JP2008541592A - Verification of authenticity using light scattering - Google Patents

Abstract

  A method of authenticity verification. Including performing a transaction between the first party and the second party, wherein each party is located in a first and second location remote from each other, and the result of the transaction is the first of the rights to the rights token. Provision from a party to a second party. Following the transaction result, data describing the writing format of the rights token can be transmitted from the first party to the second party. The rights token can be written out at the second location using data describing the writing format. Further, a first signature of the rights token document is generated at a second location, and the signature is stored in the signature database based on the unique characteristics of the rights token document. Furthermore, a second signature of the rights token document can be generated at a third location remote from the second location, and the second signature is based on the unique characteristics of the rights token document and further increases the authenticity of the rights token document. Comparing the second signature attribute with the first signature attribute stored in the database to verify.

Description

  The present invention relates to authenticity verification and, in particular, to authenticity verification in situations where rights to goods, goods or services are transferred at a remote location in time or space from the point of delivery of the money, goods or services.

  In many electronic commerce and similar situations, the transfer of money, goods or services is often done at a location remote from the entity that manages the money or provides the goods or services. Also, tokens indicating such rights may be issued at a location remote from where the rights are asserted. Therefore, it is desirable for such transactions to be under a high level of security in order to minimize the risk of fraud in both the end user and the service provider or product supplier.

  To address these challenges, many issuers of rights tokens require the purchaser of tickets through an online or similar remote access system to pay for the token through the online system and then the token. Are shipped to the purchaser by conventional postal delivery service. Thus, the token can be created using a method that meets the issuer's anti-fraud requirements, at the issuer's choice location and / or using the issuer's choice machine. This causes a delay between the purchase and receipt of the rights token for the purchaser (which also causes the purchaser's anxiety because the buyer pays for it before receiving the token) May require the purchaser to maintain equipment to create and ship the rights token to be ordered.

Other technologies used to address the challenges of remote access to fees, rights to goods or services include security mechanisms for paying for goods with remote access systems, such as online access or ordering equipment . In such situations, a numeric indicator of authority to transfer money from the purchaser to the supplier may be given. Typically this can include a credit or debit card number and can be supplemented with a numeric PIN (personal identification number) or alphanumeric password. However, this system provides a guarantee that the purchaser actually owns the credit or debit card, although restrictions on the shipping address based on the credit or debit card invoice address can be used as an additional safety measure. Absent.
International Patent Application PCT / GB03 / 03917 British Patent No. 2221870 US Pat. No. 6,584,214 Kravolec, “Plastic tag make foolof ID”, Technology research news, October 2, 2002

  The present invention has been made, at least in part, in view of the problems and disadvantages of conventional systems.

  The present invention results, at least in part, from the inventor's work on the application of authentication techniques using tokens made of magnetic material, which includes the magnetic response of tokens (Cowburn's international patent application PCT / Uniqueness is realized by non-reproducible defects in the magnetic material that affect GB 03/03917 (detailed in US Pat. As part of this work, the magnetic material was made in the form of a bar code, ie several parallel strips. Read the inherent magnetic response of the band by sweeping the magnetic field with a magnetic reader and scan the laser beam over the bar code, changing the reflectivity between the bar code band and the article on which the band is formed An optical scanner for reading barcodes was made by utilizing the contrast by. This information was complementary to the magnetic properties. This is because, for example, barcodes are as described above for banknotes (see, for example, Kravolec, “Plastic tag make foolf ID”, Technology research news, October 2, 2002 (Non-Patent Document 1)) This is because it was used to encode a digital signature of a unique magnetic response in a known self-authenticating type.

  The inventor was surprised that when using this optical scanner, it was discovered that the backing material on which the magnetic chip was supported gave the scanner an inherent optical response. Further investigation has confirmed that many other raw surfaces, such as various types of cardboard and plastic surfaces, have the same effect. Furthermore, it has been established by the inventor that the inherent properties are caused, at least in part, by speckle, but also include non-speckle contributions.

  That is, it is possible to obtain all of the benefits of speckle-based technology without the need to use specially prepared tokens or special processing of articles by any other method. Was discovered. Specifically, many types of paper and cardboard provide a unique characteristic scattering signal with a coherent light beam, so that a unique digital signature can be obtained from almost any paper document or cardboard package Was found to be able to.

  The above known speckle reader used for security devices is based on illuminating the whole token with a laser beam and imaging a significant solid angle of the resulting speckle pattern using a CCD. See, for example, British Patent No. 2221870 and US Pat. No. 6,584,214, thereby obtaining a speckle pattern image of a token composed of a large array of data points.

  The reader used by the inventor does not work in this way. This reader uses four single channel detectors (four simple phototransistors) that are angularly isolated to collect only four signal elements from the scattered laser beam. The laser beam is focused into a spot that covers only a very small part of the surface. The signal is collected from different local areas of the surface by four single channel detectors as the spot scans the surface. Thus, the characteristic response from the article is made up of individual measurements from a number (typically hundreds or thousands) of different local areas of the article surface. Although four phototransistors are used, analysis using only data from a single phototransistor shows that a unique characteristic response can be derived from this single channel only. However, a higher security level is obtained if an additional channel of the four channels is included in the response.

  Viewed from a first aspect, the present invention provides a method for authenticity verification. The method can include performing a transaction between a first party and a second party, each of which is located at a first and second location remote from each other, and the result of the transaction is , Providing the right token to the second party from the first party. Following the transaction result, data describing the writing format of the rights token can be transmitted from the first party to the second party. The rights token can be exported at the second location using data describing the export format. The method may further include generating a first signature of the rights token document at a second location, the signature being based on the unique characteristics of the rights token document, where the first signature is signed. Stored in the database. Further, the method can include generating a second signature of the written rights token at a third location remote from the second location, wherein the second signature is a unique property of the rights token document. And the method further includes comparing the second signature attribute to the first signature attribute stored in the database to verify the authenticity of the rights token document, and thus The authenticity of the rights token can be reliably checked to avoid unauthorized copying or modification of the token without requiring token marking or other security mechanisms.

  In one embodiment, the method further includes generating the first signature using a device integrated with a device that writes out the rights token. Thereby, a signature can be generated as part of the writing process so that token changes between writing and signature generation can be avoided.

  In some embodiments, generating the first and / or second signature comprises exposing the rights token document to coherent light and a series of data that evaluates the scattering of the coherent light due to the inherent structure of the rights token document. Collecting points and determining the signature of the rights token document by a series of data points. Thereby, authentication can be performed using a secure and reliable signature generation system with high confidence limits.

  In some embodiments, the token can be a printed material, and the creation of the printed material includes printing data from the electronic file on a print sheet. The printing sheet may be a paper sheet, a cardboard sheet, a plastic sheet, or a metal sheet. The print sheet may have a pattern thereon prior to printing the data.

  In some embodiments, the token may be a data storage device such as a magnetic storage device or an electronic storage device physically associated with a plastic or metal card.

  In some embodiments, the article may be a rights token that indicates rights to goods or services, or others. Rights to goods or services can depend on positive verification of the authenticity of the goods. In some embodiments, the token may be a ticket, money transfer document, or access permit.

  In some embodiments, the first location is an electronic commerce server that can be used to serve as a host device for a remote shopping portal or remote order portal.

  Viewed from a second aspect, the present invention provides a system for authenticity verification. The system can include first and second computer systems that are remote from each other and operable to communicate therebetween via a data communication channel, the first computer system being a second computer system. And the result of the transaction is the provision of rights to the rights token from the first computer system to the user, the first computer system being operable to perform the transaction with the first computer system. Is further operable to transmit data describing the rights token to the second computer system via the data communication channel. The system also has a writer located in the same location as the second computer system and operable to write out a rights token using data describing the token, and in the same location as the second computer system. And a first signature generator arranged and operable to generate a first signature of the rights token document based on the unique characteristics of the rights token document. The system is also located in the same location as the third computer system remote from the second computer system and the signature database operable to store the first signature, and rights based on the inherent characteristics of the rights token document. And a second signature generator operable to generate a second signature of the token document. In addition, the system also includes a comparator operable to compare the second signature attribute with the first signature attribute stored in the database to verify the authenticity of the rights token document. Can do. Thus, the authenticity of an item can be reliably verified without having to mark the item or implement other security mechanisms in the item.

  In some embodiments, the first and second signature generators have a read volume configured to receive the article, a source of the coherent light beam, and the read volume scatters the coherent light beam. A detector arrangement for collecting a series of data points from the signal obtained from time to time, where different points of the data points are associated with scattering by different parts of the read volume, and the data acquisition and processing module Is operable to determine the signature of the article. Thus, signatures can be generated with high reliability of the system's functionality to verify the uniqueness of the item.

  In some embodiments, the writer can be co-located with the first signature generator. Thereby, the article can be scanned during or immediately after production to reduce the possibility of unauthorized manipulation of the article.

  In some embodiments, the token can include a pattern printed on a printing substrate or printing sheet. The printing sheet may be a paper sheet, a cardboard sheet, a plastic sheet, or a metal sheet. There may be a pattern on the print sheet before the token data is written on it. The printing substrate may be a packaging container or a manufactured article.

  In some embodiments, the rights token document can include a data storage device. The data storage device may be a data storage device such as a magnetic storage device physically associated with a plastic card or metal card, or an electronic storage device.

  The rights token can indicate the rights to the goods or services. Rights to goods or services can depend on positive verification of the authenticity of the goods. This article may be a ticket, money transfer document, or access permit.

  The third location can be a redemption location for the rights token document.

  In some embodiments, the system can be used to verify the authenticity of the article and / or to check whether the article has been altered.

  Viewed from another aspect, the present invention provides a method for authenticating a ticket, the method comprising creating a ticket at a location remote from a ticket issuing entity, based on the ticket's inherent characteristics. Scanning the ticket at its place of generation to generate a signature for the first time, transmitting the first signature to the issuing entity and retaining the first signature or its attributes for subsequent ticket verification, redemption Scanning the ticket to generate a second signature of the ticket based on the ticket's unique characteristics, and determining the validity of the ticket in response to the presentation of the ticket for Comparing the attributes of the two signatures. Thereby, a ticket can be created anywhere and can be scanned to validate the ticket. Thereafter, when the ticket is presented for redemption, the authenticity of the ticket can be verified to determine whether to accept the ticket.

  The first signature or its attributes can be stored in a database for subsequent ticket verification, in which the attributes of the first signature are retrieved for comparison with reference to the database. Alternatively or in addition, the first signature or its attributes can be used by the issuing entity to generate label data that encodes the first signature according to a machine-readable encoding protocol. Is transmitted to the second party and written in a rights token as a label for subsequent ticket verification at the second location, where the first signature of the first signature for comparison with reference to the label The attribute is searched.

  Viewed from another aspect, the present invention provides a method for authenticating access permissions, which includes generating access permits at a location remote from the access issuer, the inherent properties of the access permits. Scanning the access permit at a generation location for generating a first signature of the access permit based on the information, transmitting the first signature to the issuing entity, and subsequently transferring the first signature or its attributes Scans the access permit to generate a second signature of the access permit based on the unique characteristics of the access permit in response to presenting the access permit for redemption And comparing the attributes of the first and second signatures to determine the authenticity of the access permit.

  Thereby, an access permit, such as a flight or boarding pass, can be printed at any location and can be validated by scanning to generate a signature. Later, when the permit is presented for access to a place, event, travel vehicle, etc., it verifies the authenticity of the permit and grants the access claimed to be granted by the permit You can judge whether or not.

  In some embodiments, moving the coherent beam relative to the article ensures that different data of the collected data related to the intrinsic properties of the article is associated with scattering by different parts of the article. . This movement can be achieved by a motor that moves the beam over a fixed article. The motor may be a servo motor, a free-running motor, a stepper motor, or any suitable motor type. Alternatively, the drive can be manually operated with a low cost reader. For example, an operator can scan a beam over an article by moving a stationary beam across a carriage on which the article is placed. The cross section of the coherent beam is typically at least an order of magnitude (preferably at least 2 orders of magnitude) smaller than the projection of the article so that an effective number of individual data points can be collected. A focusing device can be provided to focus the coherent beam on the article. The focusing device can be configured so that the coherent beam has an elongated focus, in which case the drive is configured to move the coherent beam over the article in a direction across the long axis of the elongated focus. Is preferred. An elongate focal point can be conveniently achieved using a cylindrical lens or equivalent reflector configuration.

  In other embodiments, the detector device includes a plurality of detection channels arranged and configured to detect scattering by different parts of the article so that different data of the data points can be different parts of the article. It can be assured that it is related to scattering by. This can be accomplished with a direction detector, local collection of signals by optical fiber, or other methods. For direction detectors or other optical local collection of signals, the coherent beam may not be focused. In fact, the coherent beam can illuminate the entire sample volume in a stationary state. The direction detector can be implemented by focusing a lens fused to the detector element or otherwise fixed to the detector element. An optical fiber may be used in combination with a microlens.

  A usable reader can be made if the detector device consists of only a single detector channel. In another embodiment, a group of detector elements, preferably a small group of several detector elements, distributed in an angle and operable to collect a group of data points for different parts of the readout volume A detector device including Security is enhanced if the signature incorporates a contribution from a comparison between data points in the same group. This comparison can conveniently include a cross-correlation.

  The reader in use can be made with only one detector channel, but preferably there are at least two channels. This allows cross-correlation between detector signals, which is useful for signal processing related to determining signatures. For most applications, 2 to 10 detector channels are expected to be appropriate, and currently 2 to 4 are considered the optimal balance between device simplicity and security.

  The detector elements are advantageously arranged so that they lie in a plane transverse to the reading volume, and each element of the pair is distributed at an angle in that plane with respect to the coherent beam axis, preferably either of the beam axes. There is also one or more detector elements on the side. However, non-planar detector arrangements are also acceptable.

  It has been found that using cross-correlation of signals obtained from different detectors provides useful data that can improve the level of security and also make the signature more reliably reproducible over time. Since speckle patterns are not inherently interrelated (with the exception of signals from opposite points in the pattern), the usefulness of cross-correlation is somewhat surprising from a scientific point of view. In other words, in the case of a speckle pattern, the mutual detectors between signals from different detectors are different unless the different detectors are placed at equal angles offset from the excitation location in a common plane across the excitation location. The correlation is essentially zero. Thus, the usefulness of using the cross-correlation contribution indicates that an important part of the scattered signal is not speckle. This non-speckle contribution can be seen as a result of direct scattering or as diffuse reflection scattering due to complex surfaces such as paper fiber kinks. At present, the relative importance of the contribution of the speckle scattering signal and the non-speckle scattering signal is not clear. However, from the experiments performed so far, it is clear that the detector is measuring a decoded signal having speckle and non-speckle elements, rather than measuring a pure speckle pattern. .

  Incorporating a cross-correlation factor in the signature can also be beneficial to improve security. This is because even though it is possible to make an article that reproduces the contrast change of the surface of the authentic article using high resolution printing, the produced article can be obtained by scanning the authentic article. This is because the correlation coefficient cannot be adapted.

  In one embodiment, the detector channel consists of individual detector elements in the form of simple phototransistors. Other simple individual elements such as PIN diodes or photodiodes can also be used. Integrated detector elements, such as detector arrays, can also be used, but this increases the cost and complexity of the device.

  From the first experiment to change the illumination angle of the laser beam on the article to be scanned, the laser beam can be used to obtain a characteristic that can be measured repeatedly with the same surface with little change even when the article is degraded between measurements. Seems to be practically preferred to be incident substantially perpendicular to the scanned surface. At least some known readers use oblique incidence (see GB 2221870). Once understood, this effect seems obvious, but as evidenced by the design of some prior art speckle readers, including that of British Patent No. 2221870, and indeed the inventor. As evidenced by the design of the first prototype reader made by, it is not immediately obvious. The first prototype reader, where the inventor's incidence was oblique, worked fairly well in laboratory conditions, but was very sensitive to the deterioration of the paper used as the article. For example, rubbing the paper with a finger was sufficient to make a significant difference appear during remeasurement. The second prototype reader uses normal incidence and resists paper degradation due to normal handling, and more severe conditions, ie passing through various types of printers including laser printers, passing through copiers, writing It was found to be robust against paper degradation due to printing, printing, intentional scorching in an oven, and crumpling and flattening again.

  Therefore, it may be advantageous to mount the source so that the coherent beam is directed onto the reading volume so that the coherent beam strikes the article at a substantially normal angle of incidence. A substantially right angle of incidence means ± 5 °, 10 ° or 20 °. Alternatively, the beam can be directed to have an oblique angle of incidence with respect to the article. This usually has a negative effect when the beam is scanned over the article.

  It should be noted that in the reader described in the best mode for carrying out the invention, the detector device is configured in the form of reflections to detect radiation backscattered by the reading volume. However, if the article is transparent, the detector can be configured in transmission.

  The signature generator can be operable to access a database of previously recorded signatures, and to determine whether the database contains a signature that matches the signature of an article placed in the reading volume. It can also be operable to perform a comparison. This database may be part of the mass storage device that forms part of the reader device, or may be at a remote location and accessed by the reader via a telecommunications link. The telecommunications link can take any conventional form, including a wireless link and a fixed link, and may be available over the Internet. The data acquisition and processing module is operable in at least some modes of operation so that the signature can be added to the database if no match is found.

  In addition to storing the signature when using the database, the signature in the database can be used to copy a scanned document, a photo of the passport holder, details about where and when the product was manufactured, or It may also be useful to correlate with other information about the article, such as details about the intended sales destination (eg, to track imports that are close to illegal).

  The present invention allows the identification of articles made of a variety of different types of materials such as paper, cardboard and plastic.

  Intrinsic structure means the structure that an article inherently has by its manufacture, thereby giving it a special purpose for security purposes, such as the structure provided by tokens or man-made fibers incorporated into the article Identify across structures.

  By paper or cardboard is meant any article made from wood pulp or an equivalent fiber process. The paper or cardboard can be treated by coating or impregnation, or it can be covered with a transparent material such as cellophane. If long-term surface stability is a particular problem, the paper can be treated with an acrylic spray clear coating, for example.

  Thus, data points can be collected as a function of the position of illumination by the coherent beam. This can be accomplished either by scanning a local coherent beam over the article, using a directional detector that collects scattered light from different parts of the article, or a combination of both.

  The signature is expected to be a digital signature for most applications. Typical sizes for digital signatures using current technology range from 200 bits to 8 kbits, but now it is preferred to have a digital signature size of about 2 kbits for high security.

  Another implementation of the invention is possible by not storing the digital signature in the database, but rather by labeling the rights token with a label derived from the signature, which conforms to a machine-readable encoding protocol. To do.

  More specifically, another aspect of the invention provides a method of authenticity verification, which includes conducting a transaction between a first party and a second party, the parties being remote from each other. And the result of the transaction is the provision of rights to the rights token from the first party to the second party, the method further comprising data describing the writing format of the rights token The first token to the second party, writing the right token at the second location using data describing the writing form, Generating a signature at a second location, transmitting the first signature to the first party, and retaining the first signature or its attributes for subsequent authenticity verification of the rights token document. Including The holding step transmits the sign data to the first party that processes the first signature to generate sign data that encodes the first signature according to a machine-readable coding protocol; And writing a label indicating the sign data at a second location on the rights token.

  The present invention further provides a system for authenticity verification, the system including first and second computer systems operable to communicate between each other via a data communication channel remote from each other. The one computer system is operable to allow a user of the second computer system to conduct a transaction with the first computer system, and the result of the transaction is from the first computer system of the right to the rights token to the user. The first computer system is further operable to transmit data describing the rights token to the second computer system via the data communication channel, the system further comprising: Using data describing the token, located in the same location as the two computer systems A writer operable to write out a rights token and co-located with the second computer system and operable to generate a first signature of the rights token document based on the unique characteristics of the rights token document; And a first signature generator operable to transmit the first signature to the first party, wherein the first computer system encodes the first signature according to a machine-readable encoding protocol. It is operable to process a first signature for generating sign data and is also operable to transmit this sign data to a second party, the writer rights a label indicating the sign data. It is operable to write on the token.

  The first signature is preferably encoded in the label using an asymmetric encryption algorithm. This label can represent a public key of a public key / private key cryptosystem. Conveniently, for example in the case of an electronic ticket issue, the label may be an ink label applied to the rights token using a printing process.

  In this group of embodiments, the data acquisition and processing module is operable to further analyze the data points to identify signal elements according to a predetermined encoding protocol and thereby generate a reference signature. It is. The characteristics of a given encoding protocol are assumed in most embodiments to be based on contrast, i.e., scattered signal strength. In particular, a conventional barcode protocol can be used, where the barcode is in the form of a stripe in the case of a 1D barcode or a more complex pattern in a high density barcode such as according to a 2D barcode, eg pdf417. Printed or otherwise attached to the article in the form. In this case, the data acquisition and processing module performs a comparison to determine whether the first (reference) signature matches the second signature obtained by reading the article placed in the reading volume. It can be made to work. As a result, an article such as a paper ticket can be marked to describe something that is digitally shown its own properties, such as a barcode. The reference signature must be derived from the characteristics of the article using a one-way function, i.e. using an unhandled encryption algorithm that requires a secret key known only to the issuing entity. Don't be. This would be to create a counterfeit by scanning the counterfeit to obtain the first signature and then printing on the counterfeit a label indicating the reader's scan according to an encryption scheme. Acts as a barrier to third operators. Typically, a bar code label or other indicia represents a ciphertext that can be decrypted with a public key, and the private key is stored for an authorized issuer.

  When using the database, in addition to storing the signature, the signature in the database can be used for details such as a copy of the scanned document, a photograph of the passport holder, details about where and when the product was manufactured, or It is also useful to correlate with other information, such as more information about the intended destination of the goods (eg, the boarding airport to which the air ticket is to be delivered), or information about the identity of the second operator ( For example, a third place comparison might hold data about ticket purchasers and check that the physical owner at the time of ticket delivery is the same person who purchased and created the ticket To prevent the sale of tickets due to resale).

  Next, specific embodiments of the present invention will be described by way of example only with reference to the accompanying drawings.

  While the invention is susceptible to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail herein. However, the drawings and detailed description thereof are not intended to limit the invention to the particular forms disclosed, but rather, the invention is intended to cover all that fall within the scope of the invention as defined in the appended claims. It should be understood to include modifications, equivalents, and alternatives.

  Reduce the likelihood of fraud for both providers and end users using a system that uniquely identifies physical items in providing security and authentication services in environments such as e-commerce environments In addition, the actual reliability and the expected reliability of the electronic commerce system can be increased.

  An example of a system suitable for performing such item identification will now be described with reference to FIGS.

  FIG. 1 shows a schematic side view of a first example of a reader device 1. The optical reader device 1 determines a signature from an article (not shown) arranged in a reading volume of the device. The read volume is formed by a read opening 10 which is a slit in the housing 12. The housing 12 houses the main optical components of the device. The longer part of the slit is in the x direction (see the axis of the inset in the drawing). The main optical components are a laser source 14 that generates a coherent laser beam 15, and a detector device 16, which comprises a plurality of k (in this example, k = 4) 16a, 16b, It consists of photodetector elements labeled 16c and 16d. The laser beam 15 extends by a cylindrical lens 18 in the y direction (perpendicular to the plane of the drawing) and is focused on an elongated focal point in the plane of the reading aperture. In one example reader, the elongated focus has a major axis dimension of about 2 mm and a minor axis dimension of about 40 micrometers. These optical components are housed within the subassembly 20. In this example, the four detector elements 16a-d are offset from the beam axis at different angles in an intermeshing arrangement to collect light scattered in the form of reflections by articles present in the reading volume, Distributed on either side of the beam axis. In this example, the offset angles are −70 °, −20 °, + 30 °, and + 50 °. The angles on either side of the beam axis are chosen not to be equal so that the data points collected by the detector elements are as independent as possible. All four detector elements are arranged in a common plane. Photodetector elements 16a-d detect the light scattered by the article placed on the housing when the coherent beam is scattered by the reading volume. As shown, the source is mounted so that the laser beam 15 has its beam axis oriented in the z direction so that the laser beam strikes the article in the read aperture at a right angle.

  In general, it is desirable that the depth of focus be large so that any difference in the z direction in article positioning does not result in a significant difference in beam size in the plane of the read aperture. In this example, the depth of focus is about 0.5 mm, and this depth of focus is large enough to give good results if the position of the article relative to the scanner can be controlled to some extent. Depth of focus, numerical aperture, and working distance parameters are interdependent, resulting in a well-known trade-off between spot size and depth of focus.

  The drive motor 22 is positioned within the housing 12 to achieve linear movement of the optic assembly 20 by appropriate bearings 24 or other means, as indicated by arrows 26. That is, the drive motor 22 serves to move the coherent beam linearly in the x direction over the reading aperture 10 so that the beam 15 is scanned in a direction across the long axis of the elongated focus. The coherent beam 15 has a cross-section in the xz plane (plane of the drawing) that is much smaller than the projected image of the reading volume in a plane perpendicular to the coherent beam, i.e. in the plane of the housing wall where the reading aperture is located. Since it is dimensioned at its focal point, the scan of the drive motor 22 causes the coherent beam 15 to sample many different points of the read volume under the action of the drive motor 22.

  FIG. 2 is included to illustrate this sampling and is a schematic perspective view showing how the read area is sampled n times by scanning the elongate beam across the read area. The sampling position of the focused laser beam when the focused laser beam is scanned along the reading aperture under the action of the drive is from 1 to sampling a region of length “1” and width “w”. Represented by adjacent rectangles numbered up to n. Data collection is performed so that signals are collected at each of the n positions as the drive is scanned along the slit. As a result, a series of k × n data points associated with scattering by n different illustrated portions of the read volume are collected.

  Also shown schematically is an optional distance mark 28 formed on the underside of the housing 12 near the slit 10 along the x-direction, i.e. the scan direction. An exemplary spacing in the x direction between the marks is 300 micrometers. These marks are sampled at the end of the elongated focus and linearize the data in the x direction in situations where linearization is required, as will be described in more detail later. The measurement is performed by an additional phototransistor 19, which is a directional detector arranged to collect light from the area of the mark 28 near the slit.

  In the alternative, the mark 28 can be read by a dedicated encoder emitter / detector module 19 that is part of the optics assembly 20. The encoder emitter / detector module is used in a barcode reader. In one example, an Agilent HEDS-1500 module based on focused light emitting diodes (LEDs) and photodetectors can be used. The module signal is fed to the PIC ADC as an additional detector channel (see discussion below for FIG. 3).

  In the example where the short axis dimension of the focal point is 40 micrometers, the scan length in the x direction is 2 cm, and n = 500, 2000 data points are given at k = 4. A typical range of k × n values determined by the desired security level, the type of article, the number of detector channels “k”, and other factors is expected to be 100 <k × n <10000. It has also been found that increasing the number k of detectors improves so as not to be affected by surface deterioration of the article due to handling, printing, or the like. In fact, for prototypes used to date, the rule of thumb must be that the total number of individual data points, i.e. k × n, is greater than or equal to 500 in order to give an acceptable high security level for a wide variety of surfaces. That's what it means. Other minimum numbers (higher or lower) are for the scanner to be used for only one specific surface type or for a group of surface types. May be the case.

  FIG. 3 is a block schematic diagram of functional components of the reader device. The motor 22 is connected to a programmable interrupt control circuit (PIC) 30 via an electrical link 23. The detectors 16a-d of the detector module 16 are connected to an analog-to-digital converter (ADC) that is part of the PIC 30 via respective electrical connection lines 17a-d. A similar electrical connection line 21 connects the marker reading detector 19 to the PIC 30. It should be understood that optical or wireless links can be used instead of or in combination with electrical links. The PIC 30 is interfaced with a personal computer (PC) 34 via a data connection 32. The PC 34 may be a desktop or laptop. As an alternative to a PC, other intelligent devices such as personal digital assistants (PDAs) or dedicated electronic units can be used. PIC 30 and PC 34 together form a data acquisition and processing module 36 that determines the signature of the article from the set of data points collected by detectors 16a-d.

  In some examples, PC 34 may have access to database (dB) 40 via interface connection 38. Database 40 can reside in the memory of PC 34 or can be stored in the drive of PC 34. Alternatively, database 40 may be remote from PC 34 and accessed by wireless communication, for example by using a mobile telephone service or a wireless local area network (LAN) combined with the Internet. Further, the database 40 is stored locally on the PC 34, but may be downloaded periodically from a remote source. This database may be managed by a remote entity, which may provide access to only a portion of the entire database to a particular PC 34 and / or based on a security policy. Access to can be restricted.

  Database 40 may include a library of previously recorded signatures. In use, the PC 34 can access the database 40 and can make a comparison to determine if the database 40 contains a signature that matches the signature of the item placed in the reading volume. The PC 34 can also be programmed to add a signature to the database if no match is found.

  The method of handling the data flow between the PC and the database can depend on the location of the PC and the relationship between the PC operator and the database operator. For example, if a PC and reader are being used to verify the authenticity of an item, the PC may not be able to add new items to the database and will not actually have direct access to the database, but instead Provide a signature for comparison in the database. In this configuration, the database can provide a credibility result to the PC to indicate whether the article is authentic. On the other hand, if the PC and reader are used to record items in the database or to verify items in the database, a signature may be provided in the database for storage in the database, and the comparison There is no need for. However, in this situation, a comparison may be made to avoid a single item being entered twice in the database.

  FIG. 4 is a perspective view showing the outer shape of the reader device 1. The housing 12 and the slit-shaped reading opening 10 are evident. A physical positioning aid 42 is also apparent and is provided for positioning a given shaped article in a fixed position relative to the reading aperture 10. In this example, the physical positioning aid 42 is in the form of a right angle bracket so that the corners of the document or box can be positioned. This ensures that the same part of the article can be positioned in the reading aperture 10 whenever the article needs to be scanned. Simple corner brackets or equivalents are sufficient for articles with appropriately defined corners, such as paper sheets, passports, ID cards, and packaging boxes. Other shaped positioning guides may be provided to receive items of different shapes, such as circular items including CDs and DVDs, or items having curved surfaces such as cylindrical packing containers. If an item of only one size and shape is scanned, a slot may be provided for receiving the item.

  In the above, an example of a scanning and signature generation device suitable for use in a security mechanism for remote verification of article authenticity has been described. Such a system can be used to scan an article at multiple locations, for inspections performed to ensure that the article is the same article in both cases, and, optionally, an initial scan. And can be deployed for inspections to be performed to ensure that the article has not been altered between subsequent scans.

  FIG. 5 shows an example of an alternative physical configuration for a reader in which a document feeder is provided to stabilize the article placement. In this example, a housing 60 is provided, and an article supply tray 61 is attached thereto. The tray 61 can hold one or more articles 62 for scanning with a reader. A motor drives feed roller 64 and can transport article 62 through the device and across the scan opening of optical device assembly 20 described above. That is, the article 62 can be scanned by the optical assembly 20 in the manner discussed above, such that relative movement between the optical assembly and the article is provided by the movement of the article. Using such a system, the movement of the scanned item can be controlled using a motor with sufficient linearity, and the use of distance marks and the linearization process may be unnecessary. The apparatus can follow any conventional form of document scanner, copier or document management system. Such scanners can be configured to handle line feed sheets (eg, multiple sheets connected together by perforated joints), and / or alternatively single sheets. In the case of a packaging box, an alternative is a suitable guide hole, for example a rectangular cross-section hole for receiving the bottom of a rectangular box, or a circular cross-section for receiving the bottom of a tubular box (ie a cylindrical box). A hole will be provided.

  Thus, an apparatus suitable for scanning an article in an automatic feeder type device has been described. Depending on the physical configuration of the feeder, the scanner may be able to scan one or more three-dimensional items such as a single sheet of material, a bonded sheet of material, or a packing box.

  FIG. 6 shows an example of another alternative physical configuration for the reader. In this example, the user moves the article and passes it through the reader. As shown in FIG. 6A, a slot 71 can be provided in the reader housing 70 for inserting an article to be scanned. The optical device assembly 20 can be provided with a scanning opening towards the slot 71 so that an article 62 passed through the slot can be scanned. In addition, the guide element 72 is slotted to assist in guiding the article to the correct focal length from the optical device subassembly 20 and / or to achieve a constant speed passage of the article through the slot. 71 can be provided.

  As shown in FIG. 6B, the reader can be configured to scan the article when moved as indicated by the arrows along a longitudinal slot through the housing 70. Alternatively, as shown in FIG. 6C, the reader is configured to scan the article when the article is inserted into or removed from the slot extending into the reader housing 70 as indicated by the arrow. Can do. This type of scanner may be particularly suitable for scanning at least partially rigid articles such as cards, plastic sheets, or metal sheets. Such a sheet may be, for example, a plastic item such as a credit card or other bank card.

  The apparatus for scanning an article that is started manually is described above. This can be used for bank card and / or credit card scanning. Thus, the card can be scanned at the terminal device where the card is presented for use, and the signature obtained from the card is used to determine the authenticity of the card and whether it has not been modified. It can be compared with the stored signature. Such a device can also be used in the context of, for example, reading military style metal ID tags (which are also often carried by allergic patients to inform others of their allergies). This also allows medical personnel treating the patient to ensure that the patient being treated was actually the proper holder of the tag. Similarly, in disaster situations, recovered tags can be scanned for authenticity to ensure that the casualty is correctly identified before informing family and / or colleagues.

  FIG. 7 shows an example of another alternative physical configuration for the reader. In this example, as shown in a perspective view in FIG. 7, a printer 122 is provided and the optical device assembly 20 described above is incorporated therein. The printer 122 can be conventional except that there is a scan head and associated electronic components. The final roller pair 109 is shown to schematically represent the paper supply mechanism. It should be understood that the paper supply mechanism also includes additional rollers and other mechanical components. In the prototype example, the scan head is attached immediately after the last pair of rollers as shown for convenience. It should be understood that the scan head can be mounted in many different locations along the paper feed path. Further, although the illustration is of a laser printer, it should be understood that any type of printing device can be used. In addition to other types of printers, such as inkjet printers, thermal printers, or dot matrix printers, the printing device is any other type of printer that has not previously been considered a printer, such as networked copiers or industrial printers. It may be a printing device. For example, the printing device may be a printing press for printing banknotes, checks, or traveler checks.

  The example of an apparatus suitable for printing and scanning of an article has been described above. Thereby, the article can be scanned during manufacturing to avoid the possibility of the article changing between manufacturing. Thus, the apparatus also allows for a reduction in the cost of ownership of such a reader, since the increased cost for adding a scan unit to the printer can be easily lower than the cost of a dedicated scanning device.

  The above example is based on local excitation using a coherent light beam with a small cross-section in combination with a detector, which receives an optical signal scattered over a much wider area, including the local excitation area. Alternatively, a functionally equivalent optical system can be designed based on a directional detector that collects light only from the local area in combination with a much wider area excitation.

  FIG. 8A schematically shows such an imaging device for a reader in side view, which is based on directional light collection and full illumination using a coherent beam. The array detector 48 is arranged in combination with the cylindrical microlens array 46 so that adjacent bands of the detector array 48 collect only light from the corresponding adjacent bands in the reading volume. Referring to FIG. 2, each cylindrical microlens is arranged to collect optical signals from one of n sampling bands. In that case, coherent illumination can be performed with full illumination of the entire reading volume (not shown).

  A hybrid system using a combination of local excitation and local detection may also be useful in some cases.

  FIG. 8B schematically shows in plan view the optical footprint of such a hybrid imaging device for a reader, in which a directional detector is used in combination with local illumination using an elongated beam. This example can be considered as a development of the example of FIG. 1 in which a directional detector is provided. In this example, three groups of directional detectors are provided, each group being targeted to collect light from different parts along the “l × w” excitation band. The collection area in the plane of the reading volume is indicated by a dashed circle so that, for example, two detectors in the first group collect the optical signal from the top of the excitation band and detect the second group A collector collects light signals from the middle of the excitation band, and a third group of detectors collects light from the bottom of the excitation band. Each group of detectors shown has a circular collection region with a diameter of about l / m, where m is the number of excitation band subdivisions, m = 3 in this example. Thus, the number of individual data points can be increased by a factor of m for a given scan length l. As described further below, one or more different groups of directional detectors can be used for purposes other than collecting optical signals that sample speckle patterns. For example, one of the groups can be used to collect optical signals in a manner that is optimized for barcode scanning. In this case, it is generally sufficient for the group to contain only one detector. This is because there is no benefit in obtaining cross-correlation if only contrast is scanned.

  Having described the main components and functional elements of various reader devices so far, the numerical processing used to determine the signature will now be described. It should be understood that this numerical processing can be implemented for most parts in a computer program executing on the PC 34 using several elements subordinate to the PIC 30. In the alternative, this numerical control may be performed by a dedicated numerical processing device, or a device in hardware or firmware.

  FIG. 9 is a microscopic image of the paper surface, and the image includes an area of about 0.5 × 0.2 mm. This figure is included to show that a macroscopically flat surface, such as paper, is often highly structured on a microscopic scale. In the case of paper, its surface is highly microscopically structured due to the network of entangled wood or other fibers that make up the paper. The figure also represents a characteristic length measure of wood fibers of about 10 microns. This dimension has a proper relationship with the light wavelength of the coherent beam of the present example, thus leading to diffraction and thus speckle, and also to scattering with a profile that depends on the fiber orientation. Thus, it should be understood that if the reader is to be designed for a particular class of merchandise, the wavelength of the laser can be tailored to the structural feature dimensions of the scanned class of merchandise. It is clear from the figure that the local surface structure of each piece of paper depends on how the individual wood fibers are arranged, so that the local surface structure is unique. Thus, a piece of paper is specially used, such as special resin tokens or magnetic material deposits of the prior art in that it has a unique structure as a result of being produced by a process governed by the laws of nature. It is no different from the tokens created. The same applies to many other types of articles.

  In other words, it can be essentially meaningless to go to the effort and expense of making specially prepared tokens when unique features can be measured in a simple way from a variety of common items There is. Next, data acquisition and numerical control of the scattered signal using the natural structure of the surface of the article (or the interior in the case of transmission) will be described.

  FIG. 10A shows raw data from a single detector of the photodetectors 16a-d of the reader of FIG. The graph shows the signal intensity I for point number n in arbitrary units (au) (see FIG. 2). The higher line that fluctuates between I = 0 and 250 is the raw signal data from the photodetector 16a. The lower line near I = 50 is the encoder signal captured from marker 28 (see FIG. 2).

  FIG. 10B shows the photodetector data of FIG. 10A after linearization using the encoder signal (note that the x-axis is different in scale from FIG. 10A, but this is not particularly meaningful). As described above, if the movement of the article relative to the scanner is sufficiently linear, there is no need to use linearization with respect to the alignment mark. In addition, the average intensity value is calculated and subtracted from the intensity value. Therefore, the processing data value fluctuates above and below zero.

  FIG. 10C shows the data of FIG. 10B after digitization. The digitization scheme employed is a simple binary system where any positive value is set to the value 1 and any negative value is set to zero. Instead, it should be understood that multi-state digitization, or any of many other possible digitization techniques, may be used. The main important feature of digitization is simply that the same digitization scheme is applied consistently.

  FIG. 11 is a flowchart showing how a signature of an article is generated by scanning.

Step S1 is a data acquisition step, during which the light intensity at each photodetector is acquired approximately every 1 ms throughout the scan. At the same time, the encoder signal is acquired as a function of time. Note that if the scan motor has a high degree of linearization accuracy (eg, like a stepper motor), there is no need for data linearization. Data is obtained by pulling data from the ADC 31 by the PIC 30. Data points are transferred from PIC 30 to PC 34 in real time. Alternatively, the data points can be stored in memory within PIC 30 and then passed to PC 34 at the end of the scan. The number n data points per detector channel collected in each scan is defined below as N. Further, the value a _k (i) is defined as the i th stored intensity value from the photodetector k, where i is 1 to N. An example of two raw data sets obtained by such a scan is shown in FIG. 8A.

Step S2 locally expands and shortens a _k (i) using numerical interpolation so that the encoder transitions are equally spaced in time. This corrects local variations in motor speed. This step can be performed in the PC 34 by a computer program.

  Step S3 is an optional step. If performed, this step differentiates the data numerically with respect to time. It is also desirable to apply a weak smoothing function to the data. Differentiation is useful for highly structured surfaces because it serves to attenuate uncorrelated contributions due to signals relative to interrelated (speckle) contributions.

  Step S4 is a step in which the average value of the record signal is acquired over N data points for each photodetector. For each photodetector, this average value is subtracted from all data points so that the data is distributed around zero intensity. See FIG. 10B which shows an example of a scan data set after linearization and subtraction of the calculated mean value.

In step S5, the analog photodetector data is digitized to calculate a digital signature representing the scan. The digital signature is mapped to the binary number “1” when a _k (i)> 0, and mapped to the binary number “0” when a _k (i) <= 0 (a _k (i)> 0 maps onto binary '1' and a _k (i) <= 0 maps onto binary '0'). The set of digitized data is defined as d _k (i), where i goes from 1 to N. The signature of the item can incorporate other components in addition to the digitized signature consisting of the strength data just described. These other optional signature components will now be described.

Step S6 is an optional step in which a smaller “thumbnail” digital signature is generated. This is done either by averaging together the m readings of adjacent groups, or more preferably by taking all c th data points, where c is a thumbnail compression Rate. The latter is preferred because averaging can amplify noise unbalanced. Next, the same digitization rules used in step S5 are applied to the reduced data set. Thumbnail digitization is defined as t _k (i), where i is 1 to N / c and c is the compression ratio.

Step S7 is an optional step applicable when there are multiple detector channels. An additional component is a cross-correlation element calculated between intensity data obtained from different photodetectors. There are one possible cross-correlation coefficient for 2 channels, up to 3 for 3 channels, up to 6 for 4 channels, and so on. The cross-correlation coefficient is useful because it has been found to be a good indicator of the type of material. For a particular type of document, for example a given type of passport or laser printer paper, the cross-correlation coefficient always appears to be in a predictable range. A normalized cross-correlation can be calculated between a _k (i) and a _l (i), where k ≠ l, where k, l varies across all photodetector channel numbers. . The normalized cross correlation function Γ is defined by the following equation.

  Another aspect of the cross-correlation function that can be stored for use in later verification is the width of the peak in the cross-correlation function, eg, full width half maximum (FWHM). The use of cross-correlation coefficients in the verification process will be further described below.

Step S8 is another optional step for calculating a simple intensity average representing the signal intensity distribution. This is the overall average of each average of different detectors, such as the root mean square (rms) value of a _k (i), or the average of each detector. If the detectors are placed in pairs on either side of normal incidence, as in the reader described above, the average value of each pair of detectors can be used. The intensity value is a simple indicator of the overall reflectivity and roughness of the sample and has been found to be a good coarse filter for the type of material. For example, the denormalized rms value can be used as an intensity value after removal of the average value, ie, the DC background.

  Signature data obtained by scanning an article can be compared to records held in the signature database for verification purposes and / or written to the database to add new records for the signature Now you can extend your existing database.

  The new database record includes the digital signature obtained in step S5. This is optionally obtained in step S8, one or more smaller thumbnail versions of the digital signature obtained in step S6, the cross-correlation coefficient obtained in step S7, for each photodetector channel. Can be supplemented by average values. Alternatively, the thumbnail can be stored on its own separate database optimized for fast search, and the remaining data (including thumbnails) can be stored on the main database.

  FIG. 12 is a flowchart showing how the signature of an article obtained by scanning can be verified against a signature database.

  In a simple implementation, the database can simply be searched to find a match based on the entire set of signature data. However, to speed up the validation process, this process can use smaller thumbnails based on the calculated average and cross-correlation coefficients, and pre-screening, as will be described next.

  The verification step V1 is the first step of the verification process, in which the article is scanned according to the process described above, ie the process of performing the scanning steps S1 to S8.

In verification step V2, each thumbnail input is captured and the number of matching bits between this input and t _k (i + j) is evaluated. Here, j is a bit offset and can be changed so as to compensate for an error in the arrangement of the scan area. The value of j is determined, and then the thumbnail input that gives the maximum number of matching bits is determined. This is a “hit” used for subsequent processing.

  Verification step V3 is an optional pre-screening test that is performed before analyzing all digital signatures stored for a record against a scanned digital signature. In this prescreening, the rms value obtained in scan step S8 is compared against the corresponding stored value in the hit database record. If the respective average values do not match within a predetermined range, the “hit” is rejected by subsequent processing. In that case, the article is rejected as non-verified (ie, jumps to verification step V6 and issues a failed result).

  Verification step V4 is another optional pre-screening test, which is performed before analyzing all digital signatures. In this pre-screening, the cross-correlation coefficient obtained in scan step S7 is compared against the corresponding stored value in the hit database record. If the cross-correlation coefficients do not match within a predetermined range, the “hit” is rejected by subsequent processing. In that case, the article is rejected as non-verified (ie, jumps to verification step V6 and issues a failed result).

  Another check that can be performed in the verification step V4 using the cross-correlation coefficient is to check the width of the peak in the cross-correlation function, which is stored by the first scan of the scan step S7 described above. By comparing the measured value and the rescanned value, a numerical value is obtained by the following equation.

  If the width of the rescanned peak is significantly wider than the width of the initial scan, this can be taken as an indication that the rescanned article has been altered or otherwise suspicious. For example, this inspection should dismiss scammers trying to fool the system by printing a bar code or other pattern that has the same intensity change as expected by the photodetector, depending on the surface being scanned. .

Verification step V5 is a main comparison between the scan digital signature obtained in scan step S5 and the corresponding stored value in the hit database record. The full stored digitized signature d _k ^db (i) is divided into n blocks of q adjacent bits on k detector channels, ie qk bits per block. A typical value for q is 4 and a typical value for k is 4, thus typically producing 16 bits per block. The qk bits are then matched with qk corresponding bits in the stored digital signature d _k ^db (i + j). If the number of matching bits in the block is greater than or equal to a certain threshold z _thresh , the number of matching blocks is incremented. A typical value for z _thresh is 13. This is repeated for all n blocks. This entire process is repeated until the maximum number of matching blocks is found for j different offset values to compensate for errors in the placement of the scan area. If the maximum number of matching blocks is defined as M, the chance of coincidence is calculated by calculating the following equation.

Where s is the probability of a coincidence between any two blocks (this is determined by the selected value of z _threshold ), M is the number of matching blocks, and p (M) is M or more blocks Is the probability of coincidence by chance. The value of s is determined by comparing each block in a database with scans of different objects of similar material, eg several scans such as paper documents. For q = 4, k = 4, and z _threshold = 13, a typical value for s is 0.1. If qk bits are completely independent, probability theory gives s = 0.01 at z _threshold = 13. The higher values are found empirically because of the correlation between the k detector channels and the correlation due to the finite laser spot width between adjacent bits in the block. A typical scan of a piece of paper yields about 314 matching blocks from a total of 510 blocks when compared against the paper database input. Setting M = 314, n = 510, and s = 0.1 in the above equation ^gives a chance of coincidence of 10 ⁻¹⁷⁷ .

  Verification step V6 issues the result of the verification process. The probability value obtained in the verification step V5 can be used for a pass / fail test in which the benchmark is a predetermined probability threshold. In this case, the probability threshold can be set to a certain level by the system, or can be a variable parameter set to a level selected by the user. Alternatively, the probability value may be in raw form as a probability itself, or a related term (eg, no match / poor match / good match / excellent). match)) or modified form using other ratings can be output to the user as a confidence level.

  It should be understood that many variations are possible. For example, instead of handling cross-correlation coefficients as pre-screening elements, they can be handled with digitized intensity data as part of the main signature. For example, the cross-correlation coefficient can be digitized and added to the digitized intensity data. The cross-correlation coefficient can also be digitized by itself and can be used to generate a bit string etc. This bit string etc. is then described above for thumbnails of digitized intensity data to find hits You can search in the same way.

  Thus, several exemplary devices have been described that scan an article to obtain a signature based on the unique characteristics of the article. An example of how the signature can be generated from the data collected during the scan and how the signature is compared to a later scan with the same or a different article, An example that can provide a measure of how likely it has been scanned.

  Such systems have many uses, among them security and item reliability screening to prevent fraud, and item traceability.

  In electronic commerce systems and similar systems, a document or rights token that indicates a right to a price, product, or service can be issued at a time and / or location remote from the access point for the price, product, or service. In order to provide security against fraud and other disturbances during the normal operation of such a system, the document or rights token is individually verified and the claimant of that right is actually granted that right. Can be guaranteed.

  In the following example, an appropriate system for realizing this security facility will be described with reference to various real-world application examples to which the security facility can be applied.

  One example is when a person purchases a ticket for access to an event or for a trip using an online shopping facility. In this example, a ticket image can be supplied to the user's access terminal. The user can then use the printer associated with the access terminal to print a ticket for use in accessing the event or for travel. The user can then scan the ticket and generate a signature to identify the ticket, which is returned to the ticket issuer to validate the ticket. The signature can be based on the unique characteristics of the printed ticket, which cannot be duplicated by photo reproduction of the ticket or by printing another copy of the ticket. The ticket issuer can store the signature in the signature database of the validation ticket signature. When a user presents a ticket to gain access to an event or for a trip, the ticket can be scanned and a signature identifying the ticket can be generated. This new signature can then be compared with the signature in the database to determine if the presented ticket has been validated. If a ticket that has not been validated is presented, access to the event or trip can be withheld.

  This process is illustrated in FIG. As shown in FIG. 13, the e-commerce environment 201 includes a provider 203 that issues tickets for access to events (sports competitions, concerts, etc.) or for travel (eg, by train). Have the right to By communicating with the provider 203 via the network 206 such as the Internet, the user at the user terminal 208 can purchase a ticket from the provider 203. This purchasing mechanism may be any conventional system that allows a remote user to purchase goods or services via a shopping portal or order portal. Such online remote ordering systems are used by many companies, charities and governments. The process of purchasing a ticket can be performed using, for example, an online shopping basket system that views one or more tickets that a user can select for purchase. In the case of event tickets, different tickets can provide access to different events or access to different viewing locations at the event. In the case of travel tickets, different tickets may be provided for a given trip, depending on the route used and the quality / class of the trip.

  In response to the ticket purchase, the provider 203 transmits the ticket image data file to the user terminal 208 for output by the printer 209 associated with the terminal. This ticket can be printed on a special ticket printing sheet (such as a sheet of paper or card pre-configured so that specific ticket information is printed at its predetermined printing location), or a sheet of plain paper, etc. It is also possible to print on a normal print sheet. The printed ticket is then scanned by the scanner 210 to generate a signature based on the unique characteristics of the printed ticket. The scanner 210 may be the scanner described above with reference to any of FIGS. In one example, scanner 210 is integrated with printer 209 as described above with reference to FIG. Thus, in this example, the signature is based on the physical surface of the sheet on which the signature is printed and is determined at the microscope level. That is, this signature is unique to the printed ticket, and another printed copy of the ticket should have a different signature when scanned in the same way.

  Next, the signature is transmitted from the user terminal 208 to the provider 203 where it is stored in the signature database 204. The print ticket is thereby validated and can be recognized as a valid ticket by the provider.

  When a user participates in an event for which a ticket has been issued, or when a user uses a travel ticket, the user can present a print ticket at billing location 211. This billing location may be co-located with the service provider or remote from it. For example, one service provider may sell tickets for several events, where each event may take place at different locations. Alternatively, in the case of travel tickets, one provider can issue tickets for travel to or from several different locations. Upon presentation of a print ticket at billing location 211, scanner 212 can be used to scan the print ticket and generate a signature for the presented print ticket. This signature is generated in the same way as the signature generated using the scanner 210 and using the same characteristics of the ticket. This new signature is then compared with the signature stored in signature database 204. If one of the stored signatures matches the new signature, then the print ticket has been validated as described above and a positive authentication result is returned. In that case, the user can be provided with access to the event or trip to which the print ticket entitles.

  When a print ticket is authenticated against a single print instance of a ticket image, a separate copy of the ticket image is printed on a sheet that has different specific characteristics than the sheet of the validated print ticket, so a confirmation test Fail. This can prevent fraud on the part of the user who creates an extra ticket and tries to gain event access or travel without paying.

  Now that rights tokens, such as tickets, can be generated in a convenient location for the purchaser of the rights token, the rights are presented for future authentication where the rights token is presented for access to money, goods, or services. An example of a system in which a token issuer validates a token has been described. Thereby, unauthorized duplication or reuse of the rights token can be prevented without requiring the purchaser to go to an inconvenient location to obtain the token.

  Another example of a remote purchase system allows a user to purchase a flight ticket. As is well known, the air travel industry typically uses a two-stage ticketing process. The first stage of the process is the actual ticket, which gives the right to board an airplane on a given trip or trips. The second stage is a boarding pass, which is generally provided to the traveler when the traveler “checks in” for the trip (often in exchange for a ticket). Some ticketing agencies and airlines currently issue so-called “e-tickets”. This typically consists of a data file that is transferred to the ticket purchaser via email. In that case, the purchaser can print out the ticket for presentation at a “check-in” at the airport. In some cases, only a reference number from the electronic ticket is required for “check-in”, and the physical printout is simply a convenient carrier of the reference number.

  Some airlines and airports currently also allow remote check-ins. In such situations, the ticket holder can usually check in using an Internet portal before arriving at the airport. This avoids standing in the check-in queue at the airport. In such cases, the ticket may be a physical “paper” ticket or an electronic ticket. In this scheme, the ticket holder prints out the boarding pass using a printer associated with the computer terminal used to access the Internet check-in portal. A physical security check can be performed by requiring the ticket holder to present his ticket or reference number in addition to the printed boarding pass upon arrival at the airport. However, such inspections are often not performed until the passenger arrives at the boarding gate of the aircraft. Therefore, there is a possibility that the holder of an improperly created boarding pass can enter the airport area reserved only for the departure traveler. This may include, for example, access to a shopping facility where sales tax or value added tax does not apply, thus allowing the holder of such boarding pass to commit tax fraud.

  Thus, in this example, the user can access the remote check-in portal and can also be paid (eg, effectively omits the ticketing stage by transfer from a bank account or credit card account) or qualified (eg, ticket reference) Number) can be exchanged for a boarding pass. Once the required purchase or exchange process is completed between the prospective traveler at the computer accessing the remote check-in portal and the ticketing / check-in agency at the remote online business server, the ticket issuance / The check-in institution can transmit the boarding pass image or data template to the computer terminal by electronic means. This can be done as direct data transfer using, for example, http, http, https, or ftp, or by indirect data transfer such as email. Once the boarding pass image is received by the prospective traveler, the prospective traveler can print out the boarding pass for travel use.

  In this example, the printed boarding pass is then scanned to confirm its signature. This can be done as part of the printing process, for example using the apparatus previously discussed with reference to FIG. 7, or it can be done using a separate scanner after the printing process. This signature can then be uploaded to the ticketing / check-in authority or any other certification authority that the ticketing / check-in authority may wish to use to validate the printed boarding pass. .

  Later, when the prospective traveler arrives at the airport where the trip begins, the prospective traveler will have access to the flight and, optionally, one or more areas that are reserved for the traveler only. You may be required to present your boarding pass to obtain. Once the boarding pass is presented, it can be scanned to generate a new signature. This new signature can then be submitted to the certificate authority where the verification signature is stored. The certification body then compares the new signature against the database using one or more techniques specifically mentioned above with reference to FIG. 12, and the boarding pass presented is the first printed boarding pass It can be determined whether or not. A positive authentication result can indicate that the prospective traveler should be allowed access to the plane. The negative authentication result can indicate that the prospective traveler should not be allowed access to the plane and is optional to address unauthorized attempts to pass through the security alert line You can contact the police or a similar agency at your choice.

  In the foregoing, examples of several systems that can use article signatures have been described. This signature provides additional security and / or confidence based on the unique characteristics of the item, to a trading system where remote access is provided to sensitive information or ordering systems, or to tracking or authenticating rights tokens.

  Although the above example has been described in the case of coherent light based on the signature generation scheme detailed above, the system is also implemented using, for example, a signature generation scheme, eg, based on an analysis of the magnetic field of the article You can also

  Although the above example has been described for printing a rights token on paper, the token can also be printed on an alternative substrate such as cardboard, plastic, or metal. Alternatively, the token can be “printed” by writing the token data to a plastic card magnetic band or embedded chip, such as plastic cards commonly used for bank cards and credit cards. This can be done using a scanner as previously discussed with reference to FIGS. 6B and 6C so that the scanner can perform writing and scanning simultaneously in the same device. Optionally, a write head can be additionally provided. The plastic card can be scanned, optionally including at least a surface portion including a magnetic band or embedded chip, to generate a signature for confirmation of rights. In this way, one physical card can hold a plurality of rights tokens. In that case, this card will be rescanned when presented to redeem the rights for the merchandise, and the signature generated during the rescan will indicate that the card to which the rights were claimed is the card on which the rights were originally written. Can be used to verify that the card is the same. The rights database may be updated each time a right is added to the card or used by the card so that the database can have a record of valid rights on the card at any time. it can.

  Next, referring to FIG. 14, an example of an alternative method of storing a scanned confirmation signature for later authentication will be described. In this example, the storage is performed by writing the encoded form of the signature on the token itself.

  FIG. 14 shows an electronic ticket 50 that carries a bar code and written print information 54. The barcode is shown as part of the scan area 56. This is illustrated by a broken line because there is no feature on the electronic ticket. The scan area is further divided between a lower area 52 containing a barcode and a blank upper area. The electronic ticket 50 is designed to be scanned by a reader device of the type previously described. In this example, the bar code encodes the signature obtained by scanning the blank upper region.

  In other words, if the bar code is traced back, at the time of electronic ticket generation, for example, an online purchaser uses the local printer to scan the blank upper area of the ticket, and then the bar code Was printed on the lower region 52. Thus, the electronic ticket is labeled with its signature structure, that is, the signature characteristics of the surface structure in the upper region 58.

  This labeling technique uses a label that encodes a wide range of articles, such as paper or cardboard articles, or any printable article, including plastic articles, with the signature of the article itself resulting from its inherent physical properties. It should be understood that it can be used for marking.

  Given the public nature of barcodes or other labels according to known coding protocols, it is advisable to have their signatures converted using an asymmetric encryption algorithm for barcode generation, i.e. well A one-way function is used that follows the known RSA algorithm. A preferred implementation is that the label represents a public key of a public / private key cryptosystem. This scheme is typically used by many different customers and has a unique secret at least for each customer or for each ticket so that the disclosure of the private key will affect only one customer or one ticket. It may be a good idea to have a key. Thus, the label encodes the public key and the private key is securely stored at the issuer entity or other authorized party (eg, the seller, or the seller's ticketing agent).

  As will be appreciated, the number and delivery of key pairs can be determined depending on the desired security implementation. For example, a ticketing entity may issue all tickets, all tickets for a given event, all tickets issued by a given ticket-issuing authority, all tickets issued to a specific customer, per ticket, or these A single public / private key pair is required for any combination of possibilities. Thus, the disclosure of a single secret key can affect the security of the system to varying degrees, depending on the number of key pairs and usage patterns.

  Alternatively, the encryption may be symmetric. In this case, the key can be securely stored in a change prevention memory on the document scanner or in the cryptographic processor smart card.

  The labeling scheme can also be used so that the article can be verified entirely based on the label without access to the database.

  However, it is also envisioned that the label scheme can be used in combination with the database verification scheme. For example, barcodes can encode the format of a digital signature thumbnail and can be used on a database to allow fast pre-screening prior to screening. This is actually a very important technique. This is because in some database applications, the number of records can potentially be enormous (eg, millions), and the search method becomes important. In essence, fast search techniques, such as the use of bit strings, can be important.

  As an alternative to barcodes that encode thumbnails, barcodes (or other labels) can also encode record locators, i.e. indexes or bookmarks, which can be used as a database for subsequent comparisons. You can quickly find the right signature within.

  Another variation is that a bar code (or other label) encodes the thumbnail signature, which can be used if the database is not available (eg, temporary offline, or scanning abnormally without internet access) Can be used to obtain a match with reasonable but not high confidence when done remotely). In that case, the same thumbnail can be used for fast record search in the main database when the database is available, thereby performing a more reliable verification.

  Although embodiments have been described in considerable detail above, many variations and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. The appended claims are to be construed to include all such variations and modifications and their equivalents.

It is a schematic side view of the example of a reader apparatus. It is a schematic perspective view which shows how the reading volume of the reader apparatus of FIG. 1 is sampled. It is a block schematic diagram of the functional component of the reader apparatus of FIG. It is a perspective view which shows the external shape of the reader apparatus of FIG. It is a perspective view which shows another example of the external shape of the reader | leader of FIG. It is a perspective view which shows another example of the external shape of the reader | leader of FIG. It is a perspective view which shows another example of the external shape of the reader | leader of FIG. It is a perspective view which shows another example of the external shape of the reader | leader of FIG. It is a schematic perspective view of another example of a reader apparatus. It is a side view which shows roughly the alternative imaging structure of the reader which implemented this invention based on directional light collection and whole surface illumination. FIG. 6 is a plan view schematically illustrating the optical footprint of another alternative imaging configuration of a reader embodying the present invention, in which a directional detector is used in combination with local illumination using an elongated beam. It is a microscopic image of the paper surface, where the image includes an area of about 0.5 × 0.2 mm. FIG. 2 shows raw data consisting of a photodetector signal and an encoder signal from a single photodetector using the reader of FIG. FIG. 8B is a diagram illustrating the photodetector data of FIG. 8A after linearization with an encoder signal and averaging the amplitudes. FIG. 9 shows the data of FIG. 8B after digitization according to the average level. Fig. 4 is a flow diagram showing how an article signature is generated by scanning. 6 is a flowchart showing how a signature of an article obtained by scanning can be verified against a signature database. It is a figure which shows the general view of distributed transaction environments, such as an electronic commerce environment. It is a schematic plan view of an electronic ticket on which a barcode label for encoding a digital signature obtained by authentic measurement surface characteristics is mounted.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Reader apparatus 10 Reading opening 12 Housing 14 Laser source 15 Coherent laser beam 16 Detector apparatus 18 Cylindrical lens 19 Phototransistor, encoder emitter / detector module 20 Subassembly 22 Drive motor 24 Bearing 28 Marker 17 Electrical connection line 21 Electrical connection Line 23 Electrical link 26 Arrow 30 Programmable interrupt control circuit (PIC)
31 Analog-to-digital converter (ADC)
32 Data connection 34 Personal computer (PC)
38 Interface Connection 40 Database 42 Physical Positioning Aid 46 Cylindrical Microlens Array 48 Array Detector 50 Electronic Ticket 52 Lower Area 54 Print Information 56 Scan Area 58 Upper Area 60 Housing 61 Tray 62 Article 64 Supply Roller 70 Leader Housing 71 Slot 72 Guide element 109 Last roller pair 122 Printer 201 Electronic commerce environment 203 Provider 204 Signature database 206 Network 208 User terminal 209 Printer 210 Scanner 211 Request location 212 Scanner

Claims (65)

Conducting a transaction between a first party and a second party, each of said parties being located at first and second locations remote from each other, wherein the result of said transaction is a first Providing from a one party to a second party;
Transmitting data describing a rights token writing format from the first party to the second party;
Writing the rights token at the second location using data describing an export format;
Generating a first signature of the rights token document at the second location, wherein the first signature directs a coherent beam over the rights token document, wherein the coherent beam is the rights token document; Is generated by collecting a set of groups of data points from the signal obtained when scattered by and processing the set of groups of data points, and different sets of groups of data points are Steps associated with scattering by each different part;
Transmitting the first signature to the first party;
Retaining the first signature and its attributes for subsequent authenticity verification of the rights token document.   The method of claim 1, wherein the retaining comprises storing the first signature in a signature database for subsequent authenticity verification.   The step of maintaining the first signature by the first party to generate label data that encodes the first signature according to a machine-readable encoding protocol; 3. A method according to claim 1 or 2, comprising: transmitting to the second party, and writing a label representing the label data to the rights token at the second location.   The method of claim 3, wherein the first signature is encoded in a label using an asymmetric encryption algorithm.   The method of claim 4, wherein the label represents a public key of a public / private key cryptosystem.   6. The method of claim 3, 4 or 5, wherein the label is an ink label applied using a printing process. Generating a second signature of the rights token document at a third location remote from a second location, wherein the second signature directs a coherent beam over the rights token document; Collecting a set of data points from a signal obtained when a beam is scattered by the rights token document and processing the set of data points, a different set of data points Steps associated with scattering by each different part of the rights token document;
7. The method of claim 1, further comprising: comparing the second signature attribute with the first signature attribute to verify the authenticity of the rights token document. Method.   8. A positive comparison result is returned if the comparison step shows substantial identity between the first signature attribute and the second signature attribute. The method according to one item.   9. A method according to any one of the preceding claims, further comprising generating the first signature using a device integrated with a device that writes out the rights token.   10. A method according to any one of the preceding claims, wherein the step of writing out the rights token comprises printing data describing the token on a print sheet.   The method of claim 10, wherein the printed sheet is selected from a paper sheet, a cardboard sheet, a plastic sheet, and a metal sheet.   12. A method according to claim 10 or 11, wherein the print sheet has a pattern thereon prior to printing the data thereon.   13. A method as claimed in any preceding claim, wherein the step of writing the rights token comprises writing data describing the rights to a data storage device.   The method of claim 13, wherein the data storage device is selected from a magnetic storage device or an electronic storage device physically associated with a plastic card or a metal card.   15. A method according to any one of the preceding claims, wherein the token displays a right to goods or services.   The method of claim 15, wherein a right to the goods or services is dependent on a positive verification of the authenticity of the rights token document.   The method according to claim 1, wherein the rights token is a ticket.   The method according to claim 1, wherein the rights token is a payment document.   The method according to any one of claims 1 to 16, wherein the rights token is an access permit.   20. A method according to any one of claims 1 to 19, wherein the first location comprises an electronic commerce server.   21. A method according to any one of claims 1 to 20, wherein the second location comprises a computer terminal.   The method according to any one of the preceding claims, wherein the third location comprises a computer terminal.   23. A method according to any one of the preceding claims, wherein the third location is located at a redemption location of the rights token document. First and second computer systems that are remote from each other and operable to communicate between them via a data communication channel, wherein the first computer system is a user of the second computer system. Operable to conduct a transaction with the first computer system, wherein the result of the transaction is provision of a right to a right token from the first computer system to the user, the first computer system further comprising: First and second computer systems operable to transmit data describing the rights token to the second computer system via the data communication channel;
A writer located in the same location as the second computer system and operable to write out the rights token using the data describing the token;
A credential verification system comprising: a first signature generator co-located with the second computer system and operable to generate a first signature of the rights token document; A generator directs a coherent beam onto the right token document and collects a set of data points from a signal obtained when the coherent beam is scattered by the right token document; The signature generator is further operable to generate the signature by processing a set of data points, wherein different sets of the group of data points are associated with scattering by different portions of the rights token document, A system of authenticity verification operable to transmit the first signature to the first party.   25. The system of claim 24, further comprising a signature database operable to store the first signature for subsequent authenticity verification.   The first computer system processes the first signature to generate label data that encodes the first signature according to a machine-readable encoding protocol, and also processes the label data to the first 26. A system according to claim 24 or 25, operable to transmit to two parties, and wherein the writer is operable to write a label encoding the label data to the rights token.   27. The system of claim 26, wherein the first signature is encoded in the label using an asymmetric encryption algorithm.   28. The system of claim 27, wherein the label represents a public key / private key cryptography public key.   29. A system according to claim 26, 27 or 28, wherein the writer is operable to print the label as an ink label on the rights token document. A second signature generator co-located with a third computer system remote from the second computer system and operable to generate a second signature of the rights token document, the coherent beam Directing over the rights token document, collecting a set of data points from a signal obtained when the coherent beam is scattered by the rights token document, and processing the set of data points A second signature generator operable to generate the second signature by means of which the different sets of data points are associated with scattering by different portions of the rights token document;
30. The computer according to claim 24, further comprising a computer operable to compare an attribute of the second signature with an attribute of the first signature to verify the authenticity of the rights token document. The system according to one item.   32. The system of claim 30, further comprising a focusing device that focuses the coherent beam to the read volume.   The focusing device is configured so that the coherent beam has an elongated focus; and the drive is configured to move the coherent beam over the reading volume in a direction across the long axis of the elongated focus; 32. The system of claim 31.   A detector device includes a plurality of detector channels arranged and configured to sense scattering by different portions of the read volume so that the different sets of data points are scattered by different portions of the read volume. 33. A system according to claims 30 to 32, which is guaranteed to be relevant.   A housing for accommodating at least a part of said detector device, wherein a right token document can be applied to or placed in such a way that the right token document is arranged in the reading volume 34. A system according to any one of claims 30 to 33, further comprising a housing having:   35. A system according to any one of claims 30 to 34, further comprising a rights token document conveyor that moves the article past the coherent beam.   36. A system according to any one of claims 30 to 35, comprising a physical positioning aid for positioning a given form of a token of rights relative to the reading volume in a fixed position.   37. A system according to any one of claims 30 to 36, wherein the detector device consists of a single detection channel.   38. The detector device according to any of claims 30 to 37, wherein the detector device comprises a group of detector elements distributed in an angle and operable to collect a group of data points for different portions of the readout volume. The system according to one item.   39. A device according to any one of claims 30 to 38, wherein the source is mounted to direct the coherent beam onto the readout volume so that the coherent beam strikes a rights token with a substantially normal angle of incidence. System.   40. A system according to any one of claims 30 to 39, wherein the detector device is configured in the form of reflections to detect radiation backscattered by the reading volume.   41. The data acquisition and processing module is operable to further analyze the data points to identify signal elements according to a predetermined encoding protocol and thereby generate a reference signature. The system according to any one of the above.   42. The system according to any one of claims 24 to 41, wherein the writer is co-located with the first signature generator.   43. A system according to any one of claims 24 to 42, wherein the rights token document comprises a printed pattern on a printing substrate or printing sheet.   44. The system of claim 43, wherein the printed sheet is selected from a paper sheet, a cardboard sheet, or a metal sheet.   45. A system according to claim 43 or 44, wherein the print sheet has a pattern thereon prior to printing the data thereon.   44. The system of claim 43, wherein the printing substrate is selected from a packing box or a product.   47. A system according to any one of claims 24 to 46, wherein the rights token document comprises a data storage device.   48. The system of claim 47, wherein the data storage device is selected from magnetic and electronic storage devices physically associated with a plastic card or metal card.   49. A system according to any one of claims 24 to 48, wherein the rights token document displays a right to goods or services.   50. The system of claim 49, wherein the right to the goods or services is dependent on a positive verification of the authenticity of the rights token document.   51. A system according to any one of claims 24 to 50, wherein the rights token is a ticket.   51. The system according to any one of claims 24 to 50, wherein the rights token is a payment document.   51. A system according to any one of claims 24 to 50, wherein the rights token is an access permit.   54. A system according to any one of claims 24 to 53, wherein the third location is a redemption location for the rights token document.   Use of the system according to any one of claims 24 to 54 for verifying the authenticity of a rights token document.   55. Use of the system according to any one of claims 24 to 54 for ascertaining whether a rights token document has been altered. A method for authenticating a ticket, comprising:
Creating a ticket remotely from the ticket issuing entity;
Directing a coherent beam onto the ticket, collecting a set of data points from a signal obtained when the coherent beam is scattered by the ticket, and processing the set of data points Scanning the ticket at the creation location to create a first signature of the ticket, wherein the different sets of data points are associated with scattering by different portions of the ticket; ,
Transmitting the first signature to the issuing entity and retaining the first signature or its attributes for subsequent ticket verification;
In response to presenting the ticket for redemption, direct a coherent beam onto the ticket and collect a set of data points from the signal obtained when the coherent beam is scattered by the ticket; Scanning the ticket to create a second signature of the ticket by processing the set of groups of data points, wherein the different set of groups of data points is different for each of the tickets Steps associated with scattering by the part;
Comparing the attribute of the first signature and the attribute of the second signature to determine the validity confidence of the ticket.   The first signature or its attributes are stored in a database for subsequent ticket verification, wherein the ticket signature is searched for comparison with reference to the database. 58. The method according to Item 57.   The first signature or its attributes are used by an issuing entity to generate label data that encodes a first signature according to a machine-readable encoding protocol, and the label data is transmitted to a second party. , Written to the rights token as a label for subsequent ticket verification at the second location, where the first signature attribute is retrieved for comparison with reference to the database. 58. The method of claim 57. A method for authenticating an access permit, comprising:
Creating an access permit remotely from the entity issuing the access permit;
Direct a coherent beam over the access permit, collect a set of data points from the signal obtained when the coherent beam is scattered by the access permit, and process the set of data points Scanning the access certificate at the creation location to generate a first signature of the access certificate, wherein the different sets of data points are each of the access certificate Steps associated with scattering by different parts of
Transmitting the first signature to the issuing entity and retaining the first signature or its attributes for subsequent access permit verification;
In response to presenting the access permit for redemption, a coherent beam is directed over the access permit and from a group of data points from signals obtained when the coherent beam is scattered by the access permit Scanning the access certificate to create a second signature of the access certificate by processing the set of data points and processing the set of data points, the method comprising: Different sets associated with scattering by different portions of each of the access permits;
Comparing the attribute of the first signature with the attribute of the second signature to determine the validity confidence of the access permit.   The first signature or its attributes are stored in a database for subsequent access certificate verification, where the first signature attribute is retrieved for comparison with reference to the database. 61. The method of claim 60, wherein:   The first signature or its attributes are used by an issuing entity to generate label data that encodes a first signature according to a machine-readable encoding protocol, and the label data is transmitted to a second party. , Written in the rights token as a label for subsequent access certificate verification in the second location, wherein the access certificate verification includes the first signature for comparison with reference to the database. 61. The method of claim 60, wherein attributes are retrieved.   A system substantially as described herein with reference to FIG.   A device substantially as described in the specification.   A method substantially as described in the specification.

Images