System and Method for Printing Documents Containing Dynamically Generated Security Features

TECHNICAL FIELD

Various inventive embodiments disclosed herein relate generally to document protection methods and products, and more particularly, to systems and methods for facilitating printing of documents containing hidden security features that are dynamically generated.

BACKGROUND

Security features are embedded in documents such as official and/or valuable documents. Security features in the documents are modified upon reproducing the document to thereby inhibit unauthorized copies of the documents from being made. Such security features can include latent features that are largely indistinguishable within the background of the document on an original, but which become distinguishable in a reproduction of the document such as in a scanned reproduction of the document. By embedding features that distinguish an original document from reproductions thereof, counterfeit versions and other unauthorized copies can be more readily detected. Thus, such documents including embedded security features offer an indicator of authenticity to ensure that a particular printed version of the document is an original.

In applications such as commercial paper documents, security features are typically incorporated in a background of the document with latent security features embodied as words that will appear in reproductions of the commercial paper document. In reproductions of the document, the latent security features become visible, which allows unauthorized copies to feature words such as “void” or “copy” to indicate it is not an original. However, the background of the commercial paper document is generally static with pertinent information being printed, typed, or rendered over or adjacent the static background.

Conventional methods and products involve preparing an original document by printing or lithography on high quality print media to achieve high resolution printing in order to effectively embed the above-described security features. Prior printing systems for generating documents with embedded security features employ offset printing technology to produce prints at approximate resolutions of at least 2400 dots per inch.

Previously described systems and printers for printing secure physical documents have generally required that document printing instructions, potentially containing sensitive or confidential information, be sent to servers through a network, such as the Internet. Generally, the ability to generate and/or embed security features in printing instructions has been provided through remotely-located servers to prevent malicious uses of such document security technology, such as, for example, counterfeiting. However, requiring the use of a server on a network for printing a physically secure document introduces a number of potential drawbacks: for example, server and/or network downtime can prevent a user from printing the physical secure document. Sending the document over the Internet can risk compromising the security of the document. Therefore, a need exists for systems and printers capable of printing physically secure documents which overcome drawbacks of existing systems. Additionally, it is desirable to develop a system capable of adding security features to a printed document while maintaining the existing interface, e.g. using an existing print driver instead of requiring a special print driver.

SUMMARY

A system for dynamically generating at least one security feature for securing information within a document includes a computing device. The computing device has stored therein a printing instruction. Additionally, the computing device is communicatively coupled to a printing device. The printing device is configured to receive the printing instruction from the computing device. Responsive to receiving the printing instruction, the printing device generates a security feature and modifies the printing instruction to include the security feature. The modified printing instructions cause the printing device to print a document containing the security features.

A system for adding security indicia to a document includes a computing device having at least one print driver. A processing device is communicatively coupled to the print driver of the computing device. Additionally, a raster image-processing module is communicatively coupled to the processing device. The processing device is configured to receive a printing instruction from the print driver. The processing device is further configured to processes parameter data to add at least one security indicia to the printing instruction. The processing device is also configured to send the printing instruction with the at least one security indicia to the raster image-processing module for printing a document containing a security feature according to the printing instruction.

Another aspect includes a method for printing a document with an embedded security feature. The method includes receiving a print instruction. Once a print instruction is received, the method includes generating at least one security feature based on the print instruction. The method also includes creating a modified printing instruction by integrating the at least one embedded security feature with the printing instructions. Finally, the method includes printing the document with the embedded security feature according to the modified printing instructions.

A security system includes a communication module configured to receive a print instruction and transmit a modified print instruction. The security system also includes a computing device communicatively coupled to the communication module. The computing device is configured to create a modified print instruction based on the received print instruction and a set of parameter data. Further, the modified print instruction includes at least one embedded security feature.

The foregoing and additional aspects and embodiments of the present disclosure will be apparent to those or ordinary skill in the art in view of the detailed description of various embodiments and/or aspects, which is made with reference to the drawings, a brief description of which is provided next.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated into this specification, illustrate one or more exemplary embodiments disclosed herein and, together with the detailed description, serve to explain the principles and exemplary implementations of the present disclosure. One of skill in the art will understand that the drawings are illustrative only, and that what is depicted therein may be adapted based on the text of the specification and the spirit and scope of the teachings herein.

FIG. 1 is a block diagram of a system for printing a secure physical document incorporating dynamically embedded security features according to an illustrative embodiment.

FIG. 2 is a block diagram of an alternative embodiment of a system for printing a secure physical document incorporating dynamically embedded security features.

FIG. 3 is a block diagram of another alternative embodiment of a system for printing a secure physical document incorporating dynamically embedded security features.

FIG. 4 is a block diagram of a system, including a print server, for printing a secure physical document incorporating dynamically embedded security features according to an illustrative embodiment.

FIG. 5 is a block diagram of a system, including a security service provider, for printing a secure physical document incorporating dynamically embedded security features according to an illustrative embodiment.

FIG. 6 is a flowchart describing the steps of a method for preparing a secure document according to an embodiment of the present disclosure.

FIGS. 7A-7C illustrate an exemplary process of applying hidden security features to an example health care document, according to an embodiment of the present disclosure.

While this disclosure is susceptible to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and will be described in detail herein. It should be understood, however, that this disclosure is not intended to be limited to the particular forms disclosed. Rather, this disclosure is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the concepts described herein, as defined by the appended claims.

DETAILED DESCRIPTION

It should be understood that this disclosure is not limited to the particular methodology, protocols, etc., described herein and as such may vary. The terminology used herein is for the purpose of describing particular embodiments only, and is not intended to limit the scope of the present disclosure, which is defined solely by the claims.

The following examples illustrate some embodiments and aspects of the present disclosure. It will be apparent to those skilled in the relevant art that various modifications, additions, substitutions, and the like can be performed without altering the spirit or scope of this disclosure.

In the present application, a computing device may include a client application. The computing device can be any number of devices (e.g., computer, internet kiosk, personal digital assistant, cell phone, smart phone, gaming device, desktop computer, laptop computer, tablet computer, remote server, a television with one or more processors embedded therein or attached thereto, a set-top box, etc.). According to some embodiments, the computing device is communicatively coupled to a communication network. A communication network may be a wireless, optical, wired and/or other type of network that facilitates the passage of information. It may include the Internet, one or more local area networks (LANs), one or more wide area networks (WANs), other types of networks, or a combination of such networks. According to some embodiments, the client application (e.g., browser, e-mail client, word processor) is an application that is executed by the computing device, which displays or presents information to a user of the computing device, as well as providing additional functionalities or capabilities to the user.

According to some embodiments, a computing device as described herein may include one or more processing units (CPUs), one or more network or other communications interfaces, memory, and one or more communication buses for interconnecting these components. The computing device may include a user interface, for instance, a display and a keyboard. The memory may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic or optical storage disks. The memory may include mass storage that is remotely located from CPU's. The memory may store the following elements, or a subset or superset of such elements: an operating system that includes procedures for handling various basic system services and for performing hardware dependent tasks; a network communication module (or instructions) that is used for connecting the customer client system to other computers via the one or more communications interfaces (wired or wireless), such as the Internet, other wide area networks, local area networks, metropolitan area networks, and so on; a client application as described above; a cache of recently accessed items; and other data related to the systems and applications described herein.

FIG. 1 is a block diagram of a system 100 for printing a secure physical document 130 via a printer 120 according to an illustrative embodiment. In this embodiment, a computing device 102 is communicatively coupled to printer 120. In some embodiments, printing instructions 110 such as page description language (“PDL”) instructions are used as a communication mechanism between computing device 102 and printer 120 that enables document 130 to be printed on printer 120.

According to some embodiments, printer 120 can be any suitable printing device employing any suitable printing technology. For example, a printer may be a peripheral, which produces text or graphics on a suitable substrate, such as paper. In some embodiments, an inkjet printer or laser printer is used with a computing device 102, such as a desktop computer, laptop computer, or smart phone, in order to prepare secure documents according to aspects of the present disclosure.

According to some embodiments, computing device 102 can be a personal computer, a server, a smart-phone, a tablet, or any other device that includes a central processing unit, a memory, and a communication interface. In some embodiments, computing device 102 can include an output device, such as a monitor, for displaying content (e.g., a source document to be printed) and an input device, such as a mouse and/or keyboard, for receiving user inputs (e.g., a request to print a source document). In some embodiments, computing device 102 includes storage hardware such as a magnetic hard drive, solid-state drive, or other memory.

Although FIGS. 1-5 show the computing device 102 as a number of discrete items, the figures are intended more as a functional description of the various features which may be present in the computing device 102 rather than a structural schematic of the embodiments described herein. In practice, and as recognized by those of ordinary skill in the art, items shown separately could be combined and some items could be separated. For example, some items shown separately in the figure could be implemented on a single computing device and single items could be implemented by one or more computing devices.

In some embodiments, computing device 102 comprises a memory 103, a source document 104, an input/output module 105, a processor 107 and a print driver 106. According to some embodiments, memory 103 is any computer readable memory communicatively coupled with processor 107. Source document 104 may be electronically stored in memory 103. Additionally or alternatively, computing device 102 may include an input/output module 105 which is communicatively coupled to the processor 107. The input/output module 105 can receive input from external sources, such as a keyboard or mouse, and provide output to a monitor or other output device. The processor 107 may be any microprocessor capable of executing software and/or firmware instructions, for example, software instructions stored in memory 103.

In some embodiments, print driver 106 is pre-installed and can be configured to receive a request for printing instructions 108 representative of source document 104. In some embodiments, source document 104 can be transmitted to print driver 106 through standard print functions included in the operating system (not shown in FIG. 1) executing on the processor 107 of computing device 102, such as the print function from the menu provided by a document application such as Microsoft Word, Adobe PDF, or other document viewer/editor.

In some embodiments, print driver 106 can be a generic printer driver or a printer-specific driver, for example a driver supplied by the manufacturer of the computing device 102 and/or printer 120. Print driver 106 can be configured to generate printing instructions 110. Printing instructions 110 can be information adapted to communicate directly with printer 120 in a printer-specific language, such as XML Paper Specification (XPS) file type, Encapsulated Postscript (EPS) file type, Printer Control Language 6 (PCL6), PostScript, Internet Printing Protocol (IPP), or other language. In some embodiments, printing instructions 110 generated by print driver 106 can be sent directly to printer 120.

In some embodiments, source document 104 can be, for example, a file, a document, or other graphical and/or textual content displayed to a user of computing device 102. Additionally or alternatively, source document 104 can be a digital document or a file stored in memory 103 of computing device 102. However, persons having ordinary skill in the art will recognize that source document 104 does not need to be stored in memory 103 of computing device 102; for example, source document 104 can be a digital document or file stored remotely from the computing device 102, for example on a removable storage device (e.g. USB flash drive, portable hard drive, etc.) or on a network-accessible storage device (e.g. local network storage appliance, server, or cloud-based storage service).

In some embodiments, print driver 106 is configured to receive a request (“query”) for printing instructions 108 from the processor 107. Request for printing instructions 108 can optionally be initiated in response to a user input via the input/output module 105 on the computing device 102, such as, for example, entering one or more key strokes or selecting a selectable region of a graphical user interface. Additionally or alternatively, request for printing instructions 108 can optionally be initiated by a user command to print a source document 104. Additionally or alternatively, request for printing instructions 108 can optionally be initiated without any relation to a user action, such as at a predetermined interval or in response to an external action or signal that is not associated with computing device 102 or its user.

According to some embodiments, computing device 102 can be communicatively coupled to printer 120 in a variety of manners, such as parallel, USB, serial, electro-optical, or wireless connection technologies. In some embodiments, printer 120 is a consumer-level printer system that is commercially available through, for example, an office supply store or similar venue for purchasing electronics for home use such as Office Depot, Staples, Best Buy, Amazon.com or other store. In some embodiments, printer 120 can be, for example, an ink jet printer or a laser jet printer, and can print secure physical documents 130 with resolutions of approximately 600 to 1200 dots per inch (“DPI”), measured in actual DPI (as opposed to enhanced DPI which is actually a lower DPI resolution that is filled in using interpolation).

While present embodiments of this disclosure are described to include computing device 102 and printer 120 as physically separate devices, persons having ordinary skill in the art will recognize that computing device 102 and printer 120 can represent a single device including the capabilities of both computing device 102 and printer 120. In some embodiments, computing device 102 and printer 120 can represent individual hardware units physically resident within a single device housing. For example, computing device 102 and printer 120 can represent logic and printing hardware units within a retail kiosk.

In some embodiments, printer 120 includes a pre-processor firmware module 122, parameter data 124, a user interface 125, and a raster image-processing (“RIP”) module 128. In some embodiments, pre-processor firmware module 122 can be configured to access parameter data 124 from data storage (not separately depicted) on printer 120 and/or communicatively coupled thereto. In some embodiments, pre-processor firmware module 122 is communicatively coupled to RIP module 128 and user interface 125, for example via a bus protocol or other hardware communication mechanism (e.g. USB, serial, network card, FireWire, and the like).

In some embodiments, pre-processor firmware module 122 can be a hardware-based or firmware-based processing device, e.g., an Application-Specific Integrated Circuit (ASIC), Programmable Logic Device (PLD), field-programmable gate array (FPGA), or other specialized processing hardware. In some embodiments, user interface 125 can be, for example, a graphical user interface (e.g. touch-screen based menus or other graphical input options), physical user interface (e.g. buttons, knobs, and the like), auditory interface (e.g. voice recognition), and/or other type of interface for acquiring input from a user of printer 120. In some embodiments, user interface 125 presents information received from pre-processor firmware module 122 to the user and enables the user to select specific security features of interest to be included in a particular source document 104. In some embodiments, pre-processor firmware module 122 can be configured to generate a security feature using parameter data 124 and embed the generated security feature in the printing instructions 110 to form printing instructions containing security indicia 126, for example, using the method 600 described below or similar method. Pre-processor firmware module 122 can be configured to send printing instructions containing security indicia 126 directly to RIP module 128, which utilizes the instructions for printing a secure physical document 130.

In some embodiments, parameter data 124 can include pre-configured settings for generating security features. For example, in some embodiments, parameter data 124 includes data for identifying specific security features, such as a lookup table associating particular colors with particular security features.

Parameter data 124 can comprise template data 124A, hidden or encoded image/text data 124B, and/or image/security generation data 124C. Parameter data 124 can comprise template data 124A, which provides data for identifying material in a source document 104 based on, for example, pattern templates. For example, template data 124A may provide data to identify a social security number by the pattern XXX-XX-XXXX, or identify other pattern based information, such as a credit card number.

Parameter data 124 can comprise hidden or encoded image/text data 124B, which provides data for identifying encoded fields in the document to be secured according to specific security parameters. For example, hidden or encoded image/text data 124B may provide data to identify fields encoded using a pre-defined color indicative of a security parameter. As an alternative example, hidden or encoded image/text data 124B may provide data to identify a region of the document, such as a signature block, to be secured.

Also, parameter data 124 can comprise image/security generation data 124C, which provides information required for the generation and/or application of specific security features. For example, in some embodiments, for a security feature requiring a foreground line screen pattern and a background line screen pattern, image/security generation data 124C provides information as to the foreground screen type, line frequency, angle, and density as well as the background screen type, line frequency, angle, and density.

Other examples of parameter data 124 (e.g. “customization data”) for generating security features for embedding in secure physical documents 130 have been previously described, for example, in U.S. Provisional Patent Application No. 61/555,843 “System and Method for Dynamic Generation of Embedded Security Features in a Document,” which is incorporated herein by reference in its entirety.

In some embodiments, RIP module 128 can be, for example, a firmware program executed on a microprocessor, a dedicated piece of hardware, or an independent software program inside printer 120 that converts printing instructions containing security indicia 126 into a raster image having a native resolution of 600 dpi or above. Printer 120 prints the raster image as a secure physical document 130.

By including parameter data 124 in printing instructions containing security indicia 126, secure physical document 130 can include one or more embedded security features 132. Examples of embedded security features 132 have been previously described, for example, in US Provisional Patent Application No. 61/555,843 “System and Method for Dynamic Generation of Embedded Security Features in a Document;” U.S. patent application Ser. No. 11/495,900 entitled “Covert Document System;” and U.S. patent application Ser. No. 11/741,394 entitled “Document with Linked Viewer File for Correlated Printing;” each of which are incorporated herein by reference in their entirety.

In some embodiments, the embedded security features 132 can include data that is configured to cause a secured physical document to include, when printed, an image having a foreground a background. One or both of the foreground or background may include a line screen pattern (e.g., a pattern of regularly spaced lines, dots, symbols, characters, and/or other print elements having a characteristic line frequency and/or print density). The foreground and the background of the image may be configured such that a scanned reproduction of an original printed version of the secured physical document is reproduced in an altered form relative to the original printed version. For example, the foreground of the image may include a latent image that is embedded within a visually integrated setting of the secured physical document. The latent image may be substantially indistinguishable from the background with the naked eye in the original printed version, but become visible in a scanned reproduction.

Some embodiments of the present disclosure utilize electronic documents referred to as markup files. Markup files include tags (also referred to as glyphs, hashs, etc.) to specify the contents, format, and other information relating to particular portions of a document. Markup files generally allow the contents of the electronic document (e.g., text strings, images, etc.) and the formatting associated with the various contents (e.g., page location within a document, font color, font type, font size, font weight, background color, paragraph formatting, etc.) to be retrieved from the file without resorting to optical character recognition (“OCR”) technology to reconstruct text string content from raster images. In addition, markup files generally require less storage space and are more readily edited via a word processing software program or other document viewing/manipulation software program to, for example, change or specify a color for a particular string of text within the document.

According to some embodiments of the present disclosure, portions of an electronic document that are desired to be modified with security features are indicated by tagging the desired portions with particular color(s) that are associated with desired security feature(s). Utilizing color as a tagging mechanism to identify regions and/or portions of an electronic document to be modified according to digital security technologies advantageously allows aspects of the present disclosure to be applicable to virtually any editable document format which allows for specifying font color, background color, and/or highlighting color, etc. so a particular color can be associated with a selected portion of the electronic document.

Some embodiments of system 100 provide improved functionality or functionality previously unavailable to print secure physical documents with dynamically generated embedded security features on printers using standard print drivers. Some examples of the present embodiment advantageously provide systems for dynamically generating embedded security features using printers with specialized hardware and/or firmware. Some examples of the present embodiment further provide systems for embedding dynamically generated security features in printer instructions, such as page description language (PDL) instructions, without the need to send data representative of potentially sensitive or confidential documents to external or remotely located print servers. Some examples of the present embodiment further provide systems for printing physical secure documents which eliminate the existing need for additional software applications on the computing device. As some embodiments may comprise a plurality of computer devices 102 communicatively coupled to a printer 120 (for example, in embodiments where the printer 120 is a shared, network printer), the system described herein provides a single place where security information is stored, allowing for a single point of security to protect this information.

FIG. 2 is a block diagram of a system 200 for printing a secure physical document 130 on printer 120 according to an illustrative embodiment. According to this embodiment, a computing device 102 prepares printing instructions containing security indicia 126, which are sent from the computing device 102 to a printer 120. The printer 120 then prints the secure physical document 130 according to the printing instructions containing security indicia 126.

In the present embodiment, computing device 102 comprises a memory 103, a source document 104, an input/output module 105, a processor 107 and a print driver 106, and parameter data 124. In some embodiments, parameter data 124 can be stored in local data storage on computing device 102, such as memory 103, or parameter data 124 can be stored remotely on a device communicatively coupled to computing device 102. Additionally or alternatively, parameter data 124 can be provided via input from a user, for example, via a keyboard, mouse, graphical user interface, or other input mechanism associated with computing device 102 via the input/output module 105. In some embodiments, parameter data 124 can be directly accessed by or provided as a second input to print driver 106.

According to some embodiments, printer 120 is free of specialized hardware, firmware, or software (e.g., pre-processor firmware modules) for embedding security features in documents. To enable computing device 102 to generate printing instructions containing security indicia 126 (e.g., PDL instructions with security features embedded therein), print driver 106 additionally includes a driver software module 202. Print driver 106 can be communicatively coupled to driver software module 202, for example, through a software communication interface, such as via inter-process communication methods, application programming interface (“API”) calls, message passing, signaling, message queues, shared memory space, and/or remote procedure calls or other methods. In some embodiments, driver software module 202 can be, for example, a software plug-in which provides additional functionality to print driver 106. Additionally or alternatively, driver software module 202 can include, for example, custom printing formats provided as pre-defined security templates in print driver 106.

Driver software module 202 provides functionality for generating an embedded security feature. In some embodiments, driver software module 202 can be configured to dynamically generate an embedded security feature using parameter data 124. In some embodiments, driver software module 202 can dynamically generate an embedded security feature responsive to user input to the computing device 102, such as, for example, via an interface associated with the computing device 102 used to select and/or define criteria for the dynamically generated security feature. Driver software module 202 can be configured to embed a dynamically generated security feature in printing instructions (not separately depicted) generated by print driver 106 to form printing instructions containing security indicia 126. Driver software module 202 can be configured to send printing instructions containing security indicia 126 to printer 120, which are then utilized by RIP module 128 to print secure physical document 130.

Some embodiments of system 200 thus provide improved functionality or functionality previously unavailable, allowing for the preparation and printing of secure physical documents with dynamically generated embedded security features, while using a printer free from specialized hardware and/or firmware for embedding security features. Some examples of the present embodiment further enable existing printers and/or printers not specifically designed with functionality for generating embedded security features to print secure physical documents. According to some embodiments, functionality for effecting printing of a secure physical document is contained within a native print driver on the computing device.

FIG. 3 is a block diagram of a system 300 for printing a secure physical document 130 on printer 120 according to an illustrative embodiment. According to some embodiments, a pre-processor firmware module 122 within printer 120 receives printing instructions 110 and parameter data 124. The firmware module 122 uses these inputs to generate printing instructions containing security indicia 126 for use by the RIP module 128, ultimately allowing secure document 130 with embedded security feature 132 to be printed by printer 120.

In such embodiments, pre-processor firmware module 122 can be configured to receive printing instructions 110 and parameter data 124 as separate data streams; that is, the parameter data indicative of the embedded security feature(s) may not be in a printer definition language, but instead in a XML data output stream, database lookup, HTTP query, HTTPS query, data packet, packet wrapper, object based data stream, or any other data stream format or secure (e.g., encrypted) data stream format.

To process parameter data 124, in certain embodiments, print driver 106 includes a driver software module 302. Print driver 106 is communicatively coupled to driver software module 302 through a software communication interface, such as via inter-process communication methods, API calls, message passing, signaling, message queues, shared memory space, and/or remote procedure calls or other methods. In some embodiments, driver software module 302 can be, for example, a software plug-in which provides additional functionality to print driver 106. Additionally or alternatively, driver software module 302 can include custom printing formats provided as pre-defined security templates in print driver 106.

In some embodiments, driver software module 302 can be configured to dynamically generate a security feature using parameter data 124. In some embodiments, driver software module 302 can optionally generate a security feature using parameter data 124 responsive to user input to the computing device 102, such as via a graphical user interface employed by the user of computing device 102 via the input/output module 105, to define criteria for the dynamically generated security feature. Additionally or alternatively, driver software module 302 can optionally generate a security feature using parameter data 124 based on analysis of source document 104, for example by identifying particular formatting or tagging embedded in source document 104.

Some embodiments of system 300 allow the functionality of generating security features to be logically and/or physically separated from the integration of those features in the print stream, thereby affording additional options for enhanced security and/or control of security feature generation algorithms and capabilities.

FIG. 4 is a block diagram of a system 400 for printing a secure physical document 130 on printer 120 using a print server 402 according to an illustrative embodiment. According to such embodiments, computing device 102 is communicatively coupled to print server 402, and print server 402 is communicatively coupled to printer 120. A pre-processor module 408 is contained in print server 402. The pre-processor module 408 receives printing instructions 110, and parameter data 124, and uses these inputs to facilitate the preparation of printing instructions containing security indicia 126 which facilitate the printing of secure physical document 130 by printer 120.

In some embodiments, computing device 102 can be communicatively coupled to the print server 402, for example, via a network connection, such as a local area network (LAN) connection, wide area network (WAN) connection, Internet Protocol (IP) network connection, virtual private network (VPN) connection, cellular network (e.g. CDMA, GSM, LTE, etc) wireless network connection (e.g. Wi-Fi, 802.11x), Bluetooth network connection, or other network connection. Additionally or alternatively, computing device 102 can be communicatively coupled to print server 402 by a physical connection, for example parallel, USB, serial, electro-optical, and/or wireless connection technologies. Print server 402 can be, for example, a physical or virtual network server. In some embodiments, print server 402 can reside on a network, for example a local area network, wide area network, Internet Protocol (“IP”) network, and the like. In some embodiments, print server 402 can be a software-as-a-service product provided through a public or private cloud or intranet. In some embodiments, print server 402 can reside as a physical or virtual server embedded in printer 120. In some embodiments, print server 402 can be, for example, configured as a network-based printer driver operative to provide printing instructions containing security indicia 126 to printer 120 for printing secure physical document 130.

In such embodiments, print server 402 includes a pre-processor module 408 to generate printing instructions containing security indicia 126 from printing instructions 110 and parameter data 124. In some embodiments, parameter data 124 can be, for example, pre-defined settings or templates stored in local data storage (not separately depicted) on print server 402.

Some examples of such embodiments may not require computing device 102 to include a pre-installed print driver 106. Instead, print driver 106 can be, for example, installed on computing device 102, for example over a network connection, by a shared print driver 404 and/or print server 402 responsive to a driver request 406. In some embodiments, request for printing instructions 108 on computing device 102 can initiate a driver request 406 to print server 402, for example, if print driver 106 is not already installed on computing device 102.

In some embodiments, shared print driver 404 can be a generic printer driver or a printer-specific driver, for example a driver supplied by the manufacturer of the computing device 102, print server 402, and/or printer 120. In some embodiments, shared print driver 404 can represent, for example, a print queuing mechanism for handling print requests submitted to print server 402. In some embodiments, shared print driver 404 can be copied from print sever 402 to computing device 102 responsive to a driver request 406. Alternatively, shared print driver 404 can be, for example, executable code capable of installing print driver 106 on computing device 102.

In some embodiments, print driver 106 can optionally include driver software module 302. However, persons having ordinary skill in the art will recognize that some examples of the present embodiment do not require driver software module 302 as this functionality can be encapsulated in pre-processor module 408.

In some embodiments, pre-processor module 408 can be a hardware-based or firmware-based processing device, e.g. an ASIC, PLD, FPGA, or other specialized processing hardware for dynamically generating a security feature based on parameter data 124. Additionally or alternatively, pre-processor module 408 can be a software module for dynamically generating a security feature based on parameter data 124 and/or tags and other information contained in printing instructions 110. Additionally or alternatively, pre-processor module 408 can be configured to embed a generated security feature in printing instructions 110 to form printing instructions containing security indicia 126. Additionally or alternatively, pre-processor module 408 can be configured to send printing instructions containing security indicia 126 to printer 120.

In some embodiments (not pictured), pre-processor module 408 can be configured to receive printing instructions 110 and parameter data 124 from print driver 106 on computing device 102. Additionally or alternatively, pre-processor module 408 can be configured to receive printing instructions 110 from print driver 106 on computing device 102, and read parameter data 124 from data storage (not separately depicted) on print server 402.

According to some embodiments, print server 402 can be communicatively coupled to the printer 120 via parallel, USB, serial, electro-optical, and/or wireless connection technologies. Additionally or alternatively, print server 402 can be communicatively coupled to printer 120 via a network connection, such as for example a LAN connection, WAN connection, IP network connection, VPN connection, wireless network connection, Bluetooth network connection, or other network connection.

Some embodiments of system 400 thus provide improved functionality or functionality previously unavailable, facilitating the printing of secure physical documents with dynamically generated embedded security features, where the functionality of generating and embedding security features is located on a print server 402 external to a printer 120 and computing device 102, thereby enabling network printing of secure documents from any number of remotely connected computing devices. Because the security features are embedded at the print server 402, and not at the printer 120 or computing device 102, this allows for enhanced security as the specifics of the security feature generation process are hidden from both the computing device 102 and the printer 120.

FIG. 5 is a block diagram of a system 500 for printing a secure physical document 130 on a printer 120 via a security service provider 506 (e.g., a security appliance) according to an illustrative embodiment. According to such embodiments, printer 120 is communicatively coupled to both computing device 102 and security service provider 506.

In this embodiment, printer 120 comprises a firmware module 502 that is communicatively coupled to RIP module 128 (e.g. via a bus protocol or other hardware communication mechanism such as USB, serial, network card, FireWire, etc.). Additionally, printer 120 can optionally include user interface 125 communicatively coupled to firmware module 502 such as via a bus protocol or other suitable hardware communication mechanism.

Firmware module 502 can be, for example, a firmware based processing device (e.g. an ASIC, PLD, FPGA, or other specialized processing hardware) for enabling printer 120 to perform one or more of the following functions: receiving printing instructions 110 from print driver 106; transmitting security requests 504 to security service provider 506; receiving security instructions 510 from security service provider 506; generating printing instructions containing security indicia 126 based on printing instructions 110 and/or security instructions 510; and transmitting printing instructions containing security indicia 126 to RIP module 128 for printing.

In some embodiments, security request 504 can include, for example, metadata identifying a desired security feature for incorporation into security instructions 510. Additionally or alternatively, security request 504 can include metadata describing the characteristics or capabilities of printer 120. Additionally or alternatively, security request 504 can include security parameters received via a user interface 125 of printer 120. Additionally or alternatively, security request 504 can include metadata describing printing instructions 110 and/or source document 104.

According to some embodiments, printer 120 can be communicatively coupled to security service provider 506, for example, via a network connection, such as a LAN connection, WAN connection, IP network connection, VPN connection, wireless network connection, Bluetooth network connection, and/or other network connection. Additionally or alternatively, printer 120 can be communicatively coupled to security service provider 506, for example via a bus protocol and/or other hardware communication mechanism (e.g. USB, serial, network card, FireWire, and the like). In some embodiments, security service provider 506 is a cloud-based service in communication with printer 120 via the Internet, an intranet, virtual private network, WAN, LAN, or other network.

According to such embodiments, security service provider 506 comprises parameter data 124 and security module 508. In some embodiments, security module 508 can be configured to access parameter data 124 from data storage (not separately depicted) on or communicatively coupled to security service provider 506. Security module 508 can be, for example, a hardware-based or firmware-based processing device, e.g. an ASIC, PLD, FPGA, or other specialized processing hardware for dynamically generating security instructions 510 based on parameter data 124 and/or security request 504. Additionally or alternatively, security module 508 can be a software module for dynamically generating security instructions 510, in response to a security request 504.

In some embodiments, security instructions 510 can be data representative of a desired security feature, such as for example an image of the desired security feature or printing instructions for forming the desired security feature. Additionally or alternatively, security instructions 510 can include, for example, PDL instructions describing the desired security feature. Additionally or alternatively, security instructions 510 can include a response code, for example, a response code for conveying an error status to printer 120. In some embodiments, the response code received in security instructions 510 is displayed via the user interface 125 and user input is solicited, such as to address a specific error.

Some embodiments of system 500 thus provide improved functionality or functionality previously unavailable, facilitating the printing of secure physical documents with dynamically generated embedded security features, where the functionality of generating and/or embedding security features resides on a security appliance externally connected to a printer. Some examples of the present disclosure further eliminate the need for computing devices to be directly connected to the security appliance when printing a secure physical document. Some examples of the present disclosure provide increased security for manufacturers of printers and for security feature generation algorithms or processes, as pre-processor hardware and/or software is not in the physical possession of the end user of the system and may be remotely located from the computing device 102 and printer 120.

Turning to FIG. 6, a flowchart describing an exemplary method of preparing a document with at least one hidden security feature is shown. The method 600 shown here is an illustrative embodiment describing the use of color coding in a source document 104 to select covert security features. The security features, described herein as hidden or covert, may not be completely invisible to the naked eye. They may be printed in such a way that they are not readily visible when looking at a document. Other methods of selecting material in a source document 104 such as pattern recognition (for example, identifying fields such as XXX-XX-XXXX as a social security number to be secured), application of a template (for example, identifying a certain section of a document as a signature block to be secured), or other mechanisms for identifying data in a document to be secured may be used with the present disclosure. In this embodiment, step 602 defines colors to be used to identify security features. As further disclosed in U.S. Provisional Patent Application No. 61/555,843, colors used for identification of security features may be selected by slightly altering the value of a commonly used color to create a similar, but unique, color for tagging fields to be secured in a document. For example, in a system using an RGB color scheme, the color Red=255, Green=0, Blue=255, (magenta) can be defined to indicate the selection of a security feature with a latent image and associated viewer, as described in U.S. patent application Ser. No. 11/741,394, titled “Document with Linked Viewer File for Correlated Printing,” and/or the PRISM product. In another example, the color Red=0, Green=255, Blue=255 (cyan) can be defined to indicate the selection of an anti-copying security feature as described in U.S. patent application Ser. No. 11/744,840, titled “Security Enhanced Print Media with Copy Protection,” incorporated by reference herein in its entirety, and/or the PANTOGRAPH product, and/or U.S. Pat. No. 7,982,917, titled “Document Containing Scanning Survivable Security Features,” incorporated by reference herein in its entirety. In some embodiments, multiple colors are used in combination within the same document to select multiple security features. In some embodiments, colors are supplemented with other identification methods to select additional security features.

In step 604, fields or areas of the source document 104 are highlighted in the color associated with the security feature to be generated. For example, the highlighting may be performed directly by a user editing the document, for example a user may select a menu command, via the input/output module 105, within a document editing software application, or by an automated software process running on processor 107. In step 606, a request to print the source document 104 is received, causing the document to be sent to a filtering routing, such as a print driver 106, and queued for processing. Next, in step 608, the source document 104 is converted into printing instructions 110. In some embodiments, printing instructions 110 are a tagged file format such as XML Paper Specification (“XPS”).

In step 610, the tagged file format is searched for tags specifying an indicator, such as a color, that indicates a requested security feature. In some embodiments, the search is performed by searching an XPS document for brush, fill, or stroke tags. Upon finding a tagged area indicating a requested security feature, in step 612, the area is analyzed to determine if it is an image or text. In some embodiments discussed above, this analysis is performed by a firmware module on the printer 120 such as 122, 408, or 502. In other embodiments discussed above, this analysis is performed on a driver software module 202 or 302. In embodiments using XPS format, the analysis will include performing a check to identify XPS images or glyphs. If the area to be secured is text, that text is converted into an image in step 616. In some embodiments this is performed using, for example, XPS glyph manipulation. Alternatively, if the area to be secured is an image, step 614 is performed to convert the image to a bitmap image. In some embodiments this is performed using, for example, XPS image manipulation.

In step 618, the resulting image from either step 614 or 616 is used to create an image with a desired security feature. The security feature is applied to the image using the appropriate parameter data 124 for the particular feature desired, as disclosed in prior applications cited herein. For example, in some embodiments, foreground and background line screens are applied according to image/security generation parameters 124C, which provide data for a foreground line screen type, frequency, angle, and density as well as associated background line screen type, frequency, angle, and density that is used to prepare the secure image. In step 620, the security image created in the prior step is inserted into the tagged document in place of the original tagged text or image to create printing instructions containing security indicia 126. At this point, in step 622, the printing instructions containing security indicia 126 can be sent to a printer 120 for printing the document 130 with the included security feature 132. In some embodiments, if certain of the above steps are performed on a printer 120, such as by a pre-processor firmware module 122, the printing instructions containing security indicia 126 are sent to a RIP module 128 for printing a secure physical document 130 with the requested security feature, now embedded in the document as embedded security feature 132. Additionally or alternatively, in some embodiments, the printing instructions containing security indicia 126 are converted to another format for printing, such as PCL, Postscript, or other printing format, prior to being sent to the printer 120 and/or RIP module 128. In some embodiments, instead of immediately printing, the printing instructions containing security indicia 126 are converted to an alternative digital format for storage and/or later printing. For example, the printing instructions containing security indicia 126 may be converted to PDF format or .DOCX format.

Some embodiments of method 600 thus provide improved functionality or functionality previously unavailable, facilitating the preparation of secure physical documents with dynamically generated embedded security features, while allowing for sufficient flexibility to support a variety of source document types, computing devices 102 and printers 120. Additionally, some embodiments provide the benefit of using the existing capabilities of print driver 106 such that a replacement print driver is not required.

Turning to FIG. 7A, a document 700A is shown. Document 700A is an exemplary source document 104 containing fields with medical information for a patient. In field 701A, the patient's name is provided. Field 702A contains a contact number for the patient. Field 704A contains the patient's social security number. Field 706A contains insurance information. Field 708A identifies the date of the last medical visit. Field 710A is a listing of current medications. Field 712A is a barcode allowing for quick scanning of certain information in the document 700A.

In this example, it is desired add embedded security features to fields 704A, 708A, 710A, and 712A. Therefore, as shown in FIG. 7B, these fields are edited to modify and/or add color tags or other tags associated with a security feature, by either modifying content in the document 700A to change the colors associated with particular document fields or by adding additional content to document 700A. As discussed above, this modification process can be manually performed by a user, for example, using a keyboard, mouse, or touchscreen to provide input, via the input/output module 105, to an application running on processor 107. Additionally or alternatively, the modification process can be performed automatically using pattern recognition techniques or other methods, such as pattern recognition software executing on processor 107.

For the purposes of this disclosure, the drawings are rendered in black and white, and therefore color tagging is not readily apparent. Accordingly, in order to distinguish the security colors used in FIG. 7B, the text is underlined, boldfaced, or italicized to indicate the use of three different security colors in the document. Specifically, field 704B is shown in underline to indicate that this field containing social security data has been modified to apply a first color. Additionally, field 708B is shown in bold to indicate that this field containing prior visit information has been modified to apply a second security color. Field 710B is italicized to indicate that it has been modified to apply a third security color. Although not visually evident, Field 712B has been modified to apply an electronic, non-visible tag based on a pattern recognition capability.

FIG. 7C shows the resulting secure physical document 130 with embedded security features 132. Secure physical document 130 is prepared by applying the capabilities of the present disclosure to the source document 104, such as adding color coding and other tags as shown in FIG. 7B to indicate selection of various security features. In document 700C, security features 132 has been applied to fields 704C, 708C, 710C, and 712C according to parameter data 124. The security features added to document 700C are not readily visible to the naked eye, but for illustrative purposes the fields in FIG. 7C have been enhanced to show the presence of the hidden security features. In field 704C, the recognition of the first color in field 704B has resulted in the application of a PANTOGRAPH background containing a latent image (such as a repeating image of the word “COPY”) in field 704C. The latent image, which is not visible to the naked eye, allows any reproductions of the document to be easily identified, as a reproduction will cause the latent image in 704C to become readily apparent in the reproduced document. Thus, the security feature 132 allows the content of field 704C to be verified as original.

In field 708C, the recognition of the second color in field 708B has caused the system to apply a second security feature, which in this example is also the PANTOGRAPH feature but with an alternative latent image using symbols and/or text to identify a non-original document (such as, for example, a repeating image of the word “VOID”). The latent image is not readily apparent in field 708C but will become apparent in any reproduction of the document.

In field 710C, the recognition of a third color corresponds with the application of another security feature. In this example, the security feature applied is PRISM. As described in prior applications referenced above, the PRISM security feature uses a decoding lens 714C that reveals a latent image in field 710C. Without the decoding lens 714C, the contents of field 710C are not visible to the naked eye. Thus, in the example shown here, the medication information contained in field 710C can only be viewed when using the associated decoding lens 714C.

In field 712C, a non-visible tag in field 712B has caused the system to apply a barcode security feature, such as the barcode security feature previously described in U.S. Provisional Patent Application 61/654,082 incorporated herein by reference in its entirety. The application of the security feature to the barcode interrupts or disturbs the barcode to prevent scanning of the barcode, if an attempt is made to reproduce the barcode, for example, by making a copy of field 712C.

Thus, the document 700C contains multiple embedded security features 132, allowing for verification and/or authentication of information in a document 130.

ALTERNATIVE EMBODIMENTS

In addition to the embodiments described above, the present disclosure includes the following embodiments.

One example embodiment has a system for dynamically generating at least one hidden security feature for securing information within a document. The system includes a computing device communicatively coupled to a printing device. The printing device is configured to receive printing instructions from the computing device. Responsive to receiving printing instructions, the printing device is configured to generate one or more hidden security features. Additionally, the printing device is further configured to modify the printing instructions to include at least one of the one or more hidden security features. After modifying the printing instructions, the printing device is configured to print a document containing the at least one or more hidden security features.

Another example embodiment has a system for adding security indicia to a document. The system includes a computing device communicatively coupled to at least one print driver. The system also includes a processing device associated with the print driver. The processing device is communicatively coupled to a raster image-processing module. The processing device is configured to receive printing instructions from the print driver of the computing device. Responsive to receiving printing instructions, the processing device is configured to process parameter data to add at least one security indicia to the printing instructions. Next, the processing device is configured to send the printing instructions with the at least one security indicia to the raster image-processing module for printing a document containing at least one embedded security feature according to the printing instructions.

Yet another embodiment includes a method for printing a document with an embedded security feature. The method includes receiving print instructions including directions for printing a document. Additionally, the method includes receiving parameter data including customization data for generating at least one embedded security feature. Once the parameter data is received, the method includes generating at least one embedded security feature using the parameter data. Additionally, the method includes creating modified printing instructions by integrating the at least one embedded security feature with the printing instructions. Once the printing instruction is modified, the method includes sending the modified printing instructions containing the embedded security feature to a raster image-processing module. From the raster image-processing module, the method includes printing the document with the embedded security feature, via the raster image-processing module, according to the modified printing instructions.

Embodiments also include a system for inserting security information into a document. The system incorporates computing device configured to deliver page description language (PDL) instructions for printing a document. The system also includes a processor communicatively coupled to the computing device and a processor-readable media storing instructions. Additionally, the system includes a raster image-processing module communicatively coupled to the processor. The processor is configured to execute the instructions stored in the processor-readable media. The instructions include receiving the PDL instructions from the computing device and receiving parameter data containing a description of a security feature. After parameter data is received, the instructions include generating a security feature according to the parameter data. Additionally, the instructions include modifying the page description language instructions to include the security feature. Finally, the instructins include sending the modified page description language instructions including the security feature to the raster image-processing module.

Another embodiment discloses a system for dynamically generating at least one hidden security feature for securing information within a document. The system includes a printing device having a pre-processor firmware module and a raster image-processing module. The computing device communicatively coupled to the printing device. The pre-processor firmware module is configured to receive a request for printing a document from the computing device. The pre-processor firmware module is further configured to both (i) process parameter data relating to the document and (ii) generate at least one hidden security feature based on the parameter data. Additionally, the pre-processor firmware is configured to supply information to the raster image-processing module sufficient to print the document with the at least one hidden security feature.

Further embodiments include a printing device for dynamically generating at least one hidden security feature to be printed on a printed document. The printing device includes a communication port configured to be communicatively coupled to a computing device. The printing device also includes a processor communicatively coupled to the communication port. The processor is configured to receive printing instructions from the computing device and generate one or more hidden security features. After generating the hidden security features, the processor is configured to modify the printing instructions to include at least one of the one or more hidden security features. Additionally, the printing device includes a printing module configured to receive the modified printing instructions and to print indicia. The printed indicia are based on the modified printing instructions and contain the at least one or more hidden security features.

Other embodiments may include a computing device for adding security indicia to a document image. The computing device includes at least one print driver communicatively coupled to a processor. Additionally, the computing device includes a raster image-processing module communicatively coupled to the processor. The processor is configured to receive both (i) printing instructions from the print driver and (ii) parameter data. The processor is further configured to generate at least one security feature and add at least one security feature to the printing instructions. The processor is configured to generate the security feature is based at least in part on the parameter data. Additionally, the raster image-processing module is configured to (i) receive the printing instructions with the at least one security feature and (ii) generate raster image for printing including a security indicia. The raster image may be communicated to a printer for printing. The raster image having the security indicia incorporated therein.

Embodiments also include a method for printing a document with an embedded security feature. The method includes receiving print instructions including directions for printing a document and receiving parameter data including customization data for generating at least one embedded security feature. Based on the parameter data, the method includes generating at least one embedded security feature. Additionally, the method includes creating modified printing instructions by integrating the at least one embedded security feature with the printing instructions. Further, once the modified printing instruction is created, sending the modified printing instructions containing the embedded security feature to a raster image-processing module. Finally, the method includes printing a document with the embedded security feature, via the raster image-processing module, according to the modified printing instructions.

Additional embodiment includes a system for dynamically generating at least one hidden security feature for securing information printed on a document. The system involves a printing device comprising a pre-processor firmware module and a raster image-processing module. The system also includes a computing device communicatively coupled to the printing device. The pre-processor firmware module is configured to receive a request for printing a document from the computing device, process parameter data relating to the document, and generate at least one hidden security feature based on the parameter data. Additionally, the pre-processor firmware module is also configured to supply information to the raster image-processing module sufficient to print the document with the at least one hidden security feature.

Additional embodiment include a networked device for dynamically generating at least one hidden security feature for securing information printed on a document. The networked device includes a security processing module and a network interface. The system also includes a computing device communicatively coupled to the networked device. The security processing module is configured to receive a request for printing a document via the network interface, process parameter data relating to the document, and generate at least one hidden security feature based on the parameter data. Additionally, the security module is also configured to supply information to the raster image-processing module sufficient to print the document with the at least one hidden security feature. The raster image-processing module may be collocated with the network device. However, the raster image-processing module may also be communicatively coupled to the networked device via the networked device's network interface.

Many functions described herein may be implemented in hardware, firmware, or software. Further, software descriptions of the disclosure can be used to produce hardware and/or firmware implementing the disclosed embodiments. According to some embodiments, software and/or firmware may be embodied on any known non-transitory computer-readable medium having embodied therein a computer program for storing data. In the context of this disclosure, computer-readable storage may be any tangible medium that can contain or store data for use by, or in connection with, an instruction execution system, apparatus, or device. For example, a non-volatile computer-readable medium may store software and/or firmware program logic executable by a processor to achieve one or more of the functions described herein in connection with FIGS. 1-7. Computer-readable storage may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of computer-readable storage would include but are not limited to the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. Further, although aspects of the present disclosure have been described herein in the context of a particular implementation in a particular environment for a particular purpose, those of ordinary skill in the art will recognize that its usefulness is not limited thereto and that the present disclosure can be beneficially implemented in any number of environments for any number of purposes.

In view of the exemplary systems described above, methodologies that may be implemented in accordance with the described subject matter will be better appreciated with reference to the various figures. For simplicity of explanation, the methodologies are depicted and described as a series of acts. However, acts in accordance with this disclosure can occur in various orders and/or concurrently, and with other acts not presented and described herein. Furthermore, not all illustrated acts may be required to implement the methodologies in accordance with the disclosed subject matter. In addition, those skilled in the art will understand and appreciate that the methodologies could alternatively be represented as a series of interrelated states via a state diagram or events. Additionally, it should be appreciated that the methodologies described in this disclosure are capable of being stored on an article of manufacture to facilitate transporting and transferring such methodologies to computing devices.

Although some of various drawings illustrate a number of logical stages in a particular order, stages which are not order dependent can be reordered and other stages can be combined or broken out. Alternative orderings and groupings, whether described above or not, can be appropriate or obvious to those of ordinary skill in the art of computer science. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.

The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to be limiting to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the aspects and its practical applications, to thereby enable others skilled in the art to best utilize the aspects and various embodiments with various modifications as are suited to the particular use contemplated.

	Number	Date	Country
Parent	PCT/US2012/062918	Nov 2012	US
Child	13836796		US

System and Method for Printing Documents Containing Dynamically Generated Security Features

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

US Classifications

International Classifications

Abstract

Description

Claims

CROSS-REFERENCE TO RELATED APPLICATIONS

Provisional Applications (1)

Continuation in Parts (1)