DE602004007850T2 - Authentication method and device - Google Patents

Description

Field of the invention

The The present invention relates to the field of authentication techniques and in particular without any restriction on the authentication of loyalty cards, financial transaction cards and copy protection.

Background and state of the technology

Various Sealing and printing techniques to provide authentication and an unauthorized replica of products and documents to avoid are known from the prior art. An increasing However, economic damage results from counterfeiting due to insufficient Safety.

To authenticate documents and objects that teaches U.S. Patent No. 5,145,212 the use of discontinuous, reflective holograms or diffraction gratings. Such a hologram or diffraction grating is fixedly attached to a surface containing visual information to be protected from change. The reflective, non-contiguous hologram is formed into a pattern that allows both viewing the protected information through it and viewing an authenticating image or other light pattern that is reconstructed therefrom in reflection. In another specific authentication application of this US patent, a non-transparent structure of two side-by-side discontinuous holograms or diffraction gratings, each reconstructing a separate image or pattern of light, increases the difficulty of forging the structure.

The PCT application WO 087/07034 describes holograms that include diffraction gratings that reconstruct an image that changes when the hologram is tilted with respect to the viewer, and in a manner that images generated from copies made by the hologram are in monochromatic Light does not show this movement.

In the UK patent application GB 2 093 404 For example, sheet material elements undergoing forgery have an integrated or bonded authentication device comprising a substrate having a reflective diffractive structure formed as a relief pattern on a visible surface thereof and a transparent material covering the structure. Specified diffraction pattern lattice parameters result in typical but easily distinguishable optical color characteristics that can not be copied by color copying machines.

The U.S. Patent No. 4,661,983 described a random pattern of microscopic lines or cracks with widths in the micrometer range, which inherently forms in a dielectric coating of an authentication device embedded in a secure document. It enables the identification of a true individual document by comparing read line position information derived by microscopic examination with readout digital codes of line information obtained earlier at the time of manufacture of the document.

The U.S. Patent No. 5,856,070 shows an authentication tag containing a light diffraction structure. Unique parameters are randomly defined in the light diffraction pattern by anisotropic process steps that are not under the full control of the manufacturer during fabrication of the diffractive structure to prevent copying or creating an exact replica thereof. The resulting uniquely colored authentication pattern can be verified by simple observation with the naked eye.

The U.S. Patent No. 4,218,674 shows an authentication method and system that uses an object that is a base material with random errors. The random errors are converted in pulses along a predetermined measuring track over the surface of the object of the base material.

The WO 01/57831 A1 It forms the basis for the preamble of claims 1 and 17. It discloses a method for reading a single volume and non-reproducible identification device comprising a mixture of at least two materials which are distinguishable from each other, characterized in that they are capable of recognizing two Dimensions of the internal heterogeneous structure of identification direction and isolating and demonstrating their third dimension.

The WO 02/50790 A1 discloses a method comprising manufacturing a plurality of security tags, each comprising a plurality of particles randomly distributed in a light transmission matrix providing a reader comprising means for causing one or more wavelengths on a security tag and means for interpreting the light that is reflected and / or refracted and / or diffracted by the particles in the matrix.

According to the invention discloses a method for determining the authenticity of an object according to claim 1 created.

According to the invention Furthermore, an electronic device for determining the authenticity of a Object according to claim 17 created.

Brief description of the drawings

following become preferred embodiments the invention exclusively by way of example and with reference to the drawings, in which:

1 is illustrative of a first embodiment of an authentication label,

2 is illustrative of a second embodiment of an authentication label,

3 Fig. 10 is a flowchart for generating an authentication code for an authentication label;

4 a flowchart is for generating an authentication code by encrypting binary data,

5 the result of the encryption 4 represents,

6 a flowchart is for generating the authentication code using a pseudo-random number generator,

7 Fig. 10 is a block diagram of an image processing and encoding apparatus for generating an authentication code for an authentication label;

8th representing is for a grid used to filter an image

9 a flow chart for determining the authenticity of an authentication label is

10 a flowchart for determining the authenticity of an authentication label, by decrypting the binary data,

11 a flowchart for determining the method of 10 by means of a pseudo-random number generator,

12 depicting a method for determining whether the authentication label has a three-dimensional pattern of distributed particles,

13 depicting an alternative method of determining whether the authentication label has a three-dimensional pattern of dispersed particles,

14 depicting another alternative method for determining whether the authentication label has a three-dimensional pattern of dispersed particles,

15 shows an optical recording medium with an attached or integrated authentication label,

16 a block diagram of a reader for the optical recording medium 15 shows.

Detailed description

1 shows an authentication label 100 , The authentication label 100 has a carrier layer 102 with embedded particles 104 on. The particles 104 are random in the carrier layer 102 distributed so that the positions of the particles 104 within the carrier layer 102 define a random, three-dimensional pattern.

The carrier layer 102 consists of a translucent or transparent material, such. As a synthetic resin or transparent plastic material, the optical determining the positions of the particles 104 allows. For example, the carrier layer 102 a thickness 106 between 0.3 and 1 mm or any other suitable thickness.

The particles 104 may be glass beads or balls or disks, metallic or pearl essence pigments with or without a light reflective coating, or any other suitable shape or type of particle. The particles may be optically detected due to their reflective coating or, if no such reflective coating is present, due to their reflection coefficient different from the material of the carrier layer 102 is. Preferably, the particles 104 5 to 200 μm in diameter. The particles 104 can z. B. optic lens elements to the authentication label 100 to provide a reflective effect.

Preferably, the authentication label has an adhesive layer 108 on to the authentication label 100 to stick to a product or document. The material properties of the carrier layer 102 and the adhesive layer 108 are selected such that an attempt to remove the authentication label 100 of the product or document destroying the authentication label 100 would lead.

2 shows an alternative embodiment in which like reference numerals are used to refer to like elements as in FIG 1 to call. In the embodiment of 2 are particles 204 within the carrier layer 202 of the authentication label 200 metallic or pearl essence pigments. Again, the thickness 206 the carrier layer 202 about 0.3 to 1 mm or any other suitable thickness.

For example, the authentication label 200 the size of a postmark, which is about 3 × 4 mm, and contains approximately 200 particle 204 , The random distribution of 200 Particles within the carrier layer 202 provides sufficient uniqueness of the authentication label 200 ,

3 shows a flowchart for generating an authentication code based on an authentication object, such. B. an authentication label, as in 1 and 2 is described.

At step 300 An authentication object is provided with a three-dimensional pattern of randomly distributed particles. The authentication object is z. For example, a piece of Scotchlite tape commercially available from 3M.

At step 302 a two-dimensional data acquisition step is executed. This can be done by acquiring a two-dimensional image of a surface of the authentication object. Alternatively, the authentication object is scanned in two dimensions by another measuring device. For example, if the particles dispersed in the object are magnetic, a magnetic head may be used to perform the acquisition of two-dimensional data.

The measurement data resulting from the acquisition of two-dimensional data, the step 302 will be executed at step 304 filtered. Preferably, the measurement data is low-pass filtered. Measurement data acquired from the same region of the authentication object's surface is e.g. B. averaged. These regions are predetermined by a virtual lattice.

At step 306 the authentication code is provided.

• (i) die Partikel sind zufällig in drei Dimensionen innerhalb des Objekts verteilt, und
• (ii) die resultierenden Codes sind identisch.

In turn, steps to perform authentication of the authentication object 300 to 306 executed. The object is authentic if the following two conditions are met

• (i) the particles are randomly distributed in three dimensions within the object, and
• (ii) the resulting codes are identical.

This will be explained in more detail below by reference 9 explained.

4 shows an alternative flowchart for providing the authentication code. The authentication code is provided by encrypting I bits from binary data B ₁ , B ₂ , B ₃ , ... B _j , ... B _I. A reference authentication object, such as An authentication tag, as in 1 and 2 is used as a basis for encryption.

Depending on the type of reference object, a data acquisition step is performed (step 400 ). In this way, the reference data vector ξ → is obtained (step 402 ) having a number of k values obtained from the reference data object.

Preferably a kind of filtering of the raw data, which results from the reference object, takes place be acquired to provide the reference data vector ξ →. The Raw data are z. B. by a low-pass filter for increased robustness of the coding and decoding process.

Furthermore, it is useful to normalize the data vector ξ →. In this way, all values ξ _i within a defined range, such. Between [-1; 1].

At step 404 the I bits are entered, which are to be encrypted. At step 406 the index j is initialized. At step 408 a first candidate random vector RR → is generated by means of a random number generator. The random vector RR → has the same dimension k as the reference data vector ξ →.

At step 410 the scalar product of the reference data vector and the candidate random vector is calculated. If the absolute value of this scalar product is above a defined threshold level ε, a first condition is satisfied. If the sign of the dot product matches the bit B _j to be encoded, it means that the candidate random vector can be accepted to encode bit B _j .

For example, for bit B _j = "0", the sign of the dot product must be "-" and if B _j = 1, then the sign of the dot product must be "+".

In other words, the candidate random vector RR → is accepted for encrypting the bit B _j when both of the following conditions are met:

If any of conditions (i) and (ii) are not met, control goes back to step 408 to generate a new candidate random vector, which is then evaluated in view of the two conditions (i) and (ii) in step 410 Is tested. steps 408 and 410 are repeatedly executed until a candidate random vector has been found, both conditions of step 410 Fulfills. The accepted candidate random vector forms row j of the matrix M (step 412 ). At step 414 index j is implemented and control goes to step 408 to encode the next bit B _{j of} the I bits to be encrypted.

After encryption of all I bits, the controller goes to step 416 where the matrix M is output as a result of the encryption.

It It should be noted that the selection of the threshold ε is a compromise between safety, measurement tolerance and processing time. One Increase ε increases the average number attempts to find an acceptable candidate random vector elevated but also the acceptable measuring tolerance. Decreasing ε increases the security level and reduces the processor power requirement, but reduces the processor overhead acceptable measuring tolerance. A reasonable choice for ε is 1, 2, 3, 4, 5 or 6, preferably between 3 and 4 and most likely applies ε = 3.7 when the reference data vector dimension (k) is 256 and the required Measuring tolerance is 5.

In all other cases, a good choice is for ε ε = 8 · T · sqrt (k / 3) where T is the required measurement tolerance (5% = T = 0.05) and k is the reference data vector dimension and the sgrt () function is the normal square root function.

5 shows the resulting matrix M, which has a number of I rows and k columns. Each row j of the matrix M is assigned one of the bits B _j and contains the random vector encoding the corresponding bit B _j .

Decryption of the matrix M to recover the encrypted bits is only possible if the decryptor is in possession of the reference object used for the encryption (see step 400 out 4 ), since the reference data vector ξ → is not stored in the matrix M or elsewhere.

A corresponding decryption method is described in greater detail below by reference to 10 described.

To the For example, the resulting matrix M is printed by printing a bar code stored on a secure document containing the authentication object wearing. Alternatively or in addition In addition, the matrix M may be electronically stored if that secure document has an electronic memory.

6 shows a preferred embodiment of the encryption method 4 that allows compressing the result of the encryption operation. steps 600 and 602 are identical to steps 400 and 402 out 4 , At step 603 a seed value is entered for the pseudo-random number generator. At step 604 a symmetric key with a length I is entered. This corresponds to step 404 out 4 , In addition to the initialization of index j at step 606 (corresponds to step 406 out 4 ) index m at step 607 initialized. Index m is the running index of the random number generator.

At step 608 For example, the first random vector RR → _{m = 1 is} generated from k random numbers R _i by the pseudo-random number generator on the basis of the seed value. This candidate random vector becomes at step 610 evaluated in the same way as in step 410 out 4 , If the candidate random vector RR → _{m = 1 is} accepted, since it meets the conditions of step 610 is satisfied, only the running index m at step 612 stored as an element of the sequence S resulting from the encryption.

step 614 corresponds to step 414 , At step 616 For example, the sequence S containing a number of I running indices is output, not a matrix M having a number of I × k random numbers. Thus, by storing the current indices and the seed, rather than the random vectors themselves, drastic compression of the result of the encoding operation is achieved.

7 Fig. 12 is a block diagram of an image processing and encoding apparatus 700 , The image processing and encoding device 700 has a light source 702 and an optical sensor 704 on to get a picture of the authentication label 706 close. For example, the authentication label 706 a similar design as the authentication label 100 (see 1 ) and the authentication label 200 (see 2 ). In addition, the authentication label assigns 706 location markers 708 on which the authentication label 706 with a reference position.

The optics sensor 704 is with the image processing module 710 coupled. The image processing module 710 has an image processing program that can filter the image data received from the optics sensor 704 needed.

The image processing module 710 is with the coding module 712 coupled. The coding module 712 receives the filtered measurement data from an image processing module 710 , The coding module 712 is with a memory 714 coupled to store the result of the encoding for later use. For example, image processing and encoding is performed on a sequence of authentication tags for mass production of media, passports, bank cards, or other secure documents.

In this case, a sequence of authentication codes is in the memory 714 saved during mass production. These authentication codes can be printed and sent to the user independently by sending the authentication labels 706 be sent. For example, authentication labels 706 attached to customer cards or financial transaction cards, such. B. ATM cards sent to customers. Customers receive the corresponding authentication codes separately by mail.

Preferably, the image processing and encoding device 700 a random number generator 716 on. Preferably, the random number generator 716 a pseudo-random number generator.

Preferably, the image processing module provides 710 the reference data vector ξ → (see step 402 out 4 and step 602 out 6 ). The coding module 712 leads the steps 406 to 416 out 4 off, or if the random number generator 716 a pseudo-random number generator is the step 606 to 616 out 6 , The resulting matrix M or sequence S is stored in the memory 714 saved.

In principle, the I bits B ₁ , B ₂ , B ₃ , ... B _I generated by the coding module 712 be encrypted, be of any kind. For example, the ASCII code of a user name or other personal data is encrypted. Alternatively, a random number, such as. For example, a pincode that only the user knows is encrypted.

As another alternative, a symmetric key is encrypted. The symmetric key is used to encrypt bulk data stored on a volume. The decryption of the mass data is only possible by an authorized user who owns the authentication label 706 and the matrix M or sequence is S, depending on the implementation. The latter application is particularly useful for the purpose of copy protection, as discussed below 15 and 16 explained in more detail.

8th shows a grid 800 , the grid elements 802 having. The grid 800 can through the image processing module 710 (see 7 ) are used for the purpose of filtering image data transmitted by the optical sensor 704 be acquired. For example, the image processing module calculates 710 a normalized, average gray value for each of the grid elements 802 , The normalized and averaged gray values provide the reference data vectors ξ → for encryption and ξ → 'for decryption. It should be understood that various other image processing and filtering techniques may be employed to provide the reference data vectors based on the image data provided by the optical sensor 704 be acquired.

9 shows an authentication method based on an authentication object or label (cf. 1 and 2 ), as explained above, with particular reference to FIG 1 . 2 and 3 , At step 900 is z. For example, an authentication card with an attached authentication tag is inserted in a card reader. At step 902 the user is prompted to enter his or her authentication code into the card reader, e.g. For example, the code in step 306 from 3 is delivered.

At step 904 The card reader makes a determination as to whether the authentication label has a three-dimensional pattern of particles or not. This can be done by various methods. Preferred embodiments of how this determination may be made will be described in more detail with reference to FIGS 12 . 13 and 14 explained below.

If at step 904 when it is determined that there is no three-dimensional pattern of dispersed particles in the authentication label, a corresponding denial message is sent by the card reader at step 906 output.

If the opposite is the case, the authentication method goes to step 908 where a two-dimensional data acquisition process is performed on the authentication label. Since it has previously been determined that there is actually a three-dimensional distribution pattern of the particles, it is sufficient to acquire the data from the authentication label in only two dimensions.

At step 910 will be the measurement data obtained from the data acquisition, the step 908 is running, filtered to step by step 912 to deliver a test code. It is noted that steps 908 to 912 essentially identical to the steps 302 to 306 out 3 are. If the authentication tag is authentic, the check code that is at step 912 is obtained, identical to the code at step 306 is obtained. This will be at step 914 checked.

If the codes are not identical, at step 916 a rejection message issued by the card reader. If the codes are actually identical, it will go to step 918 issued by the card reader an acceptance message. Alternatively, an action is carried out or allowed, depending on the field of application of the authentication method, such as authentication. Banking, access control, financial transaction or copy protection.

10 represents a decryption method that corresponds to the encryption method 4 equivalent.

At step 1000 the matrix M is entered. At step 1002 Data is acquired from the reference object. On this basis, the reference data vector ξ → 'is obtained (step 1004 ). It should be noted that the data acquisition step 400 out 4 and the data acquisition step 1002 out 10 are essentially identical. However, in the case where the reference object is a physical object, the acquisition of data involves a certain type of measurement error.

Consequently, the raw data obtained from the measurements of the reference object is at step 400 from 4 and step 1002 from 10 not exactly the same. Consequently, the reference data vector ξ →, which is at step 1004 is also not identical to the reference data vector ξ →, the step 402 out 4 is delivered. Despite such differences between the reference data vector ξ → used for coding and the reference data vector ξ → ' , which forms the basis of the decoding, a correct decoding of the matrix M can be performed to obtain the "hidden" bits B ₁ ... B _j , ... B _I.

At step 1006 the index j is initialized. At step 1008 is the scalar product of the reference data vector ξ → 'and the random vector in row j of matrix M, which is assigned to the bit B _j calculated. The sign of the scalar provides the decoded bit value B _j , using the same convention as for the encoding. In other words, if the sign is negative, the bit value is "0", and if the sign is positive, the bit value B _{j is} "1".

At step 1010 the index j is incremented and control goes back to step 1008 for decoding the next bit position. steps 1008 and 1010 are repeatedly executed until all I bit positions have been decoded. The decoded I bits are incremented 1012 output.

It It should be noted that the encryption described above and decryption procedures are particularly advantageous because they are fault tolerant in terms unavoidable measurement errors when acquiring data from the reference object are. Usually are the reference data vectors used for decryption and for the encryption not exactly the same, but still gets one correct decryption result with a high degree of reliability and security received.

If the decoded I bits used in step 1012 are identical to the original bits that are at step 404 were entered (see 4 ), the reference object is authentic, otherwise the reference object is rejected.

11 shows an alternative decryption method based on pseudo-random vectors. The decryption procedure 11 corresponds to the encryption method 6 ,

At step 1100 the sequence S is entered. The germinal value used for encoding (see step 603 out 6 ) is at step 1101 entered. steps 1102 . 1104 . 1106 are essentially identical to the corresponding steps 1002 . 1004 and 1006 out 10 ,

At step 1107 For example, a pseudo-random generator operating in accordance with the same algorithm as the pseudo-random number generator used for encryption is used to recover the random vector RR → _{m = s} , based on the seed value used in step 1101 was entered. In this way, the random vector represented by the current index s _j in the sequence S is restored.

The next step 1108 is identical to step 1008 out 10 , At step 1110 the index j is incremented. From there, control returns to step 1107 for restoring the contiguous random vector with the current index s _j . At step 1112 the result of the decoding is output.

12 shows the authentication label 100 (see 1 ). To determine if a three-dimensional particle pattern within the authentication label 100 present or not, become three pictures of the authentication label 100 in sequence with the help of a camera 1200 made. The first picture is taken with a switched on diffuse light source 1202 and switched off diffuse light sources 1204 and 1206 made.

The second picture is with lights off 1202 and 1206 made while the light source 1206 the authentication label 100 illuminated from a different angle of illumination.

The three images are combined to provide a resulting image. The combination can be performed by digitally overlaying and adding the digital images. In fact, if there is a three-dimensional distribution particle pattern in the authentication label, there must be regular geometric artifacts in the resulting image. Such artifacts can be detected by a pattern recognition step. In the case of three light sources, the geometric artifacts that are generated are triangles of similar size and shape. This effect is achieved using a two-dimensional copy of the original authentication label 100 not reproducible.

When an alternative can more than three light sources at different illumination angles used to make a corresponding number of images, the superimposed and added. Change this the number of light sources changes Furthermore, the shape of the geometric artifact in the resulting Image.

13 Figure 4 shows an alternative method of determining the three-dimensionality of the distributed pattern of particles within the authentication label 100 , For this application is required that the authentication label 100 is reflective. The underlying principle is that the reflective effect is not using a two-dimensional copy of the authentication label 100 can be reproduced.

The test, whether the authentication label 100 actually reflective or not, is performed as follows: a first image is taken by a camera 1300 with a switched on diffuse light source 1302 made. The diffused light source 1302 does not cause the reflective effect. The second image will be with the diffuse light source turned off 1302 and switched on direct light source 1304 made.

With the help of a half mirror 1306 this produces an incident beam of light approximately perpendicular to the surface of the authentication label 100 is. This ray of light causes the reflective effect. By comparing the first and second images, it is obvious if the authentication label 100 is reflective or not. This distinction can be made automatically with the aid of a relatively simple image processing routine.

14 FIG. 12 shows another alternative method of determining whether the distribution particle pattern is three-dimensional or not. This procedure requires that the particles be within the authentication label 200 (see 2 ) Are perlessence pigments.

Present are Micropigments coated with titanium dioxide and / or iron oxide, safe, stable and environmentally friendly for use in coating, cosmetics and plastics. The Beading is caused by the behavior of incident light produced on the oxide-coated mica; a partial reflection from and a partial transfer through the platelets creates a depth perception. The color of the transmitted light is complementary to the Color of the reflected light.

To check the presence of this color effect, become a light source 1400 , which produces diffused white light, and two cameras 1402 and 1404 used. The cameras 1402 and 1404 are on opposite sides of the authentication label 200 positioned.

An incident light beam 1406 is partly due to particles 204 in the reflected light beam 1408 reflected and partly as a transmitted light beam 1410 transfer. When the colors of the reflected light beam 1408 and the transmitted light beam 1410 are complementary, this means that the authentication label 200 could not be created by two-dimensional copying.

The test, whether the colors of the reflected light beam 1408 and the transmitted light beam 1410 can be performed by summing the color coordinate values, e.g. Using the RGB color coordinate system. The summation of the color coordinates must lead to approximately a constant RGB value.

15 shows an optical disk 1550 , such as B. a CD or DVD. The optical disk 1550 has an area 1552 which is covered by a data track. Outside the range 1552 , such as In one area 1554 , is an angled shaped authentication label 1556 to the surface of the optical disk 1550 glued or in the optical disk 1550 integrated. The authentication label 1556 is similar to the authentication label 100 from 1 or the authentication label 200 from 2 ,

The data track of the area 1552 stores encrypted data, such as As audio and / or video data, multimedia data and / or data files. In addition to this are Matrix M (see step 416 out 4 ) or sequence S (see step 616 out 6 ) and the germ count are stored in the data track without encryption. Alternatively, a machine-readable and / or human-readable label is attached to the optical disk 1550 attached, wherein the matrix M or the sequence S and the seed value are printed thereon. Preferably, the label is on the back of optical discs 1550 or in the interior 1554 glued.

If a user wants an optical disk 1550 To use, he or she puts the optical disk 1550 into a player or a disk drive. The player or disk drive reads the matrix M or the sequence S and the seed value from the optical disk 1550 , On this basis, the authenticity of the authentication label 1656 checked by performing the procedure 10 or 11 , depending on the implementation. If the authentication label 1556 is actually authentic, the symmetric key is retrieved and the encrypted bulk data stored in the data track is decrypted to allow playback, retrieval or opening of the files. Otherwise, the key is not recovered and a decryption of the mass data is not possible.

16 shows a block diagram of the reader 1600 as an optical disk player 1550 can be used (cf. 15 ). Elements of 15 , the elements of 7 are denoted by like reference numerals.

The reader 1600 has a slot 1622 with a mechanism for inserting an optical disk 1550 on. The authentication label 1556 is to the surface of the optical disk 1550 attached by adhesive or integrated into the card. In the latter case, the surface of the optical disk 1550 be transparent to allow a picture of the surface of the authentication label 1556 close. For example, the optical disk is 1550 made of a flexible, transparent plastic that has a smooth outer surface and the authentication label 1556 envelops.

The reader 1600 has at least one light source 1602 to light the authentication label 1556 on when the optical disk 1550 in the slot 1622 is inserted (compare implementations of 12 to 14 ).

Further, the reader points 1600 an optical sensor 1604 on, such as B. a CCD camera. The optical sensor 1604 is with the image processing module 1610 coupled. The image processing module 1610 is according to the image processing module 710 out 7 that is, it provides the same kind of two-dimensional data acquisition and filtering.

The image processing module 1610 is with the decryption module 1612 coupled. The decryption module 1612 is used to recover a symmetric key for decrypting bulk data stored on the optical disk 1550 stored by the consecutive decryption module 1617 , The decryption module 1617 is with the processing module 1618 coupled.

The optical reader 1620 is both with the decryption module 1612 as well as with the decryption module 1617 coupled. The optical reader 1620 has a laser diode for applying a laser beam to a surface of the optical disk 1550 to read their data track.

If the procedure of 6 used for encoding is the pseudo-random number generator 1616 required for decryption.

Preferably, the light source implement 1602 and the optics sensor 1604 any of the arrangements 12 to 14 as explained above.

Hereinafter, let it be assumed that the matrix M or the sequence S and the seed code on the data track of the optical disc 1550 are stored.

In operation is the optical disk 1550 in the slot 1622 inserted. In response, a determination is made by the image processing module 1610 with the help of the light source 1602 and the optical sensor 1604 executed, whether a three-dimensional particle distribution within the authentication label 1556 is present (see 12 . 13 and 14 ).

When the image processing module 1610 that actually determines a three-dimensional particle distribution within the authentication label 1556 is present, it straightens the optical reader 1620 to the matrix M or sequence S and the seed value from the data track of the optical disc 1550 to read. This information is in the decryption module 1612 entered.

Furthermore, the optical sensor acquires 1604 Image data from the authentication label 1556 , The image data is passed through the image processing module 1610 filtered and the resulting data vector ξ → 'is in the decryption module 1612 entered. decryption module 1612

100

authentication label

102

backing

104

particle

106

thickness

108

adhesive layer

200

authentication label

202

backing

204

particle

206

thickness

208

adhesive layer

700

Image processing and coding device

702

light source

704

optical sensor

706

authentication label

708

location markers

710

Image processing module

712

encoding module

714

Storage

716

Random number generator

800

grid

802

grid element

1200

camera

1202

light source

1204

light source

1206

light source

1300

camera

1302

diffuse light source

1304

direct light source

1306

half mirror

1401

light source

1402

camera

1404

camera

1406

beam of light

1408

reflected beam of light

1410

transferred beam of light

1550

optical disk

1552

Area

1554

interior

1556

authentication label

1600

reader

1550

optical disk

1552

Area

1554

interior

1556

authentication label

1600

reader

1602

light source

1604

optical sensor

1610

Image processing module

1612

decryption module

1616

Random number generator

1617

decryption module

1618

processing module

1620

optical readers

1622

slot

Claims (18)

A method for determining the authenticity of an object ( 100 ; 200 ; 706 ), comprising the following steps: - receiving a first code, - determining ( 904 ), whether the object has a three-dimensional pattern of distributed particles, - performing ( 908 ) of a two-dimensional data acquisition for detecting a second code from the object, - determining ( 914 ) authenticity using the first and second codes; the method being characterized by: determining whether the object has a three-dimensional pattern of dispersed particles that is performed by: illuminating the object with scattered white light ( 1406 ), - detecting light reflected from the object ( 1408 ), and light transmitted through the object ( 1410 ), Determining whether the reflected light and the transmitted light have complementary colors. The method of claim 1, further comprising the steps of: - capturing an image of the object ( 100 ; 200 ; 706 ) in a reading position, - determining a displacement of the reading position with respect to a reference position by detecting positions of a marker ( 708 ) in the image, performing a projective conversion of the image to compensate for the offset. The method according to one of the preceding claims, wherein the two-dimensional data acquisition by scanning the object along a predetermined two-dimensional grid ( 800 ) is carried out. The method according to one of the preceding claims, wherein the step of two-dimensional data acquisition ( 908 ) is performed by capturing an image of the object. The method according to a of the preceding claims, the further filtering of measurement data by the two-dimensional Data collection has been detected, to the second code too deliver. The method according to claim 5, where the filtering includes low-pass filtering of the measurement data. The method according to claim 5 or 6, wherein the filtering is a calculation of averages of subsets has the measured data. The method according to a of the preceding claims, wherein the first code comprises a set of random vectors, and the second code is a data vector. The method according to claim 8, wherein the random vectors are pseudo-random, each random vector by a run index is displayed, and further inputting a seed parameter value for one Pseudo-random number generator to the random vectors based to generate the start parameter value. The method of claim 8 or 9, further determining the signs of scalar products of each of the random vectors and the data vectors for generating a third code. The method of claim 10, wherein the third code is a check code for comparison with an Au authentication code is. The method according to claim 10 or 11, wherein the third code is a symmetric key. The method of claim 12, wherein the Object to a volume belongs, the one encrypted File stores, the method further decrypting the File by means of the symmetric key. The method of claim 13, wherein the first Code on the disk is stored. A computer program product for performing a Method according to one of the preceding claims 1 to 14. A logic circuit that is adapted to a procedure according to one the claims 1 to 14. An electronic device for determining the authenticity of an object, the electronic device having the following features: a device for receiving a first code, a device for determining 904 ), whether the object has a three-dimensional pattern of distributed particles, - means for performing ( 908 ) of a two-dimensional data acquisition for detecting a second code from the object, - a device for determining ( 914 ) authenticity based on the first and second codes; the apparatus being characterized by: the means for determining whether the object has a three-dimensional pattern of dispersed particles adapted to perform the following steps: illuminating the object with scattered white light ( 1406 ), - detecting light reflected from the object ( 1408 ), and light transmitted through the object ( 1410 ), Determining whether the reflected light and the transmitted light have complementary colors. The electronic device according to claim 17, further comprising means for performing a projective transformation to offset the object with respect to a reference position to compensate.