WO2022101386A1 - Document authenticity assessment - Google PatentsDocument authenticity assessment Download PDF
- Publication number
- WO2022101386A1 WO2022101386A1 PCT/EP2021/081475 EP2021081475W WO2022101386A1 WO 2022101386 A1 WO2022101386 A1 WO 2022101386A1 EP 2021081475 W EP2021081475 W EP 2021081475W WO 2022101386 A1 WO2022101386 A1 WO 2022101386A1
- WIPO (PCT)
- Prior art keywords
- Prior art date
- 239000000969 carrier Substances 0.000 claims description 16
- 238000000605 extraction Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 239000000047 product Substances 0.000 description 20
- 230000004048 modification Effects 0.000 description 7
- 238000006011 modification reaction Methods 0.000 description 7
- 238000000034 method Methods 0.000 description 5
- 230000003068 static Effects 0.000 description 5
- 239000003086 colorant Substances 0.000 description 3
- 241000209202 Bromus secalinus Species 0.000 description 2
- 101700050571 SUOX Proteins 0.000 description 2
- 230000000875 corresponding Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 102100002895 PSG1 Human genes 0.000 description 1
- 101700000295 PSG1 Proteins 0.000 description 1
- 230000001154 acute Effects 0.000 description 1
- 239000006227 byproduct Substances 0.000 description 1
- 230000001419 dependent Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000007519 figuring Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 238000009114 investigational therapy Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000011179 visual inspection Methods 0.000 description 1
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
There is a need for better digital document authentication. This is achieved by a method of assessing the authenticity of a digital document by: - providing the digital document (170) for assessment, which document grants authority over a product or the rights of a person, the document having: - data (110) uniquely identifying and/or describing the product or person, the data being such as payment amount, payment date, transaction identity, social security number and/or vendor identity, and - a graphical verification element (120) identifying at least some of said data (110'), - extracting plaintext data (110') identified by the verification element (120), and - if the plaintext data (110') is not identical to data (110) otherwise comprised in the document (170), the document is marked as inauthentic and an alert signal is transmitted.
DOCUMENT AUTHENTICITY ASSESSMENT
FIELD OF THE INVENTION
The invention relates to a method for assessing the authenticity of a digital document, a computing device instructed to perform the method, and a program and a computer-readable medium with instructions for carrying out the method.
BACKGROUND OF THE INVENTION
Fraud is a global problem that affects not least the insurance industry. It is estimated that 10% of all insurance pay-outs are made to fraudsters. To receive an insurance pay-out, various documents must be presented to validate the insurance claim. Even then, there are loopholes. Fraudsters seek to cheat insurers in a plethora of ways and today, fraud has moved into the digital arena too.
Digital documents introduce a variety of new ways to cheat and commit fraud, not least insurance fraud. Verifying the uniqueness, ownership and authenticity of documents and items is very difficult when documents are digital files. In the past, digital rights management has been used on some file types to ensure that they were not copied, although the inconvenience thereof made it infeasible, and so insecure documents are here to stay. Verifying the uniqueness, ownership and authenticity of documents and items is the job of insurance investigators, who make value-judgments about documents throughout their workday. The more serotinous they are, the slower and more expensive insurance pay-outs and premiums get. Some insurance companies have decided to solve this by being slack with verification and accepting as high as 20% fraud, since this allows them to have fewer investigators and so retain operative costs low.
One specific way fraud is committed is modifying digital documents, for example using pdf applications or photo editing software. There even exist specialized applications today that allow fraudsters to manipulate and change information within digital documents submitted by government-bodies or as proofs of purchase, for example changing the date or even value of a purchase before submitting a claim to allow or increase an otherwise legitimate or fraudulent payout. A thorough payout process then requires calling points-of-sale to ascertain authenticity of the document. However, this is time-consuming and may even be legally dubious depending on privacy laws and specific document contents.
Therefore, there is a need for an improved method of verifying document authenticity.
SUMMARY OF THE INVENTION
In an aspect of the invention, there is provided a method comprising assessing authenticity of a digital document by:
- providing the digital document which document grants authority over a product or the rights of a person, the document for assessment having:
- data uniquely identifying and/or describing a product or a subject, the data being such as payment amount, payment date, transaction identity, social security number and/or vendor identity, and
- a graphical verification element identifying at least some of said data,
- extracting plaintext data identified by the verification element, and
- if the plaintext data is not identical to data otherwise comprised in the document, the document is marked as inauthentic and an alert signal is transmitted.
Thereby documents can be automatically authenticated during an insurance payout process. For the majority of documents, this means a faster process with fewer mouse-clicks needed by insurance investigators, since they no longer need to investigate document creation dates, modification dates, look for potential artefacts of document tampering as well as calling retailers to authenticate.
Since the authentication is embedded in the document itself, it is no longer necessary to reach out to the individual document authors to authenticate the document, saving phone calls, waiting time, looking through retailer sales databases, and so on.
Furthermore, by the document comprising its own verification means, the only centrally needed data is the cipher. A single cipher for a document type instead of storing each actual document centrally takes up significantly less space in a database, and thus the method is energy-saving and space-saving. It is furthermore more secure since it identifies even perfect data element tampering.
Thereby a portion of fraud attempts can be stopped in their tracks. Potential fraud can be identified early and be flagged for further investigation. This focuses (insurance) investigators to investigate relevant cases. Yet further, the investigators need to perform fewer mouse-clicks on average to process a valid insurance claim, saving costs for all insured.
In an embodiment, the verification element is a ciphertext graphically embedded on the document, whereby the verification element is incomprehensible to a neurotypical person. This ensures that it is even more difficult to tamper meaningfully with the data elements of the document, thus reducing the amount of fraud taking place and making it easier to pinpoint the cases where fraud is present.
In an embodiment, the verification element is a barcode element such as a two- dimensional barcode.
Thereby a potential fraudster can identify that the document is above his ability to effectively tamper, reducing the number of fraudulent claims. This saves time and mouse clicks for investigators per valid insurance claim.
In an embodiment, the verification element is a mirror element that, after extraction, graphically represents at least some of the data otherwise present in the document, where the step of determining whether the extracted data is identical to data otherwise comprised in the document comprise, in the event that the data does not match, identifying which specific area of the document that does not match, where the mirror element preferably represents the whole document.
Thereby even further mouse-clicks are saved. Depending on situation, the investigator at least does not need to find an original document and cross- reference deviations, since the specific modification is identified. Further, the original document may or may not be obtainable, and by identifying the relevant modification, the degree of error can be determined quickly. A benign modification could also be identifies as such in this manner. In an embodiment, the verification is a hidden verification element, where the graphical element is a carrier element that superficially does not hold data, and where the data identified by the graphical element is steganographically embedded in the carrier element.
Thereby it is more difficult for fraudsters to move from documents having a verification element to documents without a verification element, since they cannot easily identify whether a given document has a verification element. Thereby, more fraudsters can be apprehended, and as it becomes much more work to perform a receive a fraudulent pay-out, this also limits the amount of fraud.
Furthermore, it becomes easier to apprehend a given fraudster, since they will make more obvious mistakes, reducing the number of mouse-clicks needed for insurance investigators. This further save time and mouse clicks for investigators per valid insurance claim.
In an embodiment, the verification element uses a graphical crest element such as a logo or banner as a carrier element.
Thereby an information-dense element that is already present in a given document is leveraged to effectively hide the verification element. Since it is information dense, it can seamlessly I innocuously comprise the necessary data. It thus becomes more difficult to identify the verification element for potential fraudsters, while it is easy to identify the relevant area to use for the verification element. This further save time and mouse clicks for investigators per valid insurance claim.
If a retailer or organization decides to reorganise the document format, the verification element is thus automatically considered in this, reducing the number of mouse-clicks needed to modify a document template.
In an embodiment, the data elements comprised in the crest element are retailer data, preferably at least vendor location.
Thereby it is processing-light to implement the ciphering algorithm, since the data is, for a given document creation device, identical from document to document, at least over a period of time. The cipher is in this embodiment static, meaning that the crest is simply changed prior to document generation, and that no ciphering is necessary at all. Over time it is preferable to change the verification element, but it needs not be for each document to at least increase document security markedly.
Thereby even processing-limited devices can gain the advantages of the invention, which reduces the need for upgrading cashier machines and other processing-limited devices. In other words, this enables implementation in areas that would otherwise not be able to do so.
Furthermore, this obviates the step of live ciphering during document generation, whereby the method is energy-saving and since only a static verification element is needed on the computing device that generates the document, it is also spacesaving.
In an embodiment, the document comprises two different graphical elements, preferably at least one hidden verification element and one mirror element.
Thereby the advantages of several of the foregoing embodiments are combined.
In an embodiment, the verification element decoding comprises matching the verification element to one of a list of possible decoding images in a database, where the paired data element content is stored in the database associated with the decoding image. Thereby the cipher is simple and new verification elements can be added manually to the database quickly. This further save time and mouse clicks for system administrators per valid insurance claim.
In an aspect, the invention relates to a computing device having a processor adapted to perform the method of the invention.
In an aspect, the invention relates to a computer program comprising instructions which cause the computer to carry out the method of the invention, when the program is executed by a computer.
In an aspect, the invention relates to a computer-readable medium comprising instructions which cause the computer to carry out the method of the invention, when executed by a computer. DEFINITIONS
Cipher and ciphering algorithm are used synonymously in the specification to describe the algorithm used to encrypt and decrypt a message. Using the cipher on a plaintext produces a ciphertext which is incomprehensible without the cipher or cipher key.
By embedding is meant that the given content, i.e., the ciphertext, is inserted on the document. This is typically done by insertion or modification of another element. When the ciphertext is hidden, this other element is a carrier element.
Plaintext denotes a readable and comprehensible data element. Depending on the context this is either the data element as shown plainly on the document or content or payload of the encrypted message on the document. In this latter context, plaintext is used synonymously with payload. Decrypting the ciphertext derives the plaintext or payload. The plaintext can be actual text or a graphical element such as an image I logo.
Ciphertext denotes a text string or an image modification that has been produced by encrypting a corresponding text string or image using a cipher.
When used, the carrier element denotes an element that does not superficially seem to carry information, but into which the ciphertext is embedded.
The verification element is then an element having a payload identical to a data element otherwise present on the document, but where the payload is encrypted using a cipher and presented in a machine-readable graphical element.
By digital document is meant a digital file that can be opened and perused by a consumer or citizen to visually identify data contents. The data contents are descriptive of a product or person. The document is further of an authoritative type that bestows certain rights or privileges to a person that owns or wields the digital document. A common type of digital document in the sense of the specification is an invoice, which grants the owner or wielder certain return and insurance privileges. A welfare card, social security card, personal identity cards are all other types. The important thing is essentially that the document is digital and that it bestows certain rights or privileges to the wielder. Such documents are the ones prone to fraud. By the document granting authority over a product or the rights of a person is meant that it is not mere a passive description of a person or product but that the document relates to the legal rights of a person or a product.
Authority over a product denotes ownership or legal renting, leasing or other such situation. These may be for example a lease contract, an invoice and other such documents describing the rights of a product.
Authority over the legal rights of a person denotes that the document allows a wielder to act in the name of the person. This is typically the case for people using their own credit cards, passports and other personal identity documents. Although it may be the case that such rights can be transferred, in this specification it is meant to denote more commonly that a person has documents that authorise that person to act on their own behalf in the digital arena.
Granting authority denotes that the document is part of a chain of proof for administering the authority. It may be used in proving or informing of the identity or ownership. It is not necessarily the case that the document itself specifies the right of a person, for example, but instead that it proves that the person is in fact that specific person, while the rights of that specific person may be described or granted by different documents.
By product is meant a physical item, an intellectual or intangible item, or a service or right of use. It can thus be watches, jewellery, ownership of intellectual rights such as patents, trademarks or companies, software licenses, software products or vouchers for services such as legal services or financial services.
By person is meant natural person or legal person. In an embodiment, person is natural person.
The verification element being graphical denotes that it has extension over the page of the document and that it is of a graphical nature. It is not for all embodiments necessary that it can be seen by a natural person, but for a sufficiently acute visual inspection performed by a computing device, the verification element is a visible element that has a certain structure that represents information / data after steps of extraction and decryption. In other words, the verification element is graphical in that it comprises pixels of different colours and that it is the relative arrangement of these coloured pixels that is the information.
BRIEF DESCRIPTION OF THE DRAWINGS
In the following, example embodiments are described according to the invention, where:
Fig. 1 shows a document for authenticity assessment according to the invention,
Fig. 2 is a tampered document for assessment according to the invention, and
Fig. 3 illustrates a document with a barcode element according to an embodiment,
Fig. 4 illustrates a document with a hidden verification element,
Fig. 5 illustrates a document with an embedded crest according to an embodiment,
Fig. 6 illustrates a document with a mirror element according to an embodiment,
Fig. 7 illustrates a computing device according to an embodiment, and
Fig. 8 illustrates a method of assessing document authenticity of an embodiment.
In the following the invention is described in detail through embodiments hereof that should not be thought of as limiting to the scope of the invention.
Fig. 1 shows a document 100 for assessment according to the invention. Generally speaking, the document 100 comprise two elements - data 110 relating to a purchase or item or a person and a verification element 120.
The data 110 is typically plaintext and easy for customers or rightsholders to review and read, and can be used to identify and specify the product, service or person that the document relates to. This can be a physical product, an intangible product or otherwise something that is procured from an organisation. When the document relates to a person, this is for example a digital social security card, a digital passport or the like. The verification element 120 duplicates or mirrors data otherwise present on the document 100. The shown document also comprises a crest element 130. The crest element 130 can be a logo or a seal or any graphical identifier of the organisation that has created the document.
The document has fields or areas with different types of data 110. It may comprise any of the following data elements depending on document type.
Retailer data 111 include specific information about the vendor such as point of sale location, address, vendor name such as store name and brand name, web page name, and may also include seller identifier such as cashier name.
Key data 112 includes a document identifier, a product identifier and/or a subject identifier as relevant for the document 100 type. This can be a social security number, a purchase number, an invoice number, and/or a shipping number. The key data uniquely identifies the specific event, product or subject which the document relates to. It may also comprise a product serial code.
Recipient data 113 comprise data on the person who acquires the product or service, or further identifies the subject. This includes data such as first name, last/family name, address, street, country and shipping depot/point of delivery.
Date data 114 comprise any data of shipping date, purchase date, date of birth and other important personal dates.
Shipping data 115 comprise any data such as carrier, shipping type, expected transit time, expected delivery address or depot.
Product data 116 comprise data such as product name, product description, product identification number, custom isations of the product and so on.
Payment data 117 comprise data such as total invoice cost, tax data, itemized costs, rebates, offers, payment method, payment currencies, billing address and so on.
The verification element 120 of the document 100 is a QR-code 121. The verification element 120 has, in encoded form, payload data I plaintext data 110’ that is the same data as data 110 otherwise in the document. The specific payload data 110’ encoded into the verification element 120 is vendor data 111’, key data 112’ and payment data 117’. Different embodiments may have less, different or more data encoded in the verification element 120.
The data elements 110 are selected for being tamper-prone and encoded. For the shown embodiment, this is done by appending the data elements into a string of text, then hashing the combined string. The hashed value is then used to generate a QR-code 121 that is added to the document. Using a QR-reader, the hash can then later be extracted, then decoded. Having a hash table to enter the hash code into, the original tamper-prone data elements can then be retrieved and compared to the data elements otherwise present on the document.
Fig. 2 shows a tampered document 200 for assessment according to the invention. The tampered document 200 is identical to the document described with Fig. 1 except that the payment data 117 has been modified. We can imagine that an invoice for an expensive watch has made its way online. A prospecting fraudster has found it, but is unsatisfied with the insurance value of the watch. The fraudster has then modified the cost of the watch directly in the invoice, for example raising it from $1899 to $2699. This can be performed in a variety of ways.
However, when the fraudster files a claim for the tampered value of the watch, the verification element 120 is inspected. The verification element 120 then comprises plaintext data 110’ with payment data 117’ indicating a watch price of $1899. The mismatch may then be flagged automatically for insurance investigator review, or it may be manually checked once hash values turn out not to match.
The invention achieves several benefits. Firstly, the document is a self-contained verification system. The document itself comprise all the relevant data to verify the document. No other original database needs to be consulted. As long as a vendor, shop or insurance investigator has the decryption algorithm, they can verify any document.
Furthermore, it is very difficult or even practically impossible for a fraudster to accurately modify both a data element and a corresponding verification element 120. Even just a slight change in a data element corresponds to a completely different hash value, making it easy to identify any tampering. Furthermore, such hash is preferably performed in a reverse-engineering resistant manner, such as by using different cryptographic encryption layers to the hash, which may depend on static seeds, dynamic seeds or document-dependent seeds such as a date.
The method may provide a verification element onto any normal digital document that is likely to be exposed to forgery. It is thus easy for vendors, shops and authorities to add an element onto the digital document to allow decentralised verification-enabled documents.
Figs. 3-6 illustrate various documents for assessment of authenticity, having different types verification elements.
Fig. 3 illustrates a document with a barcode element 320 in the shape of a 2D barcode. The barcode is incomprehensible to a natural person and furthermore, even if a digital scanner is used, the barcode produces an encoded string. It is necessary to have the correct decryption algorithm to derive the data elements within the barcode. Thereby it is not trivial or feasible to modify the barcode to correspond to a modified document. Removing the barcode 320 is also evidence of tampering.
Various implementations exist, such as the well-known QR-codes. No matter what barcode type is used, however, the decryption should preferably require at least one step of decryption. If QR-codes are used, the QR-code should produce a hashed or encrypted code, which requires another step of decryption to derive the data elements within. Proprietary types of barcodes may be used instead of QR- codes. These can be created so as to correspond to incomprehensible alphanumeric codes, and even to generate unrecognized/unrecognizable characters. Any type of barcode can be used, such as one-dimensional barcodes and two-dimensional barcodes such as aztec code, data matrix, Qode, MaxiCode and CrontoSign or proprietary types. Any other visible and well-defined verification area may be provided that uniquely identifies the document data by mirroring some of it.
By providing the verification element as a visible barcode, this may deter anyone contemplating forgery. The observant prospecting fraudster may learn that the document is beyond his abilities to tamper effectively, and he may refrain from doing so. This leads to fewer false insurance claims, which allows insurance investigators to focus more on difficult cases and perform legitimate pay-outs faster, reducing costs for all insured.
Fig. 4 illustrates a document 400 as hitherto described, except that the verification element is a hidden verification element 420. The verification element is not only embedded onto the document, but imperceptibly so.
It may be preferable to include a hidden verification element 420 that is not communicated to a reader. For example, it may be less likely to invite serious fraudsters to try to overcome the verification element. The hidden verification element 420 is indiscernible to the naked eye of a natural person while being readable for a designated software. For example, a conventional 24-bit RBG document can display colours from 0-255 in each of three channels. An area of a document comprising an image having pixel-by-pixel values between R0B0G0 and R1 B1G1 , is completely indiscernible to the naked eye while a designated computer can discern the element. The contents of the image can be a barcode as hitherto discussed, or a proprietary and specially developed information scheme which is only decryptable with the cipher I cipher key. Using such an information scheme may produce a sufficiently encrypted layout of pixels that it serves essentially as both the encryption and embedding. Here, the white I background of the document is the carrier element.
Instead of figuring in the top right corner of the document, the hidden verification element 420 may be located at any place on the document.
As mentioned, the hidden verification element 420 is preferably also encoded and thus incomprehensible without the cipher. Thus, the hidden verification element 420 may be both indiscernible and incomprehensible. In more technical terms, the plaintext data element for verification is encoded to provide a ciphertext, then the ciphertext is embedded onto the document in some hidden manner.
By being indiscernible, it is less likely that a prospective fraudster identifies and tampers with the encryption of the verification element.
Fig. 5 illustrates a document 500 as hitherto described, except that the verification element is an embedded crest 520. The embedded crest 520 is a modification to a graphical element on the document, such as a crest. The crest can be a logo, banner or other element that can be assumed to always be present. The embedded crest 520 uses the graphical element as a carrier for the ciphertext, which in turn codes for the payload.
For example, a vendor or shop may always have their own logo present either as shown at the top in the middle, or to the side or bottom in a smaller image. In any case, the embedded crest 520 is a version of the crest element that is modified to comprise the payload. For the shown embodiment where the embedded crest 520 is a modified logo, specific pixels of such logo may be of a shade varying from an unmodified logo only imperceptibly to the human eye. As discussed above, the variations from the original logo may be very small such as a mere 1 bit of colour, making the difference imperceptible to the reader.
This can be implemented in a variety of ways; however, the principle is the same. For a document 500 with a given embedded crest 520, that specific carrier element comprises a payload after a decryption step that matches at least one data element of also present plainly I as plaintext on the document. Using relatively stable data elements in a embedded crest 520 may make it much more difficult for a fraudster to claim to have bought an item at a given store location at a given time, while being easy for such a store location to implement since it does not require dynamic encoding or embedding, which their systems may not be able to do due to computing limitations. Instead, they may simply have a static logo that encodes static information by differing from an unmodified logo.
Of course, in another embodiment the embedded crest 520 is created by dynamically encoding data elements to provide ciphertext that is then embedded into the carrier element on the document, such as the crest element 530. This may be performed by mapping certain pixels of an image to certain interpretations, maybe reading the relevant pixels row by row.
The ciphertext may be a hash created from the plaintext by appending the relevant data elements and hashing the resultant string. The ciphertext may be a graphical comparison of the altered carrier element to a matching cipher key stored in a database, which is mapped to the relevant data elements. By using an embedded crest 520, no extra element is inserted into the document 500, and it may therefore be difficult for fraudsters to identify whether the document 500 is adapted for easy authenticity assessment.
Fig. 6 illustrates a document 600 as hitherto described, except that the verification element is specifically a mirror element 620. The mirror element 620 graphically mirrors, perhaps in reduced resolution, at least one data element 610 of the document. In other words, the plaintext is a graphical element representing at least a part of the document. When the extracted image is overlaid/com pared with the document that it is embedded in, any discrepancies identify the document as inauthentic. By thus comparing the plaintext image with the document, pixel by pixel comparisons can be made. Any mismatch identifies not only the presence of a mismatch, but the specific forged area. The specific data element that has been modified can thus be determined as a mismatch between pixel colours of a given area.
In other words, instead of comprising hash values that resolve to certain alphanumeric results, the verification element resolves to an image. In a preferred embodiment, the mirror element 620 mirrors at least substantially the whole document.
Another useful part of the carrier element of Fig. 6, being the crest image 631 , is that it is a graphical element. The crest image 631 will typically be of a high resolution to ensure branding quality. Such an image in a digital document has certain pixel density that is not governed by document physical size. Using a high- resolution crest image is conventionally useful since it offers a more pleasant reader experience. Therefore, it is possible to embed a plaintext image of a useful resolution in a crest image although the crest image may physically be smaller.
One effective way to do this is to encode each pixel according to some predetermined encoding algorithm, such as using the least significant digit of the colour code. The payload can be encoded to a ciphertext and embedded simply, or the embedding of the ciphertext can itself comprise a level of encoding. For example, a toned-up pixel may be significant only if its location is one of a predetermined subset of locations. When decoding a document with such an element, the pixel locations are used to recreate the mirrored image according to some algorithm.
A given document may of course comprise any combination of verification elements as described for Figs. 3-6. For example, it may be useful to use an Aztec-code that visibly identifies itself as a verification code to deter amateur fraudsters while also having an embedded crest and/or a hidden verification code to make the document further tamper-proof. This achieves the benefit of fewer fraudulent claims while still employing advanced authenticity verification against those that would more seriously try to overcome the verification element.
Fig. 7 illustrates a computing device 150 instructed for document authenticity assessment 107. The computing device is also instructed for document generation 108 including encoding and embedding verification elements into documents.
The computing device 152 comprise a processor 151 , a networking interface 152 and a database 160. The database 160 comprises a number of ciphering algorithms I ciphers 161 , embedding algorithms 162 and document types 163. When creating a document, the document data may be received through the networking interface 152 or generated by the computing device 150 itself. The processor 151 identifies the document type 163. The document type 163 includes general type such as invoice or healthcare card as well as specific types, such as invoices from a specific retailer. Having identified the document type, the applicable cipher 161 can be used on document type 163 specific data elements. The resulting ciphertext of the relevant data elements is then embedded onto the document. If the document is to be transmitted, it can be transmitted over the networking interface 152.
During an authenticity assessment situation, the document is then received through the networking interface. Based on the document type 163, the relevant embedding algorithm is identified and the ciphertext is extracted. When the ciphertext is extracted, it is decrypted using the cipher 161. The plaintext that results is compared with the document specific data elements of the document to assess authenticity. If it matches, the computing device transmits a signal indicative of successfully authenticating the document. If the verification element does not match the intended data elements, the computing device transmits an alert signal indicative of a likely tampered document.
The computing device may communicate over the networking interface 152 as relates to document creation 108, where the computing device creates a tamper- resistant document having a verification element. The document is created by the processor 151 using the document type 163, cipher 161 and embedding algorithm 162 to copy data from the document and embed it back into the document in the shape of a verification element. It is then possible to assess the created document for authenticity using the same cipher and embedding algorithm, without looking at a database of documents.
The computing device may communicate over the networking interface 152 as relates to document assessment 107, where the computing device assesses the document for authenticity by using the verification element. The computing device 150 identifies the document type 163 and then extracts and decrypts the verification element to derive the payload using the embedding algorithm 162 and cipher 161. Thereby it is not necessary to review a list of all generated documents but instead providing a lightweight dynamic embedding algorithm 162 and cipher 161 can be used to verify the document using document-contained data.
Fig. 8 illustrates a method 100 of assessing document authenticity according to an embodiment of the invention.
First, a document having data is provided 101 , the document also having a graphical element. The graphical element is a carrier for a payload. The payload is a duplicate of some of the data otherwise comprised in the document. The document is created at some point, however, for the processes as mentioned here, it can have been created at some prior time. Providing may mean simply having it transmitted over a network.
Secondly, data is extracted 102 from the graphical element. The graphical element comprises an embedded ciphertext. The ciphertext is first extracted and then decrypted. In some embodiments where the ciphertext is an image deviation, the ciphertext is derived by comparison of the graphical element with an original image and the decryption is then comparison of this image deviation with a database of deviating images. Identifying the correct stored image then identifies a set of linked data elements also stored in the database.
The ciphertext may be embedded by a barcode which can be read to derive a ciphertext. The ciphertext may be embedded through a colouration of a series of pixels, such as only as described.
Third, the ciphertext is decoded 103 using a cipher I ciphering algorithm. This produces plaintext data elements that should match the data elements on the document. If the graphical element has been tampered with, the decoding may fail entirely or result in a faulty plaintext. For example, if the barcode has been changed, the result would likely make no sense to the reader. This is also indicative of an inauthentic document.
Fourth, the derived plaintext or a hash is compared with its designated data elements. This may be performed by creating a hash from a predetermined combination of data elements on the document to be assessed. If the generated hash does not match the expected hash value of the verification element, then the document has been modified. It is also possible to derive the plaintext values of the data elements and compare them, which may allow an investigator to identify which specific data elements have been tampered with. In either case, if the hash values or the plaintext data elements match, the document is considered authentic. If not, the document is considered inauthentic.
Fifth, a signal is transmitted indicative of the result of the comparison 104 so that if the derived data matches the designated plaintext data elements, a signal is transmitted indicating that the document is authentic. If not, then a signal is transmitted indicating that the document is inauthentic.
1. A method comprising assessing authenticity of a digital document by:
- providing the digital document (170) for assessment, which document grants authority over a product or the rights of a person, the document having:
- data (110) uniquely identifying and/or describing the product or person, the data being such as payment amount, payment date, transaction identity, social security number and/or vendor identity, and
- a verification element (120) being graphical and identifying at least some of said data (110’),
- extracting plaintext data (110’) identified by the verification element (120), and
- if the plaintext data (110’) is not identical to data (110) otherwise comprised in the document (170), the document is marked as inauthentic and an alert signal is transmitted.
2. A method according to claim 1 , where the verification element is a ciphertext graphically embedded on the document, whereby the verification element is incomprehensible to a neurotypical person.
3. A method according to any of claims 1-2, where the verification element (120) is a barcode element (320) such as a two-dimensional barcode.
4. A method according to any of claims 1-3 where the verification element (120) is a mirror element (630) that, after extraction, graphically represents at least some of the data otherwise present in the document, where the step of determining whether the extracted data is identical to data otherwise comprised in the document comprise, in the event that the data does not match, identifying which specific area of the document that does not match, where the mirror element preferably represents the whole document.
5. A method according to any of claims 1-4, where the verification (120) is a hidden verification element (420), where the graphical element is a carrier element that superficially does not hold data, and where the data identified by the graphical element is steganographically embedded in the carrier element.
6. A method according to claim 5, wherein the verification element (120) uses a graphical crest element (530, 630) such as a logo or banner as a carrier element.
7. A method according to claim 6, wherein the data elements comprised in the crest element are retailer data (111 ), preferably at least vendor location.
8. A method according to any two of claims 3-6, where the document (170) comprises two different graphical elements, preferably at least one hidden verification element (420) and one mirror element (630).
9. A method according to any of claims 2-6 where verification element decoding comprises matching the verification element (120) to one of a list of possible decoding images in a database, where the paired data element content is stored in the database associated with the decoding image.
10. A computing device (150) having a processor (151 ) adapted to perform the steps of any of claims 1 -9.
11. A computer program comprising instructions which cause the computer to carry out the method of any of claims 1-9, when the program is executed by a computer.
12. A computer-readable medium comprising instructions which cause the computer to carry out the method of any of claims 1-9, when executed by a computer.
Priority Applications (2)
|Application Number||Priority Date||Filing Date||Title|
|Publication Number||Publication Date|
|WO2022101386A1 true WO2022101386A1 (en)||2022-05-19|
Family Applications (1)
|Application Number||Title||Priority Date||Filing Date|
|PCT/EP2021/081475 WO2022101386A1 (en)||2020-11-13||2021-11-12||Document authenticity assessment|
Country Status (1)
|WO (1)||WO2022101386A1 (en)|
|Publication number||Priority date||Publication date||Assignee||Title|
|WO2012142061A1 (en) *||2011-04-13||2012-10-18||Verisign, Inc.||Authentic barcodes using digital signatures|
|US20180046889A1 (en) *||2016-08-15||2018-02-15||Lenovo (Singapore) Pte. Ltd.||Verifying integrity of physical documents|
- 2021-11-12 WO PCT/EP2021/081475 patent/WO2022101386A1/en unknown
Patent Citations (2)
|Publication number||Priority date||Publication date||Assignee||Title|
|WO2012142061A1 (en) *||2011-04-13||2012-10-18||Verisign, Inc.||Authentic barcodes using digital signatures|
|US20180046889A1 (en) *||2016-08-15||2018-02-15||Lenovo (Singapore) Pte. Ltd.||Verifying integrity of physical documents|
|US10565490B2 (en)||Systems and methods for generating secure tags|
|US7387249B2 (en)||Product verification and authentication system and method|
|US8421593B2 (en)||Apparatus, systems and methods for authentication of objects having multiple components|
|US20050234823A1 (en)||Systems and methods to prevent products from counterfeiting and surplus production also of tracking their way of distribution.|
|JP5319621B2 (en)||Method and system for preventing counterfeiting, diversion and piracy of products|
|TW437229B (en)||Digital signature or electronic seal authentication system and recognized mark management program|
|US6442276B1 (en)||Verification of authenticity of goods by use of random numbers|
|US20050132194A1 (en)||Protection of identification documents using open cryptography|
|JP4608014B2 (en)||Article processing method|
|KR101511918B1 (en)||QR code for counterfeit and forgery prevention, a system for automatically producing QR codes for counterfeit and forgery prevention and the operating method therefor|
|US20140095398A1 (en)||Double ID Anti-Counterfeit Method and System|
|JPH08305857A (en)||Method and apparatus for recognition of printed document|
|JP2004094510A (en)||False display preventing method in merchandise circulation and alternation preventing function added label writing device used for the same|
|US20060020803A1 (en)||Systems and methods for authentication of items or documents|
|US20140324716A1 (en)||Method and system for deterring product counterfeiting|
|EP2474948A1 (en)||Tracing and recalling system for managing commodity circulation based on internet|
|US20020034305A1 (en)||Method and system for issuing service and method and system for providing service|
|US20130317996A1 (en)||Systems and Methods for Tracking Status of Random Unique Code Strings and Generation of Random Unique Code Strings|
|JP2008090596A (en)||Electronic register, receipt determination device, processing method of electronic register, and receipt determination method|
|RU2608240C2 (en)||Method of protecting products from forgery and checking authenticity of counterfeit-protected products|
|WO2022101386A1 (en)||Document authenticity assessment|
|TWI518598B (en)||A barcode tamper-proofing system and method thereof|
|JP2019114217A (en)||Pl insurance application reference determination system using dna-iot authentication technology|
|CN112308683A (en)||Block chain-based steel quality guarantee book generation and management method and system|
|JP2020144797A (en)||Information management device and its program|