GB2358115A - Method and system for remote printing of duplication resistent documents - Google Patents

Method and system for remote printing of duplication resistent documents Download PDF

Info

Publication number
GB2358115A
GB2358115A GB0022614A GB0022614A GB2358115A GB 2358115 A GB2358115 A GB 2358115A GB 0022614 A GB0022614 A GB 0022614A GB 0022614 A GB0022614 A GB 0022614A GB 2358115 A GB2358115 A GB 2358115A
Authority
GB
United Kingdom
Prior art keywords
document
leaf
printing station
certified
owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0022614A
Other versions
GB0022614D0 (en
Inventor
Gordon Wesley Braudaway
Patrick D Howard
Pasumarti Venkata Kamesam
Frederick Cole Mintzer
Howard Edward Sachar
Sean William Smith
John Mark Socolofsky
Charles Philippe Louis Tresser
Chai Wah Wu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB0022614D0 publication Critical patent/GB0022614D0/en
Publication of GB2358115A publication Critical patent/GB2358115A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/44Secrecy systems
    • H04N1/448Rendering the image unintelligible, e.g. scrambling
    • H04N1/4486Rendering the image unintelligible, e.g. scrambling using digital data encryption
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G15/00Apparatus for electrographic processes using a charge pattern
    • G03G15/50Machine control of apparatus for electrographic processes using a charge pattern, e.g. regulating differents parts of the machine, multimode copiers, microprocessor control
    • G03G15/5075Remote control machines, e.g. by a host
    • G03G15/5087Remote control machines, e.g. by a host for receiving image data
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G21/00Arrangements not provided for by groups G03G13/00 - G03G19/00, e.g. cleaning, elimination of residual charge
    • G03G21/04Preventing copies being made of an original
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/26Coin-freed apparatus for hiring articles; Coin-freed facilities or services for printing, stamping, franking, typing or teleprinting apparatus
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G2215/00Apparatus for electrophotographic processes
    • G03G2215/00025Machine control, e.g. regulating different parts of the machine
    • G03G2215/00109Remote control of apparatus, e.g. by a host
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32106Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title separate from the image data, e.g. in a different computer file
    • H04N1/32122Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title separate from the image data, e.g. in a different computer file in a separate device, e.g. in a memory or on a display separate from image data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32128Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title attached to the image data, e.g. file header, transmitted message header, information on the same page or in the same computer file as the image
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32128Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title attached to the image data, e.g. file header, transmitted message header, information on the same page or in the same computer file as the image
    • H04N1/32133Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title attached to the image data, e.g. file header, transmitted message header, information on the same page or in the same computer file as the image on the same paper sheet, e.g. a facsimile page header
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3226Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of identification information or the like, e.g. ID code, index, title, part of an image, reduced-size image
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3225Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document
    • H04N2201/3233Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to an image, a page or a document of authentication information, e.g. digital signature, watermark
    • H04N2201/3235Checking or certification of the authentication information, e.g. by comparison with data stored independently
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3269Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of machine readable codes or marks, e.g. bar codes or glyphs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3271Printing or stamping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3278Transmission

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Editing Of Facsimile Originals (AREA)
  • Accessory Devices And Overall Control Thereof (AREA)

Abstract

A communication link is provided between a certified document owner and a remote printing station. The printing station is provided with a leaf of special paper and determines whether the leaf is legitimate by comparing a representative number and its encrypted version (encrypted using a first key) at locations on the leaf Extra hidden data may also be provided on the leaf for checking its authenticity. The printing station transmits the representative number and its encrypted version to the certified document owner who can also perform the authenticity check. The certified document owner appends a document with the representative number, computes a digitally signed version of the appended document (using a second key) and transmits the document and the signed version to the printing station for printing. As such, further unauthorised prints of this document as well as copies of this document can be recognized as non-authentic. The printer used does not need to be specialised with security controls.

Description

2358115 METHOD AND SYSTEM FOR REMOTE PRINTING OF DUPLICATION-RESISTANT
DOCUMENTS
Field of the Invention
The present invention generally relates to the f ield of digitized imaging and document security, and is more specifically directed to a system and method which allows remotely printing a document using printers belonging to third parties and generally not equipped with special secure control units, such that additional prints and copies of the same document are recognizable as non-authentic using publicly available means.
Description of the Related Art
Presently, there is a problem of remotely printing a document using printers belonging to third parties and generally not equipped with special secure control units, such that additional prints and copies of the same is document are difficult, if not impossible, to recognize as non- authentic.
There are many different situations in which such a problem surfaces, but which the conventional systems and methods cannot remedy. Hereinbelow are described some exemplary situations, and it will be evident to one of ordinary skill in the art that there are many more such situations in which such a capability would be useful.
For example, such a capability would be useful for "certified documents". Such documents refer to a class of documents that has no intrinsic value, such as bearer bonds, but has content that is authenticated and vouched for by an appropriate authority. "Certified documents" would include vital records (i.e., birth certificates, death certificates, marriage certificates, etc.), professional licenses, official surveys, inspection reports, university transcripts, legal briefs, etc.
Another area in which such a capability would be useful is "titles" and documents relating thereto. That is, "titles" are documents which have a value of their own, at least for some span of time, and are therefore negotiable. Some examples would include ownership certificates and some type of insurance contracts, such as "Certificates of Insurance", which are issued by insurance companies as proof that a consignment or a package of goods is indeed insured. Corporations that ship/transport goods regularly require a facility whereby certificates of insurance can be issued quickly, and require that such a certificate be printed remotely. It is further necessary to ensure that such certificates cannot be duplicated (copied).
1 ---- 2 Yet another example is "Financial instruments" and other documents of value, such as money orders, certified checks, gift certificates, and tickets (e.g., for transportation, entertainment, sporting events, etc.) In all the above cases, care must be taken to prevent copies and additional prints from being produced to look like and to be used as authentic documents. This need is obvious in the "title" and "financial instrument" cases, as they are negotiable objects, and in some other examples mentioned above.
For certified documents, there is a compelling need in electronic commerce for processes to maintain "electronic originals". In the physical world (e.g., the so-called "real world"), original documents are typically authenticated through visual inspection of "raised seals" (e.g., notary is seals or the like by persons specially commissioned for such tasks as notarization and the like), embossed signatures, and special bond paper.
social and commercial processes are dependent on the ability of two parties to authenticate documents as originals and to detect any tampering thereof.
Because of the proliferation of computers attached to networks (e.g., which all together cover the entire planet), it has been proposed to replace such documents by electronic documents. Using modern cryptographic techniques, electronic documents can indeed be created which contain: a) a proof of authenticity; and b) a non-counterfeitable list of successive legitimate owners.
The property a) is what is needed for a certificate, while a) and b) together are required for an electronic title, so that paper versions seem unnecessary in the new electronic era. It is noted that in particular that electronic money transactions have been used for several years already.
However, the ease of creating electronic certificates and titles does not completely alleviate the need for paper versions.
First of all, access to data networks is not yet as pervasive as it can be, and will not be in the foreseeable future. Secondly, a combination of legal and psychological factors likely will not make paper documents obsolete in the near future. For example, the number of pages printed on paper is still growing in the countries most linked to the Internet.
3 Thus, providing a mechanism and capability to print remotely with the possibility to identify illegal copies thus would be quite valuable, and such a capability would allow usage of some benefits of the network of computers. Hitherto the invention, such a capability has not existed.
Further, it is noted that mechanisms for identifying photocopies as such have been known and used for many years. For example, such a mechanism is disclosed in US Patent No. 4,341,404, issued to Mowry, Jr., et al., incorporated herein by reference. In most cases, photocopy protection is insured by printing some fine structure on the background of the document.
These fine structures either are absent from the copy, or some text such as "COPY" or "VOID" appears on the copy, or a combination of change of background and visible disqualifying word is used. In the case that the printer used to complete the print of the document can print as finely as is needed, the photocopy-protecting background can be printed at the same time as the rest of the document. Otherwise, the protecting background can be printed before the significant part of the document. Paper carrying a photocopy-protecting background will be called photocopy-protected paper hereinbelow.
It is assumed that such photocopy -protected paper is used for remote printing, and it is noted that an easy, although quite superficial, test of authenticity of the documents is provided by simply checking that a photocopy of the document caries the mark which characterizes the chosen photocopy evidence mechanism. Such photocopy protected paper is available from a number of sources including Verify First Technologies of Paso Robles, CA. Additionally, it is noted that US Patent No. 5,377,271, issued to Foreman et al. and incorporated herein by reference, addresses the problem of printing money orders remotely by printed data on preprinted money order forms. Thus, the system of Foreman et al. requires specialized printing stations.
Further, in US Patent No. 5,909,673 issued to Gregory, incorporated herein by reference, a system uses remote printing stations to print coupons on blank paper. However, such a system does not prevent a malicious party to intercept the data fed to the printer and make multiple copies. It also does not prevent copying of the printed document. This poses a problem for documents which are negotiable.
4 Further, in many of the conventional systems, access to a central database or server is needed to authenticate the printed document. This is problematic.
It is an object of the present invention to provide a technique which alleviates the above drawbacks.
SUMARY OF THE INVENTION
According to the present invention we provide a method of remotely processing a document securely, comprising: providing a communication link between a certified document owner and a remote printing station; providing said printing station with a leaf of recording media; determining by said printing station, whether said leaf is legitimate; transmitting, using a first key, from said printing station to the certified document owner a is representative number of said leaf; appending, by said certified document owner, said document with said representative number; computing, by said certified document owner, a digitally signed version of said appended document, by a second key; and sending by the certified document owner, the document and said signed version, to said printing station.
In a first aspect of the present invention, a method and system for remotely processing a document securely, is provided which includes providing a communication link between a certified document owner and a remote printing station, providing a leaf of a recording media (such as special paper, cardboard, etc.) to the remote printing station, determining by the printing station, whether the leaf is legitimate, and transmitting, by the printing station, information comprising a representative number N(L) of the leaf, appending, by the certified document owner, the document D with N(L), encrypting or digitally signing, by the certified document owner, said appended document to generate code Pr2W,N(L)), and sending by the certified document owner, the document D and the encrypted (or signed) version Pr2(D,N(L)) of the appended document to the printing station to be both printed by the printing station.
With the invention, negotiable documents can be securely and reliably printed remotely by third party printing stations. Further, non-authentic additional prints and copies of the same document can be easily recognized by publicly available means.
The present invention also has the advantage of preventing an adversary or unscrupulous person from making an undetectable alteration in the content of an otherwise authentic document (e.g., such as using typewriter correction fluid to change a failing grade to a passing one on a transcript). Such changes to the document content would cause it to no longer match the signature Pr2(D,N(L)).
Further, unlike the conventional systems, in which access to a central database or server is needed to authenticate the printed document, in a preferred embodiment of the present invention, the printed document can be authenticated using publicly available means without needing to contact the owner and/or the issuer of the document.
For greater security, such publicly available authentication capabilities can be combined with authentication mechanisms which are secret. Then, the party that wants to produce counterfeited documents is is left with a doubt about whether the secret mechanism has been broken or not. In particular, one can easily use several embodiments of the present invention in the preparation of a single document, where some embodiments allow for public authentication and others do not.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other objects, aspects and advantages will be better understood from the following detailed description of preferred embodiments of the invention with reference to the drawings, in which:
Figure 1A is a block diagram of an exemplary format for a document printed according to the present invention in one preferred embodiment; Figure 1B is a block diagram of a system according to the present invention; Figure 2A is a flow diagram representing how the information needed to produce a document is processed; Figure 2B illustrates authentication of a document being performed by a central server 230 by a remote printing station P1 sending information on the document securely to the central server; Figure 2C illustrates a smart card (or radio frequency identification tag) af fixed to a leaf of media L; 6 Figure 3 illustrates an exemplary information handling/computer system for use with the present invention; and Figure 4 illustrates a storage medium 400 for storing steps of the program for producing a document by a remote printing station Pi.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION
Referring now to the drawings, and more particularly to Figures 1-4, preferred embodiments of the present invention will be described.
Before proceeding to the description of the present invention enabling such remote printing, the domain of application of the present invention will be addressed.
is A document to be printed can be attached to a single, easily identifiable entity (e.g., person, institution, etc.) or not.
The second case (when no designee is mentioned on the document) is more delicate and is the subject matter addressed by the present invention.
The second case applies for instance to negotiable documents.
To describe the present invention, some concepts and tools from modern cryptography will be described.
More precisely, secret key cryptography, as well as private key/public key pairs (in the form of public encryption schemes or of public digital signature schemes) and secure hash functions (e.g., such as the Secure Hash Algorithm (SKA-1)) will be used in the present invention. The use of secret key cryptography, of private key/public key pairs, and of secure hash functions are now well-known. For example, a description of these techniques and various implementations can be found in "Handbook of Applied Cryptography,,, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press, 1997 and in "Cryptography, Theory and Practice,, by Douglas R. Stinson, CRC Press, 1995.
For definiteness, each time a private encryption scheme is used, one can choose the Rivest-Shamir-Adleman (RSA) protocol, described in US Patent No. 4,405,829, incorporated herein by reference, as a method to generate and use a private/public key pair in order to allow for public encryption. Several other methods could also be used such as elliptic 7 curves (see, e.g., the "Handbook of Applied Cryptography,, and "Cryptography, Theory and Practice", both cited above).
In the description below of the present invention, it is described that a document or an image is encrypted using, for example, some private key. It is indeed assumed that the document or image is interpreted as a number to which cryptographic methods can readily be applied. If the corresponding number is too long, a hash function can be used to reduce the information, and/or one can cut the number into smaller components. The hash function which is used will be made publicly known if public key cryptography is to be used. These are all practices well known in the art, which need no further description below.
As described below, the present invention discloses how a certain is Certified Document Owner (or hereafter a "CDO") C can remotely print a document D at one of a plurality of remote Printing Stations Pi, P2_.--so that neither the station Pi (e.g., where i = 1, 2,...) where the document is printed, nor any other party possessing a printer can, at reasonable cost, print a copy of D which can be mistaken for an authentic document.
Further, it is ensured that a photocopy of the document cannot be mistaken for an authentic document.
Moreover, it is ensured that a great part of the authentication, if not all, can be performed by using publicly available means and possibly without the need to contact a centralized database or authority.
Additionally, in circumstances where several original copies of the document are needed (e.g., for death certificates in some countries), several copies can be remotely printed, whenever accepted by the CDO.
It is noted that the CDO does not need to communicate directly with the printing stations. As documents can be circulated securely between computers in electronic form, using well -established cryptographic means, the CDO can delegate the contact with printing stations to a dedicated agency or a plurality thereof. Such agencies can also function as entities for authenticating documents. The simultaneous use of several agencies allow to use the Information Dispersal Algorithm (IDA) (as described for instance in the "Handbook of Applied Cryptography") so that collusion between several agencies is needed to forge documents. Such a delegation would not modify the basic mechanisms in the present invention and thus 8 will not be described further herein. However, it is noted that the present invention, together with a dedicated portal such as Vouchsafe, represents a new type of business, including the sale of the special paper described in the present invention. 5 Referring now to Figure 1A, the present invention will be described.
A document D, represented as a digital file is to be printed remotely. The present invention allows a printed document Dpr(N(L)) (shown in Figure 1A) corresponding to D to be printed at a remote printing station. The document D is printed as Dpr(N(L)), according to instructions transmitted by the certified document owner (CDO) C to a printing station (e.g., remote printing station) P! over a network such as an intranet, the Internet or the like, on a leaf L of special paper 100 carrying a number N(L) 101 of the leaf and its coded version (or its digital signature) Pri(N(L)), is optionally at multiple locations on L (e.g., 101a, 101b, 101c, etc.) A significant portion 102 of the document D, by which is meant document D before the addition of any extra data provided for security reasons, may comprise an image(s) 102a and/or a text portion 102b, as shown on the leaf loo.
Part of the document D could be encrypted by the CDO using public key cryptography so that only the intended recipient of the document can decrypt D to access the relevant information, even though many parties can authenticate the printed document Dpr(N(L)).
A number Pr2 (D, N(L)) 103, is composed by the CDO as a function of document D, and the number N(L) is attached to leaf L 100, using a private key Pr2. The private key Pr2 is the CDOls private key and the function can be an encryption algorithm or a digital signature algorithm.
Optionally, bar-coded versions of some data such as document D and the number Pr2(D, N(L)) can be printed as represented at 104 and 105.
Further, an optically or magnetically detectable inclusion(s) 106 may be provided according to the mechanism described below, for enhanced security or counterfeiting resistance.
Figure 1B illustrates a schematic diagram of the inventive system for remotely processing a document securely, includes a communication link 2003 between a certified document owner (CDO) 2001 and a printing station(s) 2002 which may be a remote printing station(s) The communication link 2004 preferably includes an intranet, the Internet (World- Wide -Web), etc.
to which both the CDO and the printing station 2002 are selectively connectable.
The communication link can be made secure through well known cryptographic techniques.
The remote printing station has leaves of paper L which are obtained either from the CDO or a previously agreed upon legitimate supplier of such paper.
The printing station includes a mechanism 2002B for determining whether the leaf of paper is legitimate which invokes the scanner or other is optical (or magnetic, etc.) device 2002D to read the numbers N(L) and Pri(N(L)) from a current leaf of paper L 2002C and using authentication algorithms as described in Menezes et al. mentioned above.
Alternatively, the scanner 2002D is not needed and the numbers N(L) and Pr1W(L)) are read off by a human operator and entered via a terminal to the mechanism 2002B for verification.
Alternatively, N(L) and Pri(N(L)) are sent to the CDO or a trusted authority for authentication.
After L is authenticated, the number N(L) is transmitted from 2002A to 2001A via printer 2003. 2001A also contains a computer/processor to initiate and/or organize the various operations of the printing station Pl.
A computer/processor 2001B on the CDO's side concatenates the messages D and N(L) and possibly other data, and produces a digitally signed version Pr2(D,N(L)) by using a second private key Pr2, and sends the document to the printing station 2002 to be printed by printer 2003 onto the leaf of paper L.
Key owners ip:
Two pairs of keys (Prl, Pul) and (Pr2, Pu2) in some standard public key cryptography systems are used. (Pri, Pul) is the pair used to sign the leaf of paper L while (Pr2, Pu2) is used by the CDO to sign (D, N (L)).
Therefore, the private key Pr2 should belong to the CDO. The leaf L can be signed by the certified paper producer (CPP), the certified document owner, trusted authorities or a combination thereof in which case, these parties are the owner of the pair (Pri, Pul).
The remote station verifies this signature (either by using Pul or submitting it to some trusted authority). The printing station also forwards the pair (N(L), Pri(N(L)) to the CDO so the CDO can also verify the legitimacy of the leaf L. In an extension of the invention, one or more CPPs provide papers to one or more remote printing stations, who in turn work with one or more CD0s.
Figure 2A represents a process 2000 of the flow of information to be exchanged between a certified document owner C 2001 and a remote printing station Pi 2002, in the standard case when only two pairs of keys are used.
In the process 2000, first, in step 201, the remote printing station is Pi determines whether the leaf L 100 is legitimate. That is, the remote printing station checks that the leaf L is legitimate by reading the pair (N(L),Pri(NL)) and checking whether the pair is compatible, using, for example, the public key pul. The public key is provided by the CDO as the public part of the private/public key pair (Pri, pul).
Then, in step 202, Pi transmits the pair (N(L), Pri(N(L))) to the CDO C who can also perform the authenticity check at step 203.
Then, the CDO C computes Pr2(D, N(L)) at step 204.
In step 205, the CDO C sends document D and Pr2(D, N(L)) to P!.
Thereafter, in step 206, the remote printing station Pi can print Dpr(N(L)) using a printer 2003 whose characteristics are not necessarily known by the CDO, but would preferably be known if images are to be printed as explained above.
In the present invention, it is assumed that the CDO C and each of the printing stations P1, P2,... is equipped with a computer capable of handling basic functions such as, for example, the computing power needed to handle public key cryptography and other cryptographic functions.
It is also assumed that C is linked to each of P1, P2,... by electronic communications, which may or may not be secure (e.g., the electronic communication needs not be secure). Hereinbelow is first described the fundamentals of the invention, which provides a level of security quite adequate for several applications. Then, it will be described how the invention can be further enhanced and complemented to ensure higher levels of security. The highest levels of security require some private cryptography or backup by electronic documents, while very high levels of security are already accessible using only public cryptography and paper documents handling.
Copy, Counterfeit and Tamper Prevention First, it is assumed that photocopy- protected paper as described above is used. Such paper is presently used, for example, for college transcripts and some checks and negotiable instruments. The transcript and the check cases are simple as the issuing institutions have full control of the production of the documents, a simplification incompatible with delocalized printing.
is To mitigate this loss of full control, each leaf of legal paper L will carry (e.g. printed on L) a number N(L) and a coded (or digitally signed) version Prl(N(L)) of N(L), where (Pri, pul) is the first (Private key public key) pair, controlled by the CDO C or some other party as explained above in the section "Key Ownership".
Preferably, a requirement on L is that N(L) and Pr1W(L)) are hard to remove, modify and tamper with and still look authentic. For example, N(L) and Pri (N (L)) can be printed with special inks and or processes such as those provided by Verify First Technologies. L can also carry a mark indicating its monetary value, either coded or non-coded, in case the fee for making the document is included in the value of leaf L when leaf L is purchased. Any of the printer owners can check whether a leaf of paper L is authentic by using the public part (e.g., pul) of the key pair. The special paper can have several document- types uses or a single document-type use.
For further protection, the CDO can keep track of which numbers come in possession of any given printer station P! by a database 2001C shown in Figure IB.
Further Print Prevention (no image protection yet) When printing document D on a leaf of paper L, leaf L is read by a optical /magnetic scanner 2002D, shown in Figure IB, to obtain N(L) and Pri(N(L)), residing at the location of printer P!, which sends electronically the pair (N(L), Pri(N(L))) to the CDO C and/or any other authenticating entity.
For some uses (e.g., for movie tickets), a human operator could also read N(L) and Pri(N(L)) directly from L and these data would be keyed in to be sent to CDO C and/or any other authenticating entity. Optionally, the printing station Pi can also send PrI W(L)) to CDO C for authentication of the paper L by CDO C.
Then, CDO C sends document D and Pr2 (D, N(L)) electronically to the printer of Pi, where (Pr2, pu2) is the second (Private key - public key) pair, and Pr2(D, N(L)) denotes the result of encrypting and/or signing the concatenation of D with N(L) by the private key Pr2. For this purpose, key management, such as obtaining proper digital certificates, are handled by 2001D. Both document D and Pr2 (D, N(L)) are printed on leaf L is resulting in the printed document Dpr(N(L)). Anyone in possession of the printed version Dpr(N(L)) of the document D can check for its authenticity by using pul and pu2. The authentication of Dpr(N(L)) can also be performed by a central server or trusted authority by sending the information on the document (such as a scan of the document) to the central server or trusted authority.
For example, as shown in Figure 2B, a remote printing station P1 sends N(L) and Pri(N(L)) to a central server 230. The central server 230 determines whether Prl(N) (L)) is a digital signature of N(L) and informs the printing station Pi whether leaf L is authentic or not.
Pr2 (D, N(L)) and possibly N(L) and Prl(N(L)) can be printed on L in a variety of formats (e.g. text, 1-D or 2-D bar-codes, etc.). The reading of Pr2(D, N(L)) then occurs using the appropriate technologies, i.e. optical character recognition (OCR) when text is printed (in which case a OCR-f riendly font is preferable), bar-code reader when bar-codes are used.
magnetic inks such as MICR toner can be used to facilitating reading using a magnetic scanner. Of course, several of these printing formats can be used in conjunction by anyone skilled in the art.
Alternatively, or in complement, Pr2(D, N(L)) may be printed on the leaf L as a modulation of the background in light color patches where, for instance, the lighter or white patches would correspond to 1101's, and the darker small patches would correspond to I'll's.
13 Another key can be chosen for the background, such as, f or example, secret key cryptography (or a combination of public keys and secret keys in various parts of the document). In such a case, the background could be chosen as an implementation of the watermarking technique described in US Patent No. 5,825,892 to Braudaway et al, incorporated herein by reference.
To control such a watermark, proper alignment, as described for instance in U.S. Patent Application No. 09/240,212, filed on 1/29/99 by Gordon Wesley Braudaway and incorporated herein by reference, may be employed. Such watermarks are detectable even if the document is printed by a reasonably-priced printer such as an Epson Stylus 700 or the like.
In yet another preferred embodiment, a method and system is provided which also uses copy resistant media, each unit (leaf) L of which contains a unique identifying character string N(L) and a digital signature is Pri(N(L)) of the character string. This embodiment will not use public key cryptography, but only secret key cryptography. This corresponds to a different business model where, instead of providing a solution with maximal ease of use to the end customer, one requires authentication toappeal to some agency which then charges for this service and engages its responsibility as guarantor of the authenticity.
As mentioned previously, it may be advantageous to combine such secret key based methods with ones using public key cryptography, for instance to combine the advantage of easy checking and leave the insecure feeling to the counterfeiter that possibly, he/she could not break the secret key.
The specific textual information D to be printed on the document, is concatenated to the unique identifying character string N(L) of the leaf of copy resistant media L to form a unique composite character string Ccs(D,N(L)) for the document. The unique composite character string is encrypted using a first secret key cryptographic method to form a first secure character string SCS1(D,N(L)). The first secure character string is then digitally signed, resulting in a digital signature Ds (SCS1 (D, N(LM Then some number, n, of characters from the first secure character string is selected and those n characters (e.g., the last n ones) are concatenated with the digital signature Ds(SCS1(D,N(L))) and converted into a visibly identifiable binary sequence IBSW,N(L),n), (e.g., a two-dimensional bar code) that is also to be printed on the document, to 14 serve as a first check of the integrity of D and the relation of D with N(L), thus protecting from illegal further prints.
Next, a digital image UDI is composed by overlaying onto a colored background, having at least one color, the nonspecific graphic and textual overlay of the document, the specific textual information of the document, the unique character string N(L) of the specific leaf of copy resistant media L (which is already printed or embedded into L in some form), and the visibly identifiable binary sequence.
In the next step, the first secure character string is encrypted a second time, using the second secret encryption key, to form a second secure character string SCS2(D,N(L)). Then m characters (e.g., the last m ones) are selected from the second secure character string as a unique key is for generating a secure image Watermarking Plane WP.
The digital image UDI is then nearly- invisibly watermarked using the Watermarking Plane WP to form a watermarked digital image PD1. The image watermarking method recommended is described in U.S. Patent No. 5,825,892, incorporated herein by reference. The watermarked image is then transmitted electronically to a remote printer to be printed on the unique leaf of copy resistant media L.
If the document produced at the remote printer is re-digitized by scanning, and a duplicate Watermarking Plane is reproduced as described earlier, and if the specific watermark can be unequivocally extracted from the re-digitized image, positive evidence of an authentic document is obtained. If further inspection of the copy resistant media shows no evidence of copying, tampering or alteration, further evidence of authenticity is obtained.
If the specific textual information and the unique media identifying character string are electronically read from the printed document (e.g., using an optical character recognition (OCR) method), and they, when digitally signed and encrypted with the first secret cryptographic key, produce the same visible binary pattern IBS(D,N(L),n) as also read from the printed document, still further evidence of document authenticity is obtained. If all of the evidence so obtained is affirmative, the printed image that was re-digitized is deemed to be authentic.
is In some cases, the document to be printed contains private information that is not to be indiscriminately divulged, such as, for example, a medical record. In that case, the composed protected document, as a whole, is further encrypted using public key encryption so that only an authorized recipient knowing the appropriate private key can decrypt the document and produce a human-readable image for printing.
In some cases, D can contain some extra data such as a date, location, etc. Also one may choose to include N(L) in document D so that a quick inspection would reveal whether there is a match between what is printed by P! and the number N(L) as written/deposited on the paper before it is delivered to printing station P!.
In case several authentic copies are needed, the CDO will send is printing instructions corresponding to all leaves of legal papers to be used, and will preferably keep track of how many legal prints are made.
Note that Pr2(D, N(L)) and the printed document DprOCL)) depends on the N(L) and thus each authentic copy is different.
Image Protection in the Above Scenario images can be considered as parts of the document for all encryption purposes. To that effect, the CDO should publicly disclose how the different parts of the document (e.g., text portions and images), are handled in digital form to form the message to be treated by the chosen encryption scheme. one source of difficulty here is the fact that images must be printed on the document and subsequently scanned for authentication. The process of printing and scanning, especially when the specific printers and scanners used are not known, generates errors in the image which must be dealt with.
Alternatively, when the image is simple enough, a textual description of the original image can be printed on the document (in addition to the image), and part of the verification of the document would include checking that the scan of the printed image is an acceptable modification of the printed description of the image.
In the present invention, preferably the key pairs are changed as time passes, and dates are included in documents for improved protection.
16 Additionally, assuming that the special paper is hard to counterfeit, eavesdroppers cannot use signals transmitted between the CDO C and the printing station P! to create authentic copies of the document.
However, an eavesdropper might be able to use the content D and other transmitted data between C and Pi, which are confidential in some cases, for other malicious purposes. In this case, a secure communication channel can be established between Pi and C using well-known cryptographic techniques.
For example, one way to do this is to use the remote printer Pi's public key pu3 for all communication from the CDO to the printing station Pi, where (Pr3, pu3) is the third (Private key - public key) pair, and the CDO public key pu4i reserved to P! for all communication from P! to the is CDO, where (Pr41, pu41) is the i-th element of a fourth collection of (Private key - public key) pairs. It is noted that (Pr3, pu3) and each (Pr4i, pu41) are public encryption schemes, while (Pri, pul) and (Pr2, pu2) are public signature schemes.
Another desirable property of the communication channel is fault -tolerance. For example, if the communication is interrupted during the remote document printing protocol, both sides share the same belief as to whether the document has or has not been printed. Several protocols can be put in place to handle transmission breaks and/or paper jams, depending on the level of security required. one very secure method includes first sending all printing instruction (s), and, after the printer station acknowledges proper printing of the document by some communication means such as the Internet, the telephone or the like, a further digital signature is transmitted which can then be printed or written by any other means on the document.
For even higher protection, variations of the above techniques and practices may be selectively employed.
For example, instead of the kind of special paper described above, which has been so far only characterized as offering protection against photocopying and digital scanning, and carrying distinct pairs (N(L), Pri(N(LM on each leaf L, special paper could be used with hard-to-imitate texture and/or marks and/or inclusions (e.g., one still may choose that such special paper carry the photocopy protection discussed above, and such 17 a solution is preferable, although photocopy protection is ensured using the random inclusions in the way described below) For example, a very high degree of security can be achieved when using Special Paper with Random Marking (SPRM), where the randomness is such that two identical or very similar specimens are difficult (if not impossible) to produce. Such papers have the property that they are difficult to counterfeit.
Examples are given by magnetic or visible inclusions (e.g., such as inhomogeneities in the paper, fibers with different optical properties than the rest of the matter of the paper, etc.) mentioned above with regard to the document shown in Figure 1A. The sizes, shapes, positions, and more generally any characteristics of the inclusions, or a collection of the is bigger inclusions (e.g., in fixed number, or above a given size) can be used to determine the number N(L) using again public key encryption, or are recorded as an extra number NI (L) which will be used by the CDO in the composition of what needs to be printed at Pi.
Including the random markings in the composition of N(L), which is then signed as Pri (N(L)), by the paper producer also enhances preventing counterfeiting by a malicious document printer. Otherwise, the CDO has no assurance that the data allegedly derived from the SPRM was actually derived from SPRM, rather than from some forged paper that the malicious printer can easily duplicate. more precisely, while the use of Prl prevents attacks where the malicious party would create false leaf s at will, this malicious party can read legitimate leafs and produce false clones when N(L) is not linked to an unreproducible feature of the leaf L.
For example, if M(L) is the number obtained by concatenating, in some prescribed way, the numerical characteristics of the ten bigger inclusions (e.g., the row and column numbers of the element of the grid Gr, as described below, which are partly covered by the big inclusions, the resonance frequencies of some electromagnetic inclusions, etc.) N(L) or NI (L) can be chosen as M(L) or as the hashed and/or encrypted version of M (L).
For a magnetic inclusion, a separate reader would be needed to authenticate a leaf L, and later the document printed on L, while in the case of a visible inclusion, such as random density variations in the paper texture, a optical scanner as described above may suffice.
18 The location of the inclusions will be made according to some grid Gr whose coarseness may depend on the application (e.g., finer grids generally require more expensive equipment for more precise reading). Leaf s which contain inclusions which are to be considered in the computation of N(L) or N' (L) and which are at locations which are ambiguous, will be discarded.
N (L) and/or N' (L) are computed by the paper manufacturer who may use a high quality scanner or other instrument depending on the nature of the inclusions. That is, leaf s which may produce non-predictable results about which are the bigger inclusions when read by a lower quality scanner will be discarded.
In all cases, it is important that the texture of the paper allows for visual inspection to determine whether the paper has not been tampered with and/or to modify the locations of the inclusions. This tampering is is quite hard if many inclusions participate in the computation of N(L) or NI(L). One can also use the smaller inclusions as a qualitative check of the authenticity of the paper.
A simpler, but possibly more costly solution for increased security is to adjoin a smart card 250 with unique marking, or a radio frequency identification (RFID) tag 2501 with a one of a kind signature, to the document, as shown in Figure 2C. Then, as in the case of SPRM, N(L) will be chosen as a possibly coded version of the one-of-a-kind signature M(L) of the leaf of SPRM, or of the smart card 250, or of the RFID tag 2501, or of a similar device.
In these cases, N(L) is not necessary a number printed on L, but is determined and/or computed by reading the characteristics of L while Prl(N(L)) is printed on L for verification.
For even further levels of security, as is done for very sensitive documents such as currencies, it is always advisable to complement the publicly-available verification mechanism by secret protections known only by a few affiliates and or employees of the CDO. indeed, one may choose that no one knows the full collection of authentication marks.
In the case of documents such as death certificates, where usually a fee is paid to the corresponding agency for creating such documents, the fee can be collected either electronically every time the data is sent to P! for printing, or the fee is paid at the time the paper is purchased, in which case a mark denoting the fee paid could appear in the paper.
19 In the case the system is devised for very general use, preferably the special paper is devised to have a rather low cost.
Fully verifying the authenticity of a document comprises reliably reading N(L), NI (L) and verifying all the appropriate signatures. Since such actions may not be easy for an ordinary user of paper documents, a verification agency could provide these services preferably for a fee.
(Each such agency could easily work with documents from multiple CD0s, CPPs and printing stations.) While the overall methodology of the invention is described above, the invention can be embodied in any number of different types of systems and executed in any number of different ways, as would be known by one ordinarily skilled in the art taking the present specification as a whole.
is For example, as illustrated in Figure 3, a typical hardware configuration of an information handling /computer system for any of the printing station P! and/or the certified document owner's side (please confirm that this drawing is acceptable and I in accordance with the invention preferably has at least one processor or central processing unit (CPU) 311. The CPUs 311 are interconnected via a system bus 312 to a random access memory (RAM) 314, read-only memory (ROM) 316, input/output (I/0) adapter 318 (for connecting peripheral devices such as disk units 321 and tape drives 340 to the bus 312), user interface adapter 322 (for connecting a keyboard 324, an input device such as a mouse, trackball, joystick, touch screen, scanner, etc. 326, speaker 328, microphone 332, and/or other user interface device to the bus 312), communication adapter 334 (for connecting the information handling system to a data processing network such as an intranet, the Internet (world-wide-web) etc.), and display adapter 336 (for connecting the bus 312 to a display device 338).
The display device could be a cathode ray tube (CRT) I liquid crystal display (LCD), etc., as well as an output device (e.g., such as a hardcopy printer 2003).
Further, while the present invention has been described primarily in terms of software or software /hardware configuration, the same or similar functions could be implemented in a dedicated hardware arrangement.
In addition to the hardware/ software environment described above, a different aspect of the invention includes a computer- implemented method for producing a document. As an example, this method may be implemented in the particular environment discussed above.
Such a method may be implemented, for example, by operating a computer, as embodied by a digital data processing apparatus, to execute a sequence of machine -readable instructions. These instructions may reside in various types of signal-bearing media.
Thus, as shown in Figure 4, in addition to the hardware and process environment described above, a different aspect of the invention includes a computer-implemented method for producing a document, as described above.
As an example, this method may be implemented in the particular hardware environment discussed above.
is Such a method may be implemented, for example, by operating the CPU 311 (Figure 3), to execute a sequence of machine -readable instructions.
These instructions may reside in various types of signal-bearing media.
Thus, this aspect of the present invention is directed to a programmed product, comprising signal-bearing media tangibly embodying a program of machine-readable instructions executable by a digital data processor incorporating the CPU 311 and hardware above, to perform a method of processing (e.g., printing) remotely a document securely.
This signal-bearing media may include, for example, a RAM (not shown in Figure 4) contained within the CPU 311 or auxiliary thereto as in RAM 314, as represented by a fast-access storage for example. Alternatively, the instructions may be contained in another signal-bearing media, such as a magnetic data storage diskette 400 (e.g., as shown in Figure 4), directly or indirectly accessible by the CPU 311.
Whether contained in the diskette 400, the computer/CPU 311, or elsewhere, the instructions may be stored on a variety of machine- readable data storage media, such as DASD storage (e.g., a conventional "hard drive,, or a RAID array), magnetic tape, electronic read-only memory (e.g., ROM, EPROM, or EEPROM), an optical storage device (e.g. CD-ROM, WORM, DVD, digital optical tape, etc.), paper "punch" cards, or other suitable signal bearing media including transmission media such as digital and analog and communication links and wireless. In an illustrative embodiment of the invention, the machine -readable instructions may comprise software object code, compiled from a language such as "C", etc.
21 The present invention can of course also be used in settings where the printer stations P! are specialized, tamper- resistant printing stations with special printers which would further decrease the possibility of counterfeiting. More particularly, the present inventions could have several applications in the banking industry (e.g., for more secure checks or other financial instruments).
For the case where SPRM is not used, there is a possibility that a malicious printing station can find some paper that looks like real paper to a human, but is easily to duplicate. Then, the unscrupulous person may copy N(L) and Pr1W(L)) from any legitimate document onto that paper, get the CDO to print a document on it, and be able to produce duplicate copies.
In another extension of the invention, the signature PrI(N(L)) that proves a leaf to be authentic could be situated such that the process of printing is the document destroys this signature.
For example, Prl (N(L)) could be printed on a tag which the printer tears off after printing the document or the heat from the printing process could evaporate the ink which prints Prl(N(L)). This extension would prevent unauthorized parties from learning sufficient information to forge leaf s of paper (should no SPRM or similar techniques be used); and could simplify how a CDO authenticates the printing station: if physical controls ensure that only bona fide printing stations receive authentic leafs, then a printing station can authenticate itself to a CDO by demonstrating knowledge of a N(L), Pri (N(L)) pair.
Document Amendment Some types of documents (e.g., car inspection stickers, transcript additions, passports, automobile titles, etc.) require a party possibly other than the original producer of the document to add an amendment under the appropriate conditions. The present invention also applies to securing the process of adding amendments to preexisting documents.
In this case, one or more Certified Amendment Owners (CA0s) would have their own key pairs PuA-PrA. An amendment printing station would f orward D, N (L), Pr2 (D, N (L)) to the CAO, who pref erably would authenticate the document and in turn would apply the amendment A (which can include the date and time of the amendment plus other relevant information) and return A, D, N(L), Pr4(A,D,N(L)), which the printer would then apply to the document, p re f e rab ly a 1 ong wi th Pr2 (D, N (L)).
22 In yet another extension of the present invention, the document and signature sent to the CAO could itself contain the content and signature of a previously amended document. In this way, more than one amendment can be applied to a document.
With the invention, negotiable documents can be securely and reliably printed remotely by third party printing stations. Further, non-authentic additional prints and copies of the same document can be easily recognized by publicly available means. 10 23

Claims (1)

1 A method of remotely processing a document securely, comprising:
providing a communication link between a certified document owner and a remote printing station; providing said printing station with a leaf of recording media; determining by said printing station, whether said leaf is legitimate; transmitting, using a first key, from said printing station to the certified document owner a representative. number of said leaf; appending, by said certified document owner, said document with said representative number; computing, by said certified document owner, a digitally signed is version of said appended document, by a second key; and sending by the certified document owner, the document and said signed version, to said printing station.
2. The method according to claim 1, wherein said checking whether said leaf of recording media is legitimate comprises:
reading a pair of numbers comprising a representative number of said leaf and a digital signed version of said number from said leaf; and authenticating said pair of numbers.
3. The method according to claim 2, wherein said authenticating said pair of numbers comprises:
transmitting said pair of numbers to said certified document owner; and authenticating, by said certified document owner, said pair of numbers by a digital signature verification algorithm.
4. The method according to claim 2, further comprising:
transmitting said pair of numbers to said certified document owner; and authenticating, by said certified document owner, said pair of numbers by a digital signature verification algorithm.
5. The method according to claim 2, where said authenticating said pair of numbers comprises:
authenticating, by said printing station, said pair of numbers by a digital signature verification algorithm.
24 6. The method according to any preceding claim, further comprising:
printing, by said printing station, the document.
7. The method according to claim 6, wherein said printing is performed by a printer at said printing station, and wherein characteristics of said printer are known in advance by said certified document owner.
8. The method according to claim 6, wherein said document includes at least one image, and wherein any further, unauthorized, prints arid copies of said document are recognized as non-authentic prints by using only publicly available key encryption process.
is 9. The method according to any preceding claim, wherein said determining by said printing station includes:
reading a pair (N(L), Prl(=)) including said number and a coded version of said number; and checking whether the pai. _r is compatible, with information controlled by said certified document owner.
10. The method according to claim 9, wherein said checking whether the pair is compatible is performed by using a public key pul, said public key being provided by said certified document owner to said printing station as the public part of a key pair (Pri, pul).
11. The method according to any preceding claim, further comprising:
performing, by said certified document owner, an authenticity check upon receipt of a communication by said printing station.
12. The method according to claim 6, wherein said printing comprises printing said document on a predetermined printing medium.
13. The method according to claim 12, wherein said printing medium comprises printing paper having a random inclusion of at least one of a magnetic marker and an optical marker thereon.
14. The method according to claim 12, wherein said printing comprises printing said document on a photocopy -protected medium.
15. The method according to claim 6, further comprising:
linking, via cryptography, a content of what is printed with characteristics of a leaf of paper supporting the document, such that further prints cannot be recognized as authentic.
16. The method according to any preceding claim, wherein said computing includes using public key cryptography. 17. The method according to any preceding claim, wherein said certified document owner is linkable to a plurality of printing stations via an 10 electronic communication link. 18. The method according to claim 17, wherein said electronic communication link comprises one of an intranet, a world -wide -network, and the Internet. is 19. The method according to claim 6, wherein said printing comprises printing said document on predetermined paper. 20. The method according to any preceding claim, wherein each leaf of 20 printing media carries said number of said each leaf and a coded version of said number. 21. The method according to any preceding claim, wherein said first key comprises a public key and said second key comprises a private key. 25 22. The method according to claim 6, wherein both the document number and the encrypted version of the document is printed on the document. 23. The method according to claim 1, wherein determining authenticity of 30 a printed version of the document is performed by using first and second public keys. 24. The method according to claim 1, wherein authentication of the document is performed by a central server by sending the information on the 35 document securely to the central server. 25. The method according to claim 1, wherein, when a plurality of copies are desired of said document, the certified owner transmits printing instructions corresponding to all leaves of said recording medium to be 40 used, and monitors how many prints are made.
CUR4-. 26 26. The method according to claim 1, wherein at least one of a bar-coded version of the document, the encrypted version of the document appended with the leaf number Pr2(D, N(L), the leaf number N(L), and the coded version of the number Prl (N(L)) are provided on the printed document.
27. The method according to claim 1, wherein said encrypted version of the document appended with the number Pr2(D, N(L)) appears as a modulation of the background in predetermined color shapes, such that one of a lighter shape and a darker shape corresponds to a "0" and the other of said lighter shape and said darker shape correspond to a 11111.
28. The method according to claim 1, wherein said printed document includes the number N(L) such that a match may be determined between what is printed by the printing station and the number N(L) as formed on said is recording medium before it is delivered by said printing station.
29. The method according to claim 1, wherein said document selectively includes a text portion and an image portion, wherein said certified document owner publicly discloses how the text portion and the image portion are handled in digital form to form the message to be treated by a chosen encryption scheme, wherein characteristics of a printer of said printing station is known in advance by said certified document owner, such that a scan of the printed document provides a digital description of the image identical to one used in said computing of the encrypted version of the document appended with the leaf number Pr2(D, N(L)).
30. The method according to claim 1, wherein said document includes a text portion and an image portion, and wherein a numeric description of the original image is printed on the document, and authentication of the document includes checking that a scan of a printed image is an acceptable modification of a printed version of a numerical message describing the image.
31. The method according to claim 1, wherein said computing includes employing cryptography employs key pairs, and wherein said key pairs are changed periodically, wherein a date is included in said document.
32. The method according to claim 1, wherein said providing a communication link comprises:
27 providing a secure communication channel between said printing station and said certified document owner using cryptography.
33. The method according to claim 32, wherein said cryptography includes using a public key pu3 of said remote printing station for communication from the certified document owner to said printing station, wherein a key pair (Pr3, pu3) comprises a third (Private key, public key) pair, and a public key pu41 of said certified document owner is reserved to the printing station for all communication from the printing station to said certified document owner, wherein (Pr41, pu4i) is the 1- th element of a fourth collection of (Private key, public key) pairs, wherein said third key pair (Pr3, pu3) and each said 1-th element (Pr41, pu41) comprise public encryption schemes, and key pairs (Pri, pul) and (Pr2, pu2) comprise public signature schemes.
is 34. The method according to claim 1, wherein each said leaf carries a distinct key pair (N(L), Pri(N(L))) representing said number of said leaf and said codes version of said number.
35. The method according to claim 1, wherein each said leaf comprises Special Paper with Random marking (SPRM).
36. The method according to claim 35, wherein said SPRM includes at least one of a magnetic inclusion and an optical inclusion, said inclusion including at least one of inhomogeneities in the recording media, fibers with different optical properties than a remaining matter of the medium, sizes, shapes, positions, and any other characteristic of the inclusion, a collection of inclusions in a fixed number or above a given size, to determine the number N(L) using public key encryption, or said inclusion is recorded as an extra number NI (L) to be used by the certified document owner in determining what is to be printed on the document.
37. The method according to claim 36, wherein, with M(L) being the number obtained by concatenating, numerical characteristics of a predetermined number of larger inclusions, as represented by N(L) or NI (L), is chosen as at least one of a hashed version and an encrypted version of M(L).
38. The method according to claim 36, further comprising:
with a magnetic inclusion, providing a separate reader for authenticating a leaf, and subsequently the document printed on said leaf.
28 39. The method according to claim 36, further comprising:
adjoining one of a smart card with a unique marking, and a radio frequency identification (RFID) tag with a one of a kind signature, to the document such that with use of said SPRM, N(L) is chosen as a one of a coded version of one of the one-of-a-kind signature M(L) of the leaf of said SPRM, of the smart card, and of the RFID tag.
40. The method according to claim 1, wherein first and second pairs of keys (Prl, Pul) and (Pr2, Pu2) are employed in a public key cryptography scheme, wherein said first pair (Pri, Pul) is employed to sign the leaf of paper L and said second pair (Pr2, Pu2) is used by the CDO to sign (D, N(L)), wherein a private key Pr2 belongs to said certified document owner, is and wherein said leaf is signed by a certified media producer, the certified document owner, a trusted authority or a combination thereof.
41. The method according to claim 40, wherein said remote printing station verifies a signature on said leaf by one of using Pul and submitting said leaf to a trusted authority, and wherein said remote printing station forwards the pair (N(L), Pri (N(L)) to said certif ied document owner such that said certif ied document owner verifies legitimacy of the leaf L.
42. The method according to claim 1, wherein each said leaf contains a unique identifying character string N(L) and a digital signature Prl(N(L)) of the character string, said leaf comprising a copy-resistant medium, wherein secret key cryptography is employed such that specific textual information D to be printed on the document, is concatenated to said unique identifying character string N(L) of the leaf of copy resistant media L to form a unique composite character string Ccs(D,N(L)) for the document.
43. The method according to claim 42, wherein said unique composite character string is encrypted using a first secret key cryptography to form a first secure character string SCS1(D,N(L)), and wherein said first secure character string is digitally signed, resulting in a digital signature Ds(SCS1(D,N(L))).
44. The method according to claim 43, wherein a number, n, of characters from the first secure character string is selected and said n characters 29 are concatenated with the digital signature Ds (SCSI (D,N(L))) and converted into a visibly identifiable binary sequence 1BS(D,N(L),n) also to be printed on the document, thereby to serve as a first check of the integrity of D and the relation of D with N(L).
45. The method according to claim 44, wherein a digital image UD1 is composed by overlaying onto a colored background, having at least one color, a nonspecific graphic and textual overlay of the document, the specific textual information of the document, the unique character string N(L) of the specific leaf of copy resistant media L and the visibly identifiable binary sequence.
46. The method according to claim 45, wherein the first secure character string is encrypted a second time, using a second secret encryption key, to is form a second secure character string SCS2(D,N(L)), and wherein m characters are selected from the second secure character string as a unique key for generating a secure image watermarking.
47. The method according to claim 46, wherein said digital image UDI is nearly- invisibly watermarked using the watermarking to form a watermarked digital image PDI, and wherein the watermarked image is transmitted electronically to said remote printing station to be printed on the unique leaf of copy resistant media L.
48. The method according to claim 1, wherein random markings are formed in the composition of N(L), which is then signed as Pri(N(L)), by a producer of said leaf.
49. The method according to claim 1, wherein said digital signature Prl(N(L)) evidencing that said leaf is authentic is destroyed after printing said document.
destroys this signature.
so. The method according to claim 49, wherein said signature Prl(N(L)) is one of printed on a tag which said remote printing station tears off after printing the document, and printed with heat-evaporable ink such that heat from printing said document evaporates said ink.
51. The method according to claim 1, wherein said document includes a document in which a party other than an original producer of the document adds an amendment to said document.
52. The method according to claim 51, wherein at least one Certified Amendment Owners (CA0s) has its own key pairs PuA-PrA, and wherein said remote printing station includes an amendment printing station such that said amendment printing station forwards said document D, N(L), Pr2(D, N(L)) to the CAO.
53. The method according to claim 52, wherein said CAO authenticates said document and applies an amendment A, and returns the amendment A, document D, the number of the leaf N(L), and the number Pr4(A,D,N(L)), which said remote printing station applies to said document.
54. The method according to claim 53, wherein a date and time of the amendment is applied to said document, and wherein said remote printing station also applies the number Pr2(D,N(L)) to said document.
is 55. The method according to claim 53, wherein the document and signature sent to the CAO contains a content and a signature of a previously amended document.
56. A system for remotely processing a document securely, comprising:
certified document owner; printing station; communication link between said certified document owner and said printing station such that said printing station can receive a leaf of a recording media from said certified document owner; means for determining by said printing station, whether said leaf is legitimate; means for transmitting, by said printing station, a pair (N(L), Pri (N (L))) to the certif ied document owner; means for computing, by said certified document owner, Pr2(D, N(L)); and means for sending, by the certified document owner, the document D and Pr2(D, N(L)) to said printing station.
57. A signal-bearing medium tangibly embodying a program of machine readable instructions executable by a digital processing apparatus to perform a method for remotely processing a document securely, comprising:
providing a communication link between a certified document owner and a remote printing station; providing said printing station with a leaf of recording media; 31 determining by said printing station, whether said leaf is legitimate; transmitting, using a first key, from said printing station to the certified document owner a representative number of said leaf; appending, by said certified document owner, said document with said representative number; computing, by said certified document owner, a digitally signed version of said appended document, by a second key; and sending by the certified document owner, the document and said signed version, to said printing station.
GB0022614A 1999-09-17 2000-09-15 Method and system for remote printing of duplication resistent documents Withdrawn GB2358115A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US39802899A 1999-09-17 1999-09-17

Publications (2)

Publication Number Publication Date
GB0022614D0 GB0022614D0 (en) 2000-11-01
GB2358115A true GB2358115A (en) 2001-07-11

Family

ID=23573703

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0022614A Withdrawn GB2358115A (en) 1999-09-17 2000-09-15 Method and system for remote printing of duplication resistent documents

Country Status (1)

Country Link
GB (1) GB2358115A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2380912A (en) * 2001-10-13 2003-04-16 Hewlett Packard Co Trusted one-time printing
EP1517533A1 (en) * 2003-09-17 2005-03-23 Ricoh Company, Ltd. A method and apparatus for image processing capable of preventing unauthorized reproduction of an image
US7170391B2 (en) * 2002-11-23 2007-01-30 Kathleen Lane Birth and other legal documents having an RFID device and method of use for certification and authentication
WO2007071803A1 (en) 2005-12-19 2007-06-28 Universidad De Zaragoza System and method for registering and certifying activity and/or communication between terminals
US8040541B2 (en) 2002-08-06 2011-10-18 Polestar, Ltd. Secure document printing

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996025812A1 (en) * 1995-02-17 1996-08-22 John Charles Hughes A method enabling the authentication of a printout of a data file
EP0935182A1 (en) * 1998-01-09 1999-08-11 Hewlett-Packard Company Secure printing
GB2336512A (en) * 1995-12-19 1999-10-20 Intel Corp Apparatus and method for preventing disclosure through user-authentication at aprinting node

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996025812A1 (en) * 1995-02-17 1996-08-22 John Charles Hughes A method enabling the authentication of a printout of a data file
GB2336512A (en) * 1995-12-19 1999-10-20 Intel Corp Apparatus and method for preventing disclosure through user-authentication at aprinting node
EP0935182A1 (en) * 1998-01-09 1999-08-11 Hewlett-Packard Company Secure printing

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2380912A (en) * 2001-10-13 2003-04-16 Hewlett Packard Co Trusted one-time printing
GB2380912B (en) * 2001-10-13 2004-09-01 Hewlett Packard Co Trusted one-time printing
US8040541B2 (en) 2002-08-06 2011-10-18 Polestar, Ltd. Secure document printing
US7170391B2 (en) * 2002-11-23 2007-01-30 Kathleen Lane Birth and other legal documents having an RFID device and method of use for certification and authentication
EP1517533A1 (en) * 2003-09-17 2005-03-23 Ricoh Company, Ltd. A method and apparatus for image processing capable of preventing unauthorized reproduction of an image
CN1324875C (en) * 2003-09-17 2007-07-04 株式会社理光 Decision device of duplicating or not and imaging forming device with the device
US7548635B2 (en) 2003-09-17 2009-06-16 Ricoh Company, Ltd. Method and apparatus for image processing capable of preventing unauthorized reproduction of an image
WO2007071803A1 (en) 2005-12-19 2007-06-28 Universidad De Zaragoza System and method for registering and certifying activity and/or communication between terminals

Also Published As

Publication number Publication date
GB0022614D0 (en) 2000-11-01

Similar Documents

Publication Publication Date Title
US7383441B2 (en) Method and device for confirming the authenticity of a document and a safe for storing data
US6751336B2 (en) Digital authentication with digital and analog documents
US6170744B1 (en) Self-authenticating negotiable documents
CA2594018C (en) Method and process for creating an electronically signed document
US7080041B2 (en) System and method for production and authentication of original documents
US7818812B2 (en) Article and system for decentralized creation, distribution, verification and transfer of valuable documents
US20030056104A1 (en) Digitally watermarking checks and other value documents
WO2001015382A1 (en) Legitimacy protection of electronic document and a printed copy thereof
JPH06176036A (en) Method for forming duplication which can be authenticated
GB2297856A (en) Electronic negotiable documents
GB2317790A (en) Electronic money transactions
US8578168B2 (en) Method and apparatus for preparing and verifying documents
US7455216B2 (en) Printed-matter issuing managing system, printed-matter verifying device and contents managing device
KR100430469B1 (en) System for preventing document from forging/alternating
GB2358115A (en) Method and system for remote printing of duplication resistent documents
JP3800070B2 (en) Digital watermark printing apparatus, digital watermark detection apparatus, and medium on which digital watermark is printed
JP2003084962A (en) Originality assuring printing system, system for forming original data for printing, originality assuring system, program, and recording medium
WO2003019449A2 (en) Digitally watermarking checks and other value documents

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)