Digital authentication with analog documents
First Claim
1. Apparatus which authenticates a digital representation from which an analog form may be made, the apparatus comprising:
- an authenticator which uses semantic information in the digital representation that will be present in the analog form to produce first authentication information; and
an incorporator which incorporates the first authentication information into the digital representation such that the first authentication information is preserved in the analog form and the semantic information remains useful in the analog form to produce second authentication information which is comparable to the first authentication information, whereby the first authentication information may be retrieved from the analog form and compared with the second authentication information produced from the semantic information in the analog form to determine authenticity of the analog form.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques for protecting the security of digital representations, and of analog forms made from them. The techniques include authentication techniques that can authenticate both a digital representation and an analog form produced from the digital representation, an active watermark that contains program code that may be executed when the watermark is read, and a watermark agent that reads watermarks and sends messages with information concerning the digital representations that contain the watermarks. The authentication techniques use semantic information to produce authentication information. Both the semantic information and the authentication information survive when an analog form is produced from the digital representation. In one embodiment, the semantic information is alphanumeric characters and the authentication information is either contained in a watermark embedded in the digital representation or expressed as a bar code. With the active watermark, the watermark includes program code. When a watermark reader reads the watermark, it may cause the program code to be executed. One application of active watermarks is making documents that send messages when they are operated on. A watermark agent may be either a permanent resident of a node in a network or of a device such as a copier or it may move from one network node to another. In the device or node, the watermark agent executes code which examines digital representations residing in the node or device for watermarked digital representations that are of interest to the watermark agent. The watermark agent then sends messages which report the results of its examination of the digital representations. If the watermarks are active, the agent and the active watermark may cooperate an the agent may cause some or all of the code than an active watermark contains to be executed.
-
Citations
51 Claims
-
1. Apparatus which authenticates a digital representation from which an analog form may be made, the apparatus comprising:
-
an authenticator which uses semantic information in the digital representation that will be present in the analog form to produce first authentication information; and
an incorporator which incorporates the first authentication information into the digital representation such that the first authentication information is preserved in the analog form and the semantic information remains useful in the analog form to produce second authentication information which is comparable to the first authentication information, whereby the first authentication information may be retrieved from the analog form and compared with the second authentication information produced from the semantic information in the analog form to determine authenticity of the analog form. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
the incorporator incorporates the authentication information in a form which cannot be perceived by unaided observation of the analog form.
-
-
3. The apparatus set forth in claim 2 wherein:
the form which cannot be perceived is a digital watermark.
-
4. The apparatus set forth in claim 1 wherein:
the incorporator incorporates the first authentication information into the digital representation in a form which can be perceived by unaided observation of the analog form.
-
5. The apparatus set forth in claim 4 wherein:
the form which can be perceived is a bar code.
-
6. The apparatus set forth in any one of claims 1 through 4 wherein:
the first authentication information is a digest made from the semantic information.
-
7. The apparatus set forth in any one of claims 1 through 4 wherein:
the first authentication information is robust with regard to insubstantial errors in reading the semantic information from the analog form.
-
8. The apparatus set forth in claim 7 wherein:
the first authentication information reflects at least in part an order of the semantic information.
-
9. Apparatus for determining authenticity of an analog form, the analog form containing first authentication information that is produced using semantic information present in the analog form and that is incorporated into the analog form such that the semantic information remains useful in the analog form to produce second authentication information which is comparable to the first authentication information,
the apparatus comprising: -
a semantic information recognizer that recognizes the semantic information in the analog form;
an authentication information reader that reads the first authentication information from the analog form; and
an authenticator that computes the second authentication information from the recognized semantic information and determines whether the analog form is authentic by comparing the first authentication information with the second authentication information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
the authentication information is incorporated in a form which cannot be perceived by unaided observation of the analog form.
-
-
11. The apparatus set forth in claim 10 wherein:
-
the form is a digital watermark; and
the authentication information reader is a digital watermark reader.
-
-
12. The apparatus set forth in claim 9 wherein:
the first authentication information is incorporated in a form which can be perceived by unaided observation of the analog form.
-
13. The apparatus set forth in claim 12 wherein:
-
the form is a bar code; and
the authentication information reader is a bar code reader.
-
-
14. The apparatus set forth in any one of claims 9 through 13 wherein:
the first authentication information is a digest made from the semantic information.
-
15. The apparatus set forth in any of claims 9 through 13 wherein:
the authenticator computes the second authentication information in a fashion which is robust with regard to insubstantial errors made by the semantic information recognizer.
-
16. The apparatus set forth in claim 15 wherein:
the authenticator compares the first authentication information with the second authentication information such that a partial match within a threshold indicates that the analog form is authentic.
-
17. The apparatus set forth in claim 15 wherein:
the first and second authentication information reflect at least in part an order of the semantic information.
-
18. The apparatus set forth in any one of claims 9 through 13 wherein:
the authenticator compares the first authentication information with the second authentication information in a manner which is robust with regard to insubstantial errors made by the semantic information recognizer.
-
19. The apparatus set forth in claim 18 wherein:
-
the semantic information is subject to constraints; and
the authenticator includes an error corrector that employs the constraints to correct errors in the recognized semantic information and uses the corrected recognized semantic information to recompute the second authentication information when there is not a precise match between the first authentication information and the second authentication information.
-
-
20. The apparatus set forth in any one of claims 9 through 13 wherein:
the analog form is produced from a digital representation that includes the first authentication information.
-
21. The apparatus set forth in any of claims 9 through 13 wherein:
-
the analog form is a document;
the semantic information includes alphanumeric characters in the document; and
the semantic information recognizer is an optical character recognizer.
-
-
22. The apparatus set forth in claim 21 wherein:
the document is paper digital cash.
-
23. The apparatus set forth in claim 21 wherein:
the document is a paper digital check.
-
24. The apparatus set forth in claim 21 wherein:
the document is an identification document.
-
25. A scanner characterized in that:
the scanner employs the apparatus set forth in claim 21 to determine authenticity of analog forms scanned by the scanner.
-
26. The apparatus set forth in claim 9 wherein:
-
the analog form is a document;
the semantic information includes alphanumeric characters in the document;
the semantic information recognizer includes an optical character recognizer; and
the document includes a background image in addition to the alphanumeric characters, the first authentication information being incorporated into the background image in a form which cannot be perceived by unaided observation.
-
-
27. The apparatus set forth in claim 26 wherein:
the first authentication information is incorporated into the background image as a digital watermark.
-
28. The apparatus set forth in claim 27 wherein:
the document is paper digital cash wherein the semantic information includes a serial number for the digital cash and a money amount.
-
29. The apparatus set forth in claim 27 wherein:
the document is a digital check wherein the semantic information includes an identifier for the bank account, an amount to be paid, and the name of the payer.
-
30. The apparatus set forth in claim 29 wherein:
the first authentication information is encrypted with a private key belonging to the payer, whereby the payer signs the semantic information.
-
31. The apparatus set forth in claim 27 wherein:
the document is an identification document, the identification document being issued by an issuing authority and the semantic information including identification information.
-
32. The apparatus set forth in claim 31 wherein:
the first authentication information is encrypted with a private key belonging to the issuing authority, whereby the issuing authority signs the semantic information.
-
33. The apparatus set forth in claim 31 wherein:
the identification document is a bankcard and the institution that issues the bankcard is the issuing authority.
-
34. The apparatus set forth in any one of claims 28 through 33 wherein:
the first authentication information is a first digest made from the semantic information and the second authentication information is a second digest made from the recognized semantic information.
-
35. The apparatus set forth in claim 34 wherein:
the authenticator determines whether the analog form is authentic by determining whether the second digest exactly matches the first digest.
-
36. The apparatus set forth in claim 35 wherein:
the first and second digests are made using a one-way hash function.
-
37. An optical scanning device characterized in that:
the optical scanning device employs the apparatus set forth in any one of claims 26 through 33 to determine authenticity of a document scanned thereby.
-
38. A method of authenticating a digital representation from which an analog form may be made,
the method comprising the steps of: -
producing first authentication information from semantic information in the digital representation that will be present in the analog form; and
incorporating the first authentication information into the digital representation such that the first authentication information is preserved in the analog form and the semantic information remains useful in the analog form to produce second authentication information which is comparable to the first authentic information, whereby the first authentication information may be retrieved from the analog form and compared with the second authentication information produced from the semantic information in the analog form to determine authenticity of the analog form.
-
-
39. A method of determining authenticity of an analog form, the analog form containing first authentication information that is produced using semantic information present in the analog form and that is incorporated into the analog form such that the semantic information remains useful in the analog form to produce second authentication information which is comparable to the first authentication information, the method comprising the steps of:
-
recognizing the semantic information in the analog form;
reading the first authentication information;
computing second authentication information from the recognized semantic information; and
determining whether the analog form is authentic by comparing the first authentication information with the second authentication information. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
the analog form is a document;
the semantic information includes alphanumeric characters in the document;
the document includes a background image in addition to the alphanumeric character, the first authentication information being incorporated into the background image in a form which cannot be perceived by unaided observation;
in the step of recognizing the semantic information, the semantic information is recognized by an optical character recognizer; and
in the step of reading the first authentication information, the first authentication information is read from the background image.
-
-
41. The method set forth in claim 40 wherein:
the first authentication information is incorporated into the background image as a digital watermark.
-
42. The apparatus set forth in claim 41 wherein:
the document is paper digital cash wherein the semantic information includes a serial number for the digital cash and a money amount.
-
43. The apparatus set forth in claim 41 wherein:
the document is a digital check wherein the semantic information includes an identifier for the bank account, an amount to be paid, and the name of the payer.
-
44. The apparatus set forth in claim 43 wherein:
the first authentication information is encrypted with a private key belonging to the payer, whereby the payer signs the semantic information.
-
45. The apparatus set forth in claim 41 wherein:
the document is an identification document, the identification document being issued by an issuing authority and the semantic information including identification information.
-
46. The apparatus set forth in claim 45 wherein:
the first authentication information is encrypted with a private key belonging to the issuing authority, whereby the issuing authority signs the semantic information.
-
47. The apparatus set forth in claim 45 wherein:
the identification document is a bankcard and the institution that issues the bankcard is the issuing authority.
-
48. The apparatus set forth in any one of claims 42 through 47 wherein:
-
the first authentication information is a first digest made from the semantic information; and
in the step of computing the second authentication information, the second authentication information is a second digest computed from the recognized semantic information.
-
-
49. The apparatus set forth in claim 48 wherein:
the step of determining whether the analog form is authentic determines whether the second digest exactly matches the first digest.
-
50. The apparatus set forth in claim 49 wherein:
the first and second digests are made using a one-way hash function.
-
51. An optical scanning device characterized in that:
the optical scanning device employs the method set forth in any one of claims 40 through 47 to determine authenticity of a document scanned thereby.
Specification