refers to the case in which the security issuance number is printed and used by the user side after being generated internally by the server after the generation of the safety issue number. The copy protection device may change internally to use the encrypted security issue number.

Next, in order to detect forgery through off-line, the forgery prevention apparatus 50 on the user 10 side performs the following function using a forgery prevention code and a watermark.

The detection method using the forgery prevention code will be described with reference to FIGS. 8A, 9A, and 9B. Fig. 9 shows the scanned image of the original certificate output and the image reconstructed from the forgery prevention code included in this image, respectively. As described above, the forgery prevention code is an image data of the original certificate file transmitted from the information provider server 30. The use of such a forgery prevention code first scans a document (FIG. 8A) output in printed form using a scanner.

Thereafter, the scanned image is analyzed to separately extract only the printed pattern (the part shown at the bottom right of the document shown in FIG. 8A), which is a part corresponding to the forgery prevention code. Since the patterns are arranged in a certain order and combined, they are separated into predetermined sizes, and the separated patterns of image forms are converted into original document files, which are digital documents, through a reverse process of converting original digital documents into patterns. Can be. In this case, error correction, encryption, and compression may be accompanied in the process of converting the scanned image into the original certificate file.

By comparing the two documents using the scanned document (the left image of FIG. 9A) and the original certificate file (the right image of FIG. 9A) restored by using the forgery prevention code included in the scanned document. It is possible to determine whether the forgery. In addition to the method of contrasting the two documents as a whole as a whole, as shown in Fig. 9B, it is also possible to select a portion and to enlarge the image only to a certain size, and then to focus and compare the portions.

The watermark detection method can check whether the forgery of the important data of the output document is damaged when the forgery prevention code mentioned above is damaged. Since the metafile was created by inserting a watermark into the image included in the stamp or recognition when the document was issued, the unique key used to generate the watermark (using the data recognized as important in the document) Alternatively, it is possible to detect whether the output document is forged or not by detecting whether the watermark included in the image such as recognition is forged (see FIG. 10). As for the watermarking detection method as described above, the method proposed in the patent application filed by the present applicant mentioned above and other various methods may be used.

As described above, the document forgery / falsification prevention system according to the present invention is provided with a forgery / falsification prevention device on the web server and the user side to prevent forgery due to issuance of documents through online / offline and to detect forgery through offline. . For the use of such a system can be operated in conjunction with the electronic authentication system to go through a more secure process.

In general, online complaint issuance services are civil affairs that require you to verify yourself. Therefore, when applying online, the process of identity verification through an accredited certificate and encryption and decryption process are performed during data transmission and reception under the authentication system, thereby making the data more secure. In the present invention, it can be applied to the identity verification and system security by interworking the existing public electronic authentication system such as NPKI, GPKI and the like.

Recently, in the civil document issuance system provided by the e-government as a civil service, the public certificate (Internet banking, etc.) can be used as it is, but the system according to the present invention can be linked to such public certification. Through this, a more secure system for issuing complaints can be implemented. In addition, even when other private companies or other organizations issue specific documents, the service can be easily linked with the individual authentication system required for user identification.

When used in conjunction with the present invention, prior to the operation of the system according to the present invention, there is no significant difference in configuration in that it further includes only a process of determining whether the corresponding user is a user authenticated by the PKI. The only difference is that the integrity check code for the PKI is inserted in the forgery-proof certificate itself and checked later. In this way, the authentication of the user is made through PKI-based authentication, thereby preventing the denial of the user's output behavior, and encrypting the data transmitted under the accreditation system in the process of transmitting and receiving data. Decryption) process can further enhance the security of the data.

As described above, the present invention not only prevents illegal access blocking, duplication and modification from the outside when data is transmitted and received between the user and the web server online, but also prevents forgery in the document printed offline. In order to insert various security codes and copy using a copy machine, a copy protection code that can be checked with the naked eye can be inserted to prevent illegal forgery.

In addition, forgery can be detected by checking the original online through the Internet by the security issue number printed on the printed document, and the original certificate can be extracted and restored by the forgery prevention code and watermark. By comparing the effect of forgery can be confirmed.

In addition, by using various safety systems, such as PKI and GPKI, which are used in the past, it is possible to use functions such as data encryption / decryption and identity verification through digital signature, non repudiation and confidentiality, etc. It is possible to build.

While the invention has been particularly shown and described with reference to the above embodiments, it has been used for the purpose of illustration and those of ordinary skill in the art, having the spirit and scope of the invention as defined in the appended claims. Various modifications can be made without departing.

Claims (9)

In the document forgery / forgery prevention system for preventing forgery / forgery in the document issuance system that receives the document requested from the user via the Internet from the information provider server server and provides the document through the document issuing web server, Operating in conjunction with the document issuing web server, watermarking the seal or recognition to be inserted into the original certificate file according to the document issuance request from the user side, and converting the original certificate file into a document file in print form, The original certificate file is changed into a pattern having a predetermined size and arranged in a predetermined form to generate a forgery prevention code, and a metafile including a document file and a forgery prevention code converted into a watermarking process and a printing form is generated and encrypted. A first forgery and forgery preventing means for preventing forgery and alteration of the original certificate file on / offline by transmitting the information to the user through the web server; And Installed on the user side, the encrypted metafile is decrypted and displayed on the screen, control of the screen and print status for the displayed result, and forgery of the forgery of the document issued through the web server online and offline. And a second anti-counterfeiting means for detecting the forgery of the document on the document. The method of claim 1, The first forgery and alteration prevention means is provided by including a safety issue number generated in the metafile to check whether the forgery online for the document provided to the user side, The safety issuance number is used to generate a unique number that can be characterized by collecting information such as issuing documents, applicants, and issuing time, or to generate and use the system itself according to the form and conditions of the documents provided. Document forgery / forgery prevention system, characterized in that. The method of claim 2, Protection means for protecting transmission / reception data along with identity verification by performing authentication procedure based on the authorized authentication key when the request for document issuance from the user and the issued data are transmitted to the first forgery and alteration prevention means. Document forgery / forgery prevention system characterized in that it further comprises. The method according to any one of claims 1 to 3, The first forgery and alteration prevention means is provided for the document provided to the user side including the authority information for the user on / offline to use the document, The authority information includes a document forgery / falsification prevention system, characterized in that it includes information on the number of prints and usage period of the provided document. The method of claim 4, wherein The second forgery and alteration prevention means performs a mouse control, a keyboard control and a menu operation control of a web browser while the browser program is running for controlling the screen state. The mouse control prevents viewing and editing / copying / saving the source by clicking a mouse or operating a right button on the screen, The keyboard control controls operations such as screen capture (PrtScreen), open new window (Ctrl + N), user's arbitrary printing (Ctrl + P), The menu operation control is a document forgery / forgery prevention system, characterized in that for controlling the operation of items such as copying / editing / saving and unauthorized copying (sending mail) in the menu of the web browser. The method of claim 5, The second forgery and alteration prevention means further comprises controlling the unauthorized copying of the screen by automatically deleting the temporary file downloaded to the user or controlling the file for the temporary directory, and the clipboard. Anti-counterfeiting system. The method of claim 3, wherein And the second forgery and alteration prevention means controls a URL that the user accesses to control access to a URL other than the URL for which the user is authorized. The method of claim 3, wherein The second forgery and alteration preventing means includes detection means for detecting forgery and alteration of the document on / offline, The detecting means uses the safety issue number printed on the output document. By checking online and matching the printed document with the original certificate file, it detects the forgery of the document, Detecting whether the document is forged or not by checking whether it is matched by comparing the scanned image of the output document and the image obtained by restoring the forgery prevention code printed on the output document to the original data offline. Document forgery / forgery prevention system, characterized in that. The method of claim 8, The detecting means is also generated by using a unique image used for extracting the watermark included in the scanned image of the document printed off-line and the stamp or recognition printed on the output document and generating the watermark. Document forgery / forgery prevention system, characterized in that for detecting whether the forgery of the document can be detected by matching between watermarks.