Note: Descriptions are shown in the official language in which they were submitted.
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
METHOD FOR CERTIFYING AND AUTHENTICATING SECURITY
DOCUMENTS BASED ON A MEASURE OF THE RELATIVE POSITION
VARIATIONS OF THE DIFFERENT PROCESSES INVOLVED IN ITS
MANUFACTURE
DESCRIPTION
1. Field of the invention
[00011 This description generally relates to a process for the certification
and authentication of security documents. Specifically, it refers to the
utilization of the security features and unique characteristics which are
already present in the security documents in order to certify and authenticate
this kind of documents. More particularly, it relates to the certification and
authentication of banknotes, checks or any other security documents by
means of utilizing the natural variations during the production process; which
is when the printing processes, the security features and other
characteristics
are incorporated into the document.
2. Background of the invention
[0002] Due to the remarkable advance in existing technologies for
graphical reproduction that are commonly available on the market, the
occurrence of counterfeits of good quality of security documents such as
checks, banknotes, etc. are becoming common. Therefore, a certification and
authentication method for security documents using methods that can
withstand the technological advance of graphic equipment, and that makes
use of commonly available devices such scanners or digital cameras, is of
utmost importance.
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
[0003] Moreover, organized crime has found a way to use these
professional technologies to produce large volumes of high-quality
counterfeits; this fact jeopardizes the trust that society has in the issuing
institution and the institution's ability to provide reliable instruments to
detect counterfeits.
[0004] The commonly known authentication methods focused on
verification based on devices or automatic equipment rely on processes and
systems that require equipment with specific characteristics to verify the
authenticity of one security feature of the document, where the difficulty is
imposed either by a high cost of the equipment or the special material that is
required, Examples are the inclusion of magnetic materials, UV fluorescent
inks, infrared absorbing pigments, systems of dynamical optical response
such as phosphorescence decay, magnetic bands and holograms which are
included in security documents. Unfortunately, criminals are also using
methods that are becoming more sophisticated, and with the help of modern
ease of access to information and reproduction media, it is possible to
imitate
almost any security feature that manufacturers have incorporated into the
documents by means of commercially available materials and equipment. The
counterfeit of documents can include counterfeits based on systems using
laser or inkjet printers (photocopy type counterfeits) and counterfeits using
processes and materials similar to the genuine (counterfeits by process). In
the case of photocopy type counterfeits, the central banks include special
features that printers cannot imitate: for example, watermarks, magnetic
threads, transparent windows, engraved reliefs with tactile properties,
2
CA 02971325 2017-06-16
WO 2016/102987
PCT/1132014/002906
holograms and optically variable features and inks that change with the
viewing angle. In the case of a counterfeits by process, the authenticity is
difficult to determine by simple examination from a non-trained user. In
addition, for the particular case of money counterfeiting, this has a high
impact in the finances of a nation. Actually, the efforts to counteract such
counterfeits are focused on the materials and inks to be used in the
manufacture of new security documents, trying to foresee which of them will
have a high risk of becoming commercially available during the intended
lifetime of the document in order to avoid them. In general, the standard
approach requires predicting when the gap between commercially available
technologies and those intended for security documents is closing due to the
inevitable technological progress.
[0005) In the case of currencies such as U. S. Dollars and Euros which
are used in many countries, the risk of counterfeiting increases as there
opens
an opportunity to criminals of those countries, including state-sponsored
criminal organizations.
[0006] Therefore, it is desirable that the authenticity of a security
document does not only rely on the fact that the genuine materials and
processes are difficult, however not impossible, to counterfeit; but also on
mathematically proven security such as a digital certificate.
[0007] On the other hand, in the case of banknotes, which are
extensively used for everyday transactions, it is necessary to be able to
immediately determine their authenticity. As an example, if a person, during
3
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
a transaction, fails to detect a counterfeit, this will result in a loss since
he
will receive a document with no value, deliver a valuable merchandise, and in
some cases provide the change in cash when the value of the merchandise is
lower than the value of the counterfeit. Thus, there is a requirement of being
able to quickly authenticate security documents such as checks and
banknotes to prevent the entrance of such forged documents into the national
economy that affects the general public, and to keep trust in the issuing
institutions.
[0008] Forensic tests are very accurate in determining whether a
document is genuine or not; however, the processing time for one document
is very large, and they usually require expensive and specialized equipment.
On the other hand, computers and gadgets with constantly growing image
acquisition quality and computing capacity are becoming more popular and
more economically accessible to individuals and corporations. Thus, it would
be desirable to authenticate security documents by the use of currently
available technology for digital image acquisition in devices like smart
phones
or scanners connected to computers which can analyze data to check the
authenticity of a security document, particularly in the case of banknotes.
[0009] It has also been recognized in the field of security documents
testing that a balance must be struck between the conflicting goals of
"acceptance" and "rejection", positive acceptance being the ability to
correctly
authenticate - identify and accept - all genuine security documents no matter
their condition, and positive rejection being the ability to correctly
discriminate and reject all non-genuine security documents. However, there
4
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
is a possibility of negative acceptance, wherein a non-genuine document is
accepted as genuine; and negative rejection, wherein a genuine document is
considered as a counterfeit and rejected. It is necessary for the
authentication
process to have a high level of accuracy regarding these definitions, thus
avoiding negative acceptances and negative rejections.
polo] U. S. Patent Application No. 2004/0268130 discloses a system
and method of authenticating an article that includes the steps of selecting
an inherent feature of the article, and converting the feature into digital
data
to form an identification code for the article. An encryption system is used
to
encrypt the identification code, utilizing a secret private key of an
asymmetric
encryption key pair, and associated with the issuing party. The encrypted
code is made available on a label accompanying the article. During a
subsequent phase and at an authentication station, digital data relating to
the feature is determined directly from the article and the code is decrypted
utilizing a public key of the pair obtained from a third party in accordance
with rules of a public key infrastructure. According to the system and method
of U. S. Patent Application No. 2004/0268130, the inherent feature is the
result of a chemical manipulation of the article or the inclusion of unique
characteristics in or on the article. It also requires that the encrypted code
is
available on a label accompanying the article; however, the code is encrypted
without applying a hash function. This flaw will allow a counterfeiter to
obtain
the original data that defines the uniqueness of the article and to start
making
modifications in order to approach the original data. By using a hash
function,
the counterfeiter will have no information on how to modify the article to try
CA 02971325 2017-06-16
WO 2016/102987
PCIAB201.1/002906
to make it pass the authentication. Moreover, it is not clear whether the
chosen characteristics will be able to withstand the natural deterioration
from
the use of the articles.
[0011] Advanced Track and Trace (All') has developed a method to
certify printing plates, and their correspondingly printed banknotes. It uses
robust cryptographic methods, However, it has a main drawback: the fact that
the number of codes is restricted to the plates designed for the manufacture
of banknotes using the ATT process; one can only reproduce the serials that
were printed with the same plate, due to cryptographic protection. In
addition,
due to the complexity of the pattern that has to be printed, it requires a
microscope or some augmenting device as well as an improved quality control,
in order to minimize the variations of batches of security banknotes.
[0012] As can be noticed, there is a need for a method to certify security
documents as well as a trustable and quick process for authenticating
documents. In addition, with the always-increasing development in
information technology, this method adds to the security and confidence in a
physical security document with a digital certificate counterpart on the
understanding that both are needed to assess the validity of the document.
Particularly, in this scenario, considering that the physical document and the
digital certificate are uniquely linked together, a banknote without a valid
digital certificate will be of no value even though the document is genuine.
SUMMARY
6
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
00133 Aspects of the present disclosure provide a system of certification
of banknotes, checks or any other security document. Aspects comprise the
digital certification of the documents involving these variations, which imply
the uniqueness of each piece. This is possible due to the natural variability
of
industrial production processes, as well as the information that changes in a
predictable and controlled manner, such as: serial numbers, serial character,
etc.
[0014] In aspects, a certification process of documents that consist of a
hashed message that, even if decrypted, is only useful to check the
authenticity of the document, and will not disclose any information about the
characteristics of the original document that could be useful in the process
of
forgery.
[00151 Another aspect provides an authentication process for
banknotes, checks or any other security documents.
[0016] Another aspect provides an authentication method to be
conducted in an automated way.
(00171 Another aspect provides a method for positive identification of
counterfeited security documents with a low incidence of false negative and
false positive authentication.
t00181 Yet another aspect is to classify counterfeits by their quality and
degree of sophistication.
7
CA 02971325 2017-06-16
WO 2016/102987
PCTT1B2014/002906
[0019] In some aspects, the data to individualize every security
document which is obtained from a set of characteristics from the register
variations between features added in different manufacturing processes.
These characteristics are related to the particularity and even the uniqueness
of each security document.
[0020] The creation of a different message for each security document
using the previously mentioned set of characteristics and the data related to
the document ID data.
[0021] Further, in some aspects, a method of certification and
authentication of any security document is based on the message described
above, requiring a register variation which is the result of at least two
production processes, the method of certification comprising the steps of:
[0022] selecting a set of unique characteristics, obtained as a result of
the variations in the manufacturing process and supplies,
[0023] Getting a digital image of a security document and obtaining the
data,
[0024] constructing a message by measuring the register differences
between features from the document and the data related to the document ID
data,
[0025) constructing a hashed message, the hashed message being the
message obtained after the original message is codified by means of a
unidirectional cryptographic hash function,
8
CA 02971325 2017-06-16
WO 2016/102987
PCT4B2014/902906
[0026] encrypting the hashed message using a public key cryptographic
system to obtain a digital certificate by means of a private key, and
[0027] storing the digital certificate in an external database and/or
marking or printing the digital certificate in the security document.
[0028] According to other aspects, a method of authentication is
provided, comprising the steps of:
[0029] providing a security document to be authenticated,
[0030] verifying that the security raw materials and manufacturing
processes are present in the security document by means of well known image
analysis techniques or by other kind of traditional verification,
[0031] constructing the correspondent message by measuring the
register differences between features from the document and the data related
to the document ID data,
[0032] applying a hash function to obtain a hashed message for
verification,
[0033] obtaining the certified hashed message; in some aspects, the
certified hashed message is obtained from the digital certificate marked or
printed on the security document, and the digital certificate is decrypted
through the use of a public key to render a hashed message for reference; in
some aspects, the certified hashed message is obtained from a database by
accessing the database,
9
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
[0034] authenticating the document by comparing the certified hashed
message and the hashed message for verification, where if the certified hashed
message and the hashed message for verification coincide, the document is
considered as genuine, and if the certified hashed message and the hashed
message for verification do not coincide, the document is considered as
counterfeit.
BRIEF DESCRIPTION OF THE DRAWINGS
[0035] Fig. 1 shows the general certifying process.
[00381 Fig. 2 shows a security document containing images and
characters from different processes.
[0037] Fig. 3 shows an example of a security document having different
images from different processes and showing reference points and relative
points.
[0038] Fig. 4 is an example of a function MD for the mathematical
treatment of data to obtain a message.
[00391 Fig. 5 is an example of an authentication process of a security
document.
[00401 Fig. 6 is an algorithm for the authentication of a security
document.
CA 02971325 2017-06-16
WO 2016/102987
PCT/1132014/002906
DETAILED DESCRIPTION
[0041] The certification and authentication process is based on the
variations which take place during the steps of the manufacturing process of
the security documents, and particularly in the interaction of those steps.
[0042] Some aspects are related to a system for certification and
authentication of security documents.
[0043] Some aspects also relate to a method for certification and
authentication of an original document, wherein the unique characteristics of
every document are identified, codified and optionally inserted in the
security
document itself, or stored in an external database. This method and proposed
system prevents falsification of security documents.
[0044] Aspects of the present disclosure will become more fully
understood from the detailed description given herein below and the
accompanying drawings which are given by way of illustration only, and thus,
are not limits of the present invention, and wherein:
[0045] In the present disclosure, the following terms have the meaning
indicated.
[0046] Certification - Formal procedure by which an accredited or
authorized person or agency assesses (and attests in writing by issuing a
certificate) the attributes, characteristics, quality, qualification, or
status of
individuals or organizations, goods or services, procedures or processes, or
events or situations, in accordance with established requirements or
standards.
11
CA 02971325 2017-06-16
WO 2016/102987 PC171-
132014/002906
[00471 Authentication - the act of confirming the truth of an attribute
of a single piece of data (datum) or entity. Authentication is the process of
determining whether someone or something is, in fact, who or what it is
declared to be.
[0048] Security printing process - Special printing processes that
commercially available processes cannot easily imitate; for example, those
used in the printing of banknotes.
[0049] Security features - refers to the security characteristics present
in the security document. Such characteristics are intended to be difficult to
imitate through the use of commercially available products as is the case of
security paper, security inks, watermarks, magnetic threads, transparent
window, tactile features, foils, patches, holograms, etc.
[0050] Security documents - is a document that states in writing some
guaranty (of each of the Guarantors), and was produced using a security
printing processes and may also include security features.
10051] Unique characteristics - the characteristics from the natural
register variations between features added in different manufacturing
processes. These characteristics are related to the particularity and even the
uniqueness of each manufactured security document. The characteristics can
be acoustic, electric, or magnetic signals and can be measured on a part of
the electromagnetic spectrum. It includes print errors or printing variations:
random ink stains, unfilled lines, color, etc.
[0052] Register - the register refers to the relative position, alignment
or misalignment, between the features of a security document, and which
were included by the different manufacturing processes. During the
12
CA 02971325 2017-06-16
WO 2016/102987
PCT3B2014/002906
manufacture of a security document, the relative position between the variety
of images or characters or security features from different processes varies
from document to document, making the document unique and unrepeatable
due to such variations.
[0053] Metric function - A metric on a set X is a function (called the
distance function or simply distance)
d: X x X ---> R, where R is the set of real numbers). For all x, y, z in X,
this
function is required to satisfy the following conditions:
1. d(x, y) 0
2. d(x, y) = 0 if and only if x =y
3. d(x, y) = d(y, x)
4. d(x, z) d(x, y) d(y, z).
[0054] Generalized metric function - A generalized metric on a set Xis
like a metric function, but in some way of relaxing its axioms (for example,
maybe only satisfy the axioms 1 and 3).
[0055] Document ID data - the data that act like an identifier for a
particular document. They can be words, numbers, letters, symbols, or any
combination of these. An identifier is a name that identifies (that is, labels
the
identity of) either a unique document or a set of documents. The abbreviation
ID refers to identifier (that is, an instance of identification). In the case
of
banknotes, it contains the serial number.
[0056] The message - the concatenation of the outcome from applying
some metrics, generalized metrics or other functions to the points in a
previously selected subset of unique characteristics (of the security document
register) and its document ID data.
13
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
[0057] The hashed message - the codified message by means of an
unidirectional cryptographic hash function.
[0058] Digital certificate - the encrypted hashed message stored in the
process of certification (encrypted using a private key).
[0059] The term "unique characteristics" is in use for all those natural
variations of the document that arise in the manufacturing process and that
are measurable; in particular, those provided by the security printing process
for the fabrication of a security document. An example of a unique
characteristic is the register.
[0060] According to aspects of the present disclosure, the security
features are those parts or components which are present in a security
document, having the purpose of facilitating to the different users of the
document the authentication of the document by way of controlling the
manufacturing process, distribution and commercialization, making it
possible to prevent the acquisition of the security feature and falsification
by
an unauthorized individual or entity.
[0061] According to aspects of the present disclosure, the unique
characteristics are those natural variations which are measurable along the
manufacturing process.
[0062] Also disclosed is a method for digitally certifying a security
document through the data obtained from the unique characteristics, in
particular the register.
[0063] In one aspect, a method is provided for digitally certifying security
documents using security features and unique characteristics which are
already present in mentioned document.
14
CA 02971325 2017-06-16
WO 2016/102987
PCT/11320141/002906
[0064] Particularly, the document will be digitalized, which can be done
through a scanner or digital photography using different sources and kinds
of illumination, as well as any other measurement of physical, chemical, or
physicochemical properties of the document from which the unique
characteristics can be obtained. Particularly, using visible light and a
device
to digitalize the image of the document, the register can be measured.
[0065] According to aspects of the present disclosure by "taking an
image", it must be understood that the scanning and digitalization equipment
measures features such as:
[0066] reflection, transmission, absorption, emission properties, in any
wavelength of the electromagnetic spectrum, or combination thereof either
with stationary illumination or in a pulsating state.
= magnetic and/or electric properties, p.e. electromagnetic digital
fingerprints of the materials constituting the security document;
= acoustic properties; the paper, when subject to cycles of stress of
a particular magnitude, produces particular measurable levels of
noise;
[0067] properties in response to a mechanical and/or chemical and/or
electrical stimulation of the paper or security features.
[0068] The features to be measured strongly depend on the nature of the
manufacturing process employed during the manufacture of the security
document, as well as the use that will be given to the document.
[0069] A message is constructed using some features as well as the
mathematical correlation between them. According to aspects of the present
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
disclosure, a metric function, which is a function of a distance between two
points, is used.
[0070] The message is constructed using those features which cannot
be degraded or whose degradation is known and/or predictable:
= Multiple zones of different sizes and/or the whole document;
= The features to be measured depend on the document and the
manufacturing process for obtaining thereof;
= The features that depend on the interaction between at least two
different processes.
[0071] In the particular case of obtaining features from digital images,
under any illumination, the image is taken emphasizing those parts which are
intended to be certified. For example, it could be of interest to certify only
a
half or quarter size of the security document, or to create multiple
certifications using different messages for a single document.
[0072] The system of certification and authentication of is disclosed with
reference to the figures.
[0073] The manufacturing process of the security document according
to aspects of the present disclosure comprises:
[0074] a) Providing suitable supplies (step 1 la) which include
the substrate, inks, security features such as watermarks, threads,
transparent windows, colored fibers, foils or patches, etc.
[0075] b) Conducting the manufacturing process of the
security document (step 13a), which involves the integration of all the
supplies, the process comprising: placing a variety of features, characters or
images on the substrate using at least two different manufacturing processes;
16
CA 02971325 2017-06-16
WO 2016/102987
PCT/1132014/002906
and marking or placing the serial number of the document or any other
document ID data;
[0076] c) Certifying the security document by:
[0077] i. obtaining a digital image of the document (step 10)
and obtaining the data (20) corresponding to a selected group of unique
characteristics for every document and the document ID data. These unique
characteristics are a result of the manufacturing process variations and the
supplies used;
[0078] ii. constructing a message (30) by using a metric
function for determining the relative position of the points previously
selected
as a group of unique characteristics, as well as the document ID data;
[0079] iii. constructing a hashed message by applying a
hash function (40), the hashed message (SO) being the message obtained by
means of applying an unidirectional cryptographic hash function;
[0080] iv. Encrypting by means of a public key cryptography
system (60) the hashed message using a private key (70) to obtain a digital
certificate (80), and
[0081] v. storing the digital certificate in a database (90)
and/or,
[0082] vi. marking or printing (97) the digital certificate on
the security document (10).
17
CA 02971325 2017-06-16
WO 2016/102987
PCT/1132014/002906
[0083) In Fig. 2 a security document is depicted according to aspects of
the present disclosure. For the manufacture of the security document, some
processes are involved; as an example, four processes (A, B, C, E) are shown.
The security document includes a variety of images and characters belonging
to different manufacturing processes. In the case of the Figure 2, Process A
provides the initial substrate for a security document, the substrate
including
some security features such as a thread or foil (ai) and a watermark or
electrotype image (au). Process B provides a set of images (bi), for example
in
the form of offset printing. Process C provides the security document with an
image (ci) and also characters (ciii), in the example referring to the
denomination, and character (cii) referring to the name of the issuing
institution; as an example, this could be an engraving process. Likewise,
process E provides the serial number of the security document (el),
exemplified as a banknote. In some aspects, the security document is certified
according to the process depicted in Fig. I; as a result, the digital
certificate
obtained by the certification process can optionally be printed on the
security
document as feature (fi).
[0084] According to aspects of the present disclosure, at least one of the
following unique characteristics of the document is considered for certifying
the document, and they are obtained from:
(0085) Electromagnetic response (1R, Visible, UV),
[0086] Register
[0087] number and position of fluorescent fibers
18
CA 02971325 2017-06-16
WO 2016/102987
PC171112014/002906
[0088] printing errors or printing variations: random ink stains, unfilled
lines, color, etc.
[0089] Physical properties,
= Acoustic properties,
= Electric properties,
= Magnetic properties,
= etc.
[0090] and require at least one document ID data:
= serial number,
= document denomination,
= names,
= dates, etc.
[0091] Fig. 1 discloses the certification process according to aspects of
the present disclosure; a security document is manufactured according to the
well known processes of the prior art (Step 10), including the steps of
providing special supplies 11a, manufacturing a substrate 13a, and
conducting a manufacturing process comprising a variety of steps (13a).
[0092] The document thus manufactured, it is then subjected to the
process of obtaining data (step 20), Fig. 1 in order to obtain the particular
data of each manufactured item, and in particular, the information
concerning the relative positions between the variety of characters or images
present in a security document.
[0093] The data from the relative position of the images and characters
present in a security document are used to construct a numeric message. Fig.
3 depicts the way to obtain the data from the security document. The message
19
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
(30) obtained in step (20) consists of data concerning the relative positions
between images and characters, whose positions depend on the process by
which such images and characters are placed on the security document. For
example, in Figure 3, a security document is represented containing images
produced by a sequence of process A, B, C and E. As noted, there is a defined
set of reference points (Al, A2, ..., AN), (131, B2, ..., BN), (Cl, C2, ...,
CN), ),
(El, E2, ..., EN) etc. for each image or process, in a defined random position
providing an easy access or identification, for example certain corners of an
image, some marked dots, etc. and then a first relative position ID I (Al
,A2)J of
a fist relative point (A2) is calculated in image A with respect to reference
point
Al; a second relative position [D2(A1,B1)1 of relative point B1 is calculated
in
image B with respect to reference point Al. In the same way, there is
calculated a third relative position [133(A1,C1)} of relative point Cl in
image C;
and optionally, a fourth relative position (134(A1,E1)1 of a relative point
(El) in
image D is calculated as well. In some aspects, there are also calculated
other
relative positions, taking as reference a second reference point in image B
(B2), a third reference point in character C (C2) or a fourth reference
position
in character E (E2). The metrics are also calculated for each relative
position
from each reference point as well as other trigonometric values and other
mathematical quantities associated with the distance between the points.
Thus, there can be defined a variety of reference points and a variety of
measurements.
[0094] The security document data is then associated with a
mathematical function, such as a mathematical matrix as depicted in Fig. 4
which conforms the "Message" of the security document. As noted, it is
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
possible to construct one general security message MD for all the features
measured, or it is also possible to construct a variety of messages coming
from
specific parts of the security document, for example the Messages MDA
referring to relative position of the dot A with respect to the remaining dots
A,
B , C and E, or a Message MDCB related to the relative position between dots
C and B, or Message MDEc concerning to the relative position of dots from
figures C and E. This is particularly useful when it is desirable to
authenticate
a document where only part of the document is available, for example in case
of document fractions, or torn security documents.
[00951 There are some mathematical methods in the previous art to
obtain a message from the information collected. For example, the protocol
that follows the value of the relative positions, or a mathematical
regression,
for example a linear regression, a logarithmic regression or other kind of
mathematical regression. In some aspects, it is preferred to use a metric
function.
[00961 In order to obtain the variety of the reference points and the
relative positions, a process of digitalization or capture of an image is
conducted, for example with, digital photography or a scanner; as well as any
other physical and/or chemical measurements of unique characteristics for
every document, for example paper type, paper weight, paper texture, paper
color, ink type, ink color, etc. The digitalization step could be conducted in
a
digitalization module subsequent to the manufacture (13a).
(0097] As an example, when the subset of unique characteristics arise
from the register between the different processes involved in the manufacture
of the security document, then variations between the images and characters
21
CA 02971325 2017-06-16
WO 2016/102987
PC171B2014/002906
result considering the process A, B, C and E will result in the order of some
quintillions depending on the resolution of the digital image of the document.
Minimum number of Combinations at
100 dpi 200 dpi 600 dpi
Process' Variations 8.3E+08 2.1E+11 1.4E+15
Total including 1.7E+17 4.3E+19 2.8E+23
document ID data
[0098] As noted, the level of variation provides a unique and
unrepeatable way to identify documents, whose exact reproduction is
extremely complex even for the original manufacturer.
[0099] Moreover, if not only the register but also other unique
characteristics such as the number and position of colored or fluorescent
fibers is used, the number of variations will increase by some hundreds of
orders of magnitude.
[00100] By selecting the points according to aspects of the present
disclosure, it is possible to obtain some quintillions of possible
combinations;
thus, it is very unlikely for a counterfeiter to obtain a document with the
same
unique characteristics as those contained in a digital certificate produced
according to aspects.
[00101] In the particular case of banknotes, even if the original
manufacturer wanted to forge an exact copy of one document, it would have
to manufacture many documents (in the order of quintillions) and then select
22
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
one which has the same variation, and then paste the document ID data
together with the same certificate of the original. Therefore, particularly
for
banknotes, this method using the register does not make the counterfeiting
impossible, rather makes it economically unfeasible by making the
counterfeiting a very complex and inefficient process.
[00102] However, to avoid an attacker statistically studying the
variations of the official manufacturer, the message obtained in step (30) is
then transformed in step 40 through the use of a Mathematical Hash function
and then encrypted in step 60 to yield a unique digital certificate.
(00103) In step 40 of figure 1, the message obtained in step (30) is
then transformed using a mathematical function, such as a Hash function in
order to obtain a Hashed message comprising at least one chain of characters
in step 50 of Fig. 1. There are some mathematical methods to run a Hash
function, for example, by means of a mathematic unidirectional process or
model (algorithm) delivering a chain of characters.
[00104] The Hashed function is then encrypted in step (60) to yield
an encrypted hashed message or digital certificate. In order to encrypt the
Hashed message, an asymmetric encryption algorithm is used that requires a
private key (70) in order to generate a digital certificate (80) in the form
of an
encrypted alphanumeric chain.
[00105] As shown in Fig. 1, the digital certificate is, in turn, stored
in a database (90) that can be kept in a server placed in secure
installations,
and/or it can be marked/printed (97) back to the document (10) in a readable
manner by the same mechanism to obtain the data (20), such as a barcode,
code or plain text (fi). When using a database (90) in addition to storing the
23
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
digital certificate (80), it may also be useful to associate that digital
certificate
in the database with other ID data information such as the serial number of
the security document, a scanned copy of the document, details on the place
and time of manufacture of the document, etc.
[00106] The digital certificate is then a validation element
associated to the document ID data of the security document and refers to a
particular relationship between images and characters which are present in
a unique way for each security document.
[00107) The digital certificate 80 acts as a barrier to an
unauthorized third party with a reader who wants to read counterfeited
documents or banknotes and print on them a label that represents the
reader's scan according to the encryption scheme. Typically, the digital
certificate (for example a bar code label or other mark) would represent a
cryptogram decipherable by a public key, and the private key would be
reserved for the authorized certifying party or authority. However, as
mentioned, the digital certificate may not be included in the security
document, As previously mentioned, the digital certificate represents the
unique and unrepeatable physical characteristics of the images and
characters present in a security document and will not disclose further
information on how to forge a copy.
[00108] The encrypted information is then placed as a mark or
printed back in step 97 of Fig. 1. The digital certificate 80 and the hashed
message 50 as well as the partial hashed messages and the document ID data
of the security document are stored in a database 90, placed in a server
24
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
available for public access. The digital certificate in the form of an element
(ft)
can optionally be inserted on the security document 10,
[00109] In some aspects of the present disclosure, the digital
certificate can be selected from a bar code or a bidimensional bar code
element
or a character string (fl).
[00110] Thus, the digital certificate 80 is the result of the unique
and unrepeatable relationship between the variety of images and characters
due to register, which are due their manufacturing processes, present in a
security document.
[001111 Authentication process
[001121 The security documents that have been certificated are
subject to further authentication. The process of authentication of a security
document in circulation is depicted in Figs. 5 and 6. The authentication of a
security document is a task conducted by an authentication authority, for
example the authentication authority of a issuing institution, but can also be
performed by both a user of the document and the authentication authority
when a user wishes to authenticate a document. According to Fig. 5, a user
or authentication authority that desires to know if an issued document (110)
is genuine or not should first (step 120) verify the supplies and the
existence
of the security features (watermarks, security threads, security inks,
security
processes, etc.) intended to be present in a genuine document; simple
photocopies and rough copies are discriminated in step 120 in Fig. 5 and step
121 in Fig. 6, and considered as low quality counterfeit (122, Fig. 6).
[00113] Then, if the raw materials and printing processes present
in the document subject to authentication are considered as genuine (step
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
123, Fig. 6), a hashed message must be generated according to the features
of the document of the user. For such purposes, the user/authentication
authority must obtain the data of the security documents (step 130) by means
of any device capable of taking the required digital image, then construct a
message through the use of a metric function and the document ID data (step
140), and apply a hash function (150) to obtain a hashed message (160) for
verification.
[00114] As a next step, the user is provided with a smart phone,
tablet or a different processing device with an application able to obtain the
data (130) and automatically construct the message (140) through the metric
function, as well as to apply the hash function (150) to the message in order
to obtain a hashed message (160) for verification.
[00115] In order to authenticate the security document, the hashed
message for verification (160) is compared with a decrypted hashed message
(260). The digital certificate (80, Fig. 1) to obtain the decrypted hashed
message (260) needs to be retrieved in some way. One source of digital
certificates (80, Fig. 1) for verification is the database (280), created
during
the certification. Considering the data acquisition and processing module is
operable to access the database managed by the authentication authority, the
digital certificate can be decrypted (250) by means of a public key (230), in
order to obtain a decrypted hashed message (260). The database may be part
of a mass storage device that forms part of the reader apparatus, or may be
at a remote location and accessed by the reader through a
telecommunications link. The telecommunications link may take any
conventional form, including wireless and fixed links, and may be available
26
CA 02971325 2017-06-16
WO 2016/102987
PCT/IB2014/002906
over the internet. The data acquisition and processing module may be
operable, at least in some operational modes, to allow the signature to be
added to the database if no match is found. This facility will usually only be
allowed to authorized persons, for obvious reasons. It should be noted that
the misuse of the public key does not facilitate the counterfeiting of the
document, since the public key is useful for decrypting the digital
certificate
but is useless for encrypting a hashed message.
(00116] In some aspects of the present disclosure, the hashed
message for verification (160) of the security document is provided to the
authentication authority, which is able to obtain the correspondent decrypted
hashed message (260) from the database (280) as described above, and
perform a comparison to establish whether the hashed message for
verification (160) is a match with the decrypted hashed message (260).
[00117] Another source to retrieve the digital certificate (80, Fig. 1)
is the bar code or a bidimensional bar code element or a character string (f1,
in Fig. 2) marked/printed on the security document.
[00118] In some apsects of the present disclosure, the digital
certificate can be decrypted (250) by means of a public key (230) to obtain a
decrypted hashed message (260) and used to perform the comparison to
establish whether the hashed message for verification (160) is a match with
the decrypted hashed message (260), which can be locally performed by the
user.
[00119] Finally, if the hashed message for verification (160) and the
decrypted hashed message (260) are a match, the document is then qualified
as an authentic document (400 in Fig. 6). On the other hand, if the hashed
27
CA 02971325 2017-06-16
WO 2016/102987
PCT/1B2014/002906
message for verification (160) is not a match with the corresponding decrypted
hashed message (260), the document is considered as a high quality
counterfeit (305). The incidence of such counterfeits may provide
elements/ evidence for investigating criminal patterns.
100120) As depicted in figure 6, the user should first conduct a
verification step 121 for the presence of the genuine raw materials and the
original security manufacturing processes present in security documents,
such as banknotes. If such materials and processes are not present, then the
document is considered as a low quality counterfeit (122). If the expected
materials and processes are in the document and are considered as genuine,
then the user should conduct a step of obtaining data (130).
001211 In some aspects of the present disclosure, the
authentication process is performed through the use of an application for an
intelligent device, such as a smart phone or tablet. The application guides
the
user to obtain an accurate image and provides the means to connect to the
Authentication Authority. After the authentication by the Authentication
Authority, the result of the comparison process is delivered.
100122] The method provides the possibility of classifying
counterfeits by their manufacturing characteristics; for such purposes,
equipment is needed for automatic classification and registering (ID) of
counterfeits, which is in charge of registering the features of all the
counterfeits arriving at the issuing institution in order to create a database
with all the information extracted from counterfeits, in order to
statistically
link pieces to "Counterfeiters' (not necessarily a person) and detect even
slight
28
CA 02971325 2017-06-16
WO 2016/102987
PCT/113201.1/002906
improvements. Such information is useful in investigating and pursuing
counterfeiting crimes.
[00123] For the certification, image acquisition systems (digital
camera, scanners), image processing equipment (such as CPUs, GPUs,
FPGAs), storage system (data servers) are needed. In the case of 97, the
Marking/Printing device can be an inkjet printer, a numbering machine, laser
marking devices, labeling devices, etc.
[00124] For authentication, image acquisition system (digital
cameras, cellphone camera, scanner, etc.) image processing system (such as
CPUs [PCs, Servers, Tablet, Smartphones, etc.], GPUs, FPGAs) are needed. In
the case of 280: access to the database (Internet, SMS, LAN, WAN, VPN, etc.)
is needed.
[00125] Aspects of the present disclosure being thus described, it
will be obvious that the same these aspects may be varied in many ways.
Such variations are not to be regarded as a departure from the spirit and
scope of the disclosure, and all such modifications as would be obvious to one
.
skilled in the art are to be included within the scope of the following
claims.
[00126] Acknowledgements:
[00127] The author would like to thank Mario Hernandez Tellez and
Uriel Mancebo del Castillo for the numerous and useful discussions.
29
