[go: up one dir, main page]

WO2025003674A1 - A method of authenticating an optically readable security element - Google Patents

A method of authenticating an optically readable security element Download PDF

Info

Publication number
WO2025003674A1
WO2025003674A1 PCT/GB2024/051648 GB2024051648W WO2025003674A1 WO 2025003674 A1 WO2025003674 A1 WO 2025003674A1 GB 2024051648 W GB2024051648 W GB 2024051648W WO 2025003674 A1 WO2025003674 A1 WO 2025003674A1
Authority
WO
WIPO (PCT)
Prior art keywords
security element
optically readable
illuminating
readable security
reading
Prior art date
Application number
PCT/GB2024/051648
Other languages
French (fr)
Inventor
Daniel Campos De Lima ABREU
David Ian Howarth
Phillip SPEED
Robert James Young
Original Assignee
Quantum Base Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quantum Base Limited filed Critical Quantum Base Limited
Publication of WO2025003674A1 publication Critical patent/WO2025003674A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10712Fixed beam scanning
    • G06K7/10722Photodetector array or CCD scanning
    • G06K7/10732Light sources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10554Moving beam scanning
    • G06K7/10564Light sources
    • G06K7/10584Source control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10712Fixed beam scanning
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/003Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using security elements
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/06Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using wave or particle radiation
    • G07D7/12Visible light, infrared or ultraviolet radiation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/06Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using wave or particle radiation
    • G07D7/12Visible light, infrared or ultraviolet radiation
    • G07D7/1205Testing spectral properties
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/08Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
    • G06K19/10Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
    • G06K19/14Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards the marking being sensed by radiation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/20Testing patterns thereon
    • G07D7/202Testing patterns thereon using pattern matching
    • G07D7/205Matching spectral properties

Definitions

  • the present disclosure relates to a method of authenticating an optically readable security element using an image capturing device, an image capturing device configured to illuminate an optically readable security element and a system comprising an optically readable security element and an image capturing device.
  • Security elements or tags are used to provided security in relation to an object to which they are attached. These security elements provide security in relation to the object by labelling the object. For example, a security element may be encoded with a unique identity that can be extracted from the security element, thereby enabling authentication of the object.
  • reading of the security element is conventionally performed in a predefined and repeatable manner.
  • the security element or tag is vulnerable to, for example, replay or simulation attacks.
  • Predefined and repeatable reading may also promote systematic errors.
  • a method of authenticating an optically readable security element using an image capturing device.
  • the method comprises illuminating the optically readable security element with electromagnetic radiation and reading the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element). At least one of the illuminating and the reading is non- deterministic.
  • Illuminating the optically readable security element with electromagnetic radiation may comprises illuminating the optically readable security element with a sequence of the electromagnetic radiation.
  • An optical property of the electromagnetic radiation may be non-deterministic.
  • the optical property may be at least one of: frequency, wavelength, polarisation and intensity.
  • the sequence may be non-deterministic.
  • the electromagnetic radiation may be pulsed.
  • the optically readable security element may comprise one or more optical emitters arranged to be read via emission radiation emitted therefrom and arranged to be excited by excitation radiation, and reading the optically readable security element may comprise reading the optically readable security element via the emission radiation emitted therefrom in response to the illuminating.
  • the illuminating may be performed by the image capturing device.
  • the method may comprise monitoring whether the at least one of the illuminating and the reading corresponds has been used before and, in the event that the at least one of the illuminating and the reading has been used before, changing the at least one the illuminating and the reading.
  • the at least one of illuminating and reading non-deterministically may comprise changing at least one of: a relative position of the image capturing device with respect to the optically reading security element, a relative orientation of the image capturing device with respect to the optically readable security element, a filter for filtering the illuminating or reading of the image capturing device, a strain applied to the optically readable security element and a duration of the illuminating.
  • the method may further comprise fitting a trend to the response of the optically readable security element to the illuminating or reading and removing systematic error based on the trend.
  • the method may further comprise extracting an identity from the optically readable security element based on the response of the optically readable security element to the illuminating.
  • Extracting the identity may comprise retrieving an expected response from a data store and comparing the expected response with the response of the optically readable security element to the illuminating.
  • the method may further comprise generating at least one of the illuminating and the reading based on the output of a non-deterministic source.
  • an image capturing device configured to illuminate an optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element).
  • the image capturing device is arrangeable such that at least one of the illuminating and the reading is non-deterministic.
  • a system comprising an optically readable security element and an image capturing device.
  • the image capturing device is configured to illuminate the optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element). At least one of the illuminating and the reading is non-deterministic.
  • Figure 1 shows a flowchart for a method of reading an optically readable security element using an image capturing device
  • Figure 2 shows an image capturing device and an optically readable security element in a field of view of the image capturing device
  • Figures 3A and 3B show deterministic illuminating and non-deterministic illuminating
  • Figure 4 shows components of the image capturing device of Figure 2.
  • Figure 1 shows a flowchart for a method of authenticating an optically readable security element using an image capturing device.
  • the method of Figure 1 is best understood in conjunction with Figure 2, which shows a system comprising an image capturing device 10 and an optically readable security element 20, the optically readable security element 20 being a field of view 30 of the image capturing device 10.
  • the method comprises illuminating S1 the optically readable security element 20 with electromagnetic radiation.
  • the electromagnetic radiation may be light in the visible spectrum or infrared light, for example.
  • Illuminating S1 the optically readable security element 20 with electromagnetic radiation may comprise illuminating the optically readable security element 20 with a sequence of the electromagnetic radiation (i.e., a series of discrete events during which the optically readable security element 20 is illuminated).
  • the optically readable security element 20 may be illuminated with a first intensity of electromagnetic radiation for a first period followed by a second intensity of electromagnetic radiation for a second period.
  • the first intensity and the second intensity may be the same or different intensities, and the first period and the second period may be the same or different lengths of time.
  • the method also comprises reading S2 the optically readable security 20 element based on an optical response of the optically readable security element 20 to the illuminating S1.
  • This reading will in order to authenticate the optically readable security element.
  • the optical response may be specular reflection or emission of light, for instance, depending on the particular optically readable security element 20 used.
  • Reading S1 may be performed using sensors, such as image or video sensors (e.g., those typically included in image capturing devices, such as a camera).
  • optically challenging i.e., illuminating S1
  • the optically readable security element 20 to stimulate the response the optically readable security element 20 is read.
  • the method may comprise extracting an identity from the optically readable security element 20.
  • the identity may be extracted from the response by the image capturing device 10, as described in more detail below in relation to the data store.
  • extracting the identity enables the optically readable security element 20, and hence an object to which the optically readable security element 20 may be attached or proximal, to be authenticated.
  • At least one of the illuminating S1 and the reading S2 is non-deterministic.
  • a challenge for example, is deliberately predictable and deliberately a repeatable (i.e. , the same challenge as used previously). This approach introduces a weakness in the method or system.
  • non-deterministic illuminating S1 and/or reading S2 introduces deliberate unpredictability and/or deliberate unrepeatability.
  • the illuminating S1 and/or reading S2 advantageously, is not able to be definitely ascertained, calculated or identified by an external or third party.
  • Illuminating S1 and/or reading S2 may be implemented using the output of a non- deterministic source (e.g., an algorithm or piece of hardware), whereby the output is not known and is probabilistic.
  • the output of the non-deterministic source may be used to generate non-deterministic illuminating S1 and/or reading S2.
  • illuminating S1 and/or reading S2 non-deterministically is implemented using a random number generator (RNG). Details of RNGs are not provided here, as RNGs are well-known across a number of technical fields.
  • non- deterministic illuminating S1 and/or reading S2 makes fraudulent attempts to authenticate the optically readable security element 20 more difficult and so increases the security of an object to which the optically readable security element 20 may be attached or proximal. For example, even if someone trying to circumvent security has access to input-output (challenge-response) characteristics or pairs, they would not know or be able to predict a non-deterministic order or sequence of such input-output (challenge-response) characteristics or pairs. This non-deterministic approach brings subtle but significant benefits.
  • Figures 3A shows how, conventionally, in illuminating S1 the optically readable security element 20 with a sequence of electromagnetic radiation, the intensity of successive events monotonically (i.e., deterministically) changes.
  • Figure 3A shows the illumination profile for continuous illumination. Illuminating S1 as shown in Figures 3A is straightforward to replicate, meaning that the optically readable security element 20 is vulnerable to replay attacks.
  • Figure 3B shows an example of non-deterministic illuminating S1.
  • the illumination profile shown in Figure 3B includes a pulsed sequence of electromagnetic radiation which does increase or decrease monotonically, for instance. Rather the sequence in Figure 3B comprises unpredictable random intensities. Therefore, the sequence is, advantageously, more difficult for a nefarious party to replicate. Further, advantageously, environmental changes during the illuminating S1 are mitigated against by varying the intensity randomly in time (i.e. , if there is a drift in environmental conditions the drift will be averaged out).
  • the RNG may be part of the image capturing device 10 or part of an external apparatus (e.g., a server) in electronic communication with the image capturing device 10, in the latter case, advantageously, facilitating a compact image capturing device 10.
  • non-deterministically illuminating S1 the optically readable security element 20 may mean optically challenging the optically readable security element 20 based on a request transmitted (either internally, or externally to the external apparatus) by the image capturing device 10 including a set of parameters defining the illuminating S1 and/or reading S2.
  • a duration or period of time (e.g., one or more of a duration of the first period, a duration of the second period, a duration of a time between the first period and the second period and a duration of a total illumination time) of the illuminating S1 is performed may be non-deterministic.
  • Illuminating S1 the optically readable security element non-deterministically may also be realised by an optical property of the electromagnetic radiation, such as one or more of frequency, wavelength, polarisation and intensity (as shown in the example of Figure 3C), being non-deterministic.
  • a wavelength of the electromagnetic radiation used to illuminate the optically readable security element 20 may be non- deterministic.
  • illuminating S1 non-deterministically is difficult for an observer to discern and, therefore, replicate.
  • a position of the image capturing device 10 during the reading S2 may be non-deterministic.
  • a view finder of the image capturing device 10 may non-deterministically guide a user to position the image capturing device 10.
  • a user may be prompted to change the relative configuration (i.e., position and/or orientation) of the image capturing device 10 and the optically readable security element 20.
  • the time after the illuminating S1 when the reading S2 takes place may be non-deterministic.
  • reading S2 non-deterministically is typically less expensive energetically compared with illuminating S1 non-deterministically.
  • At least one of the illuminating S1 and the reading S2 being non-deterministic may also be realised by changing a filter.
  • non-deterministically changing the filter of the image capturing device 10 may cause an electromagnetic field, resulting from the electromagnetic radiation, across the image capturing device to change.
  • at least one of the illuminating S1 and the reading S2 being non-deterministic may be realised by changing a strain applied to the optically readable security element 20 or a temperature across the image capturing device 10.
  • a user may be prompted to strain (e.g., flex) the optically readable security element 20 to different extents or a temperature control device (e.g., a heater) may heat the optically readable security element 20 to different extents, thereby changing a property of the optically readable security element 20 that determines its response to illuminating S1.
  • strain e.g., flex
  • a temperature control device e.g., a heater
  • the electromagnetic radiation may be pulsed, as mentioned above in relation to Figure 3B.
  • the electromagnetic radiation may be modulated or emitted in short bursts.
  • pulsed electromagnetic radiation avoids overheating of the optically readable security element 20. Varying the duty cycle of pulsed electromagnetic radiation and/or the response during the “off” period may be used to normalise the response to account for changes in environmental conditions.
  • the optically readable security element 20 may comprise a hologram, bar code, QR code or similar.
  • the optically readable security element 20 comprises one or more optical emitters.
  • the optical emitters may be arranged to be read via emission radiation emitted therefrom and arranged to be excited by excitation radiation.
  • the excitation radiation may be provided, for example as part of the illuminating S1 , by the image capturing device 10.
  • reading S2 the optically readable security element 20 may comprise reading S2 the optically readable security element 20 via the emission radiation emitted therefrom in response to the illuminating S1.
  • the one or more emitters may serve as the component that provides or serves as the identity.
  • the optically readable security element 20 being read via emission emitted therefrom provides a more robust barrier to fraudulent reading, more readily preventing spoofing or copying by, for instance, simply replicating (e.g., by printing) a bar code, QR code or similar.
  • This advantage is particularly true when one or more (e.g., hundreds, thousands or millions or more) of emitters are distributed randomly. For instance, this effect may be achieved using quantum dots, flakes of 2D materials, (e.g., small) molecules, atomic defects or vacancies, plasmonic structures or similar.
  • the image capturing device 10 may be a terminal device, such as a smartphone.
  • the image capturing device 10 may be configured to emit excitation radiation to excite the at least one optical emitter (e.g., from an electromagnetic radiation source, such as a flash or LED).
  • the image capturing device 10 advantageously, facilitates the aforementioned robust security. Further, emitting the excitation radiation from the image capturing device 10, advantageously, allows convenient control of excitation of the at least one optical emitter
  • the system shown in Figure 2 may comprise a data store.
  • the data store may be part of the image capturing device 10 or remote from the image capturing device 10 but in electronic communication therewith.
  • the data store being remote from the image capturing device 10 facilitates a compact image capturing device 10.
  • the optically readable security element 20 comprises a hologram, bar code, QR code or similar, and such engineered components may comprise information relating to the expected response.
  • the data store may be part of the optically readable security element 20 in the form of an engineered component.
  • the data store stores an expected response for a given non-deterministic illuminating and/or reading S2.
  • illuminating S1 the optically readable security element 20 with electromagnetic radiation of a particular wavelength results in a particular optical response (e.g., wavelength of light emitted by the optically readable security element 20).
  • This optical response can be compared with an expected optical response retrieved from the data store. Resultingly and advantageously, the authenticity of the optically readable security element 20 may be verified.
  • reading S2 the optically readable security element 20 at particular relative configuration of the image capturing device 10 and the optically readable security element 20 results in a particular intensity of an optical response from the optically readable security element.
  • the identity comprises all expected responses (for different non-deterministic illuminating S1 and/or reading S2), and the optically readable security element 20 can be authenticated using one of these expected responses by which the optically readable security element 20 is identifiable as authentic.
  • the response of the optically readable security element may be verified as authentic if the response is within a predetermined range of the expected response (e.g., within 95% of the expected response).
  • a predetermined range of the expected response e.g., within 95% of the expected response.
  • the method may further comprise monitoring whether the at least one of the non- deterministic illuminating S1 and the reading S2 has been used before.
  • the method may comprise storing parameters defining each previous illuminating S1 and/or reading S2 used in the data store and comparing parameters defining the (new, e.g., proposed) illuminating S1 and/or reading S2 therewith.
  • the illuminating S1 and/or the reading S2 may be changed (i.e., not used).
  • the illuminating S1 and/or reading S2 may be implemented using previously unused (i.e., unique) parameters.
  • Unique illuminating S1 and/or reading S2 advantageously, is more secure than mere non-deterministic illuminating S1 and/or reading S2 because of its inherent resistance to replay attacks.
  • the method may further comprise fitting an expected trend to the response of the optically readable security element 20 to the illuminating S1 or reading S2 and removing systematic error based on the expected trend.
  • the data store may store the expected trend, the expected trend having been previously determined according on the physics of the system or based on measurements in a controlled environment.
  • Figure 4 shows the image capturing device 10 of Figure 2 in more detail.
  • the illuminating S1 of the optically readable security element 20 is performed by an illumination unit 11.
  • the reading S2 of the optically readable security element 20 is performed by a reader 20, which could include or be a sensor as discussed above.
  • the image capturing device may include an RNG and/or a data store.
  • the image capturing device may include a communication unit to communicate therewith.
  • the image capturing device 10 may comprise a controller or processor to control the image capturing device 10, either alone or in combination with a server in electronic communication with the controller.
  • the present disclosure has described a method and system that hinders a nefarious party from simulating a response of an optically readable security 20 element by non-deterministic illuminating S1 and/or reading S2 in order to authenticate the optically readable security element 20.
  • the use of non-deterministic methodology is very useful, as discussed above.
  • Use of a sequence of illumination, in combination with the non-deterministic methodology is particularly useful.
  • the use of a sequence allows the implementation of the non-deterministic approach of authenticating in a much more powerful way, in terms of their not being a single input-output, challenge-response, relationship. This results in a sequence of (e.g.

Landscapes

  • Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Electromagnetism (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Theoretical Computer Science (AREA)
  • Spectroscopy & Molecular Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Image Input (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

There is described a method of authenticating an optically readable security element (20) using an image capturing device (10). The method comprises illuminating S1 the optically readable security element (20) with electromagnetic radiation and reading S2 the optically readable security element (20) based on a response of the optically readable security element (20) to the illuminating S2. At least one of the illuminating S1 and the reading S2 is non-deterministic.

Description

A METHOD OF AUTHENTICATING AN OPTICALLY READABLE SECURITY ELEMENT
TECHNICAL FIELD
The present disclosure relates to a method of authenticating an optically readable security element using an image capturing device, an image capturing device configured to illuminate an optically readable security element and a system comprising an optically readable security element and an image capturing device.
BACKGROUND
Security elements or tags are used to provided security in relation to an object to which they are attached. These security elements provide security in relation to the object by labelling the object. For example, a security element may be encoded with a unique identity that can be extracted from the security element, thereby enabling authentication of the object.
However, reading of the security element is conventionally performed in a predefined and repeatable manner. As a result, the security element or tag is vulnerable to, for example, replay or simulation attacks. Predefined and repeatable reading may also promote systematic errors.
Hence, there is a desire to provide a method of authenticating an optically readable security element that mitigates the risk of replay or simulation attacks.
SUMMARY
It is one aim of the present disclosure, amongst others, to provide a method of authenticating an optically readable security element which at least partially obviates or mitigates at least some of the disadvantages of the prior art, whether identified herein or elsewhere, or to provide an alternative approach. For instance, it is an aim of embodiments of the invention to provide a method of authenticating an optically readable security element that mitigates the risk of replay or simulation attacks.
According to the present invention there is provided a method of authenticating an optically readable security element, as set forth in the appended claims. Other features of the invention will be apparent from the dependent claims and the description that follows. According to a first aspect, there is provided a method of authenticating an optically readable security element using an image capturing device. The method comprises illuminating the optically readable security element with electromagnetic radiation and reading the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element). At least one of the illuminating and the reading is non- deterministic.
Illuminating the optically readable security element with electromagnetic radiation may comprises illuminating the optically readable security element with a sequence of the electromagnetic radiation.
An optical property of the electromagnetic radiation may be non-deterministic.
The optical property may be at least one of: frequency, wavelength, polarisation and intensity.
The sequence may be non-deterministic.
The electromagnetic radiation may be pulsed.
The optically readable security element may comprise one or more optical emitters arranged to be read via emission radiation emitted therefrom and arranged to be excited by excitation radiation, and reading the optically readable security element may comprise reading the optically readable security element via the emission radiation emitted therefrom in response to the illuminating. The illuminating may be performed by the image capturing device.
The method may comprise monitoring whether the at least one of the illuminating and the reading corresponds has been used before and, in the event that the at least one of the illuminating and the reading has been used before, changing the at least one the illuminating and the reading.
The at least one of illuminating and reading non-deterministically may comprise changing at least one of: a relative position of the image capturing device with respect to the optically reading security element, a relative orientation of the image capturing device with respect to the optically readable security element, a filter for filtering the illuminating or reading of the image capturing device, a strain applied to the optically readable security element and a duration of the illuminating. The method may further comprise fitting a trend to the response of the optically readable security element to the illuminating or reading and removing systematic error based on the trend.
The method may further comprise extracting an identity from the optically readable security element based on the response of the optically readable security element to the illuminating.
Extracting the identity may comprise retrieving an expected response from a data store and comparing the expected response with the response of the optically readable security element to the illuminating.
The method may further comprise generating at least one of the illuminating and the reading based on the output of a non-deterministic source.
According to a second aspect, there is provided an image capturing device configured to illuminate an optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element). The image capturing device is arrangeable such that at least one of the illuminating and the reading is non-deterministic.
According to a third aspect, there is provided a system comprising an optically readable security element and an image capturing device. The image capturing device is configured to illuminate the optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating (e.g. in order to authenticate the optically readable security element). At least one of the illuminating and the reading is non-deterministic.
BRIEF DESCRIPTION OF DRAWINGS
For a better understanding of the invention, and to show how embodiments of the same may be brought into effect, reference will be made, by way of example only, to the accompanying Figures, in which:
Figure 1 shows a flowchart for a method of reading an optically readable security element using an image capturing device;
Figure 2 shows an image capturing device and an optically readable security element in a field of view of the image capturing device; Figures 3A and 3B show deterministic illuminating and non-deterministic illuminating; and
Figure 4 shows components of the image capturing device of Figure 2.
DETAILED DESCRIPTION
Figure 1 shows a flowchart for a method of authenticating an optically readable security element using an image capturing device. The method of Figure 1 is best understood in conjunction with Figure 2, which shows a system comprising an image capturing device 10 and an optically readable security element 20, the optically readable security element 20 being a field of view 30 of the image capturing device 10.
The method comprises illuminating S1 the optically readable security element 20 with electromagnetic radiation. The electromagnetic radiation may be light in the visible spectrum or infrared light, for example.
Illuminating S1 the optically readable security element 20 with electromagnetic radiation may comprise illuminating the optically readable security element 20 with a sequence of the electromagnetic radiation (i.e., a series of discrete events during which the optically readable security element 20 is illuminated). For example, the optically readable security element 20 may be illuminated with a first intensity of electromagnetic radiation for a first period followed by a second intensity of electromagnetic radiation for a second period. The first intensity and the second intensity may be the same or different intensities, and the first period and the second period may be the same or different lengths of time.
The method also comprises reading S2 the optically readable security 20 element based on an optical response of the optically readable security element 20 to the illuminating S1. This reading will in order to authenticate the optically readable security element. The optical response may be specular reflection or emission of light, for instance, depending on the particular optically readable security element 20 used. Reading S1 may be performed using sensors, such as image or video sensors (e.g., those typically included in image capturing devices, such as a camera). By optically challenging (i.e., illuminating S1) the optically readable security element 20 to stimulate the response, the optically readable security element 20 is read.
As part of the reading S2, for example, the method may comprise extracting an identity from the optically readable security element 20. Specifically, the identity may be extracted from the response by the image capturing device 10, as described in more detail below in relation to the data store. Advantageously, extracting the identity enables the optically readable security element 20, and hence an object to which the optically readable security element 20 may be attached or proximal, to be authenticated.
Importantly, at least one of the illuminating S1 and the reading S2 is non-deterministic. In existing (prior) approaches a challenge, for example, is deliberately predictable and deliberately a repeatable (i.e. , the same challenge as used previously). This approach introduces a weakness in the method or system. In contrast, non-deterministic illuminating S1 and/or reading S2 introduces deliberate unpredictability and/or deliberate unrepeatability. In other words, the illuminating S1 and/or reading S2, advantageously, is not able to be definitely ascertained, calculated or identified by an external or third party.
Illuminating S1 and/or reading S2 may be implemented using the output of a non- deterministic source (e.g., an algorithm or piece of hardware), whereby the output is not known and is probabilistic. In other words, the output of the non-deterministic source may be used to generate non-deterministic illuminating S1 and/or reading S2. Preferably, illuminating S1 and/or reading S2 non-deterministically is implemented using a random number generator (RNG). Details of RNGs are not provided here, as RNGs are well-known across a number of technical fields. Advantageously, non- deterministic illuminating S1 and/or reading S2 makes fraudulent attempts to authenticate the optically readable security element 20 more difficult and so increases the security of an object to which the optically readable security element 20 may be attached or proximal. For example, even if someone trying to circumvent security has access to input-output (challenge-response) characteristics or pairs, they would not know or be able to predict a non-deterministic order or sequence of such input-output (challenge-response) characteristics or pairs. This non-deterministic approach brings subtle but significant benefits.
This non-deterministic approach can be understood through Figures 3A and 3B. In each of Figures 3A and 3B, the abscissa corresponds to time and the ordinate corresponds to intensity of illumination of the optically readable security element 20.
Figures 3A shows how, conventionally, in illuminating S1 the optically readable security element 20 with a sequence of electromagnetic radiation, the intensity of successive events monotonically (i.e., deterministically) changes. Figure 3A shows the illumination profile for continuous illumination. Illuminating S1 as shown in Figures 3A is straightforward to replicate, meaning that the optically readable security element 20 is vulnerable to replay attacks.
Figure 3B shows an example of non-deterministic illuminating S1. The illumination profile shown in Figure 3B includes a pulsed sequence of electromagnetic radiation which does increase or decrease monotonically, for instance. Rather the sequence in Figure 3B comprises unpredictable random intensities. Therefore, the sequence is, advantageously, more difficult for a nefarious party to replicate. Further, advantageously, environmental changes during the illuminating S1 are mitigated against by varying the intensity randomly in time (i.e. , if there is a drift in environmental conditions the drift will be averaged out). The RNG may be part of the image capturing device 10 or part of an external apparatus (e.g., a server) in electronic communication with the image capturing device 10, in the latter case, advantageously, facilitating a compact image capturing device 10. For example, non-deterministically illuminating S1 the optically readable security element 20 may mean optically challenging the optically readable security element 20 based on a request transmitted (either internally, or externally to the external apparatus) by the image capturing device 10 including a set of parameters defining the illuminating S1 and/or reading S2.
In an example of illuminating S1 non-deterministically, a duration or period of time (e.g., one or more of a duration of the first period, a duration of the second period, a duration of a time between the first period and the second period and a duration of a total illumination time) of the illuminating S1 is performed may be non-deterministic. Illuminating S1 the optically readable security element non-deterministically may also be realised by an optical property of the electromagnetic radiation, such as one or more of frequency, wavelength, polarisation and intensity (as shown in the example of Figure 3C), being non-deterministic. For instance, a wavelength of the electromagnetic radiation used to illuminate the optically readable security element 20 may be non- deterministic. Advantageously, illuminating S1 non-deterministically is difficult for an observer to discern and, therefore, replicate.
In an example of reading S2 non-deterministically, a position of the image capturing device 10 during the reading S2 may be non-deterministic. For instance, a view finder of the image capturing device 10 may non-deterministically guide a user to position the image capturing device 10. In other words, a user may be prompted to change the relative configuration (i.e., position and/or orientation) of the image capturing device 10 and the optically readable security element 20. In another example, the time after the illuminating S1 when the reading S2 takes place may be non-deterministic. Advantageously, reading S2 non-deterministically is typically less expensive energetically compared with illuminating S1 non-deterministically.
At least one of the illuminating S1 and the reading S2 being non-deterministic may also be realised by changing a filter. For example, non-deterministically changing the filter of the image capturing device 10 may cause an electromagnetic field, resulting from the electromagnetic radiation, across the image capturing device to change. Similarly, at least one of the illuminating S1 and the reading S2 being non-deterministic may be realised by changing a strain applied to the optically readable security element 20 or a temperature across the image capturing device 10. For example, a user may be prompted to strain (e.g., flex) the optically readable security element 20 to different extents or a temperature control device (e.g., a heater) may heat the optically readable security element 20 to different extents, thereby changing a property of the optically readable security element 20 that determines its response to illuminating S1.
The electromagnetic radiation may be pulsed, as mentioned above in relation to Figure 3B. In other words, during illuminating S1 the optically readable security element 20, the electromagnetic radiation may be modulated or emitted in short bursts. Advantageously, pulsed electromagnetic radiation avoids overheating of the optically readable security element 20. Varying the duty cycle of pulsed electromagnetic radiation and/or the response during the “off” period may be used to normalise the response to account for changes in environmental conditions.
The optically readable security element 20 may comprise a hologram, bar code, QR code or similar. Preferably, the optically readable security element 20 comprises one or more optical emitters. The optical emitters may be arranged to be read via emission radiation emitted therefrom and arranged to be excited by excitation radiation. As alluded to above, the excitation radiation may be provided, for example as part of the illuminating S1 , by the image capturing device 10. Thus, reading S2 the optically readable security element 20 may comprise reading S2 the optically readable security element 20 via the emission radiation emitted therefrom in response to the illuminating S1.
The one or more emitters may serve as the component that provides or serves as the identity. Advantageously, the optically readable security element 20 being read via emission emitted therefrom provides a more robust barrier to fraudulent reading, more readily preventing spoofing or copying by, for instance, simply replicating (e.g., by printing) a bar code, QR code or similar. This advantage is particularly true when one or more (e.g., hundreds, thousands or millions or more) of emitters are distributed randomly. For instance, this effect may be achieved using quantum dots, flakes of 2D materials, (e.g., small) molecules, atomic defects or vacancies, plasmonic structures or similar.
The image capturing device 10 may be a terminal device, such as a smartphone. The image capturing device 10 may be configured to emit excitation radiation to excite the at least one optical emitter (e.g., from an electromagnetic radiation source, such as a flash or LED). By being configured to emit excitation radiation, the image capturing device 10, advantageously, facilitates the aforementioned robust security. Further, emitting the excitation radiation from the image capturing device 10, advantageously, allows convenient control of excitation of the at least one optical emitter
The system shown in Figure 2 may comprise a data store. The data store may be part of the image capturing device 10 or remote from the image capturing device 10 but in electronic communication therewith. Advantageously, the data store being remote from the image capturing device 10 facilitates a compact image capturing device 10. In one example, the optically readable security element 20 comprises a hologram, bar code, QR code or similar, and such engineered components may comprise information relating to the expected response. In other words, the data store may be part of the optically readable security element 20 in the form of an engineered component.
The data store stores an expected response for a given non-deterministic illuminating and/or reading S2. For instance, in the case of the optically readable security element 20 comprising optical emitters, illuminating S1 the optically readable security element 20 with electromagnetic radiation of a particular wavelength results in a particular optical response (e.g., wavelength of light emitted by the optically readable security element 20). This optical response can be compared with an expected optical response retrieved from the data store. Resultingly and advantageously, the authenticity of the optically readable security element 20 may be verified. In another example, reading S2 the optically readable security element 20 at particular relative configuration of the image capturing device 10 and the optically readable security element 20 results in a particular intensity of an optical response from the optically readable security element. By comparing this intensity with an expected intensity, the authenticity of the optically readable security element 20 can be verified. The identity comprises all expected responses (for different non-deterministic illuminating S1 and/or reading S2), and the optically readable security element 20 can be authenticated using one of these expected responses by which the optically readable security element 20 is identifiable as authentic.
The response of the optically readable security element may be verified as authentic if the response is within a predetermined range of the expected response (e.g., within 95% of the expected response). Advantageously, in this way, false positives may be avoided while maintaining practicality.
The method may further comprise monitoring whether the at least one of the non- deterministic illuminating S1 and the reading S2 has been used before. To this end, the method may comprise storing parameters defining each previous illuminating S1 and/or reading S2 used in the data store and comparing parameters defining the (new, e.g., proposed) illuminating S1 and/or reading S2 therewith. In the event that the at least one of the illuminating S1 and the reading S2 has been used before, the illuminating S1 and/or the reading S2 may be changed (i.e., not used). In other words, the illuminating S1 and/or reading S2 may be implemented using previously unused (i.e., unique) parameters. Unique illuminating S1 and/or reading S2, advantageously, is more secure than mere non-deterministic illuminating S1 and/or reading S2 because of its inherent resistance to replay attacks.
The method may further comprise fitting an expected trend to the response of the optically readable security element 20 to the illuminating S1 or reading S2 and removing systematic error based on the expected trend. By removing systematic error, advantageously, greater accuracy of authentication of the optically readable security element 20 may be achieved. The data store may store the expected trend, the expected trend having been previously determined according on the physics of the system or based on measurements in a controlled environment. By applying a fitting function to the distribution of the response (e.g., a linear or an exponential function), small deviations (e.g., those caused by environmental changes) from the expected trend are smoothed out.
Figure 4 shows the image capturing device 10 of Figure 2 in more detail. The illuminating S1 of the optically readable security element 20 is performed by an illumination unit 11. The reading S2 of the optically readable security element 20 is performed by a reader 20, which could include or be a sensor as discussed above. As discussed above, the image capturing device may include an RNG and/or a data store. In the case of the image capturing device 10 not comprising the RNG and the data store, the image capturing device may include a communication unit to communicate therewith. The image capturing device 10 may comprise a controller or processor to control the image capturing device 10, either alone or in combination with a server in electronic communication with the controller.
In summary, the present disclosure has described a method and system that hinders a nefarious party from simulating a response of an optically readable security 20 element by non-deterministic illuminating S1 and/or reading S2 in order to authenticate the optically readable security element 20. The use of non-deterministic methodology is very useful, as discussed above. Use of a sequence of illumination, in combination with the non-deterministic methodology, is particularly useful. As discussed above in specific examples, and more generally true, the use of a sequence allows the implementation of the non-deterministic approach of authenticating in a much more powerful way, in terms of their not being a single input-output, challenge-response, relationship. This results in a sequence of (e.g. more than one) challenge-response pairs, which might be described as a sequence of authentications, or authentication steps, as part of the overall authentication. In general, this clearly improves the authentication process, especially in combination with the non-deterministic methodology. For example, there is more than one (e.g. sub, or constituent) non-deterministic authentication step or process, due to the sequence of illumination (e.g. different non-deterministic illuminations, or different non-deterministic illuminations, for illuminations in that sequence). Perhaps more subtly, this opens up and facilitates all sorts of even more advantageous implementations, as described above, in terms of non-deterministic illumination frequency, wavelength, polarisation, intensity, timing, duration, and more. It is noted that use of such a sequence, in combination with non-deterministic methodology, is not needed for the existing (prior art) implementations, which are about reading something more easily, accurately, or consistently, and so on, in a single read. A sequence is not needed, and would arguably be a waste of time or resource.
Although preferred embodiments have been shown and described, it will be appreciated by those skilled in the art that various changes and modifications might be made without departing from the scope of the invention, as defined in the appended claims and as described above.
The optional features set out herein may be used either individually or in combination with each otherwhere appropriate and particularly in the combinations as set out in the accompanying claims. The optional features for each aspect or exemplary embodiment of the invention, as set out herein are also applicable to all other aspects or exemplary embodiments of the invention, where appropriate. In other words, the skilled person reading this specification should consider the optional features for each aspect or exemplary embodiment of the invention as interchangeable and combinable between different aspects and exemplary embodiments.

Claims

1. A method of authenticating an optically readable security element using an image capturing device, the method comprising: illuminating the optically readable security element with electromagnetic radiation; and reading the optically readable security element based on a response of the optically readable security element to the illuminating, wherein at least one of the illuminating and the reading is non-deterministic.
2. The method of claim 1 , wherein illuminating the optically readable security element with electromagnetic radiation comprises: illuminating the optically readable security element with a sequence of the electromagnetic radiation.
3. The method of claim 1 or 2, wherein an optical property of the electromagnetic radiation is non-deterministic.
4. The method of claim 3, wherein the optical property is at least one of: frequency, wavelength, polarisation and intensity.
5. The method of any of claims 2 to 4, wherein the sequence is non-deterministic.
6. The method of any preceding claim, wherein the electromagnetic radiation is pulsed.
7. The method of any preceding claim, wherein the optically readable security element comprises one or more optical emitters arranged to be read via emission radiation emitted therefrom and arranged to be excited by excitation radiation, and wherein reading the optically readable security element comprises: reading the optically readable security element via the emission radiation emitted therefrom in response to the illuminating, optionally wherein the illuminating is performed by the image capturing device.
8. The method of any preceding claim, further comprising: monitoring whether the at least one of the illuminating and the reading has been used before; and in the event that the at least one of the illuminating and the reading has been used before, changing the at least one the illuminating and the reading.
9. The method of any preceding claim, wherein the at least one of illuminating and reading non-deterministically comprises: changing at least one of: a relative position of the image capturing device with respect to the optically reading security element, a relative orientation of the image capturing device with respect to the optically readable security element, a filter for filtering the illuminating or reading of the image capturing device, a strain applied to the optically readable security element and a duration of the illuminating.
10. The method of any preceding claim, further comprising: fitting a trend to the response of the optically readable security element to the illuminating or reading; and removing systematic error based on the trend.
11. The method of any preceding claim, further comprising: extracting an identity from the optically readable security element based on the response of the optically readable security element to the illuminating.
12. The method of claim 11 , wherein extracting the identity comprises: retrieving an expected response from a data store; and comparing the expected response with the response of the optically readable security element to the illuminating.
13. The method of any preceding claim, further comprising: generating at least one of the illuminating and the reading based on the output of a non-deterministic source.
14. An image capturing device configured to illuminate an optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating, wherein the image capturing device is arrangeable such that at least one of the illuminating and the reading is non-deterministic.
15. A system comprising: an optically readable security element; and an image capturing device configured to illuminate the optically readable security element with electromagnetic radiation and read the optically readable security element based on a response of the optically readable security element to the illuminating, wherein at least one of the illuminating and the reading is non-deterministic.
PCT/GB2024/051648 2023-06-30 2024-06-27 A method of authenticating an optically readable security element WO2025003674A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB2309990.6 2023-06-30
GB2309990.6A GB2626208A (en) 2023-06-30 2023-06-30 A method of authenticating an optically readable security element

Publications (1)

Publication Number Publication Date
WO2025003674A1 true WO2025003674A1 (en) 2025-01-02

Family

ID=87556834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2024/051648 WO2025003674A1 (en) 2023-06-30 2024-06-27 A method of authenticating an optically readable security element

Country Status (2)

Country Link
GB (1) GB2626208A (en)
WO (1) WO2025003674A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5955720A (en) * 1996-03-21 1999-09-21 Symbol Technologies, Inc. Semi-retroreflective scanners
EP1840792A1 (en) * 2006-03-28 2007-10-03 Sony Corporation Optical communication system, optical reader, and method of reading information
US20100200649A1 (en) * 2007-04-24 2010-08-12 Andrea Callegari Method of marking a document or item; method and device for identifying the marked document or item; use of circular polarizing particles
US20130146665A1 (en) * 2011-12-13 2013-06-13 Honeywell International Inc. d/b/a Honeywell Scanning and Mobility Optical readers and methods employing polarization sensing of light from decodable indicia
US20160267304A1 (en) * 2015-03-10 2016-09-15 Xerox Corporation Printed tag information recognition using multi-pose illumination to mitigate glare

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2587643A (en) * 2019-10-03 2021-04-07 Quantum Base Ltd Optically deriving information from a security element

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5955720A (en) * 1996-03-21 1999-09-21 Symbol Technologies, Inc. Semi-retroreflective scanners
EP1840792A1 (en) * 2006-03-28 2007-10-03 Sony Corporation Optical communication system, optical reader, and method of reading information
US20100200649A1 (en) * 2007-04-24 2010-08-12 Andrea Callegari Method of marking a document or item; method and device for identifying the marked document or item; use of circular polarizing particles
US20130146665A1 (en) * 2011-12-13 2013-06-13 Honeywell International Inc. d/b/a Honeywell Scanning and Mobility Optical readers and methods employing polarization sensing of light from decodable indicia
US20160267304A1 (en) * 2015-03-10 2016-09-15 Xerox Corporation Printed tag information recognition using multi-pose illumination to mitigate glare

Also Published As

Publication number Publication date
GB2626208A (en) 2024-07-17
GB202309990D0 (en) 2023-08-16

Similar Documents

Publication Publication Date Title
RU2643453C2 (en) System and method for identification and authentication of tags
US7938331B2 (en) Method and system for anti-counterfeit barcode label
US20090008924A1 (en) Authenticating banknotes or other physical objects
CN111699517A (en) Method for checking the authenticity and/or integrity of a security document having a printed security feature, security feature and facility for verification
WO2007057641A1 (en) Secure tag reader
US11328193B2 (en) Optically deriving information from a security element
CN108174613B (en) Photoluminescence verification device, system and method
CN112041850B (en) Dynamic illumination for image-based authentication processing
US7495234B2 (en) Secure tag validation
WO2025003674A1 (en) A method of authenticating an optically readable security element
EP3650750B1 (en) Devices and methods for optical-based tamper detection using variable light characteristics
EP3673405B1 (en) Optical reading of a security element
US9165418B2 (en) Authentication device with temporary enabling target
US11188807B2 (en) Data processing apparatus
US11562611B2 (en) Deriving information from an optically readable security element
US8937712B2 (en) Authentication device with access control and calibration
US9256809B2 (en) Enabling an authentication device with temporary target
GB2632476A (en) A method of controlling a state of an optically readable security element
KR20210045254A (en) Authentification device and method for security pattern
GB2632137A (en) A method of monitoring an optically readable security element
GB Howarth et al.(43) Pub. Date: Apr. 8, 2021
KR102513873B1 (en) Recognition apparatus and method for security material
WO2025027288A1 (en) A method of authenticating and preventing spoofing of an optically readable security element
RU177072U1 (en) DEVICE FOR INSTALLING THE CONTENT OF DOCUMENTS DAMAGED BY THE MECHANICAL METHOD
GB2631453A (en) Method of determining coupling of objects using an image capturing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24740199

Country of ref document: EP

Kind code of ref document: A1