WO2023038734A1

WO2023038734A1 - Image authentication

Info

Publication number: WO2023038734A1
Application number: PCT/US2022/039005
Authority: WO
Inventors: Simon Phillips; Valerie WOUTERS; Alan Johnson
Original assignee: Mastercard International Incorporated
Priority date: 2021-09-07
Filing date: 2022-08-01
Publication date: 2023-03-16
Also published as: GB2610439A; GB202112742D0

Abstract

The present invention relates to a method 10 of authenticating an image. The method 10 comprises: producing 1 a first hash of first data using a hash function; encrypting 2 the first hash; delivering 3 the first data, the hash function and the encrypted first hash; decrypting 4 the encrypted first hash; producing 5 a second hash of the first data using the hash function; determining 6 if the decrypted first hash corresponds to the second hash; and authenticating the image if the decrypted first hash corresponds to the second hash. The first data comprises image data of the image and data relating to the contents of the image. The method 10 may be used to determine if a person is authorised to use payment details to complete a transaction. Also discloses is a system 20 for authenticating an image. The system comprises a first party system 21, a third-party system 22 and a receiving party system 23. The first party system 21 is configured to deliver first data, the first data comprising image data of the image and data relating to the contents of the image. The third-party system 22 is configured to: produce a first hash of the first data using a hash function, and encrypt the first hash. The receiving party system 23 is configured to: decrypt the first hash, produce a second hash of the first data using the hash function, and authenticate the image by verifying the decrypted first hash against the second hash.

Description

IMAGE AUTHENTICATION

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of United Kingdom Patent Application No. 2112742.8, which was filed on September 7, 2021, the entire contents of which are hereby incorporated by reference for all purposes.

TECHNICAL FIELD

The present invention relates to a method of authenticating an image and a system for authenticating an image.

BACKGROUND It is known to use an image of a person to verify the identity of the person shown in the image. For example, it is known to use a passport comprising an image of a person to verify the identity of the person and determine if the person is authorised to travel. It is possible for a passport to have been tampered with such that a person shown in an image on the passport is not the genuine owner of the passport. It may be desirable to be able to determine whether the person shown in the image is the genuine owner of the passport. It may be desirable to authenticate an image of a person in any process in which the identity of the person is required to be verified.

SUMMARY OF THE INVENTION A first aspect of the invention provides a method of authenticating an image. The method comprises: producing a first hash of first data using a hash function; encrypting the first hash; delivering the first data, the hash function and the encrypted first hash; decrypting the encrypted first hash; producing a second hash of the first data using the hash function; determining if the decrypted first hash corresponds to the second hash; and authenticating the image if the decrypted first hash corresponds to the second hash. The first data comprises image data of the image and data relating to the contents of the image.

Any suitable hash function may be used, such as an MD5 or SHA hash function. Determining if the decrypted first hash corresponds to the second hash may be carried out by any suitable algorithm. The method may comprise delivering the first data, the hash function and the encrypted first hash to an authorised party. The authorised party may possess means to decrypt the encrypted first hash. For example, the first hash may be encrypted using a private key and the authorised party may- posses a public key corresponding to the private key.

The data relating to the contents of the image may comprise semantic metadata. The semantic metadata may comprise data suitable for identifying the contents of the image. The contents of the image may comprise a subject of the image. The subject of the image may comprise a person. The semantic metadata data may comprise data suitable for identifying the person. The semantic metadata data may comprise one or more of: a name, a date of birth, a place of birth, and/or a signature. The semantic metadata data may comprise one or more physical attributes of the subject of the image. The one or more physical attributes may comprise: hair colour, hair style, eye colour, facial hair, and/or facial geometry. The semantic metadata may comprise biometric data. The biometric data may comprise one or more of: fingerprint data, DNA data, or iris recognition data.

Where the contents of the image comprise a subject of the image, authenticating the image may comprise determining that the image is a true image of the subject. Where the subject of the image comprises a person and the data relating to the contents of the image comprises semantic metadata, authenticating the image may comprise determining that the image is a true image of the person as identified using the semantic metadata.

In another example, the subject of the image may comprise an animal. The data relating to the contents of the image may comprise data relating to ownership of the animal, such as a name and other identifying information of an owner of the animal. In an implementation of the invention, a collar, such as a dog collar or a cat collar, may be provided with a USB device. On the USB device may be stored an image of an animal alongside data relating to ownership of the animal, a hash function, and an encrypted hash of the data, the hash being produced using the hash function. The animal may wear the collar so that if the animal becomes lost and subsequently- found, the true owner of the animal can be identified and authenticated using the data, hash function, and encrypted hash stored on the USB device with a method according to an embodiment of the invention.

In another example, the contents of the image may comprise an object. The data relating to the contents of the image may comprise data suitable for identifying the object. The object may comprise an object of significant value, such as a rare car, a special edition pair of shoes, or a rare bottle of wine. The first data, the hash function and the encrypted first hash may be supplied by an authorised supplier of the object to an authorised buyer of the object. The invention enables the authorised buyer to determine that the object is genuine. For example, the object may be a rare car and the data suitable for identifying the object may comprise a vehicle identification number (VIN) and the colour of the car. The authorised buyer may receive means to decrypt the first hash, for example from a trusted third party. The authorised buyer is then able to authenticate the image as described above. If the image is successfully authenticated, the authorised buyer is able to check the colour of the physical car against the colour of the car in the authenticate image. Likewise, the authorised buyer is able to check the VIN of the car, which typically engraved on the bodywork of the car, against the VIN provided with the authenticated image.

In another example, the object may comprise a special edition pair of shoes. The data suitable for identifying the object may comprise a colour of the shoes, a logo present on the shoes, and a serial number etched into the shoes. If an authorised buyer is able to successfully authenticate the image, the buyer can check the colour, logo, and serial number of the physical shoes against the colour, logo, and serial number shown in the image. If these match, then the buyer can determine that the shoes are genuine.

In another example, the object may comprise a rare bottle of wine and the data suitable for identifying the object may comprise features of the label of the bottle, such as colours, shapes, or wording present on the label. If an authorised buyer of the bottle is able to successfully authenticate the image, the buyer can check the features of the label of the physical bottle against the features of the label shown in the authenticated image. If these match, then the buyer can determine that the bottle is genuine. In another example, the contents of the image may comprise a document. The data relating to the contents of the image may comprise data suitable for identifying the document. For example, the document may comprise a contract. The invention enables an authorised party to authenticate an image of the contract, to ensure that the contract has not been altered, and identify the image as that of the contract and not a different document.

In another example, the contents of the image may comprise an artwork, such as a painting. The data relating to the contents of the image may comprise data relating to ownership of the artwork. When selling the artwork, for example, the artwork may be accompanied by a suitable storage medium on which may be stored an image of the artwork alongside data relating to ownership of the artwork, a hash function, and an encrypted hash of the data, the hash being produced using the hash function. It can then be determined that the party sel ling the artwork is the true owner of the artwork using the data, hash function, and encrypted hash with a method according to an embodiment of the invention. It can then be determined that the artwork is genuine and not a replica, for example.

The contents of the image may comprise a colour. The data relating to the contents of the image may comprise semantic metadata suitable for identifying the colour. For example, the colour may be a particular shade of orange and the semantic metadata may comprise an identifier, such as a name or code, suitable for identifying the particular shade of colour.

A second aspect of the invention provides a method of authorising a transaction. The method comprises: performing the method according to the first aspect of the invention, wherein the data relating to the contents of the image comprises semantic metadata, and the contents of the image comprises a person; delivering payment details; delivering data identifying an authorised user of the payment details; and authorising the transaction if the image is authenticated, a further image of the person matches the authenticated image, and the semantic metadata matches the data identifying an authorised user of the payment details.

The payment details may comprise a primary account number or a payment token. The method may comprise a further authentication step. The further authentication step may comprise providing a personal identification number. The payment details may be stored on a portable communications device. The further authentication step may comprise ‘unlocking’ the portable communications device. Unlocking the portable communications device may comprise using a biometric identifier, such as a fingerprint, or using image recognition of an image of a user’s face captured by a camera of the device in a known manner.

A third aspect of the invention provides a method of determining if a person is an authorised owner of a document. The method comprises: performing the method according to the first of the invention, wherein the data relating to the contents of the image comprises semantic metadata, and the contents of the image comprises a person; binding the first data, the hash function and the encrypted first hash with the document; and determining that the person is an authorised owner of the document if: the image is authenticated, and a further image of the person matches the authenticated image.

The document may comprise a physical document. The physical document may comprise a coded image configured to represent the first data, the hash function and the encrypted first hash. The document may comprise an electronic document. Binding the first data, the hash function and the encrypted first hash with the document with the electronic documents may comprise digital binding. The digital binding may comprise digitally signing the electronic document.

A fourth aspect of the invention provides a method of authenticating a signature. The method comprises: performing the method according to the first aspect of the invention, wherein the data relating to the contents of the image comprises semantic metadata, the contents of the image comprises a person, and the semantic metadata comprises a signature; and authenticating the signature if: the image is authenticated, a further image of the person matches the authenticated image, and a signature provided by the person matches the signature of the semantic metadata.

The method of the second, third, or fourth aspects of the invention may comprise using computer-implemented image recognition to compare the further image and the authenticated image to determine if the further image of the person matches the authenticated image. The image recognition may comprise using an artificial neural network to process the further image and the authenticated image. The artificial neural network may comprise a convolutional neural network comprising a plurality of hidden convolution layers. The artificial neural network may be configured to extract features from the further image and the authenticated image, in the form of a feature vector. The feature vectors of the further and authenticated image may be compared to determine a degree of similarity (e.g. by Euclidean distance, or a weighted sum of differences). The further image may be considered the same if the degree of similarity meets a threshold test (e.g. within a maximum Euclidean distance, or a weighted sum of differences that is below a threshold).

A fifth aspect of the invention provides a method of authenticating a further image. The method comprises: performing the method according to the first aspect of the invention, wherein the data relating to the contents of the image comprises semantic metadata, and the contents of the image comprises a person; if the image is authenticated, comparing the data relating to the contents of the image with data relating to the contents of a further image; and authenticating the further image if the data relating to the contents of the further image matches the data relating to the contents of the authenticated image.

The method may comprise using machine learning or artificial intelligence to compare the data relating to the contents of the image with the data relating to the contents of the further image.

In use, the further image may be captured by a suitable camera. The method may comprise comparing the further image and the authenticated image. The method may comprise authenticating the image if the further image if the further image matches the authenticated image. The method may comprise using computer-implemented image recognition to compare the further image and the authenticated image to determine if the further image matches the authenticated image. The image recognition may comprise using an artificial neural network to process the further image and the authenticated image. The artificial neural network may comprise a convolutional neural network comprising a plurality of hidden convolution layers. The artificial neural network may be configured to extract features from the further image and the authenticated image, in the form of a feature vector. The feature vectors of the further and authenticated image may be compared to determine a degree of similarity (e.g. by Euclidean distance, or a weighted sum of differences). The further image may be considered the same if the degree of similarity meets a threshold test (e.g. within a maximum Euclidean distance, or a weighted sum of differences that is below a threshold).

The method of any of the embodiments described herein may comprise a further authentication step. The further authentication step may comprise comparing the semantic metadata delivered with the image data with captured semantic metadata. Where the semantic metadata delivered with the image comprises biometric data, the further authentication step may comprise comparing the biometric data with captured biometric data. For example, where the biometric data comprises fingerprint data, the method may comprise capturing a fingerprint from a person claiming to be the subject of the image and comparing the captured fingerprint with the fingerprint data delivered with the image. This comparison may be carried out using a suitable computer program, such as an image recognition program.

The method of any of the embodiments described herein may comprise receiving a unique identifier from a trusted party. The method may comprise delivering the first data, the hash function and the encrypted first hash to the trusted party in dependence on receiving the unique identifier. In an example, the trusted party may be a merchant and the first data, the hash function and the encrypted first hash may be sent to the merchant on receipt of the unique identifier, for example to enable completion of a transaction.

The image and/or further image of any of the above described embodiments may comprise any image, live or recorded, of the person.

In any of the embodiments described herein, determining if the decrypted first hash corresponds to the second hash may comprise determining if the decrypted first hash is identical to the second hash. In any of the embodiments described herein, the image data may comprise raw image data or processed image data. The image may comprise a still image or a video.

In any of the embodiments described herein, encrypting the first hash may comprise using public key cryptography. Encrypting the first hash may comprise digitally signing the first hash using a private key. Decrypting the encrypted first hash may comprise using a public key corresponding to the private key.

In any of the embodiments described herein, encrypting the first hash may comprise using a public key. Decrypting the encrypted first hash may comprise using a private key corresponding to the public key.

In any of the embodiments described herein, encrypting the first hash and decrypting the encrypted first hash may comprise using symmetric encryption. Encrypting the first hash and decrypting the encrypted first hash may comprise using identical keys.

The method of any of the embodiments described herein may comprise delivering the first data to a third party. The method may comprise producing the first hash and/or encrypting the first hash if the first data is verified by the third party.

Another aspect of the invention provides a system for authenticating an image. The system comprises a first party system, a third- party system, and a receiving party system. The first party system is configured to deliver first data, the first data comprising image data of the image and data relating to the contents of the image. The third-party system is configured to: produce a first hash of the first data using a hash function and encrypt the first hash. The receiving party system is configured to: decrypt the first hash, produce a second hash of the first data using the hash function, and authenticate the image by verifying the decrypted first hash against the second hash.

The data relating to the contents of the image may comprise semantic metadata.

The third-party system may be operated by a payment network. The first party system may be operated by a consumer. The receiving party system may be operated by a merchant. The receiving party system may be configured to compare data relating to the contents of the image with data relating to the contents of a further image if the image is authenticated. The receiving party system may be configured to authenticate the further image if the data relating to the contents of the further image matches the data relating to the contents of the authenticated image.

The receiving party system may comprise a camera configured to capture the further image.

The receiving party system may be configured to use artificial intelligence to compare the data relating to the contents of the image with the data relating to the contents of the further image.

The term ‘digital wallet’ as used herein refers to a system comprising electronic components (such as one or more processors, memory devices, or servers) suitable for storing information used to complete transactions. Such information may comprise actual payment credentials, tokenised payment credentials, and information relating to a specific transaction. The information stored by a digital wallet may be stored in an encrypted form.

The term ‘payment token’ as used herein refers to non-sensitive data, itself having no extrinsic or exploitable meaning or value, which is used to replace sensitive payment data, such as a primary account number (PAN). A payment token is produced and mapped back to the payment data using a tokenisation system.

BREIF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings:

Figure I illustrates a method according to an embodiment; and Figure 2 illustrates a system for authenticating an image according to an embodiment.

DETAILED DESCRIPTION

Figure 1 illustrates a method 10 according to an embodiment. The method comprises, at step 1, producing a first hash of first data using a hash function. The first data comprises image data of the image and data relating to the contents of the image. At step 2, the first hash is encrypted. At step 3, the first data, the hash function and the encrypted first hash are delivered. At step 4, the encrypted first hash is decrypted. At step 5, a second hash of the first data is produced using the hash function. At step, 6 it is determined if the decrypted first hash corresponds to the second hash. If the decrypted first hash corresponds to the second hash at step 6, the image is authenticated.

In some embodiments, the image data of the image comprises raw image data read by an image sensor, for example an image sensor of a digital camera. In some embodiments, the image data may comprise processed raw data in any suitable format, such as TIFF or JPEG. The image data may comprise metadata of the image itself, for example data relating to the image sensor settings used to obtain the image. The metadata of the image itself may be stored in Exif format. The image may comprise a still image or a video.

The data relating to the contents of the image may comprise semantic metadata. The semantic metadata may comprise data suitable for identifying the contents of the image, for example a subject of the image. The semantic metadata data may comprise data suitable for identifying a person where the person is a subject of the image. Such semantic metadata may comprise: a name, a date of birth, a place of birth, and/or a signature. Authenticating the image may comprise determining that the image is a true image of the subject. For example, where the semantic metadata comprises the name ‘Bob’, authenticating the image may comprise determining that the subject of the image is the person identified as Bob and not of any other person. Once the image is authenticated, the image can be used to identify the actual subject of the image. For example, an authorised person, such as a police officer or passport control officer, may be provided with the authenticated image. The authorised person can then determine if a person claiming to be the subject of the image, e.g. a person claiming to be Bob, is actually the subject of the image.

As well as determining if a person claiming to be the subject of the image is actually the subject of the image, the method can also be used to further determine if that person is authorised to carry out certain activities. For example, where the semantic metadata comprises the age of the person, the method can be used to verify if the person is authorised to purchase age- restricted goods such as alcohol. Where the semantic metadata comprises a name of the person, the name can be cross-referenced against a list of names. For example, the name can be cross-referenced against a list of names of people eligible to vote in an election to determine if the person is eligible to vote in the election.

In another example, a machine learning or artificial intelligence program may be provided with the authenticated image. The program may perform an image recognition process on the authenticated image to determine semantic metadata from the image in the form of one or more physical attributes, such as eye colour or facial geometry. Alternatively, if the semantic metadata previously delivered with the image to be authenticated comprises one or more physical attributes, this semantic metadata may be provided to the program along with the authenticated image. The program may then perform an image recognition process on a captured image of a person claiming to be the subject of the authenticated image to determine semantic metadata from the captured image. The program may then compare the semantic metadata determined from the captured image with the semantic metadata of the authenticated image to determine if the subject of the captured image is the same as the subject of the authenticated image.

Encrypting the first hash may comprise using public key cryptography. This may comprise digitally signing the first hash. Digitally signing the first hash may comprise encrypting the first hash using a private key. Decrypting the first hash may comprise using a public key corresponding to the private key. In some embodiments, encrypting the first hash may comprise using a public key. Decrypting the encrypted first hash may comprise using a private key corresponding to the public key. In some embodiments, encrypting the first hash and decrypting the encrypted first hash may comprise using symmetric key cryptography. Encrypting the first hash and decrypting the encrypted first hash may comprise using the identical keys.

The method 10 may be used to authenticate payment details during completion of a transaction. A payment device belonging to a consumer may be configured to store payment details winch the consumer is authorised to use to complete a transaction. The payment device may comprise a physical card, such as a debit card or credit card. The payment device may comprise a portable communications device comprising a digital wallet configured to store a payment token. The payment device may also be configured to store: first data comprising image data of an image of the consumer and data relating to the contents of the image, such as semantic metadata suitable for identifying the consumer; a hash function; and an encrypted first hash of the first data, the first hash being produced using the hash function.

During completion of a transaction, the first data, hash function and encrypted first hash may be delivered to a merchant system from the payment device, for example by means of a point of sale device. The merchant system may comprise one or more processors, servers and other computational equipment hosted by a merchant. The merchant system may be configured to decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the first hash corresponds to the second hash, for example by determining if the first hash is identical to the second hash. If the decrypted first hash corresponds to the second hash, the merchant system authenticates the image, for example by determining that the image is a true image of the consumer.

The merchant system may also be configured to produce a viewable image using the image data. If an operator of the merchant system is able to identify the consumer in person as the person shown in the viewable image, after the image has been authenticated, the operator may verify that the consumer is authorised to use the payment details to complete the transaction. Alternatively, the merchant system may capture an image of the consumer and perform an image recognition process on the captured image to determine semantic metadata from the captured image. A machine learning or artificial intelligence program may then be used to compare the semantic metadata determined from the captured image with the semantic metadata of the authenticated image to determine if the subject of the captured image is the same as the subject of the authenticated image. This may remove the need for an operator of the merchant system to use their judgement in determining if the consumer in person is the subject of the authenticated image. Once the consumer is verified as the subject of the authenticated image, the consumer may then authorise completion of the transaction and the transaction may be completed.

In the above example, authentication of the payment details by means of the method 10 may be implemented in addition to another means of authenticating the payment details. For example, the consumer may also provide authentication by providing a personal identification number (PIN) and/or by ‘unlocking’ a portable communications device. The method 10 may therefore advantageously improve the security of transactions by providing an additional means of payment detail authentication.

Known techniques for authenticating payment details do not typically involve identifying a consumer. Payment details may be authenticated, for example, by a consumer providing a PIN together with payment details. This does not prevent an unauthorised party who has illegitimately gained access to both the PIN and the payment details from using the payment details to complete a transaction. The method 10 may be used to prevent authentication of the payment details in this example, because the unauthorised party would not be verified as the consumer shown in the authenticated image. The method 10 may therefore be used to improve security of transactions through improved payment detail authentication.

In another example use case of the method 10, a portable communications device, such as a mobile phone or tablet, belonging to a consumer may be configured to store: payment details which the consumer is authorised to use to complete a transaction; first data comprising image data of an image of the consumer and data relating to the contents of the image, such as semantic metadata suitable for identifying the consumer; a hash function; and an encrypted first hash of the first data, the first hash being produced using the hash function. The consumer may visit a shop in which is located an authentication system comprising a camera, a transmitter, and a receiver. The camera may be configured to capture an image of the consumer as they enter the shop. The transmitter may be configured to transmit a unique identifier which is received by the portable communications device via an application, such as a mobile banking application, installed on the device. In some examples, the transmitter may utilise Bluetooth low energy proximity sensing to transmit the unique identifier. After receiving the unique identifier, the portable communications device may deliver the first data, the payment details, the hash function, and the encrypted first hash to the receiver.

Delivery of information from the portable communications device to the receiver may be dependent on consent provided by the consumer. The authentication system then associates the image captured by the camera with the information received by the receiver.

A point of sale operator in the shop may be able to view the image captured by the camera and access information received by the receiver using a suitable computing device. The computing device may be configured to decrypt the encrypted first hash, produce a second hash of the image data and payment data, and determine if the first hash corresponds to the second hash, for example by determining if the first hash is identical to the second hash. The computing device may also be configured to produce a viewable image using the image data. If the decrypted first hash corresponds to the second hash, the computing device authenticates the image of the consumer delivered by the portable communications device. The point of sale operator may compare the image of the consumer captured by the camera and the authenticated image. Alternatively, image recognition performed on the captured image and machine learning or artificial intelligence may be used to compare the captured image and the authenticated image, as described above.

The image recognition may comprise using an artificial neural network to process the captured image and the authenticated image. The artificial neural network may comprise a convolutional neural network comprising a plurality of hidden convolution layers. The artificial neural network may be configured to extract features from the captured image and the authenticated image, in the form of a feature vector. The feature vectors of the captured and authenticated image may be compared to determine a degree of similarity (e.g. by Euclidean distance, or a weighted sum of differences). The captured image may be considered the same if the degree of similarity meets a threshold test (e.g. within a maximum Euclidean distance, or a weighted sum of differences that is below a threshold). If the subject of the captured image is the same as the subject of the authenticated image, it is verified that the consumer is authorised to use the payment details to complete a transaction. The consumer is then able to complete a transaction by authorising completion of the transaction. During completion of the transaction, the consumer may be required to provide additional authentication, for example by means of a personal identification number (PIN) or through ‘unlocking’ the portable communications device.

The authentication system may be configured to lock the portable communications device if the subject of the captured image is not the same as the subject of the authenticated image. For example, a signal may be transmitted from the transmitter of the authentication system to the portable communications device to prevent the unverified subject of the captured image from unlocking the communications device and completing any transactions. The data accompanying the image data may further comprise a list of merchants authorised by the consumer and/or a location area within which merchants are authorised by the consumer. The authentication system may be configured to lock the portable communications device if the authentication system determines that the merchant is not authorised by the consumer.

The method 10 may be used to determine if a person is an authorised owner of a document, for example if a person is the genuine purchaser of a ticket for an event. The document may comprise a coded image which represents information, for example a binary barcode or a QR code. The coded image may be configured to represent: first data comprising image data of an image of the authorised person, and data relating to the contents of the image, such as semantic metadata suitable for identifying the authorised person; a hash function; and an encrypted first hash of the first data, the first hash being produced using the hash function.

An authorising system may comprise a reader configured to read the coded information, and a processor configured to process the information read by the reader. The first data, the hash function and the encrypted first hash may be delivered to the authorising system by reading and processing the coded information. The authorising system, for example the processor, may be configured to decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the first hash corresponds to the second hash, for example by determining if the first hash is identical to the second hash. If the decrypted first hash corresponds to the second hash, the authorising system authenticates the image, for example by determining that the image is a true image of the authorised person. The authorising system may also be configured to produce a viewable image using the image data. If an operator of the authorising system is able to identify a person as the person shown in the viewable image, after the image has been authenticated, the operator may verify that the person is an authorised owner of the document.

The method 10 may be used to inhibit an unauthorised transfer of the document in the above example, because an unauthorised person would not be verified as the authorised owner of the document shown in the authenticated image. The method 10 may therefore be used to improve security of document transfers.

In some embodiments, the data relating to the contents of the image may comprise a signature of a person, where the person is the subject of the image. In an example use case, a consumer may purchase goods from a merchant via a website. During or before completion of the purchase, first data comprising image data of an image of the consumer and a signature of the consumer may be created. A first hash of the first data may be created using a hash function, and the first hash may be encrypted. During or after completion of the purchase, the first data, hash function and encrypted first hash may be delivered to the merchant. The merchant may decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the first hash corresponds to the second hash, for example by determining if the first hash is identical to the second hash. If the decrypted first hash corresponds to the second hash, the image and the signature are authenticated. For example, if the decrypted first hash corresponds to the second hash, the image may be verified as being a true image of the consumer and the signature may be verified as being a true signature of the consumer.

Upon delivery of the goods to the consumer, the consumer may be requested to provide a signature. A viewable image of the consumer, produced using the image data delivered to the merchant, and the signature delivered to the merchant may be provided to a delivery person after the image and the signature have been authenticated. If the delivery person is able to identify the consumer in person as the as the person shown in the authenticated image, and is able to match the signature provided by the consumer with the authenticated signature, then the delivery person may verify that they are delivering the goods to the correct recipient.

The method 10 may be used to prevent unauthorised delivery of the goods in the above example, because an unauthorised person would not be verified as the person shown in the authenticated image, and/or a signature of the unauthorised person would not match the authenticated signature. The method 10 may therefore be used to improve security of delivery of goods and services.

In another example use case, the method 10 may be used when updating information contained within an identification document, such as a passport or driving licence. In a first example, the method 10 may be used to update an image contained within an identification document. In a second example, the method 10 may be used to update semantic data contained within the existing identification document. First data comprising image data of an image of the identification document owner and data relating to the contents of the image, such as semantic data contained within the existing identification document, may be created. The image may comprise an updated image of the identification document owner, or the data relating to the contents of the image may comprise updated semantic data. A first hash of the first data may be created using a hash function, and the first hash may be encrypted. The first data, hash function and encrypted first hash may be delivered to an authorised party, such as a passport office. The authorised party may decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the first hash corresponds to the second hash, for example by determining if the first hash is identical to the second hash. If the decrypted first hash corresponds to the second hash, the image is authenticated. If the image is authenticated, the authorised party may replace an existing image on the identification document with the updated image, or replace existing semantic data contained within the identification document with the updated semantic data.

The method 10 may be used to prevent the existing image on the identification document being updated with an image that is not a true image of the owner of the identification document, or prevent existing semantic data contained within the identification document being replaced with semantic data which relates to someone other than the owner of the identification document. The method 10 may therefore be used to improve security of changes made to identification documents.

Figure 2 illustrates a system 20 for authenticating an image according to an embodiment. The system 20 may be used to carry out the method 10 of Figure 1. The system 20 comprises a first party system 21, a third-party system 22 and a receiving party system 23. The first party system

21 is configured to provide first data, the first data comprising image data of the image and data relating to the contents of the image. The third-party system 22 is configured to: produce a first hash of the first data using a hash function and encrypt the first hash. The receiving party system 23 is configured to: decrypt the first hash, produce a second hash of the first data using the hash function, and authenticate the image if the decrypted first hash corresponds to the second hash.

In an example use case of the system 20, the system is used to authenticate payment details during completion of an online transaction. The first party system 21 may be operated by a consumer. The third-party system

22 may be operated by a third party, such as a third party who also operates a payment network. An example of a payment network is the Mastercard payment network. The receiving party system 23 may be operated by a merchant.

The first party system 21 comprises a device 211 configured to provide first data. In the example use case, the first data comprises image data of an image of the consumer, and semantic metadata suitable for identifying the consumer. The device 211 may comprise a payment device configured to store payment details which the consumer is authorised to use to complete the transaction. The payment device may comprise a portable communications device, such as a mobile phone or tablet, comprising a digital wallet configured to store a payment token. The payment device may be configured to create and/or store the first data. For example, where the payment device comprises a portable communications device, the portable communications device may comprise a digital camera configured to capture the image data.

Prior to initiating the transaction, the consumer delivers the first data to the third party. The third-party system 22 comprises a verification processor 221 configured to receive the first data. The first data may be delivered from the device 211 to the verification processor 221. The verification processor 221 is configured to determine the authenticity of the image data and the semantic metadata, i.e. to determine if the data delivered from the payment device relates to the consumer who is authorised to use the payment device to complete the transaction.

The verification processor 221 may be configured to access image data and semantic data relating to the consumer which is stored on a secure server. For example, where the third party also operates a payment network, the verification processor 221 may be configured to access image data and semantic data hosted by an issuer of a PAN corresponding to the payment token stored by the digital wallet of the portable communications device. The verification processor 221 may be configured to compare the image data and the semantic metadata delivered from the device 21 1 to the data stored on the secure server. If the delivered data matches the stored data, the verification processor 221 may verify the delivered data.

The third-party system 22 further comprises an encryption processor 222. In some embodiments, the verification processor 221 and the encryption processor 222 are arranged as a single processor. The encryption processor 222 is configured to receive the verified first data from the verification processor 221, produce a first hash of the first data using a hash function, and encrypt the first hash. The encryption processor 222 may encrypt the first hash using a private key, a public key, a symmetric key, or by any other suitable means. The encryption processor 222 is further configured to deliver the verified first data, the hash function and the encrypted first hash to the device 211 of the first party system 21 .

When the consumer wishes to initiate the transaction, the consumer delivers, by means of the device 211, the verified first data, the hash function, and the encrypted first hash to the receiving party system 23. The consumer also delivers the payment details to the receiving party system 23, for example by means of the device 211 or by separate means. The consumer may also provide an image of themselves which is time-stamped with the time at which the transaction was initiated. This may prove that the image was provided with consent of the consumer and not by an unauthorised party, such as someone who has illegitimately obtained the portable communications device and has provided an old image of the consumer stored on the device. The image provided by the consumer may also be accompanied by a cryptographic nonce or a cryptogram that binds the image to the transaction. This could be used to prove that the consumer authorised the transaction in the event of a later dispute.

The receiving party system 23 comprises an imageauthentication processor 231. The image-authentication processor 231 is configured to receive the time-stamped image, the verified first data, the hash function and the encrypted first hash from the device 211. The imageauthentication processor 231 is also configured to decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the decrypted first hash corresponds to the second hash. The image-authentication processor 231 may be configured to decrypt the encrypted first hash using a private key, a public key, a symmetric key, or by any other suitable means. If the first hash corresponds to the second hash, for example i f the first hash and the second hash are identical, then the imageauthentication processor 231 authenticates the image. The merchant is then able to complete the transaction, in dependence on the consumer providing authorisation to do so. In some examples, the consumer may provide authorisation to complete the transaction after the image has been authenticated, or the consumer may provide authorisation at the same time as delivering the verified first data, the hash function and the encrypted first hash to the receiving party system 23.

The image-authentication processor 231 may be implemented as one or more processors configured to decrypt the encrypted first hash, produce a second hash of the first data using the hash function, and determine if the decrypted first hash corresponds to the second hash. In some embodiments, the image-authentication processor 231 may be implemented as three separate processors, each of the processors being configured to carry out one of: decrypting the encrypted first hash, producing the second hash, and determining if the decrypted first hash corresponds to the second hash. In known processes used to complete a transaction, authentication of payment details may comprise a merchant requesting authentication from an issuer of a payment device which a consumer wishes to use to complete a transaction. This may comprise the merchant sending a request via an acquirer, with the request then being sent via a payment network to the issuer where the payment details may be authenticated, before a confirmation of authentication is sent from the issuer, via the payment network, to the acquirer and then to the merchant. Such a process requires extensive use of computing and network resources. Use of the method 10 and/or the system 20 to authenticate payment details avoids the need for a merchant to request authentication from an issuer. The merchant can carry out the authentication themselves using their own resources. This provides for a more efficient use of computing and network resources.

Claims

1. A method of authenticating an image, the method comprising: producing a first hash of first data using a hash function; encrypting the first hash; delivering the first data, the hash function and the encrypted first hash; decrypting the encrypted first hash; producing a second hash of the first data using the hash function; determining if the decrypted first hash corresponds to the second hash; and authenticating the image if the decrypted first hash corresponds to the second hash; wherein the first data comprises image data of the image and data relating to the contents of the image.

2. The method of claim 1 , wherein the data relating to the contents of the image comprises semantic metadata.

3. The method of claim 2, wherein the contents of the image comprises a person.

4. The method of claim 3, wherein the semantic metadata comprises one or more of: a name, a date of birth, a place of birth, and/or a signature.

5. The method of claim 3 or claim 4, wherein the semantic metadata comprises one or more physical attributes.

6. The method of any of claims 3 to 5, wherein the semantic metadata comprises biometric data.

22

7. The method of claim 2, wherein the contents of the image comprises a document.

8. The method of claim 2, wherein the contents of the image comprises an object.

9. A method of authorising a transaction, comprising: performing the method of any one of claims 3 to 6; delivering payment details; delivering data identifying an authorised user of the payment details; and authorising the transaction if: the image is authenticated, a further image of the person matches the authenticated image, and the semantic metadata matches the data identifying an authorised user of the payment details.

10. The method of claim 9, comprising a further authentication step, wherein the further authentication step comprises providing a personal identification number or unlocking a portable communications device.

11. A method of determining if a person is an authorised owner of a document, comprising: performing the method of any of claims 3 to 6; binding the first data, the hash function and the encrypted first hash with a document; and determining that the person is an authorised owner of the document if: the image is authenticated, and a further image of the person matches the authenticated image.

12. A method of authenticating a signature, comprising: performing the method of any of claims 3 to 6, wherein the semantic metadata comprises a signature; authenticating the signature if: the image is authenticated, a further image of the person matches the authenticated image, and a signature provided by the person matches the signature of the semantic metadata.

13. A method of authenticating a further image comprising.’ performing the method of any of claims 1 to 8; if the image is authenticated, comparing the data relating to the contents of the image with data relating to the contents of the further image; and authenticating the further image if the data relating to the contents of the further image matches the data relating to the contents of the authenticated image.

14. The method of claim 13, comprising using artificial intelligence to compare the data relating to the contents of the image with the data relating to the contents of the further image.

15. The method of any preceding claim, wherein encrypting the first hash comprises digitally signing the first hash using a private key, and decrypting the encrypted first hash comprises using a public key corresponding to the private key.

16. The method of any preceding claim, wherein encrypting the first hash comprises using a public key, and decrypting the encrypted first hash comprises using a private key corresponding to the public key.

17. The method of any preceding claim, wherein encrypting the first hash and decrypting the encrypted first hash comprises using identical keys.

18. The method of any preceding claim, comprising a further authentication step.

19. The method of claim 18, when dependent on claim 6, wherein the further authentication step comprises comparing the biometric data with captured biometric data.

20. The method of any preceding claim, comprising receiving a unique identifier from a trusted party and delivering the first data, the hash function and the encrypted first hash to the trusted party in dependence on receiving the unique identifier.

21. A system for authenticating an image, the system comprising: a first party system configured to deliver first data, the first data comprising image data of the image and data relating to the contents of the image; a third-party system configured to: produce a first hash of the first data using a hash function, and encrypt the first hash; and a receiving party system configured to: decrypt the first hash, produce a second hash of the first data using the hash function, and authenticate the image if the decrypted first hash corresponds to the second hash.

22. The system of claim 21, wherein the data relating to the contents of the image comprises semantic metadata.

23. The system of claim 21 or claim 22, wherein the third- party system is operated by a payment network.

24. The system of any of claims 21 to 23, wherein the receiving party system is configured to compare data relating to the contents of the image with data relating to the contents of a further image if the image is authenticated, and authenticate the further image if the data relating to the contents of the further image matches the data relating to the contents of the authenticated image.

25

25. The system of claim 24, wherein the receiving party system is configured to use artificial intelligence to compare the data relating to the contents of the image with the data relating to the contents of the further image.

26