Method and apparatus for authenticating a document

US 6,111,953 A
Filed: 05/21/1997
Issued: 08/29/2000
Est. Priority Date: 05/21/1997
Status: Expired due to Term

First Claim

Patent Images

1. A device for indicating and verifying the authenticity of a document using data appearing on the document, the device comprising:

an input device for receiving document identification data from the document when indicating the authenticity of the document, wherein at least a portion of the identification data is specific to the document and identifies the document, and for receiving the document identification data and encrypted authentication data from the document when verifying the authenticity of the document;

a computing device, including a cryptographic processor and a memory, coupled to said input device to receive a first signal representing the document identification data when both indicating and verifying the authenticity of the document, and to also receive a second signal representing the encrypted authentication data when verifying the authenticity of the document and, in accordance with instructions in the memory, to perform a first cryptographic operation based on the document identification data to produce encrypted authentication data unique to the document when indicating the authenticity of the document, and to perform a second cryptographic operation based on the encrypted authentication data to produce decrypted authentication data and to perform a comparison of the decrypted authentication data with the document identification data when verifying the authenticity of the document;

a first output device, coupled to said computing device, for affixing a representation of the encrypted authentication data on the document when indicating the authenticity of the document; and

a second output device, coupled to said computing device, for displaying information regarding the authenticity of the document based on the comparison when verifying the authenticity of the document.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is described whereby a document may be authenticated by an issuer thereof and verified by a recipient. Data from the document, at least a portion of which is specific to the document and identifies the document, is input to an authenticating device using an input device. A computing device, including a cryptographic processor and a memory, is coupled to said input device and receives a signal representing the data. The computing device performs a cryptographic operation based on the data to produce encrypted authentication data unique to the document. An output device is coupled to the computing device and affixes a representation of the authentication data on the document. A similar device, including a display device, is used to input the encrypted data, perform a cryptographic operation to decrypt the data, and compare the decrypted data with document identification data to verify the document. Encryption and decryption are performed using a private key/public key pair.

154 Citations

61 Claims

1. A device for indicating and verifying the authenticity of a document using data appearing on the document, the device comprising:
- an input device for receiving document identification data from the document when indicating the authenticity of the document, wherein at least a portion of the identification data is specific to the document and identifies the document, and for receiving the document identification data and encrypted authentication data from the document when verifying the authenticity of the document;
  
  a computing device, including a cryptographic processor and a memory, coupled to said input device to receive a first signal representing the document identification data when both indicating and verifying the authenticity of the document, and to also receive a second signal representing the encrypted authentication data when verifying the authenticity of the document and, in accordance with instructions in the memory, to perform a first cryptographic operation based on the document identification data to produce encrypted authentication data unique to the document when indicating the authenticity of the document, and to perform a second cryptographic operation based on the encrypted authentication data to produce decrypted authentication data and to perform a comparison of the decrypted authentication data with the document identification data when verifying the authenticity of the document;
  
  a first output device, coupled to said computing device, for affixing a representation of the encrypted authentication data on the document when indicating the authenticity of the document; and
  
  a second output device, coupled to said computing device, for displaying information regarding the authenticity of the document based on the comparison when verifying the authenticity of the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. A device according to claim 1, wherein the memory is configured for storing a device identification, and a representation of the device identification is included in the encrypted authentication data.
  - 3. A device according to claim 1, wherein said computing device is configured to be resistant to tampering.
  - 4. A device according to claim 1, wherein said computing device is configured to show evidence of tampering.
  - 5. A device according to claim 1, wherein the first cryptographic operation includes a one-way function.
  - 6. A device according to claim 1, wherein the first cryptographic operation includes encryption with an encryption key.
  - 7. A device according to claim 6, wherein the encryption key belongs to an asymmetric cryptographic protocol.
  - 8. A device according to claim 6, wherein the encryption key belongs to a symmetric cryptographic protocol.
  - 9. A device according to claim 6, wherein the encryption key is stored in the memory and is specific to the device.
  - 10. A device according to claim 6, wherein the encrypted authentication data includes a digital certificate for distribution of a public key to be used to decrypt the encrypted authentication data.
  - 11. A device according to claim 1, wherein said computing device is configured to receive a time signal, and a representation of the time signal is included in the encrypted authentication data.
  - 12. A device according to claim 11, further comprising a clock for generating the time signal.
  - 13. A device according to claim 11, further comprising a signal receiver for receiving the time signal from an external source.
  - 14. A device according to claim 11, wherein the memory stores a device identification, and a representation of the device identification is included in the encrypted authentication data.
  - 15. A device according to claim 1, wherein said computing device is configured to receive a datum for use with a challenge-response protocol.
  - 16. A device according to claim 15, wherein said input device is configured to input the datum to said computing device.
  - 17. A device according to claim 15, further comprising a number generator for supplying the datum as a random number.
  - 18. A device according to claim 1, wherein said first output device is a printer.
  - 19. A device according to claim 18, wherein the printer is configured for producing a dot-based output.
  - 20. A device according to claim 18, wherein the printer is configured for producing a character-based output.
  - 21. A device according to claim 18, wherein the printer is configured for producing a barcode.
  - 22. A device according to claim 18, wherein the printer is configured for printing the representation of the encrypted authentication data on a label and affixing the label on the document.
  - 23. A device according to claim 1, wherein said first output device is configured for encoding the representation of the encrypted authentication data as a digital representation on a magnetic medium affixed to the document.
  - 24. A device according to claim 1, wherein said input device is a keyboard.
  - 25. A device according to claim 1, wherein said input device is configured to scan a portion of the document.
  - 26. A device according to claim 1, wherein the second cryptographic operation includes decryption with a decryption key.
  - 27. A device according to claim 26, wherein the decryption key belongs to an asymmetric cryptographic protocol.
  - 28. A device according to claim 26, wherein the decryption key belongs to a symmetric cryptographic protocol.
  - 29. A device according to claim 26, wherein the decryption key is stored in the memory and is specific to the device.
  - 30. A device according to claim 26, wherein the decryption key is a public key obtained from a publicly accessible database, and said input device is configured to input the decryption key to said computing device.
  - 31. A device according to claim 1, wherein said computing device is configured to produce a time signal based on the decrypted authentication data.
  - 32. A device according to claim 1, wherein said computing device is configured to produce a device identification based on the decrypted authentication data.
  - 33. A device according to claim 1, wherein said computing device is configured to perform a challenge-response protocol based on the decrypted authentication data.

34. A device for indicating and verifying the authenticity of a document using data appearing on the document, the device communicating through a communication port with a computing apparatus that reads document identification data when indicating authenticity of the document and reads document identification data and encrypted verification data from the document when verifying authenticity of the document, the device comprising:
- a cryptographic processor, coupled to the communication port, for receiving a first signal representing the document identification data when both indicating and verifying the authenticity of the document and for receiving a second signal representing the encrypted authentication data when verifying the authenticity of the document and, in accordance with instructions in the memory, performing a first cryptographic operation based on the document identification data to produce encrypted authentication data unique to the document when indicating the authenticity of the document, and to perform a second cryptographic operation based on the encrypted authentication data to produce decrypted authentication data and to transmit a third signal representing the decrypted authentication data to the computing apparatus when verifying the authenticity of the document.
- View Dependent Claims (35)
- - 35. A device according to claim 34, further comprising an output device, coupled to the communication port, for affixing a representation of the encrypted authentication data on the document when indicating authenticity of the document.

36. A method of using a device for indicating and verifying the authenticity of a document using data appearing on the document, comprising the steps of:
- determining whether the device is being used for indicating or verifying the authenticity of the document;
  
  inputting document identification data from the document to a computing device including a cryptographic processor, at least a portion of the data being specific to the document and identifying the document and, when verifying authenticity, also inputting encrypted authentication data from the document to the computing device;
  
  performing a first cryptographic operation on the document identification data with the cryptographic processor to produce encrypted authentication data unique to the document when indicating authenticity, and performing a second cryptographic operation on the encrypted authentication data to produce decrypted authentication data and performing a comparison of the decrypted authentication data with the document identification data when verifying authenticity; and
  
  affixing a representation of the encrypted authentication data on the document when indicating authenticity and displaying information regarding the authenticity of the document based on the comparison when verifying authenticity.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 37. A method according to claim 36, wherein the first cryptographic operation includes a one-way function.
  - 38. A method according to claim 36, wherein the first cryptographic operation includes encryption with an encryption key.
  - 39. A method according to claim 38, wherein the encryption key belongs to an asymmetric cryptographic protocol.
  - 40. A method according to claim 38, wherein the encryption key belongs to a symmetric cryptographic protocol.
  - 41. A method according to claim 38, wherein said performing a first cryptographic operation step further comprises a step of including in the encrypted authentication data a digital certificate for distribution of a public key to be used to decrypt the encrypted authentication data.
  - 42. A method according to claim 36, further comprising the steps of:
    - inputting a time signal to the computing device;
      
      generating a representation of the time signal by the computing device; and
      
      including the representation of the time signal in the encrypted authentication data.
  - 43. A method according to claim 36, further comprising the step of including a device identification in the encrypted authentication data.
  - 44. A method according to claim 36, further comprising the steps of:
    - inputting a datum for use with a challenge-response protocol to the computing device; and
      
      performing the challenge-response protocol.
  - 45. A method according to claim 36, wherein said affixing step comprises printing the representation of the encrypted authentication data on the document.
  - 46. A method according to claim 36, wherein said affixing step comprises printing the representation of the encrypted authentication data on a label and affixing the label on the document.
  - 47. A method according to claim 36, wherein said inputting step comprises scanning a portion of the document.
  - 48. A method according to claim 36, wherein the second cryptographic operation includes a one-way function.
  - 49. A method according to claim 48, wherein the second cryptographic operation includes decryption with a decryption key.
  - 50. A method according to claim 49, wherein the decryption key belongs to an asymmetric cryptographic protocol.
  - 51. A method according to claim 49, wherein the decryption key belongs to a symmetric cryptographic protocol.
  - 52. A method according to claim 49, wherein said performing a second cryptographic operation step further comprises a step of deriving from the encrypted authentication data a digital certificate to obtain a public key to be used to decrypt the encrypted authentication data.
  - 53. A method according to claim 36, wherein said performing a second cryptographic operation step further comprises the steps of:
    - deriving a time signal from the encrypted authentication data; and
      
      including a representation of the time signal in the decrypted authentication data.
  - 54. A method according to claim 36, further comprising the steps of:
    - deriving a device identification from the encrypted authentication data; and
      
      including the device identification in the decrypted authentication data.
  - 55. A method according to claim 36, wherein said inputting step comprises scanning a portion of the document.
  - 56. A method according to claim 36, wherein said displaying information step comprises displaying an indication of the authenticity of the document using a display device connected to the computing device.
  - 57. A method according to claim 36, wherein said displaying information step comprises displaying the decrypted authentication data using a display device connected to the computing device.

58. A device for verifying a document using document data appearing on the document, the device comprising:
- an input device for receiving document identification data and encrypted authentication data from the document;
  
  an output device for displaying information regarding authenticity of the document in accordance with document verification data;
  
  a first communication device, coupled to said input device and to said output device, for transmitting a first signal representing the document identification data and a second signal representing the encrypted authentication data and for receiving a signal representing the document verification data;
  
  a second communication device, located remotely from said first communication device and communicating therewith, for receiving the first signal and the second signal from said first communication device and for transmitting the signal representing the document verification data to said first communication device;
  
  a computing device coupled to said second communication device, said computing device including a cryptographic processor and a memory, to receive the first signal and the second signal from said second communication device, to perform a cryptographic operation based on the authentication data in accordance with instructions in the memory to produce decrypted authentication data, to perform a comparison of the decrypted authentication data with the document identification data, to produce document verification data based on the comparison, and to generate the signal representing the document verification data.

59. A computer readable medium in which is stored computer readable code to be executed by a computer, said computer readable code performing a method comprising the steps of:
- determining whether document authenticity is being indicated or verified;
  
  inputting data from the document, at least a portion of the data being specific to the document and identifying the document and, when verifying authenticity, also inputting encrypted authentication data from the document; and
  
  performing a first cryptographic operation on the identification data to produce authentication data unique to the document when indicating authenticity, and performing a second cryptographic operation on the encrypted authentication data to produce decrypted authentication data and comparing the decrypted authentication data with the document identification data when verifying authenticity.

60. A non-cryptographic device for remotely verifying the authenticity of a document using data appearing on the document, comprising:
- an input device for receiving identification data and encrypted authentication data from the document;
  
  a communication device, coupled to the input device, for transmitting a first signal representing the identification data and a second signal representing the encrypted authentication data to a remote central controller, and for receiving a third signal representing document verification data from the central controller, the document verification data being produced by the central controller by performing a cryptographic operation based on the encrypted authentication data and the identification data; and
  
  an output device for displaying information regarding the authenticity of the document in accordance with the document verification data.

61. A method for remotely verifying the authenticity of a document using data appearing on the document, comprising the steps of:
- inputting identification data and encrypted authentication data from the document;
  
  transmitting a first signal representing the identification data and a second signal representing the encrypted authentication data to a remote central controller;
  
  receiving a third signal representing document verification data from the central controller, the document verification data produced by the central controller by performing a cryptographic operation based on the encrypted authentication data and the identification data; and
  
  displaying information regarding the authenticity of the document in accordance with the document verification data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Inventor Holdings LLC (Walker Innovation Inc. (f/k/a Patent Properties, Inc.))
Original Assignee
Walker Digital LLC (Walker Innovation Inc. (f/k/a Patent Properties, Inc.))
Inventors
Jorasch, James A., Schneier, Bruce, Walker, Jay S.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/859,722
Time in Patent Office

1,196 Days
Field of Search

380/23, 380/25, 380/30, 380/51, 380/55, 705/67, 713/179
US Class Current

380/51
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Method and apparatus for authenticating a document

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

61 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for authenticating a document

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

61 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others