The present invention relates to the field of secure credential authentication and, more particularly, to a method and handheld system for detecting and analyzing digital watermarks (DWM) contained in a credential document for authentication. Once the DWM has been detected and analyzed, the results of such detection and analysis may cause the system to trigger an alert or other message to the user of the system as well as, optionally, governmental or other authorities wirelessly from the handheld system.
A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so. Counterfeiting of credentials is a constant and serious problem, irrespective of the type of credential. A great deal of effort goes into finding methods to reduce or prevent counterfeiting. In general, the greater the perceived value of the credential, the greater the problem with counterfeiting and the greater the lengths to which the issuer of the credential must go to prevent fraud.
Credentials that simply establish a person's identity are very widely used. Documentation usually consists of an identity card (sometimes a credential that is also used for other purposes, such as an automobile driver's license), a badge (often machine-readable), etc., issued by a trusted third party after some form of identity verification. Many identification documents use photographs to help ensure their association with their legitimate holders. Some also incorporate biometric information, passwords, PINS, and so on to further reduce the opportunities for fraud. Identification credentials are among the most widely counterfeited credentials.
As such, there is a great need for methods of reducing and preventing counterfeiting of secure credentials.
While it is known to detect and analyze digital watermarks, the present invention provides a system and method of real time verification of identification documents having digital watermarks in a portable, hand-held device, which may be a smart phone or hand-held tablet using a simple hand gesture or waving the reader device at the card or vice versa. The smart phone or tablet may be equipped with downloaded software, which will permit the tablet and/or smart phone's camera to detect one or more digitized watermarks, analyze the watermark(s) using the downloaded software, and determine whether the identification document is authentic. It may then use the determination that the identification document is not authentic to trigger an alarm followed by a series of actions.
Embodiments of the invention provide techniques for the use of a digital watermarking detection and reading device that will allow fast authentication of a secure credential that contain embedded chrominance-based DWM signals. Other embodiments are within the scope of the invention.
A digital watermark (DWM) is embedded information in a digital signal such as pictures, audio, video or any other digital form of media. DWMs may be used, for example, to authenticate media (e.g. authenticate an identity document), identify the owner of media (e.g. a copyright), or communicate secret or hidden messages (e.g. steganography). If the signal is copied the DWM is also carried in the copy. A signal may carry several different DWMs at the same time. A DWM payload is the information or data embedded using a DWM.
A DWM may be visible, such as a text or logo embedded in an image, or invisible where the information cannot be perceived by the naked eye but may be detected by a suitable device. DWMs differ from metadata in that the data is carried directly in the signal. An objective of DWM is to attach ownership or information to a signal in a way that is difficult to remove. Digital watermarking systems and techniques are discussed in U.S. Pat. No. 7,694,887, entitled “Optically Variable Personalized Indicia for Identification Documents”, assigned to L-1 Secure Credentialing, Inc., the entire contents thereof which are incorporated herein by reference.
In regards to images, the DWM may be luminance-based. The DWM signal is embedded in signal intensity. Another form of DWM is chrominance-based. Chrominance-based DWMs embed information in a signal using values in the entire color spectrum. Chrominance-based DWMs are available from a number of sources, including a product named “Chroma”, available from Digimarc Corporation of Beaverton, Oreg. Luminance-based DWMs are also commercially available from a number of sources including Digimarc's “Classic” watermarking technology, again available from Digimarc Corporation of Beaverton, Oreg. Chrominance-based DWMs provide a number of advantages over luminance-based. Because the entire color spectrum is employed, the chrominance-based DWM signal can be stronger, less perceptible and more robust than a luminance-based DWM signal. Additionally, the integrity of the DWM is improved over the lifetime of a printed digital image, such as a credential, as chrominance-based DWMs are less susceptible to aging degradation.
Secure credentials can take many forms ranging from ID-credit card size to ID 3 passport size. One example is a driver's license or other identification document. DWMs may be placed on the document to reduce or prevent counterfeiting of the document and to help ensure the documents association with its legitimate holders. Example information embedded as a DWM in a driver's license may include information about the issuer, owner's name, owner's date of birth, card type, license number, document number, etc.
Covert image 14 (which is shown in
One or more digital watermarks may be embedded in the covert image 14 or in any other area of the ID card 8 as desired.
Digital watermarking systems typically have two primary components: an encoder that embeds the digital watermark in a host media signal, and a decoder that detects and reads the embedded digital watermark from a signal suspected of containing a digital watermark (a suspect signal). The encoder embeds a digital watermark by altering the host media signal. The reading component analyzes a suspect signal to detect whether a digital watermark is present. In applications where the digital watermark encodes information, the reader extracts this information from the detected digital watermark. The reading component can be hosted on a wide variety of tethered or wireless reader devices, from conventional PC-connected cameras and computers to fully mobile readers with built-in displays. By imaging a watermarked surface of the card, the watermark's “payload” can be read and decoded by this reader.
Returning to the present implementation, in accordance with this embodiment of the invention, a digital watermark is embedded in the covert image 14. For purposes of illustration, assume that the cover image 14 is a UV image. A watermark detector can only read the covert watermark if the host identification document 8 is subject to appropriate UV stimulation at the same time that the host identification document is presented to the watermark detector. This provides additional security to the identification (ID) document 8, because even if a counterfeiter is able to access UV inks to print a bogus cover image 14, the bogus covert image 14 will not contain the embedded digital watermark. Of course, mere photocopying or scanning of the identification document 8 will similarly frustrate the counterfeiter, who will be unable to reproduce, through scanning or photocopying, either the covert image 14 or the watermark contained therein.
In one embodiment, the watermark embedded in the covert image 14 may include a payload or message. The message may correspond, e.g., to the ID document number, printed information, issuing authority, biometric information of the bearer, and/or database record, etc. The watermark embedded in the covert image 14 may also include an orientation component, to help resolve image distortion such as rotation, scaling and translation. In at least one embodiment of the invention, we embed two or more watermarks in the OVD image.
In addition, the information may be broken into a primary DWM and a secondary DWM payload. The primary is embedded in the portrait of the identity document. The secondary is embedded in the background of the document. The two DWM payloads may contain overlapping or duplicate information. This will extend the longevity of the reading after the card has been used for several years, as a strategy to maintain robustness, error correction and managing severe service. By providing duplicate information in spaced-apart portions of the identity document, if one portion of the document becomes unreadable for some reason (wear or smudging) the same information will be readable from another portion of the document.
Furthermore, data embedded in a DWM may be further encoded or encrypted to prevent counterfeiting.
In Step 202, the step of acquiring the DWM may comprise digitally capturing a DWM image using a visual inspection device and processing hardware.
Steps 204 and 206, those of detecting and extracting a DWM payload, may comprise, as mentioned, using the camera 301 to detect one of more DWMs.
Step 208 that of Authenticating DWM payload, may comprise, as mentioned above, using the software in the smart phone to extract the DWM payload(s).
Step 210, is a step to determine whether the ID is authentic or not authentic.
Turning now to
In step 214, as shown in
In one embodiment of the invention, the method of
In one embodiment, the secure credential is aligned prior to image capture to minimize artifacts introduced by the rotation of the image during the payload extraction step.
It is envisioned that the software module which provides the ability to read and capture and analyze a DWM may be available either from a vendor or, possibly, from an “app store” that can be downloaded from the app store with suitable payment facilities. Of course, given the security sensitivity of the authentication process, the downloading of the app or the software module may be excluded from a public app store and access may be restricted to the user downloading the app and/or software module from an approved vendor or from a governmental authority. Updates to the software may be automatically sent to the smart phone or other portable device automatically in a “push” environment. It may also be envisioned that the smart phone or other portable device may be required to be purchased from the vendor preloaded with further security applications to prevent the smart phone, should it be lost or stolen, to be used by unauthorized parties. Further enhancements may prevent the software module from falling into the wrong hands by utilizing a function contained in certain smart phones to detect the theft of the smart phone or other device. Upon such detection of loss or of the device being stolen, the software module which authenticates the DWM would be automatically deleted from the device to prevent the software module from being acquired by an unauthorized third party.
Other embodiments are within the scope and spirit of the invention. For example, due to the nature of software, functions described above can be implemented using software, hardware, firmware, hardwiring, or combinations of any of these. Features implementing functions may also be physically located at various positions, including being distributed such that portions of functions are implemented at different physical locations.
The processes and logic flows described in this specification, including the method steps of the subject matter described herein, can be performed by one or more programmable processors executing one or more computer programs to perform functions of the subject matter described herein by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus of the subject matter described herein can be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit).
Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, (e.g., EPROM, EEPROM, and flash memory devices); magnetic disks, (e.g., internal hard disks or removable disks); magneto-optical disks; and optical disks (e.g., CD and DVD disks). The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
Many kinds of devices can be used to provide for interaction with a user as well. For example, feedback provided to the user can be any form of sensory feedback, (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user can be received in any form, including acoustic, speech, or tactile input.
The subject matter described herein can be implemented in a computing system that includes a back-end component (e.g., a data server), a middleware component (e.g., an application server), or a front-end component (e.g., a client computer having a graphical user interface or a web browser through which a user can interact with an implementation of the subject matter described herein), or any combination of such back-end, middleware, and front-end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
Further, while the description above refers to the invention, the description may include more than one invention.
This application claims priority to U.S. Patent Application No. 61/603,632, filed Feb. 27, 2012, the entirety of which is herein incorporated by reference.
Number | Name | Date | Kind |
---|---|---|---|
5432864 | Lu | Jul 1995 | A |
5997345 | Inadama | Dec 1999 | A |
7694887 | Jones et al. | Apr 2010 | B2 |
20020193094 | Lawless et al. | Dec 2002 | A1 |
20040213437 | Howard | Oct 2004 | A1 |
20070291988 | Karimov et al. | Dec 2007 | A1 |
20080116276 | Lo | May 2008 | A1 |
20080149713 | Brundage | Jun 2008 | A1 |
20100038514 | Yu | Feb 2010 | A1 |
20100078290 | Chang | Apr 2010 | A1 |
20110317875 | Conwell | Dec 2011 | A1 |
Number | Date | Country |
---|---|---|
2302599 | Mar 2011 | EP |
20050103977 | Nov 2005 | KR |
Entry |
---|
International Search Report and Written Opinion, PCT/US2013/027802, dated Jun. 3, 2013, 9 pages. |
European Search Report dated Oct. 6, 2015 from corresponding European Application No. 13755589.2, 3 pages. |
Number | Date | Country | |
---|---|---|---|
20130223674 A1 | Aug 2013 | US |
Number | Date | Country | |
---|---|---|---|
61603632 | Feb 2012 | US |