CN1898895A - Method and system for controlling encoded image production using image signatures - Google Patents

Method and system for controlling encoded image production using image signatures Download PDF

Info

Publication number
CN1898895A
CN1898895A CN 200480038292 CN200480038292A CN1898895A CN 1898895 A CN1898895 A CN 1898895A CN 200480038292 CN200480038292 CN 200480038292 CN 200480038292 A CN200480038292 A CN 200480038292A CN 1898895 A CN1898895 A CN 1898895A
Authority
CN
China
Prior art keywords
image
authentication image
user
signature
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200480038292
Other languages
Chinese (zh)
Inventor
阿尔弗烈德·V·阿拉西亚
阿尔弗烈德·J·阿拉西亚
托马斯·C·阿拉西亚
斯洛博丹·茨弗特科维奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Graphic Security Systems Corp
Original Assignee
Graphic Security Systems Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Graphic Security Systems Corp filed Critical Graphic Security Systems Corp
Publication of CN1898895A publication Critical patent/CN1898895A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Facsimiles In General (AREA)
  • Collating Specific Patterns (AREA)
  • Editing Of Facsimile Originals (AREA)

Abstract

An automated method for authorizing and controlling the production of optically encoded images is provided. The method comprises receiving from a user data processor a request for authorization to produce an encoded image. The authorization request includes user-supplied data comprising at least one authentication image file. The method further comprises determining whether the user is authorized to produce an encoded image using the user-supplied data. Responsive to a determination that the user is authorized to produce an encoded image using the user-supplied data, an authentication image signature is generated from the at least one authentication image file using an image signature algorithm and a positive authorization response is returned to the user data processor. The positive authorization response includes the authentication image signature.

Description

The method and system that uses image signatures control coded image to produce
Related application
The application requires the U.S. Provisional Application No.60/531 of submission on December 22nd, 2003, and 810 priority, this application integral body are incorporated into this with for referencial use.
Technical field
Relate generally to of the present invention is to the false proof protection of printing and digital document, packing and other printing materials, and more specifically, relates to that the safety of employed coded image produces in the false proof measure.
Background technology
The black market bargain of forging and changing valuable document and fakement is the growing serious problems that regularity faced in the world today.Every year, because the use of the rogue of non-authentic document and brand product, with a toll of millions of dollar.Optical scanner, photocopier and other equipment that are used for replicated product are accurate day by day, and this has strengthened constantly that counterfeiter produces has enough quality and the swindle file that usually can not be detected and the ability of other Counterfeit Items.
A kind of method that the enhancing fail safe that prevents unauthorized copying, change or forgery is provided is to use coded image to product to be protected.This image can comprise obviously image (visual image) and non-visual or hidden image directly perceived, and wherein hidden image is to be difficult under the situation of optics that is not exclusively used in the observation hidden image or digital decoder or can not observed mode to be combined in the visual image.With file and other products that this coded image is applied to be forged, feasible anyone with suitable decoder can verify the authenticity of these products reliably.
The content of coded image can be extensively variable, and can change regularly.Content even can in this case, must very rapidly generate content specially at its applied independent product, this just can be regarded as practical safety measure.Therefore, the method that produces coded image should be flexibly, and preferably can use the user at once.
Therefore, it is favourable making independent user can easily produce coded image.Yet doing has like this increased coded image self and may have been distorted or produce misgivings with fake product or change file by unauthorized user.Another misgivings are that authorized user may be used for encoding software unauthorized purpose, for example are used for protecting not allowing this subscriber-coded printing material.Therefore, need complicated control measure, only produce to guarantee coded image, and guarantee that this authorized user only produces the coded image of mandate by authorized user.
Summary of the invention
Embodiments of the invention have satisfied for not being subjected to generation, transmission and the use of the coded image of unauthorized copying, forgery or other abuses to carry out additionally controlled needs to being used for protected file and other materials.
An illustrative aspects of the present invention provides a kind of automated process that is used to authorize and control the generation of optical encoding image.This method comprises: receive the request that produces coded image to authorizing from user data processor.Described authorization requests comprises that the user provides data, and described user provides data to comprise at least one authentication image file.This method also comprises and determines whether that authorized user uses the user to provide data to produce coded image.Use the user to provide data to produce determining of coded image in response to authorized user, use the image signatures algorithm, according to described at least one authentication image file, generate the authentication image signature, and return sure authorization response to user data processor.Described sure authorization response comprises the authentication image signature.
Description of drawings
In conjunction with the drawings, read following detailed description, will more fully understand the present invention, similar label is used for representing similar element in the accompanying drawing, wherein:
Fig. 1 illustrates the exemplary coded image that is formed by the secondary authentication image of advocating peace;
Fig. 2 illustrates and uses the grating lens coded image shown in Figure 1 of decoding;
Fig. 3 is schematically showing according to the autocoding image approval system of the embodiment of the invention;
Fig. 4 is schematically showing according to another autocoding image approval system of the embodiment of the invention;
Fig. 5 is the flow chart that produces the method for handling according to the control coded image of the embodiment of the invention;
Fig. 6 is schematically showing according to the autocoding image approval system of the embodiment of the invention;
Fig. 7 is the flow chart that produces the method for handling according to the control coded image of the embodiment of the invention;
Fig. 8 is the flow chart that produces the method for handling according to the control coded image of the embodiment of the invention;
Fig. 9 is the flow chart that produces the method for handling according to the control coded image of the embodiment of the invention.
Embodiment
Embodiments of the invention provide the method for generation, transmission and the use of control coded image.As mentioned above, this coded image is used to hinder or prevents file and the other materials of having used coded image are forged and abused.
Here employed term " coded image " (or " optical encoding image ") is meant rasterisation, the scrambling of one or more authentication image or the variant of otherwise handling, in being embedded into file, in the time of perhaps in other printing backgrounds or the source images, do not use decoding device, just can not from base document material or other backgrounds or source images, distinguish.Can use one group of specific characteristic, generate coded image from authentication image, wherein characteristic comprises and the corresponding coding parameter of the particular characteristics of decoding device.When having printed coded image, when decoding device is placed printed preset bearing, coded image top, will manifest authentication image.Do not use decoding device, the part or all of of coded image may be as seen, but naked eyes can not be recognized maybe from background and can not distinguish.
Should be appreciated that the optical encoding image can be a digital picture, after printing, can decode, also can use such as the digital decoding equipment based on the decoder of software to decode with their digital form by optical decoder equipment.Digital coding image comprises the coded image that waits with physical form printing or application, and from coded image scanning of having printed or the digital picture of reproducing.Should also be understood that and to print as follows or the Application Optics coded image: have only by using the incident light in the non-visible, perhaps can be used for observing the scanning device of the light in the non-visible, they could be decoded by use.This coded image comprises with emission or reflects the light (for example, infrared light) of non-visible wavelength or at the coded image of the dielectric printing that utilizes the light of non-visible wavelength (for example, ultraviolet light) when irradiation emission or reflection.
Here employed " authentication image " is included in employed any image when producing coded image.Therefore, authentication image can be the image as the visible background image, or as the sub-picture that is combined in the hidden image in the visual picture.
The interested especially coded image of the present invention is to be configured to use grating lens (lenticular lens) to carry out the image of optical decoder.Described this image in the U.S. Patent No. 5,708,717 (" 717 patent ") of Alasia, this patent integral body is incorporated into this with for referencial use.This imagery exploitation grating lens leach the ability of (screen) picture material based on the lenticule frequency (lenticulefrequency) of lens.These images are encoded by one of several methods usually, and these methods comprise the periodic patterns of setting up rule, and wherein the frequency of this pattern is introduced pattern distortions then corresponding to the frequency that will be used as the grating lens of decoder, makes image be difficult to the naked eye differentiate.
Fig. 1 and 2 illustrates and uses grating lens to come decode encoded images.Fig. 1 shows the enlarged drawing of optical encoding image 10.Coded image 10 is formed by the master image of people's face and the sub-picture structure of letter " SI ".With specific netting twine frequency (screen frequency) and angle with the master image rasterisation.By with the grid stroke of the corresponding position of content of sub-picture in introduce and change, sub-picture is embedded in the master image.Result shown in Figure 1 is that wherein master image is observed and the unresolvable coded image 10 of sub-picture easily.As shown in Figure 2, when line frequency and the corresponding grating lens 20 of netting twine frequency being placed the correct orientation α in coded image 10 tops, can observe sub-picture (SI).As mentioned above, if coded image 10 is stored as digital picture or embeds in the digital document, can use to have and the digital decoder of grating lens 20 similar functions this coded image of decoding.If coded image 10 has printed, then can use the image acquisition equipment of scanner or camera and so on to create the digital version of coded image 10.Can use the software that is configured to extraction authentication image from digital coding image to come decoding digital coding image then.
Coded images this and other types are to use a set of encode parameters to make up from digitized authentication image.These parameters can determine to be used for the configuration and the orientation of decoding device that coded image is decoded.For the image that hope is decoded with the optics decoding device, some or all coding parameters can be corresponding to the certain optical properties of decoding device.For example, for the image that hope is decoded with grating lens, coding parameter can comprise the netting twine frequency, and this is corresponding to the lenticular number and the interval of number and the interval and the lens of the rule mesh line segment that image was divided into.Coding parameter can also comprise the angular range of netting twine section, and this has been defined as decoded picture, and decoding device is with respect to the necessary residing orientation of image.
In the following discussion, use can illustrate embodiments of the invention by the coded image of grating lens optical decoder device decodes.Yet, it will be understood by those skilled in the art that and can use any method for encoding images in conjunction with method of the present invention with one group of definable picture characteristics and coding parameter.
As pending trial U. S. application No.10/847 when submitting on May 18th, 2004,943 and No.10/847,962 (are referred to as " pending trial Alasia application simultaneously ", integral body is incorporated into this with for referencial use) described in, some or all coding parameter and the authentication image that are used for making up coded image can be provided by the user, and some or all can carry out the independent parties that coded image made up or served as the controller that coded image produces and provide by reality.In addition, some picture material or coding parameter content that can will be applied to according to coded image or the file that coded image will be embedded into is determined.As in the while pending trial Alasia application in addition as described in, can use many group authentication image and coding parameter group to make up coded image.Each group can be formed by the various combination of the information (that is, image and/or coding parameter) that the user provides and controller provides in these groups.For example, the coding parameter that provides of the first of first coded image or coded image authentication image that can provide based on the user and user makes up.The coding parameter that authentication image that the second portion of second coded image or same coded image can provide based on controller and controller provide makes up.
The image that controller provides and/or the use of coding parameter allow some or all coded image of central controller controls.Coded image itself can be made up by center image encode processor (can be positioned at central controller), and sends to user's processor, perhaps can make up at the processor the user after the central control processor mandate.Fig. 3 and 4 illustrates and is used for controlling the system that coded image produces by requiring the user to get the Green Light/authorize before producing coded image.
With reference to figure 3, autocoding image approval system 100 comprises the user data processor that is connected with approval server 140 by network 160.As example, network 160 can be the local area network (LAN) that common approval server 140 is connected to a plurality of data processors 110.Alternatively, approval server 140 can be positioned at long-range with respect to data processor 110, and the two connects by internet or wide area network and maybe can connect.Under any situation, user data processor 110 can be one of a plurality of user data processors, and can be connected to user interface 120 and printing machine 130.Coded image approval system 100 can also comprise the authentication control appliance (not shown) that can append to user data processor 110 or communicate with user data processor 110.Described in while pending trial Alasia application, this equipment can comprise separate processor or electronic security key, and handle this locality of software on the control user processor 110.
Autofile Verification System 100 can be used for carrying out the required any or all of action of structure coded image.Should be appreciated that these actions can be cut apart, thereby some or all action is carried out as the part of the interacting transaction that carries out between user data processor 110 and the approval server 140.The one or more actions that should also be understood that method of the present invention can be carried out by user data processor 110, and one or more other actions are carried out by approval server 140.
In one exemplary embodiment, can between user data processor 110 and approval server 140, set up interactive sessions.As the part of these affairs, the user can submit to one or more authentication image and/or one or more user that coding parameter is provided to approval server 140.Then, approval server 140 can use these to produce coded image, and coded image is returned user data processor 110, in user data processor 110, coded image is embedded in the file, and storage or printing, to produce certified printed text.Approval server 140 can provide extra non-user authentication image and/or coding parameter to be combined in the coded image.
In a further exemplary embodiment, the user can submit whole file to approval server 140, and approval server 140 is created coded image, and it is embedded in the file, and it is returned user data processor 110, so that printing or storage.With this document, the user can submit to one or more authentication image and/or one or more user that coding parameter is provided, so that approval server 140 is used for creating coded image.
In certain embodiments, producing some or all required action of coded image can be produced by second server.This provides separating of approval and image encoding task, and allows multistage mandate and control.With reference to figure 4, autocoding image approval system 200 comprises first approval server 240 that is connected with user data processor 210 by first network 260.For example, first network 260 is local area network (LAN)s, and first approval server 240 can be compared with the data in the data processor request.Second approval server 270 can be suitable for verifying that coding parameter and mark that user and user data processor 210 are authorized to submit in the use authority request carry out encoding process.This checking can use second group of Valuation Standard to carry out, described second group of Valuation Standard can based on any use agreement clause that uses entity or tissue to set up.These standards can comprise restriction to operable coding parameter, to the restriction of operable number of times of encoding software or operable time span (for example, based on expiration date), to the limited in number of the coded image that can produce and the restriction that the user is provided the content of certification mark.When determining that second authorization criteria is satisfied in request, second approval server 270 can be to user data processor 210 and/or the approval of first approval server, 240 return authorizations.Simultaneously, second approval server 270 can provide specific non-user that coding parameter and/or certification mark are provided, and is used when making up the coded image of being asked by user data processor.
Should be appreciated that the various coding actions of aforementioned authentication method can be cut apart, thereby some or all action is distributed between the user data processor 210 and first and second approval servers 240,270.Will also be understood that, one or more actions of method of the present invention can be carried out by user data processor 210, and one or more other actions can be carried out by approval server 240,270, combine as the part of checking/authorisation process or with checking/authorisation process and carry out.
Fig. 5 illustrates the conventional method according to the control coded image generation of the embodiment of the invention.This method starts from S105, and at S110, by the data processor received code parameter and the changeable indicia of operation authentication software.These can comprise that the authentication image mark that provides with non-user and/or the combination in any of coding parameter are provided the user.At S120 and S130, verify whether fall within the authorization criteria of setting up in advance so that the coding parameter that the user asks and/or provides to be provided.For example, these standards can comprise the predetermined restriction of the coding parameter that can submit to the user.For example, can allow the user only to select specific netting twine frequency or authentication image orientation.
Can set up validation criteria based on the Terms of Use that the user agrees.Except the restriction to coding parameter or certification mark, validation criteria can also comprise the coded image limited in number that maybe can produce the authentication software access times.In either case, when using software, can increase actual access times or picture number.Alternatively, can comprise time-based restriction, for example expiration date.
Authentication software can be configured to: the user attempts to exceed when using restriction or using at coding parameter outside this user's the Terms of Use or mark, will cause limit erroneous message at S135.For example, when if the user asks the coded image of netting twine frequency outside distributing to this user's scope, if actual access times will exceed this user's use restriction, if perhaps authentication image do not satisfy with its in the relevant preassigned of dots per inch resolution perhaps, then can show error message.When determining not satisfy authorization criteria, can stop this method.Alternatively, can point out the user that the input of satisfying authorization criteria is provided.
If satisfy authorization criteria, then authorize cataloged procedure at S140.Can use certification mark to set up digitized authentication image at S150 then.If necessary, can make some or all certification mark form digitized image.Authentication image can also comprise the certification mark that non-user provides.At S160, coding parameter is assembled into the coding parameter group, can be used in the S170 encoded authentication image.The coding parameter group can also comprise the coding parameter that non-user provides except the coding parameter that Any user provides.The coded image that obtains can be stored or be embedded in the file, as previously mentioned.This method ends at S195.
As mentioned above, approval and encoding process step can be divided between a plurality of processors, and these a plurality of processors comprise user data processor and one or more approval server.Fig. 6 illustrates the similar exemplary coded image approval system 300 with the system 100 of Fig. 3.Approval system 300 has the user data processor 310 that can be selectively connected thereto approval server 340 by network 370.As shown in Figure 6, approval method of the present invention can use three main software modules to carry out: client software module 312, approval module 342 and coding module 314.Self can comprise one or more submodules these modules, to carry out specific function in a module, perhaps with other module interfaces.In illustrated embodiment, client software module 312 and coding module 314 reside on the user data processor 310, and approval module 342 resides on the approval server 340.Should be appreciated that coding module 314 can reside at alternatively by network 370 or heterogeneous networks and separating on the encode processor that user data processor 310 communicates.
Client software module 312 can be configured to receive input, and carry out from user data processor 310 usually from the user.Client software module 312 can be suitable for using graphical user interface, and the user can be by described graphical user interface input data, so that send and operated by server software and coding module 314,342.Input from the user can comprise that the user wishes to be used as the authentication image of visual and/or hidden image when creating coded image.Input can also comprise user's specified coding parameter, for example resolution of netting twine frequency or original image and desirable coded image.
Client software module 312 can be suitable for accepting user's input, and the request of formulism expression to authorizing, to produce coded image based on this input.As described in the aforementioned approval method, this request can send to approval server.Client software module 312 can also be suitable for compressing and be identified as the authentication image file of using when creating coded image.The compression of authentication image produces compression or " breviary " authentication image.Original authentication image (and the compressed image that obtains) can be the image file of any kind, for example bitmap, JPEG, TIFF or GIF image.The breviary authentication image can ratify a motion with coding and send to approval server 340, and as hereinafter described in more detail, can generate the image signatures that can use in the checking of the second level by approval module 342 usefulness.
In approval system 300, the mandate that client software module 312 is asked from approval module 342, and call authentication image and the coding parameter establishment coded image that coding module 314 uses approval module 342 to be ratified subsequently.Should be appreciated that, though client software module 312 can reside on the user data processor 310 and by user data processor 310 and carry out, but alternatively, it can reside on the remote server (can be approval server 340), and the user visits this remote server by web browser or private client software module.In this case, the software of carrying out on user data processor 310 can be confined to be used for submission information to request for permission and to make up the user interface of coded image.
Fig. 7 illustrates from user data processor, and specifically, the visual angle of client software module obtains the flow chart of the processing of coded image.This processing starts from S205.At S210, receive the information relevant from the user with desirable image encoding by user interface.The user can also provide user certificate, and for example the user name and password in order to obtain the mandate of coded image, can require these information alternatively.The information that the user provided can be designated one or more authentication image and be used for coded image.These images can be stored in the image file that any typical way was identified with select File from the arbitrary data storage medium.The coding parameter that will use when user profile can also be included in encoded authentication image.
At S220, the client software module obtains one or more authentication image.These images normally obtain by retrieving from storage medium based on the information that the user provided.Alternatively, their data that can provide from the user.Then, at S230, can be with authentication image boil down to thumbnail image.Then, thumbnail image being sent to as the coded image authorization requests with user certificate (if requirement) and coding parameter may be apart from the approval server at the long-range place of user processor.It will be understood by those skilled in the art that the image that sends with the request of encoding alternatively can be with not compressed format transmission.Yet, have been found that and use compressed image file to have great processing and transmission speed advantage.
As following described in more detail, approval module verification user certificate and coding parameter on the approval server, and return authorization response.If coded image is authorized to, then ratify one or more image signatures that module can also be returned authentication image received from request and coding parameter generation.In certain embodiments, the approval module also will be returned the coding parameter that non-user provides, so that use when making up coded image.In these embodiments certain is in some, and the approval module can also provide the authentication image of non-user's appointment, so that use when the uncontrollable extra coded image of encoding user.
At S250 and S260, the client software module receives the authorization response from approval server.If authorization response is negated then in S265 generation error message, and to return to the user.This message can be notified the user why to authorize and be rejected, and/or can indicate and will give the mandate that another time of user chance comes requested image to create.If authorization response is sure,, can also receive image signatures from the approval module then at S270.The client software module is called coding module at S280 then, and to its transmit the image signatures that receives from the approval module and original do not compress authentication image file, the specified coding parameter of client before request is authorized, if and suitably, any coding parameter or the authentication image that receive from the approval module.As following described in more detail, coding module is carried out final ratification process, and if the result be sure, then make up the coded image asked.This processing ends at S295.
Can be with the approval block configuration for receiving and the request of approval coded image.Whether approval can comprise verifies that usually the user is the authorized user of coded image, and authorize this user to receive or produce the coded image of being asked.Should be appreciated that the function of approval module can be carried out by single approval server, perhaps can be distributed in a plurality of servers, any or all of can being in apart from the long-range place of user data processor in these servers.Approval server can be by application program trustship (host), for example IIS of Microsoft.
Fig. 8 illustrates the angle from approval server, specifically, ratifies the flow chart of coded image processing of request from the angle of approval module.This method starts from S300.At S310,, receive coded image request from the coded image requestor by user data processor.The coded image request can comprise requestor's identification information such as the user name and password and the image information relevant with the coded image of being asked.As mentioned above, image information can comprise in the coding parameter that authentication image that the user provides and user provide one or both.At S320 and S330,, can use requestor's identification information to verify that the requestor is legal system user by using information from customer data base.If the user name and password illegal (not valid) then returns negative approval response at S345 to the requestor.If the user name and password legal (valid) is retrieved from data storage device at one group of this requestor predetermined approval standards at S350.At S360, image that will receive from the requestor and coding parameter and approval standards are relatively.If the coding parameter of being asked in the specified scope, does not then return negative approval response at S345 to the requestor in approval standards.If the coding parameter of being asked in the specified scope, then authorizes the coded image of being asked to create in approval standards, and returns sure approval response at S380 to the requestor.For the purpose of verifying in the future, the approval module can be stored the daily record of each user's action in customer data base.Shown in the example system 300 of Fig. 6, can on independent database server 350 (for example, sql server), set up customer data base 352.
As mentioned above, sure approval response can comprise that the non-user in the coded image of asking being combined in provides authentication image and/or non-user that coding parameter is provided.As preventing that the requestor from attempting to change the additional safety precautionary measures of authentication image or coding parameter after authorizing, can be included in the image signatures that S370 generates according to the authentication image that sends the approval module in the coded image request to the sure approval response that the requestor sends at S380.Here employed " image signatures " be meant and use predetermined signature algorithm, according to any unique numerical calculation or the diagrammatic representation that image calculated or made up, and can be used for the content of an image of comparison and the content of another image.
In the method for the invention, the image signatures that the approval module uses the particular signature algorithm to generate can be sent to requestor's user processor, is wherein received by the client software module, and is transmitted to coding module.As will be descr, coding module uses identical signature algorithm, generates the contrast signature according to its authentication image that receives from the client software module.Then, contrast signature and the signature that receives from the approval module can be compared, whether change to determine authentication image and/or coding parameter.
Coding module is the part of system, is performed to use authentication image and coding parameter to create coded image.Coding module can be carried out with respect to the client software module is local, for example by software is installed on the user's computer.Alternatively, coding module can long-rangely be carried out, and for example is being used on the computer of trustship approval module.Determine that it still is the size that long-range execution can be depended on the coded image of being created that coding module should locally be carried out.The coded image of high and low resolution can be created by system.
When will preferably using this locality of coding module to carry out when the high-resolution authentication image produces coded image.In this case, long-range execution will need the original and coded image by Network Transmission, and this may cause the user effort long period to send original image and received code image.The size of employed high-resolution coded image can be up to 1GB or bigger in the exemplary embodiment of the present invention.Therefore, long-range coding may cause the too high processing time.Yet if concern of data transmission speed not, if perhaps bandwidth is enough to the bigger file of transmission rapidly, it can be desirable substituting that long-range coded image is created.
Client and approval module use the management code of the interpretative code of Java and so on or Microsoft.Net and so on to develop usually, and this can not provide enough data processing speed and at the fail safe of decompiling.Owing to this reason, coding module preferably uses from the image processing code precompile of writing with C, C++ or assembler language, the image processing function collection of height optimization, and can be encapsulated in addition in the security envelope (envelop) (for example, the security envelope that AladdinSystems provided).This can increase the processing speed during coded image is created processing, and provides additional safety to prevent to attempt decompiling image processing code.
Fig. 9 shows the illustrative methods that produces the coded image of approval from the angle of coding module.This method starts from S400, and at S410, and coding module receives the image signatures that sends from the approval module and by user ID actual original (that is, compressing) image for the authentication image that will be used for creating coded image.The approval module coding parameter that institute ratifies and/or provides when the coded image establishment is authorized to also is provided coding module.
When receiving image and coding parameter information, coding module is this locality storage approval standards of retrieval user inaccessible alternatively.If coding module is arranged in user data processor, approval standards for example can be stored in the additional hardware keys (hardwarekey) of user data processor.This has guaranteed can not change coding parameter after the approval of approval module.Hardware keys can also comprise based on the spendable pre-determined number of user or based on restriction expiration date, that coding module is used.
Coding module is retrieved the local approval standards of storing at S420, and ratifies coding parameter at S430 according to these standards.If this approval step is unsuccessful, then return error message at S435.If ratify successfully, then coding module independently calculates the movement images signature at S440 according to the original image that client modules is sent to coding module.Use the approval module to be used for the identical algorithms that sends to the image calculation image signatures of ratifying module is calculated the movement images signature.Then with coding module image signatures of creating and the image signatures that is sent to coding module from the approval module relatively at S450.If signature does not match, then return error message at S465 in specific predetermined range of tolerable variance.If signature mates in predetermined tolerance, then authorize ultimate authority, and create coded image at S470 to the establishment coded image.At S480, the coded image of newly creating can be saved in the data storage medium (for example dish), then so that when creating galley, visit subsequently.Alternatively or in addition, can show immediately or the printed codes image.This method ends at S495.
If the image that provides to the approval module provides with compressed format in order to be given the ratification, then the range of tolerable variance of signature should be established as the difference of considering between image signatures of creating according to original image and the image signatures of creating according to compressed image file (for example, the image signatures of approval module creation).Alternatively, coding module can be included in and calculate the additional step that the contrast signature compresses authentication image before.Another possibility is to make client software provide compressed image and compressed image not to coding module.Coding module will use compressed image to calculate contrast signature, and use not that compressed image produces coded image.
The system 300 of Fig. 6 can also comprise database monitor module 360.For the fail safe that strengthens, database monitor module 360 can be the standalone module that is in outside the call function that client software, server software and coding module 312,314,342 are coupled together.Database monitor module 360 can be carried out by independent work station, perhaps carries out on the net at the safety local, in either case, and preferably only can the access server database, separate with other parts of system 300 to keep database monitor module 360.Database monitor module 360 can be used for canned data in visit and the update service device database 352 by its other party outside the user, for example add or expand at specific user's mandate coding parameter and when the service database 352 useful management function.
System 300 can be based upon in any development environment, for example Java or Microsoft.NET.Equally, programming model can use any available model, but three widely available selections comprise ASP.NET .NET Remoting and Web Services.For example, if estimate to exist a large amount of coding requests and many client access points in the various computing system, then the model of setting up with ASP.NET or Web Services may be preferred.Yet for more controlled, low capacity, customized application .NET Remoting may be preferred, this application usually be used to protect the high-definition picture of packing, currency, seal, bill etc. to be associated.
Each module of system can comprise one or more submodules, and design comes the interior specific function of particular module of executive system.For example, client software module 312 can comprise Subscriber Interface Module SIM 315, client far module 316 and addressable port module 317.
Subscriber Interface Module SIM 315 can be a graphical user interface.This interface is that the client is seen on its computer screen and is used for collecting the components of system as directed of coding and messaging parameter.Coding parameter can comprise the number and the orientation of the coded image that will create, and messaging parameter can be regulated the client software module and how is connected establishment with the mandate coded image with approval module 342.
Client far module 316 management of client software module 312 and communicating by letter of approval module 342.Similarly, addressable port module 317 communicates with coding module 314, and is responsible for transmitting information that client software modules 312 receive from approval module 342 and from the information of client software module 312 self to coding module 314.Its in the future the information of own coding module 314 send it back client software module 312, for example encode progress msg and code error message.
Approval module 342 can comprise submodule, for example manage to/from the server in communication far module 344 of client software module 312, and the communicating by letter of management and server database 352 with the database interface module 346 of record client activities on approval server 340.Approval module 342 can also comprise the data processing module 348 of the information that processing is received by other modules and the submodule of system 300.
If use database monitor module 360, this module can also comprise several submodules.Typical submodule can comprise Subscriber Interface Module SIM 362,, is reported and other stored informations to check data-base recording, client with visiting this surveillance application module by a side.Database interface module 364 management are communicated by letter with database 352, offer the information of Subscriber Interface Module SIM 362 with retrieval.Database management module 366 can be used for handling management function, for example stores the user name and password, carries out DB Backup, and for other useful management type functions of maintenance data base 352.
The function of above-mentioned main software modules can be carried out with the form of the various combinations on the various computing machine, to create the multiple-limb system, software module is divided into client application and commercial affairs end application program.Should be appreciated that one or more users can be by the computer access system that is connected with the internet.Should be realized that though the internet may be the network of easy visit, the module of system communicates by it, can use any computer network.As previously mentioned, if subscriber computer comprises coding module, then computer can also the add-on security key, for example the HASP key that can obtain from Aladdin Systems.
The subscriber computer of carrying out the inventive method can be connected to the webserver on the internet by first fire compartment wall.The webserver then can be by the information in the second firewall access database server, to obtain and/or recorded information.Database server can also be connected to monitor module, and described monitor module can comprise one or more work stations and the swap server useful to accessing database, to monitor the state from the input and output communication of database server.
System and method of the present invention provides multilevel security, can prevent adulterator's unauthorized use or prevent that the user from creating coded image outside the mandate coding parameter with several means.By using hash function, be intended to be used for creating the image of coded image at the user, create described image signatures, can set up extra protection.Whether hash function (hashing function) can compare itself and the independent signature of creating then to the summary or the signature of the data allocations compactness of being transmitted, distorted during the transmission to analyze data.Some example of hash function well known in the art comprises MD2, MD4, MD5, SHA and SHA-1.
As mentioned above, in certain embodiments of the present invention, the authentication image of user's appointment sends to server software module with breviary (that is compression) form.During verifying, the image that server software module sends contracting produces signature, and it is returned the user with checking.Coding module is independent to produce signature to the still also unpressed image of send, and it can be compared with the signature that server software module is returned then.Be different from the image that server is authorized if the user attempts to be used for to create the image of coded image, then signature will not corresponding mutually, and system will can not handle the request of establishment coded image.
Can use any signature algorithm in the method for the invention.Yet, exist specific signature characteristic to increase security performance of the present invention and processing speed.For example, when handling high-definition picture, the image that can seriously not change when image being carried out strong and/or weak fidelity image compression is preferred.During reducing the remote validation processing, must usually wish to carry out this compression by the amount of information of network exchange.Signature calculation preferably also has high execution speed, with the delay of the signature created in the delay of the delay of avoiding reception server response, precoding signature calculation or the comparison server software module.Although wish to possess above-mentioned characteristic, signature algorithm also should be enough responsive, to allow to detect the material alteration to image.Above-mentioned hash function can be extremely responsive to any modification of protection image, but also have the low tolerance to relatively poor compression algorithm.Can make up signature based on picture material descriptor (including but not limited to morphological feature, color and brightness histogram etc.), bearing high compression, and enough responsive, with the very little modification of detected image.Signature can be constructed as reversible or irreversible transformation, is easy to strengthen the speed of overall process by using the latter.
Can make up image signatures by using the image projection of specifying on the axle, realize above-mentioned signature target.At first image is got threshold value, and, calculate the foreground pixel number, create signature thus to each point on the dead axle.In order to make signature for compression losses robust more, image can be divided into the bar of predetermined number, then to each bar, calculate the foreground pixel number, rather than every bit on the axle is calculated.With the value normalization of being calculated, so that signature shape and image size are irrelevant.In order to improve susceptibility, can use the projection on several disalignments to amending image.
The image signatures that server software module calculated can be the JPEG image compression image based on the compressed image that receives from the client software module in certain embodiments of the present invention.The image signatures that coding module calculated uses the file of original, uncompressed.This can cause the processing time to reduce, and the communication between the image processing code of user interface, remote code and establishment coded image is simplified.The little difference that is worth between this signature that can also cause client and server to generate, this must consider when signature compares.Each of signing is worth the absolute value of the error of calculation.Then with these error amount normalization, and calculating mean value.If mean error greater than predetermined tolerance, then is considered as image destroyed or replacing.This causes the approval step failure, and returns error message.
In certain embodiments of the present invention, the thumbnail that sends to the software server module can be encapsulated in the individual data structure before being sent by the client software module together.This has guaranteed that server receives all digital informations simultaneously.Similarly, the signature that the approval module can be created all images was encapsulated into before sending it back subscriber computer in the data structure together.
In certain embodiments, when server software determined that request is illegal, the approval module can be distributed the default signature of any signatures match that will be not can not create with coding module, and for example zero.This causes any processing of coding module refusal to coded image.
In certain embodiments, the use of safe key can allow to use symmetric key encryption by network transmission information the time.This still keeps aspect the data encryption simultaneously in that communication faster is provided may be favourable.
Can set up separately or build upright another grade protection jointly with other described set of security features is that secure internet is connected, and security socket layer for example is to provide the secure communication between client software module and the approval module.
Can realize extra security feature, for example use two disjoint server to carry out the function of approval module.For example, first server can be the webserver, isolates by fire compartment wall with all client modules (client software module, and in some cases, coding module).This webserver is the initial server that the client software module communicates with it when sending remote authentication request.The webserver can also be used to adding new record to database.The webserver can be connected to second server by another fire compartment wall then.Second server is a database server, and main data storage is provided, and is used for checking and authorized client and creates coded image.Though using two servers may be favourable in some environment, should be appreciated that this is dispensable, and in fact database server and the webserver can be the single computer that does not have firewall protection between them.
Should be appreciated that communication channel and the data formatting transmitted at remote data can change based on desirable systemic-function.The typical protocol of transfer of data comprises HTTP and TCP.Use TCP can cause faster transmission, but third party or client firewall may hinder with acting server or blocking TCP is communicated by letter, therefore HTTP may be acceptable in internet environment, even be preferred scheme.Data formatter can comprise SOAP, binary system or custom formats device.
Those skilled in the art should be easily understood that the present invention is suitable for practical widely and uses.Under the prerequisite that does not break away from essence of the present invention or scope, according to the present invention and the description of front, with clear or rationally propose to describe here outside of the present invention many embodiment and reorganization, and many changes, modification and equivalent arrangements.
Though previous figures has also been described exemplary embodiment of the present invention, should be appreciated that, the present invention is not limited thereto the disclosed structure in place.Under the prerequisite that does not break away from spirit or essential attributes, the present invention can realize with other particular forms.

Claims (16)

1. automated process that is used to authorize and control the generation of optical encoding image, this method comprises:
Receive the request that produces coded image to authorizing from user data processor, described authorization requests comprises that the user provides data, and described user provides data to comprise at least one authentication image file;
Determine whether that authorized user uses the user to provide data to produce coded image;
Use the user to provide data to produce determining of coded image in response to authorized user, use the image signatures algorithm, according to described at least one authentication image file, generation authentication image signature, and return sure authorization response to user data processor, described sure authorization response comprises the authentication image signature.
2. automated process according to claim 1 determines whether that wherein the action that authorized user uses the user to provide data to produce coded image comprises:
Determine that the user provides data whether to satisfy predetermined authorization criteria at this user.
3. automated process according to claim 1, wherein the user provides data to comprise that the user provides coding parameter.
4. automated process according to claim 3 determines whether that wherein the action that authorized user uses the user to provide data to produce coded image comprises:
Determine that the user provides data whether to satisfy predetermined authorization criteria at this user, described predetermined authorization criteria comprises the limited field that the user is provided coding parameter.
5. automated process according to claim 1 determines whether that wherein authorized user uses the user to provide the action of data generation coded image to be carried out by the approval server that communicates by network and user data processor.
6. automated process according to claim 1, wherein said at least one authentication image file comprise by not compressing the breviary authentication image that forms to compressing authentication image, and generate the authentication image signature according to the breviary authentication image.
7. automated process according to claim 6, wherein take so image signatures algorithm, make the authentication image signature that generates according to the breviary authentication image in predetermined range of tolerable variance, coupling to use described image signatures algorithm according to not compressing the contrast images signature that authentication image generates.
8. automated process according to claim 1, wherein image signatures is suitable for being used for ratifying request to coded image by image coding module, and described image coding module and user data processor communicate, and are suitable for:
Authentication image and authentication image signature are not compressed in client software module reception from user data processor,
Use the image signatures algorithm,, generate the contrast images signature according to not compressing authentication image,
Relatively the contrast images signature is signed with authentication image, and
In predetermined range of tolerable variance, mate determining of authentication image signature in response to the contrast images signature, use and do not compress the generation that authentication image is initiated coded image.
9. automated process that is used to produce the optical encoding image, this method comprises:
From the request of user's reception to coded image;
Reception will be used for producing the authentication image of coded image;
Reception will be used for producing at least one coding parameter of coded image;
Send the request that produces coded image to authorizing to the approval module, the request of authorizing is comprised authentication image file and described at least one coding parameter, and described authentication image file comprises in the group of being made up of the not compressed version of the compressed version of authentication image and authentication image at least one;
Receive authorization response from the approval module, described authorization response comprises the authentication image signature;
Use the image signatures algorithm,, generate the contrast images signature according to authentication image;
Relatively whether contrast images signature and authentication image signature mate the authentication image signature to determine the contrast images signature in predetermined range of tolerable variance; And
In predetermined range of tolerable variance, mate determining of authentication image signature in response to the contrast images signature, use authentication image to produce coded image.
10. automated process according to claim 9, wherein ratifying module is the part of approval server, and receive request, receive authentication image, receive at least one coding parameter, send, receive authorization response, generate the contrast images signature the request of authorizing from the user, relatively contrast images signature and authentication image signature and the action that produces coded image be by the user data processor execution of carrying out selective communication by network and approval server.
11. automated process according to claim 9, wherein ratifying module is the part of approval server, and receive request from the user, receive authentication image, receive at least one coding parameter, transmission is carried out on the user data processor that carries out selective communication by first network and approval server request of authorizing and the action that receives authorization response, and generate the contrast images signature, relatively the contrast images signature is signed with authentication image, and the action that produces coded image is carried out by the coding module on the encode processor that carries out selective communication by second network and user data processor, wherein second network can be identical with first network, and described method also comprises:
Send request from user data processor to encode processor, the request of coded image is comprised authentication image file, described at least one coding parameter and authentication image signature coded image.
12. automated process according to claim 9 also comprises:
The compression authentication image is to form the compression authentication image; And
To compress authentication image is stored in the authentication image file.
13. automated process according to claim 12, wherein take so image signatures algorithm, if use described image signatures algorithm to generate the authentication image signature according to the compressed version of authentication image, then the contrast images signature will mate the authentication image signature in predetermined range of tolerable variance.
14. an automatic system that is used to authorize and produce the optical encoding image, this system comprises:
The approval module, reside on first data processor, described approval module is suitable for receiving the image encoding authorization requests from the requestor, described request comprises that the user provides data, described user provides data to comprise authentication image file and at least one coding parameter, be suitable for determining whether that authorized user uses the user to provide data to produce coded image, be suitable for using the image signatures algorithm to generate the authentication image signature according to authentication image file, and be suitable for to the response of requestor's return authorization, described authorization response comprises the authentication image signature;
The client software module, reside on second data processor, carry out selective communication by the network and first data processor, described client software module is suitable for from the request of user's reception to coded image, be suitable for receiving and be used for authentication image that coded image is encoded, be suitable for sending the image encoding authorization requests, and be suitable for receiving authorization response from the approval module to the approval module;
Coding module, carry out selective communication with the client software module, described coding module is suitable for receiving authentication image from the client software module, described at least one coding parameter and authentication image signature, be suitable for using described image signatures algorithm to generate the contrast images signature according to authentication image, be suitable for comparison contrast images signature and authentication image signature to determine whether the contrast images signature mates the authentication image signature in predetermined range of tolerable variance, and be suitable in predetermined range of tolerable variance, mating determining of authentication image signature, use authentication image and described at least one coding parameter to generate the coded image of being asked in response to the contrast images signature.
15. automatic system according to claim 14, wherein authentication image file comprises by not compressing the breviary authentication image that forms to compressing authentication image, and generates the authentication image signature according to the breviary authentication image.
16. automatic system according to claim 15, wherein take so image signatures algorithm, make the authentication image signature that generates according to the breviary authentication image in predetermined range of tolerable variance, coupling to use described image signatures algorithm according to not compressing the contrast images signature that authentication image generates.
CN 200480038292 2003-12-22 2004-12-22 Method and system for controlling encoded image production using image signatures Pending CN1898895A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US53181003P 2003-12-22 2003-12-22
US60/531,810 2003-12-22
US11/018,347 2004-12-21

Publications (1)

Publication Number Publication Date
CN1898895A true CN1898895A (en) 2007-01-17

Family

ID=34700184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200480038292 Pending CN1898895A (en) 2003-12-22 2004-12-22 Method and system for controlling encoded image production using image signatures

Country Status (3)

Country Link
CN (1) CN1898895A (en)
CA (1) CA2490565A1 (en)
MX (1) MXPA05000161A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102842167A (en) * 2011-06-24 2012-12-26 日立欧姆龙金融系统有限公司 Automatic transaction device with image evidence function

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105760750B (en) * 2016-02-01 2019-06-14 北京华胜天成科技股份有限公司 Software tamper Detection method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102842167A (en) * 2011-06-24 2012-12-26 日立欧姆龙金融系统有限公司 Automatic transaction device with image evidence function
CN102842167B (en) * 2011-06-24 2015-05-13 日立欧姆龙金融系统有限公司 Paper money processing device and control method of paper money processing device

Also Published As

Publication number Publication date
MXPA05000161A (en) 2005-08-26
CA2490565A1 (en) 2005-06-22

Similar Documents

Publication Publication Date Title
US7114074B2 (en) Method and system for controlling encoded image production using image signatures
CN100405811C (en) Electronic image data verification programme and system and method
Saha et al. Steganographic techniques of data hiding using digital images
EP1147493B1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
CN1259634C (en) Encryption antiforgery method based on substance characteristics
CN1091329C (en) System for embedding authentication information into image and image alteration detecting system
EP0640946A1 (en) Method and apparatus for verification of classes of documents
CN1158105A (en) Unlaterable self-verifying articles
CN1520679A (en) Method of authenticating plurality of files linked to text document
CN1710577A (en) Digit water-mark certificate anti-fake method based on mobile communication network
CN111079573A (en) Anti-counterfeiting encryption method based on image random scrambling technology
CN108960387B (en) Anti-counterfeiting two-dimensional code and generation and identification method thereof
CN1691087B (en) System and method for decoding digital coding image
US6971010B1 (en) Image and video authentication system
WO2019114614A1 (en) Original photo identification method and system
CN1932852A (en) Tax control machine material characteristic encrypted antifaking method
JP2021529336A (en) 2D barcode generation method, authentication method, server, and 2D barcode
CN1898895A (en) Method and system for controlling encoded image production using image signatures
CN1153402C (en) Methods and systems for creating and authenticating unalterable self-verifying articles
CN116167807A (en) Bill anti-counterfeiting method and device, electronic equipment and storage medium
EP4420298A1 (en) System for authentication and authentication method
CN109064375B (en) Zero watermark-based large data property identification method and system
CN1475072A (en) Image system monitored or controlled to ensure fidelity of files captured
CN112418371A (en) Secure three-dimensional code for blockchains and methods of generating and decoding
CN113743933B (en) E-commerce platform transaction information encryption transmission method and system based on block chain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20070117