Note: Descriptions are shown in the official language in which they were submitted.
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00100408
-1-
DOCUMENT VERIFICATION SYSTEM
BACKGROUND OF THE INVENTION
THIS invention relates to a method of generating a document, a method of
verifying the authenticity of a document and to a system for implementing the
methods.
Document fraud, particularly relating to documents of monetary value such as
cheques, is increasingly prevalent and causes huge financial losses both to
financial institutions and the general public. Various attempts have been made
to reduce such fraud, but existing methods such as the use of identification
cards by persons wishing to cash a cheque can be onerous for the users
thereof, and are in any case still subject to traud.
It is an object of the invention to provide an alternative method and system
of
generating documents and verifying the authenticity of such documents.
CONFIRMATION COPY
CA 02378662 2002-04-22
WO 01/03077 PCT/IBUU/00908
-2-
SUMMARY OF THE INVENTION
According to the invention there is provided a method of generating a
document comprising the steps of:
permitting access to a document creation system by an
authorised user;
recording user data identifying the user;
generating document data defining a document;
generating verification data from the user data and the
document data;
recording authentication data corresponding to the verification
data; and
printing the document utilising the document data and the
verification data, so that the document includes a machine
readable portion usable to verify the authenticity thereof.
The method may include generating a user identification record and storing the
record for comparison with the user data when a user attempts to access the
document creation system.
The user data and the user identification record may comprise data from a
fingerprint scanner or another biometric device, for example.
CA 02378662 2002-04-22
WO 01/03077 PCT/[B00/00908
-3-
The user data may be derived from data stored on a portable data carrier such
as a smart card, the user data being generated when a physical characteristic
of the user, such as a fingerprint, matches data stored on the portable data
carrier.
The authentication data may be stored in a document verification database.
The verification data may take the form of a bar code, symbol or other machine
readable indicium.
Preferably, the verification data is a printed symbol or code readable
optically,
and contains data which corresponds at least partially to the user data and
the
related document data contained in the authentication data which is stored in
the document verification database.
The verification data is preferably generated in an encrypted form.
The invention extends to a method of verifying the authenticity of a document
generated by the above-defined method, including the steps of:
reading verification data from the document;
retrieving authentication data corresponding to the verification
data and comparing the verification data with the authentication
data; and
indicating that the document is authentic if the compared data
matches.
In the case where the verification data is encrypted, the method will include
the
step of decrypting the verification data read from the document.
CA 02378662 2002-04-22
WO 01/03077 PCT/fiBOU/00908
-4-
The authentication data may be retrieved from a central database in an on-line
process.
Altematively, the authentication data may be data derived from the document
itself, or from a bearer thereof, for example.
The invention includes a system for generating documents comprising:
a document creation station operable by a user to input document data
and to generate printed documents based on the document data;
access control means arranged to generate user data corresponding to
an authorised user;
processor means for generating verification data derived from the
document data and the user data, the verification data being applied to
the printed document; and
a database for storing an authentication record corresponding to the
verification data, for use in authentication of the document.
The system preferably includes at least one document reading device for
reading the verification data on a document, and processor means for
comparing the verification data read from the document with authentication
data.
The system preferably further includes communication means for transferring
authentication data from the database, for comparison with the veriflcation
data read from the document.
CA 02378662 2002-04-22
WO 01/03077 PCT/[B00100908
-5-
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a highly schematic block diagram of a document creation and
verification system according to the invention.
DESCRIPTION OF EMBODIMENTS
In general, the present invention aims to provide a method and system for
generating documents the authenticity of which can readily be verified, and to
a method and system for verifying such documents.
In this specification, although the invention is described primarily with
reference
to cheques, being documents having a monetary value, it will be appreciated
that the apptication of the invention is not limited to cheques, and that the
invention can be applied to the verification of vouchers, certificates,
identification documents and many other kinds of valuable documents. The
invention could also, for example, be applied to document labelling such as
bills of lading and other transportation documents or labels.
The main aim of the invention is to provide relatively secure and tamper proof
methods of issuing/creating, distributing and verifying the authenticity of
documents. The invention also provides accountability throughout the
document creation/management process, and was designed in order to
prevent the fraudulent manipulation of or tampering with documents throughout
their life cycle. Specifically in the case of cheques, the invention aims to
prevent fraudulent manipulation and tampering from the time of creation of a
cheque (ie. entering the cheque data and printing the cheque) through to the
final verification of the authenticity of a presented cheque and approval for
payment thereof.
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00/00908
-6-
The methodology of the invention can be split into three main stages:
a document creation stage,
a document distribution stage, and
a document verification stage.
The distribution of the documents is mentioned primarily for completeness. It
is significant that, due to the inherent security of documents created by the
method of the invention, the method of distribution of the documents can be
flexible. This is because each document carries its own verification data, and
the document can be verified at any stage of its distribution.
The document verification stage is an important component of the invention, by
means of which documents are checked for authenticity. For example, the
authenticity of a cheque may be verified before it is paid. Such verification
may be carried out on-line, either manually or in an automated process, or off-
line in certain applications.
Central to the above three stages is a document verification database, which
holds a complete record of all documents created. The document verification
database contains a duplicate of verification data which is printed on the
document itself, enabling future verification thereof. In order to hinder
fraud,
sophisticated encryption techniques are used to generate and print the
verification data.
The various aspects of the invention are described in greater detail below.
Figure 1 shows, in a simplified block diagram form, the main components
which form the system of the invention. Documents are created at a document
creation station using a computer 10 (typically a personal computer or PC)
with
an associated high quality printer 12. Documents can also be created by a
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00/00905
-7-
mass production printer using font based symbols (as opposed to the normal
image based symbols). Such font based symbols do not slow down production
capacity. A scanner 14 is connected to the computer 10 and is used to
identify a user of the system.
Connected to the computer 10, typically via modems which access an existing
telecommunications network, or another means of communicating over a wide
area, is a central verification database 16 Apart from the computer 10 (and
others like it) enquiry stations 18 and document verification stations 20 are
connected to the database 16. Each document verification station will
typically
comprise a computer 20 with an associated high speed scanner/feeder 22.
In order to control access to the document creation station, authorised users
are provided with access cards or identity cards which contain encrypted
machine readable data identifying the user. The data is preferabiy biometric
in
nature, such as fingerprint data. A fingerprint scanning unit is used to
acquire
a fingerprint of the user, and the fingerprint biometric data, together with
other
data identifying the user, is compressed and encrypted and encoded into a
two-dimensional code or symbol which is pnnted on the access card.
To use the document creation system, a user presents the card to a reader,
which scans and decodes the symbol on the card and retrieves the fingerprint
biometric data therefrom, as well as other data identifying the user. At the
same time, the user places his/her finger in a fingerprint scanner, and the
"live"
scanned fingerprint is compared with the biometric data stored on the card. tf
these details match, the user's details read from the card are entered into a
user log together with the current date and time, and access is granted to the
document creation station. The user data log can be used subsequently to
establish accountability.
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00100908
In an altemative embodiment, instead of using an access card with an
encrypted, printed symbol thereon, a smart card containing data in its
embedded memory chip, encrypted to a suitable level, can be used instead. In
either case, the data on the access card can include data relating to the
level
of the document creation system to which the user has access. In another
alternative embodiment, the user can use a"live" fingerprint scan which is
compared to a database of fingerprints (a one to rnany match).
From the abovementioned user data and other relevant data such as the date
and time and the details of the document itself, verification data is
generated.
This data will be applied to the document which is created, and is also stored
in the verification database as an authentication record, which means that a
complete record of the document exists on the database. Typically, the
verification data will consist of one or more of the following (although it is
not
restricted to these):
1_ details of an operator generating the document;
2. dateJtime stamps;
3. unique document and/or institution code;
4. partial or relevant details from the document (example: monetary
amounts);
5. digital signatures of the operator and/or competent authority;
6. digital certificates;
7. fingerprint or other biometric data;
8. textual information.
For printing on the document, the verfftcation data is compressed and
encrypted, and printed in a two dimensional graphic format or font format, as
a
symbol or code. The data compression and encryption processes are now
described.
CA 02378662 2002-04-22
WO 01103077 PCT/IBOO/00908
-9-
The encryption of the verification data is an important part of the process as
the protection of the symbol against fraudulent onslaughts depends on the
strength of the encryption. The encryption used can be divided into two
distinct
parts, namely private/public key encryption (Asymmetric Encryption) and multi-
layered core encryption.
The public/private key encryption takes care of two aspects of authority. The
first is the authority to create the verification data of a document. The
second
part is the authority to decode the verification data. The former is based on
a
private key, which is entered into the user's machine readable access card by
an administrator of the system. This private key encrypts the data. The
private
key allows for the creation of a specific public key which creates the latter
part,
an authority to view the verification data. The public key allows for the
decoding or access to the verification data within the two dimensional bar
code.
The private key can only be created with the private creation system which
ailows a person in authority to create this key.
The multi-layered encryption system is an inner layer of encryption beneath
the above mentioned private/public key layer. This encryption makes use of
three distinct encryption methods, which are completely different from each
other. Two of the encryption methods are data scrambling algorithms. The third
layer is a form of encryption which allows for each symbol created to be
uniquely encrypted. This layer creates the strongest encryption and therefore
the most fraud proof verification symbol possible.
Data compression is important for small portable data carriers employing two-
dimension graphic symbols. The more verification data which one can
incorporate in the verification symbols, the more effective the security and
CA 02378662 2002-04-22
WO 01l03077 PCr/ISOO/OO9o8
-10-
verification of documents. There are three types of data compression, which
are applied to four types of verification data.
Signature compression is used to compress scanned signatures. This
compression is used primarily for the incorporation of signatures into two-
dimensional verification symbols for personal cheques. It is used to compare
the signature on a cheque with that incorporated within the verification
symbol.
Facial compression is also used to compress digital facial images. These are
used to verify ownership of private cheques and other personal documents.
This form of compression is necessary if one wishes to incorporate signatures
within the restricted storage capacity of a two-dimensional symbol, as scanned
signatures are digital raster images which consume large amounts of storage.
Since this is a digital image compression it is a"lossy" compression (a
compression which disposes of less relevant data).
Text data compression is used in all the verification symbols (two-dimensional
symbols) of documents. There is normally a substantial amount of data
required for the complete verification of documents and a high ratio
"lossiess"
text compression (a compression which does not dispose of any data during
the compression process) is needed. The compression allows for the entire
verification record to be incorporated on a document.
Fingerprint biometric data acquisition and compression is required to be able
to
incorporate fingerprint biometrics into the document verification two-
dimensional symbols. This compression is a"lossy" type of data compression.
The fingerprint biometrics are used in the verification symbols when absolute
accountability is required for document verification. The fingerprint
biometric
scanner used can be a commercially available fingerprint matching product.
CA 02378662 2002-04-22
WO 01/03077 PCTIIBOO/00908
-ll-
The above mentioned secure form of fingerprint verification as well as highly
compressed fingerprint biometric data are the two main elements of security,
absolute verification and definite accountability. This technology allows for
verified and secure access to the system as well as ensuring accountability
throughout the life cycle of a document. Since the compressed biometric data
can travel with the document within a two-dimensional symbol, accountability
data travels with the document and can be determined at any stage.
The encrypted symbol code which is printed on the document can be regarded
as an extension of a traditional linear bar code, in that it is a printed
symbol
which facilitates machine reading thereof. A conventional bar code is only
capable of representing enough data (typically 8 to 12 characters) to serve as
a key to a more comprehensive database or record. The two dimensional
graphic code used by the present invention, on the other hand, has sufficient
capacity, especially using the compression methods described above, to hold
an entire data record containing a substantial amount of data. In other words,
the printed symbol is not merely a reference to a record stored elsewhere, but
itself comprises a complete record.
The printed symbols also carry user definable levels of error correction. The
error correction used allows for one hundred percent recoverability of the
data
contained in the symbol when the symbol suffers damage which is less than a
predetermined maximum damage threshold. This makes the system relatively
robust.
In document verification, use can be made of various two dimensional symbols
commercially available (PDP417, Supercode and Aztec, for example) as well
as proprietary two-dimensional codes or symbols. The choice of two-
dimensional code depends on the suitability to the particular application and
the intended scanning hardware.
CA 02378662 2002-04-22
WO 01103077 PCTIIB00/00908
-12-
For the purpose of mass printing at printing bureaux, a font based symbology
was deveioped. This was necessary so that high speed printing bureaux do
not require huge amounts of memory for large batches and so that production
is not slowed down.
During the creation stage the relevant verification data and accountability
data
is compressed and encrypted and encoded into a two-dimensional bitmap
image. This bitmap image or font set representing the symbol can be attached
to any document and printed. The images are used in different manners
depending on the type of document verification they are been used for.
In cheque verification a single two-dimensional symbol or code is printed on
the cheque. The monetary amount, to whom the cheque is payable, the
creation date, the expiry date and all other relevant data as well as
authority
and accountability data is incorporated into the two-dimensional symbol.
In other forms of document verification, the relevant data plus authority data
is
incorporated in a symbol as with the above mentioned cheque verification. In
addition to this key portions of the document can be incorporated in
compressed and encrypted two-dimensional symbols or, in the case when total
privacy is required, the entire document can be incorporated in a set of two-
dimensional symbols.
Once the two-dimensional code has been created it can be printed on the
document using a conventional printer and the document is ready for
distribution.
The document creation system comprises one or more document creation
stations. Each document creation station has all the relevant software for
access control and the software for data compression and encryption and the
CA 02378662 2002-04-22
WO 01/03077 PCT/11100/00908
-13-
generation of the two-dimensional verification symbol. The document creation
station is connected to the online verification database server by a local
area
network (LAN) if the verification database server is on the same premises or
by
a wide area network (WAN) if the verification database server is at a remote
site. Instead of a LAN or WAN, other communication systems such as a VPN,
the InternetJWWW, spread spectrum radio, satellite link or a GSM network
could be used, for example. There are two forms of creation stations:
A stand-atone creation station: On this type of station, all the functions of
document creation are carried out on the workstation. The creation of the
document, the creation of the compressed and encrypted two-dimensional
code and the printing of the document are carried out at the station. The
station is connected to a printer or a number of printers so that the
documents
can be printed.
A document symbol server: The server is part of the LAN or WAN. The
documents are not generated on the server Only the verification data is sent
to this server. The server records the verification data as a record on the
central verification database. It then creates the compressed and encrypted
two-dimensional code (in bitmap image form) and dispatches this symbol to the
system which created the document.
The document creation station preferably includes a test system including a
two-dimensional scanner, which can be a hand held scanner or a flat bed
document scanner. This scanner is used to test the printed two-dimensional
symbols on documents created by the system.
As mentioned above, distribution of the documents created by the method of
the invention is flexible, since each document is self-verifying due to the
printing of tamper proof machine-readable data on the document itself. For
example, in the case of a cheque which is mailed to a recipient thereof, a
third
CA 02378662 2002-04-22
WO 01/03077 rcrlIBOOl00908
-14-
party who intercepts the cheque will not be able to read or alter the printed
verification data on the cheque, so that even if the name of the payee or the
amount of the cheque were to be altered, subsequent verification of the
cheque will reveal the discrepancy.
Verification of the documents generated by the method of the invention is
carried out in order to detect any fraudulent manipulation or tampering which
has taken place, or even fraudulent creation of a document. Accountability for
the document is also established and can be recorded where necessary. In
some cases, typicaUy in the case of cheque verification where payment takes
place following the verification procedure, the payment details are entered
against the verification data in the verification database, which prevents
duplicate payments from being made.
Various levels of access control to the document verification stage of the
method can be provided_ The access control level depends on the level of
security required, the type of document verification and the form of document
verification. The lowest level of access control is merely a PIN code and is
used in remote offline verification. In mass document verification systems,
especially those which verify documents of monetary value, the highest level
of
access control is used. This latter form of access control is the same as that
described above with regard to document creation. Here, the use of access
cards which contain finger print biometric data ensures that absolute access
control is established, as well as accountability. Since there are a few
distinct
forms of document verification, each form is described separately below.
Remote off-line verification is used in cases where on-line connectivity is
not
possible and where remote offline verification is necessary. The verification
can be carried out on a portable hand held device, a laptop PC, or a
conventional desk top PC. The system also makes use of remote two
CA 02378662 2002-04-22
WO 01/03077 PC'T/1B00/00908
-15-
dimensional scanners which are battery operated or powered by the portable
host computer device.
Remote verification can also take place by means of hand held computers with
built-in scanners since these are programmable_ Access control and
verification programs are stored and executed on these devices.
Remote off-line verification can be carried out manually, in which case a two-
dimensional scanner is attached to the PC or portable computer. The two-
dimensionai symbol or each symbol is scanned. The symbol is decoded,
decompressed and decrypted. The data derived from the two-dimensional
symbol is then displayed. The operator can determine the authenticity of the
document and also review the accountability and authority of the document. In
some forms of document verification the contents can be manually verified
against those of the document. This is the case in the remote cheque
verification system.
Alternatively, the remote off-line system can use automated OCR/ICR
technology. This form of verification has particular applications when
remotely
verifying documents of monetary value such as cheques. An A4 hand-held
scanner is used for this process. The entire document is scanned. The writing
on the document is converted to computer compatible text data by means of
optical character recognition (OCR). The encrypted and compressed two-
dimensional symbol is also decoded. The system compares the data derived
from the two-dimensional bar code with that which was derived from the optical
character recognition. Any discrepancies are highlighted and recorded.
On-line verification can utilise manual or high speed batch scanning. This
first
form of verification requires the operator to scan the document two-
dimensional verification symbols with a handheld two-dimensional scanner or a
hand held A4 document scanner. The online central verification database is
CA 02378662 2002-04-22
WO 01/03077 PIC7/11300/00908
-16-
accessed. The record for the particular document, within the online
verification
database is compared to that the data record decoded out of the symbol. If
there are any discrepancies, they are highlighted.
High speed batch verification is the most sophisticated system. It is used
primarily for high speed automated verification of documents of monetary
value. It is a main component of a typical cheque verification system of the
invention and provides a highly secure and computer automated cheque
verification center for banks. The main component of this system is a
verification work station. This work station has the following software:
Access control and accountability software
This software restricts access to the system and also created an
accountability
log of the verifying operator.
Image based two-dimensional symbol decoding software
Since the cheques are scanned in batches by a scanner or a number of
scanners (document flatbed scanners with automatic document feeders), the
two-dimensional symbol decoding software is image based. The symbol is
detected and decoded.
Decompression and decryption software
This software decompresses the decoded symbol data and then decrypts the
data.
Interface software to high speed document scanners
This is image acquisition software which acquires the images from the high
speed document scanners.
Image processing software
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00100908
-17-
This is highly specialized image processing software which cleans up and
enhances the document image so that the two-dimensional bar code can be
easily decoded. The document cleanup also aids the OCR software.
OCR software
The purpose of the optical recognition software is a first phase verification
of
the printed data on the cheque with the data acquired from the two-
dimensional symbol. The OCR software used in the prototype system is based
on backward propagation neural network technology as well as sophisticated
image extraction techniques. The neural network is trainable and can be
trained to identify various fonts as well as partially visible letters and
numbers.
The automated high speed verification process is conducted as follows. The
documents are loaded into the automatic document feeder of the scanner. The
software interface to the scanner triggers the document feeder so that the
documents are automatically fed into the scanner and then scanned. The
document images are then processed by the image processing software. The
printed characters are extracted and identified by the optical character
recognition. The two-dimensional symbol is then extracted and the data is
decoded, decompressed and decrypted. The data acquired from the two-
dimensional symbol is compared with the results of the optical character
recognition. If there are any discrepancies in the comparison, they are
recorded in the central verification database record for the particular
document.
The data extracted from the two-dimensional verification symbol is then
compared to the authentication record in the central verification database
record. If there are discrepancies the document is marked as fraudulent. The
system also verifies that the document has not been previously paid in the
case of verification of cheques and other documents of monetary value. In the
case of documents of monetary value the system will approve payment of the
document or cheque if it is satisfied that the document is fraud-free and has
CA 02378662 2002-04-22
WO 01/03077 PCT/IB00100908
-18-
not already been paid on. All statuses are recorded in the central
verification
database. The entire process is automated and requires (and will not allow)
any human intervention.
The central verification database is central to the process described above.
AII
actions relating to a document are recorded in this database. The contents of
the database are encrypted and a secure hardware device controls the
encryption.
The encryption encoding is set by a person who has due authority to carry out
this task. Each time a document is created the verification data of the
document is recorded in the verification database. A duplication of this
record
is used to create the printable two-dimensional verification symbol which
travels with the document. When a document is verified the data acquired from
the verification symbol is compared with the original database record. All
results of the document verification process are recorded in the verification
database in the appropriate document record.
In order to permit enquiries to be made via the enquiry stations 18, the
central
verification database can be accessed for this purpose. Examples of enquiries
which can be made include the following:
- On whose authority was the document created?
- Who created the document?
- On what date was the document created?
- For cheques:
The expiry date.
The amount.
The payee.
The bank details and cheque number.
CA 02378662 2002-04-22
WO 01/03077 PG'T/IBUO/00908
-19-
The signatories.
Was the cheque paid and if so, when?
Who verified it?
- Was the document identified as fraudulent and if so, what was the
nature of the fraud?
The inquiry system can also supply statistical reports, such as information on
how many documents of a certain value were detected as being fraudulent.
An image of each document, which is acquired from the document image
scanner during the verification process, is stored and indexed in an archive
controlled database. Preferably, the images are stored on optical storage
media. These images can be used in the case of a dispute, and the encrypted
symbols on the images can also be used recreate the database in a disaster
recovery situation.
