KR20170001929A - Method for certification using digital image, application system, and authentication system thereof - Google Patents

Abstract

Disclosed are an authentication method using a digital image, and an application system for the same. According to one aspect of the present invention, the application system installed on a portable terminal includes: an image acquisition module for acquiring a digital image of a predetermined object through an image-capturing device included in the portable terminal; and an insertion module for inserting insertion information into the acquired digital image, wherein authenticity of the insertion information is determined by the authentication system if the digital image inserted therein with the insertion information is transmitted to a predetermined authentication system, and validity of the digital image or a user of the portable terminal is authenticated if the authenticity of the insertion information is determined.

Description

TECHNICAL FIELD The present invention relates to an authentication method using digital images, an application system for the authentication method, and an authentication system using the digital image,

The present invention relates to a system and method for authenticating a user using a digital image, and more particularly, to a system and method for authenticating a user using verification information that can be obtained by a digital image.

Recently, various online services such as online commerce, internet banking, online certificate issuance and the like have been provided. Because of the nature of these services, it is very important that they authenticate themselves to ensure that the user has the right to use the service.

The most obvious authentication method is to visit a bank or a certificate issuing organization directly. However, since the visit is very cumbersome, the facial photograph, own identification card or other authentication means are scanned or photographed and transmitted to the certification body online. Non-face authentication technology is emerging that performs identity verification through transmitted pictures.

However, when the current non-face authentication technology is used, there is a problem that a problem that the photo is stolen, forged or exploited by a hacker or the like can not be prevented.

In addition, there are cases where a car insurance company provides a service for checking mileage or black box installation and discounting insurance premiums. At this time, there are cases where forged pictures are transmitted, Even if you do not have the possession of the other person as if you are holding a photo of the person is pretending to be increasing.

As the number of cases of counterfeiting or theft of digital images such as online photographs is increasing, a method for confirming the validity of digital images is widely required.

Korean Unexamined Patent Application Publication No. 10-2005-0009415, "Mutual authentication method using image image and computer readable recording medium recording program for executing this method"

SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a digital image authentication method, a digital image authentication method, a digital image authentication method, And to provide a system and method that can be used.

According to an aspect of the present invention, an application system installed in a portable terminal includes an image acquisition module for acquiring a digital image targeted at a predetermined object through image shooting means of a portable terminal, Wherein when the digital image in which the insertion information is inserted is transmitted to a predetermined authentication system, the validity of the insertion information is determined by the authentication system, and if the validity of the insertion information is determined, Or the user of the portable terminal is authenticated.

And the insertion module inserts the insertion information into the metadata of the digital image or the image information of the digital image.

Wherein the insertion module inserts encryption information or hash information of the insertion information at a predetermined position when inserting the insertion information into the metadata and inserts the insertion information into the image information when inserting the insertion information into the image information, A watermark, or a digital stamp, which can be recognized by the authentication system.

Wherein the inserting module inserts the inserting information in which the auto information inserted in the meta data is changed in a predetermined manner in place of the auto information by the image photographing means, And inserting it into the data.

Wherein the application system further comprises a communication module for performing communication with the authentication system, wherein the communication module transmits the digital image, into which the insertion information has been inserted, to the authentication system within a predetermined time from the time the digital image is acquired And transmits the data.

Wherein the application system further comprises a communication module for transmitting the digital image to the authentication system, wherein when the validity of the digital image or the user of the portable terminal is authenticated by the authentication system, Wherein the photographing time of the digital image and the time when the authentication system receives the digital image satisfy a predetermined condition or the photographing position of the digital image included in the digital image and the position of the portable terminal, Or the identification information of the portable terminal included in the digital image and the identification information of the portable terminal confirmed by the authentication system correspond to each other.

Wherein the application system further comprises a communication module for communicating with the authentication system, wherein the insertion module inserts the insertion information into the digital image based on the one-time information received from the authentication system via the communication module And the validity of the digital image or the user of the portable terminal is authenticated until the one-time information based on the embedded information inserted in the digital image is authenticated by the authentication system.

The insertion module inserts insertion information based on identification information of a portable terminal in which the application system is installed or insertion information based on identification information of the portable terminal and identification information of an object capable of identifying the object in the digital image , And when the identification information or the insertion information of the portable terminal corresponds to the information previously stored in the authentication system based on the insertion information inserted in the digital image by the authentication system, The user of the portable terminal is authenticated.

Wherein the application system further comprises a communication module for performing communication with the authentication system and receives the image transmission request from the authentication system through the communication module that confirms the success of the authentication of the principal through the predetermined target system , The insertion module inserts the insertion information into the digital image, or the image acquisition module acquires the digital image.

The personal authentication through the target system may be authentication based on whether the identification information including the identity of the cellular phone, the card authentication, or the user's personal information corresponds to the registration information registered in the target system.

Wherein at least a part of the information displayed on the object is recognized by the application system, the authentication system, or a predetermined target system, and the validity of the digital image, the authentication of the user of the portable terminal, And is used for authentication of a person provided by the system.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, And the user is authenticated by the authentication system when the information displayed on the first object and the second object correspond to each other.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, Wherein the first object is an object displaying a face image of a user and the second object is a face of a user photographed by the mobile terminal.

The authentication system may authenticate the user of the portable terminal only if it is determined that the photographing time of the first digital image and the photographing time of the second digital image satisfy a predetermined condition.

The insertion information is divided and inserted in a first digital image including a first object and a second digital image including a second object, and when the first digital image and the second digital image are transmitted to the authentication system, The insertion information obtained from each of the first digital image and the second digital image is obtained by the authentication system so that the insertion information is specified.

According to an aspect of the present invention, there is provided an application system installed in a mobile terminal, including: an image acquisition module for acquiring a digital image of a predetermined object through an image capturing means of a portable terminal; Wherein at least one of information displayed on the object or identification information of the portable terminal corresponds to registration information registered in a target system connected to the authentication system, Is authenticated.

The authentication system may authenticate the user of the portable terminal only if the validity of the verification information included in the digital image is further determined.

Wherein the application system further comprises an insertion module for inserting predetermined insertion information into the digital image, wherein if the validity of the insertion information included in the digital image is further determined by the authentication system, the user of the portable terminal is authenticated . ≪ / RTI >

According to an aspect of the present invention, there is provided an application system installed in a portable terminal for acquiring a first digital image for a first object and a second digital image for a second object, An image acquisition module, a communication module for transmitting the first digital image and the second digital image to an authentication system, wherein when the first digital image and the second digital image are transmitted, Wherein the first object is an object displaying a face image of a user and the second object is a face of a user photographed by the mobile terminal.

The application system performs a process of arranging a first image based on a face image displayed on the object or a second image based on a face image of a user photographed by the mobile terminal in a first area and a second area of a preset UI Thereby generating a comparison image.

Wherein the application system uses, as the first image, an image that is image-processed based on a face image displayed on the object or a face image displayed on the object based on an image attribute of a face image of a user photographed by the mobile terminal, Characterized in that an image obtained by processing an image of a face of a user photographed by a mobile terminal or a face image of a user photographed by the portable terminal on the basis of an image attribute of a face image displayed on the object is used as the second image can do.

According to an aspect of the present invention, there is provided an authentication system including an image receiving module for receiving a digital image having a predetermined object and a predetermined insertion information inserted by a portable terminal, And a verification module for determining the validity of the extracted insertion information and authenticating the validity of the digital image or the user of the portable terminal when the validity of the inserted information is determined.

According to another aspect of the present invention, there is provided an authentication system including an image receiving module for receiving a digital image of a predetermined object from a portable terminal, And an authentication module for authenticating a user of the portable terminal according to the identification result of the identification information authentication module.

Wherein when the authentication system authenticates the user of the portable terminal, the photographing time of the digital image included in the digital image and the time when the authentication system receives the digital image satisfy a predetermined condition, Wherein the identification information of the portable terminal included in the digital image and the identification information of the portable terminal identified by the authentication system match the identification information of the portable terminal, And the information corresponds to each other.

The authentication system transmits an image transmission request to the portable terminal after confirming the success of the authentication through the predetermined target system, and when the image transmission request is received by the application system installed in the portable terminal, The insertion information is embedded in the digital image or the digital image is acquired.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, And the authentication system authenticates the user so that the information displayed on the first object and the information displayed on the second object correspond to each other.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, Wherein the first object is an object displaying a face image of a user and the second object is a face of a user photographed by the mobile terminal.

According to another aspect of the present invention, there is provided an authentication method using an application system installed in a portable terminal, the method comprising: the application system acquiring a digital image for a predetermined object through an image capturing means of the portable terminal; Wherein the inserting information is inserted into the digital image, and if the digital image in which the inserting information is inserted is transmitted to a predetermined authentication system, the validity of the inserting information is judged by the authentication system, The validity of the digital image or the user of the portable terminal is authenticated.

Wherein the step of inserting embedding information into the digital image obtained by the application system comprises inserting the embedding information into the metadata of the digital image or the image information of the digital image, Wherein the inserting step inserts the encryption information or the hash information of the insertion information into a predetermined position when inserting the embedded information into the image information, , A watermark, or a digital stamp is inserted.

The authentication method using the digital image may further include the step of the application system transmitting the digital image in which the insertion information is inserted to the authentication system within a predetermined time from the time when the digital image is acquired.

When the validity of the digital image or the user of the portable terminal is authenticated by the authentication system, the photographing time of the digital image included in the digital image and the time when the authentication system receives the digital image satisfy a predetermined condition Or the photographing position of the digital image included in the digital image and the position of the portable terminal confirmed by the authentication system satisfy a predetermined condition or the identification information of the portable terminal included in the digital image and the authentication system And the identification information of the portable terminal corresponds to each other.

Wherein inserting the insertion information into the digital image obtained by the application system includes inserting the insertion information into the digital image by the application system including the one-time information received from the authentication system, The validity of the digital image or the user of the portable terminal may be authenticated if the one-time information inserted in the digital image is authenticated.

Wherein the authentication method using the digital image further comprises receiving an image transmission request from the authentication system, the application system confirming the success of the authentication of the user through a predetermined target system, And inserts the insertion information into the digital image or acquires the digital image.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, And the user is authenticated by the authentication system so that the information displayed on the first object and the information displayed on the second object correspond to each other.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, Wherein the first object is an object displaying a face image of a user and the second object is a face of a user photographed by the mobile terminal.

The authentication method using the digital image may be configured such that the application system displays a first image based on a face image displayed on the object or a second image based on a face image of a user captured by the portable terminal, 2 region of the first image to generate a comparison image.

Wherein the step of generating the comparison image comprises the step of allowing the application system to display the face image displayed on the object or the face image displayed on the object on the basis of the image attribute of the face image of the user photographed by the portable terminal, Wherein the application system is used as a first image or the application system performs a process of image processing based on an image attribute of a user's face image captured by the mobile terminal or a face image of a user captured by the portable terminal, And using one image as the second image.

When the insertion information is divided and inserted in a first digital image including a first object and a second digital image including a second object and the first digital image and the second digital image are transmitted to the authentication system, And the insertion information obtained from each of the first digital image and the second digital image is obtained by the authentication system so that the insertion information is specified.

According to an aspect of the present invention, there is provided an authentication method using an application system installed in a portable terminal, the method comprising: the application system acquiring a digital image for a predetermined object through an image capturing means of the portable terminal; Wherein at least one of the information displayed on the object or the identification information of the portable terminal corresponds to registration information registered in a target system connected to the authentication system, And the user of the terminal is authenticated.

According to another aspect of the present invention, there is provided an authentication method including the steps of: receiving a digital image in which an authentication system is a predetermined object and a predetermined insertion information is inserted by a portable terminal; Extracting the insertion information from the authentication information, and validating the insertion information extracted by the authentication system and authenticating the validity of the digital image or the user of the portable terminal if the validity of the insertion information is determined .

According to another aspect of the present invention, there is provided an authentication method for an authentication system, the authentication method comprising the steps of: receiving a digital image of a predetermined object from a portable terminal; And a step of authenticating the user of the portable terminal according to a result of the authentication by the authentication system.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object or a plurality of digital images including a first digital image comprising a first object and a second digital image comprising a second object, And the authentication system authenticates the user so that the information displayed on the first object and the information displayed on the second object correspond to each other.

Wherein the digital image transmitted to the authentication system is a digital image comprising a first object and a second object, or a first digital image comprising a first object and a second digital image comprising a second object Wherein the first object is an object displaying a face image of a user and the second object is a face of a user photographed by the mobile terminal.

Wherein the authentication system places the first image based on the face image displayed on the object or the second image based on the face image of the user photographed by the portable terminal in a first area and a second area of a predetermined UI And generating a comparison image by performing a process of generating a comparison image.

Wherein the step of generating the comparison image further comprises the step of allowing the authentication system to convert the image processed by the face image displayed on the object or the face image displayed on the object into the image processed on the basis of the image attribute of the face image of the user, The method according to any one of claims 1 to 3, characterized in that the authentication system uses a first image or a face image of a user captured by the mobile terminal or a face image of a user photographed by the portable terminal on the basis of image attributes of a face image displayed on the object And using one image as the second image.

The above method can be implemented by a computer program installed in the data processing apparatus.

According to an embodiment of the present invention, it is possible to use a digital image to perform powerful and simple non-face authentication or validity of the digital image (that is, a digital image is photographed by a legitimate user or an object Quot ;, which means that the user is occupied) can be determined.

Further, a primary authentication is performed through a target system (e.g., a mobile communication company system, a credit card company system, or a payment mediation system, an identification card authentication system, etc.) Since the authentication is performed, stronger authentication can be performed.

According to an embodiment of the present invention, when the verification information used for validity verification of a digital image is inserted into metadata, the metadata is encrypted and inserted into a digital image and decrypted to extract metadata. Can be prevented.

According to an embodiment of the present invention, the verification information may include auto information (e.g., photographing time, photographing position, etc.) of a digital image to be automatically inserted by the photographing means. There is an effect that it is possible to prevent the verification information from being manipulated by the user by inserting insertion information in place of the auto information.

Further, among the pieces of verification information, the insertion information inserted by the application system is inserted into the meta data or the image itself (e.g., steganography technique, watermark, stamp, etc.) .

Also, according to an embodiment of the present invention, two or more of the facial, ID, and unique authenticated objects of the user of the portable terminal may be authenticated using a plurality of digital images photographed together or individually Therefore, it is possible to obtain an effect of further enhancing the authenticity of the object to be occupied when the image of the object to be authenticated is acquired .

Particularly, in the case where an image in which a user's face is photographed and an image in which a user's face is displayed (for example, ID card, employee ID, etc.) is transmitted to the authentication system, the reliability of the user authentication is increased by comparing the user's face images It is possible to prevent an unauthorized user from attempting to be falsely authenticated by the photographing action alone. If the face is different, it may be burdensome for an unauthorized user to photograph his / her face, and his or her face may be stored in the authentication system and used as evidence for future illegal use.

In addition, when the user's face and the object are simultaneously photographed (for example, the front and rear cameras of the portable terminal are used to simultaneously photograph the object and the user's face, or the user's face and the object are photographed together) Or if the authentication is to be taken within a certain time, this effect can be increased.

Further, it is possible to prevent an unauthorized authentication attempt by verifying whether the digital image used at the time of authentication is an image obtained by photographing a real object or an image obtained by photographing an image.

According to an embodiment of the present invention, one of the user's face and the object may be photographed first, and the other one may be photographed while the application stores the image, so that the user's face and the object are placed in one digital image Or the second image is taken while the first digital image is inserted so that the user's face and the object are made to coexist in one digital image so that the comparison authentication of the legitimate user can be made easier, It is possible to prevent an attempt to obtain a false authentication and also to improve the efficiency of digital image storage.

According to an embodiment of the present invention, when the object to be photographed is an ID card having a face image, the face of the object image is extracted and the screen of the digital image is arranged so as to correspond to the face image of the user, There is an effect that can be done.

Further, the application system according to the embodiment of the present invention permits the digital image to be transmitted within a predetermined time after the digital image is acquired, and the authentication system also permits authentication only when the digital image is received within a predetermined time, It is difficult to perform artificial manipulation or change of the insertion information on the side of the user.

According to the embodiment of the present invention, the photographing time of the digital image and the time when the authentication system receives the digital image satisfy a predetermined condition, or the photographing position of the digital image and the photographing position of the portable terminal Face authentication or the validity of the digital image when the position satisfies a predetermined condition or when the identification information of the portable terminal and the identification information of the portable terminal confirmed by the authentication system correspond to each other, There is an effect that it is difficult to manipulate or change the image.

Also, when authentication is performed using a plurality of digital images, the insertion information is divided into a plurality of digital images and inserted, thereby enhancing security.

Further, when the insertion information inserted in the digital image for authentication includes the one-time information received from the authentication system, the insertion information itself can have a one-time effect, so that there is an effect that excellent security can be obtained. There is an effect that the image can be prevented from being reused in authentication.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 is a conceptual illustration of an authentication system using a digital image according to an embodiment of the present invention.
2 is a flowchart illustrating an authentication method using a digital image according to an exemplary embodiment of the present invention.
3 is a block diagram showing a schematic configuration of an authentication system using a digital image according to an embodiment of the present invention.
4 is a flowchart illustrating an example of an authentication method using a digital image according to an embodiment of the present invention.
5 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention.
6 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention.
7 shows an example of an application system according to an embodiment of the present invention.
8 is a flowchart illustrating an operation process of an application system according to an embodiment of the present invention.
9 is a flowchart illustrating an operation procedure of an application system according to another embodiment of the present invention.
FIG. 10 is a diagram for explaining a process of authenticating a user using a plurality of images according to the technical idea of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

In this specification, terms such as "comprise," "comprising," and the like are intended to specify that there are stated features, numbers, steps, operations, elements, parts or combinations thereof, But do not preclude the presence or addition of one or more other features, steps, operations, elements, components, or combinations thereof.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

Hereinafter, the present invention will be described in detail with reference to the embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

1 is a conceptual illustration of an authentication system using a digital image according to an embodiment of the present invention. 1, an authentication system (hereinafter referred to as an 'authentication system') 100 using a digital image is used to implement an authentication method using a digital image according to an embodiment of the present invention .

The authentication system 100 can receive a digital image from the portable terminal 200 and verify the validity of the digital image. Here, the fact that the digital image is valid may mean that the digital image is an image photographed by a portable terminal of a user to be authenticated. It may also mean that the user is occupying an object that is the object of the digital image. Accordingly, the technical idea of the present invention is to allow a user to capture an object occupied by the user and to verify the validity of the digital image photographed by the object, so that when the object is an object (for example, an ID card or the like) And can be used for confirming the reliability of the counter party when the object is a transaction object.

The authentication system 100 may receive the digital image directly from the portable terminal 200. [ Alternatively, if the portable terminal 200 uploads the digital image to a predetermined external system (for example, a social network system, an image publishing service providing system, or the like), the validity verification system may receive the digital image from the external system It is possible. Alternatively, after the digital image photographed from the portable terminal 200 is transmitted to a predetermined other terminal (e.g., a user's computer), the other terminal may transmit the digital image to the authentication system 100. [ Accordingly, in the present invention, a method of receiving the digital image by the authentication system 100 can be variously performed in association with the portable terminal 200.

According to an embodiment, the authentication system 100 may be implemented in the form of being included in a given target system (e.g., a mobile carrier system, a card company system, or a payment mediation system (e.g., VAN, PG system, . In the case where the technical idea of the present invention is used for commerce (for example, a used transaction), the system may be included in the system for commerce.

The target system 300 may be a system capable of authenticating a user in a predetermined manner. For example, when the target system 300 is a mobile communication company system, the mobile communication company system uses the phone number of the mobile terminal registered in the mobile communication company system and personal information (name, date of birth, sex, It is possible to confirm whether the information (identification information) is legitimate. Of course, a predetermined one-time information may be transmitted to the portable terminal of the user to check whether the portable terminal is occupied by the user.

In this specification, the mobile communication company system refers to a system of a mobile communication network provider providing mobile communication services to the mobile terminal 200, as well as a system of information or services provided by the mobile communication network operator, To the mobile terminal 200. The mobile terminal 200 may be connected to the mobile terminal 200 via a network. For example, the agent system may provide the location information of the portable terminal 200 to the authentication system 100 based on information provided from a mobile communication network provider, determine the legitimacy of the identification information to be described later, Authentication service may be provided.

When the target system 300 is a card company system, the card company system compares identification information (e.g., name and card information) input by a user or identification information of a photographed card with registration information stored in the card company system, The validity of the information may be judged.

The target system 300 may be a payment mediation system. When the target system 300 is a payment mediating system (e.g., VAN, PG, etc.), the payment mediating system may determine whether the user's card is valid according to the technical idea of the present invention. For example, the settlement intermediation system may attempt to settle the card using the user information or the card information included in the identification information received by the authentication system 300. The validity of the card can be determined by checking from the card company system whether or not the card can be normally settled. Of course, you can also cancel the payment after checking the validity.

According to the technical idea of the present invention, an authentication method with enhanced security is provided by using a predetermined authentication method that can be performed by the target system 300 and authenticating a user by further using verification information included in a digital image can do.

In the present invention, a digital image does not only mean a single image but also includes an image (for example, an image frame included in a moving image) that can be provided by a moving image or other method.

The authentication system 100 and the portable terminal 200 may be directly or indirectly connected to each other through a wired / wireless network to transmit / receive various information and / or data necessary for the technical idea of the present invention to implement the technical idea of the present invention .

Meanwhile, the authentication system 100 may extract the first verification information included in the received digital image.

The first verification information may be embedded in the digital image in various ways to write information such as watermark, steganography, stamp, etc. to the image.

According to an embodiment, the first verification information may include information (e.g., name, date of birth, resident number, card information, etc.) displayed on an object (e.g., ID card, card, etc.) of the digital image.

In one embodiment, the first verification information may be included in the digital image in the form of metadata. The first verification information may be a part of the metadata included in the digital image. Metadata is structured data about data and is data that describes other data. In particular, the metadata of a digital image includes photograph information such as exposure, flash usage, resolution, and photo size, information (device manufacturer, device identification, model name, etc.) of the device that captured the digital image, Time information, geographical position information of the photographed place, and the like as metadata.

The first verification information may include information inserted into the digital image by the application system 400 according to the technical idea of the present invention and may be automatically inserted by the image capturing application installed in the portable terminal 200 Information (e.g., photographing time, photographing position, etc., hereinafter referred to as " auto information "). The auto information may be generally included in the metadata of the digital image.

According to the embodiment of the present invention, since the auto information is written in plain text which can be easily changed or manipulated by the user, the application system 400 according to the embodiment of the present invention can automatically transmit the auto information to the authentication system (E.g., encryption, hash, and the like) in a format that can be recognized only by the user (e.g., the user 100) can insert the coded information into the metadata in place of the auto information. Alternatively, the insertion information may be inserted into the meta data separately from the auto information. At this time, the authentication system 100 may utilize the insertion information as the verification information instead of the auto information.

A representative format for storing metadata of a digital image is, but not limited to, an EXchangeable Image File format (Exif).

The digital image may also be an identification card, a user's card, or other object expected to be occupied by the user. The object of the digital image may be designated by the authentication system 100.

In one embodiment, the authentication system 100 may include information on location of a place where the digital image is captured, identification information of a device that has photographed the digital image, And at least one of the time information can be extracted as the first verification information. To this end, the portable terminal 200 may be provided with predetermined software or applications for implementing the technical idea of the present invention.

Meanwhile, the authentication system 100 can acquire the second verification information.

The second verification information is information corresponding to the first verification information, and may be information corresponding to the portable terminal.

The fact that the second verification information corresponds to the first verification information may mean that the second verification information is the same kind of information as the first verification information. Or that the second verification information includes the same kind of information as the information included in the first verification information. For example, if the first verification information is location information, the second verification information may be at least location information, and if the first verification information includes location information, device identification information, and time information, The verification information may include at least location information, device identification information, and time information.

Meanwhile, the authentication system 100 may receive at least a part of the second verification information from the portable terminal 200, and in some cases, the authentication system 100 may receive an object system corresponding to the portable terminal 200 , 300). For example, the authentication system 100 may directly receive the location information of the mobile terminal 200 from the mobile terminal 200, and may transmit the location information of the mobile terminal 200 corresponding to the mobile terminal 200 300 to receive the location information of the portable terminal 200. For example, the mobile communication company system 300 corresponding to the mobile terminal 200 may be a mobile communication company system to which the mobile terminal subscribes or an agent system linked to the mobile communication company system.

The method for the mobile communication company system 300 to grasp the location information of the mobile terminal 200 may be various methods such as a method using GPS or a method using LBS (Location Based Service).

The fact that the authentication system 100 receives information from the mobile communication company system 300 may mean that the authentication system 100 directly receives information from the mobile communication company system 300, Or agency) to receive information indirectly. For example, in the latter case, the authentication system 100 may request information from a given intermediary system (or agency system), in which case the intermediary system receives information from the mobile communication company system 300, Information can be transmitted to the system 100.

The mobile communication company to which the portable terminal 200 subscribes may be a communication company that provides voice communication network or data communication network so that the portable terminal 200 can perform voice or data communication. And the mobile communication company system 300 may be connected to each other through a wire / wireless network to transmit / receive various information and / or data necessary for the technical idea of the present invention.

The portable terminal 200 may be a computing device including a smart phone having a camera function, a tablet PC, a PDA (Personal Digital Assistant), a handheld device having a wireless connection function, or a processing device connected to another wireless modem Lt; / RTI >

Of course, according to an embodiment, the authentication system 100 may be included in the target system 300 and implemented. That is, the target system 300 may perform authentication according to the technical idea of the present invention.

2 is a flowchart briefly illustrating an authentication method using a digital image according to an embodiment of the present invention.

2, the portable terminal 200 captures a digital image (S100), and transmits the digital image to the authentication system 100 (S110). 2 illustrates a case where the portable terminal 200 directly transmits a digital image to the authentication system 100. The digital image is transmitted to the authentication system 100 through another device or system corresponding to the portable terminal 200, (100) as described above. The portable terminal 200 may be provided with an application system 400 for implementing the technical idea of the present invention as will be described later.

The authentication system 100 may extract the first verification information from the metadata included in the digital image or from the image information (S120). The first verification information may mean information to be verified according to the technical idea of the present invention. For example, the photographing position, photographing time, identification information (e.g., device identification information, OS identification information, and / or phone number) of the portable terminal 200 and the like may be included in the first verification information. According to an embodiment, the information displayed on the object displayed on the digital image (for example, personal information displayed on the ID card, card information displayed on the card, personal information displayed on the financial account, etc.) may be included.

In addition, the first verification information may include insertion information artificially inserted by the application system 400 according to an embodiment of the present invention, and may be automatically generated by the image capturing means (application, camera sensor, etc.) As described above.

An example of the insertion information may be a photographing position of a digital image, a photographing time, identification information of the portable terminal 200, and may be one-time information received from the authentication system 100, as described later. Or identification information of an object (for example, card information, serial number of ID card, etc.) capable of identifying an object to be a target of the digital image may be insertion information. The insertion information may be such information itself, or may be information that is transformed (e.g., encrypted, hashed, or a combination of a plurality of pieces of information) in a predetermined manner. Accordingly, the insertion information may be information generated based on at least one of a photographing position of the digital image, a photographing time, identification information of the portable terminal 200, one-time information, and identification information of the object.

Meanwhile, the authentication system 100 may acquire the second verification information corresponding to the first verification information and corresponding to the portable terminal 200. The authentication system 100 can acquire at least a part of the second verification information from the portable terminal 200 or the target system 300 corresponding to the portable terminal 200, for example, the mobile communication company system.

The authentication system 100 may then verify the validity of the digital image by comparing the first verification information and the second verification information. Once the validity of the digital image is verified, the authentication system 100 may determine that the user requesting authentication is authenticated as a legitimate user.

The authentication system 100 and method as described above may be used for non-face-to-face authentication. In this case, the digital image transmitted by the portable terminal 200 may be a facial image or an ID image of the user of the portable terminal, or other authentication means (for example, a financial transaction account, a transaction account screen, a financial card (IC card, , Or a unique identity authentication means capable of authenticating the user with a security device such as a security card or an OTP), and the digital image can be used for non-face-to-face authentication. The authentication system 100 can verify that the ID card or the like to be used for the non-face-to-face authentication is photographed by the user's own mobile terminal, thereby verifying that the ID card or the like is occupied by the user at the time of photographing the ID card It can provide technical ideas.

FIG. 3 is a block diagram illustrating a schematic configuration of an authentication system 100 according to an embodiment of the present invention. 3, the authentication system 100 includes an image receiving module 110, an extraction module 120, an acquisition module 130, a verification module 140, an identification information authentication module 150, a decryption module 150, (160). In accordance with an embodiment of the present invention, some of the components described above may not correspond to components that are essential to the implementation of the present invention, and in accordance with an embodiment, the authentication system 100 may further It goes without saying that many components may be included. For example, the authentication system 100 may include other components (e.g., an image receiving module 110, an extraction module 120, an acquisition module 130, a verification module A control module (not shown) that can control the functions and / or resources of the authentication module 140, the identification information authentication module 150 and / or the decryption module 160, and the like).

The authentication system 100 may include hardware resources and / or software necessary to implement the technical idea of the present invention, and does not necessarily mean a single physical component or a single device . That is, the authentication system 100 may mean a logical combination of hardware and / or software provided to implement the technical idea of the present invention. If necessary, the authentication system 100 may be installed in a separate apparatus to perform respective functions And may be embodied as a set of logical structures for realizing the technical idea of the present invention. In addition, the authentication system 100 may mean a set of configurations separately implemented for each function or role for implementing the technical idea of the present invention. For example, the image receiving module 110, the extraction module 120, the acquisition module 130, the verification module 140, the identification information authentication module 150, and / Or may be located in the same physical device. According to the embodiment, the image receiving module 110, the extraction module 120, the acquisition module 130, the verification module 140, the identification information authentication module 150, and / or the decryption module 160, The combination of the constituent software and / or hardware may also be located in different physical devices, and configurations located in different physical devices may be organically coupled to implement each of the modules.

In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware But can be easily deduced to the average expert in the field of the present invention.

The image receiving module 110 may receive a digital image from the portable terminal 200 or may receive the digital image through a predetermined terminal or system photographed by the portable terminal 200.

The extraction module 120 may extract first verification information included in the received digital image. As described above, the first verification information may be embedded in the digital image in various ways (for example, watermark, steganography, digital stamp, etc.) for inserting information into the image information itself, And the extraction module 120 may extract the first verification information from the digital image by a predetermined extraction method corresponding to a manner in which the first verification information is embedded in the digital image.

In one embodiment, the first verification information may be embedded in the digital image in the form of metadata. The first verification information may be a part of the metadata included in the digital image. The metadata may be included in the digital image and may be data regarding the digital image itself. As described above, the metadata of the digital image may be in Exif format, but is not limited thereto.

The extraction module 120 may extract only a part of the metadata of the digital image as the first verification data.

According to an embodiment, the first verification information may include at least one of position information of a place where the digital image is photographed, identification information of the portable terminal 200 that photographed the digital image, or time information of the digital image .

The location information may be Global Positioning System (GPS) information.

The identification information of the portable terminal 200 may be unique identification information assigned to the portable terminal 200 and may include identification information of the portable terminal 200 such as a phone number of the portable terminal 200, And the like.

The authentication system 100 may use both the location information of the place where the digital image is photographed, the identification information of the device that photographed the digital image, or the time information of the photographed digital image, Only a few of them can be used to validate digital images.

Meanwhile, in one embodiment, the metadata included in the digital image may be data encrypted with a predetermined encryption method for preventing forgery and falsification. In this case, the portable terminal 200 photographing the digital image may include a predetermined encryption device or encryption software for encrypting the metadata, or a coding means such as a hash solution, May be included in the application system 400. Also, the authentication system 100 may include a decryption module 160 for decrypting the metadata using a decryption method corresponding to the encryption method, and the extraction module 120 may extract, from the decrypted metadata, The verification information can be extracted.

The encryption / decryption method used in the authentication system 100 according to an embodiment of the present invention may be a symmetric key or a scheme based on an asymmetric key structure (e.g., a public key structure (PKI)), but is not limited thereto, Various encryption / decryption schemes may be used. It is needless to say that various hash algorithms known in the art can be applied to the hash scheme.

Meanwhile, the acquisition module 130 may correspond to the first verification information, and may acquire second verification information corresponding to the portable terminal. It should be understood that the second verification information may be varied according to the implementation of the first verification information.

The information corresponding to the portable terminal means information about the portable terminal which is collected by the portable terminal, received from the portable terminal, or collected or grasped by a predetermined system (for example, a portable communication system) interlocked with the portable terminal It can mean. Meanwhile, since the information included in the second verification information includes information corresponding to the first verification information, when the first verification information includes the location information of the place where the digital image is photographed, The second verification information may include identification information of the portable terminal when the first verification information includes identification information of a device that has photographed the digital image, If the first verification information includes time information on the digital image, the second verification information may include time information indicating that the digital image was received from the portable terminal.

According to an embodiment, the acquisition module 130 can specify a portable terminal that has transmitted the digital image or a portable terminal previously designated by the user, as a portable terminal corresponding to the second verification information.

When the first verification information includes the location information of the place where the digital image is photographed, the acquiring module 130 acquires the location information of the portable terminal 200 from the portable terminal 200 or the portable terminal 200 From the target system 300 (e. G., Mobile carrier system). In the former case, the mobile terminal 200 may include a predetermined GPS module capable of acquiring its own position information, acquires GPS information indicating its own position using the GPS module, and transmits the acquired GPS information to the authentication system 100 Lt; / RTI > In the latter case, it is needless to say that the mobile communication company system 300 can confirm the location of the mobile terminal 200 such as LBS.

When the digital image is transmitted through the network, the acquisition module 130 determines that the digital image is transmitted to the authentication system (e.g., 100 may be regarded as the time at which the digital image is received from the portable terminal 200, that is, the second verification information. The time difference between the first verification information and the second verification information may be within a certain range to validate the digital image.

If the first verification information includes identification information of the portable terminal 200 that has captured the digital image, the identification information of the portable terminal 200 may be transmitted to the portable terminal 200 or the portable terminal 200, From the target system 300, which corresponds to < / RTI >

The verification module 140 may verify the validity of the digital image by comparing the first verification information and the second verification information.

More specifically, when the first verification information includes the location information of the place where the digital image is photographed, the verification module 140 determines whether the location of the location where the digital image was photographed and the location of the portable terminal Is satisfied.

The fact that two positions satisfy a predetermined position condition may mean that the two positions correspond to a predefined positional relationship. For example, if the distance between the position of the place where the digital image is photographed and the position of the portable terminal is within a predetermined limit distance, the verification module 140 determines the position of the place where the digital image is photographed, It can be determined that the position satisfies the positional condition.

If the first verification information includes the identification information of the device that captured the digital image, the verification module 140 determines whether the identification information of the photographed device and the identification information of the portable terminal match the digital image It can be judged.

If the first verification information includes the time information on the digital image taken, the verification module 140 determines that the time when the digital image was photographed and the time when the digital image was received from the portable terminal is a predetermined time condition It can be judged whether or not it is satisfied.

The satisfaction of a predetermined time condition between two times may mean that the two times correspond to a predefined time relationship. For example, when the difference between the time at which the digital image is photographed and the time at which the digital image is received from the portable terminal is within a predefined limit time, the verification module 140 determines the time at which the digital image was photographed, It can be determined that the time when the digital image was received from the terminal satisfies the time condition.

When the position of the digital image and the position of the portable terminal satisfy a predetermined positional condition, the verification module 140 determines whether the digital image is identical with the identification information of the photographed device and the identification information of the portable terminal The verification module 140 determines whether the digital image is photographed, when the digital image is photographed, and when the digital image is received from the portable terminal, The identification information of the terminal, and / or the time at which the digital image is photographed, respectively. And judges that the digital image is valid or legitimate when it is judged that the position at which the digital image is photographed, the identification information of the portable terminal, and / or the time at which the digital image was photographed is legitimate.

Meanwhile, the digital image may be any one of a facial image of the user of the portable terminal, an ID image, a unique authentication object, or an image of an object to be occupied by the portable terminal, Images can be used for non-confidential self-certification.

Here, the inherent identity authentication object refers to, for example, a variety of authentication objects such as a financial transaction account, a financial transaction confirmation, a financial transaction account screen, a financial card (credit card, debit card, etc.) Object.

According to an embodiment, the authentication system 100 may perform non-face-to-face authentication, and for this purpose, the authentication system 100 may include an identification information authentication module (not shown) 150).

The identification information authentication module 150 can determine the legitimacy of the identification information input from the user. According to an embodiment, the identification information may refer to information displayed on the object (for example, personal information displayed on an identification card in the case of an identification card, card information or personal information displayed on a credit card in the case of a credit card). The identification information may mean information that the user has to be authenticated in order to be authenticated as a legitimate person.

Therefore, the legitimacy of the identification information may refer to a case where the identification information corresponds to information registered in advance (for example, information registered in the target system 300). Or when card information (for example, card number or the like) is included in the identification information as described later, it means that the card corresponding to the card information is a card capable of authenticating the user himself or a card capable of actual payment It is possible.

The identification information does not necessarily have to be completely input by the user. The user can input only a part of the identification information by using the portable terminal 200 or a terminal (e.g., a computer, a PDA or the like) used by the user. In this case, the remaining part of the identification information may be information obtained by the digital image. The authentication system 100 may obtain the remaining portion of the identification information from the digital image to identify the entire identification information. The remaining part of the identification information may be information displayed on an object of the digital image. For example, the user's personal information (e.g., name, resident number, date of birth, etc.) displayed on the ID card, card information (e.g., card number, ). ≪ / RTI > Then, the identification information authentication module 150 may identify the identification information by combining a part of the identification information inputted from the user and the remaining part obtained from the digital image, and judge the legitimacy of the identification information by using the specified identification information have.

According to an embodiment, identification information may not be input by the user. For example, the identification information may be a combination of the information displayed on the object and the verification information included in the digital image. Alternatively, the identification information may be information displayed on the object and the identification information (e.g., telephone number, device identification information, O / S ID, etc.) of the portable terminal identified by the authentication system 100. Or the information displayed on the object (e.g., card information and / or user personal information) may be the identification information. Alternatively, information (for example, user's personal information) displayed on the object and information included in the verification information (e.g., identification information of the portable terminal) may be the identification information. Or identification information of the portable terminal, which is recognized by the authentication system 100 when the portable terminal communicates with the authentication system 100, It is possible.

For example, the identification information may be changed according to the target system 300. The object to be photographed by the portable terminal 200, that is, the object of the digital image, may also be changed according to the target system 300.

For example, the identification information may include information necessary for a personal authentication (for example, authentication of the cellular phone itself) conventionally provided by the mobile communication company system. That is, the phone number of the mobile terminal 200 and personal information of the user (e.g., name, date of birth, resident number, sex, etc.) may be included in the identification information. In this case, the object of the digital image may be an object (e.g., ID card, etc.) in which the personal information of the user is displayed.

The identification information may include information necessary for authentication (e.g., credit card authentication) conventionally provided by a credit card company system. Card information and user's personal information may be included in the identification information, and the object of the digital image may be an object (e.g., a card) corresponding to the card information.

When the identification information includes the identification information of the portable terminal 200 and the personal information of the user, the legitimacy of the identification information is determined based on the information registered in the target system 300 corresponding to the portable terminal 200, Can be confirmed by judging whether or not it corresponds to the identification information. The target system 300 may receive the identification information from the authentication system 100, determine whether the received identification information corresponds to the registered information, and transmit the result to the authentication system 100. Alternatively, the authentication system 100 may transmit predetermined information to the authentication system 100 so that the authentication system 100 can determine the legitimacy of the identification information. Since the target system 300 compares the registration information with the identification information, it is a concept corresponding to the so-called owner authentication of the portable terminal 200, so that the target system 300 can acquire the occupancy of the portable terminal 200 Further authentication may be performed. For example, the disposable password may be transmitted to the portable terminal 200 and the disposable password may be received through the portable terminal 200 or the terminal to successfully execute the occupancy authentication. If it is determined that the identification information is valid, the authentication system 100 may transmit the result of the determination.

On the other hand, when the identification information includes card information and personal information, the authentication system 100 determines whether the information registered in the card issuing system through the target system 300 corresponding to the card information, for example, As shown in FIG. According to another embodiment, the subject system 300 may be, for example, a payment intermediary system (e.g., VAN, PG). The settlement intermediation system can check whether the card corresponding to the card information is valid, i.e., whether the card is usable, using the card information. For example, the settlement intermediation system can perform a settlement check for validity determination rather than a settlement time for actual settlement using the card information. The settlement time may be a process of requesting the card company system to settle the settlement with the card information and the arbitrarily set settlement amount. Then, the card issuer system can transmit a signal to proceed the settlement only when the card is a valid card, and the settlement intermediation system can simply check whether the card is valid or not. The process of verifying whether or not the card is valid may be performed in a manner in which the payment mediating system is exclusively used for validity authentication of the card in cooperation with the card issuer system, It may also be possible to cancel the settlement finally.

The digital image may further include verification information (e.g., a photographing position, a photographing time, identification information of the portable terminal 200) for verifying the validity of the digital image, as described above. In this case, The authentication of the user can be succeeded.

When the digital image is an ID image, the extraction module 120 extracts information (for example, a resident registration number, an address, a name, a name, and the like) necessary for legitimacy of the identification information from the ID image through optical character recognition (OCR) Sex, etc.) can be read. In some cases, the identification photograph included in the ID image can be extracted. Of course, the reading of the information necessary for the legitimacy of the identification information may be performed by the application system 400 installed in the portable terminal 200. [ The information extracted by the extraction module 120 may be used as part of the identification information, or may be used as verification information to be compared with the identification information after the validity of the identification information is determined.

When the digital image is an image of a unique authentication object, the digital image may include predetermined information (e.g., a unique serial number of the credit card, a card number, an expiration date, a financial account number, etc., (E.g., a unique serial number of the device, a unique serial number of the secure card, etc.) may be included in the digital image, and the extraction module 120 extracts information necessary for the identification information from the digital image A unique serial number of the OTP device, such as a unique serial number of the credit card, a card number, an expiration date, a financial account number, etc., a unique serial number of the secure card, etc.) or a validity of the identification information is compared with the identification information It is possible to extract the verification information to be the object.

In the case where the information displayed on the object of the digital image is used as the verification information, the information input by the user may be input as the identification information. For example, when the user inputs his or her own mobile phone and personal information as the identification information, the identification information authentication module 150 can confirm the legitimacy of the identification information through the target system 300. Then, the verification module 140 compares the verification information obtained by the extraction module 120 with the identification information (for example, the personal information displayed on the identification card) If the personal information included in the information matches, the user can finally be authenticated as a legitimate user.

When the user inputs the card information and the personal information as the identification information, the identification information authentication module 150 can determine the legitimacy of the identification information through the subject system 300. When the validity of the identification information is confirmed, the verification module 140 compares the verification information (e.g., card information and / or user name) acquired by the extraction module 120 with the identification information, (In other words, when the information displayed on the card matches the information included in the identification information), the user can finally be authenticated as a legitimate user.

Verification information (e.g., personal information or card information) acquired by the extraction module 120 may be used as part of the identification information. In this case, the identification information authentication module 150 may generate verification information by using a part of the identification information input by the user and verification information obtained by the extraction module 120 (e.g., a password of a card or a part of card information Etc.), and confirms the legitimacy of the specified identification information through communication with the target system 300 corresponding thereto. In this case, the process of comparing the identification information again with the verification information obtained by the extraction module 120 may be omitted. If the validity of the identification information is confirmed by the identification information authentication module 150, Module 140 may authenticate that the user is a legitimate user. Of course, at this time, a process for verifying the validity of the digital image may be performed by the verification module 140, and the validity of the digital image may be further verified to certify that the user is a legitimate user.

In some implementations, all of the identification information (e.g., card information and personal information) may be obtained by the extraction module 120. In this case, if the validity of the identification information is confirmed by the identification information authentication module 150, the verification module 140 may authenticate the user as a legitimate user. However, in this case, since the acquisition channel of the identification information is the digital image, the validity of the digital image may be further verified to enhance the security, so that the user may authenticate that the user is a legitimate user.

In one embodiment, the digital image may be an image of two or more of the user's face, identification, or unique identity-authenticated object together. For example, a financial account or a credit card may be photographed in a single image together with the face of the user of the mobile terminal or an identification card. Alternatively, the authentication system 100 may receive a plurality of digital images each of which is directed to different objects.

When the digital image received by the authentication system 100 includes two or more means for authenticating the principal, there is an effect that the security of the principal authentication is strengthened.

The extraction module 120 can identify two or more objects included in the digital image or the plurality of digital images through image processing on the digital image, respectively, and the identification information authentication module 150 and the verification module 140 May perform user authentication based on each identified object (e.g., the identity verification means) as described above. In this case, the verification module 140 may determine that the non-face-to-face authentication is successful only when all the identified objects are authenticated, and in this case, the security can be greatly enhanced.

Alternatively, the verification module 140 may determine whether the information displayed on each identified object corresponds to each other. For example, if a user name is displayed on each object, the verification module 140 may determine that the user is authenticated if the user name displayed on each object corresponds to each other.

In some implementations, the verification module 140 may determine whether the different types of information displayed on each object correspond to each other. For example, the first type of information (e.g., user name, date of birth, etc.) is displayed in the first object (e.g., ID card) (E.g., card information, account number, OTP identification number, etc.) may be displayed. In this case, the verification module 140 determines whether the first type of information and the second type of information correspond to each other based on predetermined information registered by the verification module 140, .

In any case, the verification module 140 may further determine whether the information displayed on each of the plurality of objects corresponds to each other when the images of the plurality of objects are received through one or more digital images, It can be determined that the authentication is successful. If it is determined that two or more identified authentication means are not the same person, the verification module 150 may determine that the authentication of the user is failed, Verification module 150 may perform non-face-to-face authentication based on at least one of the identified two or more identity authentication means.

According to an embodiment of the present invention, when an image transmitted to the authentication system 100 includes a first object and a second object, or includes a first digital image and a second object including a first object When the second digital image is transmitted to the authentication system 100, the first object may be an object (for example, ID, employee ID, etc.) in which the user's face image is displayed, May be the face of the user photographed by the user.

According to the technical idea of the present invention, the user authenticates the first object (e.g., ID card) on which his / her face is displayed and the image (or the first object image and the second object image) To the system 100 so as to perform the identity authentication. In this case, the authentication system 100 may merely determine that the authentication of the user is successful by merely receiving the photographed image of the first object and the second object. Of course, authentication may be successful only when the user of the authentication system 100 compares the user's first object and the second object with each other visually, and the employee determines that the comparison result is the same person . In this case, an effect similar to offline face-to-face authentication (for example, a process of presenting an ID card off-line and comparing the face of the user face and the ID card with the naked eye by the authentication side) can be obtained. Depending on the implementation, the authentication system 100 may determine whether the facial image displayed on the first object and the captured user's face image (second object) represent the same person, through a predetermined automated solution And the authentication of the user may be successful according to the determination result.

According to an embodiment of the present invention, when the first object is an ID card having a facial image, the authentication system 100 may include a target system (e.g., a related system of the Ministry of Public Administration and Security in case of a resident registration card, The related system of the National Police Agency, the related system of the Ministry of Foreign Affairs in the case of a passport, etc.), it is possible to discriminate the authenticity of the identification card. The target system determines whether or not information (for example, photograph, resident number, name, date of issuance or name, date of birth, license number, serial number, etc.) described in the ID card agrees with information registered in itself, To the system 100. Then, the authentication system 100 can determine that the user's identity authentication is successful only when the ID card is not forged or not. The authentication system 100 may first determine whether the ID card is authentic, and then compare the face image according to the technical idea of the present invention through a predetermined solution or allow the employee to perform comparison of the face image. Or the authenticity of the identification card after the comparison of the facial images is successful.

As a result, it is possible to prevent an unauthorized user from altering the facial image on the ID card so that false authentication of the user is performed by discriminating the authenticity of the ID card in cooperation with the target system.

Meanwhile, according to the technical idea of the present invention, at least one of the application system 400 or the authentication system 100 may include a face image included in the first object or a face image captured by the portable terminal Image processing of at least one of the images.

The image processing may include, for example, scaling one of the first face image (the image included in the identification card) or the second face image (the face image taken by the portable terminal) to the same or similar size as the other one . According to an embodiment of the present invention, an image adjustment process may be included in which an image is changed or an image is filtered so as to have the same or similar color, roughness, or brightness as the other image. In any case, the image processing may be performed in such a way that the image attributes of the first face image and / or the second face image are compared with a relative image (e.g., a second face image in the case of a first face image, Based on the image attributes (e.g., size, color, illuminance, and / or brightness, etc.) of the first face image (which means first face image).

After this image processing process is performed, the authentication system 100 or the application system 400 may perform an image arrangement process to facilitate comparison of the first face image and the second face image.

The image arrangement process may include arranging the first face image and the second face image after the image processing is performed in a first area and a second area, respectively, which are predefined on a predetermined UI. This image processing and image placement process may be performed, for example, by an editing module (not shown) included in the application system 400.

Of course, depending on the implementation, only the image arrangement process may be performed without the image processing process. In this case, the first face image and the second face image may be arranged in the first region and the second region as described above, so that a predetermined solution or a user can easily compare the first face image and the second face image.

An example of such an image arrangement process is shown in Fig.

FIG. 10 is a diagram for explaining a process of authenticating a user using a plurality of images according to the technical idea of the present invention.

10A shows an example of a first digital image 10 for a first object (e.g., an ID card) on which a face 11 of the user is displayed, FIG. 10B shows an example of a face of the user, And the second digital image 20 captured by the second digital camera 20 is shown.

The application system 400 may then apply the at least one of the first face image 11 of the user included in the first digital image 10 or the second face image 21 included in the second digital image 20 Image processing can be performed. Although Fig. 10C illustrates an example in which image processing is performed on the first face image 11, the image processing on the second face image 21 may be performed, and the two images 11 and 21 It is needless to say that the predetermined image processing may be performed for each of the plurality of image processing units.

In any case, the image processing may refer to a process in which the image attributes (e.g., size, color, brightness, and / or illumination) are changed to facilitate comparison of the two images 11 and 21 with each other.

The application system 400 may then perform an image placement process for two face images as shown in FIG. 10C.

The image placement process includes a process of placing an image so that two face images 11, 21 can be identified at the same time. For example, as shown in FIG. 10C, the first face image 11-1 after the image processing is performed may be arranged in a predetermined first area, and the second face image 21-1 after the image processing is performed It is possible to arrange the second face image 21 in which the image processing is not performed, in the second predetermined area. The first region and the second region do not necessarily have to be arranged horizontally as shown in FIG. 10C, but may be disposed vertically or in some embodiments, the first region and the second region overlap each other. When the first area and the second area are arranged so as to overlap with each other, one of the face images is processed transparently or semitransparent (or in a faint color), and the other face image is compared with a specific reference point Eye, nose, and the like) on the basis of the reference position. In any case, the first area and the second area can be arranged so that the first face image and the second face image can be easily compared with each other.

A comparison image (i.e., as shown in FIG. 10C) obtained as a result of performing the image placement process may then be transmitted by the application system 400 to the authentication system 100, The comparison image can be transmitted to a predetermined employee terminal. Then, the employee can determine that the authentication of the user is successful if the two images of the face are judged to be the same person through the comparison image. Of course, the employee terminal may send a success signal to the authentication system 100. [

According to an embodiment, the authentication system 100, which has received the comparison image (i.e., as shown in FIG. 10C) obtained as a result of performing the image arrangement process by the application system 400, Can determine whether two face images are the same person.

On the other hand, the image processing and / or image placement process may be performed by the authentication system 100. The application system 400 may send the first digital image 10 and the second digital image 20 to the authentication system 100 or the first face image 11 and the second face 20, The digital image including the image 21 may be transmitted to the authentication system 100.

The authentication system 100 may then image the first face image 11 and / or the second face image 21 and perform an image placement process to generate the comparison image. For this, the authentication system 100 may include a predetermined editing module (not shown). Of course, the authentication system 100 may perform only the image placement process.

On the other hand, when a user attempts to authenticate a user by using a first digital image that is an object of a user's face (for example, an ID) and a second digital image that a user's face is photographed, (For example, enlargement) of a face image displayed on the object (for example, an ID card) instead of photographing the face image. In such a case, the authentication system 100 may cause the user to be successfully authenticated at all times.

Accordingly, the technical idea of the present invention provides a technical idea that can distinguish whether a predetermined digital image is an image of a real object or an image of a photographed object (or image).

According to an example, authentication can be determined to be successful only if the object (for example, ID card) and the user's face are simultaneously captured by the front camera and the rear camera of the mobile terminal 200, as described above. That is, the application system 400 may be implemented to simultaneously photograph the object and the user's face with the front camera and the rear camera for the technical idea of the present invention. In such a case, the above-described problem may be solved.

Alternatively, the authentication system 100 may determine whether the second digital image is the image of the face image (or photograph) displayed on the object, or whether the user's face in the actual three-dimensional environment, that is, . For example, it is possible to distinguish whether an image received through machine learning or deep learning is a photograph of a two-dimensional photograph or a three-dimensional actual real face after learning a plurality of images in advance.

Or whether the authentication system 100 side has photographed the face image (or the photograph) displayed on the object by the second digital image based on the resolution or the image quality of the second digital image or the face of the user in the actual three- It may be judged whether or not it is photographed.

According to an embodiment, the application system 400 may automatically activate a predetermined lighting device (e.g., a flash) installed in the portable terminal 400 or activate it by a user when photographing the second digital image can do. That is, when the face of the user is photographed through the portable terminal 400, the illumination device emits light so that the face of the user can be photographed in a state in which the flash is turned on. In the case of performing such a control, there may be a difference such that the degree of reflection of the light when the face is photographed and when the photograph is taken can be clearly divided into a predetermined solution or the naked eye. That is, reflection of light when photographing a real object on a three-dimensional space and photographing a two-dimensional photograph may have a large difference. For example, when a photograph is photographed with a fresh light, a relatively large amount of light is reflected on the photographed photograph, or the light emission effect itself by the fresh light appears on the photograph. On the other hand, There may be no phenomenon or it may be relatively small. Therefore, the predetermined solution or the staff provided in the authentication system 100 divides the difference into a predetermined image recognition method and automatically determines whether the second digital image is the captured image of the real object or the captured image of the photo (or image) Or by visual inspection.

Depending on the implementation, this problem may be solved by shooting the user's face at a plurality of angles. For example, since the face image displayed on the ID card is an image in which the face is generally directed to the front, the application system 400 allows the user to select a face image taken in front of the user's face, So that the plurality of face images can be transmitted to the authentication system 100. In this case, the image of the real object at an angle that can not be obtained when the real object (e.g., the user's face) is photographed is photographed by the authentication system (100), it is possible to solve the above-described problems.

Through the above-described technical idea, it is verified that a malicious user shoots a photograph or an image (e.g., a face image displayed on an ID card) without shooting the real object (his / her face) . Not only can this technological idea be used for user authentication,

Of course, when the second digital image received from the application system 400 is a photograph of a photograph or an image of a real object (a face of the user), not the photograph of the user, the authentication system 100 fails to authenticate the user .

On the other hand, as described above, the technical idea for distinguishing whether a predetermined digital image is an image of a real object or an image of a photographed image (or image) It does not need to be applied.

For example, in the case of performing a commercial transaction between users, such as a transaction for a used article, a case where an image of an article that the seller does not possess is uploaded to a predetermined service page to conduct a fraudulent transaction.

In this case, the application system 400 and / or the authentication system 100 can verify whether the image is an image of a real object or an image of the object, through the technical idea as described above.

As a result, the authentication system 100 judges whether the authentication information included in each image (for example, the shooting time, the shooting location, and / or the identification information of the portable terminal) The risk can be reduced. The application system 400 installed in the mobile terminal can insert the verification information as the insertion information for each image as described above.

In particular, when a first digital image that is the object of the first object and a second digital image that is the object of the second object are used for authentication, the authentication system 100 determines the shooting time of the first digital image, 2 It is possible to judge whether the photographing time of the digital image satisfies a predetermined time condition. The time condition may be when the two images are photographed at the same time or within a predetermined time difference. In the case of photographing at the same time, for example, the first object and the second object may be photographed simultaneously using the front camera and the rear camera of the portable terminal. According to an embodiment, the application system 400 may be controlled so as to simultaneously photograph the first object (e.g., identification card with a face marked) and the second object (e.g., a face of the user) The application system 400 and / or the authentication system 100 may be implemented so that the authentication of the user is only successful if the authentication of the user is successful.

When the user's face is photographed and transmitted, there is an effect that an attempt by an unauthorized user to actually authenticate the user with false information can be reduced.

In another embodiment, the digital image may be a face of the user, an identification card, or an image taken together with a unique identity verification object and an occupancy verification object.

Here, the object to be occupied confirmation may refer to various articles or devices that need to be confirmed that the user of the portable terminal has occupied or possessed. For example, when the user of the portable terminal desires to sell a used article, it is necessary to confirm that the user of the portable terminal occupies a used article. Therefore, in this case, the used goods may be an object to be occupied. For example, the digital image may be a financial transaction book or financial account confirmation and a single image of the object to be verified at a time. Since the digital image may be an image obtained by photographing the means for authenticating the user and the object to be occupied together, there is an effect that the reliability of the possession of the owner of the portable terminal is strengthened.

4 is a flowchart specifically illustrating an authentication method using a digital image according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the portable terminal 200 captures an ID image P (S200) and transmits it to the authentication system 100 (S210).

Then, the authentication system 100 can extract the first verification information inserted in the received ID photo (S220). The first verification information may be included in the metadata or may be embedded in the image information in a predetermined manner (e.g., watermark, steganography, stamp, etc.).

The first verification information may include location information of a place where the digital image is photographed, identification information of a device that photographed the digital image, and / or time information when the digital image was photographed. This information can be used to validate the digital image. Also, as described above, the first verification information may include information displayed on an object of the digital image, and such information may be used for authentication of a user as described above.

Therefore, the authentication system 100 can acquire, for example, positional information VP1 of a place where the digital image is photographed, identification information VI1 of a device that photographed the digital image, and / It is possible to extract the photographed time information VT1.

Meanwhile, the authentication system 100 may correspond to the first verification information, and may acquire second verification information corresponding to the portable terminal.

More specifically, the authentication system 100 may acquire time information VT2 of the portable terminal 200 transmitting the ID picture (S230). Alternatively, the authentication system 100 can receive the location information of the portable terminal 200 from the mobile communication company system 300 corresponding to the portable terminal 200 or the portable terminal 200 (S231) Identification information may be received from the mobile terminal 200 or the mobile communication company system 300 corresponding to the mobile terminal 200 at step S232.

The authentication system 100 then determines whether the location VP1 of the location where the digital image was captured and the location VP2 of the portable terminal 200 satisfy a predetermined location condition, (VT1) at which the digital image was photographed and a time (VT2) at which the digital image was received from the portable terminal (200), whether or not the identification information (VI1) The validity of the ID photo can be verified by determining whether the predetermined time condition is satisfied (S240).

If it is determined that the ID photo is valid, the authentication system 100 can directly authenticate the user who transmitted the ID photo as a legitimate user or authenticate the user through a predetermined process (S250) . For example, the process may be a validation of the identification information. Alternatively, the user may be authenticated by checking whether the information (for example, name, date of birth, resident number, etc.) stored in the authentication system 100 matches the information obtained from the object of the digital image.

5 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention. It will be readily apparent to one of ordinary skill in the art that the order of execution of the processes shown in FIG. 5 may be easily changed as needed.

Referring to FIG. 5, the user may transmit identification information for identity authentication to the authentication system 100 through a predetermined terminal (S300). Of course, according to an embodiment, the identification information may be transmitted through the portable terminal 200.

Also, the authentication system 100 may receive a digital image from the portable terminal 200 (S310). Then, the authentication system 100 may transmit the identification information to the target system 300 (S320). The target system 300 can confirm the validity of the received identification information and transmit the result to the authentication system 100 (S330, S340).

Also, the authentication system 100 may obtain verification information from the digital image (S330-1). The verification information may simply be information displayed on an object of the digital image. The verification information may also include information embedded in the digital image to determine the validity of the digital image, as described above.

Then, the authentication system 100 may determine whether the identification information is valid and whether the verification information (e.g., personal information, card information, etc.) and the identification information correspond to each other (S350). If the verification information and the identification information correspond to each other, the user can authenticate that the user is a legitimate user (S360). Of course, according to an embodiment of the present invention, the authentication system 100 further verifies the validity of the digital image and authenticates the user as a legitimate user until authentication of the digital image is validated S360).

6 is a flowchart illustrating an example of an authentication method using a digital image according to another embodiment of the present invention. It will be readily appreciated by those of ordinary skill in the art that the order of execution of the processes illustrated in FIG. 6 may also be readily modified as needed.

6, the user may transmit only the first partial identification information to the authentication system 100 through the terminal or the mobile terminal 200 (S400). In addition, the user may transmit the digital image photographed by the portable terminal 200 to the authentication system 100 through a predetermined terminal or the portable terminal 200 (S410).

Then, the authentication system 100 may extract second partial identification information, which is a remaining part of the identification information, from the digital image (S430). The authentication system 100 can identify the identification information using the extracted second partial identification information and the received first partial identification information (S430).

Then, the authentication system 100 can confirm the legitimacy of the identification information through communication with the target system 300 corresponding to the identification information (S440, S450, S460).

If the validity of the identification information is confirmed, the authentication system 100 may authenticate the user as a legitimate user (S470). According to an embodiment, the validity of the digital image may be verified as described above, and the validity of the digital image may be verified to finally authenticate the user as a legitimate user (S470).

7 shows an example of an application system according to an embodiment of the present invention.

Referring to FIG. 7, the application system 400 may refer to a system in which an application for implementing the technical idea of the present invention and the hardware of the portable terminal 200 are combined and implemented.

The application system 400 may include an image acquisition module 410 and an insertion module 420. The application system 400 may further include a communication module 430.

The image acquisition module 410 may acquire a digital image photographed through an image photographing means (for example, a camera application and / or a camera) included in the portable terminal 200. The digital image may be an image photographed by the portable terminal 200 on a predetermined object as described above. The object may be an object designated by the authentication system 100.

The insertion module 420 may insert the insertion information into the digital image acquired by the image acquisition module 410. The insertion information may refer to information that is artificially inserted by the application system 400 among the verification information included in the digital image as described above. In addition to the insertion information, the verification information may include information automatically included in the digital image by the image photographing unit, and may be defined as auto information to distinguish the information from the insertion information.

According to the technical idea of the present invention, when the insertion information is inserted into the digital image and the digital image in which the insertion information is inserted is transmitted to the authentication system 100, the insertion information can be verified by the authentication system 100 . If the validity of the insertion information is determined by the authentication system 100, the validity of the digital image or the user of the portable terminal can be authenticated.

As described above, the insertion module 420 may insert the insertion information into the metadata of the digital image. Alternatively, the insertion module 420 inserts the embedded information into the image information of the digital image in a predetermined manner (e.g., steganography, watermark, Etc.).

When the insertion information is embedded in the metadata, the metadata may be data that can be easily accessed and manipulated by general users as compared with the case where the insertion information is inserted into the image information. Therefore, the insertion module 420 can encrypt or insert the insertion information in a predetermined position. Of course, the encrypted or hashed insertion information can preferably be decrypted or verified by the authentication system 100 only. Of course, when the insertion information is the hashed information, the authentication information may be stored in the authentication system 100 in advance. The insertion information may be, for example, one-time information transmitted by the authentication system 100 or may include identification information of the object to be subjected to the identification information and / or the digital image of the portable terminal 200 have.

Meanwhile, the metadata may include information on the auto information (for example, the photographing position and the photographing time of the digital image), and the auto information may be the verification information to be verified. In this case, there is a risk that the auto information can be easily manipulated by the user as described above.

Therefore, the inserting module 420 may insert the inserted information (for example, encryption, encoding, etc.) into the auto information by replacing the auto information inserted in the meta data by the image photographing means in a predetermined manner . The modified insertion information can be restored only by the authentication system 100, so that when the auto information is further changed or manipulated, the authentication system 100 can recognize this and can treat the authentication or verification as failed.

According to an embodiment, the auto information may be inserted into the metadata separately (encrypted or encoded) corresponding to the auto information while being stored in the metadata. In this case, the validity of the digital image or the user can be authenticated using the insertion information instead of the auto information, so that even if the user operates the auto information, the authentication mechanism can operate effectively.

According to one embodiment, the inserting module 420 inserts the insertion information into the digital image or acquires the digital image if authentication of the subject provided by the target system 300 is successful through the target system 300 .

For example, the portable terminal 200 may request authentication of the authentication system 100, and the authentication system 200 may communicate with the target system 300 via the target system 300 ) To perform authentication of the user provided by the user. The subject authentication provided by the subject system 300 may be to authenticate whether the predetermined identification information corresponds to the registration information registered in the subject system 300 as described above. Or may be a conventional mobile phone authentication, card issuer authentication, or the like.

The communication module 430 included in the application system 400 may receive a result signal of the authentication result provided by the target system 300 from the authentication system 100 and / or the target system 300 , Or may be requested to proceed with the additional process from the authentication system 100 that has confirmed the identity verification result without receiving the authentication result signal.

According to an exemplary embodiment of the present invention, the authentication system 100 may transmit an image transmission request to the application system 400 upon confirming that authentication of the user is successful through the target system 300. That is, the image transmission request may be transmitted to the application system 400 when it is determined that the authentication of the user is successful, wherein the image transmission request is a request to the user to take a digital image, It may mean a request to insert insertion information according to the technical idea of the invention. The insertion module 420 may insert predetermined insertion information into the digital image.

For example, when the target system 300 is a mobile communication company system, the mobile terminal 200 can authenticate a mobile phone provided by the mobile communication company system. Then, the application system 400 can receive a signal indicating that the authentication of the mobile phone 200 is successful. If the authentication of the mobile phone 200 is successful, the application system 400 inserts insertion information (for example, identification information of the mobile terminal 200 Device identification information, OS identification information, etc.), image capturing time, photographing position, etc.).

According to the embodiment, the application system 400 may be notified of an additional process such as photographing a predetermined object from the authentication system 100, The user can shoot the object through the portable terminal 200, and the application system 400 can insert the information into the digital image targeted for the object.

In this case, since authentication of the mobile phone 200 is successful, it can be authenticated that the owner of the mobile terminal 200 occupies the mobile terminal 200. Also, if the validity of the insertion information is authenticated, it can be authenticated that the object is photographed by the portable terminal 200. Therefore, it is verified that the legitimate owner of the portable terminal 200 possesses the object with the portable terminal 200, so that the effect of the enhanced personal authentication can be obtained.

On the other hand, identification information may be required for the authentication of the subject provided by the target system 300, as described above. For example, the personal information (e.g., name, sex, date of birth, or resident registration number) or cell phone number or card information may be the identification information.

When the user's personal information is displayed on the object, at least some of the user's personal information to be included in the identification information can be automatically recognized and used without the user having to input the information displayed on the object. For example, the user can perform the act of photographing the object without inputting the user's personal information using the portable terminal 200 or a predetermined terminal. The user personal information may then be recognized by the application system 400 or may be recognized by the authentication system 100 and / or the target system 300 so that the identity authentication provided by the target system 300 may be performed have. In this case, not only the user's convenience is enhanced but also the user can carry out the authentication of the user while holding the object.

The identification information (e.g., hardware identification information, OS identification information, and / or telephone number) of the mobile terminal 200 may be inserted into the digital image as the insertion information as described above. When the user authentication using the digital image is successful as described above, for example, the authentication of the user provided by the mobile communication company system, which is the target system 300, is successful and the legitimacy of the identification information of the mobile terminal 200, The device having the identification information of the mobile terminal 200 is recognized as belonging to the user requesting the authentication (and / or the user is recognized as occupied) It can be said that The authentication system 100 may store the identification information of the portable terminal 200 that has successfully authenticated the user. When the digital image is received by the authentication system 100, If the identification information of the terminal corresponds to the identification information already stored (i.e., the identification information of the terminal that has succeeded in user authentication), it is determined that the identity authentication has succeeded even if the authentication result of the user through the target system 300 is not separately confirmed It is possible.

According to an embodiment, an application system for implementing the technical idea of the present invention, which can be implemented as an independent application or an application included in another application (e.g., an application such as a financial institution) The identification information of the portable terminal 200 of the user can be confirmed. Then, the authentication system 100 can store the identification information of the portable terminal 200 of the user installed with the application system through communication with the application system (after the authentication of the user of the portable terminal 200 is successful) When the digital image is received by the authentication system 100, if the identification information of a predetermined terminal inserted as insertion information in the digital image corresponds to identification information already stored, Even if the authentication result of the user is not confirmed, it is possible to confirm that the portable terminal equipped with the application system is the device which has passed the authentication of the user and judge that the authentication of the user is successful.

When the identification information of the portable terminal 200 inserted in the digital image is already verified by the authentication system 100, the identification information of the portable terminal 200 is used as information indicating a legitimate user's device . Therefore, when the digital image including the identification information of the portable terminal 200 is received by the authentication system 100 and the identification information of the portable terminal 200 is stored in the authentication system 100, It is possible to determine that the authentication of the user is successful without performing the authentication of the user through the authentication unit 300.

Similarly, the portable terminal 200 may insert the insertion information based on the identification information and the card information of the portable terminal 200 into the digital image in a predetermined manner (for example, simply combining, encrypting, and / or hashing) . When the user is authenticated using such a digital image, it is possible to determine that the authentication of the user is successful without separately performing the card authentication through the target system 300.

Meanwhile, the application system 400 may include a communication module 430.

The communication module 430 may communicate with the authentication system 100.

The communication module 430 may transmit the digital image having the embedded insertion information to the authentication system 100. At this time, the communication module 430 may transmit the digital image acquired by the image acquisition module 410 to the authentication system 100 for a predetermined time (for example, several seconds) from the acquisition time. Of course, the insertion information can be inserted before transmission. In this case, since there is little time margin for the insertion information to be forged by the user, security is improved. Of course, the communication module 430 does not transmit the digital image stored in the portable terminal 200 to the authentication system 100, but only the digital image newly photographed by the portable terminal 200 A function controlled to be transmitted to the system 100 may be implemented.

According to an example, the communication module 430 may receive an image transmission request from the authentication system 100 requesting transmission of a digital image. The image transmission request may be transmitted to the mobile terminal 200 through a messaging method such as SMS or may be transmitted to the application system 400 through a push message method. Various embodiments may be possible.

When the user selects the image transmission request, the image photographing means can be activated. Then, the user can shoot a predetermined object, and the digital image from which the object is captured can be acquired by the image acquisition module 410. [ The insertion module 420 may then insert the insertion information into the digital image and send the inserted digital image to the authentication system 100 corresponding to the image transmission request within a predetermined time. In such a case, the forgery and falsification of the insertion information may be very difficult.

According to an embodiment, the insertion module 420 may set the predetermined insertion information so that the insertion information is taken together with the digital image when the user captures a predetermined object. As described above, the order of execution of the processes shown in the embodiment can be variously and easily changed as needed, and the shooting method can be varied, so that the average expert in the technical field of the present invention can easily deduce.

Meanwhile, the communication module 430 may receive information to be included in the insertion information from the authentication system 100. Here, the insertion information may be one-time information generated by the authentication system 100.

The one-time information is received from the authentication system 100, and the one-time information received by the communication module 430 may be inserted into the digital image as insertion information. At this time, the insertion information may include only the one-time information, and other information may be inserted as the insertion information together with the one-time information.

Alternatively, the insertion information may be generated based on one-time information and other information. At this time, the insertion information is extracted by the authentication system 100, and the one-time information can be restored based on the extracted insertion information . In any case, the digital image may be embedded with insertion information based on the one-time information (that is, information including only one-time information, information including one-time information or information generated based on one-time information and other information) have.

When the insertion information based on the one-time information is inserted into the digital image, the insertion information becomes information that can not be reused, thereby enhancing security. Accordingly, there is an effect that the user can not use the image once captured by the user for authentication again. This has the effect of preventing the user from succeeding in authentication even when the user acquires the user's portable terminal or illegally acquires the image.

The authentication system 100 can verify whether the one-time information corresponds to the information transmitted by the user while verifying the insertion information, thereby authenticating the validity of the digital image or the user.

In addition, when the user is authenticated using the digital image as described above, a digital image on which a plurality of objects are captured may be used. In this case, the information displayed on the plurality of objects corresponds to each other, Can be authenticated.

On the other hand, when a plurality of objects are included in each of the plurality of digital images, that is, one of the first digital images is included in the first object and the second object is included in the second digital image.

At this time, if the insertion information to be inserted is specified, the insertion module 420 may insert the insertion information into the first digital image and the second digital image by dividing the insertion information. Of course, the verification information may be included in each digital image, as described above, or the insertion information may be embedded in each digital image by the application system 400.

The first digital image and the second digital image may then be transmitted to the authentication system 100 by the communication module 430 and the first digital image and the second digital image may be transmitted by the authentication system 100, The insertion information segmented from each of the digital images can be obtained and the insertion information can be specified. The authentication system 100 may then verify the insertion information and authenticate the user accordingly.

In this case, even if the insertion information inserted in one of the digital images is forged, authentication can not be successfully performed by the authentication system 100 unless the digital image inserted in the remaining digital images is forged or modified to correspond to the original insertion information. It can bring about synergy of excellent security.

8 is a flowchart illustrating an operation process of an application system according to an embodiment of the present invention.

Referring to FIG. 8, the authentication system 100 may transmit an image transmission request to the mobile terminal 200 (S500). Of course, the user may voluntarily proceed without an image transfer request.

When the image transmission request is received, the user can activate the application system 400 (S510). The application system 400 can photograph / acquire an image by controlling the image capturing means installed in the portable terminal 200 (S520). Then, predetermined insertion information may be inserted into the obtained digital image (S530). Then, the application system 400 may transmit the digital image to the authentication system 100 within a predetermined time (S540), and the authentication system 100 may transmit the insertion information only for the digital image transmitted within a predetermined time And validates the validity of the digital image or the user according to the result (S550).

9 is a flowchart illustrating an operation procedure of an application system according to another embodiment of the present invention.

Referring to FIG. 9, the application system 400 installed in the portable terminal 200 can specify insertion information (S600). The insertion information may be entered by the user, determined by the image capturing means, or transmitted from the authentication system 100. Or may be determined automatically by the portable terminal 200. [

The application system 400 may then control the image capturing means to obtain the first digital image and the second digital image (S610, S630). Then, the application system 400 divides the insertion information in a predetermined manner, inserts the divided first partial insertion information into the first digital image, and inserts the divided second partial insertion information into the second digital image (S620, S640). According to the embodiment, the order of acquisition of the digital image and the insertion order of the partial insertion information can be variously changed.

The application system 400 may then transmit the first digital image and the second digital image to the authentication system 100 at step S650 and the authentication system 100 may generate the first partial insertion information and the second partial image information from each digital image, 2 partial insertion information can be obtained. As a result, the insertion information can be confirmed (S660), the validated insertion information can be verified, and the validity of the digital image or the user can be authenticated according to the result (S670).

According to another embodiment of the present invention, the application system 400 may include an image acquisition module 410 and a communication module 430. The image acquisition module 410 may acquire a digital image targeted to a predetermined object as described above and the communication module 430 may transmit the acquired digital image to the authentication system 100. [

The authentication system 100 can confirm whether the information displayed on the object and the identification information of the portable terminal correspond to registration information registered in the target system 300 connected to the authentication system through communication with the target system 300 have. In addition to the legitimacy of the identification information, the occupancy authentication of the portable terminal 200 can be performed by the target system 300. In this case, the conventional authentication of the cellular phone can be performed.

In some embodiments, the authentication system 100 may further determine the validity of the verification information included in the digital image, in addition to authenticating the user of the portable terminal 200 in conjunction with the subject system 300 The validity of the verification information must be confirmed before authenticating the user. The verification information may be, for example, a photographing time, a photographing position, or the like of a digital image that is automatically inserted into the digital image, and may be information that is artificially inserted by the insertion module 420 included in the application system 400 The identification information and / or the one-time information of the mobile terminal 200, etc.). The fact that the validity of the verification information is authenticated means that the validity information includes a case where at least one of the plurality of different information is authenticated.

The authentication system 100 according to the technical idea of the present invention can not be used only for the non-face-to-face authentication, and the authentication system 100 according to the technical idea of the present invention needs to prevent the forgery or theft of the photo And can be employed in various services and systems. For example, a system of an automobile insurance company that provides a service that checks the mileage or black box installation and provides discounts on insurance premiums, or even if you do not have the goods to be sold at the time of sale of the used goods, An authentication system 100 according to the technical idea of the present invention can be applied to a used goods trading system for preventing the case of pretending to own the object.

On the other hand, according to an embodiment, the authentication system 100 may include a processor and a memory for storing a program executed by the processor. The processor may include a single-core CPU or a multi-core CPU. The memory may include high speed random access memory and may include non-volatile memory such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state memory devices. Access to the memory by the processor and other components can be controlled by the memory controller. Here, when the program is executed by a processor, the program may cause the authentication system 100 according to the present embodiment to perform the above-described authentication method.

Meanwhile, the authentication method according to the embodiment of the present invention may be implemented in the form of a program-readable program command and stored in a computer-readable recording medium. Also, the control program and the target program according to the embodiment of the present invention may be stored in a computer- And the like. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of software.

Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The above-mentioned medium may also be a transmission medium such as a light or metal wire, wave guide, etc., including a carrier wave for transmitting a signal designating a program command, a data structure and the like. The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner.

Examples of program instructions include machine language code such as those produced by a compiler, as well as devices for processing information electronically using an interpreter or the like, for example, a high-level language code that can be executed by a computer.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

It is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. .

Claims (15)

An image receiving module for receiving a digital image for a predetermined object from a portable terminal;
An extraction module for extracting information displayed on the object using the digital image;
The information processing method includes the steps of: obtaining predetermined identification information based on information received from a terminal used by a user of the portable terminal, the portable terminal, or information extracted by the extraction module; An identification information authentication module for confirming the legitimacy of the identification information; And
And a verification module that determines that the user is authenticated if the identification information authentication module verifies the legitimacy of the identification information.
The information processing apparatus according to claim 1,
A telephone number of the portable terminal, and user personal information,
Wherein the identification information authentication module comprises:
And authenticating the identification information by checking whether registration information registered in the mobile communication company system and the identification information correspond through the mobile communication company system corresponding to the mobile terminal.
The information processing apparatus according to claim 1,
At least a part of card information of the user's card,
Wherein the identification information authentication module comprises:
And authenticating the identification information by confirming whether the registration information registered in the card issuing system and the identification information correspond to each other through the card issuing system corresponding to the card.
The information processing apparatus according to claim 1,
At least a part of card information of the user's card,
Wherein the identification information authentication module comprises:
And verifying validity of the identification information by verifying whether the card is valid through a payment intermediary system.
5. The method of claim 4,
The settlement intermediation system performs the payment scheme using the card information and determines whether the card is valid based on a signal received from the card issuer system in response to the performed payment scheme,
Wherein the identification information authentication module comprises:
And receiving information on the judged validity from the payment mediating system.
2. The apparatus of claim 1,
Further extracting insertion information based on positional information of the digital image captured in the digital image, identification information of the portable terminal that captured the digital image, time information of the digital image taken, or one-
Wherein the verification module comprises:
The validity of at least one of the position information on which the digital image is captured, the identification information of the portable terminal that captured the digital image, the time information of the digital image was captured, or the insertion information based on the one-time information, And authenticating the user using the digital image.
The information processing apparatus according to claim 1,
Acquires a part of the identification information from a terminal used by a user of the portable terminal or the portable terminal and confirms the legitimacy of the identification information by obtaining the remaining part of the identification information from the extraction module .
The authentication system comprising: receiving a digital image for a predetermined object from a portable terminal;
The authentication system extracting information displayed on the object using the digital image;
Wherein the authentication system obtains predetermined identification information based on information received from a mobile terminal or a terminal used by a user of the mobile terminal or extracted information, and communicates with the target system corresponding to the identification information, Confirming the legitimacy of the information; And
Wherein the authentication system determines that the user is authenticated if the validity of the identification information is confirmed.
9. The information processing apparatus according to claim 8,
A telephone number of the portable terminal, and user personal information,
Wherein the step of verifying the legitimacy of the identification information comprises:
Wherein the authentication system checks the validity of the identification information by checking whether the registration information registered in the mobile communication company system and the identification information correspond to each other through the mobile communication company system corresponding to the mobile terminal, Authentication method used.
9. The information processing apparatus according to claim 8,
At least a part of card information of the user's card,
Wherein the step of verifying the legitimacy of the identification information comprises:
Wherein the authentication system checks the validity of the identification information by checking whether the registration information registered in the card issuer system and the identification information correspond to each other via the card issuer system corresponding to the card, .
9. The information processing apparatus according to claim 8,
At least a part of card information of the user's card,
Wherein the step of verifying the legitimacy of the identification information comprises:
Wherein the authentication system checks validity of the card through a payment mediating system to verify the validity of the identification information.
12. The method of claim 11,
The settlement intermediation system performs the payment scheme using the card information and determines whether the card is valid based on a signal received from the card issuer system in response to the performed payment scheme,
Wherein the step of verifying the legitimacy of the identification information comprises:
And receiving from the payment mediating system information about the validity of the authentication system.
9. The method of claim 8, wherein extracting information displayed on the object comprises:
Extracting insertion information based on positional information of the digital image captured in the digital image, identification information of the portable terminal that captured the digital image, time information of the digital image, or one-time information ,
Wherein the step of determining that the user is authenticated comprises:
The validity of at least one of the position information on which the digital image is captured, the identification information of the portable terminal that captured the digital image, the time information of the digital image was captured, or the insertion information based on the one-time information, And authenticating the user using the digital image.
9. The method of claim 8, wherein validating the identification information comprises:
Wherein the authentication system acquires a part of the identification information from a terminal used by a user of the portable terminal or the portable terminal and acquires a remaining part of the identification information from information displayed on the object Authentication method.
A computer program installed in a data processing apparatus and stored in a recording medium for performing the method according to any one of claims 8 to 14.

Images