[go: up one dir, main page]

HK1002213B - Methods and systems for creating and authenticating unalterable self-verifying articles - Google Patents

Methods and systems for creating and authenticating unalterable self-verifying articles Download PDF

Info

Publication number
HK1002213B
HK1002213B HK98101182.9A HK98101182A HK1002213B HK 1002213 B HK1002213 B HK 1002213B HK 98101182 A HK98101182 A HK 98101182A HK 1002213 B HK1002213 B HK 1002213B
Authority
HK
Hong Kong
Prior art keywords
data
data set
recipient
article
subset
Prior art date
Application number
HK98101182.9A
Other languages
Chinese (zh)
Other versions
HK1002213A1 (en
Inventor
D‧G‧普里迪
Original Assignee
Microscan Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microscan Systems, Inc. filed Critical Microscan Systems, Inc.
Priority claimed from PCT/US1995/009397 external-priority patent/WO1996003821A1/en
Publication of HK1002213A1 publication Critical patent/HK1002213A1/en
Publication of HK1002213B publication Critical patent/HK1002213B/en

Links

Description

Method and system for generating and authenticating unalterable, automatically authenticated articles
Field of the invention
The present invention relates generally to encoding methods and systems, and more particularly to methods, systems, and articles of manufacture for generating and authenticating self-verifying articles of manufacture.
Background
Modern life requires rapid, convenient and reliable verification of personal identification and document authenticity. Almost every commercial transaction requires the identification of individuals and documents. Furthermore, there is an increasing need for personal identification in social and political environments.
Commercial transactions requiring document identification and personal identification include credit cards, phone cards, automated teller machines ("ATMs"), and the like, as well as other everyday commercial transactions such as check cashing. For example, when a check is taken to a bank for payment, the bank needs to verify the authenticity of the check writer's signature (called an endorsement), and there is enough money in the checking account to pay the check. The authenticity of the endorsement is determined by comparing the signature on the check with a sample of the signature left on the bank document by the check writer. Counterfeiting a reasonably good endorsement can cause unauthorized individuals to illegally cash in the check.
On the other hand, in non-commercial environments, there are often recognition issues in terms of security. For example, security systems for apartments and office buildings require anyone who wants to enter the building to "check in" with a security guard and often present the guard with a previously issued personal identification document that allows access to the building. The security guard makes his best judgment to determine that the personal identification document is authentic and that the person presenting the personal identification document is the person identified by the personal identification document. In this case, it is understood that a security guard may be deceived by a person identified by a forged or tampered identification document. In political environments, many countries require citizens to carry personal identification cards in public so that they can be checked on demand by appropriate authorities. For example, at the scene of a traffic accident or when a stop is made due to a traffic violation, the individual presents a personal identification, such as a driver's license, to the police. In addition, personal identification documents are submitted when voting, crossing international borders, and/or importing or exporting goods.
Thus, there is a clear need for unalterable automatically authenticated personal, business and political identification cards, certificates, documents, labels, packaging and other similar articles (articles). For purposes of this patent document, an article is considered to be any article having a surface that may include a substrate to which data may be secured. As used herein, the term "affixed" shall mean, but not be limited to, one or more of the following, which is applied, printed, glued, etched, scratched, painted, printed, tapped, embedded, machined, drilled, stamped, or imaged.
One current solution requires the use of biometric information stored in a memory device carried by the individual. The term "biometric information" refers to a characteristic that is personal, such as a signature, fingerprint, or photograph. A "programming" site that programs a memory device under secure conditions obtains a sample of biometric information to be used from an individual. The sample is made into a code using common coding techniques. Samples may be obtained by having each person place a hand, eye, face or other unique identification feature on the scan-in device. The scanned information is then encoded to form a code which is then stored in an alterable portable memory device (i.e., magnetic tape, electronic or optical memory card, floppy disk, etc.). The portable memory device is issued to the individual. When the identity of an individual needs to be verified, each individual presents the portable memory device at a "remote access/decode" location where the individual's identity is verified, and the information contained within the portable memory device is read from the memory. The individual then places the particular physical characteristic on the input scanning device to obtain another sample of biometric information. The machine compares the read code with the biometric information just sampled to determine authenticity. In this regard, the read code may be decoded, for example, using a process that is the reverse of the encoding previously performed or the sample information may be encoded, for example, using the same encoding process used in the encryption, for comparison. This solution is extremely expensive because it requires, at each encoding and remote access field, a processing system that performs the data encoding and/or decoding, complex opto-electronic hardware and memory devices that are everyone else.
It is therefore an object of the present invention to provide an unalterable code for use on an article, such code containing biometric identification information unique to the intended holder of the article.
It is another object of the present invention to provide a method and system for inexpensively, accurately and efficiently producing unalterable, automatically authenticated personal and commercial articles.
It is a further object of the present invention to provide a method and system for accurately, efficiently and inexpensively authenticating a presented automatically verified article.
It is a further object of the present invention to provide a method and system for verifying the authenticity of an automatically verified article presented at a remote access location that does not require expensive verification equipment, such as physical characteristic scanning input devices, nor the inconvenience of communicating information to a central location.
Summary of The Invention
The present invention relates to an automated authentication article comprising an encoded machine-readable data set including recipient-specific biometric data. Self-verifying articles include, for example, business documents (i.e., borrowed notes, drafts, checks, and bearer papers), transaction cards (i.e., ATM cards, phone cards, credit cards, etc.), personal identification documents (i.e., driver's licenses, government relief cards, passports, and personal identification cards, etc.), and labels affixed to the surface of packages, including, for example, the identity of the owner or sender of the package, which may be used by customs agents to verify imported goods. A subset or all of the biometric data set may be, for example, an image of a person's characteristics that is considered to be unique to that person, such as a fingerprint, retinal scan, photograph, signature, etc., or some combination of the foregoing preferably encoded to produce a machine-readable data set. The article is preferably a low cost article of paper or plastic, but may be any substrate that preferably secures the machine-readable data set on or in the article. The article of manufacture may also, but need not, contain a human-readable version of the biometric data set.
In one embodiment of the invention, the encoded machine-readable data set is fixed on the article in such a way that it is not understood or visible to the human eye, except with the aid of a suitably designed reading device. For example, a check or any article of manufacture in this regard has affixed thereto a machine-readable data set that includes a specified user signature. Thus, an impostor would not be able to copy a sample of the specified signature. The comparison of the user's signature with the decoded signature allows verification at the point of use.
In another embodiment, a human-readable text data set is also present on the article, and a selected subset of the text data set can be selected to be encoded, concatenated, interleaved, etc. with the encoded biometric data set. For purposes of this patent document, a text data set includes all data that is non-biometric data.
Accordingly, one embodiment of the present invention is an automated authentication article comprising a surface and a data set comprising encoded recipient-specific biometric data in machine-readable form. Another embodiment is an automated authentication article comprising a surface, a first data set affixed to the surface, and a second data set that is an encoded copy of the first data set. An alternative embodiment is an automatically verified, recipient-specific identification article comprising a surface, a textual data set comprising at least one textual data subset affixed to the surface, a biometric data set comprising at least one biometric data subset affixed to the surface, and a machine-readable data set comprising encoded copies of the textual data set and the biometric data set, optionally concatenated, interleaved, or combined, and affixed to the article. The machine-readable data set is preferably arranged as an optically readable binary code constituting at least one matrix (array). A matrix generally refers to a two-dimensional bar code or matrix code.
One aspect of the present invention relates to a method of producing an unalterable, automatically authenticated article, the method comprising the steps of: the method includes receiving a recipient-specific data set comprised of one or more recipient-specific data subsets, generating a machine-readable data set by selectively encoding a first recipient-specific data subset, and fixing the machine-readable data set and optionally the first recipient-specific data subset to a surface of the article. Preferably, the machine-readable data set may be fixed in the form of one or more machine-readable matrices. The printed machine-readable data set may be affixed as visible binary data, for example, on designated blank areas of the article, or alternatively, as described above, the machine-readable data set may be printed on or under the printed areas of the article by using marking means, such as ink that may be detected separately from the article printing, such as ultraviolet, infrared, or other colored ink, or by placing the machine-readable data set on the article, so that a permanent magnetic or fluorescent image may be selectively read. It is also possible to fix the machine-readable data set in a spectrally resolvable manner, with a false code printed on the data set that would produce an invalid code if it were optically copied or otherwise reproduced.
On the other hand, the machine-readable data set may be actually fixed as binary data as a blank point (void). For purposes of this patent document, the blank spots should include, but are not limited to, pits, slits, bubbles, depressions, apertures, and the like, or none of them, and the blank spots may be optionally arranged in a matrix such that the physical material detection system is capable of distinguishing between blank spot/non-blank spot areas. Such detection systems may include ultrasound or other imaging techniques that utilize return signals that determine the depth or density of the lattice (cellarea) to determine if blank spots are present. Other optical techniques may be used as well, such as those used in conventional compact disc technology. It is desirable that when physical properties are utilized, any blank spots can be filled or covered with material to provide a smooth surface to the article. Thus, the structure of the article is a multi-layer structure, one of the layers of which contains the machine-readable code as blank spots.
Alternatively, a layer of the article is provided with a machine-readable code, which layer is opaque except for the code (or transparent except for the code), so that the code can be optically detected by strong invisible light, but cannot be obscured by another layer.
Another aspect of the invention relates to a method of operation for verifying the authenticity of an automatically verified article. One such method comprises the steps of: scanning an automated authentication article comprising one of the various types described above encoding a biometric data set, locating (or reading, etc.) and decoding the biometric data set, comparing the decoded biometric data set to a recipient-specific sample, and determining whether the decoded biometric data set corresponds to the recipient-specific sample. Another method comprises the steps of: receiving a self-authenticating article comprising first and second data sets, the first data set being an encoded copy of the second data set, scanning the self-authenticating article to locate (or read, etc.) the encoded first data set, decoding the encoded first data set, and comparing the decoded first data set with the second data set to determine the authenticity of the self-authenticating article. In a preferred embodiment, the encoded first data set has been printed in one or more machine-readable matrices.
A processing system for generating a unique machine-readable data set affixed to an article of manufacture in accordance with the principles of the present invention comprises: an input to receive a recipient-specific data set comprising a plurality of recipient-specific data subsets, a memory device to store a plurality of processing system instructions, a processing unit to generate a machine-readable data set, and an optional output to transmit the generated machine-readable data set and the first recipient-specific data subset. The processing unit retrieves and executes at least one processing system instruction in the memory device. The processing system instructions instruct the processing unit to selectively encode the first recipient-specific data subset. In one embodiment of the invention, the processing unit is further capable of arranging the machine-readable data set as optically readable binary code constituting at least one matrix.
A processing system for verifying the authenticity of an automatically verified article according to the principles of the present invention comprises: an input for receiving (or scanning, reading, etc.) the automatically authenticated article, a memory device storing a plurality of processing system instructions, a processing unit for verifying the authenticity of the automatically authenticated article, and an optional output for transmitting an output signal. The input includes means for selectively scanning the surface of the self-authenticating article controlled by the processing unit or alternatively by another processing unit or input control device. The processing unit retrieves and executes at least one processing system instruction from the memory device, the processing system instruction instructing the processing unit to locate an encoded first data set affixed to the self-authenticating article and decode the encoded first data set. In one embodiment, the processing unit further compares the decoded first data set with a second data set affixed to the self-verifying article and generates an output signal indicative of the authenticity of the self-verifying article. In an alternative embodiment, the processing unit will communicate the decoded first and second data sets to a central host processing system that compares the two data sets. In another embodiment, the decoded first data set will include biometric data, and the output will transmit the biometric data to an output display device that enables a person on duty to visually compare the identity of the holder of the automatically authenticated article.
One embodiment of applying and/or augmenting the invention is software stored on a storage medium. The software includes a plurality of computer instructions that control one or more processing units to generate and/or authenticate a unique self-verifying article in accordance with the principles of the present invention. The computer will include, or will include a portion of, the necessary encoding and/or decoding operations/algorithms to be used. The storage medium used may include, but is not limited to, magnetic memory, optical memory, and/or a semiconductor chip, to name three examples.
Thus, an advantage of the present invention is that it is possible to provide an unalterable code for use on an article of manufacture that contains a biometric identification and characteristic information that is unique to the licensed holder of the article of manufacture.
Another advantage is that the machine-readable code is fixed on the article using a rather cheap technique which is very reliable and accurate, preferably using ordinary printing equipment.
Another advantage of the present invention is that it can provide methods and systems for automatically authenticating articles and inexpensively, accurately and efficiently producing unalterable automatically authenticated personal identification documents and business documents.
Yet another advantage of the present invention is that it provides a method and system for accurately, efficiently and inexpensively authenticating a presented automatically verified article.
Yet another advantage of the present invention is that it can provide a method and system that can verify the authenticity of an automatically verified article presented at a remote access location without the need for expensive verification equipment.
Brief description of the drawings
For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, wherein like reference numbers refer to like parts, and in which:
FIG. 1A shows a functional block diagram of a system for generating an automatically authenticated article according to the principles of the present invention;
FIG. 1B shows an isometric view of the processing system of FIG. 1A;
FIG. 1C shows a block diagram of a processing unit and a memory device;
FIG. 2A shows a functional block diagram of a system for verifying the authenticity of a received automatically verified article according to the principles of the present invention;
FIG. 2B shows an isometric view of the remote access site processing system of FIG. 2A;
FIG. 3 shows a machine-readable binary code matrix;
FIGS. 4A and 4B illustrate a flow chart for producing an unalterable self-verifying article of the embodiment shown in FIG. 1A; and
fig. 5 shows a flow chart for verifying the authenticity of a received automatically verified article of manufacture for the embodiment shown in fig. 2A.
Detailed Description
FIG. 1A shows a functional diagram of a system for generating an automated authentication article of the present invention. The system comprises an input data set 100 comprising a biometric data set 101 and optionally a textual data set 102, the system further comprising an article 10, a processing system 103 and an automated authentication article 104. As described above, the data set 100 is composed of recipient-specific data. The biometric data set 101 may include one or more physical characteristics (i.e., photograph, retinal scan, fingerprint, signature, etc.) specific to the potential article recipient, while the text data set 102, which is optionally included in the input data set 100, may include one or more text attributes (i.e., name, address, height/weight, eye color, etc.). The processing system 103 generates the automated verification article 104 by generating a unique machine-readable data set affixed to the article 10.
The processing system 103 includes an input device, a processing device, an output device, and an article generation device. The processing means renders the input data set 100 syntactically and semantically valid and encodes a selected subset of the biometric data set 101 and optionally a selected part of the text data set 102 (optionally first encrypting the data to be encoded, if required). The output means transmits the validated and encoded data set to the article generation means along with the selected subset of the biometric data set 101 and optionally the textual data set 102. The article generation apparatus secures the validated and encoded data set, and optionally a selected subset of the biometric data set 101 and optionally the textual data set 102, to the article 10 to generate an automated authentication article 104.
In a preferred embodiment, the processing system 103 ensures data integrity by encoding all selected subsets of biometric and textual data into a compact unalterable machine-readable data set and then arranging the machine-readable data set into one or more matrices. If desired, the machine-readable data set may be divided into two or more individual data segments, which may then be added to two or more two-dimensional machine-readable matrices, which may or may not appear to be the same size. These matrices, although physically separate, may contain check values and features that ensure that any attempt to alter the human-readable text and/or machine-readable matrix can be found. In this regard, the encoded biometric data and the textual data may be concatenated into a data string and then roughly divided into two portions to form two matrices of substantially the same size. Alternatively, the biometric data and the text data may be interleaved, for example, in units of alternating bits, bytes, a group of bytes, etc., to form a data string, which is then divided into two matrices. Preferably, each matrix is provided with a checksum to independently verify the data integrity of each matrix. Additionally, or alternatively, the matrices may have interdependent checksums that are used to collectively verify the data integrity of the two matrices. Due to the effect of these checksums, invalid data will be read if one matrix is changed, or if both matrices are changed. Interleaving the biometric data and the textual data according to a predetermined routine advantageously improves the ability to verify the changed matrix. Alternatively, the biometric data set 101 may constitute one matrix and the textual data set 102 may constitute a second matrix.
In one embodiment, enhanced data security can be obtained and maintained by verifying the acceptability of machine-readable data sets according to predetermined criteria-such verification may include searching a database of previously generated artifacts (e.g., an organized, comprehensive data set stored for use by a processing system) to determine uniqueness. Note that in an alternative embodiment, the input data set 100 may be received at a remote access encoding site without authentication and/or encoding algorithms, in which case the data signal representation of the recipient-specific biometric data and associated textual data may be transmitted to a secure central host (similar to that shown in fig. 2A) which then performs the authentication described above. The transmission may be a wired or wireless transmission.
If the recipient is determined to be acceptable, the recipient-specific biometric data is encoded, preferably including using a compression algorithm and combining subsets of the biometric data and optionally subsets of the textual data into one or more machine-readable matrices. If the input data set 100 is received at a remote access coding site that does not have a coding algorithm, the obtained coded binary string is transmitted to the remote access coding site as described above. The standard article generation equipment (shown in FIG. 1B) then fixes the machine-readable data set on one or more of the automatically authenticated articles. As the article is produced and ejected in the article production facility, the record of the event is automatically entered into a database, which may be located at the central host if the input data set 100 is received at the remote access coding site. The registration items ensure that duplicate articles are not inadvertently produced at a later time. Note that the number of articles produced is directly related to the intended use of the article. Applications of this aspect of the invention include the production of only a single driver's license with a uniquely coded photograph, or the production of multiple articles with the same encrypted signature, such as checks, travelers checks, bank notes, and the like.
Figure 1B shows an isometric view of the processing system 103. The processing system 103 includes a personal computer ("PC") 105 connected to an article production device 114. The PC105 is comprised of a housing 106 (shown with a cut-away view), a monitor 109, a keyboard 110, and an optional mouse 113. The chassis 106 includes a floppy disk drive 107 and a hard disk drive 108. The floppy disk drive 107 accepts, reads, and writes external disks, while the hard disk drive 108 provides fast access for data storage and retrieval. Although only a floppy disk drive 107 is shown, PC105 may be equipped with any appropriately designed structure for receiving and transmitting data, including, for example, magnetic tape and optical disk drives, as well as serial and parallel ports. Within the cut-away portion of the chassis 106 is a central processing unit ("CPU") 111 connected to a memory device, which in the depicted embodiment is a random access memory ("RAM") 112. Although the PC105 is shown with one CPU111, the PC105 may be equipped with multiple CPUs 111 that cooperatively perform the principles of the present invention. The article production device 114 receives one or more output data sets from the PC105 and fixes the output data sets on the surface of the article.
Although one implementation of processing system 103 has been illustrated with PC105 and article production facility 114, the present invention may alternatively be implemented within any processing system having at least one processing unit, such as within complex computing machines, hand-held computers, minicomputers, mainframe and supercomputers (RISC and parallel processing architectures), as well as within network combinations of the above-described processing systems, and any suitably designed article production apparatus may be employed.
FIG. 1C shows a schematic block diagram of one of any number of sub-processing systems that may be used in FIGS. 1A and 1B. The sub-processing system includes a processing unit, such as CPU111, coupled to a memory device, such as RAM112, via data bus 118. Memory device 112 stores one or more instructions that are retrieved, interpreted, and executed by processing unit 111. Processing unit 111 includes a control unit 115, an arithmetic logic unit ("ALU") 116, and a local memory device 117, which local memory device 117 may be, for example, a tiered cache or a plurality of registers. The control unit 115 fetches instructions from the memory device 112. ALU116 performs a variety of operations required to complete an instruction, including addition and Boolean AND. The local memory device 117 provides the high speed memory needed to store intermediate results and control information.
FIG. 2A shows a functional block diagram of a system of the present invention for verifying the authenticity of a received automatically verified article. The system includes an automated authentication article 104, a remote access location processing system 200 optionally connected (as shown by dashed lines) to a central host processing system 103, and an authenticity information display device 201, the authenticity information display device 201 may be, for example, a display, printer, or other reasonably designed display device. The self-verifying article 104 includes at least one encoded data set including a first subset of data that is an encoded copy of a portion or all of the set of biometric data. The automated authentication article 104 preferably also includes a text data set or a biometric data set, or both.
Remote access site processing system 200 includes input devices, processing devices, and output devices. The input device receives the automated authentication article 104. The processing device verifies the authenticity of the automatically verified article 104, which verification may include communication between the remote access site processing system 200 and the central host processing system 103. The output means transmits the authenticity information generated by the processing means to the display means 201.
The processing device scans the self-authenticating article 104 to locate and decode the encoded first data set, compares the decoded first data set to a second data set obtained from the holder of the article or secured to the self-authenticating article 104, and generates an output signal indicative of the authenticity of the article 104. In an alternative embodiment, the processing means selectively bypasses or does not perform the comparison of the decoded first data set and the second data set. Instead, the processing means generates an output signal representing the decoded first data set, for example a graphical display of a portion of the bio-coded data set and a second data set for a display device for manual comparison and verification by an operator of the processing system. Or the operator of the processing system may manually compare the transcoded first data set and optionally the second data set (if affixed to the article) with the holder of the article or a biometric data set obtained from the holder or from a database, such as the holder's signature or appearance.
The system for verifying the authenticity of the automatically verified article 104 may employ various devices including, for example, a portable terminal, a fixed station reader, and a flat panel scanner, each of which may include a decoder directly or may utilize wired or radio frequency, short wave, cellular, infrared or other forms of wireless communication to perform the decoding function at a base station or master station, for example, at the processing system 103. Remote access site processing system 200 and/or central host processing system 103 may have a keyboard and display screen with sufficient resolution to accurately display the encoded biometric image and/or textual data, and may also include imaging equipment necessary to convert the machine-readable data set into binary machine language bits in preparation for transcoding. Such an imaging device may be based on any of several technologies including CCD, CMOS and NMOS or other forms of light sensitive sensors, which may have a structure in the form of a two-dimensional area or a one-dimensional linear array, or may be a single laser readout sensor scanning a two-dimensional image in a raster pattern.
A preferred embodiment of the imaging device is a linear array scanner aligned perpendicular to the real boundaries of the printed machine-readable code 205, which when two or more matrices are used are arranged in parallel so that a CCD scanner using a common card swipe (cardwipe) action as in a common tape read-out can sweep through two symbols. The matrices are then read out and the video images of each matrix are stored in memory for processing. Imaging may also be accomplished using lasers, laser diodes, infrared or other binary imaging techniques that may cause the device to have a structure in the form of a two-dimensional area or a one-dimensional linear array. In addition, the reader may have the ability to automatically compare the images and information encoded in the machine-readable matrix to a human-recognizable version on the same article. In one embodiment, this comparison may be done in the memory of the remote access site processing system 200, so that a keyboard and/or high resolution display screen is not required on the terminal. Or, as described above, the operator may use the eyes to compare the information displayed on the terminal screen with the human-readable information now on the article and/or the holder of the article.
Figure 2B shows an isometric view of a handheld computer that may be used as the remote access site processing system 200. The handheld computer 200 includes a keyboard 202, a display mask 203, and an input port 204. The keypad 202 includes a regular arrangement of keys that manually receive input data from a user. The display screen 203 displays authenticity information and/or biometric and/or textual data. The input port 204 receives an autoverification article 104, represented here by a driver's license, which in the depicted embodiment includes encrypted machine-readable data sets 205a and 205b arranged in two optically-readable binary matrices. Remote access site processing system 200 includes at least one processing unit and a memory device, such as the sub-processing systems shown in FIG. 1 c. The processing unit preferably includes a microprocessor with associated memory (non-volatile memory storing a program instruction set for identifying and decoding the matrix and volatile memory for a data processing workspace), video memory storing an image of the matrix to be decoded, and associated signal conditioning circuitry, all mounted on a printed circuit board.
Fig. 3 illustrates a preferred single machine-readable binary encoded matrix, generally represented by matrix 205. Matrix 205 is produced by International DataMatrix Inc of Clearwater, Florida. A sample of the Data Matrix notation developed (which is the assignee of the present invention). The matrix 205 has a perimeter 300 formed by intersecting edges 301 and intersecting perimeter edges 302, the intersecting edges 301 being solid lines and the intersecting perimeter edges 302 being composed of alternating dark perimeter rectangles 303 and light perimeter rectangles 304. Data, generally designated 305, is stored within the perimeter 301 of the matrix 204 by transforming each character to be stored into a visual binary code represented by dark and light rectangles corresponding to 1's and 0's of the binary information being encoded. For a more complete description of the structure of the matrix 205, reference is made to U.S. patent No. 4939354 entitled "dynamically variable machine-readable binary code and method of reading and generating the same" and to co-pending U.S. patent No. 5324923 entitled "apparatus for generating a dynamically variable machine-readable binary code and method of reading and generating the same", both of which are owned by the assignee of this patent document and are incorporated herein by reference.
FIG. 4A shows a flow chart for producing an unalterable self-verifying article of the embodiment shown in FIG. 1A. Upon entering the "start" block 400, processing in accordance with the principles of the present invention begins. A recipient-specific data set including at least one data subset is received by the processing system 103 (input block 401). The processing system 103 preferably performs image compression on the first subset of data. The ratio of image compression is preferably about 50: 1 or higher in order to obtain a digital representation of the obtained data. Such compressed data enables the rendering of a recipient-specific image on a common graphical display screen without any significant degradation of visual quality (block 402). Image compression may be accomplished using any standard routine, such as Discrete Cosine Transform (DCT), LZW (Lempel-Ziv), fractional, etc., to reduce the number of bits required to encode the first subset of data. A compression ratio of 50: 1 is considered suitable, but other compression ratios may be used. In addition to data compression, an image enhancement routine may be performed on the first subset of data, preferably prior to the data compression step, in order to enhance image contrast, sharpness, smooth edges and reduce shadowing effects, particularly when imaging a photograph of a recipient. The foregoing improves digital images due to more efficient data compression. Suitable image enhancement routines are well known, and R published in 1987 by Addison-Wesley publishing company (Reading MA). Such a routine is described in Gonzlez et al, digital image processing. The processing system 103 selectively encodes the compressed first data set to produce a machine-readable data set (process block 403). This selective encoding step will be discussed in more detail with reference to the detailed description of fig. 4B. In one embodiment of the invention, the processing system 103 also arranges the machine-readable data set into optically readable binary codes that make up one or more matrices (process block 404). The processing system 103 affixes the machine-readable data set and the first recipient-specific data subset to the surface of the article, thereby producing the automated authentication article 104 (process block 405). In one embodiment, the matrix is affixed to the article using a conventional printing process, such as thermal, ink jet, bubble jet, laser, dot matrix printing, and the like. Or the matrix may be fixed below the surface, for example by laminating the upper surface or by covering the matrix with a printed layer of a multilayer article. In another embodiment, the machine-readable dataset is printed on a printed area of the article, such as a photograph on a driver's license. In yet another embodiment, the code is machine readable by creating bubbles or voids in the article or holes drilled or punched in the article according to a pattern of the matrix, and may be read using a technique that can detect the presence or absence of material, the relative density of the material, or the depth of bubbles, voids, holes, etc. in the article or using an optical measurement system or other suitable imaging system having rebound signals that can distinguish the code.
FIG. 4B shows a more detailed flow diagram of the process block 402 shown in FIG. 4A. Upon entering the "start" block 406, selective encoding of the first data set is started. The processing system 103 compares the first data set to the system control value to determine if the first data set is within acceptable tolerances (process block 407). The comparing step may include, for example, syntactic and/or semantic analysis. If the first data set is determined to be invalid ("no" branch of decision block 408), the processing system 103 aborts the generation of the automatic verification artifact (termination block 409). On the other hand, if the first data set is determined to be valid ("yes" branch of decision block 408), the processing system 103 searches the database of previously generated artifacts to determine if the generated artifact is unique (processing block 410), the uniqueness being determined based on the subjective determination as a function of the type of artifact generated. It should be noted that the database used by the processing system 103 may be internal or external to the processing system 103, and that the processing system 103 may search the database, either directly or indirectly, whether internal or external. For example, the database may be stored and controlled remotely by another processing system with which processing system 103 is in communication. If the first data set is determined not to be unique ("no" branch of decision block 411), the processing system 103 aborts the generation of the automatic authentication artifact (termination block 412). On the other hand, if the first data set is determined to be valid ("yes" branch of decision block 411), the processing system 103 selectively adds one or more subsets of the received recipient-specific data sets to the database as at least one record (processing block 413). Processing system 103 then encodes the first data set (processing block 414), and in one embodiment adds error correction bits to the encoded first data set (processing block 415).
The selective encoding of only the first data set as embodied in fig. 4A and 4B is illustrative only, and it should be recognized that the present invention is capable of selectively encoding a plurality of compressed recipient-specific data subsets, and then concatenating and interleaving the encoded subsets, etc., to thereby form a machine-readable data set. Further, when encoding two or more subsets of data and concatenating, interleaving them together, the processing system 103 can arrange the machine-readable data set into one or more optically-readable matrices, each encoded subset of data can occupy two or more matrices.
Fig. 5 shows a flow chart for verifying the authenticity of a received automatically verified article of manufacture for the embodiment shown in fig. 2A. Upon entering the "start" block 500, processing in accordance with the principles of the present invention begins. An automatically authenticated artifact, which in this embodiment comprises a plurality of data sets, a first data set of which is a coded copy of the first data set, is received by the remote access site processing system 200 (input block 501). The remote access site processing system 200 then scans the received autoauthentication article to locate the encoded first data set (process block 502). The remote access site processing system 200 decodes the encoded first data set (process block 503) and compares the decoded first data set to a second data set to determine the authenticity of the received autoverification article (process block 504).
In one embodiment, the comparison step is accomplished using communication between the remote access site processing system 200 and the processing system 103, and the processing system 103 maintains a database of recipient-specific data relating to previously generated automatically authenticated articles. In this embodiment, communication between remote access site processing system 200 and processing system 103 may be accomplished using wired or wireless communication means. In an alternative embodiment, at least the decoded first data set and optionally the second data set are transmitted to an output display device for manual comparison by a system operator. If it is determined that the decoded first data set is not authentic ("no" branch of decision block 505), the remote access location processing system 200 displays authenticity information indicating that the automatically authenticated artifact is invalid (output block 506). Conversely, if the decoded first data set is confirmed to be authentic ("yes" branch of decision block 505), the remote access location processing system 200 displays authenticity information indicating that the automatically authenticated artifact is valid (output block 507).
In another embodiment, prior to decoding the encoded first data set, remote access location processing system 200 converts the received autoauthentication article into a digital bitmap and partitions the digital bitmap into a plurality of regions, wherein a first region includes the encoded first data set and a second region includes the second data set. In this embodiment, both the first and second regions may include multiple biometric and/or orthogonal data subsets that are then transformed into a common data format for processing by the remote access site processing system 200.
As described above, an embodiment of an automatically authenticated article includes two matrices having a first data set of biometric data and a second data set of textual data. In addition, in one embodiment, the article of manufacture may also include a magnetic stripe containing alterable data that may be programmed by scanning a machine-readable matrix, decoding some of the data contained therein, and decoding the data (with or without other data) to the magnetic stripe. This makes the automated authentication article very useful in applications requiring the reading of magnetic strips.
Yet another application of the present invention is to prevent illegal copying of software. The software is a program in a special form that has been recorded on a storage medium, such as one of the storage media described above. The software allows programs to be freely transferred or copied from one storage medium to another, which enables unauthorized users to obtain illegal copies of the software. For example, in one embodiment, a purchaser of a processing system provides industry-standardized personal data to a software vendor, such personal data may include biometric data, which is optionally encrypted, and stored externally to the processing system. Whenever a processing system purchaser purchases software, the purchaser will again be required to provide such industry-standardized personal data that is compressed, optionally encrypted and encoded into a machine-readable data set, preferably into one or more binary encoding matrices, and fixed on the surface of a portable storage medium, such as a floppy disk or optical disk. When software is loaded into a processing system, the matrix is scanned, decoded and validated in accordance with the principles of the present invention, compared to previously stored data to ensure commonality of ownership, thereby limiting illegal copying of software. If public ownership is found, the software is loaded into the processing system along with the industry standardized personal data that is decoded. When the owner of the processing system shifts ownership of the processing system, in order to load his software, the new owner will have to redefine the industry standardized personal data, which may suspend the new owner's use of the existing software or automatically delete the existing software. When the use of software is suspended, if ownership of certain software is transferred legally, an ownership "transfer" routine may be obtained to restart the suspended use of the existing software.
Although the present invention and its advantages have been described in detail, it should be understood that various changes and substitutions can be made herein without departing from the spirit and scope of the invention.

Claims (23)

  1. A method of producing a recipient-specific article, the method comprising the steps of:
    receiving a recipient-specific data set, the recipient-specific data set including one or more recipient-specific data subsets;
    encoding the first subset of recipient-specific data to produce a machine-readable data set;
    arranging said machine-readable data set into optically readable binary codes constituting at least one matrix; and
    the machine-readable data set is affixed to an article of manufacture.
  2. 2. The method of claim 1, wherein said encoding step further comprises the steps of:
    at least a portion of the first recipient-specific data subset is compared to a control value to determine whether the first recipient-specific data subset is within an acceptable tolerance of the control value.
  3. 3. The method of claim 2 wherein said comparing step further comprises the steps of, after confirming acceptability:
    searching a database of previously generated unalterable artifact to determine if the recipient-specific dataset is unique, the database of previously generated unalterable artifact including one or more records;
    aborting the generation of the unique recipient-specific identification artifact once non-uniqueness is confirmed; and
    once uniqueness is confirmed, the recipient-specific dataset is inserted into at least one of the records in the database of previously-generated unalterable artifacts.
  4. 4. The method of claim 1, wherein said step of aligning is preceded by the steps of:
    selectively encoding a second subset of recipient-specific data; and
    combining the encoded second subset of recipient-specific data and the encoded first subset of recipient-specific data, thereby forming the machine-readable data set.
  5. 5. The method of claim 1, wherein said securing step further comprises the step of etching said matrix on said article.
  6. 6. The method of claim 1, wherein said securing step further comprises the step of inscribing said matrix on said article.
  7. 7. The method of claim 1, wherein said encoding step further comprises the step of encrypting said first recipient-specific data subset.
  8. 8. The method of claim 7, wherein said combining step comprises the steps of:
    interleaving the encoded second subset of recipient-specific data with the encoded first subset of recipient-specific data.
  9. 9. The method of claim 7, wherein said second subset of recipient-specific data includes textual data.
  10. 10. The method of claim 7, wherein said first recipient-specific data subset comprises biometric data.
  11. 11. The method of claim 1, wherein said encoding step further comprises the steps of:
    the machine-readable data set is arranged into optically readable binary codes that form two matrices.
  12. 12. A method of verifying authenticity of a received recipient-specific article, said recipient-specific article comprising a plurality of data sets including a first data set and a second data set, wherein said first data set is an encoded copy of said second data set, said second data set being optically readable binary code constituting at least one matrix, said method comprising the steps of:
    scanning the received recipient-specific article to locate the encoded first data set;
    decoding the encoded first data set; and
    comparing said decoded first data set with said second data set to determine the authenticity of said received recipient-specific identification article.
  13. 13. The method of claim 12, wherein said scanning step further comprises the steps of:
    transforming said plurality of data sets into a digital bitmap image; and
    the digital bit-mapped image is partitioned into a plurality of regions, a first region comprising the encoded first data set and a second region comprising the second data set.
  14. 14. The method of claim 13 wherein said first region comprises an encoded text data subset, said decoding step further comprising the steps of:
    the decoded text data subset of the first area and the text data subset of the second area are transformed into a first data format.
  15. 15. The method of claim 13, wherein said first region comprises an encoded subset of biometric data, said decoding step further comprising the steps of:
    transforming the decoded biometric data subset of the first region and the biometric data subset of the second region into a first data format.
  16. 16. The method of claim 12, wherein said comparing step further comprises the steps of:
    communicating said decoded first data set and said second data set to a processing system to facilitate verification of said authenticity.
  17. 17. A processing system for generating a unique machine-readable data set affixed to an automatically authenticated recipient-specific article, the processing system comprising:
    an input for receiving a recipient-specific data set, said recipient-specific data set comprising at least one recipient-specific data subset;
    a memory device storing a plurality of processing system instructions;
    a processing unit that generates the machine-readable data set printed on the automatically authenticated recipient-specific article by retrieving and executing at least one of the processing unit instructions within the memory device, the processing unit encoding a first subset of recipient-specific data; and
    an output for transmitting said encoded first recipient-specific data subset as said machine-readable data set;
    the processing unit further arranges the encoded first subset of recipient-specific data into optically readable binary codes that form at least one matrix.
  18. 18. The processing system of claim 17, further comprising:
    an article generation device, coupled to the output, for securing the machine-readable data set to an automatically authenticated recipient-specific article.
  19. 19. The processing system of claim 18, wherein said article generating apparatus further comprises means for affixing at least a portion of the recipient-specific data set to said self-authenticating article.
  20. 20. A processing system for verifying the authenticity of an automatically verified article, the processing system comprising:
    an input for receiving a data set comprising first and second subsets of data, wherein said first subset of data is an encoded version of said second subset of data, said first subset of data being arranged as optically readable binary codes constituting at least one matrix, said input comprising means controlled by a processing unit for selectively scanning the surface of said self-verifying article;
    a memory device storing a plurality of processing system instructions;
    said processing unit verifying the authenticity of said automatically verified article by retrieving and executing at least one of said processing unit instructions within said memory device, said processing unit decoding said encoded first subset of data.
  21. 21. The processing system of claim 20, further comprising means for comparing said decoded first data subset with said second data subset.
  22. 22. The processing unit of claim 20, further comprising means for generating an output signal indicative of the authenticity of said automatically verified article.
  23. 23. The processing system of claim 20, further comprising means for displaying said decoded first subset of data.
HK98101182.9A 1994-07-26 1995-07-26 Methods and systems for creating and authenticating unalterable self-verifying articles HK1002213B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US28078594A 1994-07-26 1994-07-26
US08/280,785 1994-07-26
PCT/US1995/009397 WO1996003821A1 (en) 1994-07-26 1995-07-26 Methods and systems for creating and authenticating unalterable self-verifying articles

Publications (2)

Publication Number Publication Date
HK1002213A1 HK1002213A1 (en) 1998-08-07
HK1002213B true HK1002213B (en) 2005-03-24

Family

ID=

Similar Documents

Publication Publication Date Title
EP0772530B1 (en) Unalterable self-verifying articles
US6804378B2 (en) Methods and products employing biometrics and steganography
US5841886A (en) Security system for photographic identification
EP0730243B1 (en) Identification card verification system and method
CA2170440C (en) Self-verifying identification card
US7770013B2 (en) Digital authentication with digital and analog documents
US5635012A (en) System for producing a personal ID card
US20060157559A1 (en) Systems and methods for document verification
US20040049401A1 (en) Security methods employing drivers licenses and other documents
JP2004504954A (en) Certification watermarks for applications related to print objects
MXPA05002945A (en) Cryptographically secure person identification.
EP0772929B1 (en) Methods and systems for creating and authenticating unalterable self-verifying articles
Noore et al. Embedding biometric identifiers in 2D barcodes for improved security
HK1002213B (en) Methods and systems for creating and authenticating unalterable self-verifying articles
US20040081319A1 (en) Check verification and authentication process and apparatus
O'Gorman et al. Photo-image authentication by pattern recognition and cryptography
Abass et al. A Review: Strategies for Recognizing Forgery in Identity Documents
EA006012B1 (en) Protection system of authenticity of printed information carrier