U.S. patent application number 10/686495 was filed with the patent office on 2004-09-16 for identification document and related methods.
Invention is credited to Bradley, Brett A., Brundage, Trent J., Durst, Robert T. JR., Hannigan, Brett T., Perry, Burt W., Rhoads, Geoffrey B., Sher-Jan, Mahmood, Stach, John, Weaver, Matthew M..
Application Number | 20040181671 10/686495 |
Document ID | / |
Family ID | 32111133 |
Filed Date | 2004-09-16 |
United States Patent
Application |
20040181671 |
Kind Code |
A1 |
Brundage, Trent J. ; et
al. |
September 16, 2004 |
Identification document and related methods
Abstract
The present invention provides methods and systems for
authenticating identification documents. We also teach an
identification document including two or more digital watermarks.
The watermarks correspond with each other or with indicia carried
by the identification document. The correspondence can be verified
to determine authenticity. We also provide digital watermark
detection methods and systems to identify the different watermarks
through embedded orientation components. We then focus watermark
message-decoding efforts on areas identified as likely including
watermark orientation components. In one implementation we provide
a watermark detection trigger to identify so-called legacy
documents. The trigger may indicate the presence or expected
absence of a digital watermark. In other implementations we provide
a versatile document authenticator to toggle between watermarking
and non-watermarking authentication processes depending on a
detection trigger.
Inventors: |
Brundage, Trent J.; (Tigard,
OR) ; Sher-Jan, Mahmood; (Lake Oswego, OR) ;
Weaver, Matthew M.; (Wilsonville, OR) ; Hannigan,
Brett T.; (Portland, OR) ; Bradley, Brett A.;
(Portland, OR) ; Stach, John; (Tualatin, OR)
; Perry, Burt W.; (Lake Oswego, OR) ; Durst,
Robert T. JR.; (Dunstable, MA) ; Rhoads, Geoffrey
B.; (US) |
Correspondence
Address: |
DIGIMARC CORPORATION
19801 SW 72ND AVENUE
SUITE 250
TUALATIN
OR
97062
US
|
Family ID: |
32111133 |
Appl. No.: |
10/686495 |
Filed: |
October 14, 2003 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60418762 |
Oct 15, 2002 |
|
|
|
60421254 |
Oct 25, 2002 |
|
|
|
60494709 |
Aug 12, 2003 |
|
|
|
60495236 |
Aug 13, 2003 |
|
|
|
60495373 |
Aug 14, 2003 |
|
|
|
Current U.S.
Class: |
713/176 |
Current CPC
Class: |
H04K 1/00 20130101; B42D
25/47 20141001; H04L 2209/608 20130101; H04N 2201/3235 20130101;
H04N 2201/327 20130101; H04N 1/32288 20130101; G06T 1/0028
20130101; G09C 5/00 20130101; G07F 7/08 20130101; H04N 1/32144
20130101; B42D 25/00 20141001; B42D 25/333 20141001; H04L 2209/56
20130101; B42D 25/23 20141001; G06Q 20/347 20130101; B42D 25/309
20141001; B42D 2035/34 20130101; G07D 7/0034 20170501; G06T
2201/0051 20130101; H04N 2201/3205 20130101; G06T 1/0071 20130101;
H04N 1/32304 20130101; H04L 2209/805 20130101; G07F 7/086 20130101;
H04N 2201/3233 20130101; G07F 7/12 20130101; H04N 1/32352 20130101;
B42D 25/20 20141001; G06Q 20/401 20130101; H04L 9/3231
20130101 |
Class at
Publication: |
713/176 |
International
Class: |
H04L 009/00 |
Claims
What is claimed is:
1. A security document comprising: a substrate; a first graphic
carried by the substrate, the first graphic conveying a
photographic image to human viewers thereof, the first graphic
being steganographically encoded to convey first plural bits of
data recoverable by computer analysis of said first graphic; and a
second graphic carried by the substrate, the second graphic
conveying a visual image to human viewers thereof, wherein the
second graphic is steganographically encoded to convey second
plural bits of data recoverable by computer analysis of said second
graphic; and wherein the steganographically encoded first plural
bits of data and the steganographically encoded second plural bits
of data cooperate to evidence authenticity of the security
document.
2. The document of claim 1 wherein the second graphic comprises at
least one of a background pattern, a background tint, an image, a
graphic design, a photographic image, line-art, a government seal
and an artistic design.
3. The document of claim 2 further comprising text printed on the
substrate.
4. The document of claim 3 wherein said first plural bits of data
and said second plural bits of data each correspond to at least a
part of said printed text.
5. The document of claim 1 wherein at least one of said first
plural bits of data and said second plural bits of data serves as
an index into a registry containing additional information.
6. The document of claim 5 wherein the additional information
comprises at least one of a photograph corresponding to the first
graphic, biometric information related to a person depicted in the
first graphic, and insurance coverage information.
7. The document of claim 1 wherein said steganographic encoding
does not visibly interrupt said first or second graphic.
8. The document of claim 1 further comprising steganographic
encoding to convey third plural bits, wherein the third plural bits
are designed to be lost or to predictably degrade when subjected to
predetermined signal processing.
9. The document of claim 1 wherein at least one of the first plural
bit and the second plural bits are designed to be lost or to
predictably degrade when subjected to predetermined signal
processing.
10. The document of claim 1 further comprising a magnetic stripe
including information.
11. The document of claim 10 wherein at least one of the
steganographically encoded first plural bits of data and the
steganographically encoded second plural bits of data cooperate
with the magnetic stripe information to verify authenticity of the
security document.
12. The document of claim 1, wherein the substrate comprises a
first side and a second side, and wherein the first graphic is
provided on the first side, and the second graphic is provided on
the second side.
13. The document of claim 1, wherein the first plural bits of data
and the second plural bits of data cooperate by including at least
a portion of redundant data.
14. The document of claim 1, wherein the first plural bits of data
and the second plural bits of data cooperate by including
corresponding data.
15. The document of claim 14, wherein the corresponding data also
corresponds with other data carried by the document.
16. The document of claim 1, wherein at least one of a portion of
the first plural bits of data and a portion of the second plural
bits of data comprises an issuer identifier.
17. A method of verifying the document of claim 16, comprising:
machine-reading at least one of the portion of the first plural
bits of data and a portion of the second plural bits of data to
obtain the issuer identifier, and handling a remaining portion of
at least one of the first plural bits of data and the second plural
bits of data in accordance with a predetermined format associated
with the issuer identifier.
18. The document of claim 1, wherein the substrate comprises at
least one of a laminate layer and a core layer.
19. The document of claim 1, wherein the substrate comprises a
laminate layer and a core layer.
20. The document of claim 1, wherein the steganographic encoding
comprises digital watermarking.
21. A method to detect swapping of first artwork from a first
identification document with second artwork from a second
identification document, the swapping resulting in the first
artwork being carried on the second identification document instead
of the second artwork, wherein the first artwork comprises a first
digital watermark embedded therein, and wherein the second
identification document comprises a second digital watermark
embedded in a first region, said method comprising: receiving scan
data associated with at least a portion of the first artwork and at
least a portion of the first region; analyzing the scan data to
detect the first digital watermark and the second digital
watermark; and comparing the first digital watermark with the
second digital watermark to detect swapping of the first artwork
with the second artwork.
22. The method of claim 21, wherein first digital watermark
comprises a first message and the second digital watermark
comprises a second message, and wherein said comparing step
compares at least a first portion of the first message with at
least a first portion of the second message thereby evidencing
swapping when the first portion and the second portion do not
correspond.
23. The method of claim 22, wherein the first artwork comprises at
least a portion of a photographic image of a bearer of the first
document, and the second artwork comprises at least a portion of a
photographic image an authorized bearer of the second
identification document.
24. The method of claim 21, wherein the second artwork comprises a
third watermark which is designed to coincide with the second
digital watermark.
25. The method of claim 24, wherein the third digital watermark
comprises a first message and the second digital watermark
comprises a second message, and wherein the first message and the
second message comprises redundant or corresponding
information.
26. A method to determine whether to authenticate an identification
document through a digital watermarking authentication process or
through an alternative authentication process, wherein the digital
watermark authentication process utilizes at least first and second
digital watermarks while the alternative authentication process
utilizes bearer or document specific information, and wherein the
identification document comprises a detection trigger, said method
comprises the steps of: receiving data corresponding to the
detection trigger; if the received data indicates an expected
presence of digital watermarks, analyzing optical scan data that
corresponds to the identification document to attempt to obtain
information conveyed by the first and second digital watermarks;
and if the information is obtained, cross-correlating at least some
of the information conveyed by the first digital watermark with at
least some of the information conveyed by the second digital
watermark, and providing a signal corresponding to a result of the
cross-correlation of the watermark information; and if the
information is not obtained providing a signal representing that
the identification document is considered suspect; and if the
received data indicates an expected absence of digital watermarks,
attempting to obtain the specific information from at least two
sources related to the identification document; and if the specific
information is obtained, cross-correlating the specific
information, and providing a signal corresponding to a result of
the cross-correlation of the specific information; and if the
specific information in not obtained, providing a signal
representing that the identification document is suspect.
27. The method of claim 26, wherein the trigger comprises a
document issue date.
28. The method of claim 26, wherein the trigger comprises a
document expiration date.
29. The method of claim 26, wherein the document comprises a
magnetic stripe, and wherein the trigger is stored by the magnetic
stripe.
30. The method of claim 26, wherein the document comprises
electronic circuitry, and wherein the trigger is stored in the
electronic circuitry.
31. The method of claim 26, wherein the document comprises a
machine-readable feature, and wherein the trigger is conveyed
through the machine-readable feature.
32. The method of claim 31, wherein the machine-readable feature
comprises a barcode.
33. The method of claim 26, wherein the trigger comprises a client
code.
34. The method of claim 33, wherein the trigger further comprises
at least one of a document issue date and a document expiration
date.
35. The method of claim 26, wherein the two sources comprise at
least two of printed text, magnetic memory, optical memory,
electronic circuitry, barcode and a remote database.
36. A security document comprising: a substrate; a first graphic
carried by the substrate, the first graphic conveying a
photographic image to human viewers thereof, the first graphic
being steganographically encoded to convey first plural bits of
digital data recoverable by computer analysis of said first
graphic; a second graphic carried by the substrate, the second
graphic conveying a visual image to human viewers thereof; and a
detection trigger; wherein the second graphic is steganographically
encoded to convey second plural bits of digital data recoverable by
computer analysis of said second graphic, wherein the
steganographically encoded first plural bits of digital data and
the steganographically encoded second plural bits of digital data
cooperate to verify authenticity of the security document, and
wherein the detection trigger serves to indicate a presence of
steganographic encoding.
37. The document of claim 36 wherein the second graphic comprises
at least one of a background pattern, a background tint, an image,
a graphic design, a photographic image, line-art, a government
seal, and an artistic design.
38. The document of claim 37 further comprising text printed on the
substrate.
39. The document of claim 38 wherein said first plural bits of
digital data and said second plural bits of digital data each
correspond to at least a part of said printed text.
40. The document of claim 36 wherein at least one of said first
plural bits of digital data and said second plural bits of digital
data serves as an index into a registry containing additional
information.
41. The document of claim 40 wherein the additional information
comprises at least one of a photograph corresponding to the first
graphic, biometric information related to a person depicted in the
first graphic, and insurance coverage information.
42. The document of claim 36 wherein said steganographic encoding
does not visibly interrupt said first or second graphic.
43. The document of claim 36 further comprising steganographic
encoding to convey third plural bits, wherein the third plural bits
are designed to be lost or to predictably degrade when subjected to
predetermined signal processing.
44. The document of claim 36 wherein at least one of the first
plural bit and the second plural bits are designed to be lost or to
predictably degrade when subjected to predetermined signal
processing.
45. The document of claim 36 further comprising at least one of a
magnetic stripe and barcode, wherein the at least one of the
magnetic stripe and bar code comprises data including the detection
trigger.
46. The document of claim 36, wherein the document further
comprises text printed thereon and the trigger comprises a
predetermined spatial distance between at least one of the first
graphic and second graphic and the text.
47. The document of claim 36, wherein the trigger comprises at
least one of a color of printed text, a computer-recognizable
spatial pattern and an identification document number.
48. The document of claim 36, wherein the trigger comprises
artwork.
49. The document of claim 48, wherein the artwork exhibits a
predetermined response in a spatial frequency domain.
50. The document of claim 36, wherein the substrate comprises a
laminate layer and a substrate layer.
51. The document of claim 50, wherein the trigger comprises the
laminate layer.
52. The document of claim 51, wherein the substrate comprises at
least one of laser engraving and embossing, and the trigger
comprises at least one of the laser engraving and embossing.
53. The document of claim 36, wherein the trigger comprises a
predetermined color located in a predetermined position on the
document.
54. The document of claim 36, wherein the document comprises text
and wherein the trigger comprises a predetermined font in which the
text is printed.
55. The document of claim 36, further comprising at least one of a
magnetic stripe and bar code, wherein the at least one of the
magnetic stripe and barcode comprises information including the
detection trigger, wherein the detection trigger comprises a
document issue date.
56. The document of claim 36, wherein the trigger comprises a
client code.
57. The document of claim 56, wherein the trigger further comprises
at least one of a document issue date and a document expiration
date.
58. A method of identifying portions of digital data, the digital
data corresponding to a printed document, the printed document
including first and second different areas conveying first and
second different digital watermarks, respectively, wherein the
first digital watermark includes a first orientation component and
the second digital watermark includes a second orientation
component, and wherein the identified portions of the digital data
are suspected to include digital watermark data, the method
comprising: segregating the digital data into a plurality of
widows; for each of the plurality of windows, determining an
orientation measure; grouping the windows based on orientation
measure; and selecting at least two of the groups based on at least
one of a number of windows assigned to a group and a collective
watermark strength for a group, wherein the windows within the
selected groups include the portions of the digital data that are
suspected to include digital watermark data.
59. The method of claim 58, wherein the two groups are
distinguished based on orientation measure.
60. The method of claim 58, wherein the orientation measure
comprises a relative scale and a relative rotation.
61. The method of claim 60, wherein the orientation measure further
comprises a relative translation.
62. The method of claim 58, further comprising analyzing only the
windows within the two groups to detect a watermark message.
63. The method of claim 58, wherein the printed document comprises
at least one of an identification document and a financial
document.
64. The method of claim 58, wherein the grouping comprises
generating a histogram.
65. The method of claim 64, wherein the histogram represents a
number of windows over given orientations.
66. The method of claim 64, wherein the histogram identifies
predominate watermark orientation components.
67. A method of identifying a first area and a second area of a
printed document that are likely to include, respectively, a first
digital watermark and a second digital watermark, wherein the first
digital watermark includes a first orientation component and the
second digital watermark includes a second orientation component,
the method comprising: receiving optically scanned image data that
corresponds with at least a portion of the printed document;
segmenting the image data into a plurality of image portions;
determining an orientation measure relative to a predetermined
orientation for each of the image portions; identifying the first
area by associating image portions having a first orientation
measure; and identifying the second area by associating image
portions having a second orientation measure.
68. The method of claim 67, wherein the first orientation measure
and the second orientation measure are each associated with a
relatively higher number of image portions when compared to other
orientation measures.
69. The method of claim 67, wherein the orientation measure
corresponds to a relative scale and a relative rotation.
70. The method of claim 67, wherein the printed document comprises
at least one of a financial document and an identification
document.
71. The method of claim 67, wherein the first orientation component
is embedded so as to represent a first orientation, and wherein the
second orientation component is embedded so as to represent a
second different orientation.
72. The method of claim 71, wherein the first orientation comprises
a first scale, and the second different orientation comprises a
second different scale.
Description
RELATED APPLICATION DATA
[0001] The present application claims the benefit of U.S.
Provisional Patent Application Nos. 60/418,762, filed Oct. 15,
2002, 60/421,254, filed Oct. 25, 2002, 60/494,709, filed Aug. 12,
2003, 60/495,236, filed Aug. 13, 2003 and 60/495,373, filed Aug.
14, 2003. Each of these patent documents is herein incorporated by
reference.
[0002] This application is also related to assignee's U.S. patent
application Ser. No. 09/945,244, filed Aug. 31, 2001 (published as
20020057823 A1), Ser. No. 09/503,881 (now U.S. Pat. No. 6,614,914),
Ser. No. 09/452,023 (now U.S. Pat. No. 6,408,082), Ser. No.
10/366,541, filed Feb. 12, 2003 (published as US 2003-0179903 A1),
Ser. No. 09/433,104, filed Nov. 3, 1999 (allowed), Ser. No.
10/032,282, filed Dec. 20, 2001 (published as US 2002-0114491 A1),
and Ser. No. 09/498,223, filed Feb. 3, 2000 (now U.S. Pat. No.
6,574,350), and U.S. Pat. No. 6,389,151. The Ser. No. 10/366,541
application is a grandchild of assignee's U.S. Pat. No. 5,841,886.
This application is also related to assignee's concurrently filed
U.S. patent application titled "DIGITAL WATERMARKING FOR
IDENTIFICATION DOCUMENTS" (Attorney Docket No. P0869--Inventors J.
Scott Carr, et al.). Each of these patent documents is herein
incorporated by reference.
FIELD OF THE INVENTION
[0003] The present invention relates to authenticating and securing
identification documents through digital watermarking.
BACKGROUND AND SUMMARY OF THE INVENTION
[0004] The use of identification documents is pervasive.
Identification documents are used on a daily basis--to prove
identity, to verify age, to access a secure area, to evidence
driving privileges, to cash a check, and so on. Airplane passengers
are required to show an identification document during check in,
and sometimes at security screening and prior to boarding their
flight. We also live in an ever-evolving cashless society.
Identification documents are used to make payments, access an
automated teller machine (ATM), debit an account, or make a
payment, etc. Many industries require that their employees carry
photo ID on the job.
[0005] For the purposes of this disclosure, identification
documents are broadly defined and may include, e.g., credit cards,
bank cards, phone cards, passports, driver's licenses, network
access cards, employee badges, debit cards, security cards, visas,
immigration documentation, national ID cards, citizenship cards,
social security cards, security badges, certificates,
identification cards or documents, voter registration cards, police
ID cards, border crossing cards, legal instruments or
documentation, security clearance badges and cards, gun permits,
gift certificates or cards, labels or product packaging, membership
cards or badges, etc., etc. Also, the terms "document," "card," and
"documentation" are used interchangeably throughout this patent
document. Identification documents are also sometimes
interchangeably referred to as "security documents," "ID
documents," "photo-IDs" and "photo ID documents".
[0006] With reference to FIG. 1, an identification document 10
includes a "card-shaped" substrate 21, historically made from a
material such as paper or plastic, but now even made from
synthetics such as Teslin.RTM.. (Teslin.RTM. is available from PPG
Industries, One PPG Place, Pittsburgh, Pa. 15272 USA).
Identification document 10 includes a photograph 14 and various
data 12, e.g., such as textual information, graphics, a
screened-back or hidden image, bar codes, biometric information
(e.g., a fingerprint), text information (e.g., name, address, birth
date, ID number, etc.), or the like. Of course both sides of
substrate 21 can receive printing or engraving. Other suitably
interchangeable features and materials are found, e.g., in
assignee's U.S. patent application Ser. No. 10/330,032, filed Dec.
24, 2002 (published as US 2003-0173406 A1), which is herein
incorporated by reference.
[0007] The printed substrate 21 is usually laminated. The laminate
typically includes a plastic, polyester or polycarbonate-based top
sheet 23 and bottom sheet 25 that respectively overlay the top and
bottom of the substrate 21. Heat and/or adhesives and pressure are
used to bond the laminate sheets 23 and 25 with the substrate 21.
Or a laminate can include a pouch into which the substrate 21
slips. Again, heat and/or adhesives and pressure are used to bond
the substrate 21 with a pouch laminate. The laminates provide a
protective covering for the printed substrate and provide a level
of protection against unauthorized tampering. (For example, a
laminate would have to be removed to alter the printed information
and then subsequently replaced after the alteration.). A laminate
layer 23 or 25 may optionally carry information like a card
bearer's signature or security features.
[0008] In some implementations, information may also be optically
or magnetically stored on recording media (e.g., magnetic stripe
27, or optical memory or electronic circuitry--not shown in FIG. 1)
carried by the laminate 25. Of course the recording media can be
alternatively carried by substrate 21 or laminate 23.
[0009] We note that the present invention encompasses ID documents
including more or less features and layers than are illustrated in
FIG. 1. Additional features may include graphics printed in dual
color optically variable ink, microprinting text, so-called "ghost
images," information and images printed in UV inks, and security
features such as those disclosed in, e.g., assignee's U.S. patent
application Ser. No. 10/170,223 (published as US 2003-0031340 A1),
which is herein incorporated by reference.
[0010] Identification documents can also include information such
as a bar code (e.g., which may contain information specific to the
person whose image appears in the photographic image, and/or
information that is the same from ID document to ID document),
variable personal information (e.g., such as an address, signature,
and/or birth date, biometric information associated with the person
whose image appears in the photographic image, e.g., a
fingerprint), a magnetic stripe (which, for example, can be on the
a side of the ID document that is opposite a side with a
photographic image), and various security features (e.g., a
security pattern like a printed pattern comprising a tightly
printed pattern of finely divided printed and unprinted areas in
close proximity to each other, such as a fine-line printed security
pattern as is used in the printing of banknote paper, stock
certificates, and the like). Of course, an identification document
can include more or less features.
[0011] Another example of an identification document is one
including a core layer (which can be pre-printed), such as a
light-colored, opaque material, e.g., TESLIN, which is available
from PPG Industries) or polyvinyl chloride (PVC) material. The core
can be laminated with a transparent material, such as clear PVC to
form a so-called "card blank". Information, such as variable
personal information (e.g., photographic information, address,
name, document number, etc.), is printed on the card blank using a
method such as Dye Diffusion Thermal Transfer ("D2T2") printing
(e.g., as described in commonly assigned U.S. Pat. No. 6,066,594,
which is herein incorporated by reference), laser or ink jet
printing, offset printing, etc. The information can, for example,
comprise an indicium or indicia, such as the invariant or
nonvarying information common to a large number of identification
documents, for example the name and logo of the organization
issuing the documents. Any known process capable of forming the
indicium may be used to form the information.
[0012] To protect the information that is printed, an additional
layer of transparent overlaminate can be coupled to the card blank
and printed information, as is known by those skilled in the art.
Illustrative examples of usable materials for overlaminates include
biaxially oriented polyester or other optically clear durable
plastic film.
[0013] Of course, there are many other identification documents
that include different structures, features and materials. These
other identification documents can be suitably interchanged with
the identification documents described herein. The inventive
digital watermarking techniques disclosed herein will similarly
benefit these other documents as well.
[0014] An identification document may include a digital watermark.
Digital watermarking is a process for modifying physical or
electronic media to embed a machine-readable code into the media.
The media may be modified such that the embedded code is
imperceptible or nearly imperceptible to the user, yet may be
detected through an automated detection process. In some of our
preferred embodiments, an identification document includes two or
more digital watermarks.
[0015] Digital watermarking systems typically have two primary
components: an encoder that embeds the digital watermark in a host
media signal, and a decoder that detects and reads the embedded
digital watermark from a signal suspected of containing a digital
watermark (a suspect signal). The encoder embeds a digital
watermark by altering the host media signal. The alterations
usually take the form of altered signal values, such as slightly
changed pixel values, luminance, colors, changed DCT coefficients,
altered signal values or selective placement or signal tweaks, etc.
However, a watermark can also be manifested in other ways, such as
changes in the surface microtopology of a medium, localized
chemical changes (e.g. in photographic emulsions), localized
variations in optical density, localized changes in luminescence,
etc. The surface texture of an object may be altered to create a
watermark pattern. This may be accomplished by manufacturing an
object in a manner that creates a textured surface or by applying
material to the surface (e.g., an invisible film or ink) in a
subsequent process. The watermark reading component analyzes
content to detect whether a watermark pattern is present. In
applications where the watermark encodes information, the reading
component extracts this information from the detected watermark.
The reading component analyzes a suspect signal to detect whether a
digital watermark is present. The reading component can be hosted
on a wide variety of units ranging from tethered or wireless reader
devices, conventional personal computers, network servers, cell
phones including cameras, to fully mobile readers with built-in
displays. Image data corresponding to a watermarked surface of an
identification document is read and decoded by this reader to
obtain a watermark's information or "payload".
[0016] Several particular digital watermarking techniques have been
developed. The reader is presumed to be familiar with the
literature in this field. Some techniques for embedding and
detecting imperceptible watermarks in media signals are detailed in
assignee's U.S. Pat. No. 6,614,914, U.S. Pat. No. 6,122,403 and PCT
patent application PCT/US02/20832 (published in English as WO
03/005291), which are each herein incorporated by reference.
[0017] In assignee's U.S. Pat. No. 5,841,886 techniques and methods
are disclosed to detect alteration of photo ID documents, and to
generally enhance the confidence and security of such systems. In
this regard, reference is made to FIG. 2, which depicts a photo-ID
card or document 1000 which may be, for example, a passport or
visa, driver's license, credit card, government employee
identification, or a private industry identification badge. For
convenience, such photograph-based identification documents will be
collectively referred to as photo ID documents.
[0018] The photo ID document includes a photograph 1010 that is
attached to the document 1000. Printed, human-readable information
1012 is incorporated in the document 1000, adjacent to the
photograph 1010. Machine-readable information, such as that known
as "bar code" may also be included adjacent to the photograph.
Generally, the photo ID document is constructed so that tampering
with the document (for example, swapping the original photograph
with another) should cause noticeable damage to the card.
Nevertheless, skilled forgers are able to either alter existing
documents or manufacture fraudulent photo ID documents in a manner
that is extremely difficult to detect. Security associated with the
use of photo ID documents is enhanced by supplementing the
photographic image with encoded information (which information may
or may not be visually perceptible), thereby facilitating the
correlation of the photographic image with other information
concerning the person, such as the printed information 1012
appearing on the document 1000.
[0019] A photograph 1010 may be produced from a raw digital image
to which is added a master snowy image as described in U.S. Pat.
No. 5,841,886. A central network and point-of-sale reading device
(which device, in the present embodiment, may be considered as a
point-of-entry or point-of-security photo ID reading device), would
essentially carry out the same processing as described with that
embodiment, including the central network generation of unique
numbers to serve as indices to a set of defined orthogonal
patterns, the associated dot product operation carried out by the
reader, and the comparison with a similar operation carried out by
the central network. If the numbers generated from the dot product
operation carried out by the reader and the central network match,
in this embodiment, the network sends the OK to the reader,
indicating a legitimate or unaltered photo ID document.
[0020] It will be appreciated that the information encoded into the
photograph may correlate to, or be redundant with, the readable
information 1012 appearing on the document. Accordingly, such a
document could be authenticated by placing the photo ID document on
a scanning system, such as would be available at a passport or visa
control point. The local computer, which may be provided with the
universal code for extracting the identification information,
displays the extracted information on the local computer screen so
that the operator is able to confirm the correlation between the
encoded information and the readable information 1012 carried on
the document. It will be appreciated that the information encoded
with the photograph need not necessarily correlate with other
information on an identification document. For example, the
scanning system may need only to confirm the existence of the
identification code so that the user may be provided with a "go" or
"no go" indication of whether the photograph has been tampered
with. It will also be appreciated that the local computer, using an
encrypted digital communications line, could send a packet of
information to a central verification facility, which thereafter
returns an encrypted "go" or "no go" indication.
[0021] In another implementation of the '886 patent, it is
contemplated that the identification code embedded in the
photograph may be a robust digital image of biometric data, such as
a fingerprint of the card bearer, which image, after scanning and
display, may be employed for comparison with the actual fingerprint
of the bearer in very high security access points where on-the-spot
fingerprint recognition systems (or retinal scans, etc.) are
employed.
[0022] We disclose herein methods, systems and identification
document to improve or provide alternative techniques for
confronting fraudulent use of identification documents. Fraudulent
use of identification documents may occur where, for example, an
otherwise legitimate identification document is modified such that
the original photograph is swapped with that of another person,
thereby enabling the other person to masquerade, at least
temporarily, under the guise of the original identification
document holder.
[0023] Even in the absence of photo swapping or alteration, it is
oftentimes difficult to confirm by inspection that the individual
depicted in the photograph of the identification card is indeed the
bearer of the card.
[0024] One aspect of this invention provides enhanced security and
certainty in the use of photo identification documents.
[0025] Another aspect provides methods and systems for
authenticating and securing identification documents using multiple
digital watermarks or multiple watermark components.
[0026] According to still another aspect of the present invention,
a security document includes a substrate and a first graphic
carried by the substrate. The first graphic conveys a photographic
image to human viewers thereof, and the first graphic is
steganographically encoded to convey first plural bits of data
recoverable by computer analysis of the first graphic. The security
document also includes a second graphic carried by the substrate.
The second graphic conveys a visual image to human viewers thereof,
and the second graphic is steganographically encoded to convey
second plural bits of data recoverable by computer analysis of said
second graphic. The steganographically encoded first plural bits of
data and the steganographically encoded second plural bits of data
cooperate to verify authenticity of the security document.
[0027] According to still another aspect of the invention, a method
is provided to detect swapping of first artwork from a first
identification document with second artwork on a second
identification document. The swapping results in the first artwork
being carried on the second identification document instead of the
second artwork. The first artwork includes a first digital
watermark embedded therein, and the second identification document
includes a second digital watermark embedded in a first region. The
method includes: receiving scan data associated with at least a
portion of the first artwork and at least a portion of the first
region; analyzing the scan data to detect the first digital
watermark and the second digital watermark; and comparing the first
digital watermark with the second digital watermark to detect
swapping of the first artwork with the second artwork.
[0028] Another aspect of the present invention is a security
document including a substrate and a first graphic carried by the
substrate. The first graphic conveys a photographic image to human
viewers thereof, and the first graphic is steganographically
encoded to convey first plural bits of digital data recoverable by
computer analysis of said first graphic. The security document also
includes a second graphic, the second graphic conveying a visual
image to human viewers thereof. The security document also includes
a detection trigger. The detection trigger serves to indicate a
presence of steganographic encoding. The second graphic is
steganographically encoded to convey second plural bits of digital
data recoverable by computer analysis of said second graphic,
wherein the steganographically encoded first plural bits of digital
data and the steganographically encoded second plural bits of
digital data cooperate to verify authenticity of the security
document.
[0029] Still another aspect of the present invention is a method of
identifying a first area and a second area of a printed document
that are likely to include, respectively, a first digital watermark
and a second digital watermark. The first digital watermark
includes a first orientation component and the second digital
watermark includes a second orientation component. The method
includes receiving optically scanned image data that corresponds
with at least a portion of the printed document; segmenting the
image data into a plurality of image portions; determining an
orientation measure relative to a predetermined orientation for
each of the image portions; identifying the first area by
associating image portions having a first orientation measure; and
identifying the second area by associating image portions having a
second orientation measure
[0030] Additional features, aspects and advantages of the present
invention will become even more apparent with reference to the
following detailed description and accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0031] FIG. 1 illustrates an identification document.
[0032] FIG. 2 illustrates another identification document.
[0033] FIG. 3A is a diagram illustrating an authenticating method
according to one aspect of the present invention; and FIG. 3B is a
flow diagram illustrating an authenticating aspect of the FIG. 3A
diagram.
[0034] FIG. 4 illustrates an authenticating method according to
still another aspect of the present invention.
[0035] FIG. 5 is a flow diagram illustrating a versatile
authentication process, which can operate in different
authentication modes depending on a watermark detection
trigger.
[0036] FIG. 6 illustrates an identification document including two
areas, with each area hosting a different digital watermark.
[0037] FIG. 7 illustrates image capture of the FIG. 6
identification document.
[0038] FIGS. 8A-8C illustrate window-based detection.
[0039] FIGS. 9A and 9B illustrate histograms, which classify
orientations of different image windows.
[0040] FIGS. 10A-10D illustrate classification of image windows
based at least on a watermark orientation component include a
translation measure.
[0041] FIG. 11A illustrates two document areas that likely include
watermark information.
[0042] FIG. 11B illustrates an isolated window.
[0043] FIG. 12 illustrates a histogram classification of image
windows based as least in part on digital watermark strength.
DETAILED DESCRIPTION
[0044] Introduction
[0045] The following detailed description is grouped into four main
sections. The grouping is not meant to limit the scope of the
present invention, and is merely provided for the reader's
convenience. Indeed, we anticipate that disclosed methods, systems
and identification documents found under one section heading can be
readily combined with methods, systems and identification documents
under other section headings. The main sections include: i)
Authenticating Identification Documents with Digital Watermarks;
ii) Advantages of Watermarking Identification Documents; iii)
Detecting Media Areas Likely of Hosting Watermarks; and iv)
Introduction to Appendix A.
[0046] Authenticating Identification Documents with Digital
Watermarks
[0047] First Embodiment--Forensics and Proof of Compliance
[0048] As discussed above with respect to our '886 patent, a
photo-ID can be enhanced through embedding data therein. Data can
be embedded in, e.g., a graphic or background of the photo-ID. More
preferable, however, is to embed the data in a photograph image.
The watermark is preferably robust, in that it survives scanning
and printing. In some implementations of this embodiment, the
watermark is repeated or redundantly embedded throughout an image
or document.
[0049] Although sometimes redundantly embedded across an entire
document surface, a watermark can be embedded in a particular
region of the document if desired (e.g., only in a photograph or a
graphic). In an area-based embedding implementation, we can use a
mask to identify areas for embedding (or areas that will not
receive embedding). The watermark is embedded in identified areas
(or is embedded to avoid areas). The watermark can also include a
so-called orientation component. An orientation component is
helpful in resolving issues of image distortion such as scaling,
rotation, translation, etc. In some cases the orientation component
comprises a separate digital watermark.
[0050] A digital watermark can be used to provide a
machine-readable means to detect fraud due to photo swapping and
so-called card "simulation." The watermark preferably includes a
payload or message. The message, once decoded, can be used to
provide a visual check for alterations. The decoded message or
payload can be displayed, e.g., via a graphical user interface, for
use by an inspector or law enforcement officer. For example, if the
payload includes the cardholder's date of birth, the payload date
of birth can be checked against the corresponding date of birth as
printed on the photo-ID. The crosscheck can even be automated. The
payload information can include additional information such as
driver's license number, jurisdiction code (e.g., code or text
indicating which state, agency or company issued the photo-ID),
personal information (address, age, sex, weight, height, etc.),
driver's insurance information (or a link thereto), unique
identifier, etc.
[0051] An advantage of this implementation is that if a watermarked
photograph is copied onto another photo-ID document, the watermark
provides a telltale sign pointing to the originating card. Once a
watermark photograph is determined to be non-compliant with the
text or information provided on the document, e.g., the payload
data does not correspond with the printed or stored information,
the payload can be used to identify the originating
document--providing a forensic tracking mechanism. (If the payload
includes the originating driver's license number or other unique
identifier, such payload information can be used to positively
identify the originating document.).
[0052] Another advantage of this implementation is that a machine
record for inspecting the photo-ID can be used as a "proof of
compliance" or proof of identification inspection. To facilitate
such, the watermarked photo-ID is presented to an optical sensor.
The optical sensor captures an image of the photo-ID and produces
scan data corresponding to such. A watermark detector analyzes the
scan data to find and decode the digital watermark embedded in the
photo-ID. The detector obtains the payload (e.g., a unique
identifier or driver's license number) and a check for the
correspondence between the payload and information carried by the
card is made. The payload can be stored in a repository or list to
evidence that the photo-ID was checked or inspected.
[0053] In an optional implementation of this embodiment, the
payload is cross-related to information carried in a magnetic
stripe on the card. Validating the card then requires two
reads--one an optical read of the watermark on the face of the
card, and a swipe of the magnetic stripe through a magnetic-stripe
reader. The magnetic stripe information is decoded and compared
with the watermark payload. This implementation has the benefit of
locking the watermarked information to the magnetic stripe, but it
requires an additional read (e.g., for the magnetic stripe) of the
card.
[0054] Second Embodiment--Multiple Watermarks
[0055] Additional security is added to an identification document
by providing first and second digital watermarks on the
identification document. For example, a first digital watermark is
embedded in first region of the identification document like in a
photograph, artwork, graphic, seal, or image (e.g., ghost image).
And a second digital watermark is provided in a second region of
the identification card. For example, the second digital watermark
is embedded in a background pattern or tint, line-art (see, e.g.,
assignee's U.S. Pat. No. 6,449,377) or in text, artwork, seal,
images or graphics carried by the identification document. The
first and second watermarks also may include a so-called
orientation component. An orientation component is helpful to
resolve image distortion such as rotation, scale and translation.
(We note that the second watermark can be embedded using the same
or different embedding protocol as the first watermark.). Although
not necessary, the first and second watermarks are preferably
redundantly embedded or tiled in their respective embedding
regions.
[0056] The first digital watermark preferably includes a first
payload or first message bits carrying or relating to a first set
of information, and the second digital watermark preferably
includes a second payload or second message bits carrying or
relating to a second set of information. The payloads may include
plural-bit payload structure. The payloads can have fixed and
variable portions and/or error correction bits. In some cases a
payload will include a checksum or error bits to ensure the
validity of a payload or a cross-correlation between the watermark
payloads. Examples of watermark payloads are shown, e.g., in
assignee's U.S. published patent application Ser. No. 10/193,719,
filed Jul. 10, 2002 (published as US 2003-0033530 A1) and in U.S.
Pat. No. 6,614,914. Each of these patent documents is herein
incorporated by reference.
[0057] The first set of information preferably relates to the
holder of the identification card (hereafter "cardholder") and/or
to the issuing authority (e.g., state DMV or company) or
jurisdiction. For example, the first set of information may include
"related information" such as a unique identifier that is
associated with the issuer or cardholder, a date of birth,
jurisdiction code, identification document number, name, address,
physical characteristics (hair color, weight, biometric, sex,
etc.), issue date, restrictions (e.g., age restrictions, driving
limitations, etc.), a hash (e.g., a reduced-bit representation) of
such related information, and/or a combination of the above related
information.
[0058] The second set of information, which is carried by or
related to the second payload, preferably corresponds with the
first set of information. The term "corresponds" in this context is
used broadly and may range, e.g., from an exact match to a loose
association within a predetermined tolerance.
[0059] In a first implementation, the second set of information
corresponds exactly with the first set of information. The sets of
information are compared to determine authenticity. In a second
implementation, the second set of information includes a subset of
the first set of information. The subset is cross-correlated with
the first set of information to determine authenticity. In another
implementation, the first set of information includes a key to
decrypt the second set of information (or vise versa). (We note
that an encrypted watermark payload may optionally be decrypted
with a key contained in a watermark detector.). In still another
implementation, the second set of information includes at least
some information that should correspond with information carried by
a magnetic stripe or barcode (see a related discussion under the
First Embodiment, above). In yet another implementation, the second
set of information includes both a subset of the first information
and additional information. For example, the subset may include the
birth date and document number, while the additional information
may correspond with text printed on the document. Or the subset may
include simply the document number (or portion thereof), or the
bearer's birth date and date of issue. Of course, many other
combinations of related information can be provided. For example,
the sets of information may be targeted to detect an age or name
alteration (e.g., by including age or name information in one or
both of the sets of information). In some cases the sets of
information includes hashes or reduced bit representations of
information pertaining to the cardholder or printed text
information. One hash, perhaps a hash carried by the second set of
information, may even represent some or all of the first set of
information. In still other implementations a document number is
distributed between the first and second sets of information. For
example, the first set of information includes a first part of the
document number and the second set of information includes the
remaining portion of the document number. A checksum or error bit
can be included with the first or second sets of information to
ensure that the document number portions correspond in the expected
manner.
[0060] To authenticate an identification document including two
digital watermarks, a watermark detector reads both watermarks. The
first set of information and the second set of information are
retrieved from their respective watermark payloads. (We note that
typically only one optical scan is needed to generate scan data,
from which both the first and second watermarks are detected from,
when the first and second watermarks are provided on the same
surface of the identification document.). The first and second sets
of information are compared to determine a correspondence. If a
correspondence occurs, some or all of the watermark information may
be provided to an inspector to facilitate a further check against
text alteration. For example, both the date of birth and some data
to verify against printed text (e.g., an indication that the
3.sup.rd letter of the first name should be "e", and the 2.sup.nd
letter of the last name should be "t") can be provided to the
inspector. Or, in other implementations, a signal is generated to
indicate the authenticity of the identification document.
[0061] FIGS. 3A and 3B are diagrams illustrating another
authentication technique for an identification document including
digital watermarking. An input device captures an image of an
identification document. The identification document includes first
and second digital watermarks. The input device conveys data
corresponding to a captured image to a watermark reader. The
watermark reader can be realized as a programmable computer, which
executes software instructions to detect and decode the first and
second digital watermarks included in the captured image data. The
computer can include a handheld device, laptop, desktop or remote
server. (While the input device is illustrated as being tethered to
the watermark detector/computer, this aspect of the present
invention also contemplates that the input device can wirelessly
communicate with the computer or communicate via a network instead.
The input device may also be incorporated with the reader, e.g., as
in a camera cell phone.). The watermark reader passes decoded
watermark information (e.g., payload or message information) to the
authenticator. The authenticator can also be realized by software
executing on a computer, and in some implementations, the watermark
reader includes the authenticator module. The authenticator module
determines whether the first and second watermark information
corresponds. This determination, in some implementations, involves
a crosscheck between a first subset (e.g., birth date) from the
first watermark and a first subset from the second watermark (e.g.,
birth date). In other implementations the authentication
determination involves multiple crosschecks between the first and
second watermarks. For example, a first subset (e.g., birth date)
carried by the first watermark is compared against a first subset
(e.g., birth date) of the second watermark, and a second subset
(e.g., document number or a portion thereof) of the first watermark
is compared against a second subset (e.g., document number or a
hash of the document number) of the second digital watermark.
[0062] In an alternative implementation, the authenticator (or
watermark reader) passes all or a portion of the watermark
information to a computer display (e.g., a computer graphical user
interface). Displaying some or all of the watermark information
allows an inspector or officer to visually compare the watermark
information against information printed on the document. The
authenticator outputs an authentication signal to indicate the
authentication status of the identification document. In some cases
the signal is conveyed to the display. Here, the authentication
signal can be a simple pass or fail signal, or a more detailed
response indicating the reason for the failure (e.g., one watermark
found but the second one is undetectable). In other cases the
signal is conveyed to an audio output device (e.g., audio speaker)
to audibly signal the authentication status (e.g., a predetermined
sound or audio segment is output if authentic, while another
predetermined sound or audio segment is output is not authentic).
In other implementations a fail signal is used to trigger a
secondary process. For example, a fail signal is used to spawn a
process to obtain additional data from the identification document.
The additional data can be retrieved from optical scan data (e.g.,
OCR, barcode, or image data for another watermark detection
attempt), optical or electronic memory, or manual input. The
additional data can be used, e.g., to: i) verify watermark
detection failure; ii) authenticate the document through a
non-watermarking process; and/or iii) trigger a forensic analysis
of the identification document.
[0063] The authenticator module is further discussed with reference
to FIG. 3B. The identification document is preferably considered
authentic when both the first and second digital watermarks are
recovered and when the first and second watermark information
(e.g., sets of information) correspond. The document is considered
not authentic when either of these criteria is not met. Of course,
as discussed above, a watermark detection failure may be used to
trigger another process, like a non-watermark based authentication
process.
[0064] We note that the second embodiment of this section is
generally issuing source and document neutral. This means that a
first and second digital watermark is used to verify an
identification document regardless of the features provided on the
card. Although document neutral, interpretation of the payload bits
can vary according to issuer identification. To illustrate,
consider a first employee badge issued by a first company and a
second employee badge issued by a second company. Each of the first
and second employee badges include first and second watermarks
embedded therein. All four of the watermarks (i.e., two from the
first badge and two from the second badge) have, e.g., a 72-bit
payload. The watermarks include a subset of bits (e.g., 4-12 bits)
to designate which company issued the badges or to which company
the badges are associated with (e.g., an issuer or client code).
The bits are located in a predetermined payload location, so that a
detector or an application cooperating with the detector can grab
the subset of bits and make a determination of who issued the
badge. The watermark detector (or a cooperating software
application) interprets the bits as designated for the particular
issuer or client. For example, the detector or application can
query a data structure, branch into a predetermined block of
software code, or interrogate a look-up-table to decide what the
bits correspond to. (For example, for issuer "Ace," a private
toolmaker, the first 10 bits are the issuer code, the next 32 bits
represent a document number, the next 10 bits represent an issue
date or birth date and the last 20 bits represent error correction
bits or checksums. And, for "Beta," a government agency, documents
associate with Beta include a payload with the first 10 bits
representing the issuer code, the next 20 bits represent a document
number, the next 20 represent a security clearance, the next 10
represent an issue date and the last 10 represent error correction
bits or checksums.). A watermark may similarly carry data (or a
signal feature) to indicate that it is a first or second watermark,
or an image frame location indicating where a watermark is located
is used to distinguish between a first and second watermark. The
payloads fields can be designated or interpreted differently for
each of the first and second watermarks, even for watermarks issued
by the same issuer.
[0065] As an alternative implementation of the second embodiment, a
second digital watermark is provided on a different document
surface than is the first digital watermark (e.g., the back side of
the document). We note that this alternative implementation may
require two optical scans to detect both the first and second
digital watermarks. This may be less of an issue when the second
digital watermark includes information that is used for forensic
tracking purposes. For example, the watermark may include
information that is tied to the original cardholder. If the second
watermark is copied and transferred to a second identification
document, the watermark information can be used to trace back to
the original cardholder. Similarly, the second watermark may
include information pertaining to the issuing location (e.g., which
DMV branch office) or original issuing officer.
[0066] A few illustrative combinations are shown below. Of course,
these combinations are not meant to limit the scope of this aspect
of the invention. Rather, the combinations are provided by way of
example only.
[0067] A1. A method to authenticate an identification document, the
identification document comprising a first digital watermark and a
second digital watermark, said method comprising the steps of:
[0068] receiving an optically captured image of at least a portion
of the identification document;
[0069] analyzing the optically captured image to detect the first
and second digital watermarks;
[0070] if either of the first or second digital watermarks is not
detected, determining that the identification document is not
authentic; and
[0071] if both of the first and second digital watermarks are
detected, comparing the first and second digital watermarks to
determine if they correspond.
[0072] A2. The method of combination A1, further comprising the
step of displaying through a computer based graphical user
interface at least a portion of information carried by either the
first or second digital watermark, and comparing the displayed
information with text printed on the identification document.
[0073] A3. The method of combination A1, wherein the document
comprises text printed thereon, and at least a portion of
information carried by the first and second digital watermark
corresponds to the printed text.
[0074] A4. The method of combination A1, wherein the first digital
watermark includes a first plural bit message, and the second
digital watermark includes a second plural bit message.
[0075] A5. The method of combination A4, wherein said comparing of
the first and second digital watermarks to determine if they
correspond comprises comparing at least a portion of the first
message with at least a portion of the second message.
[0076] A6. The method of combination A6, wherein at least one of
the first message and the second message includes an issuer code,
wherein said combination further comprises interpreting the plural
bits of at least one of the first message and the second message
according to a predetermined format associated with the issuer
code.
[0077] A7. The method of combination A4, wherein the first message
comprises a first subset and a second subset, and wherein the
second message comprises a third subset and a fourth subset.
[0078] A8. The method of combination A7, wherein said comparing of
the first and second digital watermarks to determine if they
correspond comprises comparing the first subset with the third
subset and comparing the second subset with the fourth subset.
[0079] A9. The method of combination A8, wherein said first subset
and third subset comprise redundant information.
[0080] A10. The method of combination A8, wherein said first subset
and third subset comprise corresponding information.
[0081] A11. The method of combination A9, wherein the information
corresponds through at least one of a cryptographic permutation, a
hash and a predetermined key.
[0082] B1. An identification document comprising a first graphic
and a second graphic, the first graphic comprising a first digital
watermark embedded therein having a first plural-bit payload, the
second graphic comprising a second digital watermark embedded
therein having a plural-bit payload, the identification document
further comprising indicia thereon, wherein the first plural-bit
payload comprises a representation of at least a portion of the
indicia, and wherein the second plural-bit payload comprises
information corresponding to the first plural-bit payload.
[0083] B2. The document of B1, wherein the information comprises
the representation.
[0084] B3. The document of B1, wherein the information comprises at
least one of a cryptographic permutation of the information, a hash
of the representation, and a portion of the representation.
[0085] B4. The document of B1, wherein the representation comprises
at least one of a hash of the indicia, a redundant version of the
indicia and a subset of the indicia.
[0086] B5. The document of B1, wherein at least one the second
payload comprises a checksum to verify the information.
[0087] Third Embodiment--Fragile Watermarks
[0088] A fragile or semi-fragile watermark is provided to any of
the first and second embodiments as either a watermark replacement
or to augment the above implementations. For example, in the second
embodiment, a fragile watermark may be used as either the first or
second watermark or as a third watermark component. In some
implementations we preferably use our out-of-phase embedding
techniques, e.g., as disclosed in PCT/US02/20832 (published in
English as WO 03/005291), to embed a fragile watermark. It will be
appreciated that a fragile watermark is designed to be lost or to
predictably degrade upon certain types of signal processing. A
semi-fragile watermark is designed to withstand normal signal
processing, but is destroyed or predictably degrades upon malicious
attacks.
[0089] The addition of a fragile or semi-fragile watermark adds
protection against anticipated fraud scenarios by providing alerts
when copies are made. Alteration in conjunction with card copying
can be detected from the absence or condition of the fragile
watermark.
[0090] Fourth Embodiment--Linking
[0091] In our fourth embodiment we provide a machine-readable link
to related information. The machine-readable link is preferably
provided via a digital watermark payload or identifier. The
identifier can include a unique number that is used to interrogate
a database or access a remote resource. In some cases the
identifier includes a URL or a code that is used to access an
appropriate URL. In a driver's license scenario, a digital
watermark includes a link to an insurance database. The database
includes data records evidencing that a cardholder does or does not
have car insurance. In other cases, the digital watermark includes
a link to a DMV database, to allow verification of information
printed on the identification document, and perhaps a photograph of
the cardholder. The database cardholder can be compared against the
person presently holding the card. A "photo swap" can be further
detected from comparison of a database photograph with a photograph
carried on the card and a visual inspection of the current
cardholder. The techniques discussed in assignee's U.S. patent
application Ser. No. 09/571,422, filed May 15, 2000, and in U.S.
Pat. No. 6,408,331 can be suitable interchanged with this linking
aspect of the present invention. These patent documents are herein
incorporated by reference.
[0092] Fifth Embodiment--Legacy Detection
[0093] Our fifth embodiment relates generally to handling ID
documents including so-called legacy ID documents. The term legacy
is used to generally refer to documents, which were previously
produced with or without a particular feature like a digital
watermark, but which differ in some manner from newly produced
documents (e.g., they have or lack the feature). Consider a
passport-issuing scenario in which renewal dates are spaced far
apart (e.g., 10 years). Unless a total recall of old passports is
issued, the population of outstanding passports will include both
old passports (e.g., legacy documents) and new passports (e.g.,
which may include digital watermarking).
[0094] A challenge results for an ID document authentication
process that authenticates a population of ID documents including
both legacy documents (e.g., with no watermarking) and watermarked
documents. To address this challenge we provide methods and systems
to determine whether a digital watermark should be present in a
document or whether the document was produced prior to the
introduction of watermark embedding.
[0095] Assignee's U.S. Published Patent Application No. US
2002-0080994 A1, which is herein incorporated by reference,
discusses a situation where a smart card carries information to
trigger a watermark reader to look for a digital watermark. The
trigger handles a case of legacy cards. In other words, the trigger
serves as an indication to a watermark reader to check for a
digital watermark. This allows reading new and legacy documents by
the same reader.
[0096] We expand these techniques to further help differentiate
between watermarked and non-watermarked ID documents, and/or to
decide whether to search for a digital watermark on an ID
document.
[0097] With reference to FIG. 4, ID document 100 includes a
plurality of features including machine-readable features. The
machine-readable features may include, e.g., a barcode (e.g., 1 or
2D barcodes) 60, magnetic stripe 27, optical memory (not shown),
electronic circuitry (not shown), text for optical character
recognition, etc., etc.
[0098] In a first implementation a machine readable feature
includes a watermark search or detection trigger. For example, an
issue date, or bits corresponding to an issue date, is stored in a
magnetic stripe, optical memory, a barcode or other
machine-readable indicia. The issued data serves as a "trigger" to
evidence whether and ID document should or should not including
watermarking.
[0099] With reference to FIG. 4, a reader, e.g., a barcode reader,
a magnetic stripe reader, optical memory reader, optical character
recognizer (OCR), etc., obtains a watermark trigger (e.g., issue
date). Instead of an automated reader as shown in FIG. 4, an
operator manually enters the trigger, e.g., manually enters the
issue date. Of course, other information may trigger a watermark
detection process like an expiration date, issuer code or
jurisdictional identifier.
[0100] An authenticator (e.g., a processor under the control of
software) uses the trigger to determine whether to carry out a
watermark-based authentication procedure. For example, the issue
date may correspond with a date that indicates that a digital
watermark or a plurality of digital watermarks should be present on
an authentic ID document. If so, the authenticator directs a
digital watermark verification process, like is discussed in the
above embodiments, to determine whether a digital watermark is
present. Or the issue date may indicate that the ID document was
produced before digital watermarks were rolled out into production
(e.g., indicating a so-called legacy card). The authenticator then
skips or disables a watermark detection process and/or
authenticates the ID document using a different authentication
technique.
[0101] In an alternative, but related, implementation, an
authenticator directs a watermark detector to analyze optical scan
data corresponding to an ID document. The scan data is searched for
a digital watermark or for a plurality of digital watermarks. If
the watermark detector is unable to find a digital watermark, the
authenticator looks for a legacy indicator. For example, an issue
date or expiration date is used to determine whether the ID
document is a legacy document; or an operator is prompted to enter
an issue or expiration date, or to enter a determination as to
whether the ID document is a legacy card.
[0102] In another implementation we check for a legacy indicator
(e.g., issue date) regardless of whether a watermark is detected.
This implementation addresses a counterfeiting scenario where a
watermarked feature (e.g., a watermarked photograph) is lifted from
an authentic watermarked ID document and pasted onto a legacy
document that should not include a digital watermark. If a
watermark is found, but the legacy indicator suggests that a
watermark should not be present, the ID document is considered
suspect.
[0103] A client code can be combined with an issue date or
expiration date to indicate which documents should or should not
include digital watermarks. A "client code" is broadly used herein
and may include, e.g., a code to identify a particular client or a
particular type of identification document. The client code can be
associated with a particular issue or legacy date, to help identify
whether an identification document should or should not include
digital watermarking. For example, a client code for a sports arena
can be used to signal that all employee badges issued after Jan. 1,
2003 should include a digital watermark or a plurality of digital
watermarks. And a client code for an airport tarmac crew can be
used to signal that all security badges issued after, e.g., Apr.
15, 2003 should include a digital watermark or a plurality of
digital watermarks. A magnetic stripe or barcode (or other
machine-readable feature) carries the client code. An authenticator
uses the client code to make a determination, for a particular
client, as to whether a digital watermark should be present. (An
authenticator can manage various client codes and relevant legacy
dates via, e.g., a look-up table, software programming or by
accessing a local or remote database.). By way of further
illustration, an authenticator receives the airport's tarmac crew
client code from a security badge. The issue date for the security
badge is Mar. 11, 2003. The authenticator then knows that a digital
watermark should not be present. Or the authenticator receives a
client code corresponding to the sports arena. The corresponding
employee badge was issued on Jun. 23, 2003. The authenticator then
expects to find digital watermarking on the employee badge. Of
course, client codes can be assigned to other entities, like
states, nations, companies, etc.
[0104] An authenticator is provided in another implementation to
operate primarily between two different modes. Consider FIG. 5,
where a versatile authentication process toggles between two
authentication branches depending on a watermark detection trigger.
The process is carried out, e.g., through a processor or electronic
processing circuitry controlled by software. The trigger is
analyzed to determine whether an ID document is expected to include
digital watermarking embedded therein. If watermarking is expected,
optical scan data is analyzed to recover the watermarking. In a
two-watermark implementation, payload data is obtained from each of
the two watermarks. The payload data, or subsets of the payload
data, is compared to determine whether the document is authentic.
Of course, if the watermarking is not recoverable, the document is
considered suspect (e.g., potentially a counterfeit or unauthorized
document).
[0105] If the trigger indicates that the ID document is not
expected to include watermarking then the ID document is
authenticated using a non-watermarking technique. For example, in
one implementation the issue or expiration date (with perhaps a
client code) is used as a trigger. If the issue date indicates that
watermarking is not expected, another authentication clue, like a
bearer's birth date, is obtained from the ID document. A birth date
can be machine-read, e.g., from a magnetic stripe, optical memory,
electronic circuitry, and/or barcode (e.g., PDF-417, 1-D barcode,
etc.). The birth date can also be obtained from a remote
repository, e.g., which is interrogated with a document number
(e.g., driver's license number). A birth date obtained from such
methods (e.g., machine-read, remote access, etc.) is referred to as
a "stored birth date." The stored birth date is then
cross-correlated with a birth date that is printed or otherwise
carried on the ID document. The printed or otherwise carried birth
date is called a "carried birth date." In some cases the carried
birth date is carried via a machine-readable feature. For example,
the stored birth date is conveyed through a barcode, while the
carried birth date is carried by a magnetic stripe. Retrieving the
carried birth date for cross-correlation with the stored birth date
can be machine-aided (e.g., with OCR input of a printed birth
date), or can be aided by an operator entering the birth date as
printed on the ID document. The cross-correlation correlates the
stored birth date with the carried birth date. The document is
considered authentic when the carried and the stored birth dates
correspond. Of course, if either (or both) of the carried or stored
birth dates is not recoverable, or is not obtained, the document is
considered suspect. Thus, this implementation provides a watermark
readable/non-readable authenticator. (Instead of a birth date,
other bearer or document specific information like an address (or a
hash of an address), name (or hash of a name) or document number
(or hash of a document number) can be suitably interchanged. The
term "hash" in this context implies a reduced-bit representation of
a larger number, value or character string.)
[0106] In still further implementations we add or change a feature
on an ID document to signal that the ID document includes a digital
watermark. For example, we shift or reposition a photograph carried
by the ID document. Instead of positioning the photograph in the
upper, left hand corner of the document, we position the photograph
in the lower right hand corner, or we offset the photograph by a
predetermined spacing. Or we print text (e.g., birth date) in a
color (e.g., green) or with a different font. Still further we can
place a machine-readable feature in artwork (e.g., a predetermined
frequency response due to repetitive spacing of artwork features or
lines). These features can be used to trigger (either manually or
automatically) watermark detection. Or we can add a predetermined
laminate, perhaps embossed or laser engraved features, which can be
used to signal watermark detection. Related is a certain type of
card stock--perhaps textured with machine-readable code--that
signals digital watermarking. Indeed, most of the security features
detailed in Appendix A can be used to signal the presence of a
digital watermark. In still further implementations, we add a
feature that can be pattern recognized. For example, we add a
graphic that resembles a triangle. After capturing image data, a
pattern recognizer searches the image data for the expected
triangle. If found, the triangle signals an expected presence of
digital watermarking.
[0107] Sometimes we prefer to add more subtle features to signal
the presence of a digital watermark. In one implementation we shift
the spatial starting position of text relative to other document
features. For example, a document bearer's printed name or employee
number can be spatially shifted with respect to the bearer's
photograph. The spatial distance between a starting point of text
and a photograph (e.g., a lower right hand corner of the
photograph) can be machine-measured and used to trigger watermark
detection. Of course, instead of shifting text, we can subtly
reposition graphics or other artwork as well. In other cases we
trigger off of an identification document number. For example, the
number may include an extra character (e.g., the seventh or eighth
character in) or a leading one or zero can be used to indicate
digital watermarking. In other cases we use a plurality of
characters, e.g., the last four characters or every other character
to indicate the presence of digital watermarking.
[0108] While we have discussed handling legacy documents with
respect to digital watermarking, this embodiment of the present
invention is not so limited. Of course, our techniques apply to
triggering detection of other types of machine-readable features or
identifying other types of legacy documents as well.
[0109] A few illustrative combinations are shown below. Of course,
these combinations are not meant to limit the scope of this aspect
of the invention. Rather, the combinations are provided by way of
example only.
[0110] C1. An identification document authenticator operable to
authenticate an identification document through a digital
watermarking authentication process or through a non-digital
watermarking authentication process, a process being selected
depending on a detection trigger, said authenticator
comprising:
[0111] electronic processing circuitry;
[0112] a system communications bus;
[0113] memory in communication with the electronic processing
circuitry via the system communications bus, said memory comprising
instructions for processing by the electronic processing circuitry,
said instructions comprising instructions to:
[0114] analyze data corresponding to the detection trigger;
[0115] determine whether the data indicates an expected presence of
digital watermarking in the identification document, and if so
indicated, authenticate the identification document through the
digital watermarking authentication process; and
[0116] determine whether the data indicates an expected absence of
digital watermarking, and if so indicated, authenticate the
identification document according to the non-digital watermarking
authentication process.
[0117] C2. The authenticator of C1, wherein the identification
document carries the detection trigger.
[0118] C3. The authenticator of any one of C1 or C2, wherein the
detection trigger comprises a document issue date
[0119] C4. The authenticator of any one of C1 or C2, wherein the
detection trigger comprises a document expiration date.
[0120] C5. The authenticator of C2, wherein the detection trigger
is carried by a machine-readable feature.
[0121] C6. The authenticator of C5, wherein the machine-readable
feature comprises at least one of a barcode, magnetic stripe,
optical memory and electronic circuitry.
[0122] C7. The authenticator of C1, wherein the non-digital
watermarking authentication process comprises a cross-correlation
of first and second instances of bearer or document specific
information carried by the document.
[0123] C8. The authenticator of C7, wherein the first and second
instances each comprise data corresponding to a birth date.
[0124] C9. The authenticator of C7, wherein the first and second
instances each comprise data corresponding to a name.
[0125] C10. The authenticator of C7, wherein the first and second
instances each comprise data corresponding to a document
number.
[0126] C11. The authenticator of C7, wherein the first and second
instances each comprise data corresponding to an address.
[0127] C12. The authenticator of claim C1, wherein the digital
watermarking comprises a first digital watermark including a first
payload and a second digital watermark including a second
payload.
[0128] C13. The authenticator of C12, wherein the digital
watermarking authentication process comprises at least a
cross-correlation of some of the first payload with at least some
of the second payload.
[0129] C14. The authenticator of C1, wherein the memory comprises
electronic memory circuits.
[0130] C15. The authenticator of C14, wherein the electronic
processing circuitry comprises a processor.
[0131] C16. The authenticator of C1, wherein the memory comprises
at least one of removable memory and fixed memory.
[0132] C17. The authenticator of C1 further comprising an input
device.
[0133] C18. The authenticator of C17, wherein the detection trigger
is manually entered into the authenticator via the input
device.
[0134] C19. The authenticator of C17, wherein the detection trigger
is machine-read into the authenticator via the input device.
[0135] C20. The authenticator of C17, wherein the input device
comprises at least one of a key pad, mouse, magnetic stripe reader,
optical memory reader, optical sensor, barcode reader, touch screen
and smart card reader.
[0136] D1. A method to determine whether to authenticate an
identification document through a digital watermark authentication
process, wherein the identification document comprises a detection
trigger, said method comprising the steps of:
[0137] receiving digital data corresponding to the detection
trigger;
[0138] if the detection trigger indicates an expected presence of
digital watermarking, analyzing optical scan data to decode the
digital watermarking; and
[0139] if the detection trigger indicates an expected absence of
digital watermarking, providing an indication that the
identification document is a legacy document.
[0140] D2. The method of claim D1, wherein the trigger comprises a
document issue date.
[0141] D3. The method of claim D1, wherein the trigger comprises a
document expiration date.
[0142] D4. The method of any one of D1-D3, wherein the document
comprises a magnetic stripe, and wherein the trigger is stored by
the magnetic stripe.
[0143] D5. The method of any one of D1-D3, wherein the document
comprises electronic circuitry, and wherein the trigger is stored
in the electronic circuitry.
[0144] D6. The method of any one of D1-D3, wherein the document
comprises a machine-readable feature, and wherein the trigger is
conveyed through the machine-readable feature.
[0145] D7. The method of D6, wherein the machine-readable feature
comprises a barcode.
[0146] D8. The method of D1, wherein the trigger comprises a client
code.
[0147] D9. The method of D8, wherein the trigger further comprises
at least one of a document issue date and a document expiration
date.
[0148] D10. The method of D1, wherein the providing an indication
comprises disabling or foregoing a watermark detection process.
[0149] D11. The method of D1, wherein the providing an indication
comprises outputting a signal to indicate that the document is a
legacy document.
[0150] D12. The method of D11, wherein the signal is displayed
through a graphical user interface.
[0151] D13. The method of D11, wherein the signal activates a
warning.
[0152] D14. The method of claim D11, wherein the signal controls or
initiates an automated, but non-watermarking based, authentication
process.
[0153] Sixth Embodiment--Plural Watermarks
[0154] While some of the above embodiments have envisioned enhanced
identification document security through embedding of two digital
watermarks, the present invention is not so limited. Indeed, the
inventive techniques discussed herein will apply to identification
documents including three or more watermarks as well. For example,
watermark payload correspondence as discussed under the Second
Embodiment can involve three or more watermarks.
[0155] Advantages of Watermarking Identification Documents
[0156] Some advantages provided to identification documents by
digital watermarking may include the following bullet list. Of
course, this list is not meant to limit the present invention, and
many of the disclosed embodiments need not include such advantages.
By way of illustration only, some watermarking advantages
include:
[0157] A covert security feature, since a watermark is not
generally visually discernible.
[0158] No significant impact on an identification document's
limited "real estate."
[0159] When deployed across multiple areas, a simple, common
authentication mechanism (watermark) is provided when optically
reading the identification document. This addresses the complexity
issues related to detecting false documents. In a driver's license
context, both documents with and from out of state can be
authenticated.
[0160] Linking to a database (e.g., a DMV, insurance database,
etc.) can be enabled, based on policies set and enforced by each
document issuing government or organization. Watermark reading
software can be implemented to provide access to software based on
government or organization policy and reading audience, or
alternatively, in-state/out-of-state status.
[0161] By providing a linking mechanism versus encoding information
on the document itself, inappropriate access to cardholder personal
data is prevented. Also, if a government's policy regarding data
access for a certain audience changes, this can be implemented in
the reader software, enabling dynamic policy changes, without
having to reissue identification documents.
[0162] Some advantages of watermarking to government agencies
(e.g., DMV, law enforcement officials, and other authorized
audiences) and financial institutions are discussed in the
following bulleted list. Of course, this list is not meant to limit
the present invention, and many of the disclosed embodiments need
not include such advantages. By way of illustration only, some
watermarking advantages for government agencies include:
[0163] DMV forensics agents can detect cards that have been copied
and altered, as well as track back to the originating card(s).
[0164] Point of sale agents for age-controlled products can locally
authenticate a card with respect to card authenticity and age
status, without gaining machine-readable access to the individual's
demographic data and compromising cardholder's privacy.
Watermarking may also provide an ability to read
cross-jurisdictional identification documents thus providing better
data sharing.
[0165] Any inspector equipped with a digital watermark reader can
detect "simulated" cards.
[0166] The common "photo swap" attack can be automatically detected
(e.g., see the first and second embodiments discussed above).
[0167] Text alterations and/or substitutions on otherwise
legitimate documents can be automatically detected.
[0168] Insurance verification can be provided to Law Enforcement by
linking to an insurance company database, using the watermark
identifier information.
[0169] Law enforcement or other authorized users, with the
appropriate authorizations and privileges, can selectively and
securely link to "back-end" databases for access to photos,
biometrics, demographics, and outstanding warrants via a simple
imaging or scanning of the identification document.
[0170] Crosschecks on a cardholder's name can be done so that
financial institutions can further authenticate identity.
[0171] Detecting Media Areas Likely of Hosting Watermarks
[0172] Orientation Components
[0173] The subject matter in this section relates to assignee's
U.S. patent application Ser. No. 10/032,282, filed Dec. 20, 2001
(published as US 2002-0114491 A1) and Ser. No. 09/945,244, filed
Aug. 31, 2001 (published as 20020057823 A1). Each of these U.S.
patent documents is herein incorporated by reference
[0174] Steganographic calibration signals (sometimes termed "marker
signals," reference signals," "grid signals," or "orientation
components," etc.) are sometimes included with digital watermarking
signals so that subsequent distortion of the object thereby marked
(e.g., a digital image file, audio clip, document, etc.) can later
be discerned and compensated for. Such arrangements are detailed in
the related applications.
[0175] One type of watermark orientation component is an image
signal that comprises a set of impulse functions in a transform
domain, like a Fourier magnitude domain, e.g., each with
pseudorandom phase. To detect rotation and scale of a watermarked
image (e.g., after printing and scanning of the watermarked image),
a watermark decoder converts the watermarked image to the Fourier
magnitude domain and then performs, e.g., a log polar resampling of
the Fourier magnitude image. A generalized matched filter
correlates a known orientation component with the re-sampled
watermarked signal to find the rotation and scale parameters
providing the highest correlation. The watermark decoder performs
additional correlation operations between the phase information of
the known orientation signal and watermarked signal to determine
translation parameters, which identify an origin of the watermark
signal. Having determined the rotation, scale and translation of
the watermark signal, the watermark reader then adjusts the image
data to compensate for this distortion, and extracts the watermark
message signal.
[0176] An exemplary orientation signal may include one or more of
the following characteristics:
[0177] 1. It comprises a collection of impulse or delta functions
in the Fourier magnitude domain;
[0178] 2. The impulse functions have pseudo random phase (i.e. the
phase is random, yet the phase is known so that translation (e.g.,
its X and Y origin) of the watermark can be computed by correlating
the know phase information of the calibration signal with the
watermarked signal); and
[0179] 3. The impulse functions are typically distributed in the
mid-frequency range so as to survive distortion yet not be
perceptible
[0180] In other embodiments, different orientation components can
be used in differently watermarked excerpts of the content. An
image may be segmented into blocks, pre-filtered, and then
converted into the Fourier domain. The Fourier representation for
all the component blocks can be accumulated, filtered, and remapped
into the log-polar domain.
[0181] Multiple Watermarks on Printed Documents
[0182] As discussed above, some watermarking implementations
include a printed document having a plurality of digital watermarks
embedded thereon. We have developed methods and systems to quickly
identify areas where the digital watermarks may be embedded, and
then focus decoding efforts on the identified areas, particularly
when each of the embedded digital watermarks includes an
orientation component (or calibration signal). Message decoding
efforts can focus on areas identified as likely candidates of
including a digital watermark.
[0183] We choose to illustrate our inventive methods and systems
with respect to printed documents, such as financial documents,
e.g., checks, banknotes, financial instruments, legal instruments
and identification documents. Some financial and identification
documents may include so-called radio frequency identification
circuitry (RFID), smart card chips or circuitry, optical memory,
magnetic memory, etc. Of course, our techniques apply to other
objects and media (e.g., digital images and video) as well.
[0184] FIG. 6 illustrates a printed ID document 100. ID document
100 preferably includes a photographic representation 102 of a
bearer of the ID document 100. The photographic representation 102
may include, e.g., a background portion 102a and a likeness of the
bearer portion 102b. The ID document 100 will typically include
printed indicia like text (e.g., name, address, jurisdiction,
document number, birth date, etc.), machine-readable code (e.g., 1
or 2-D barcodes--not shown in FIG. 6), graphics, background
patterns, seals, emblems, artwork, etc. Sometimes the printed
indicia is printed with visible or invisible (e.g., UV or IR) inks.
Of course, the ID document 100 may include a wide variety of other
features like optical or magnetic memory, microprinting, holograms,
Kinograms.RTM., electronic circuitry (e.g., a so-called smart
card), ghost or faintly reproduced images, etc., etc.
[0185] ID document 100 includes a plurality of watermarks embedded
thereon. To simplify the discussion ID document 100 includes two
(2) digital watermarks. It should be appreciated, however, that our
techniques apply to documents including one and three (3) or more
digital watermarks as well.
[0186] A first digital watermark is embedded in the photographic
representation 102 (FIG. 6). The first digital watermark can be
embedded in the background portion 102a, embedded in the likeness
portion 102b, or embedded in both portions 102a and 102b. In our
preferred implementation we redundantly embed the first digital
watermark throughout the photographic representation 102 or a
portion of the photographic representation 102. The first digital
watermark typically includes an orientation component (hereafter
called a "first orientation component") and a first message
component. The first orientation component is embedded at (or is
embedded so as to represent) a first orientation. For example, the
first orientation corresponds to a first scale, rotation and/or
translation. Translation can be a measure or reflection of a
distance or relationship to a predetermined origin or spatial
location (e.g., the upper left corner of the identification
document). An orientation component may also reflect a particular
message starting position or location. If the first digital
watermark is redundantly embedded throughout the photographic
representation 102, the redundant instances of the first
orientation component preferably include the same (or at least
closely similar) first orientation.
[0187] A second digital watermark is embedded in area 104. Area 104
includes a graphic, seal, background area, artwork, ghost image,
photographic image, hologram, Kineogram.RTM. or line art, etc.
(hereafter generally referred to as "artwork"), in which the second
digital watermark is embedded. The artwork may overlap with text or
other document features. While area 104 is illustrated as a bounded
and limited area, area 104 can alternatively occupy much larger or
smaller document 100 areas. In our preferred implementations we
redundantly embed the second digital watermark throughout area 104.
The second digital watermark typically includes an orientation
component (hereafter called a "second orientation component") and a
message component. The second orientation component differs from
the first orientation component. The difference may be subtle such
as a difference in embedding scale, rotation or translation, or may
explicitly differ in terms of a different calibration technique or
embedding protocol.
[0188] The second orientation component is preferably embedded at
(or is embedded so as to represent) a second orientation, e.g., at
a second scale, rotation and/or translation. If the second digital
watermark is redundantly embedded throughout area 104, the
redundant instances of the second orientation component preferably
include the same second orientation.
[0189] Thus, the first and second digital watermarks each
preferably include an orientation component that differs from one
another (e.g., the orientation components differ in terms of scale,
rotation and/or translation, etc.) or differs relative to a know or
predetermined orientation component.
[0190] A digital watermark detection process is discussed with
respect to FIGS. 7 and 8A-8C. ID document 100 is presented to a
sensor 110 (FIG. 7). Sensor 110 can take a variety of forms. For
example, sensor 110 may include a flatbed scanner, an optical senor
or array, a CCD optical sensor, a handheld device, web camera, a
digital camera (e.g., as is commonly associated with today's cell
phones or handhelds), etc. Sensor 110 captures scan data (or "image
data") that represents ID document 100 or a portion of the ID
document 100. The captured scan data is communicated to a watermark
detector 120 (e.g., electronic processing circuitry controlled by
software).
[0191] Watermark detector 120 is configured to analyze windows or
image areas (e.g., blocks, image portions or segments), in search
of watermark orientation components or in search of characteristics
that are associated with watermark orientation components. For
example, the watermark detector 120 analyzes scan data associated
with a first window 60a (FIG. 8A). The window sizes can vary
according to detector specifications. To illustrate, we select a
window, e.g., having 32.times.32 pixels, 64.times.64 pixels or
128.times.128 pixels.
[0192] We prefer a sliding window approach for our detector. That
is, after the watermark detector 120 analyzes image area 60a, it
analyzes an adjacent, perhaps even overlapping, window area 60b,
and so on until it analyzes a last window 60n for a first window
row (FIG. 8B). The window can be repositioned to analyze additional
windows (e.g., 62a-62n) until it analyzes a last row of windows
(64a-64n) as illustrated in FIG. 8C. Of course, the detector 120
can alternatively select windows at random (or pseudo-random), or
select windows corresponding to a central area of the ID document
100. Also, a first window 60a need not be selected from the upper
left hand corner of the ID document 100, but can be selected from
other starting image portions as well. In still further alternative
implementations, once a watermark has been found in a particular
window, the detector analyzes adjacent windows, and then branches
out from the adjacent windows.
[0193] While not necessary to do so, the watermark detector 120
preferably analyzes all of the captured image data. (Alternative
implementations only look at a subset of the captured image data.).
To illustrate, e.g., if the scan data corresponds with a
1024.times.1280 pixel area, and if 64.times.64 pixel windows
overlap by 50 percent, about 1280 windows are analyzed. Of course
the number of windows will decrease as the window size increases
and/or as the overlap area decreases.
[0194] Each window or image portion is preferably classified in
terms of its orientation characteristics. For example, the detector
120 compares an orientation of each image window or block (some of
which may include no watermark signal at all) to that of a
predetermined orientation (e.g., an orientation corresponding to an
expected watermark orientation component). A metric or measure can
be used to classify each image portion in terms of its determined
orientation or in terms of its determined orientation relative to
the predetermined orientation. An orientation measure may include
factors such as rotation, scale, translation, etc.
[0195] The detector 120 (or a computer cooperating with the
detector 120) remembers or groups together those windows or image
portions which have the same metric or orientation measures. The
term "same metric" is broadly used and may include an exact
sameness or the metric may include a tolerance. For example,
orientations falling within plus-or-minus 1-10 degrees (for
rotation) may be grouped together, or those falling within
plus-or-minus 2-10% scale or translation might similarly be
grouped. After grouping the blocks, the detector (or a cooperating
computer) sifts through the groupings to identify predominate
groups. The two most predominate groups will likely correspond to
one of a first watermark orientation component and a second
watermark orientation component.
[0196] FIG. 9A shows a histogram illustrating a relationship
between classified blocks (where the z axis represents a number of
image windows having a particular orientation) in terms of scale (x
axis--in terms of a scale relative to a predetermined scale) and
rotation (y axis--in terms of rotation angle in degrees from a
predetermined angle). As shown, the histogram includes two strong
peaks, each at different orientations. To be more precise, the two
peaks share the same rotation, but differ in terms of scale. The
peaks correspond to the first watermark orientation component at a
first rotation and first scale, and a second watermark orientation
component at the first rotation, but second and different scale.
The histogram provides a tidy graphical analysis to determine
blocks with the same (or closely similar) orientation values. The
small peaks in FIG. 9A correspond to image windows that include
various orientation values (e.g., images areas that do not have a
digital watermark orientation component embedded therein).
[0197] There may be some cases in which the two or more watermark
components have the same rotation and scale. For example, only a
single predominate peak is seen in FIG. 9B since the first and
second orientation components include the same rotation and scale.
In these cases other orientation parameters, like translation, can
be analyzed to distinguish between different orientation
components. These other implementations may include an orientation
metric, which includes a translation factor. Image portions can be
plotted or analyzed in terms of their orientation metrics as shown
in FIGS. 10A-10D. More precisely, FIG. 10A shows an identification
document including two watermarks redundantly embedded therein
(shown by the two "grids"--one solid and one dashed--where each
grid tile represents a redundant instance of a watermark or
watermark component). Each of the watermarks includes a different
translation with respect to an upper left corner (or other
predetermined origin) of the identification document. As a
watermark detector analyses the document as discussed with
reference to FIGS. 8A-8C it may determine a particular translation
value for each window. Since the redundant instances will have the
same translation values (perhaps after adjustment for relative tile
positioning within the first or second grids), watermarked areas
can be determined. FIGS. 10B and 10C illustrate document areas
having the same relative translation in terms of x-translation and
y-translation. Windows can be grouped together based on similar
translation values as shown by the histogram in FIG. 10D. The
predominate two groups identify likely locations of the first and
second watermarks, since they have common translation values.
[0198] Once predominate orientations are identified, document areas
80 and 82 shown in FIG. 11A (or areas corresponding to scan data
including the predominate orientations) can be identified. The
identification may involve, e.g., determining which image portions
have an orientation corresponding to predominate orientations or
which image portions fall within the predominate groups. Areas 80
and 82, or image windows corresponding to areas 80 and 82, can be
further analyzed to detect a watermark message. (Areas 80 and 82 in
FIG. 11A are intentionally drawn with jagged or varying boundaries.
The variation may be caused in some implementations, e.g., where
the sample windows do not precisely correspond with embedding areas
boundaries.).
[0199] Sometimes we may see an isolated window 84 identified as
shown in FIG. 11B. The isolated window may be identified as likely
including a watermark because is has an image or noise orientation
that is similar to one of the selected watermark orientation
components. We optionally test for isolation to jettison such an
isolated block 84, since the isolated block is not likely to
include watermark information, but rather reflects noise having a
similar orientation. One method tests each selected window to
ensure that it has at least one or more neighboring selected
windows. If it does not, the isolated window 84 is disregarded.
[0200] As an alternative grouping technique, a watermark "strength"
is determined for each window. Each image window then has an
orientation metric and a strength metric associated therewith. The
strength metric is a representation of a watermark characteristic,
or a relative correlation between an expected watermark signal and
the detected watermark signal. Windows are grouped according to
their orientation metrics, but are represented according to a
collective strength of all of the windows in a group (e.g., we add
together the strength metric for each window within a group).
Groups are then represented in terms of collective group strength
and not in terms of the number of windows within a group. A
strength metric provides an even more prominent indication of
watermarked windows, e.g., as shown by the histogram peaks in FIG.
12.
[0201] As a further alternative approach, we filter image data or
histogram data to help jettison unwanted noise. This approach even
further increases the prominence of window groups or peaks over
background noise.
[0202] Our approach saves processing time since only those areas
including watermark orientation components are further analyzed to
detect a watermark or payload message.
[0203] Copy Detection
[0204] In addition to reducing processing time and ensuring better
watermark detection, our techniques may be used as a copy detection
tool.
[0205] Consider a financial document like a check. A common
counterfeiting technique "cuts and pastes" (perhaps digitally)
features from one check to another check. For example, a
counterfeiter may cut and paste a bank seal or logo from one check
onto another.
[0206] To help detect a copy we provide a document (e.g., a check
from Bill's Bank) with two embedded digital watermarks. Each of the
first and second digital watermarks includes a first and second
orientation component, respectively. The first and second
orientation components have a known relationship to one another or
a known relationship to a predetermined orientation component. To
simplify the discussion, lets say that the first orientation
component has a scale that is 82% of an expected scale, and the
second orientation component has a scale that is 78% of an expected
scale.
[0207] A watermark detector can expects to find the relative scales
for the first and second orientation components in order to
authenticate Bill's check. (Of course, the detector can account for
any optical sensor discrepancies, such as unwanted scaling relative
to the printed check.).
[0208] The document is considered suspect if the orientation
components' scales are not as expected.
[0209] In some implementations, each bank (or client type) includes
a unique orientation component relationship between its watermarks.
For example, if the customer or account is associated with a
commercial endeavor, then the orientation components are related
according to a first predetermined relationship. But if the
customer or account is associated with a government endeavor then
the orientation components are related according to a second
predetermined relationship, and so on.
[0210] A third watermark or watermark component can be used to
convey the predetermined relationship or a watermark detector can
be configured to expect a certain relationship.
[0211] Even if the counterfeiter is careful when replicating a
predetermined scale and rotation, it remains difficult to properly
align the multiple watermarks to achieve a predetermined
translation.
[0212] Our copy detection also works with ID documents where a
counterfeiting technique involves photo or feature swapping. A
first watermark is embedded in a photograph, and a second watermark
is embedded in a background or artwork. Each of the first and
second watermarks includes an orientation component. The
orientation components have a predetermined relationship to one
another or to a control orientation component. Scan data is
collected and orientation parameters are determined. The determined
orientation parameters are analyzed to detect a counterfeit
document or photo swap. (Different issuers (e.g., state or country)
can include a unique orientation component relationship. If the
relationship is not what is expected for the issuer, then the
document is considered suspect.).
[0213] In alternative implementations a financial document or ID
document includes a visible fiducial or overt structure printed or
engraved thereon. Orientation parameters are determined relative to
the visible fiducial or structure. For example, a scale or rotation
of a watermark orientation component is determined relative to the
fiducial, and image portions are classified by their relative
relationship (or any deviation from an expected relationship) to
the fiducial.
[0214] A few illustrative combinations are shown below. Of course,
these combinations are not meant to limit the scope of this aspect
of the invention. Rather, the combinations are provided by way of
example only.
[0215] E1. A method to detect a copy of a printed document, the
printed document comprising a first area and a second area
including, respectively, a first digital watermark and a second
digital watermark, wherein the first digital watermark includes a
first orientation component and the second digital watermark
includes a second orientation component, said method comprises:
[0216] receiving scan data associated with the printed
document;
[0217] segmenting the scan data into a plurality of portions;
[0218] determining an orientation parameter for at least some of
the portions;
[0219] identifying from the determined orientation parameters, at
least two most prominent orientation parameters;
[0220] comparing at least one of: i) a relationship between the two
most prominent orientation parameters; ii) the two most prominent
orientation parameters to predetermined orientation parameters; and
iii) a relationship between the two most prominent orientation
parameters and an expected relationship between the two most
prominent orientation parameters; and based on the comparing step,
determining whether the printed document is an original or is a
copy of the printed document.
[0221] E2. The method of E1 wherein the printed document comprises
a financial document.
[0222] E3. The method of E1 wherein the printed document comprises
an identification document, and wherein the first area corresponds
with a photographic representation of a bearer of the
identification document.
[0223] E4. The method of E1, wherein the orientation parameter
comprises rotation and scale.
[0224] F1. A method of determining areas of media that have a
likelihood of including digital watermark information, said method
comprising:
[0225] receiving digital data corresponding to the media;
[0226] analyzing a plurality of portions of the digital data to
determine an orientation measure for each of the portions, wherein
the orientation measure provides an orientation measure relative to
a predetermined orientation measure; and
[0227] identifying a predetermined number of orientation measures
that have at least one of: i) a highest number of portions
associated therewith; and ii) a strongest collective watermark
strength associated therewith.
[0228] F2. The method of F1, wherein the media comprises a digital
image.
[0229] F3. The method of F1, wherein the media comprises video.
[0230] F4. The method of F1, wherein the media comprises a printed
document.
[0231] F5. The method of F4, wherein the printed document comprises
at least one of an identification document and a financial
document.
[0232] F6. The method of F1, further comprising analyzing portions
that correspond to the identified orientation measures to recover
the digital watermark information
[0233] F7. The method of F6, wherein the identified orientation
measures respectively correspond to different digital watermark
orientation components.
[0234] F8. The method of claim F6, wherein prior to said analyzing
step, said method further comprises manipulating the portions that
correspond to the identified orientation measures to compensate for
image distortion identified by the orientation measures.
[0235] G1. A method of identifying areas of image data that are
likely to include a digital watermark, the image data corresponding
to a document comprising a first area and a second area including,
respectively, a first digital watermark and a second digital
watermark, wherein the first digital watermark includes a first
orientation component and the second digital watermark includes a
second orientation component, and wherein the document further
comprises a visible fiducial, said method comprises:
[0236] segmenting the image data into a plurality of portions;
[0237] determining an orientation parameter for at least some of
the portions relative to the visible fiducial;
[0238] identifying from the determined orientation parameters, at
least two prominent orientation parameters, wherein portions of the
image data that corresponds to the prominent orientation parameters
are identified as areas of image data that are likely to include a
digital watermark.
[0239] Introduction to Appendix A
[0240] Reference is now made to the accompanying Appendix A, which
is herein incorporated by reference. Appendix A details various
additional identification document security features that can be
used in combination with digital watermarking, including multiple
digital watermarks. Indeed, use of these additional security
features provides a layer-security approach--making it even more
difficult for a potential forger to successfully replicate an
identification document.
[0241] In addition to providing a layered security feature, we note
that many of these security features can cooperate with a digital
watermark. For example, a radio frequency-based security feature
may include a code for comparison with (or to unlock or decrypt) a
code or message carried by a digital watermark, or vice versa.
[0242] As a further example, a fragile or semi-fragile digital
watermark can be embedded or laser engraved in a security laminate.
If the laminate is tampered with (e.g., manipulated, removed and/or
replaced) the fragile watermark will be destroyed or predictably
degraded. In addition, a watermark may be embedded in many of the
security features discussed in Appendix A, like fine line printing
(background), holograms, optical watermarks, seals and spot colors,
to name but a few.
[0243] Still further, one or more digital watermark may be embedded
with ultra-violet inks, optically variable inks, specialized inks,
infrared inks, etc. In some cases, we anticipate embedding a first
digital watermark with conventional ink, while we embed a second
digital watermark with one of the specialized (e.g., UV, IR,
optically variable, etc.) inks described in Appendix A. The two
digital watermarks may cooperate with each other, or may correspond
with text (or microprinting) that is providing on an identification
document substrate.
[0244] A watermark can also cooperate with biometric information
carried by the identification document. In a first implementation,
the digital watermark includes a payload having a key to decrypt or
decode biometric information stored in a 2-D barcode or magnetic or
RF storage carried on the card. In a second implementation, the
digital watermark includes information that is redundant with
biometric information carried by another security feature.
Comparison of the digital watermark information and the biometric
information reveals whether the identification document is
authentic. In a third implementation, the digital watermark
includes at least a portion of a biometric template. Once decoded,
the biometric template is used to help authenticate the
identification document or to convey information.
[0245] Of course additional combinations of these security features
are anticipated. In some cases, the combination will include
digital watermarking, and in other combinations they will not
include digital watermarking.
[0246] For example, possible combinations might be:
[0247] H1. A security document comprising:
[0248] a substrate;
[0249] a first graphic carried by the substrate, the first graphic
conveying a photographic image to human viewers thereof,
[0250] the first graphic being steganographically encoded to convey
first plural bits of digital data recoverable by computer analysis
of said first graphic; and
[0251] a second graphic carried by the substrate, the second
graphic conveying a visual image to human viewers thereof, wherein
the second graphic is steganographically encoded to convey second
plural bits of digital data recoverable by computer analysis of
said second graphic;
[0252] and a security feature carried by the substrate.
[0253] H2. The security document of H1, wherein the
steganographically encoded first plural bits of digital data and
the steganographically encoded second plural bits of digital data
cooperate to verify authenticity of the security document.
[0254] H3. The security document of H1, wherein the security
feature comprises at least one of a deliberate error, a known flaw,
fine line background, ghost image, laser encoded optical image,
laser engraving, laser perforation, microprinting, a Moir Pattern,
overlapping data, rainbow printing, and security code printing.
[0255] H4. The method of H1, wherein the security feature comprises
ultra-violet ink.
[0256] H5. The method of H4, wherein the steganographically encoded
first plural bits of digital data and the steganographically
encoded second plural bits of digital data cooperate to verify
authenticity of the security document, and wherein at least one of
the first plural bits of digital data and the second plural bits of
digital data cooperate with the security feature to verify the
authenticity of the security document.
CONCLUSION
[0257] The foregoing are just exemplary implementations of the
present invention. It will be recognized that there are a great
number of variations on these basic themes. The foregoing
illustrates but a few applications of the detailed technology.
There are many others.
[0258] To provide a comprehensive disclosure without unduly
lengthening this specification, applicants incorporate by
reference, in their entireties, the disclosures of the above-cited
patents and applications. The particular combinations of elements
and features in the above-detailed embodiments are exemplary only;
the interchanging and substitution of these teachings with other
teachings in this application and the incorporated-by-reference
patents/applications are also contemplated.
[0259] The section headings in this document are provided for the
reader's convenience, and are not intended to impose limitations on
the present invention. Features disclosed under one section (or
embodiment) heading can be readily combined with features disclosed
under another section (or embodiment) heading.
[0260] While some of the preferred implementations have been
illustrated with respect to identification documents the present
invention is not so limited. Indeed, the inventive methods can be
applied to other types of objects as well, including, but not
limited to: checks, traveler checks, banknotes, legal documents,
printed documents, in-mold designs, printed plastics, product
packaging, labels, photographs, etc.
[0261] Also, while some of the implementations discuss embedding
first and second digital watermarks, an alternative implementation
embeds a single watermark having a first payload component and a
second payload component. The first payload component can be
embedded, e.g., in a photograph and the second payload component
can be embedded, e.g., in a graphic or artwork. The first payload
component and the second payload component can be cross-correlated
or intertwined to evidence an authentic identification document, as
discussed in the above implementations and embodiments.
[0262] Although not belabored herein, artisans will understand that
the systems and methods described above can be implemented using a
variety of hardware and software systems. Alternatively, dedicated
hardware, firmware, or programmable logic circuits, can be employed
for such operations. Also, some implementations described in the
detailed description suggest that some of the methods or
functionality can be carried out using computers or electronic
processing circuitry executing software. While this may be a
preferred implementation, the present invention is not so limited.
Indeed the methods and functionality may be achieved by other
means, such as dedicated hardware, firmware, programmable logic
circuits, etc.
[0263] In view of the wide variety of embodiments to which the
principles and features discussed above can be applied, it should
be apparent that the detailed embodiments are illustrative only and
should not be taken as limiting the scope of the invention. Rather,
we claim as our invention all such modifications as may come within
the scope and spirit of the following claims and equivalents
thereof.
* * * * *