Not Applicable
Not Applicable
Billions of parcels of parcels are shipped by train, truck, ship, and air each year. Boxes, bags, and containers in thousands of variations that have been in use for many years for protecting the parcels during transit from point of origin to intermediate transfer points and a final destination. They are continually enhanced to provide for secure parcel delivery; offering additional protection from pilferers and thieves as well damage from rodents, water ingress, and the like. Since the terrorist attacks on Sep. 11, 2001, there has been emphasis on preventing parcels from malicious tampering by persons who would intentionally introduce explosives and other dangerous substances into a parcel during transit. Inspection equipment such as Geiger counters, x-ray machines, and electromagnetic wave generators have been utilized to detect such malicious tampering.
The present invention is in the technical field of mathematical forensics. Since the early 20th century, fingerprint detection and analysis has most likely been one of the most common and important forms of forensic investigation. More crimes have probably been solved with fingerprint evidence than for any other reason. Image identification is the process of comparing two instances of recorded digital data of the edges of coloration in photographic impressions.
More particularly, the present invention is in the technical field of protecting parcels from tampering during shipment and storage by processing digital imagery data of patterns formed by surrounding a parcel with media made according to the present invention.
The invention also relates to a system for creating unique exemplar image data for a computer-implemented method. In a best embodiment, the exemplar image data is encrypted and assigned to an identifier that comprises a public key. When a subsequent second image data is produced, a computer algorithm retrieves the exemplar image data and compares the data versus subsequent second image data and provides a measure of the likelihood of tamper.
Prior art involve, but are not limited to, physical security using locked metal containers, tension wrapping with plastic and taking weight measurements at locations of transfer and inspection. At locations enroute, some of the common inspection techniques involve scanning with ultrasound, x-ray, millimeter radar, and electromagnetic waves. In other methods, swabs are taken which are tested in chemical spectroscopy machines. These means are expensive and offer only point-inspection. A means is needed to provide less expensive, yet effective, detection during the entire shipment.
Other prior-art rely on diverse protection from tamper by using breakable devices such as adhesive strips, mechanical locks, radio frequency identification (RFID) tags which communicate to a computer network and RFID tag readers, or metal threads. These methods are expensive to implement and not sufficiently comprehensive to assure detection.
For example, in U.S. Pat. No. 8,294,577, Deak presents using stressed magnetoresistive tamper detection devices mounted with respect to a protected structure so as to have corresponding stress changes occur therein in response to selected kinds of tamperings.
In another example, U.S. Pat. No. 8,388,025 to Mrocki et al presents a strip for tamper evidencing that has a first layer and one or more reinforcing layers. An adhesive selectively adheres the first portion of the strip such that removal or attempted removal of the first portion of the strip from the second portion of the strip will be evidenced by the first layer.
U.S. Pat. No. 8,031,069 to Cohn, et al describes a tamper-proof electronic security seal, which includes a bolt, a locking element, and an electronic seal element. In response to a severing of the shank with the sensor inserted therein, the control unit is operative to activate the communications means to emit an alarm signal.
U.S. Pat. No. 8,274,389 to Teeter teaches a disposable and tamper-resistant radio frequency identification (RFID) lock that employs an RFID tag, use of tamper-evident housing, and disabling an RFID tag contained in the housing cutting, crushing, or puncturing the RFID tag.
All these wonderful techniques are costly and currently humans visually inspect for damage or tampering of small mail and parcels. In part, this is due to the fact that the transportation supply chain is complex and complicated.
Perhaps the most relevant prior art is related to automated forensic fingerprint authentication systems used to permit entry into a secured area. There are different types of fingerprint readers on the market, but the basic idea behind each is to measure the physical difference between ridges and valleys of the current print against other prints on file.
The nature of this invention is a system, either fixed or portable, for detecting tamper of parcels such as, without limitation, a bag, a carton, an envelope, a tube, a shipping container, and a pallet, by using digital image analyses to uniquely identify the untampered state of parcels and performing further identification enroute to destination. Currently, humans visually inspect for damage or evidence of tampering. The process of the current invention uses a similar digital approach, wherein the Bayesian inverse modeling algorithm models the distance between the features of the birth certificate image and the features of the current image at a resolution high enough to determine tamper. Bayesian methods are well established and a list of publically available references is included herein and is included by this reference in their entirety.
Significant advances by manufacturers are driving down processor and sensor costs and size. This availability of wide-range of low-cost, small-footprint sensors such as, but not limited to, dopant-filled granules, fragments of fluorescent media, provides the ability to protect goods in transit with exciting new context-aware applications in a mobile embedded system that is either self-contained or linked to the internet “cloud.” Today's sensor-based context-aware subsystems mimic in many aspects how humans analyze situational content. For example, precision image sensors are commercially available that capture digital images with pixels having consistent resolution and fidelity as environmental conditions change. The current patent anticipated these advancements and teaches an embedded system or permanently installed system utilizing these sensors to measure integrity and safety risk of goods in storage and transit by effective use of sensor data and optimized decision-making that integrate and analyze data quickly and process into usable tamper information.
According to J. Wrigley in “Building Power-Efficient, Context-Aware Mobile Systems,” (cited in the list of Non Patent Documents), a mobile embedded system can use the core application processor to capture and manage the sensor data and execute algorithms. For embodiment of the current patent, the sensor data are package images and the algorithms include tamper algorithms. Or, a mobile embedded system can offload the sensor data to another computer for execution of a tamper algorithm.
The approach taught in the current patent is particularly attractive in context-aware tamper detection applications, which, by definition, must be prompt; collecting information from multiple sensors in parallel and in real time with devices available today that consume less than one miliwatt while collecting data from each sensor at near-zero latency for a more accurate tamper response.
Most persons have seen the bright colors caused when rocks containing fluorescent particles are exposed to stimulating rays of ultraviolet (UV) “black light” lamps, perhaps in an amusement park or in a natural science exhibit, while in ordinary light, the rocks are a quite different color. The present invention uses recognition of the patterns caused by spectral emissions from responsive media at a controlled wavelength in a media deposed conformally encapsulating an object or the packaging material of the object for storage or shipment. The flexibility of the sensitized media forms a skin-like wrapper surrounding a parcel destined for shipment. This flexibility during application results in two patterns never being exactly alike in every detail. In fact, over time, even two digital images recorded after each other from the same wrapper will be slightly different.
The current patent teaches an automated image identification process that determines whether the exemplar “birth certificate” digital recording of coloration of a parcel made, encapsulated according to the current patent, is sufficiently comparable to the image data of the same protected parcel taken at a subsequent time.
Automated fingerprint methods can be grouped into two major categories: solid-state fingerprint readers and optical non-contact or touchless 3D scanners that acquire detailed 3D information. The latter category aligns to the present invention. 3D scanners take a digital approach to the analog process of pressing or rolling the finger. By modeling the distance between neighboring points, the fingerprint can be imaged at a resolution high enough to record all the necessary detail. The present invention is also based on a touchless approach by modeling the distance between neighboring points at a resolution high enough to record all the necessary detail.
The current patent teaches parcel tamper identification, which, like an automated finger print identification system, involves an expert computer algorithm for comparing images operating under threshold scoring rules, determining whether a digital data of induced color impression is likely originated from the data of the induced color impression of same wrapper when first applied.
The present invention describes a system and methods for enabling secure parcel delivery by encapsulation within conformally deposed bags or sheets that are constructed with entrained or externally deposed with artifacts doped with chemicals that respond to light waves of a particular range of wavelength. In a low-cost embodiment, swirls of aniline food-grade fluorescing dye added during manufacturing of polymer film would provide the adequate response to stimulating rays. Another alternative to creating the sensitized media is to embed microcapsules filled with fluorescent materials within.
Creating an image that is sufficiently unique to detect tamper using the technique of the present invention is not difficult because the factors causing uniqueness include, without limitation, disposition pressure, thermal sensitivity of the media, pliability of the media, types of dopants, size and types of residues, randomness of the residues, and use of identifier symbols. Other important factors contributing to uniqueness are the starting point for application of the media and the friction coefficient of the surface to which it is applied. These are just some of the various factors that can cause an embodiment to appear differently from any known recording of the same media on the same edges. Indeed, the conditions surrounding every instance of deposition are unique and never duplicated.
A digital recording of induced fluorescent coloration in stimulating rays, which, without limitation, includes ultraviolet light, will have additional edges than a recording made in ordinary light because of the changes induced by the stimulating rays.
The induced fluorescence could be produced, without limitation, by an ink with encapsulated particles that fluoresce, or a combination of fluorescent inks, fragments, filaments, and symbols on an opaque background or in a translucent media. If the media is transparent, as often is the case with polymers, the fluorescent artifacts can be within or under the media. The coloration of the artifacts in normal light form a “patent print” or “plastic print” that is viewable with the un-aided eye, as well as a “latent print” invisible to the naked eye until exposed to a certain wavelength of stimulating rays, such as a certain wavelength of ultraviolet light.
The current patent teaches the use of known digitally recorded exemplars deliberately taken at the time of packaging as the baseline digital data. Said exemplar image data will include several individual images of data collected at several different spatial locations so that the portions of the images collected overlap and span all surfaces.
The operation of the invention is: 1) digitally recording spectral images of the initial exemplar image data taken from a plethora of perspective views that span the surface of the volume, 2) storing the exemplar image data with an identifier; and 3) performing a statistical comparison of differences between the current image data versus the birth certificate data and making a determination of the cause of the difference, which, if slight, could be typical. If the difference is significant, it could have resulted from load stress or other natural causes as well as intentional tamper. In the case of parcels in transit, the comparison would be made at waypoints enroute.
Various embodiments of the invention are disclosed in the following detailed description and accompanying drawings.
The principles of digitized spectral (photograph) images are well known. Each image is comprised of a matrix of m×n cells called pixels. Each pixel has a numerical value that represents the darkness of the point in the image the pixel represents and, additionally, a color.
The theory and principles of producing fluorescent materials includes doping media with dopants that produce light at a second wavelength when illuminated by light of a first wavelength.
The terms “residue” and “artifact” used herein refers to particles, strips, strands, fragments and dyes that are employed to produce the digital image data produced by the present invention.
The term, “image registration,” refers to orienting the image by finding edges or centroid markers or other identifiers.
A “Cloud Environment” is a term used to describe a network of associated computers that perform services as needed, when needed.
A “Cloud Processor” is a computer of any type.
RFID tags are devices widely used in tracking the whereabouts of valuable goods shipped by air, sea and ground. In reducing this patent to practice, a commercially available active RFID tag with an embedded processor and battery was used to record and process information as well as communicate wirelessly to a cloud environment. A global positioning system (GPS) tracking device is often included to provide precise information about time and location. The Mar. 14, 2014 USA Today newspaper reported that the 2014 Travel Goods Association show in Phoenix exhibited GPS tracking devices that track everything from wallets to checked bags. Active RFID tags with GPS are widely used in tracking commercial shipment of parcels. The embedded processors get their power from small batteries or solar energy, or kinetic energy.
Bayesian Exemplar Recognition algorithms detect changes (anomalies) by performing differential analyses. In the current patent, the data of the “as packaged” image is subtracted from the data in an image taken at the waypoint or destination. Cuts, tears, and holes will cause significant differences. The significant differences are flagged for further analyses and alerts.
The following is a detailed description of exemplary embodiments to illustrate the principles of the invention. The embodiments are provided to illustrate aspects of the invention, but the invention is not limited to any embodiment. The scope of the invention encompasses numerous alternatives, modifications and equivalent; it is limited only by the claims.
Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. However, the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.
Referring now to
Referring again to
Referring now to
Referring again to
Referring now to
Referring again to
Referring now to
Referring again to
Referring now to
Referring again to
Referring now to
Referring again to
There are options to creating a unique pattern. As one of many possible examples, the sensitized filaments and markers can be laid onto or into the substrate 17 to create bags, sheets, or tubes to surround packages as well as containers for packages. For example, cardboard shipping boxes can have the doped sensitized media added to the outer surfaces. An additional outer soft or hard transparent layer can be used for extra strength.
A person familiar with preparing goods for shipment would appreciate that the technique of the current invention is scalable from small packages to large rail and sea cargo containers.
Referring now to
Referring again to
Referring now to
Referring again to
Referring now to
Referring again to
Referring yet again to
Referring now to
Referring again to
Referring now to
Referring now to
Referring now to
Referring again to
The following is a detailed description describing exemplary embodiments to illustrate the principles of the invention. The embodiments are provided to illustrate aspects of the invention, but the invention is not limited to any embodiment. The scope of the invention encompasses numerous alternatives, modifications and equivalent; it is limited only by the claims.
Numerous specific details are set forth in the figures and description are provided in order to provide a thorough understanding of the invention and how to practice the invention. However, the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured. References are cited that provide detailed information about electrical systems, unsafe conditions of electrical systems, and approved techniques for implementing protection systems.
Several approaches are described herein and they may be used together or independently. In alternatives, certain aspects of each approach or combination may be omitted.
In a first approach, the apparatus for automatically authenticating the parcel and algorithm means to trust that the parcel is un-tampered and is safe. Alternatively, the apparatus can add additional levels of trust at each waypoint.
In a second approach, a method is presented for validating the integrity of the shipped object during transit. The method attempts to detect tampering of the parcel by any violation of the integrity of the parcel encapsulation.
In a third approach, an automated method is presented for validating the integrity of a shipped object at waypoints during transit. The method attempts to detect tampering of the parcel by any violation of the integrity of the parcel encapsulation.
In one alternative, data relating to the parcel is securely identified on the encapsulation and can be accessed and validated at checkpoints along the delivery path. For example, each agent in the shipping path may obtain parcel data and verify the parcel is untampered. In another alternative, each agent adds to a list of related data records as the validated parcel travels from agent to agent along the route.
The current patent is a system for determining that a parcel is tampered. The system comprises wrapping, encapsulating or enclosing the parcel with media emitting a unique signature when exposed to certain stimulating photons, such as ultraviolet light. A processor is configured to record a data comprising a parcel identifier and digitized birth image data obtained by using a camera or other imaging device when said parcel is exposed to stimulating photons.
Data relating to the parcel comprises the identifier, digitized image, size, weight, and density of the parcel. Parcel measurement systems are known and not described in detail herein. In an alternative approach, a response signature from a second or third UV spectrum related to the parcel is stored as related parcel data. For example, the parcel response to a 400-ångström UV source is stored. A similar source may then be used at the destination or along the path to verify that the same signature securely stored with the parcel is received. Other UV spectra may be utilized, including but not limited to 300 ångströms and 500 ångströms.
The response signature is collected by simultaneous cameras that provide optical non-contact or touchless detailed digitized 3D optical information at a resolution high enough to record all the necessary detail.
Once collected, the identifier data and birth image data is communicated to an attached embedded processor, if any, and a cloud computer wherein the parcel birth data is stored encrypted with a public key.
A person with ordinary skill in data security techniques would appreciate that techniques such as replication, authentication, non-repudiation, and secure transmission are well known, as are methods for computerized pattern identification in digital images and probabilistic risk assessment.
At a shipping station, an optical reader may be used to read parcel identification fields or other data on a parcel. A scale with digital output can be used for providing automated weight information. A parcel computer record is created including, but not limited to, a parcel identifier (ID), time and date, and shipper information (such as name, origin, account number, address, and parcel destination information).
As the parcel moves from the origin through transfer points to a final destination, it is inspected for tamper using a system comparable to or compatible with the system that created the birth certificate data. The system enroute to the destination scans or otherwise obtains the identifier, produces a current image data of the parcel. The enroute system communicates the identifier to the attached embedded processor, if any, or a cloud processor, which retrieves the parcel birth certificate data, decrypts the data, executes a tamper processing step—comparing the birth certificate data with the current parcel data, stores the result of the tamper processing step, and sends the result of the tamper processing step with public key to one or more recipient addresses for awareness of the integrity of the parcel.
An advantage of including a cloud computer in the architecture is that if the embedded processor is confounded for some reason, the tamper determination can be accomplished by another processor configured to perform the tamper processing step after obtaining a copy of the package birth certificate data from a trusted replicated database.
In broad embodiment, the present invention describes illustrative embodiments of a system and method for parcel shipment including tamper detection. The embodiments are illustrative and not intended to present an exhaustive list of possible configurations. Where alternative elements are described, they are understood to fully describe alternative embodiments without repeating common elements whether or not expressly stated to so relate. Similarly, alternatives described for elements used in more than one embodiment are understood to describe alternative embodiments for each of the described embodiments having that element.
In any of the embodiments described herein, additional data should logically include, but not be limited to, the digital imaging system parameters including the imaging device identification, information about the images such as pixels per frame, and description of the spectral characteristics of the stimulating rays used to locally illuminate the parcel so that the same spectral characteristics are used in making a subsequent second digital image. In addition, information about the spatial location of the image device used in producing the birth certificate data and their orientation will assist in making computerized comparisons that assess and identify any tamper.
The described embodiments are illustrative and the above description may indicate to those skilled in the art additional ways in which the principles of this invention may be used without departing from the spirit of the invention. Accordingly, the scope of each of the claims is not to be limited by the particular embodiments described.
While the foregoing written description of the invention enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill will understand and appreciate the existence of variations, combinations, and equivalents of the specific embodiment, method, and examples herein. The invention should therefore not be limited by the above described embodiment, method, and examples, but by all embodiments and methods within the scope and spirit of the invention.
Low cost and ease of use is very important because of the huge volume of goods shipped every day and the number of points of origination. In a preferred embodiment the packages would be mass produced with government approved embossed or embedded fluorescent media that are naturally safe and are fluorescent or doped to respond to the stimulating rays. If not mass produced, a second preference would be typical commercial polymer film, of the type used to wrap foods, embossed or embedded with naturally safe fluorescent artifacts as the wrapping media. Another low cost alternative would be bags of typical polymer film used to encapsulate foods that would have embedded or embossed fluorescent artifacts, either naturally occurring or which are doped to respond to stimulating rays. In a preferred embodiment, the choice of dopant is selected for fluorescing in yellow, red, green or other color when exposed to stimulus rays such as ultraviolet rays.
In a preferred embodiment, the packaging for encapsulating letters and small parcels would be mass-produced and would not require shrink-wrapping. However, shrink-wrapping with thermally sensitive polymer film can be accomplished by momentary heating with infrared heaters or hot air ducts to achieve a tight conformal coating. For example, several security stickers imprinted with UV-responsive ink would provide means for triangulation to orient digital images taken with cameras during exposure to the UV light.
In a preferred embodiment, the sources of stimulating rays would be selected for low cost, broad availability and stability.
In a preferred embodiment, the imaging devices would be low cost and commercially available.
In a preferred embodiment, the cloud environment would be secure, protected from tampering to assure that the package image data is not compromised. Additionally, the data would be encrypted.
In a preferred embodiment, the digital data of images can be scanned or captured by cameras or other non-contact imaging devices that provide non-contact or touchless detailed digitized optical information at a resolution high enough to record all the necessary detail and the images would be collected from perspectives of the entity surfaces. In a preferred embodiment, several imaging devices would be positioned to assure full coverage with minimal overlapping coverage so that all portions of the surface are recorded.
In a preferred embodiment, security symbols on or in the media would provide reference for triangulation to register first images for comparison with first images taken during transit. The digitized image data associated with the parcel is such that a change in the spectral parameters can be detected once the images are oriented. In a further embodiment, the entity parameters include physical dimensions, such as weight, and the related data is secured using cryptographic techniques, such as spaying a pattern with UV-sensitized ink.
In a preferred embodiment, the parcel would be tested for tamper at each waypoint along the route to destination, as well as at the final destination, to assure knowing a parcel is tampered or not.
In a preferred embodiment, the computer algorithm for determining tamper involves empirically measuring the deviations of measurements of a subsequent second image data from the same locations in initial digital image data.
In a preferred embodiment, the algorithm employed in digital processing involves using commercially available software that provides inverse models for classifying and identifying the probability (likelihood) of differences in image data. Mathematicians are in general agreement that there are two approaches, 1) Frequentist and 2) Bayesian. The Frequentist approach is called “Frequentist” because it is concerned with the frequency with which one expects to observe assumed fixed data, given the development of some hypothesis about the population. This supports the best determination of P(D|H), i.e., the probability P of the data D, given the hypothesis H, within a model. Frequentist methods currently employ commercially available software libraries to perform the inverse method. The Frequentist approach accounts for the situation where if a comparative study is repeated, the data might come out differently); and hypotheses as deterministic (either true or false); i.e., makes a statement about the hypothesis (“the parcel has a tamper”) with respect to the data. In a Frequentist approach, the data is evaluated to determine which outcome is the case. Frequentist analysis does not determine that there is no tamper. Rather, it uses abductive logic that identifies that the data are inconsistent with the hypothesis that the system has no tamper. In order to estimate the likelihood of the tamper (i.e., the probability that the hypothesis, “there is a tamper” is true), the analyst is forced to use a Bayesian inverse modeling approach that treats the data as fixed (these are the only data available) and hypotheses as random (the hypothesis might be true or false, with a nondeterministic probability between 0 and 1).
In a preferred embodiment, a Bayesian approach is appropriate when the parameters are likely to change over time due to stresses of a dynamic system, which logically includes dynamic shipping systems with distributed temporal delays, loading and unloading, in multiple transport domains and conditions.
In fingerprint analyses, the numerical values of pixels in the matrix of the image set are used to identify loops, whorls, and other features in the fingerprint. It is intuitive that digital image data of parcels according to the present invention for identifying tamper can be similarly searched and classified to locate reference points for orientation of digital image data.
In a preferred embodiment, locator symbols are included in the parcel media design. By having the locator symbols, the analytic procedure can locate a feature or centroid as point of reference. However, if locator symbols or other reference points are not used, the tamper algorithm can use image data to locate surrogate reference points by searching the pixel values for one or more patterns in the birth certificate image data.
In accordance with the current patent, when damage or tampering occurs, portions of the media are displaced, causing changes in the pattern of illumination in the proximity of the tamper or damage. In a preferred embodiment, the process for probabilistically identifying tamper or not is to employ a search algorithm such as, but not limited to, a Frequentist model, that begins a starting point and calculates statistical differences in the digital values of the pixels in the birth certificate digital image data and the matching cell or proximal pixel in the matrix of current image data. Areas wherein pixel values in several proximal cells exhibit substantial difference from values in the birth certificate image pixels will, according to deterministic inverse model theory, assess the probability of a match given the differences in values, providing basis to calculate the likelihood of tamper.
The descriptions of the drawings have illustrated how the tamper detection system works as a mobile system for continuous tamper situation awareness with an embedded device, as well as without an embedded device utilizing stations at the point of origin, at transfer points, and a destination.
In a preferred embodiment for a non-embedded system for identifying parcel tamper, the system comprises creating a protective parcel by encapsulating a good with media purposely constructed to produce a unique signature when the media is exposed to stimulating photons from a light source. Image sensors, controlled by a first processor, produce pixel images of surfaces of the parcel comprising a parcel identifier data and a parcel image data. A second processor in communication with the first processor is configured to execute algorithms for receiving the parcel data and recording the data and identifier data in a database. In a preferred embodiment, the database is encrypted.
At a transfer point, a similar system records a second image data, comprising the parcel identifier data and a parcel image data. The processor at the transfer point retrieves said parcel birth image data assigned to the identifier, executes a tamper analysis on the parcel birth image data and second image data, and outputs a tamper status signal.
In a preferred embodiment for a mobile embedded system for identifying parcel tamper, the system is contained in the parcel having an embedded device that controls image sensors, which produce a birth data of said parcel comprising a parcel identifier data and a parcel birth image data. According to programming, the embedded device executes algorithms for 1) receiving the parcel birth data; 2) recording a second image data, comprising the parcel identifier data and a parcel image data, retrieving said parcel birth image data assigned to the identifier; and 3) a tamper analysis on the parcel birth image data and second image data and outputting a tamper status signal.
Tractability of the process is very important due to the size of the pixel matrix. To a person of average skill in employing statistical analyses, the analytic procedure to perform tamper detection would not be a challenging task. The Frequentist inverse method using differences can identify when the probability of tamper indication exceeds some threshold. Selection of the Bayesian procedure should be based on an optimization function over −i(cost)+v(information). This calculation should be informed by knowledge of the expected range of outcomes of the test in context, (i.e., how likely is it that the procedure will produce useful information in this context?).
In a preferred embodiment, the current patent would operate by employing an algorithm to quickly locate the boundaries of coloration in the digital image, and then employ a Frequentist method to efficiently inverse model the boundary areas. The hypothesis being the boundary area is in a healthy, untampered state, (P(Data|Untampered)). If there are areas that do not satisfy the health untampered criteria, shift to the Bayesian inverse method to traverse hypotheses of not-so healthy states to determine the probability of tamper given the data of (P(Data|Tampered)). In a preferred embodiment the process would, without limitation, follow the following algorithm:
Monitoring would be implemented using a matrix combination of indicators. There can be several indicators combined into a single indicator using a matrix approach: multiply the current value of each indicator by the Correlation Index (CI) between the indicator and a tamper and sum over all indicators.
Investigation of tamper would be implemented by a hypothesize-and-test loop of the type show below:
Loop
Until Terminate Condition=True
Terminating the hypothesize-and-test loop should depend on both the value of information expected and available user resources. There is a point of diminishing returns, and this point is reached when the next test is expected to produce only marginally useful information. The next test may also be unnecessary if the tamper is suspected to be marginal or if visual inspection is planned soon.
After the hypothesize-and-test loop is terminated, there will typically remain one-or-more hypotheses ranked by order of likelihood. At this point, it is then useful to calculate the level of risk based on a range of potential options or maintenance actions.
Calculation of confidence uses the Uncertain Bayes Network (UBN) approach that integrates uncertainty associated with lack of information. An Uncertain Bayes Network is a special case of a Bayesian Network with the additional property of representing uncertainty explicitly via the Dempster-Shafer theory of information. Uncertain Bayes Network's represent the lack of knowledge or noise attached to prior distributions, and propagate this uncertainty through the network. This allows us to consider likelihood of an event in combination with confidence that the likelihood is accurate.
Calculation of Total Risk is based on:
1) The hypothesis list
2) The probability of imminent risk given the tamper state
3) The cost of the risk
In calculating risk, start from a list of tamper hypotheses and their likelihoods. Also, estimate the probability of an imminent danger given each tamper state. The window for “imminent” is defined in practice by operational safety requirements. Given estimates of the cost of danger for each tamper state, then calculate Total Risk using the following two steps:
In a preferred embodiment, there is included a means to determine uncertainty which results from a combination of factors, missing evidence, belief in data sources, and the limitation of the inverse model designer's knowledge and rules. The Dempster-Shafer model considers sets of propositions about a domain of interest and assigns a belief measure to each an interval in which the degree of belief must lie. This belief measure ranges from zero, indicating no evidence of support, to one, denoting certainty. The plausibility of a proposition, also ranging between zero and one, is defined as one minus the belief of the proposition being false. Based on this assumption, evidence and the belief in an assumption are related. For example, if we have very strong belief that evidence is false, then its plausibility will be near zero.
The Uncertain Bayes Network approach is a specification of a Bayesian network in which variables that are not conditioned on any other variables (called leaf nodes in this implementation) can be treated essentially as a Dempster Shafer event. For these variables, one or more “experts” will provide one or more priors. Binary variables are assumed for simplicity. The priors will be in the form: P(X=T), P(X=F) where P(X=T)+P(X=F)<=1.0. This diverges from probability theory in that the probabilities do not have to sum to 1.0. Instead, the remainder (U=1−P(X=T)+P(X=F)) is the uncertainty factor. Essentially, an individual will provide his or her belief in the true and false states of a variable by providing mass for T and F. Any remaining value indicates a lack of knowledge about the state and is equivalent to the universal set TF. Thus, if a person has evidence that indicates that a tamper event is 40% likely and another piece of evidence that indicates that it is 30% unlikely, there is 30% gap that indicates uncertainty. Multiple sensors could also provide the evidence. Suppose that each of k sensors can provide positive evidence of an event. If a sensor is 100% certain about its observation, it will provide 1.0/k percent of the evidence to indicate an event. If all sensors are 100% certain, then the event is 100% likely to occur. However, if one or more of the k sensors is uncertain in its evidence, this does not necessarily mean that it is certain that the event will not Occur.
Any alternate beliefs in the state of a leaf node will be combined using Dempster's rule of combination. Dempster's rule of combination has the benefit of increasing confidence in an event when there is consensus in the event.
The internal nodes in the Uncertain Bayes Network act much like nodes in a Bayesian network. Each node conditioned on other nodes maintains a conditional probability table (CPT) indicating its probability given its parents. The conditional probability table must behave as Bayesian CPTs and does not need to represent the uncertainty. Inference proceeds as in a Bayesian network with the distinction that the uncertainty is propagated as well. In other words, if the beliefs for each variable's values do not add to 1.0, the distribution is not normalized. Therefore, the uncertainty is maintained only in a variable's posterior probability.
Consensus between multiple experts may counter the uncertainty, creating a natural representation of human reasoning. For instance, if a person is unsure of tamper, he or she might seek out evidence to support that fact—increasing our confidence in the fact once we find supporting evidence. Conflicting evidence is not handled well using Dempster's combining rule, however this can be addressed using a Factored Belief Aggregation approach taught in computer science textbooks.
The present invention has been described in terms of the preferred embodiment, and it is recognized that equivalents, alternatives, and modifications, aside from those expressly stated, are possible and within the scope of the appending claims. While the foregoing written description of the invention enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill in preparing goods for secure shipment will understand and appreciate the existence of variations, combinations, and equivalents of the specific embodiment, method, and examples herein. The invention should therefore not be limited by the above described embodiment, method, and examples, but by all embodiments and methods within the scope and spirit of the invention.
Thus, the present invention is not intended to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein and as defined by the following claims.
This application claims the benefit of Applicants' prior provisional application, No. 61/852,570, filed on Mar. 18, 2013, the content of which is incorporated herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
61852570 | Mar 2013 | US |