DE102016007140A1 - authentication system - Google Patents

Abstract

The present invention is directed to a method for remotely authenticating a value document and is further directed to a suitably established authentication system. Furthermore, a computer program product is proposed with control commands which implement the proposed method. According to the invention, it is particularly advantageous that by means of the proposed method an authentication of the value document can also be carried out via a data connection using a camera.

Description

The present invention is directed to a method for remotely authenticating a value document and is further directed to a suitably established authentication system. Furthermore, a computer program product is proposed with control commands which implement the proposed method. According to the invention, it is particularly advantageous that by means of the proposed method an authentication of the value document can also be carried out via a data connection using a camera.

A large number of documents of value are known which, for example, identify a user with regard to a security device. Identity documents are also known which typically have a photograph of a cardholder together with personalized data. Typically, the authentication takes place in such a way that a cardholder physically provides the corresponding card or document of value and, for example, holds it up to a customs officer. The customs officer can then check whether the cardholder agrees with the security features, in particular a photograph with biometric features. For this purpose, the identity document is handed to the official and the official can view the security features from different angles and distances.

Also known are authentication systems, which are performed via a data connection. These are typically password-based and require appropriate user input. The inputs to be kept are typically created by the user himself and may, for example, include an e-mail address and a password. However, an email address does not indicate the actual owner of the email address. For example, this could have been created under a false name.

Also known are banking services that allow account opening by identification by means of a webcam. Thus, one can identify, for example, in front of a home PC via a video call to a verification. To check the authenticity, not only a conversation but also security features on identity documents are checked. By way of example, the hologram is mentioned here. The check is carried out optically by a person in the Verification Center using the transmitted webcam images. In addition, it is known to send security features by means of an email or an SMS. This security information must then be read out via Voice-over-IP.

The EP 2 559 563 A1 shows a security method with optical features. In this case, an image is provided, which is optically subdivided in further method steps. These partial images are then arranged on transparent sub-elements of a value document in such a way that they give the overall picture in their view. This essentially corresponds to the characteristics of a watermark. In this case, however, the document always depicts an at least semi-transparent feature which makes it possible to view the individual partial images. Furthermore, a mask is used which divides the output image into partial images.

The security features on cards and identity documents have typically been developed for optical or automatic verification by persons. The examiner can take the ID card in his own hand and move it under different lighting conditions. When checking with a webcam, the transmission quality is worse, there is the possibility to digitally change images before transmission and the person checking can not move the card itself and feel. When verifying via a terminal, such as a laptop or a mobile terminal such as a smartphone, there is the difficulty that the detecting terminal is under the full control of the user. An attacker who wants to legitimize himself as a user in the course of an attack, has any means to make changes by software between the recording of the image and the transmission to the verification.

Thus, conventional methods are not suitable for carrying out a remote check of a value document with a reliable result and with little technical effort. In particular, optical methods can be manipulated. In methods that relate only to the data itself, appropriate readers are provided, which in turn means an increased technical effort.

It is thus an object of the present invention to provide a secure method which allows to securely authenticate a value document via a data interface. Here, the corresponding method should be operated with little technical effort and allow the greatest possible user comfort. In particular, typically already existing hardware components are to be used without the user having to buy additional hardware components. It is a further object of the present invention to provide a corresponding authentication system, as well as a computer program product, which is set up To operate authentication system or to implement the proposed method.

The object is solved with the features of independent claim 1. Further advantageous embodiments are specified in the dependent claims.

Accordingly, a method for remote authentication of a value document by camera is proposed. Steps are proposed which include dividing an optical feature into a set of first and second optical features in dependence on personalized data of the asset. Furthermore, a provision of the first optical sub-features, which are applied to the value document, by means of an optical reading device to an authentication device. Subsequently, the value document is authenticated on the basis of a check as to whether the provided first optical sub-features represent the optical feature when superimposed with the second optical sub-features. The second optical sub-features are created by the authentication device in dependence on personalized data.

A remote authentication of a value document in this case describes in particular that the value document and the corresponding authentication device remotely exchange data with one another via data communication. It is therefore not possible for the value document to be held directly by the inspection agency, but rather an authenticity check or an authentication should take place such that the authenticity of the value document is checked by means of a camera, for example in the case of online banking.

Authentication here describes an authenticity check of a value document, in particular with regard to whether the given user actually requests a service with a genuine value document. Thus, there is an implicit authentication of a user, since this user holds the corresponding value document. In particular, it is inventively avoided that, for example, in a document of value, the name of the cardholder or even the photograph of the cardholder is changed. For example, it would be conceivable that an identity card is stolen, this name is retained and only a photo is stuck over the photo of the rightful owner. Thus, a manipulation of only a part of the security features, whereupon an unlawful owner can procure services under a different name. In particular, it is particularly advantageous over the prior art that despite the remote authentication by means of the camera, the data are linked in such a way that optical features are also linked to further personalized data.

Accordingly, it is particularly advantageous to provide a document of value as a document of value. On this identity document optical partial features of an optical feature are then provided. An optical feature may represent, for example, an image or a symbol, which is divided into sub-images in an example, first process step. This division of the optical features into a set of first and second optical partial features thus results in at least a first partial image and a second partial image. Accordingly, the partial images are also described as partial optical features. For this purpose, provision may be made, for example, for personalized data of the value document or of the cardholder to be taken into account in accordance with a distribution logic in such a way that a first and a second optical partial feature result. For example, this personalized data may be the name or a card number. Thus, a partitioning algorithm may calculate a value based on the personalized data indicating how to divide the optical feature. This can be done such that certain parts, such as pixels, are picked out of the optical feature and then stored as a partial feature. Also, split information may be provided on the security document. In this case, it is possible to specify partial areas of the optical feature as personalized data, which then only have to be applied to the optical feature and thus explain how the division is to take place.

In particular, it is also possible to deposit in a database, such as, for example, depending on certain characteristics of the name of the cardholder or a number of the value document, a division should take place. In this case, the person skilled in the art is familiar with further methods of dividing an optical feature as a function of the data provided.

The respectively first and the second optical sub-feature is to be understood such that a plurality of first sub-features and a plurality of second sub-features may arise. Overall, it is advantageous that the first and the second features, be it only one feature at a time or a plurality of features in each case, result in a visual overview of the optical feature. In particular, it is also possible to provide a group of partial features which also has to be provided by the value document or the authentication device.

The splitting of the optical feature into a set of first and second optical partial features can already take place during a production process of the value document. In particular, according to the invention, it is not necessary to calculate the first optical partial feature during a run time of execution of the method according to the invention. This can be calculated before the execution of the method according to the invention and applied or attached to the document of value. Thus, it is possible to provide the optical part feature only at the execution time of the proposed method by means of the value document. This can be done, for example, by holding it in front of a camera or an optical reading device. Thus, the process step of splitting the optical feature may be referred to as a preliminary process step.

When the first partial optical features are provided, it is also possible to provide the second partial optical features, but it must be ensured that the first partial optical features can be clearly distinguished from the second partial features. For example, the first optical sub-features may be provided in a first color and the second optical sub-features in a second color.

Typically, this can be done by a user holding his identity document, which is adapted according to the invention, in front of a webcam. The webcam, that is to say a camera, captures an image of the identity document and in particular of the first partial optical features. This image of the identity document or the images of the identity document are then transmitted via an Internet connection to an authentication server. For example, the server may then provide the authentication device.

Depending on the data transmitted or the first optical partial feature provided, an authentication of the value document or of the user takes place. Typically, the value document refers back to the user, whereby the present method may also be referred to as a method for remotely authenticating a user.

According to the second optical sub-features are not provided in advance of the authentication device, but rather they are calculated at runtime of the proposed method. This is done depending on personalized data of the value document. This has the advantage, in particular, that the optical first partial features of the value document are manipulated, for example by means of pasting over by a manipulated image, so the second optical partial features are not suitable, together with the first optical partial features, to represent the overall optical feature, ie the optical feature. This is the case in particular because not only are first partial features and second partial features provided which give an overall picture, but rather the first and the second partial features are also personalized. In a further method step, according to the invention, the checking is performed as to whether the partial features match, but the second partial optical features are recalculated.

Thus, it is explicitly not a division of the optical feature into first and second sub-features, without the second sub-features are verified. Rather, according to the invention, only the first optical sub-features are extracted when splitting the optical feature. Thus, after splitting, the second optical sub-features can be discarded again. This is the case because they are created anyway in a final process step by the authentication device. Thus, the authentication device is able to calculate the second sub-features without having to rely on splitting the optical feature. Thus, it is particularly advantageous over the prior art that a new method step is introduced, which allows the authentication device to calculate the second partial optical features independently of other components. It is also possible in accordance with the invention not to store the second optical sub-features on a data memory since these could be manipulated there. On the contrary, the method according to the invention is set up to calculate the second optical sub-features on the basis of the personalized data, to carry out the authentication and to reject the second optical sub-features again.

If a manipulation of the optical feature now takes place, then the personalized data of the value document would also have to be adapted. For this purpose, however, an attacker is not aware of how he has to change the optical characteristics depending on the personalized data in such a way that they would satisfy the second optical feature together with correspondingly personalized data.

Thus, according to the invention, it is not merely a matter of providing certain features which, although personalized, have to be counterchecked only on the checking side. Rather, it is inventively the case that also calculates second security features which, together with the first security feature, must result in an overall security feature. This is performed such that the first optical sub-features are superimposed by the authentication device with the second optical sub-feature. The resulting overall image should now again correspond to the starting characteristic, ie the optical feature which has been split. The superimposition is to be understood metaphorically, and can typically be performed by appropriate hardware or software components. Thus, no physical overlay of the partial features is necessary. It can therefore also be done by means of a virtual joining of the first and second optical sub-features. It should be noted that the value document is detected in perspective by the optical reading device. As a result, the first partial optical features are not displayed at an optimal angle but are typically distorted. Thus, it may be necessary to provide further method steps during the checking, which just align the captured image. Also, a certain variance has to be taken into account, which is typically the result of imaging techniques and should not immediately lead to a negative review. Thus, overlaying the first optical sub-features with the second optical sub-features should substantially yield the optical feature. The term "substantially" refers to a tolerance range that indicates a deviation between the composite image and the original image.

According to one aspect of the present invention, the splitting of the optical feature is independent of the creation of the second optical sub-features. This has the advantage that the splitting of the optical features can be performed in a first instance and the creation of the second optical features in a second instance. This means in particular that the splitting into separate hardware components can be performed by the authentication device. Thus, the dividing step is independent of the dividing step of creating the second partial optical features. Thus, there is a decoupling of the provision of the first part features and the second part features. In particular, the splitting of the optical features or of the optical feature with respect to a production of the badge can take place. At a later point in time, namely during the authentication, the second partial optical features are then recalculated and the authentication process performed. This increases the safety of the proposed method over the known methods.

According to a further aspect of the present invention, the provision of the first optical sub-features takes place by means of a data connection. This has the advantage that a remote authentication can be carried out in such a way that, for example by means of a smartphone, an image of the value document can be created and this can be transmitted to an authentication device, for example via a wireless mobile radio interface.

According to a further aspect of the present invention, the provision of the first optical partial features takes place by means of a camera, in particular a web camera. This has the advantage that a simple authentication of a user with respect to a value document can take place and in this case the user can fall back on existing hardware. The feature of a camera here also includes, for example, a mobile phone camera, a notebook camera or generally a camera which is set up to provide a digital image of the value document. This has a practical advantage in particular because the proposed method can be integrated into existing services, for example an online banking app.

According to another aspect of the present invention, the personalized data is provided textually on the value document. This has the advantage that, for example, a name of a card holder or a number of the value document can be provided on the value document and can be read out with the optical features. Thus, according to the invention, it is also possible to associate an existing image on the value document with the name of the owner. Thus, the name can be taken into account as a personalized feature and when checking the authentication, the photograph of the user can be checked together with the textual information, namely the name. Thus, it is not possible according to the invention that only one photo is pasted over or a name is pasted over and the respective other feature remains unchanged.

Since the splitting of the optical feature takes place as a function of personalized data of the value document, therefore, the first and second optical sub-features are also created as a function of the personalized data. Since the second part features are calculated separately, it is not possible to manipulate only the textual personalized data or, separately, the optical features. This would mean that the second partial features do not result in the optical feature together with the first partial features. Rather, it would lead to a deviation of the first partial characteristics of the expected Part features lead. Furthermore, it is particularly advantageous according to the invention to take into account textual data, since textual data already present in value documents can already be taken into account. Thus, it is not necessary to further adapt the value document, but only the first partial optical features need to be additionally applied to the value document.

According to another aspect of the present invention, the personalized data is provided on the value document visually recognizable.

This has the advantage that they can be read out at the same time as the optical reading device in one process and, if appropriate, can also be transmitted to the authentication device. In particular, it is possible in this case to reuse existing hardware components and to enable simple online banking.

In accordance with another aspect of the present invention, a verification threshold is provided that describes whether there is sufficient overlay for a positive authentication. This has the advantage that the two partial features, namely the first optical partial feature and the second optical partial feature, do not have to completely yield the overall optical feature, but rather a tolerance range is created which takes into account a perspective image of the value document. For example, it may be specified in the check threshold that 95% of the overlapping of the first partial features and the second partial features must result in the optical feature, ie the starting feature or overall feature. Thus, smaller deviations are taken into account, which take into account the imaging process.

According to another aspect of the present invention, an optical resolution of the optical reader is set in response to a security level. This has the advantage that a higher resolution can be selected if a particularly safety-critical service is requested. Although this produces more data than at a low resolution, this seems justified at a higher level of security. On the other hand, the resolution can be downgraded if only routine services are requested and thus a narrowband data connection can be taken into account.

According to a further aspect of the present invention, the optical feature is present as a bar code, a QR code, a symbol, a textual information, a numeric character or an alphanumeric character. This has the advantage that a plurality of already known information formats can be reused and existing algorithms which are specialized in a two-dimensional representation can continue to be used.

In accordance with another aspect of the present invention, the partial optical feature is present as a bar code, a QR code, a symbol, textual information, a numeric character, or an alphanumeric character. This has the advantage that also the partial feature or the partial features realize the inventive features.

According to another aspect of the present invention, the first partial optical features are applied to an opaque layer on the document of value. This has the advantage that the opaque layer allows a particularly advantageous imaging of the partial features. Thus, while the prior art provides at least semi-transparent layers, it is disadvantageous that the semi-transparent layers do not allow a clear image. Typically, the known methods are designed for direct verification of the value document by humans. However, according to the invention, the application scenario is remote authentication with a camera that can more easily accommodate an opaque layer. For this purpose, it is therefore excluded according to the invention that the camera takes into account features which are arranged behind a semi-transparent layer. Thus, a unique image of the partial optical features is also provided.

According to another aspect of the present invention, the second optical sub-features are provided exclusively by the authentication device. This has the advantage that in a step of splitting, no second optical sub-features need to be stored, but rather they can be discarded. The second optical sub-features are created only by the authentication device, which represents a further gain in security, since the authentication device, regardless of the first part features created the second sub-features and thus again compared. Known methods provide that an output image is divided into two or more individual images and these are superimposed. Thus, according to the prior art, no separate checking of the match occurs. According to the invention, it is particularly advantageous that the second sub-features are again created separately and evaluated in a further verification process, namely superimposition.

According to a further aspect of the present invention, a check of a genuineness of the first optical partial features takes place. This has the advantage that it can be checked again whether the image of the camera or the optical reader has been manipulated in any way. This can provide an additional indication of a manipulation attempt of the authentication by means of an image manipulation.

The object is further achieved by an authentication system for remote authentication of a value document by camera. For this purpose, a security unit is provided, which is set up for dividing an optical feature into a set of first and second optical partial features as a function of personalized data of the value document. Furthermore, an optical reading device is provided, which is set up for providing the first optical sub-features, which are applied to the value document, to an authentication device. In addition, the authentication device itself is provided, which is set up to authenticate the value document based on a check as to whether the provided first optical sub-features represent the optical feature when superimposed with the second optical sub-features. This ensures that the second optical sub-features are created by the authentication device as a function of personalized data. This has the particular advantage that the second partial features are created separately from the first partial data by the authentication device.

The object has also been solved by a computer program product which provides instructions which implement the method steps of the proposed method or which make it possible to operate the authentication system.

According to the invention, it is particularly advantageous for the method steps in the authentication system to be used in such a way that this respectively provides structural features which make it possible to carry out the method steps. It is also possible according to the invention to implement the structural features of the authentication system such that they result in method steps. In particular, the method is set up to operate the authentication system. The authentication system in turn is set up to execute the corresponding method. Thus, the features can each be combined.

Further advantageous embodiments will be explained by way of example with reference to FIGS. It shows:

1 a schematic flow diagram of one aspect of the method according to the invention; and

2 by providing first optical component features and second optical component features to an optical feature, in accordance with one aspect of the present invention.

1 shows the inventive method with a splitting 100 an optical feature, providing 101 the first partial optical features and authentication 102 of the value document. According to the invention, further method steps may be necessary, which are not shown here. In particular, it is advantageous to carry out individual method steps iteratively. Thus, it may be advantageous to provide the optical features or at least the first optical sub features multiple times. This can then take into account a perspective mapping of the value document. Thus, several images of the value document can be provided and those images can be taken into account which provide the best possible image of the value document. An optimal image here is an image that is both sharp and avoids perspective distortions as much as possible.

A splitting up 100 of the optical feature can be performed preparatory, since the optical feature must be applied to the badge or the document of value. Thus, from the user's point of view, this step can be considered as an optional method step. For the user, the authentication process starts with the provisioning 101 the first optical part features by holding them to an optical reader, and then transmitted to the authentication device.

For example, the user is a bank customer and the authentication device is, for example, a bank server. Thus, according to the invention, an authentication process can be performed at a bank by means of an optical camera and a conventional internet connection. In this case, it is possible that the method step of authenticating 102 of the value document is completely executed on the bank server.

Consequently, the proposed method is particularly tamper-proof, since the bank server can be particularly secured and no manipulation in the creation of the second optical sub-features by the authentication device in dependence on personalized data is possible. Thus, by means of the proposed checking and superimposing deviations of the first optical partial features are detected. If these are manipulated, they do not form the optical feature with the second partial feature or the second partial features and are therefore negatively evaluated. Authentication takes place only if the sub-features result in a superposition of the optical feature. Otherwise, no positive authentication takes place and the process is aborted or an error message is output. Thus, even with a negative check, that is, with no sufficient overlay, a negative authentication. A negative authentication indicates that the value document is not suitable for authenticating the user or that manipulations are present on the value document.

2 shows an aspect of the present invention, namely the splitting of the optical feature such that a first optical sub-feature is formed around a second optical sub-feature. For this purpose, a freely designable, complete image is provided. This complete picture corresponds to the optical feature. This image is split into a first and a second field using a function that provides a value that depends on at least a portion of the personalized data for the ID.

The first and second fields are referred to as the first and second partial optical features, respectively. For example, the first image could be in the form of a key. The second part of the picture is then the right lock for this key. This key has a specific appearance due to the individually personalized data on each card or value document. This individually shaped key or the first part feature is applied in the personalization as additional information on the card. The value document with this individual key is held in front of a camera, for example a webcam. On the other side, the test of this key is done, for example, by the inclusion of a camera. On the opposite side is still a module that checks the card and in particular the individually shaped key on authenticity. For example, there is a check and comparison of the existing on the card photo with the person who holds the card to be checked in front of the webcam.

However, it could also be the image of the card or the identity document or quite generally the value document faked. Said module (checking module or authentication device) generates a mask from the individual data on the value document, which in the form of a lock complements the first sub-picture and, when the lock is superimposed with the key, produces an overall picture consisting of sub-picture 1 and sub-picture 2.

On the basis of this method, it is possible, on the one hand, to check the authenticity of the partial image 1 and to detect deviations that result from possible changes to the individual, personal data of the cardholder and then show up in a partial image 2 that is not suitable for the partial image 1 ,

For the exclusive verification of the authenticity of the partial image 1, a verification module would have to be located on the opposite side, which is able to generate the partial image 1 from a part of the personal data.

However, it is safer according to the invention that there is a checking module on the opposite side, that is to say an authentication device which is capable of, using a function having a value which depends on at least a part of the personalized data for the identity document, field 2 to generate and overlay with field 1. The element to be checked can, as described, have the shape of a key, but also any other shape. For example, the shape of a star, bar code, QR code or the like also seems to be advantageous.

Thus, a method is proposed which allows a high level of security of the optical verification by means of webcam recording. A simple process of applying the security feature as a sub-step of the proposed method is proposed. A simple check is carried out, which is possible on the one hand via manual merging of two partial images, on the other hand offers additional cost savings potential through a purely automatic verification.

In summary, it can therefore be said that, in general, when a person authenticates via a webcam, there is a risk that an attacker will change the images captured by the webcam in order to present himself as a legitimate user.

The solution is to divide any image in the personalization of a security document into at least two sub-images by means of a function dependent on at least a portion of the personal data of the security document. The first partial image can then be applied to the value document.

In the case of authentication by means of a webcam, the first partial image is recorded and transmitted to an authentication point or an authentication device, for example a bank. The authentication point calculates by means of at least part of the personalized data, the second field and superimposed on the first and the second field. If the overlay results in essentially the entire picture, then the person and the security document are authenticated. This results in a high level of security and easy application to the document for its examination.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• EP 2559563 A1 [0005]

Claims (15)

A method of remotely authenticating a value document by camera, comprising the steps of: - splitting ( 100 ) an optical feature into a set of first and second optical partial features in dependence on personalized data of the value document; - Provide ( 101 ) of the first partial optical features, which are applied to the document of value, by means of an optical reader to an authentication device; and - Authenticate ( 102 ) of the value document based on a check whether the provided first partial optical features when superimposed with the second optical partial features represent the optical feature, characterized in that the second partial optical features are created by the authentication device in response to personalized data. Method according to Claim 1, characterized in that the splitting ( 100 ) of the optical feature is independent of the creation of the second optical sub-features. Method according to claim 1 or 2, characterized in that the providing ( 101 ) of the first partial optical features by means of a data connection. Method according to one of the preceding claims, characterized in that the providing ( 101 ) of the first partial optical features by means of a camera, in particular a web camera, takes place. Method according to one of the preceding claims, characterized in that the personalized data are provided textually on the value document. Method according to one of the preceding claims, characterized in that the personalized data are provided on the value document optically recognizable. Method according to one of the preceding claims, characterized in that a check threshold value is provided which describes whether there is sufficient overlay for a positive authentication. Method according to one of the preceding claims, characterized in that an optical resolution of the optical reading device is set as a function of a security level. Method according to one of the preceding claims, characterized in that the optical feature is present as a bar code, a QR code, a symbol, a textual information, a numeric character or an alphanumeric character. Method according to one of the preceding claims, characterized in that the partial optical feature is present as a bar code, a QR code, a symbol, a textual information, a numeric character or an alphanumeric character. Method according to one of the preceding claims, characterized in that the first optical sub-features are applied to an opaque layer on the value document. Method according to one of the preceding claims, characterized in that the second optical sub-features are provided exclusively by the authentication device. Method according to one of the preceding claims, characterized in that a check of a genuineness of the first optical partial features takes place. Authentication system for the remote authentication of a value document by camera, comprising: - a security unit configured for splitting ( 100 ) an optical feature into a set of first and second optical partial features in dependence on personalized data of the value document; An optical reader set up to provide 101 ) of the first partial optical features, which are applied to the value document, to an authentication device; and - an authentication device set up for authentication ( 102 ) of the value document based on a check whether the provided first partial optical features when superimposed with the second optical partial features represent the optical feature, characterized in that the second partial optical features are created by the authentication device in response to personalized data. Computer program product with control instructions implementing the method according to one of claims 1 to 13.

Images