WO2007072031A2 - Document verification - Google Patents

Document verification Download PDF

Info

Publication number
WO2007072031A2
WO2007072031A2 PCT/GB2006/004876 GB2006004876W WO2007072031A2 WO 2007072031 A2 WO2007072031 A2 WO 2007072031A2 GB 2006004876 W GB2006004876 W GB 2006004876W WO 2007072031 A2 WO2007072031 A2 WO 2007072031A2
Authority
WO
WIPO (PCT)
Prior art keywords
document
representation
values
holder
locations
Prior art date
Application number
PCT/GB2006/004876
Other languages
French (fr)
Other versions
WO2007072031A3 (en
Inventor
John Corry
Original Assignee
Advanced Analysis And Integration Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Analysis And Integration Limited filed Critical Advanced Analysis And Integration Limited
Publication of WO2007072031A2 publication Critical patent/WO2007072031A2/en
Publication of WO2007072031A3 publication Critical patent/WO2007072031A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • G06K19/0725Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs the arrangement being a circuit for emulating a plurality of record carriers, e.g. a single RFID tag capable of representing itself to a reader as a cloud of RFID tags

Definitions

  • This invention relates to document verification.
  • Documents can be, and frequently are, forged. There is a need to produce passports, visas and ID cards, for example, that cannot be forged, and one measure that has long been adopted is to include on the document a photograph of the holder, or some other representation that is unique to the holder, such as an iris scan or a fingerprint, or a signature. This representation can then be compared with the appearance of the presenter, or with his signature (widely done with credit cards, for example). A digitised iris scan can be compared against an image made by a camera at the point of examination.
  • a problem with that is, of course, that a document can be created that is exactly like a passport, say, and a photograph or other representation of the (illegal) holder used, so that the test is passed.
  • a document while appearing on the face of it to be a genuine document bearing a representation of the holder, would never have been issued, and so a simple check against the database of all such documents issued and not withdrawn would show that the document was a fake
  • a genuine document can be procured, as by theft, and a representation of the new holder substituted for the true holder's representation. While tampering with a genuine document might be detected, the creation of a new document using a true holder's details and a substitute holder's representation, would pass the test and would not have been tampered with, while a database check to see if the document had been issued would show that it had been.
  • the database might, however, hold the original representation, against which the representation on the document as presented for inspection, or the aspect of the holder freshly imaged at the point of inspection, or both, might be compared. " Whilst this might appear to be a huge logistical problem, in the case of credit cards, ID cards, passports and visas, in the context of modern IT, it is well within the competence of systems engineers. Unfortunately, photographs can fade over time, certainly within the lifespan of a passport, and might not match up with a database record, and fresh images might show substantial differences with an image taken some years ago, as the subject might have aged, or grown or shaved a beard, or undergone plastic surgery, or simply appear under different lighting conditions. So, if an unacceptable level of false negative matches is to be avoided, considerable latitude must be allowed in any comparison, and this gives rise to a risk that forged documents would pass the tests.
  • the present invention provides improved means for document authentication that overcome these problems.
  • the invention comprises a method for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising: • applying to the document a representation of the holder;
  • the set of assigned values which might be termed the 'profile', can be recorded in different ways.
  • the profile might be stored, for example, as digital data in or on the document itself. This would militate against substitution of a representation, e.g. a photograph, for an original on the document. In order to substitute a profile that would match the new representation, it would be necessary to know which set of locations had been used to generate the original profile in order to create a new profile, and substitute the new profile. If the selected location set is not published, this would be impossible.
  • a representation e.g. a photograph
  • More than one set of locations might be used across a 'universe 1 of documents, the set used being noted in or on the document itself in encrypted form.
  • a document reader would extract the appropriate location set from the encrypted information and apply it to generate the new set of values to be correlated against the original profile. This militates against a forger accidentally discovering a selected location set, or figuring out the selected location set by generating all possible location sets and choosing the set which gave the profile recorded on the document from which he was working. This would be a large problem, but not an impossible one for a supercomputer. Multiple location sets, however, would mean that the solution to the problem for one document could not be used in respect of other documents, and would make large scale forgery a very expensive business.
  • a further measure is to maintain a database holding all, or at least part, of the information on the document, including the assigned values record. In fact, this might be an alternative to holding that record on the document itself, especially where access to the database is readily available, as could be arranged at passport control posts, for example. Moreover, whenever a check is made, the database could write a changed location set to the document so that the next check would involve the changed set. Writing to a document may be effected using an RFID tag as a component of the document.
  • the tag may itself have a unique identification number, which may be generated from a serial number or from a tag manufacturer's assigned number using a secret algorithm - this militates against the creation of a new tag except by copying from an existing tag, as the number is easily checked for compliance with the algorithm, and in addition, a change can be made to the information carried on the tag each time it is checked, the change being copied to the database.
  • the change can be a simple as incrementing a counter, but may also include detail about thee location of the checkpoint and the date of the check.
  • Figure 1 shows a typical personal document such as a passport or ID card
  • Figure 2 is a schematic of the registers of an RFID tag
  • Figure 3 shows a photograph as might appear on a personal document, marked up with sets of locations for sampling
  • Figure 4 is a graph generated from values measured at the locations of one of the sets; and Figure 5 is a diagrammatic illustration of a checkpoint and a central data processing arrangement including a database containing records including profiles as shown in Figure 4.
  • the drawings illustrate methods for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising:
  • the RFID tag 41 can have multiple registers, shown as #1 to #7.
  • Register #1 usually holds a tag manufacturer-assigned number, which, or another user-assigned number, kept, for instance, in register #2, can be used to calculate another number using a secret algorithm. This gives a ready check on authenticity, inasmuch as the only way to produce a number conforming to the algorithm would be to copy an existing number.
  • other measures such as incrementing a counter in another of the registers, together, perhaps, with entering data concerning the date and place of checks, would rapidly point a trail to discovery of the forged document.
  • the representation could be of anything personal to the true holder, a photograph, a fingerprint, an iris scan, a signature, even a voiceprint, all of which can be sampled, sampled values digitised, and correlated.
  • the image taken e.g. by a video camera, can be processed by conventional image processing techniques to be scaled and oriented to correspond to the image or other representation on the document.

Abstract

A method for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising: • applying to the document a representation of the holder; • sampling the representation at a set of locations thereon and assigning values to the sampled set; • making a record of the assigned values; • checking the document by sampling the representation or a fresh representation made when the document is checked at said set of locations and assigning new values to the sampled set; • correlating the assigned new values with the assigned values in the record; and • indicating a pass or a fail depending on the correlation.

Description

Document Verification
This invention relates to document verification.
Documents can be, and frequently are, forged. There is a need to produce passports, visas and ID cards, for example, that cannot be forged, and one measure that has long been adopted is to include on the document a photograph of the holder, or some other representation that is unique to the holder, such as an iris scan or a fingerprint, or a signature. This representation can then be compared with the appearance of the presenter, or with his signature (widely done with credit cards, for example). A digitised iris scan can be compared against an image made by a camera at the point of examination. A problem with that is, of course, that a document can be created that is exactly like a passport, say, and a photograph or other representation of the (illegal) holder used, so that the test is passed. However, such a document, while appearing on the face of it to be a genuine document bearing a representation of the holder, would never have been issued, and so a simple check against the database of all such documents issued and not withdrawn would show that the document was a fake.
However, again, a genuine document can be procured, as by theft, and a representation of the new holder substituted for the true holder's representation. While tampering with a genuine document might be detected, the creation of a new document using a true holder's details and a substitute holder's representation, would pass the test and would not have been tampered with, while a database check to see if the document had been issued would show that it had been.
The database might, however, hold the original representation, against which the representation on the document as presented for inspection, or the aspect of the holder freshly imaged at the point of inspection, or both, might be compared. "Whilst this might appear to be a huge logistical problem, in the case of credit cards, ID cards, passports and visas, in the context of modern IT, it is well within the competence of systems engineers. Unfortunately, photographs can fade over time, certainly within the lifespan of a passport, and might not match up with a database record, and fresh images might show substantial differences with an image taken some years ago, as the subject might have aged, or grown or shaved a beard, or undergone plastic surgery, or simply appear under different lighting conditions. So, if an unacceptable level of false negative matches is to be avoided, considerable latitude must be allowed in any comparison, and this gives rise to a risk that forged documents would pass the tests.
The present invention provides improved means for document authentication that overcome these problems.
The invention comprises a method for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising: • applying to the document a representation of the holder;
• sampling the representation at a set of locations thereon and assigning values to the sampled set; • making a record of the assigned values;
• checking the document by sampling the representation, at said set of locations, or a fresh representation made when the document is checked and assigning new values to the sampled set;
• correlating the assigned new values with the assigned values in the record; and
• indicating a pass or a fail depending on the correlation,
It has been found that, with photographs, for example, a small number, say ten, of locations, which can be randomly chosen, gives a strong correlation as between faded and fresh data, and between two photographs of the same face, but a low correlation as between photographs of different faces. The locations need not correspond to the usual 'salients', namely, point of chin, tip of nose, centre of pupil and so forth, but of course must correspond as between the two representations. A set of locations might, for example, be chosen as points on a straight line drawn between the centre of the pupil of the left eye and the point of the chin. The same applies also to iris scans, fingerprints, signatures and indeed any biometric image that may be used.
This, then, deals with the problem of degradation of images, reducing the incidence of false negative comparisons so that the matching criteria can be made quite strict.
The set of assigned values, which might be termed the 'profile', can be recorded in different ways.
The profile might be stored, for example, as digital data in or on the document itself. This would militate against substitution of a representation, e.g. a photograph, for an original on the document. In order to substitute a profile that would match the new representation, it would be necessary to know which set of locations had been used to generate the original profile in order to create a new profile, and substitute the new profile. If the selected location set is not published, this would be impossible.
More than one set of locations might be used across a 'universe1 of documents, the set used being noted in or on the document itself in encrypted form. A document reader would extract the appropriate location set from the encrypted information and apply it to generate the new set of values to be correlated against the original profile. This militates against a forger accidentally discovering a selected location set, or figuring out the selected location set by generating all possible location sets and choosing the set which gave the profile recorded on the document from which he was working. This would be a large problem, but not an impossible one for a supercomputer. Multiple location sets, however, would mean that the solution to the problem for one document could not be used in respect of other documents, and would make large scale forgery a very expensive business.
A further measure is to maintain a database holding all, or at least part, of the information on the document, including the assigned values record. In fact, this might be an alternative to holding that record on the document itself, especially where access to the database is readily available, as could be arranged at passport control posts, for example. Moreover, whenever a check is made, the database could write a changed location set to the document so that the next check would involve the changed set. Writing to a document may be effected using an RFID tag as a component of the document. The tag may itself have a unique identification number, which may be generated from a serial number or from a tag manufacturer's assigned number using a secret algorithm - this militates against the creation of a new tag except by copying from an existing tag, as the number is easily checked for compliance with the algorithm, and in addition, a change can be made to the information carried on the tag each time it is checked, the change being copied to the database. The change can be a simple as incrementing a counter, but may also include detail about thee location of the checkpoint and the date of the check. In the - by now - extremely unlikely event of a document being successfully forged by copying an existing document, with the forger overcoming the problems posed by the biometric measures, it would readily be apparent to the database that more than one document was in circulation, as the counters and the check detail would get out of synchronisation as the two documents circulated.
Whilst these latter measures, used on their own, however, are perfectly satisfactory for frequently-presented items, such as currency notes and credit cards, where it will rapidly become apparent that there are two or more identical cards circulating, passports and visas are not normally presented sufficiently frequently for this to be a full solution to the problem of forgery. And, if a forged or stolen passport is used to enter a country for terrorist purposes, a single presentation is all that may be required of it. In such cases, the biometric measures will be the primary line of defence, but, since with available RFID tags, there is ample space for information and, having set up a database system covering the biometric measures, there is no substantial oncost in attaching the other detail, the comprehensive system would appear to have much to commend it.
Methods for personal document authentication according to the invention, and systems for implementing the same will now be described with reference to the accompanying drawings, in which: Figure 1 shows a typical personal document such as a passport or ID card;
Figure 2 is a schematic of the registers of an RFID tag;
Figure 3 shows a photograph as might appear on a personal document, marked up with sets of locations for sampling;
Figure 4 is a graph generated from values measured at the locations of one of the sets; and Figure 5 is a diagrammatic illustration of a checkpoint and a central data processing arrangement including a database containing records including profiles as shown in Figure 4.
The drawings illustrate methods for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising:
• applying to the document - the passport or ID card 11 - a representation, in this case a photograph 12, of the holder;
• sampling the representation 12 at a set of locations - marked on Figure 3 with crosses on line 13 drawn on the representation - and assigning values to the sampled set, such values being, for example grey scale levels of pixels making up a digital image;
• making a record of the assigned values - e.g. digitised co-ordinates of the sample points on the graph of Figure 4 - the record being kept on a RFID tag 41 on the document 11 or in a remote database 55 in a central data processing unit 54, Figure 5;
• checking the document 11 by sampling the representation - as by a Iinescan or area scan camera 51, Figure 5 - at said set of locations, or a fresh representation, made, for example, by a camera 52, when the document is checked, and reading the profile record by a tag reader 56
• assigning new values to the sampled set;
• correlating, in a data processing arrangement 53, Figure 5, at the checkpoint, or at the central data processing unit 54, the assigned new values with the assigned values in the record; and
76
• indicating, as on a VDU 55, a pass or a fail depending on the correlation.
The RFID tag 41 can have multiple registers, shown as #1 to #7. Register #1 usually holds a tag manufacturer-assigned number, which, or another user-assigned number, kept, for instance, in register #2, can be used to calculate another number using a secret algorithm. This gives a ready check on authenticity, inasmuch as the only way to produce a number conforming to the algorithm would be to copy an existing number. In documents which are frequently checked and reported back to the central data processing unii, the fact that there were two identical documents would be rapidly noticed, and other measures, such as incrementing a counter in another of the registers, together, perhaps, with entering data concerning the date and place of checks, would rapidly point a trail to discovery of the forged document.
Where documents are not frequently checked, as will be the case with passports and ID cards, the biometric measures will make it extremely difficult to forge a document that will pass the correlation test.
It will be difficult to substitute a photograph, because the set of locations at which the photograph must be sampled is not known. It could theoretically be deduced by systematically selecting sets of sample points and matching the measurements to data on the RFID tag on the document (if there, indeed, is one - even this would be defeated if the only record were kept in the remote database), but this would be a very large problem requiring a long time on a supercomputer. Figure 3 shows several sets of sample locations - using data from two or more sets for the correlation would make the forgery much more difficult, probably to the point where it would not even be attempted, but switching the data set used for the correlation between available data sets would be daunting in the extreme, especially if it could not be predicted which data set would be used at the next checkpoint.
The representation, as has been suggested above, could be of anything personal to the true holder, a photograph, a fingerprint, an iris scan, a signature, even a voiceprint, all of which can be sampled, sampled values digitised, and correlated. Where a fresh representation is made at a checkpoint, the image taken, e.g. by a video camera, can be processed by conventional image processing techniques to be scaled and oriented to correspond to the image or other representation on the document.

Claims

Claims:
1 A method for personal document verification to confirm whether a document is genuine and/or the holder is the person to whom the document was issued, comprising:
• applying to the document a representation of the holder;
• sampling the representation at a set of locations thereon and assigning values to the sampled set;
• making a record of the assigned values;
• checking the document by sampling the representation or a fresh representation made when the document is checked at said set of locations and assigning new values to the sampled set;
• correlating the assigned new values with the assigned values in the record; and
• indicating a pass or a fail depending on the correlation.
PCT/GB2006/004876 2005-12-22 2006-12-21 Document verification WO2007072031A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0526012.0 2005-12-22
GBGB0526012.0A GB0526012D0 (en) 2005-12-22 2005-12-22 Document verification

Publications (2)

Publication Number Publication Date
WO2007072031A2 true WO2007072031A2 (en) 2007-06-28
WO2007072031A3 WO2007072031A3 (en) 2007-10-11

Family

ID=35840874

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2006/004876 WO2007072031A2 (en) 2005-12-22 2006-12-21 Document verification

Country Status (2)

Country Link
GB (1) GB0526012D0 (en)
WO (1) WO2007072031A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5420924A (en) * 1993-04-26 1995-05-30 Pitney Bowes Inc. Secure identification card and method and apparatus for producing and authenticating same by comparison of a portion of an image to the whole
US6141438A (en) * 1994-02-28 2000-10-31 Blanchester; Tom F. Method and control device for document authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5420924A (en) * 1993-04-26 1995-05-30 Pitney Bowes Inc. Secure identification card and method and apparatus for producing and authenticating same by comparison of a portion of an image to the whole
US6141438A (en) * 1994-02-28 2000-10-31 Blanchester; Tom F. Method and control device for document authentication

Also Published As

Publication number Publication date
GB0526012D0 (en) 2006-02-01
WO2007072031A3 (en) 2007-10-11

Similar Documents

Publication Publication Date Title
US6748533B1 (en) Method and apparatus for protecting the legitimacy of an article
CA2925325C (en) Document authentication based on expected wear
KR100274714B1 (en) Card type recordingmedium, certifying method and apparatus for the recording medium, forming system for recording medium, enciphering system, decoder therefor, and recording medium
US8756707B2 (en) Method of manufacturing security document and method for authenticating the document
US6775775B1 (en) Method of physical individual authentication and system using the same
US20100246902A1 (en) Method and apparatus to combine biometric sensing and other functionality
US20040039914A1 (en) Layered security in digital watermarking
US20090187435A1 (en) Security methods employing drivers licenses and other documents
US20060157559A1 (en) Systems and methods for document verification
EP0612040A2 (en) Method and apparatus for credit card verification
US20020145050A1 (en) Security in mag-stripe card transactions
JP2000200337A (en) Individual identification related document, system for reading the same, method for preparing the same and method for confirming authenticity thereof
US20120324534A1 (en) Method and system for automatically checking the authenticity of an identity document
US20060179481A1 (en) System and method for automatic verification of the holder of an authorisation document
US20160196509A1 (en) Ticket authorisation
CN102034099A (en) Client certificate and field information authentication, comparison and retention system and working method thereof
CN108602374A (en) Verification to the object for being provided with security element
JP2006236213A (en) Authentication system
O'Gorman et al. Secure identification documents via pattern recognition and public-key cryptography
US20030152250A1 (en) Personal identification instrument and method therefor
US20060092476A1 (en) Document with user authentication
WO2007072031A2 (en) Document verification
GB2471999A (en) Verifying the authenticity of an image
US20030094486A1 (en) Method of verifying ID-papers and the like
US9036913B2 (en) Secured identification medium and method for securing such a medium

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06820633

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 06820633

Country of ref document: EP

Kind code of ref document: A2