WO2020110536A1 - Verification device and verification method - Google Patents

Verification device and verification method Download PDF

Info

Publication number
WO2020110536A1
WO2020110536A1 PCT/JP2019/041885 JP2019041885W WO2020110536A1 WO 2020110536 A1 WO2020110536 A1 WO 2020110536A1 JP 2019041885 W JP2019041885 W JP 2019041885W WO 2020110536 A1 WO2020110536 A1 WO 2020110536A1
Authority
WO
WIPO (PCT)
Prior art keywords
image
verification
data
face
feature value
Prior art date
Application number
PCT/JP2019/041885
Other languages
French (fr)
Japanese (ja)
Inventor
一順 田島
陽志 野崎
尚生 坂崎
陽介 加賀
繁幸 根本
冠 中前
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Publication of WO2020110536A1 publication Critical patent/WO2020110536A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a verification device and a verification method.
  • ID cards are issued by printing face information and attribute information such as names on the face of IC cards and plastic cards.
  • attribute information such as names on the face of IC cards and plastic cards.
  • mobile devices such as smartphones, there is a demand for proof of identity not by a card-like identification card but by a mobile device that is always carried.
  • the identification card When the identification card is implemented on a mobile device, for example, a device that verifies the data through communication when certifying the identity by digitizing attribute information such as a facial photograph and name (hereinafter referred to as a verification device) ), and the verification device mechanically verifies the authenticity of the identification data.
  • a verification device a device that verifies the data through communication when certifying the identity by digitizing attribute information such as a facial photograph and name
  • the verification device mechanically verifies the authenticity of the identification data.
  • the identification data is displayed on a display of a mobile device and presented, and information is exchanged with the verification device by visual inspection or by photographing with the verification device to verify the authenticity of the identification card.
  • the owner of the mobile device may be a citizen, or the owner of the verification device may be different organizations. Therefore, it is assumed that the functions of the mobile device and the verification device have variations, and a verification method corresponding to the functions of the mobile device and the verification device is required.
  • the image of the face photograph and the two-dimensional code in which the data of the face photograph is embedded is used as the identification card to prove the identity.
  • a technique has been proposed in which a face photograph is restored from a two-dimensional code and compared with the original face photograph to determine authenticity (see Patent Document 1).
  • the amount of data to be sent becomes large when the identification card is mounted on the mobile device and exchanged with the verification device. Therefore, depending on the functions of the mobile device and the verification device, there is a problem that a verification method for transmitting and receiving a large amount of data cannot be selected and cannot be sent.
  • Patent Document 1 cited as a method of displaying and presenting on a display of a mobile device, since the facial photograph data itself is embedded in the two-dimensional code, there is a problem that the two-dimensional code becomes large.
  • An object of the present invention is to verify the authenticity of acquired data such as identification data with a small amount of data in a verification device.
  • a verification device is a verification device that is connected to an image capturing device and a data receiving device, and the verification device includes a signature verification unit and an image verification unit, and a first process or a second process.
  • the signature verification unit extracts an identifier image and a face image from an acquired image acquired by capturing a screen of a terminal and uses the identifier image as the identifier image.
  • the identifier image is verified from the included electronic signature
  • the image verification unit compares the first feature value information extracted from the face image with the second feature value information included in the identifier image, and The authenticity of the face image is verified, and in the second process, the signature verification unit verifies the electronic signature from the acquired data received and acquired from the terminal, and the image verification unit determines the acquired data. It is characterized in that the authenticity of the face image is verified by comparing the first feature value information extracted from the face image included in 1) with the second feature value information included in the acquired data.
  • a verification method is a verification method using a verification device connected to an image capturing device and a data receiving device, the verification method including a signature verification step and an image verification step.
  • the signature verification step the identifier image and the face image are extracted from the acquired image acquired by capturing the screen of the terminal. And verify the identifier image from the electronic signature included in the identifier image, the image verification step, the first feature value information extracted from the face image, and second feature value information included in the identifier image, To verify the authenticity of the face image, and in the second process, the signature verification step verifies the electronic signature from the acquired data received and acquired from the terminal, and the image verification step. Is characterized by verifying the authenticity of the face image by comparing the first feature value information extracted from the face image included in the acquired data with the second feature value information included in the acquired data. And
  • the verification device can verify the authenticity of acquired data such as identification data with a small amount of data.
  • FIG. 1 is a diagram showing an example of a system configuration of Example 1. It is a figure showing an example of hardware constitutions of an issuing device, a verification device, and a smart phone. It is a sequence diagram which shows the issuing process procedure of a digital identification card.
  • FIG. 6 is a sequence diagram showing a procedure of a method of displaying on a display of a mobile device in a process of verifying a digital identification certificate according to the first embodiment.
  • FIG. 6 is a sequence diagram showing a procedure in a method of verifying the data transmitted and received via communication in the verification process of the digital identification certificate according to the first embodiment.
  • FIG. 5 is a diagram showing a verification result of the verification device in the first embodiment.
  • FIG. 3 is a diagram (a difference from FIG.
  • FIG. 7 is a sequence diagram showing a digital identification certificate verification processing procedure and a digital identification certificate holder authentication processing procedure according to the second embodiment.
  • FIG. 9 is a diagram (a difference from FIG. 6) displaying an authentication result of the verification device in the second embodiment.
  • FIG. 1 is a diagram illustrating an example of the overall configuration of the digital identification system 1 according to the first embodiment. In this figure, an example of the functional configuration of each computer that constitutes the digital identification system 1 is shown along with the overall configuration.
  • the digital identification system 1 shown in FIG. 1 has an issuing device 10 and a verification device 20.
  • the issuing device 10 generates digital identification data 305 and digital identification (image data) 301 for the smartphone 30.
  • the verification device 20 acquires the image of the digital identification card 301 displayed on the display of the smartphone 30 or the identification card data 305 transmitted from the smartphone 30, and the digital identification card 301 presented from the identification card data 301. Alternatively, the authenticity of the identification certificate data 305 is determined.
  • the issuing device 10 manages a signature key SK104 for generating an electronic signature and a common key K105 between the verification device 20 and a feature value extracting function 106 for extracting a feature value from face photograph data.
  • the two-dimensional code generation function 102 for generating a two-dimensional code, the facial photograph data 302, the attribute information 303 such as a name, and the two-dimensional code 304. It has an identification card forming function 101 for forming a digital identification card (image data) 301.
  • the verification device 20 is connected to the image capturing device 21.
  • the verification device 20 manages a verification key PK204 for verifying an electronic signature and a common key K205 of the issuing device 10, and a data reading function 201 for reading an image of the digital identification card 301 displayed on the display of the smartphone 30.
  • a data receiving function for example, a data receiving device 22 that receives the digital identification data 305 transmitted from the smartphone 30, and a two-dimensional code part 304 that extracts the two-dimensional code portion 304 from the read image and decodes the two-dimensional code.
  • a matching function 207 for comparing and verifying the feature value embedded in the two-dimensional code and the facial photograph image 302 included in the read image of the digital identification card 301, and a screen display according to the verification result.
  • It has a verification result processing function 208 for performing or instructing opening/closing of a gate for entering/leaving a room.
  • the data receiving function 22 may not be provided depending on the verification device 20.
  • the smartphone 30 installs and stores the corresponding digital identification card (image data) 301 and digital identification card data 305 obtained through network or media transfer, and displays the digital identification card 301 as necessary. And a function of transmitting the digital identification data 305 by wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like. The function of transmitting data may not be provided depending on the smartphone.
  • the issuing device 10, the verification device 20, and the smartphone 30 having such functions can be realized by a general information processing device 40 as illustrated in FIG.
  • the function 203, the character recognition function 206, the matching function 207, and the verification result processing function 208 can be realized as a computer program executed by the CPU 405 such as a CPU (CENTRAL PROCESSING UNIT).
  • Such a computer program can be stored and held in a storage device 404 such as a hard disk in advance, or can be distributed from a network and expanded on the memory 403 for use.
  • an instruction from a user who uses the digital identification card system 1 is input by an input device 401 such as a keyboard, a mouse, or a touch panel that receives an input, and a processing result by the instruction is a liquid crystal display device or an organic device. It is output by an output device 402 such as an EL (ELECTRO LUMINESCENCE) display.
  • an input device 401 such as a keyboard, a mouse, or a touch panel that receives an input
  • a processing result by the instruction is a liquid crystal display device or an organic device. It is output by an output device 402 such as an EL (ELECTRO LUMINESCENCE) display.
  • These devices such as the issuing device 10, the verification device 20, and the smartphone 30 can be configured on the information processing device 40 connected by an internal communication line (hereinafter referred to as a bus) 406 such as a bus.
  • a bus an internal communication line
  • the image capturing device 21 connected to the verification device 20 is realized by devices such as a digital camera, a WEB camera, and a scanner.
  • the data reception function 22 connected to the verification device 20 is realized by a communication function such as wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like.
  • FIG. 3 is a sequence diagram showing a procedure for issuing the digital identification card 301 according to the first embodiment.
  • the facial photograph data 302 of the person who is the holder of the digital identification card 301 is input to the issuing apparatus 10, and the issuing apparatus 10 can uniquely identify the facial photograph from the facial photograph data 302 by the feature value extraction function 106.
  • a feature value that is a relatively small amount of data (such as "feature point position of face such as eyes, nose, mouth edge” or "image cut out of eyes") is extracted (step S101).
  • the issuing device 10 uses the cryptographic processing function 103 to encrypt the characteristic value with the common key K105 with the verification device 20 (step S102).
  • the attribute information 303 such as the name of the person who is the holder of the digital identification certificate 301 is input to the issuing device 10, and the issuing device 10 concatenates the attribute information 303 with the encrypted characteristic value (step S103). ).
  • the issuing device 10 calculates an electronic signature value with the signature key SK104 of the issuing device 10 for the data obtained by concatenating the encrypted characteristic value and the attribute information 303, and concatenates the encrypted characteristic value and the attribute information 303. It is added to the data (step S104).
  • the combination of the face photograph data 302, the encrypted feature value, the attribute information, and the electronic signature value is referred to as digital certificate data 305.
  • the two-dimensional code generation function 102 generates the two-dimensional code 304 by inputting the concatenated encrypted feature value, the attribute information 303 and the electronic signature data. That is, the two-dimensional code encoding of the concatenated data is performed (step S105).
  • the issuing device 10 arranges and molds the face photograph data 302, the attribute information 303, and the two-dimensional code 304 so that they can be simultaneously displayed on the display of the smartphone by the identification card molding function 101 (step S106), and the digital ID.
  • the certificate (image data) 301 and the digital identification certificate data 305 are externally output (step S107).
  • the smartphone 30 acquires the digital identification card (image data) 301 through a network or a medium transfer (step S108), and stores the digital identification card (image data) 301 in the storage device 404 of the smartphone 30 (step S108). S109).
  • the issuing device In steps S105 and S106, the issuing device generates the digital identification card (image data) 301.
  • the digital identification data (image data) 301 is used in the smartphone 30 by using the digital identification data 305. May be generated.
  • the owner of the smartphone 30 understands the functions of the verification device 20 and the functions of the smartphone 30, and both the verification device 20 and the smartphone 30 can communicate with each other by wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like.
  • the procedure proceeds to the procedure of displaying the verification on the display of the smartphone shown in FIG. 4 for verification. If it has a communication function, the procedure transfers to and from the communication shown in FIG. 5 to verify the data.
  • FIG. 4 is a sequence diagram showing the verification processing procedure by displaying the digital ID card according to the first embodiment on the display.
  • the smartphone 30 displays the digital ID (image data) 301 stored in step S109 on the display of the smartphone 30 and presents it to the image capturing device 21 (step S200).
  • the image capturing device 21 captures the image displayed on the display of the smartphone 30 (step S201), and the verification device 20 acquires the screen image captured by the image capturing device 21 from the image capturing device 21 (step S202). ).
  • the verification device 20 uses the two-dimensional code reading function 202 to read the two-dimensional code from the screen image acquired in step S202 and decode the two-dimensional code (step S203).
  • the decoded data is composed of the encrypted feature value, the attribute information, and the digital signature value, and the digital signature is verified from these data using the cryptographic processing function 203 (step S204).
  • the error verification process fails, as shown in FIG. 6A, for example, as shown in FIG. 6A, there is an error in the two-dimensional code 304 of the digital identification card 301 on the display of the verification device 20, and the signature verification fails.
  • a message is displayed (step S205).
  • step S206 If the signature verification is successful, the character related to the attribute information 303 is recognized from the screen image acquired in step S202 by using the character recognition function 206, and the characters are compared and verified with the attribute information decoded in step S203 (step S206).
  • step S207 If the two pieces of information do not match, as error processing, for example, as shown in FIG. 6B, the attribute information 303 portion of the digital identification card 301 is incorrect on the display of the verification device 20, and the attribute information is misrepresented. And the correct attribute information is displayed (step S207).
  • the encryption processing function 203 decrypts the encrypted feature value decoded in step S203 with the common key K205 (step S208), and the decrypted feature value and the face image of the screen image acquired in step S202.
  • the part and the part are compared and verified by using the matching function 207, and it is verified whether or not the feature value is the data extracted from the face photograph (step S209).
  • the matching function 207 represents the correlation between the face photograph and the feature value as a numerical value, and when the matching rate between the face photograph and the feature value is less than or equal to the threshold value, as the error processing, for example, as illustrated in FIG.
  • the display shows that the face photograph 302 of the digital identification card 301 is illegal and the face photograph is forged (step S210).
  • step S211 When the matching rate between the facial photograph and the feature value is equal to or more than the threshold value, as the authenticity result process, as shown in FIG. 5D, the display of the verification device 20 displays that the digital identification card 301 is correct. Yes (step S211).
  • the matching between the face photograph and the feature value is performed by using the first feature value information extracted from the face photograph data (face image) 302 and the second feature value information included in the two-dimensional code 304 (identifier image). It is done by comparison.
  • the first feature value and the second feature value are, for example, information regarding the position of the feature points of the face.
  • FIG. 5 is a sequence diagram showing a procedure for exchanging the digital identification certificate according to the first embodiment through communication and verifying the identification data.
  • the smartphone 30 transmits the digital ID data 305 stored in step S109 (step S400).
  • the data reception function 22 receives the identification certificate data 305 transmitted from the smartphone 30 (step S401), and the verification device 20 acquires the identification certificate data 305 received by the data reception function 22 (step S402). ).
  • the received data consists of face photograph data 302, encrypted characteristic values, attribute information, and electronic signature value. Verification of the electronic signature from the encrypted characteristic value, attribute information, and electronic signature value using the cryptographic processing function 203. Is performed (step S404).
  • step S405 If the signature verification has failed, the fact that the signature verification has failed is displayed as error processing (step S405).
  • the encryption processing function 203 decrypts the encrypted feature value acquired in step S402 with the common key K205 (step S406), and the decrypted feature value and the face photograph data 305 acquired in step S402. Are compared and verified by using the matching function 207, and it is verified whether or not the feature value is data extracted from the face photograph (step S407).
  • the matching function 207 represents the correlation between the face photograph and the feature value as a numerical value, and when the matching rate between the face photograph and the feature value is less than or equal to the threshold value, as the error processing, for example, as illustrated in FIG.
  • the display shows that the face photograph 302 of the digital identification card 301 is illegal and the face photograph is forged (step S409).
  • step S409 When the matching rate between the facial photograph and the feature value is equal to or more than the threshold value, as the authenticity result processing, for example, as shown in FIG. 5D, it is indicated that the digital identification card 301 is correct on the display of the verification device 20. It is displayed (step S409).
  • the matching between the face photograph and the feature value is performed by the first feature value information extracted from the face photograph data (face image) 302 included in the ID card data 305 and the second feature value information included in the ID card data 305. It is performed by comparing with the characteristic value information.
  • the first feature value and the second feature value are, for example, information regarding the position of the feature points of the face.
  • the verification device of the first embodiment is the verification device 20 connected to the image capturing device 21 and the data receiving device 22.
  • the verification device 20 has a signature verification unit and an image verification unit (see FIGS. 1, 4, and 5) and performs the first process (see FIG. 4) or the second process (see FIG. 5).
  • the signature verification unit acquires the two-dimensional code (identifier image) 304 and the face from the acquired image (digital identification card) 301 acquired by photographing the screen of the smartphone 30 (terminal).
  • the photograph data (face image) 302 is extracted and the two-dimensional code (identifier image) 304 is verified from the electronic signature included in the two-dimensional code (identifier image) 304.
  • the image verification unit compares the first feature value information extracted from the face photograph data (face image) 302 with the second feature value information included in the two-dimensional code (identifier image) 304, and the face photograph. The authenticity of the data (face image) 302 is verified.
  • the signature verification unit verifies the electronic signature from the acquired data (identification certificate data) 305 received and acquired from the smartphone 30 (terminal). Then, the image verification unit compares the first feature value information extracted from the face photograph data (face image) 302 included in the acquired data 305 with the second feature value information included in the acquired data 305 to compare the face. The authenticity of the photographic data (face image) 302 is verified.
  • the verification device when the owner of the terminal grasps the function of the terminal and the terminal has the communication function (data transmission function), the verification device receives and acquires from the terminal using the data receiving device. The electronic signature is verified from the acquired data (the second process).
  • the verification device extracts the identifier image and the face image from the acquired image acquired by photographing the screen of the terminal using the image capturing device, and the electronic device included in the identifier image. The identifier image is verified from the signature (the first process).
  • the owner of the terminal can select the verification method according to the function (communication function or the like) of the terminal in the verification device connected to the image capturing device and the data receiving device.
  • the terminal since the function of the terminal differs depending on the model, the terminal may not have the communication function depending on the model. According to the first embodiment described above, even when the function is different depending on the model of the terminal, the verification method according to the function of the terminal can be selected.
  • the technology used in biometrics authentication is applied, and the feature value (“feature point position of face such as eyes, nose, mouth edge” or “face” that can uniquely identify the face photograph from the face photograph data is applied.
  • feature point position of face such as eyes, nose, mouth edge” or “face” that can uniquely identify the face photograph from the face photograph data
  • the image that is obtained by cutting out only the eye portion that characterizes the image is added, and an electronic signature is added to the information, thereby reducing the amount of data to be sent. Since the amount of data is reduced by making the information to be sent, it becomes possible to select the verification method according to the functions of the mobile device and the verification device. That is, by setting the feature amount of the face photograph data as the verification target, it becomes possible to verify the validity of the data of the identification card with a small data amount.
  • Example 2 is implemented in addition to Example 1.
  • FIG. 7 is a diagram (difference from FIG. 1) showing an example of the overall configuration of the digital identification system 2 according to the second embodiment.
  • the verification device 20 is also connected to the person photographing device 23, and from the face photograph 302 and the video/image photographed by the person photographing device 23, via the face recognition function 209 used in biometrics authentication, The system also verifies whether the person who presents the digital identification card 301 is the correct holder.
  • the person photographing device 23 connected to the verification device is realized by a device such as a digital camera or a WEB camera.
  • the digital identification card 301 is issued as in the first embodiment.
  • FIG. 8 is a sequence diagram showing a digital identification certificate verification processing procedure and a digital identification certificate holder authentication processing procedure according to the second embodiment.
  • the process up to step S210 is the same as that of the first embodiment.
  • the person photographing device 23 photographs the person who presented the digital identification card 301 (step S301), and the verification device 20 acquires the person image photographed in step S301 from the person photographing device 23 (step S302).
  • the verification device 20 compares and verifies the face photograph data determined to be authentic in step S209 and the person image data acquired in step S301 using the face authentication function 209, and presents the digital identification card 301. Is verified to be the correct holder (step S303).
  • the face authentication function 209 expresses the correlation between the face photograph and the person image as a numerical value.
  • error processing is performed as shown in FIG. 9A, for example.
  • the fact that the face photograph 302 of the digital identification card 301 and the face of the person who presented the digital identification card 301 do not match is displayed on the display of the verification device 20 (step S304).
  • the digital identification card 301 is authentic and the digital identification card 301 is displayed on the display of the verification device 20.
  • the fact that the face of the person who presented 301 is matched is displayed (step S305).
  • the procedure of displaying on the display of the smartphone and verifying was taken as an example, but the procedure of verifying the data transmitted and received via communication can be similarly added.
  • the subject of the camera is authenticated from the face image taken by the external camera and the like and the face photograph that is verified to be valid.
  • the feature amount of the face photograph data is set as the verification target, so that the legitimacy of the data of the identification card can be verified with a small data amount.
  • the identification certificate image and the identification certificate data are described as an example, but the present invention is not limited to this and can be applied to other images and data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Toxicology (AREA)
  • Electromagnetism (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The present invention relates to a verification device that is to be connected to an image capture device and to a data reception device and that verifies, in a first process, a two-dimensional code from an electronic signature included in the two-dimensional code. In a second process, the verification device verifies the electronic signature from acquired data that is received and acquired from a terminal. The verification device then verifies the authenticity of face-photograph data by comparison between first characteristic value information and second characteristic value information.

Description

検証装置及び検証方法Verification device and verification method
 本発明は、検証装置及び検証方法に関する。 The present invention relates to a verification device and a verification method.
 身分証明書はICカードやプラスチックカードなどの券面に顔写真や名前等の属性情報を印刷し、発行されるケースが一般的である。しかし、スマートフォン等のモバイル機器が普及している昨今、カード状の身分証明書ではなく、常に携帯しているモバイル機器で身分証明を行いたいという要求がある。 Generally, ID cards are issued by printing face information and attribute information such as names on the face of IC cards and plastic cards. However, with the recent spread of mobile devices such as smartphones, there is a demand for proof of identity not by a card-like identification card but by a mobile device that is always carried.
 身分証明書をモバイル機器にて実装する場合、例えば、顔写真や名前等の属性情報を電子化し、身分を証明する際、通信を介してそのデータを検証する装置(以下、検証装置と記載する)と授受を行い、検証装置にて身分証明書データの真正性を機械的に検証する方法がある。あるいは、身分証明書データをモバイル機器のディスプレイに表示して提示し、目視もしくは検証装置にて撮影することによって検証装置に情報を授受し、身分証明書の真正性を検証する方法がある。 When the identification card is implemented on a mobile device, for example, a device that verifies the data through communication when certifying the identity by digitizing attribute information such as a facial photograph and name (hereinafter referred to as a verification device) ), and the verification device mechanically verifies the authenticity of the identification data. Alternatively, there is a method in which the identification data is displayed on a display of a mobile device and presented, and information is exchanged with the verification device by visual inspection or by photographing with the verification device to verify the authenticity of the identification card.
 ただし、このような検証を行う際には、モバイル機器の所有者は国民であったり、検証装置の所有者は複数の異なる組織であったりする。このため、モバイル機器および検証装置の持つ機能には、ばらつきがあることが想定され、モバイル機器および検証装置の機能に応じた検証方法が求められる。 However, when performing such verification, the owner of the mobile device may be a citizen, or the owner of the verification device may be different organizations. Therefore, it is assumed that the functions of the mobile device and the verification device have variations, and a verification method corresponding to the functions of the mobile device and the verification device is required.
 上記に挙げた検証方法の1つである通信を介してそのデータを検証する方法では、真正性を守りたいデータに電子署名を付与し、検証装置にて真正性を判定する技術が一般的に用いられている(IETF(Internet Engineering Task Force)発行のRFC3029等参照)。 In the method of verifying the data via communication, which is one of the above-mentioned verification methods, a technique of assigning an electronic signature to data for which authenticity is desired to be protected and determining authenticity by a verification device is generally used. Used (see RFC3029 issued by IETF (Internet Engineering Task Force)).
 また、上記に挙げた検証方法の1つであるモバイル機器のディスプレイに表示して提示する方法では、顔写真と顔写真のデータを埋め込んだ二次元コードの画像を身分証明書とし、身分を証明する際、二次元コードから顔写真を復元して、元々の顔写真と比較することにより真正性を判定する技術が提案されている(特許文献1参照)。 In addition, in the method of displaying on the display of the mobile device, which is one of the above-mentioned verification methods, the image of the face photograph and the two-dimensional code in which the data of the face photograph is embedded is used as the identification card to prove the identity. In doing so, a technique has been proposed in which a face photograph is restored from a two-dimensional code and compared with the original face photograph to determine authenticity (see Patent Document 1).
特開2005-141626号公報JP, 2005-141626, A
 上記検証方法においては、身分証明証をモバイル機器に実装し、検証装置と授受を行う際に、送付対象のデータ量が大きくなってしまう。このため、モバイル機器および検証装置の機能によっては大きなデータ量を授受する検証方法が選択できず送付ができないという課題がある。 In the above verification method, the amount of data to be sent becomes large when the identification card is mounted on the mobile device and exchanged with the verification device. Therefore, depending on the functions of the mobile device and the verification device, there is a problem that a verification method for transmitting and receiving a large amount of data cannot be selected and cannot be sent.
 特に、モバイル機器のディスプレイに表示して提示する方法として挙げた特許文献1においては、二次元コードに顔写真データそのものを埋め込んでいるため、二次元コードが大きくなるという課題がある。 In particular, in Patent Document 1 cited as a method of displaying and presenting on a display of a mobile device, since the facial photograph data itself is embedded in the two-dimensional code, there is a problem that the two-dimensional code becomes large.
 通常、身分証明書に用いる程度の大きさの顔写真データでも、数キロバイトから数十キロバイトのデータ量となる。例えそのデータを圧縮したとしても、顔写真データを二次元コードに埋め込んで二次元コードリーダが認識できる解像度にした場合、顔写真データのデータ量によっては、二次元コードが例えばA4サイズの半分程度まで大きくなってしまう。この結果、その二次元コードをスマートフォンのディスプレイには表示しきれない。 -Normally, even face photograph data that is about the size of an ID card has a data amount of several kilobytes to several tens of kilobytes. Even if the data is compressed, if the face photograph data is embedded in the two-dimensional code and has a resolution that can be recognized by the two-dimensional code reader, the two-dimensional code is about half of A4 size depending on the amount of the face photograph data. Grows up to. As a result, the two-dimensional code cannot be displayed on the smartphone display.
 また逆に、スマートフォンのディスプレイに表示できる程度の大きさの二次元コードに顔写真データを埋め込もうとすると、顔写真データのデータ量を削減する必要があるため、顔写真が荒い画像となり、その荒い画像からでは顔写真の真正性を確認するのが難しくなる。 Conversely, if you try to embed face photo data in a two-dimensional code that is large enough to be displayed on the smartphone display, the amount of face photo data needs to be reduced, so the face photo becomes a rough image, It is difficult to confirm the authenticity of the facial photograph from the rough image.
 本発明の目的は、検証装置において、小さなデータ量で身分証明書データ等の取得データの真正性を検証することにある。 An object of the present invention is to verify the authenticity of acquired data such as identification data with a small amount of data in a verification device.
 本発明の一態様の検証装置は、画像撮影機器およびデータ受信機器と接続する検証装置であって、上記検証装置は、署名検証部と画像検証部とを有し、第1の処理又は第2の処理を行う検証装置であって、前記第1の処理においては、前記署名検証部は、端末の画面を撮影して取得した取得画像から識別子画像と顔画像とを抽出して前記識別子画像に含まれる電子署名から前記識別子画像を検証し、前記画像検証部は、前記顔画像から抽出した第一の特徴値情報と、前記識別子画像に含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証し、前記第2の処理においては、前記署名検証部は、前記端末から受信して取得した取得データから電子署名の検証を行い、前記画像検証部は、前記取得データに含まれる顔画像から抽出した第一の特徴値情報と、前記取得データに含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証することを特徴とする。 A verification device according to one aspect of the present invention is a verification device that is connected to an image capturing device and a data receiving device, and the verification device includes a signature verification unit and an image verification unit, and a first process or a second process. In the first processing, the signature verification unit extracts an identifier image and a face image from an acquired image acquired by capturing a screen of a terminal and uses the identifier image as the identifier image. The identifier image is verified from the included electronic signature, the image verification unit compares the first feature value information extracted from the face image with the second feature value information included in the identifier image, and The authenticity of the face image is verified, and in the second process, the signature verification unit verifies the electronic signature from the acquired data received and acquired from the terminal, and the image verification unit determines the acquired data. It is characterized in that the authenticity of the face image is verified by comparing the first feature value information extracted from the face image included in 1) with the second feature value information included in the acquired data.
 本発明の一態様の検証方法は、画像撮影機器およびデータ受信機器と接続する検証装置を用いた検証方法であって、上記検証方法は、署名検証ステップと画像検証ステップとを有し、第1の処理又は第2の処理を行う検証方法であって、前記第1の処理においては、前記署名検証ステップは、端末の画面を撮影して取得した取得画像から識別子画像と顔画像とを抽出して前記識別子画像に含まれる電子署名から前記識別子画像を検証し、前記画像検証ステップは、前記顔画像から抽出した第一の特徴値情報と、前記識別子画像に含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証し、前記第2の処理においては、前記署名検証ステップは、前記端末から受信して取得した取得データから電子署名の検証を行い、前記画像検証ステップは、前記取得データに含まれる顔画像から抽出した第一の特徴値情報と、前記取得データに含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証することを特徴とする。 A verification method according to one aspect of the present invention is a verification method using a verification device connected to an image capturing device and a data receiving device, the verification method including a signature verification step and an image verification step. In the first process, in the signature verification step, the identifier image and the face image are extracted from the acquired image acquired by capturing the screen of the terminal. And verify the identifier image from the electronic signature included in the identifier image, the image verification step, the first feature value information extracted from the face image, and second feature value information included in the identifier image, To verify the authenticity of the face image, and in the second process, the signature verification step verifies the electronic signature from the acquired data received and acquired from the terminal, and the image verification step. Is characterized by verifying the authenticity of the face image by comparing the first feature value information extracted from the face image included in the acquired data with the second feature value information included in the acquired data. And
 本発明の一態様によれば、検証装置において、小さなデータ量で身分証明書データ等の取得データの真正性を検証することができる。 According to one aspect of the present invention, the verification device can verify the authenticity of acquired data such as identification data with a small amount of data.
実施例1のシステム構成例を示す図である。FIG. 1 is a diagram showing an example of a system configuration of Example 1. 発行装置、検証装置およびスマートフォンのハードウェア構成例を示す図である。It is a figure showing an example of hardware constitutions of an issuing device, a verification device, and a smart phone. デジタル身分証明書の発行処理手順を示すシーケンス図である。It is a sequence diagram which shows the issuing process procedure of a digital identification card. 実施例1におけるデジタル身分証明書の検証処理においてモバイル機器のディスプレイに表示する方法での手順を示すシーケンス図である。FIG. 6 is a sequence diagram showing a procedure of a method of displaying on a display of a mobile device in a process of verifying a digital identification certificate according to the first embodiment. 実施例1におけるデジタル身分証明書の検証処理において通信を介して授受し、そのデータを検証する方法での手順を示すシーケンス図である。FIG. 6 is a sequence diagram showing a procedure in a method of verifying the data transmitted and received via communication in the verification process of the digital identification certificate according to the first embodiment. 実施例1における検証装置での検証結果を表示した図である。FIG. 5 is a diagram showing a verification result of the verification device in the first embodiment. 実施例2のシステム構成例を示す図(図1との差分)である。FIG. 3 is a diagram (a difference from FIG. 1) showing a system configuration example of a second embodiment. 実施例2におけるデジタル身分証明書の検証処理手順およびデジタル身分証明書の保有者の認証処理手順を示すシーケンス図である。FIG. 7 is a sequence diagram showing a digital identification certificate verification processing procedure and a digital identification certificate holder authentication processing procedure according to the second embodiment. 実施例2における検証装置での認証結果を表示した図(図6との差分)である。FIG. 9 is a diagram (a difference from FIG. 6) displaying an authentication result of the verification device in the second embodiment.
 以下に、本発明の実施例について図面を用いて詳細に説明する。 Embodiments of the present invention will be described below in detail with reference to the drawings.
 (システム構成)
  図1は、実施例1におけるデジタル身分証明書システム1の全体構成例を示す図である。この図では、全体構成と共に、デジタル身分証明書システム1を構成する各コンピュータの機能構成例についても示している。 (System configuration)
FIG. 1 is a diagram illustrating an example of the overall configuration of the digital identification system 1 according to the first embodiment. In this figure, an example of the functional configuration of each computer that constitutes the digital identification system 1 is shown along with the overall configuration.
 図1に示すデジタル身分証明書システム1は、発行装置10と検証装置20を有する。発行装置10は、スマートフォン30向けにデジタル身分証明書データ305およびデジタル身分証明書(画像データ)301を生成する。検証装置20は、スマートフォン30のディスプレイに表示されたデジタル身分証明書301の画像もしくはスマートフォン30から送信された身分証明書データ305を取得し、その身分証明書データから提示されたデジタル身分証明書301もしくは身分証明書データ305の真正性を判定する。 The digital identification system 1 shown in FIG. 1 has an issuing device 10 and a verification device 20. The issuing device 10 generates digital identification data 305 and digital identification (image data) 301 for the smartphone 30. The verification device 20 acquires the image of the digital identification card 301 displayed on the display of the smartphone 30 or the identification card data 305 transmitted from the smartphone 30, and the digital identification card 301 presented from the identification card data 301. Alternatively, the authenticity of the identification certificate data 305 is determined.
 図1に示すように、発行装置10は、電子署名を生成する署名鍵SK104と検証装置20との共通鍵K105を管理しており、顔写真のデータから特徴値を抽出する特徴値抽出機能106と、データの暗号化及び電子署名生成処理をする暗号処理機能103と、二次元コードを生成する二次元コード生成機能102と、顔写真データ302と名前等の属性情報303と二次元コード304からデジタル身分証明書(画像データ)301を成型する身分証明書成型機能101を有する。 As shown in FIG. 1, the issuing device 10 manages a signature key SK104 for generating an electronic signature and a common key K105 between the verification device 20 and a feature value extracting function 106 for extracting a feature value from face photograph data. From the encryption processing function 103 for data encryption and digital signature generation processing, the two-dimensional code generation function 102 for generating a two-dimensional code, the facial photograph data 302, the attribute information 303 such as a name, and the two-dimensional code 304. It has an identification card forming function 101 for forming a digital identification card (image data) 301.
 また、検証装置20は画像撮影機器21と繋がっている。検証装置20は、電子署名を検証する検証鍵PK204と発行装置10との共通鍵K205を管理しており、スマートフォン30のディスプレイに表示されたデジタル身分証明書301の画像を読み取るデータ読取機能201、もしくは、スマートフォン30から送信されたデジタル身分証明書データ305を受信するデータ受信機能(例えば、データ受信機器)22と、前記読み取った画像から二次元コード部分304を取り出して二次元コードをデコードする二次元コード読取機能202と、データの復号化及び電子署名検証処理をする暗号処理機能203と、前記読み取ったデジタル身分証明書301の画像から名前等の属性情報303の文字を認識する文字認識機能206と、二次元コードに埋め込まれている特徴値と前記読み取ったデジタル身分証明書301の画像に含まれている顔写真画像302とを比較検証するマッチング機能207と、検証結果に応じて画面表示を行ったり、入退室管理のゲートの開閉指示を行ったりする検証結果処理機能208を有する。データ受信機能22は、検証装置20によっては、備えていない場合もある。 Also, the verification device 20 is connected to the image capturing device 21. The verification device 20 manages a verification key PK204 for verifying an electronic signature and a common key K205 of the issuing device 10, and a data reading function 201 for reading an image of the digital identification card 301 displayed on the display of the smartphone 30. Alternatively, a data receiving function (for example, a data receiving device) 22 that receives the digital identification data 305 transmitted from the smartphone 30, and a two-dimensional code part 304 that extracts the two-dimensional code portion 304 from the read image and decodes the two-dimensional code. A dimension code reading function 202, a cryptographic processing function 203 for decrypting data and a digital signature verification process, and a character recognition function 206 for recognizing a character of attribute information 303 such as a name from the read image of the digital identification card 301. And a matching function 207 for comparing and verifying the feature value embedded in the two-dimensional code and the facial photograph image 302 included in the read image of the digital identification card 301, and a screen display according to the verification result. It has a verification result processing function 208 for performing or instructing opening/closing of a gate for entering/leaving a room. The data receiving function 22 may not be provided depending on the verification device 20.
 また、スマートフォン30は、ネットワークまたは媒体渡し等で入手した該当デジタル身分証明書(画像データ)301およびデジタル身分証明書データ305をインストールして格納し、必要に応じて前記デジタル身分証明書301をディスプレイに表示させる機能および前記デジタル身分証明書データ305を無線LANやBlueTooth(登録商標)通信、NFC通信等を用いてデータ送信する機能を有する。データを送信する機能は、スマートフォンによっては、備えていない場合もある。 Also, the smartphone 30 installs and stores the corresponding digital identification card (image data) 301 and digital identification card data 305 obtained through network or media transfer, and displays the digital identification card 301 as necessary. And a function of transmitting the digital identification data 305 by wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like. The function of transmitting data may not be provided depending on the smartphone.
 このような機能を有する発行装置10、検証装置20、スマートフォン30は、図2に例示するように一般的な情報処理装置40により実現できる。例えば、発行装置10の特徴値抽出機能106や暗号処理機能103や二次元コード生成機能102や身分証明書成型機能101や、検証装置20のデータ読取機能201や二次元コード読取機能202や暗号処理機能203や文字認識機能206やマッチング機能207や検証結果処理機能208は、CPU(CENTRAL PROCESSING UNIT)等のCPU405により実行されるコンピュータプログラムとして実現できる。こうしたコンピュータプログラムは、例えば、ハードディスクなどの記憶装置404に予め格納・保持するか、或いはネットワークから配布を受け、メモリー403上に展開して利用することができる。 The issuing device 10, the verification device 20, and the smartphone 30 having such functions can be realized by a general information processing device 40 as illustrated in FIG. For example, the feature value extraction function 106, the cryptographic processing function 103, the two-dimensional code generation function 102, the identification card molding function 101 of the issuing device 10, the data reading function 201, the two-dimensional code reading function 202, and the cryptographic processing of the verification device 20. The function 203, the character recognition function 206, the matching function 207, and the verification result processing function 208 can be realized as a computer program executed by the CPU 405 such as a CPU (CENTRAL PROCESSING UNIT). Such a computer program can be stored and held in a storage device 404 such as a hard disk in advance, or can be distributed from a network and expanded on the memory 403 for use.
 また、デジタル身分証明書システム1を利用する利用者からの指示は、入力を受け付けるキーボードやマウス、タッチパネルなどの入力装置401にて入力され、また、その指示による処理結果は、液晶表示装置や有機EL(ELECTRO LUMINESCENCE)ディスプレイなどの出力装置402にて出力される。 Further, an instruction from a user who uses the digital identification card system 1 is input by an input device 401 such as a keyboard, a mouse, or a touch panel that receives an input, and a processing result by the instruction is a liquid crystal display device or an organic device. It is output by an output device 402 such as an EL (ELECTRO LUMINESCENCE) display.
 発行装置10、検証装置20、スマートフォン30のこれらの装置は、バスなどの内部通信線(以下、バスという)406で連結された情報処理装置40上に構成することができる。 These devices such as the issuing device 10, the verification device 20, and the smartphone 30 can be configured on the information processing device 40 connected by an internal communication line (hereinafter referred to as a bus) 406 such as a bus.
 また、検証装置20と繋がっている画像撮影機器21は、デジタルカメラ、WEBカメラ、スキャナー等の機器にて実現される。また、検証装置20と繋がっているデータ受信機能22は、無線LANやBlueTooth(登録商標)通信、NFC通信等の通信機能にて実現される。 Moreover, the image capturing device 21 connected to the verification device 20 is realized by devices such as a digital camera, a WEB camera, and a scanner. The data reception function 22 connected to the verification device 20 is realized by a communication function such as wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like.
 (処理手順例)
 以下、実施例1における手順について図に基づき説明する。以下で説明する各種動作は、デジタル身分証明書システム1を構成する各装置が、それぞれメモリー等に読み出して実行するプログラムによって実現される。 (Example of processing procedure)
Hereinafter, the procedure in the first embodiment will be described with reference to the drawings. The various operations described below are realized by programs that are read out to a memory or the like and executed by each device that constitutes the digital identification system 1.
 図3は、実施例1におけるデジタル身分証明書301の発行処理手順を示すシーケンス図である。 FIG. 3 is a sequence diagram showing a procedure for issuing the digital identification card 301 according to the first embodiment.
 発行装置10にデジタル身分証明書301の保有者となる人物の顔写真データ302を入力し、発行装置10は、特徴値抽出機能106より、その顔写真データ302から、顔写真を一意に識別できる比較的小さなデータ量である特徴値(「目、鼻、口端などの顔の特徴点位置」や「目の部分だけ切り取った画像」など)を抽出する(ステップS101)。 The facial photograph data 302 of the person who is the holder of the digital identification card 301 is input to the issuing apparatus 10, and the issuing apparatus 10 can uniquely identify the facial photograph from the facial photograph data 302 by the feature value extraction function 106. A feature value that is a relatively small amount of data (such as "feature point position of face such as eyes, nose, mouth edge" or "image cut out of eyes") is extracted (step S101).
 次に、発行装置10は、暗号処理機能103より、前記特徴値を検証装置20との共通鍵K105で暗号化する(ステップS102)。 Next, the issuing device 10 uses the cryptographic processing function 103 to encrypt the characteristic value with the common key K105 with the verification device 20 (step S102).
 次に、発行装置10にデジタル身分証明書301の保有者となる人物の名前等の属性情報303を入力し、発行装置10は、その属性情報303を前記暗号化特徴値と連結する(ステップS103)。 Next, the attribute information 303 such as the name of the person who is the holder of the digital identification certificate 301 is input to the issuing device 10, and the issuing device 10 concatenates the attribute information 303 with the encrypted characteristic value (step S103). ).
 次に、発行装置10は、暗号化特徴値と属性情報303を連結したデータに対して、発行装置10の署名鍵SK104で電子署名値を計算し、暗号化特徴値と属性情報303を連結したデータに付与する(ステップS104)。これらの顔写真データ302と暗号化特徴値と属性情報と電子署名値を結合したものをデジタル証明書データ305とする。 Next, the issuing device 10 calculates an electronic signature value with the signature key SK104 of the issuing device 10 for the data obtained by concatenating the encrypted characteristic value and the attribute information 303, and concatenates the encrypted characteristic value and the attribute information 303. It is added to the data (step S104). The combination of the face photograph data 302, the encrypted feature value, the attribute information, and the electronic signature value is referred to as digital certificate data 305.
 次に、二次元コード生成機能102より、連結した暗号化特徴値と属性情報303と電子署名データを入力として二次元コード304を生成する。即ち前記連結データの二次元コードエンコード化を行う(ステップS105)。 Next, the two-dimensional code generation function 102 generates the two-dimensional code 304 by inputting the concatenated encrypted feature value, the attribute information 303 and the electronic signature data. That is, the two-dimensional code encoding of the concatenated data is performed (step S105).
 次に、発行装置10は、身分証明書成型機能101より、顔写真データ302、属性情報303、二次元コード304をスマートフォンのディスプレイに同時に表示できるように配置・成型し(ステップS106)、デジタル身分証明書(画像データ)301およびデジタル身分証明書データ305として外部出力する(ステップS107)。 Next, the issuing device 10 arranges and molds the face photograph data 302, the attribute information 303, and the two-dimensional code 304 so that they can be simultaneously displayed on the display of the smartphone by the identification card molding function 101 (step S106), and the digital ID. The certificate (image data) 301 and the digital identification certificate data 305 are externally output (step S107).
 スマートフォン30は、ネットワークまたは媒体渡し等で前記デジタル身分証明書(画像データ)301を取得し(ステップS108)、前記デジタル身分証明書(画像データ)301をスマートフォン30の記憶装置404に保管する(ステップS109)。 The smartphone 30 acquires the digital identification card (image data) 301 through a network or a medium transfer (step S108), and stores the digital identification card (image data) 301 in the storage device 404 of the smartphone 30 (step S108). S109).
 上記ステップS105およびステップS106は、発行装置にてデジタル身分証明書(画像データ)301を生成している。しかし、スマートフォン30に二次元コード生成機能102および身分証明書整形機能101と同様の機能を備えることで、スマートフォン30において、デジタル身分証明書データ305を用いて、デジタル身分証明書(画像データ)301を生成しても良い。 In steps S105 and S106, the issuing device generates the digital identification card (image data) 301. However, by providing the smartphone 30 with the same functions as the two-dimensional code generation function 102 and the identification certificate shaping function 101, the digital identification data (image data) 301 is used in the smartphone 30 by using the digital identification data 305. May be generated.
 次に、実施例1におけるデジタル身分証明書の検証手順を示す。
  はじめに、スマートフォン30の所有者が、検証装置20の備える機能およびスマートフォン30の備える機能を把握し、検証装置20およびスマートフォン30の双方が無線LANやBlueTooth(登録商標)通信、NFC通信等で通信できるかを確認する。もし、検証装置20もしくはスマートフォン30が通信機能を備えていない場合には、図4に示すスマートフォンのディスプレイに表示して検証する手順に遷移する。もし、通信機能を備えている場合には、図5に示す通信を介して授受し、そのデータを検証する手順に遷移する。 Next, a procedure for verifying the digital identification certificate according to the first embodiment will be described.
First, the owner of the smartphone 30 understands the functions of the verification device 20 and the functions of the smartphone 30, and both the verification device 20 and the smartphone 30 can communicate with each other by wireless LAN, BlueTooth (registered trademark) communication, NFC communication, or the like. Check if If the verification device 20 or the smartphone 30 does not have a communication function, the procedure proceeds to the procedure of displaying the verification on the display of the smartphone shown in FIG. 4 for verification. If it has a communication function, the procedure transfers to and from the communication shown in FIG. 5 to verify the data.
 図4は、実施例1におけるデジタル身分証明書をディスプレイに表示して検証処理手順を示すシーケンス図である。 FIG. 4 is a sequence diagram showing the verification processing procedure by displaying the digital ID card according to the first embodiment on the display.
 スマートフォン30は、ステップS109で保管したデジタル身分証明書(画像データ)301をスマートフォン30のディスプレイに表示し、画像撮影機器21に提示する(ステップS200)。 The smartphone 30 displays the digital ID (image data) 301 stored in step S109 on the display of the smartphone 30 and presents it to the image capturing device 21 (step S200).
 次に、画像撮影機器21は、スマートフォン30のディスプレイに表示された画像を撮影し(ステップS201)、検証装置20は画像撮影機器21が撮影した画面画像を画像撮影機器21から取得する(ステップS202)。 Next, the image capturing device 21 captures the image displayed on the display of the smartphone 30 (step S201), and the verification device 20 acquires the screen image captured by the image capturing device 21 from the image capturing device 21 (step S202). ).
 次に、検証装置20は二次元コード読取機能202より、ステップS202で取得した画面画像から二次元コードを読取り、二次元コードをデコードする(ステップS203)。 Next, the verification device 20 uses the two-dimensional code reading function 202 to read the two-dimensional code from the screen image acquired in step S202 and decode the two-dimensional code (step S203).
 次に、デコードされたデータは、暗号化特徴値、属性情報、電子署名値からなっており、それらのデータから暗号処理機能203を用いて電子署名の検証を行う(ステップS204)。 Next, the decoded data is composed of the encrypted feature value, the attribute information, and the digital signature value, and the digital signature is verified from these data using the cryptographic processing function 203 (step S204).
 署名検証に失敗した場合、エラー処理として例えば図6(a)に示すように、検証装置20のディスプレイにデジタル身分証明書301の二次元コード304の部分に不正があって、署名検証に失敗した旨を表示する(ステップS205)。 If the signature verification fails, the error verification process fails, as shown in FIG. 6A, for example, as shown in FIG. 6A, there is an error in the two-dimensional code 304 of the digital identification card 301 on the display of the verification device 20, and the signature verification fails. A message is displayed (step S205).
 署名検証に成功した場合、ステップS202で取得した画面画像から文字認識機能206を用いて属性情報303に関する文字を認識し、ステップS203でデコードした属性情報と比較検証する(ステップS206)。 If the signature verification is successful, the character related to the attribute information 303 is recognized from the screen image acquired in step S202 by using the character recognition function 206, and the characters are compared and verified with the attribute information decoded in step S203 (step S206).
 両者の情報が一致しない場合、エラー処理として例えば図6(b)に示すように、検証装置20のディスプレイにデジタル身分証明書301の属性情報303の部分に不正があり、属性情報が詐称されている旨と正しい属性情報を表示する(ステップS207)。 If the two pieces of information do not match, as error processing, for example, as shown in FIG. 6B, the attribute information 303 portion of the digital identification card 301 is incorrect on the display of the verification device 20, and the attribute information is misrepresented. And the correct attribute information is displayed (step S207).
 属性情報が一致した場合、暗号処理機能203より、ステップS203でデコードした暗号化特徴値を共通鍵K205で復号し(ステップS208)、復号された特徴値とステップS202で取得した画面画像の顔写真部分とをマッチング機能207を用いて比較検証し、その特徴値がその顔写真から抽出されたデータであるかどうかを検証する(ステップS209)。 If the attribute information matches, the encryption processing function 203 decrypts the encrypted feature value decoded in step S203 with the common key K205 (step S208), and the decrypted feature value and the face image of the screen image acquired in step S202. The part and the part are compared and verified by using the matching function 207, and it is verified whether or not the feature value is the data extracted from the face photograph (step S209).
 マッチング機能207は顔写真と特徴値の相関関係を数値として表し、顔写真と特徴値とのマッチング率が閾値以下である場合、エラー処理として例えば図6(c)に示すように、検証装置20のディスプレイにデジタル身分証明書301の顔写真302の部分に不正あり、顔写真が偽造されている旨を表示する(ステップS210)。 The matching function 207 represents the correlation between the face photograph and the feature value as a numerical value, and when the matching rate between the face photograph and the feature value is less than or equal to the threshold value, as the error processing, for example, as illustrated in FIG. The display shows that the face photograph 302 of the digital identification card 301 is illegal and the face photograph is forged (step S210).
 顔写真と特徴値とのマッチング率が閾値以上である場合、真正結果処理として、図5(d)に示すように、検証装置20のディスプレイにデジタル身分証明書301が正しいものである旨を表示する(ステップS211)。 When the matching rate between the facial photograph and the feature value is equal to or more than the threshold value, as the authenticity result process, as shown in FIG. 5D, the display of the verification device 20 displays that the digital identification card 301 is correct. Yes (step S211).
 尚、顔写真と特徴値とのマッチングは、顔写真データ(顔画像)302から抽出した第一の特徴値情報と、二次元コード304(識別子画像)に含まれる第二の特徴値情報とを比較して行われる。ここで、第一の特徴値及び第二の特徴値とは、例えば、顔の特徴点位置に関する情報である。 The matching between the face photograph and the feature value is performed by using the first feature value information extracted from the face photograph data (face image) 302 and the second feature value information included in the two-dimensional code 304 (identifier image). It is done by comparison. Here, the first feature value and the second feature value are, for example, information regarding the position of the feature points of the face.
 図5は、本実施例1におけるデジタル身分証明書を通信を介して授受し、身分証明書データを検証する手順を示すシーケンス図である。 FIG. 5 is a sequence diagram showing a procedure for exchanging the digital identification certificate according to the first embodiment through communication and verifying the identification data.
 スマートフォン30は、ステップS109で保管したデジタル身分証明書データ305を送信する(ステップS400)。 The smartphone 30 transmits the digital ID data 305 stored in step S109 (step S400).
 次に、データ受信機能22は、スマートフォン30から送信された身分証明書データ305を受信し(ステップS401)、検証装置20はデータ受信機能22が受信した身分証明書データ305を取得する(ステップS402)。 Next, the data reception function 22 receives the identification certificate data 305 transmitted from the smartphone 30 (step S401), and the verification device 20 acquires the identification certificate data 305 received by the data reception function 22 (step S402). ).
 受信されたデータは、顔写真データ302、暗号化特徴値、属性情報、電子署名値からなっており、暗号化特徴値、属性情報、電子署名値から暗号処理機能203を用いて電子署名の検証を行う(ステップS404)。 The received data consists of face photograph data 302, encrypted characteristic values, attribute information, and electronic signature value. Verification of the electronic signature from the encrypted characteristic value, attribute information, and electronic signature value using the cryptographic processing function 203. Is performed (step S404).
 署名検証に失敗した場合、エラー処理として、署名検証に失敗した旨を表示する(ステップS405)。 If the signature verification has failed, the fact that the signature verification has failed is displayed as error processing (step S405).
 属性情報が一致した場合、暗号処理機能203より、ステップS402で取得した暗号化特徴値を共通鍵K205で復号し(ステップS406)、復号された特徴値とステップS402で取得した顔写真データ305とをマッチング機能207を用いて比較検証し、その特徴値がその顔写真から抽出されたデータであるかどうかを検証する(ステップS407)。 When the attribute information matches, the encryption processing function 203 decrypts the encrypted feature value acquired in step S402 with the common key K205 (step S406), and the decrypted feature value and the face photograph data 305 acquired in step S402. Are compared and verified by using the matching function 207, and it is verified whether or not the feature value is data extracted from the face photograph (step S407).
 マッチング機能207は顔写真と特徴値の相関関係を数値として表し、顔写真と特徴値とのマッチング率が閾値以下である場合、エラー処理として例えば図6(c)に示すように、検証装置20のディスプレイにデジタル身分証明書301の顔写真302の部分に不正あり、顔写真が偽造されている旨を表示する(ステップS409)。 The matching function 207 represents the correlation between the face photograph and the feature value as a numerical value, and when the matching rate between the face photograph and the feature value is less than or equal to the threshold value, as the error processing, for example, as illustrated in FIG. The display shows that the face photograph 302 of the digital identification card 301 is illegal and the face photograph is forged (step S409).
 顔写真と特徴値とのマッチング率が閾値以上である場合、真正結果処理として、例えば図5(d)に示すように、検証装置20のディスプレイにデジタル身分証明書301が正しいものである旨を表示する(ステップS409)。 When the matching rate between the facial photograph and the feature value is equal to or more than the threshold value, as the authenticity result processing, for example, as shown in FIG. 5D, it is indicated that the digital identification card 301 is correct on the display of the verification device 20. It is displayed (step S409).
 尚、顔写真と特徴値とのマッチングは、身分証明書データ305に含まれる顔写真データ(顔画像)302から抽出した第一の特徴値情報と、身分証明書データ305に含まれる第二の特徴値情報とを比較して行われる。ここで、第一の特徴値及び第二の特徴値とは、例えば、顔の特徴点位置に関する情報である。 The matching between the face photograph and the feature value is performed by the first feature value information extracted from the face photograph data (face image) 302 included in the ID card data 305 and the second feature value information included in the ID card data 305. It is performed by comparing with the characteristic value information. Here, the first feature value and the second feature value are, for example, information regarding the position of the feature points of the face.
 このように、上記実施例1の検証装置は、画像撮影機器21およびデータ受信機器22と接続する検証装置20である。検証装置20は、署名検証部と画像検証部とを有し(図1、図4、図5参照)、第1の処理(図4参照)又は第2の処理(図5参照)を行う。 As described above, the verification device of the first embodiment is the verification device 20 connected to the image capturing device 21 and the data receiving device 22. The verification device 20 has a signature verification unit and an image verification unit (see FIGS. 1, 4, and 5) and performs the first process (see FIG. 4) or the second process (see FIG. 5).
 第1の処理(図4参照)においては、署名検証部は、スマートフォン30(端末)の画面を撮影して取得した取得画像(デジタル身分証明書)301から二次元コード(識別子画像)304と顔写真データ(顔画像)302とを抽出して二次元コード(識別子画像)304に含まれる電子署名から二次元コード(識別子画像)304を検証する。そして、画像検証部は、顔写真データ(顔画像)302から抽出した第一の特徴値情報と、二次元コード(識別子画像)304に含まれる第二の特徴値情報とを比較して顔写真データ(顔画像)302の真正性を検証する。 In the first process (see FIG. 4 ), the signature verification unit acquires the two-dimensional code (identifier image) 304 and the face from the acquired image (digital identification card) 301 acquired by photographing the screen of the smartphone 30 (terminal). The photograph data (face image) 302 is extracted and the two-dimensional code (identifier image) 304 is verified from the electronic signature included in the two-dimensional code (identifier image) 304. Then, the image verification unit compares the first feature value information extracted from the face photograph data (face image) 302 with the second feature value information included in the two-dimensional code (identifier image) 304, and the face photograph. The authenticity of the data (face image) 302 is verified.
 また、第2の処理(図5参照)においては、署名検証部は、スマートフォン30(端末)から受信して取得した取得データ(身分証明書データ)305から電子署名の検証を行う。そして、画像検証部は、取得データ305に含まれる顔写真データ(顔画像)302から抽出した第一の特徴値情報と、取得データ305に含まれる第二の特徴値情報とを比較して顔写真データ(顔画像)302の真正性を検証する。 Also, in the second process (see FIG. 5), the signature verification unit verifies the electronic signature from the acquired data (identification certificate data) 305 received and acquired from the smartphone 30 (terminal). Then, the image verification unit compares the first feature value information extracted from the face photograph data (face image) 302 included in the acquired data 305 with the second feature value information included in the acquired data 305 to compare the face. The authenticity of the photographic data (face image) 302 is verified.
 上記実施例1では、端末の所有者が端末の機能を把握し、端末が通信機能(データ送信機能)を備えている場合は、検証装置はデータ受信機器を用いて端末から受信して取得した取得データから電子署名の検証を行う(前記第2の処理)。一方、端末が通信機能を備えていない場合は、検証装置は画像撮影機器を用いて端末の画面を撮影して取得した取得画像から識別子画像と顔画像とを抽出して識別子画像に含まれる電子署名から識別子画像を検証する(前記第1の処理)。上記実施例1によれば、端末の所有者は、画像撮影機器およびデータ受信機器と接続する検証装置において、端末の機能(通信機能等)に応じた検証方法を選択することができる。つまり、端末は機種ごとに機能が異なるため、端末の機種によっては通信機能を備えていない場合もある。上記実施例1によれば、端末の機種ごとに機能が異なる場合でも、端末の機能に応じた検証方法を選択することができる。 In the first embodiment, when the owner of the terminal grasps the function of the terminal and the terminal has the communication function (data transmission function), the verification device receives and acquires from the terminal using the data receiving device. The electronic signature is verified from the acquired data (the second process). On the other hand, when the terminal does not have the communication function, the verification device extracts the identifier image and the face image from the acquired image acquired by photographing the screen of the terminal using the image capturing device, and the electronic device included in the identifier image. The identifier image is verified from the signature (the first process). According to the first embodiment described above, the owner of the terminal can select the verification method according to the function (communication function or the like) of the terminal in the verification device connected to the image capturing device and the data receiving device. In other words, since the function of the terminal differs depending on the model, the terminal may not have the communication function depending on the model. According to the first embodiment described above, even when the function is different depending on the model of the terminal, the verification method according to the function of the terminal can be selected.
 また、上記実施例1では、バイオメトリクス認証で用いる技術を応用し、顔写真データから顔写真を一意に識別できる特徴値(「目、鼻、口端などの顔の特徴点位置」や「顔を特徴付ける目の部分だけ切り取った画像」など)を抽出し、その情報に電子署名を付与することで、送付対象のデータ量を少なくする。その情報を送付対象とすることで、データ量が少なくなるため、モバイル機器および検証装置の機能に応じた検証方法を選択することができるようになる。即ち、顔写真データの特徴量を検証対象とすることで、小さなデータ量で、身分証明書のデータの正当性を検証することができるようになる。 Further, in the above-described first embodiment, the technology used in biometrics authentication is applied, and the feature value (“feature point position of face such as eyes, nose, mouth edge” or “face” that can uniquely identify the face photograph from the face photograph data is applied. (The image that is obtained by cutting out only the eye portion that characterizes the image) is added, and an electronic signature is added to the information, thereby reducing the amount of data to be sent. Since the amount of data is reduced by making the information to be sent, it becomes possible to select the verification method according to the functions of the mobile device and the verification device. That is, by setting the feature amount of the face photograph data as the verification target, it becomes possible to verify the validity of the data of the identification card with a small data amount.
 実施例2は実施例1に追加する形で実施される。 Example 2 is implemented in addition to Example 1.
 図7は、実施例2におけるデジタル身分証明書システム2の全体構成例を示す図(図1との差分)である。実施例2では、検証装置20は人物撮影機器23とも繋がっており、顔写真302と人物撮影機器23で撮影された映像・画像からバイオメトリクス認証で用いられている顔認証機能209を介して、デジタル身分証明書301を提示した者が正しい保有者であるかどうかも検証するシステムである。検証装置と繋がっている人物撮影機器23は、デジタルカメラ、WEBカメラ等の機器にて実現される。尚、実施例2では実施例1と同様にデジタル身分証明書301が発行される。 FIG. 7 is a diagram (difference from FIG. 1) showing an example of the overall configuration of the digital identification system 2 according to the second embodiment. In the second embodiment, the verification device 20 is also connected to the person photographing device 23, and from the face photograph 302 and the video/image photographed by the person photographing device 23, via the face recognition function 209 used in biometrics authentication, The system also verifies whether the person who presents the digital identification card 301 is the correct holder. The person photographing device 23 connected to the verification device is realized by a device such as a digital camera or a WEB camera. In the second embodiment, the digital identification card 301 is issued as in the first embodiment.
 図8は、本実施例2におけるデジタル身分証明書の検証処理手順およびデジタル身分証明書の保有者の認証処理手順を示すシーケンス図である。ステップS210までは実施例1と同様の処理である。 FIG. 8 is a sequence diagram showing a digital identification certificate verification processing procedure and a digital identification certificate holder authentication processing procedure according to the second embodiment. The process up to step S210 is the same as that of the first embodiment.
 人物撮影機器23はデジタル身分証明書301を提示した人物を撮影し(ステップS301)、検証装置20は、人物撮影機器23からステップS301で撮影した人物画像を取得する(ステップS302)。 The person photographing device 23 photographs the person who presented the digital identification card 301 (step S301), and the verification device 20 acquires the person image photographed in step S301 from the person photographing device 23 (step S302).
 次に、検証装置20は、ステップS209で真正と判断された顔写真データとステップS301で取得した人物画像データとを顔認証機能209を用いて比較検証し、デジタル身分証明書301を提示した者が正しい保有者であるかどうかを検証する(ステップS303)。 Next, the verification device 20 compares and verifies the face photograph data determined to be authentic in step S209 and the person image data acquired in step S301 using the face authentication function 209, and presents the digital identification card 301. Is verified to be the correct holder (step S303).
 次に、顔認証機能209は顔写真と人物画像の相関関係を数値として表し、顔写真と人物画像とのマッチング率が閾値以下である場合、エラー処理として例えば図9(a)に示すように、検証装置20のディスプレイにデジタル身分証明書301の顔写真302とデジタル身分証明書301を提示した人物の顔とが一致していない旨を表示する(ステップS304)。 Next, the face authentication function 209 expresses the correlation between the face photograph and the person image as a numerical value. When the matching rate between the face photograph and the person image is less than or equal to a threshold value, error processing is performed as shown in FIG. 9A, for example. Then, the fact that the face photograph 302 of the digital identification card 301 and the face of the person who presented the digital identification card 301 do not match is displayed on the display of the verification device 20 (step S304).
 顔写真と人物画像とのマッチング率が閾値以上である場合、真正結果処理として例えば図9(b)に示すように、検証装置20のディスプレイにデジタル身分証明書301が真正で、デジタル身分証明書301を提示した人物の顔とが一致している旨を表示する(ステップS305)。 When the matching rate between the face photograph and the person image is equal to or greater than the threshold value, as the authenticity result processing, for example, as shown in FIG. 9B, the digital identification card 301 is authentic and the digital identification card 301 is displayed on the display of the verification device 20. The fact that the face of the person who presented 301 is matched is displayed (step S305).
 上記実施例2では、スマートフォンのディスプレイに表示して検証する手順を例にしたが、通信を介して授受し、そのデータを検証する手順においても同様に追加することができる。 In the above-mentioned second embodiment, the procedure of displaying on the display of the smartphone and verifying was taken as an example, but the procedure of verifying the data transmitted and received via communication can be similarly added.
 このように、上記実施例2では、外部のカメラ等で撮影した顔画像と、正当なものと検証された顔写真とからカメラの被写体を認証する。上記実施例2によれば、顔写真データの特徴量を検証対象とすることで、小さなデータ量で、身分証明書のデータの正当性を検証することができる。この結果、高セキュリティを確保した状態で、モバイル機器および検証装置の機能に応じた検証方法を選択することができる。 In this way, in the second embodiment, the subject of the camera is authenticated from the face image taken by the external camera and the like and the face photograph that is verified to be valid. According to the second embodiment, the feature amount of the face photograph data is set as the verification target, so that the legitimacy of the data of the identification card can be verified with a small data amount. As a result, it is possible to select a verification method according to the functions of the mobile device and the verification device while ensuring high security.
 尚、上記実施例では、身分証明書画像及び身分証明書データを例に説明したが、本発明はこれに限らず、他の画像及びデータにも適用可能である。 In addition, in the above-described embodiment, the identification certificate image and the identification certificate data are described as an example, but the present invention is not limited to this and can be applied to other images and data.
1   デジタル身分証明書システム
2   デジタル身分証明書システム
10  発行装置
20  検証装置
21  画像撮影機器
22  データ受信機能
23  人物撮影機器
30  スマートフォン
40  情報処理装置
101 身分証明書成型機能
102 二次元コード生成機能
103 暗号処理機能
104 署名鍵SK
105 共通鍵K
106 特徴値抽出機能
201 データ読取機能
202 二次元コード読取機能
203 暗号処理機能
204 検証鍵PK
205 共通鍵K
206 文字認識機能
207 マッチング機能
208 検証結果処理機能
209 顔認証機能
301 デジタル身分証明書(画像データ)
302 顔写真
303 属性情報
304 二次元コード
305 デジタル身分証明書データ
401 入力装置
402 出力装置
403 メモリー
404 記憶装置
405 CPU
406 バス 1 Digital Identification System 2 Digital Identification System 10 Issuing Device 20 Verification Device 21 Image Shooting Device 22 Data Receiving Function 23 Person Shooting Device 30 Smartphone 40 Information Processing Device 101 Identification Card Forming Function 102 Two-dimensional Code Generation Function 103 Encryption Processing function 104 Signature key SK
105 common key K
106 Feature value extraction function 201 Data reading function 202 Two-dimensional code reading function 203 Cryptographic processing function 204 Verification key PK
205 common key K
206 Character recognition function 207 Matching function 208 Verification result processing function 209 Face authentication function 301 Digital ID (image data)
302 face photograph 303 attribute information 304 two-dimensional code 305 digital identification data 401 input device 402 output device 403 memory 404 storage device 405 CPU
406 bus

Claims (10)

  1.  画像撮影機器およびデータ受信機器と接続する検証装置であって、上記検証装置は、署名検証部と画像検証部とを有し、第1の処理又は第2の処理を行う検証装置であって、
     前記第1の処理においては、
     前記署名検証部は、
     端末の画面を撮影して取得した取得画像から識別子画像と顔画像とを抽出して前記識別子画像に含まれる電子署名から前記識別子画像を検証し、
     前記画像検証部は、
     前記顔画像から抽出した第一の特徴値情報と、前記識別子画像に含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証し、
     前記第2の処理においては、
     前記署名検証部は、
     前記端末から受信して取得した取得データから電子署名の検証を行い、
     前記画像検証部は、
     前記取得データに含まれる顔画像から抽出した第一の特徴値情報と、前記取得データに含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証することを特徴とする検証装置。     A verification device that is connected to an image capturing device and a data receiving device, wherein the verification device is a verification device that has a signature verification unit and an image verification unit, and that performs a first process or a second process.
    In the first processing,
    The signature verification unit,
    The identifier image and the face image are extracted from the acquired image obtained by photographing the screen of the terminal, and the identifier image is verified from the electronic signature included in the identifier image,
    The image verification unit,
    Verifying the authenticity of the face image by comparing the first feature value information extracted from the face image with the second feature value information included in the identifier image,
    In the second processing,
    The signature verification unit,
    Verify the electronic signature from the acquired data received from the terminal,
    The image verification unit,
    It is characterized by verifying the authenticity of the face image by comparing the first characteristic value information extracted from the face image included in the acquired data with the second characteristic value information included in the acquired data. Verification device.
  2.  請求項1に記載の検証装置において、
     前記第1の処理においては、
     前記画像検証部は、
     前記取得画像から抽出された前記顔画像に関する属性情報画像と、前記識別子画像に含まれる属性情報とを比較して前記属性情報画像の真正性を検証することを特徴とする検証装置。     The verification device according to claim 1,
    In the first processing,
    The image verification unit,
    A verification apparatus, which verifies the authenticity of the attribute information image by comparing the attribute information image regarding the face image extracted from the acquired image with the attribute information included in the identifier image.
  3.  請求項1に記載の検証装置において、
     前記第一の特徴値及び前記第二の特徴値は、顔の特徴点位置に関する情報であることを特徴とする検証装置。     The verification device according to claim 1,
    The verification device, wherein the first feature value and the second feature value are information relating to the feature point position of the face.
  4.  請求項1に記載の検証装置において、
     更に、前記検証の結果を表示する表示部を備えることを特徴とする検証装置。     The verification device according to claim 1,
    Further, the verification device is provided with a display unit for displaying the verification result.
  5.  請求項1に記載の検証装置と、撮影装置と、を備える認証システムであって、
     前記検証装置は、更に、前記撮影装置にて撮影された撮影画像と前記顔画像とを比較し当該撮影装置にて撮影された対象を認証する認証部を備えることを特徴とする認証システム。     An authentication system comprising the verification device according to claim 1 and an imaging device,
    The verification system further includes an authentication unit that compares a captured image captured by the image capturing apparatus with the face image to authenticate an object captured by the image capturing apparatus.
  6.  請求項5に記載の認証システムにおいて、
     前記認証部は、特徴値を用いて前記撮影画像と前記顔画像の比較をすることを特徴とする認証システム。     In the authentication system according to claim 5,
    The authentication system, wherein the authentication unit compares the captured image with the face image using a feature value.
  7.  請求項5に記載の認証システムにおいて、
     更に、前記対象の認証の結果に応じた処理を行うゲートを備えることを特徴とする認証システム。     In the authentication system according to claim 5,
    The authentication system further includes a gate that performs a process according to a result of the authentication of the target.
  8.  請求項5に記載の認証システムにおいて、
     更に、前記識別子画像を前記第二の特徴値を共通鍵で暗号化して作成する発行装置を備えることを特徴とする認証システム。     In the authentication system according to claim 5,
    The authentication system further comprises an issuing device that creates the identifier image by encrypting the second feature value with a common key.
  9.  画像撮影機器およびデータ受信機器と接続する検証装置を用いた検証方法であって、上記検証方法は、署名検証ステップと画像検証ステップとを有し、第1の処理又は第2の処理を行う検証方法であって、
     前記第1の処理においては、
     前記署名検証ステップは、
     端末の画面を撮影して取得した取得画像から識別子画像と顔画像とを抽出して前記識別子画像に含まれる電子署名から前記識別子画像を検証し、
     前記画像検証ステップは、
     前記顔画像から抽出した第一の特徴値情報と、前記識別子画像に含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証し、
     前記第2の処理においては、
     前記署名検証ステップは、
     前記端末から受信して取得した取得データから電子署名の検証を行い、
     前記画像検証ステップは、
     前記取得データに含まれる顔画像から抽出した第一の特徴値情報と、前記取得データに含まれる第二の特徴値情報とを比較して前記顔画像の真正性を検証することを特徴とする検証方法。     A verification method using a verification device connected to an image capturing device and a data receiving device, wherein the verification method includes a signature verification step and an image verification step, and performs the first process or the second process. Method,
    In the first processing,
    The signature verification step includes
    The identifier image and the face image are extracted from the acquired image obtained by photographing the screen of the terminal, and the identifier image is verified from the electronic signature included in the identifier image,
    The image verification step,
    Verifying the authenticity of the face image by comparing the first feature value information extracted from the face image with the second feature value information included in the identifier image,
    In the second processing,
    The signature verification step includes
    Verify the electronic signature from the acquired data received from the terminal,
    The image verification step,
    It is characterized in that the authenticity of the face image is verified by comparing the first characteristic value information extracted from the face image included in the acquired data with the second characteristic value information included in the acquired data. Method of verification.
  10.  請求項9に記載の検証方法において、
     撮影装置にて撮影された撮影画像と前記顔画像を比較し、当該撮影装置にて撮影された対象を認証する認証ステップを更に備えることを特徴とする認証方法。     In the verification method according to claim 9,
    An authentication method further comprising an authentication step of comparing a captured image captured by an image capturing device with the face image and authenticating an object captured by the image capturing device.
PCT/JP2019/041885 2018-11-27 2019-10-25 Verification device and verification method WO2020110536A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018-221289 2018-11-27
JP2018221289A JP7112320B2 (en) 2018-11-27 2018-11-27 Verification device and verification method

Publications (1)

Publication Number Publication Date
WO2020110536A1 true WO2020110536A1 (en) 2020-06-04

Family

ID=70853375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/041885 WO2020110536A1 (en) 2018-11-27 2019-10-25 Verification device and verification method

Country Status (2)

Country Link
JP (1) JP7112320B2 (en)
WO (1) WO2020110536A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022019338A1 (en) * 2020-07-21 2022-01-27 Nec Corporation Touchpoint apparatus, touchpoint system, touchpoint method, and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113741596B (en) * 2021-08-25 2022-10-04 中国铁路设计集团有限公司 Operation and maintenance method and system for railway power supply and distribution

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005228159A (en) * 2004-02-13 2005-08-25 Bank Of Tokyo-Mitsubishi Ltd Account opening processing system and method
JP2006503374A (en) * 2002-10-16 2006-01-26 マイクロソフト コーポレーション Cryptographically secure personal identification
JP2006209852A (en) * 2005-01-26 2006-08-10 Nidec Sankyo Corp Information recording medium and information reading apparatus
JP2007122143A (en) * 2005-10-25 2007-05-17 Kddi Corp Electronic ticket distribution method, mobile terminal, server, system and program
JP2015524958A (en) * 2012-06-07 2015-08-27 アップル インコーポレイテッド Intelligent presentation of documents
JP2017202206A (en) * 2016-05-13 2017-11-16 ダイコク電機株式会社 Game parlor system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006503374A (en) * 2002-10-16 2006-01-26 マイクロソフト コーポレーション Cryptographically secure personal identification
JP2005228159A (en) * 2004-02-13 2005-08-25 Bank Of Tokyo-Mitsubishi Ltd Account opening processing system and method
JP2006209852A (en) * 2005-01-26 2006-08-10 Nidec Sankyo Corp Information recording medium and information reading apparatus
JP2007122143A (en) * 2005-10-25 2007-05-17 Kddi Corp Electronic ticket distribution method, mobile terminal, server, system and program
JP2015524958A (en) * 2012-06-07 2015-08-27 アップル インコーポレイテッド Intelligent presentation of documents
JP2017202206A (en) * 2016-05-13 2017-11-16 ダイコク電機株式会社 Game parlor system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SAWADA, KEI ET AL.: "Image recognition based on hidden Markov eigen- image models with the variational Bayesian method", IEICE TECHNICAL REPORT, vol. 112, no. 441, 14 February 2013 (2013-02-14), XP032549706 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022019338A1 (en) * 2020-07-21 2022-01-27 Nec Corporation Touchpoint apparatus, touchpoint system, touchpoint method, and storage medium

Also Published As

Publication number Publication date
JP7112320B2 (en) 2022-08-03
JP2020088638A (en) 2020-06-04

Similar Documents

Publication Publication Date Title
KR102560512B1 (en) data check
US10681025B2 (en) Systems and methods for securely managing biometric data
CN107409049B (en) Method and apparatus for securing mobile applications
JP6803804B2 (en) Image information verification device
US10313338B2 (en) Authentication method and device using a single-use password including biometric image information
US9218473B2 (en) Creation and authentication of biometric information
JP2015088080A (en) Authentication system, authentication method, and program
WO2020110536A1 (en) Verification device and verification method
JP2011165102A (en) Biometrics authentication system and portable terminal
CN109447029B (en) Electronic identity card photo generation system and method
WO2015028339A1 (en) Mobile transaction data verification device and method of data verification
KR101654797B1 (en) Interactive CAPTCHA System Resilient to Phishing Attacks
EP3811254A1 (en) Method and electronic device for authenticating a user
GB2495494A (en) Identity verification
JP2020024603A (en) Authentication management device and authentication management system
TWI726326B (en) Method, device and system for generating and verifying self-protection multidimensional barcode
JP2010034967A (en) Ternary authentication method and system therefor
KR101611522B1 (en) Personal certificatoin system and method preventing reuse of biometric information
US10582083B2 (en) Method of securely transmitting an image from an electronic identity document to a terminal
JP2005191765A (en) Image management system
CN110197246B (en) Self-anti-counterfeiting multi-dimensional bar code generation and verification method, device and system
KR101462547B1 (en) Personal certificatoin system and method preventing reuse of biometric information
JP2023179334A (en) Authentication method, authentication system, portable information device, and authentication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19891318

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19891318

Country of ref document: EP

Kind code of ref document: A1