JP2007519983A - Method and device for determining the authenticity of an object - Google Patents

Abstract

An authentication method based on an authentication object such as an authentication label having a three-dimensional pattern of dispersed particles is provided.
An authentication label used in an authentication method based on a reference object such as an authentication label attached to an optical disc according to the present invention has a three-dimensional dispersion of particles. For authentication, it is determined whether there is actually a three-dimensional particle dispersion. Next, a two-dimensional data acquisition step is performed for authentication. This method is particularly useful for copy protection.
[Selection] Figure 1

Description

[Field of the Invention]
The present invention relates to the field of authentication techniques, and more particularly, but not exclusively, to authentication of customer cards, financial transaction cards, and copy protection.

[Background and prior art]
Various sealing and printing techniques are known from the prior art to provide authentication and invalidate unauthorized copies of products and documents.
However, economic damage is increasing due to counterfeiting due to insufficient security.

For authenticating documents and objects, US Pat. No. 5,145,212 teaches the use of discontinuous reflection holograms or diffraction gratings.
Such a hologram or diffraction grating is securely attached to the surface containing the visual information that it wishes to protect from tampering.
The reflection discontinuous hologram is formed with a pattern that enables both observation of the protection information and the authentication image through the hologram, or another light pattern reconstructed in reflection from the hologram.
In another specific authentication application of this US patent, the opaque structure of two adjacent discontinuous holograms or diffraction patterns, each reconstructing a separate image or other light pattern, The difficulty is increasing.

  PCT application WO 087/07034 includes images that change as the hologram tilts relative to the viewer, including diffraction gratings, in such a way that images reconstructed from copies made of monochromatic holograms do not have that motion. A hologram to be reconstructed is described.

In British Patent Application No. 2093404, the sheet material item to be counterfeited has an integrated authentication device or an authentication device laminated with an adhesive.
The authentication device includes a substrate having a reflective diffractive structure formed as a relief pattern on an observable surface, and a transparent material covering the structure.
By specifying the grating parameters of the diffractive structure, an easily identifiable optical color characteristic that is unique but cannot be copied by a color copier is obtained.

U.S. Pat. No. 4,661,983 discloses a random microscopic line or break having a width on the order of micrometers, essentially formed in the dielectric coating of an authentication device incorporated in a secure document. The pattern is described.
This makes it possible to identify individual real documents by comparing the read line position information obtained by microscopic inspection with the read digital code of the line information previously obtained at the time of document production. .

US Pat. No. 5,856,070 shows an authentication label that includes a light diffractive structure.
An anisotropic process step that is not under the full control of the manufacturer during the manufacture of the diffractive structure allows unique parameters to be randomly defined in the optical diffractive structure, thereby preventing its exact duplicate copy or creation. The
The resulting uniquely colored authentication pattern can be confirmed by simple observation with the naked eye.

U.S. Pat. No. 4,218,674 shows an authentication method and authentication system using an object made of a substrate with random imperfections.
This random imperfection is converted into a pulse along a predetermined measurement track on the surface of an object made of a substrate.
International Publication 01/57831 International Publication 02/50790

[Summary of Invention]
The present invention provides an authentication method based on an authentication object such as an authentication label having a three-dimensional pattern of dispersed particles.
The two-dimensional data acquisition performed on the object provides a code that is used for authentication.

When it is necessary to check the authenticity of the object, the same two-dimensional data acquisition step is performed again to provide a check code.
Authentication is performed based on the code and the check code.
For example, if the code and check code are the same, this means that the object is original and not an unauthorized copy.

The invention is particularly advantageous because authentication is based on the three-dimensional nature of the dispersion of particles within the object.
If it is determined for authentication purposes that the object actually has a three-dimensional pattern of dispersed particles, it is sufficient to perform a two-dimensional continuous data acquisition.
This approach is based on the discovery that it is not impossible but difficult to copy particle dispersion in two dimensions when the particles are dispersed in three dimensions.

According to a preferred embodiment of the present invention, the particles dispersed in the object have magnetism.
Two-dimensional data acquisition is performed by scanning an object with a magnetic head.

According to still another preferred embodiment of the present invention, an image of an object is acquired in the two-dimensional data acquisition step.
This image is scanned and filtered to obtain a data vector.
Preferably, this filtering includes some kind of averaging in order to increase the robustness of the method.

According to yet another preferred embodiment of the present invention, binary data is encrypted with a code obtained from two-dimensional data acquisition to provide a code for authentication.
Preferably, this binary data is a symmetric key used for encryption and decryption of large scale data.

According to yet another preferred embodiment of the invention, the code obtained from the object by two-dimensional data income is a reference data vector.
In order to encode each bit of binary data, a random vector is determined based on the reference data vector.

This encryption method is particularly advantageous because it avoids key management problems.
Unlike prior art encryption, this encryption method is not performed based on the exact key, but based on the reference object from which the reference data vector data is obtained.

According to yet another preferred embodiment of the invention, a data object is used as a reference object.
In order to obtain a reference data vector, the data object is rendered by a rendering program.
This rendering program is a text processing program or the like when the data object is a text document.
Data acquisition is performed on the rendered data object.

According to yet another preferred embodiment of the present invention, one of the bits is encoded by generating a candidate random vector and calculating a scalar product of the candidate random vector and a reference data vector. A random number vector is obtained.
The absolute value of this scalar product is
(I) greater than a predefined threshold;
and,
(Ii) If the sign of the scalar product corresponds to the bit to be encoded, this candidate random vector is accepted and stored for bit encoding.
If the candidate random vector does not meet these two requirements (i) and (ii), another candidate random vector is generated and these conditions are tested again.
This procedure continues until a candidate random vector that satisfies both conditions is identified.

According to yet another preferred embodiment of the present invention, the execution index of the accepted candidate random number vector is stored instead of the complete candidate random number vector.
The combination of the execution index and the seed value of the pseudo-random number generator used to generate the random number vector clearly identifies the complete random number vector.
In this way, the size of the encryption result can be significantly reduced.

According to yet another preferred embodiment of the invention, the data file is encrypted.
For example, to protect a data file from unauthorized access, the user can encrypt the data file on his computer based on the authenticated object.

According to yet another preferred embodiment of the present invention, the user's personal data, such as the user's name as printed on the user's passport or chip card, is encrypted.
This is useful for checking the authenticity of a passport or chip card.

According to yet another preferred embodiment of the invention, the symmetric key is encrypted based on the reference object.
For example, symmetric keys are used for encryption of large data files.
The symmetric key itself is encrypted according to the method of the invention based on the authentication object.
In this way, the symmetric key is protected in a secure manner while avoiding the disadvantages of prior art key management techniques.

In another aspect, the present invention provides a method for encryption and decryption of binary data.
The binary data is assigned a random vector of encoded bits.
Decoding is performed by obtaining a reference data vector from the reference object.
Decoding one of these bits is performed based on one of the random number vectors and the reference data vector.

  According to a preferred embodiment of the present invention, the decoding of one of these bits is performed by determining the sign of the scalar product of the reference data vector and one of the random number vectors.

Decryption of the encrypted binary data is only possible if the reference object is authentic.
It should be noted that the reference data vector used for encryption need not be accurately reproduced for decryption.
Some errors in the acquisition of the reference data vector are allowed without adversely affecting the decoding.

The present invention is particularly advantageous in that it solves the prior art key management problem in a user-friendly, convenient but secure manner.
The present invention can be used in various fields for the purpose of protecting the confidentiality of data and for the purpose of document or file authentication.

In another aspect, the invention relates to copy protection.
According to a preferred embodiment of the present invention, large-scale data stored on a data carrier such as an optical recording device such as a CD or DVD is first encoded with a symmetric key before being stored on the data carrier. .
The reference object is attached to or forms an integral part of the data carrier so that it cannot be removed without destroying the object and / or the data carrier.

The symmetric key used to encrypt the large scale data stored on the data carrier is encrypted with a reference data vector obtained from the reference object of the data carrier.
The resulting set of random vectors is stored on the data carrier.
This can be done by attaching a label such as a barcode label to the data carrier or the cover of the data carrier and / or storing the set of random vectors digitally on the data carrier.
Depending on the implementation, the seed value used to generate the random vector, rather than the complete random vector, is stored with the execution index.

According to yet another preferred embodiment of the invention, an image of the object is acquired at the reading position.
This reading position may be displaced from a reference position defined by a marker on the object due to mechanical tolerances of the reading device.
The amount of reading position shift relative to the reference position is measured by detecting the marker position in the image.
A projective transformation is then performed on the image to compensate for this dislocation.

  In the following, preferred embodiments of the present invention will be described by way of example only with reference to the drawings.

[Detailed description]
FIG. 1 shows an authentication label 100.
This authentication label 100 has a carrier layer 102 with embedded particles 104.
The particles 104 are randomly dispersed by the carrier layer 102 so that the positions of the particles 104 in the carrier layer 102 define a random three-dimensional pattern.

The carrier layer 102 is made of a translucent or transparent material such as a synthetic resin or a transparent plastic material.
This translucent or transparent material makes it possible to determine the position of the particles 104 optically.
For example, the carrier layer 102 has a thickness 106 between 0.3 mm and 1 mm, or any other convenient thickness.

The particles 104 can be glass beads or balls with or without a light-reflective coating, or disks, metallic pigments or pearlescent pigments, or any other convenient particle shape or type.
The particles can be detected optically by the reflective coating, or in the absence of such a reflective coating, by the reflectivity different from the material of the carrier layer 102.
Preferably, the particles 104 are 5 micrometers to 200 micrometers in diameter.
For example, the particles 104 can be optical lens elements that provide a reflective effect on the authentication label 100.

Preferably, the authentication label has an adhesive layer 108 to adhesively attach the authentication label 100 to the document product.
The material properties of the carrier layer 102 and the adhesive layer 108 are selected such that the authentication label 100 is destroyed when attempting to remove the authentication label 100 from the product or document.

FIG. 2 shows an alternative embodiment.
In FIG. 2, the same reference numerals as in FIG. 1 are used to indicate the same elements as in FIG.
In the embodiment of FIG. 2, the particles 204 in the carrier layer 202 of the authentication label 200 are metallic pigments or pearlescent pigments.
Again, the thickness 206 of the carrier layer 202 is about 0.3 mm to 1 mm or any other convenient thickness.

For example, the authentication label 200 has a postage stamp size of 3 mm × 4 mm and includes approximately 200 particles 204.
The 200 particles randomly distributed within the carrier layer 202 provide sufficient uniqueness of the authentication label 200.

  FIG. 3 shows a flowchart for generating an authentication code based on an authentication object such as an authentication label as described in FIGS.

In step 300, an authentication object having a three-dimensional pattern of randomly dispersed particles is provided.
For example, the authentication object is a scotch light tape.
This scotchlite tape is commercially available from 3M.

In step 302, a two-dimensional data acquisition step is executed.
This can be done by acquiring a two-dimensional image of the surface of the authentication object.
Alternatively, the authentication object is scanned in two dimensions by other measuring means.
For example, when particles dispersed in an object have magnetism, two-dimensional data can be acquired using a magnetic head.

The measurement data obtained from the two-dimensional data acquisition performed at step 302 is filtered at step 304.
Preferably, the measurement data is low pass filtered.
For example, measurement data acquired from the same region on the surface of the authentication object is averaged.
These areas are predetermined by a virtual grid.

  In step 306, an authentication code is provided.

Steps 300 to 306 are performed again to authenticate the authentication object. An object is authentic if the following two conditions are met:
(I) the particles are randomly distributed in three dimensions in the object, and
(Ii) The resulting code is the same.

  This will be described in more detail below with reference to FIG.

FIG. 4 shows an alternative flowchart for providing an authentication code.
Authorization code, binary data of l bits _{B 1, B 2, B 3} , ..., B j, is provided by encrypting the ... _{B l.}
A reference authentication object such as an authentication label as described in FIGS. 1 and 2 is used as the basis for encryption.

A data acquisition step is executed according to the type of the reference object (step 400).
In this way, a reference data vector having k values obtained from the reference data object

  Is obtained (step 402).

  Preferably, the reference data vector

Some filtering is performed on the raw data obtained from the reference object.
For example, the raw data is filtered by a low pass filter to increase the robustness of the encoding and decoding methods.

  In addition, this data vector data vector

It is useful to normalize
In this way, all values ξ _i are within a defined range such as [−1; 1].

In step 404, 1 bit to be encrypted is input.
In step 406, index j is initialized.
In step 408, the first candidate random number vector

Is generated by a random number generator.
This random vector

  Is the reference data vector

  Have the same dimension k.

In step 410, a scalar product of the reference data vector and the candidate random number vector is calculated.
If the absolute value of this scalar product is greater than a predetermined threshold level ε, the first condition is satisfied.
If the sign of the scalar product matches the bit B _j to be encoded, this means that the candidate random vector is acceptable for encoding bit B _j .

For example, if bit B _j is “0”, the sign of the scalar product needs to be “−”, and if B _j = 1, the sign of the scalar product needs to be “+”. It is.

  In other words, the candidate random vector

Is accepted for encryption of bit B _j if both of the following conditions are met:

If one of these conditions (i) and (ii) is not met, control returns to step 408 to generate a new candidate random vector, which is then Tested against two conditions (i) and (ii).
Steps 408 and 410 are repeated until a candidate random vector that satisfies both of the conditions of step 410 is found.
The accepted candidate random vector constitutes row j of matrix M (step 412).
In step 414, index j is performed and control returns to step 408 to encode the next bit B _j of the 1 bit to be encrypted.

  After all l-bit encryption, control proceeds to step 416 where matrix M is output as a result of the encryption.

It should be noted that the threshold ε choice is a tradeoff between security, measurement tolerance, and processing time.
As ε increases, the average number of attempts to find an acceptable candidate random vector increases, but the acceptable measurement tolerances also increase.
As ε decreases, the security level increases and the processor power requirements decrease, but the acceptable measurement tolerances decrease.
If the dimension (k) of the reference data vector is 256 and the required measurement tolerance is 5%, a convenient choice for ε is 1, 2, 3, 4, 5, or 6, preferably Between 3 and 4, and ε = 3.7 is most certain.

In all other cases, a good choice of ε is
ε = 8 ^* T ^* sqrt (k / 3)
It is.
Where T is the required measurement tolerance (5% is T = 0.05), k is the dimension of the reference data vector, and the sqrt () function is a normal square root function. .

FIG. 5 shows the resulting matrix M.
This matrix M has l rows and k columns.
Each row j of matrix M is assigned to one of the bit B _j, including random vectors encoding each bit B _j.

  Reference data vector

  Is not stored in the matrix M or elsewhere, so the decryption of the matrix M to recover the encrypted bits is the reference object used by the decryptor for the encryption (see step 400 in FIG. 4). Only possible if you own

  The corresponding decryption method will be described in more detail below with reference to FIG.

For example, the resulting matrix M is stored by printing a barcode on a secure document carrying the authentication object.
Alternatively or additionally, the matrix M can also be stored electronically if the secure document has an electronic memory.

FIG. 6 shows a preferred embodiment of the encryption method of FIG. 4 that allows the result of the encryption operation to be compressed.
Step 600 and step 602 are the same as step 400 and step 402 in FIG.
In step 603, the seed value of the pseudo random number generator is input.
In step 604, a symmetric key having a length l is input.
This corresponds to step 404 in FIG.
In addition to initializing index j in step 606 (corresponding to step 406 in FIG. 4), index m is initialized in step 607.
This index m is an execution index of the random number generator.

In step 608, a first random number vector of k random numbers R _j

Is generated by a pseudo-random number generator based on the seed value.
This candidate random number vector is evaluated in step 610 in the same manner as in step 410 of FIG.
Random number vector of this candidate

  Is accepted when the condition of step 610 is satisfied, only the execution index m is stored in step 612 as an element of the sequence S resulting from the encryption.

Step 614 corresponds to step 414.
In step 616, instead of the matrix M having l × k random numbers, a sequence S including l execution indexes is output.
Thus, storing the execution index and seed value rather than the random vector itself provides a significant compression of the result of the encoding operation.

FIG. 7 shows a block diagram of the image processing / encoding device 700.
The image processing / encoding device 700 includes a light source 702 and an optical sensor 704 for capturing an image of the authentication label 706.
For example, the authentication label 706 has the same design as the authentication label 100 (see FIG. 1) and the authentication label 200 (see FIG. 2).
In addition, the authentication label 706 also has a position marker 708 that relates the authentication label 706 to the reference position.

The optical sensor 704 is connected to the image processing module 710.
The image processing module 710 has an image processing program that can filter image data required by the optical sensor 704.

The image processing module 710 is connected to the encoding module 712.
The encoding module 712 receives the filtered measurement data from the image processing module 710.
The encoding module 712 is connected to a storage 714 for storing the result of encoding for later use.
For example, image processing / encoding is performed on a series of authentication labels for the purpose of mass production of data carriers, passports, bank cards, or other secure documents.

In this case, a series of authentication codes is stored in the storage 714 during mass production.
These authentication codes can be printed and mailed to the user separately from the mailing of the authentication label 706.
For example, the authentication label 706 is attached to a customer card mailed to a customer or a financial transaction card such as an ATM card.
The customer receives the corresponding authentication code by another mail.

Preferably, the image processing / encoding device 700 includes a random number generator 716.
Preferably, the random number generator 716 is a pseudo random number generator.

  Preferably, the image processing module 710 is a reference data vector.

(See step 402 in FIG. 4 and step 602 in FIG. 6).
The encoding module 712 executes step 406 to step 416 in FIG. 4 or executes step 606 to step 616 in FIG. 6 when the random number generator 716 is a pseudo-random number generator.
The resulting matrix M or sequence S is stored in storage 714.

In principle, the 1 bits B ₁ , B ₂ , B ₃ ,... B ₁ encrypted by the encoding module 712 can be of any kind.
For example, the ASCII code of the user name or other personal data is encrypted.
Alternatively, a random number such as a PIN code known only to the user is encrypted.

As yet another alternative, the symmetric key is encrypted.
This symmetric key is used to encrypt large-scale data stored on the data carrier.
Decryption of large data is only possible by authorized users who own the authentication label 706 and the matrix M or sequence S, depending on the implementation.
Later applications are particularly useful for copy protection purposes, as will be described in more detail below with reference to FIGS.

FIG. 8 shows a grid 800 having grid elements 802.
The grid 800 can be used by the image processing module 710 (see FIG. 7) for the purpose of filtering the image data acquired by the optical sensor 704.
For example, the image processing module 710 calculates a normalized average gray value for each element of the grid element 802.
This normalized and averaged gray value is the reference data vector for encryption.

  And reference data vector for decoding

I will provide a.
It should be noted that various other image processing / filtering procedures can be used to provide a reference data vector based on the image data acquired by light sensor 704.

FIG. 9 illustrates an authentication method based on an authentication object or authentication label (see FIGS. 1 and 2), particularly as described above with respect to FIGS.
In step 900, for example, an authentication card with an attached authentication label is inserted into the card reader.
In step 902, the user is prompted to enter his authentication code, such as the code provided in step 306 of FIG. 3, into the card reader.

In step 904, the card reader determines whether the authentication label has a three-dimensional pattern of particles.
This can be done in various ways.
A preferred embodiment of how this determination can be made will be described in more detail below with reference to FIGS. 12, 13, and 14. FIG.

  If it is determined in step 904 that the three-dimensional pattern of dispersed particles is not on the authentication label, a corresponding reject message is output by the card reader in step 906.

On the contrary, if there is a three-dimensional pattern, the authentication procedure proceeds to step 908, where a two-dimensional data acquisition procedure for the authentication label is executed.
Actually, since it is determined that there is a three-dimensional dispersion pattern of particles, it is sufficient to obtain data from the authentication label in only two dimensions.

In step 910, the measurement data obtained from the data acquisition performed in step 908 is filtered and in step 912 a check code is provided.
It should be noted that steps 908 to 912 are substantially the same as steps 302 to 306 of FIG.
If the authentication label is authentic, the check code obtained at step 912 is the same as the code obtained at step 306.
This is checked at step 914.

If these codes are not identical, a rejection message is output by the card reader at step 916.
If the codes are actually the same, an acceptance message is output by the card reader at step 918.
Alternatively, operations depending on the field of application of this authentication method, such as bank transactions, access control, financial transactions, copy protection, etc. are performed or enabled.

  FIG. 10 shows a decryption method corresponding to the encryption method of FIG.

In step 1000, a matrix M is input.
In step 1002, data is obtained from a reference object.
Based on this, the reference data vector

Is obtained (step 1004).
It should be noted that the data acquisition step 400 of FIG. 4 and the data acquisition step 1002 of FIG. 10 are substantially the same.
However, if the reference object is a physical object, this data acquisition will include some kind of measurement error.

As a result, the raw data obtained from the measurement of the reference object is not exactly the same in step 400 of FIG. 4 and step 1002 of FIG.
As a result, the reference data vector provided in step 1004

  Is also the reference data vector provided in step 402 of FIG.

Is not the same.
Reference data vector used for encoding

  And the reference data vector that forms the basis of the decoding

Such a difference Nevertheless, it is possible to perform an accurate decoding of the matrix M in order to obtain a "hidden" bit B ₁ ... B _j ... B _l between.

In step 1006, index j is initialized.
In step 1008, a reference data vector

And a scalar product of the random vector in row j of matrix M assigned to bit B _j .
This scalar code provides a decoded bit value B _{j in} which the same rules are used as for the encoding.
In other words, if the sign is negative, the bit value is “0”.
If the sign is positive, the bit value B _j is “1”.

In step 1010, the index j is incremented and control returns to step 1008 to decode the next bit position.
Step 1008 and step 1010 are repeated until all of the l-bit positions are decoded.
The decoded 1 bit is output in step 1012.

It should be noted that the encryption and decryption methods described above are particularly advantageous because they are resistant to errors in terms of measurement errors that cannot be avoided in acquiring data from a reference object.
Normally, the reference data vector used for encryption and the reference data vector used for decryption are not exactly the same, but an accurate decryption result can still be obtained safely with high reliability.

  If the decoded 1 bit output at step 1012 is identical to the original bit input at step 404 (see FIG. 4), then the reference object is authentic, otherwise the reference object is Rejected.

FIG. 11 shows an alternative decryption method based on a pseudo-random vector.
The decryption method of FIG. 11 corresponds to the encryption method of FIG.

In step 1100, the sequence S is input.
The seed value (see step 603 in FIG. 6) used for encoding is input in step 1101.
Steps 1102, 1104, 1106 are substantially identical to corresponding steps 1002, 1004, and 1006 in FIG.

  In step 1107, a pseudo-random number generator operating according to the same algorithm as the pseudo-random number generator used for encryption is used to generate a random number vector.

Is restored based on the seed value input in step 1101.
In this way, the random vector represented by the execution index s _j of the sequence S is restored.

The next step 1108 is the same as step 1008 in FIG.
In step 1110, the index j is incremented.
Control then returns to step 1107, where a continuous random vector with execution index s _j is restored.
In step 1112, the decoding result is output.

FIG. 12 shows the authentication label 100 (see FIG. 1).
In order to determine whether a three-dimensional pattern of particles is within the authentication label 100, three images of the authentication label 100 are captured in sequence by the camera 1200.
The first image is captured with the scattered light source 1202 turned on and the scattered light source 1204 and scattered light source 1206 turned off.

  The second image is captured while the light source 1206 illuminates the authentication label 100 from another illumination angle with the light source 1202 and the light source 1206 turned off.

These three images are combined to provide a result image.
This combination can be done by superimposing digitally and adding the digital images.
If a three-dimensional dispersion pattern of particles is actually present in the authentication label, regular geometric artifacts must be present in the resulting image.
Such an artifact can be detected by a pattern recognition step.
For three light sources, the generated geometric artifacts are triangles of similar size and shape.
This effect cannot be reproduced by a two-dimensional copy of the original authentication label 100.

Alternatively, four or more light sources with different illumination angles can be used to capture a corresponding number of images.
These images are superimposed and added.
As the number of light sources changes, the shape of the geometric artifact in the resulting image also changes.

FIG. 13 shows an alternative method for determining the three-dimensionality of the dispersion pattern of particles in the authentication label 100.
What is needed for this application is that the authentication label 100 is reflective.
The underlying principle is that the reflection effect cannot be reproduced by a two-dimensional copy of the authentication label 100.

The test of whether the authentication label 100 is actually reflective is performed as follows.
That is, the first image is captured by the camera 1300 with the scattered light source 1302 turned on.
This scattered light source 1302 does not cause a reflection effect.
A second image is captured with the scattered light source 1302 turned off and the direct light source 1304 turned on.

This generates an incident light beam by the half mirror 1306.
This incident light beam is substantially perpendicular to the surface of the authentication label 100.
This light beam causes a reflection effect.
By comparing the first image and the second image, it becomes clear whether the authentication label 100 is reflected.
This comparison can be performed automatically by a relatively simple image processing routine.

FIG. 14 illustrates yet another alternative method of determining whether the particle dispersion pattern is three-dimensional.
The method requires that the particles in the authentication label 200 (see FIG. 2) are pearlescent pigments.

Currently, mica pigments coated with titanium dioxide and / or iron oxide are safe, stable and environmentally acceptable for use in coatings, cosmetics and plastics.
The nacreous effect is generated by the behavior of incident light on mica coated with oxide.
A partial reflection from the platelet and a partial transmission of the small plate gives rise to a sense of depth.
The color of transmitted light is a complementary color of the color of reflected light.

To check for the presence of this color effect, a light source 1400 that produces scattered white light and two cameras 1402 and 1404 are used.
The cameras 1402 and 1404 are disposed on the opposite side of the authentication label 200.

Part of the incident light beam 1406 is reflected by the particles 204 to become a reflected light beam 1408, and part of the incident light beam 1406 is transmitted as the transmitted light beam 1410.
If the color of the reflected light beam 1408 and the color of the transmitted light beam 1410 are complementary colors, this means that the authentication label 200 cannot be produced by a two-dimensional copy.

Testing whether the color of the reflected light beam 1408 and the color of the transmitted light beam 1410 are complementary colors can be performed, for example, by summing the color coordinate values using an RGB color coordinate system.
The sum of the color coordinates must have a substantially constant RGB value.

FIG. 15 shows an optical disk 1550 such as a CD or a DVD.
This optical disk 1550 has an area 1552 covered with data tracks.
Outside the area 1552, such as in the area 1554, an angularly shaped authentication label 1556 is attached to the surface of the optical disk 1550 with an adhesive or integrated into the optical disk 1550.
This authentication label 1556 is the same as the authentication label 100 of FIG. 1 or the authentication label 200 of FIG.

The data track in area 1552 stores encrypted data such as audio and / or video data, multimedia data, and / or data files.
In addition, the matrix M (see step 416 in FIG. 4) or the sequence S (see step 616 in FIG. 6) and the sheet value are also stored in the data track without being encrypted.
Alternatively, a machine readable and / or human readable label printed with matrix M or sequence S and seed values is attached to optical disc 1550.
Preferably, the label is attached to the back surface or internal area 1554 of the optical disk 1550 with an adhesive.

When the user wants to use the optical disk 1550, the user places the optical disk 1550 into a player or a disk drive.
The player or disc drive reads the matrix M or sequence S and the seed value from the optical disc 1550.
Based on this, the authenticity of the authentication label 1656 is checked by executing the method of FIG. 10 or FIG. 11 depending on the implementation.
If the authentication label 1556 is indeed authentic, the symmetric key is recovered and the large encrypted data stored on the disk track is decrypted to allow the file to be played, rendered, or opened. Is done.
Otherwise, the key is not recovered and large-scale data cannot be decrypted.

FIG. 16 shows a block diagram of a reading apparatus 1600 that can be used as a playback device for the optical disk 1550 (see FIG. 15).
Elements of FIG. 15 that correspond to elements of FIG. 7 are designated by the same reference numerals.

The reading device 1600 has a slot 1622 having a mechanism for inserting an optical disc 1550.
The authentication label 1556 is attached to the surface of the optical disk 1550 with an adhesive, or is integrated into the card.
In the latter case, the surface of the optical disk 1550 must be transparent in order to be able to capture an image of the surface of the authentication label 1556.
For example, the optical disc 1550 is made of a flexible transparent plastic.
This plastic has a smooth outer surface and covers the authentication label 1556.

  The reader 1600 has at least one light source 1602 for illuminating the authentication label 1556 when the optical disc 1550 is inserted into the slot 1622 (see the implementation of FIGS. 12-14).

Further, the reading device 1600 also includes an optical sensor 1604 such as a CCD camera.
The optical sensor 1604 is connected to the image processing module 1610.
This image processing module 1610 is equivalent to the image processing module 710 of FIG.
That is, the image processing module 1610 provides the same type of two-dimensional data acquisition and filtering.

The image processing module 1610 is connected to the decryption module 1612.
The decryption module 1612 is used to restore a symmetric key for decrypting large-scale data stored on the optical disk 1550 by the continuous decryption module 1617.
The decryption module 1617 is connected to the rendering module 1618.

Optical reader 1620 is connected to both decryption module 1612 and decryption module 1617.
The optical reader 1620 has a laser diode for sending a laser beam to the surface of the optical disk 1550 in order to read the data track of the optical disk.

  If the method of FIG. 6 is used for encoding, a pseudo-random number generator 1616 is required for decoding.

  Preferably, light source 1602 and optical sensor 1604 implement any one of the configurations of FIGS. 12-14 as described above.

  In the following, it is assumed that the matrix M or the sequence S and the seed value code are stored in the data track of the optical disc 1550.

In operation, the optical disc 1550 is inserted into the slot 1622.
In response, the image processing module 1610 uses the light source 1602 and the optical sensor 1604 to determine whether the three-dimensional dispersion of particles (see FIGS. 12, 13, and 14) is within the authentication label 1556. Done.

When the image processing module 1610 determines that the three-dimensional particle distribution is actually within the authentication label 1556, the image processing module 1610 instructs the optical reader 1620 to read the matrix M or sequence S and the seed value from the data track of the optical disc 1550. To do.
This information is input to the decryption module 1612.

Further, the optical sensor 1604 acquires image data from the authentication label 1556.
This image data is filtered by the image processing module 1610 and the resulting data vector

Is input to the decryption module 1612.
Decryption module 1612 recovers the symmetric key from matrix M or sequence S by using the seed value of random number generator 1616.
The resulting symmetric key is provided to the decryption module 1617.
Encrypted large-scale data read from the optical disc 1550 by the optical reader 1620 is decrypted by the decryption module 1617 using a symmetric key.
As a result, the decrypted large-scale data is restored and rendered by the rendering module 1618.

Alternatively, the matrix M or sequence S and the seed value are provided to the user by a separate information carrier such as a printed document.
In this implementation, the user may need to manually enter the matrix M or sequence S and the seed value into the reader 1600.
Alternatively, the information carrier is machine readable and attached to the optical disc 1550.
In this case, the information carrier is read by the optical sensor 1604 and the image processing module 1610 to provide the matrix M or sequence S and the seed value to the decryption module 1612.

It is explanatory drawing of 1st Embodiment of an authentication label. It is explanatory drawing of 2nd Embodiment of an authentication label. It is a flowchart for producing | generating the authentication code of an authentication label. It is a flowchart for producing | generating an authentication code by encrypting binary data. It is a figure which shows the result of the encryption of FIG. It is a flowchart for producing | generating an authentication code by a pseudorandom number generator. It is a block diagram of the image processing / encoding apparatus for producing | generating the authentication code of an authentication label. It is explanatory drawing of the grid used for filtering an image. It is a flowchart for judging the authenticity of an authentication label. It is a flowchart for judgment of the authenticity of the authentication label by decoding binary data. FIG. 11 is a flowchart for executing the method of FIG. 10 by a pseudo-random number generator. It is explanatory drawing of the method for determining whether an authentication label has the three-dimensional pattern of the particle | grains dispersed. FIG. 6 is an illustration of an alternative method for determining whether an authentication label has a three-dimensional pattern of dispersed particles. FIG. 6 is an illustration of another alternative method for determining whether an authentication label has a three-dimensional pattern of dispersed particles. It is a figure which shows the optical recording medium which has the authentication label attached or integrated. FIG. 16 is a block diagram of the optical recording medium reading device in FIG. 15.

Explanation of symbols

100 ... authentication label 102 ... carrier layer 104 ... particle 106 ... thickness 108 ... adhesive layer 200 ... authentication label 202 ... carrier layer 204 ... particle 206 ... Thickness 208 ... Adhesive layer 700 ... Image processing / encoding device 702 ... Light source 704 ... Optical sensor 706 ... Authentication label 708 ... Position marker 710 ... Image processing module 712 Encoding module 714 Storage 716 Random number generator 800 Grid 802 Grid element 1200 Camera 1202 Light source 1204 Light source 1206 Light source 1300 .... Camera 1302 ... Scattered light source 1304 ... Direct light source 1306 ... Half mirror 1401 ... Light source 1402 ... Camera 1404 ... Camera 140 ... light beam 1408 ... reflected light beam 1410 ... transmitted light beam 1550 ... optical disk 1552 ... area 1554 ... internal area 1556 ... authentication label 1600 ... reader 1550 ... Optical disk 1552 ... area 1554 ... internal area 1556 ... authentication label 1600 ... reading device 1602 ... light source 1604 ... optical sensor 1610 ... image processing module 1612 ... decoding module 1616 ... Random number generator 1617 ... Decoding module 1618 ... Rendering module 1620 ... Optical reader 1622 ... Slot

Claims (45)

A method for determining the authenticity of an object,
Receiving a first code;
Determining whether the object has a three-dimensional pattern of dispersed particles;
Performing two-dimensional data acquisition for acquiring a second code from the object;
Determining the authenticity using the first code and the second code. Determining whether the object has a three-dimensional pattern of dispersed particles;
Obtaining a first image of the object with a first angle of illumination;
Obtaining a second image of the object with a second angle of illumination;
Combining the first image and the second image;
The method of claim 1, comprising: determining whether a geometric pattern is present in the combined image. Determining whether the object has a three-dimensional pattern of dispersed particles;
The method according to claim 1, wherein the method is performed by determining whether the object is reflective. Whether the object is reflective or not
Obtaining a first image of the object with scattered illumination;
Obtaining a second image of the object with direct illumination;
The method of claim 3, wherein the method is determined by comparing the brightness of the object of the first image with the brightness of the object of the second image. Determining whether the object has a three-dimensional pattern of dispersed particles;
Illuminating the object with scattered white light;
Detecting light reflected from and transmitted through the object;
The method according to claim 1, wherein the method comprises: determining whether the reflected light and the transmitted light have complementary colors. Obtaining an image of the object at a reading position;
Obtaining a transposition of the reading position with respect to a reference position by detecting a marker position of the image;
The method according to claim 1, further comprising: performing projective transformation of the image to compensate for the dislocation. The two-dimensional data acquisition is
The method according to claim 1, wherein the method is performed by scanning the object along a pre-defined two-dimensional grid. The two-dimensional data acquisition step includes
The method according to claim 1, wherein the method is performed by acquiring an image of the object. The method according to claim 1, further comprising filtering the measurement data acquired by the two-dimensional data acquisition to provide the second code. The filtering is
The method according to claim 9, comprising low-pass filtering of the measurement data. The filtering is
The method according to claim 9, comprising calculating an average value of the subset of measurement data. The first code is:
Contains a set of random vectors,
The method according to claim 1, wherein the second code is a data vector. The random vector is a pseudo-random number;
Each random vector is represented by an execution index,
The method of claim 12, further comprising inputting the seed value of a pseudorandom number generator to generate the random number vector based on a seed value. 14. The method according to claim 12, further comprising: obtaining a sign of a scalar product of each of the random number vectors and the data vector to generate a third code. The method according to claim 14, wherein the third code is a check code for comparison with an authentication code. The method of claim 14, wherein the third code is a symmetric key. The object belongs to a data carrier storing an encrypted file;
The method of claim 16, further comprising decrypting the file with the symmetric key. The method of claim 17, wherein the first code is stored on the data carrier.   Computer program product for carrying out the method according to any of claims 1-18.   A logic circuit operable to perform the method of any of claims 1-19. An electronic device for determining the authenticity of an object,
Means for receiving the first code;
Means for determining whether the object has a three-dimensional pattern of dispersed particles;
Means for performing two-dimensional data acquisition for acquiring a second code from the object;
Means for determining the authenticity based on the first code and the second code;
An electronic device comprising: The means for determining whether the object has a three-dimensional pattern of dispersed particles comprises:
Obtaining first image data of the object with illumination at a first angle;
Obtaining a second image of the object with a second angle of illumination;
Combining the first image and the second image;
The electronic device of claim 21, adapted to: determine whether a geometric pattern is present in the combined image. 23. The electron according to claim 21 or 22, wherein the means for determining whether the object has a three-dimensional pattern of dispersed particles is adapted to determine whether the object is reflective. device. The means for determining whether the object has a three-dimensional pattern of dispersed particles comprises:
Obtaining a first image of the object with scattered illumination, obtaining a second image of the object with direct illumination, brightness of the object of the first image and the object of the second image. 24. The electronic device according to any one of claims 21 to 23, adapted to determine whether the object is reflective by comparing the brightness of the object. The means for determining whether the object has a three-dimensional pattern of dispersed particles comprises:
Illuminating the object with scattered white light;
Detecting light reflected from the object and light transmitted through the object;
25. An electronic device according to any of claims 21 to 24, adapted to: determine whether the reflected light and the transmitted light have complementary colors. 26. The electronic device according to any one of claims 21 to 25, further comprising means for performing projective transformation to compensate for displacement of the object relative to a reference position. A method for providing a first code used in an authentication method, comprising:
Providing a third code;
Obtaining a data vector from an object representing the second code;
Determining a random vector for each of the bits of the third code based on the second code and providing the first code. 28. The method of claim 27, wherein the object is an image. 30. The method of claim 28, further comprising: scanning the image to obtain image data, filtering the image data, and filtering the image data providing the data vector. Filtering the image data comprises:
30. The method of claim 29, comprising: calculating an average value of the subset of image data. The method of claim 30, wherein the subset of the image data is determined by a predefined grid. The method according to any one of claims 27 to 31, wherein the third code is a key.   A computer program product for performing the method of any of claims 27-32.   A logic circuit operable to perform the method of any of claims 27-32.   33. An electronic device operable to perform the method of any of claims 27-32. A device for judging the authenticity of an object,
A reading device for reading the first code;
An optical component for determining whether the object has a three-dimensional pattern of dispersed particles;
A measurement component for performing two-dimensional data acquisition for acquiring a second code from the object;
A microprocessor for determining the authenticity based on the first code and the second code. A data carrier reader, the data carrier having an object,
A receiving device for receiving the first code;
An optical component for determining whether the object has a three-dimensional pattern of dispersed particles;
A measurement component for performing a two-dimensional data acquisition step for acquiring a second code from the object;
A microprocessor for determining the authenticity of the data carrier based on the first code and the second code. 38. The microprocessor is programmed to provide a third code for decoding large data stored on the data carrier based on the first code and the second code. The device described in 1. An electronic device for determining the authenticity of an object,
An interface for entering a first code;
An apparatus for determining whether the object has a three-dimensional pattern of dispersed particles and performing two-dimensional data acquisition for acquiring a second code from the object;
An electronic device comprising: a processor for determining the authenticity based on the first code and the second code. 40. The electronic device of claim 39, wherein the apparatus is operable to determine whether the object is reflective. 41. The electronic device according to claim 39 or 40, further comprising: a filter for filtering measurement data acquired by the two-dimensional data acquisition to provide the second code. The first code is:
Contains a set of random vectors,
The second code is a data vector;
The random vector is a pseudo-random number;
The electronic device according to any one of claims 39 to 41, further comprising: a pseudorandom number generator that generates the random number vector based on a seed value. 43. The electronic device of claim 42, wherein the processor is operable to determine a sign of a scalar product of each of the random number vectors and the data vector to generate a third code. 44. The electronic device according to claim 43, wherein the third code is a check code for comparison with an authentication code. 44. The electronic device according to claim 43, wherein the third code is a symmetric key.

Images