|Publication number||WO1992001278 A1|
|Publication date||23 Jan 1992|
|Filing date||2 Jul 1991|
|Priority date||3 Jul 1990|
|Also published as||CA2086430A1, CA2086430C, DE69129233D1, DE69129233T2, EP0543893A1, EP0543893A4, EP0543893B1, US5027401|
|Publication number||PCT/1991/4552, PCT/US/1991/004552, PCT/US/1991/04552, PCT/US/91/004552, PCT/US/91/04552, PCT/US1991/004552, PCT/US1991/04552, PCT/US1991004552, PCT/US199104552, PCT/US91/004552, PCT/US91/04552, PCT/US91004552, PCT/US9104552, WO 1992/001278 A1, WO 1992001278 A1, WO 1992001278A1, WO 9201278 A1, WO 9201278A1, WO-A1-1992001278, WO-A1-9201278, WO1992/001278A1, WO1992001278 A1, WO1992001278A1, WO9201278 A1, WO9201278A1|
|Inventors||John A. Soltesz|
|Applicant||Soltesz John A|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (3), Non-Patent Citations (1), Classifications (18), Legal Events (8)|
|External Links: Patentscope, Espacenet|
SYSTEM FOR THE SECURE STORAGE AND TRANSMISSION OF DATA
BACKGROUND OF THE INVENTION
Field of the Invention:
The present invention relates generally to the field of data storage and, more particularly, to the field of the secure storage and transmission of data.
Description of the Related Art:
In the banking industry, billions of dollars are lost every year due to the unauthorized access to data and accounts. In the field of credit card transfer, various attempts have been made to prevent or curtail such abuse, including the addition of a signature line to the back of the credit card, and the addition of a hologram to the front of the card. Concerning the former, a clerk handling a credit card transaction should compare the signature on the back of the credit card to the signature on the transaction slip; however, in practice, such comparison is rarely made, and if made, is rarely carefully done. Concerning the latter, while a hologram prevents the easy counterfeit of a credit card, it does nothing to prevent the fraudulent use of a validly issued card that has been misappropriated by one not authorized to use it.
Losses are also generated as a direct result of die unauthorized access to information transmitted over airwaves or by computer networks. No truly reliable system practical enough to be implemented has been developed to pare these huge losses since, by their very nature, a relatively large number of individuals must have access to the information. Therefore, the need for a system that effectively prevents the unauthorized access to account information as well as to the funds contained in personal and commercial accounts has long been recognized, but not adequately satisfied. In addition to those attempts mentioned above, various encryption algorithms have been developed and applied to many forms and applications of data and data storage. The encryption algorithms, however, suffer from high complexity, which leads to increased cost and implementation difficulties.
Two systems addressed to the same problems are shown in Simjian, 3,569,619, and Leighton et aL» 4,879,747. In Simjian, a system is disclosed for storing an authorized credit card user's image on microfilm along with a code on a credit card, so that a point-of-sale device can read the code, call up the image from an external store, and display the image on a screen for comparison with the card holder. No further security measures are taken to protect the data.
Leighton et al., discloses a personal identification system that incorporates a highly sophisticated RS A-type of encoding in a public key-private key system. The disclosed system may be used to store photographic, medical history, or other data onto a data card, but does not rely on an image-based algorithm for storage of secure information.
SUMMARY OF THE INVENTION
The present invention utilizes a visual algorithm to encode sensitive data onto a medium from which the data can later be retrieved for decoding. The image of a person or of other alphabetical, numerical, or alphanumerical data is first digitized, then scrambled pixel-by-pixel using a highlighted point-of-origin pixel as a key to initiating decoding.
The scrambling process begins with a first color being chosen, all pixels of that color being read and scrambled in some fashion until the last pixel of that color is read. Then, a digit is assigned to that color. The digit may come from a random number-based digit sequence or from a sequence derived from the time of encoding. An instruction may also be encoded into the last pixel to indicate the second color to be retrieved. The process is then continued until as many colors and digits as required are correlated and scrambled.
Finally, the data are recorded onto a data card or other medium. A decoder reads the scrambled data from the card by first locating the point-of-origin pixel. The visual algorithm is then implemented to decode the data and reassemble it for display on a screen. Preferably, a printout is also made of the decoded image. Additionally, the descrambled image or other information retrieved during decoding may be recorded or otherwise stored for later referral.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates a block diagram of die inventive encoding process for a picture- taking embodiment of the invention;
Figure 2 shows a preferred form of a data card useful in accordance with the teachings of the present invention; Figure 3 illustrates a block diagram of the decoding process of the invention;
Figure 4 illustrates one embodiment of the invention in a retail application;
Figure 5 illustrates schematically a visual algorithm useful in carrying out the invention; and
Figure 6 illustrates in greater detail the decoding process of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Although the drawings and much of the description below are directed to a preferred embodiment of die invention, in which the image of a person who has been authorized to use a credit or other data card is encoded onto the card, the broader nature of the invention is not limited to this embodiment, but instead extends to the secure storage and transmission of data in general. Various references throughout the description serve to emphasize this point.
Referring first to Figure 1, the block diagram that implements the inventive encoding process includes a conventional digital video camera 2, for example, of the charge-coupled device (CCD) type. As for all block diagrams that depict the invention, Figure 1 illustratively shows one possible hardware implementation. Camera 2 includes means for digitizing the image of subject 4, although separate digitizing and processing means may be used. One of ordinary skill in the art will readily recognize that many modifications concerning the number and type of individual components are possible. The digitized output from camera 2 is received at encoder 6. As shown in Figure 1, encoder 6 comprises at least two primary elements, scrambler 8 and transmitter 10. Scrambler 8 receives the digitized signal from camera 2 and scrambles it according to a process described below, so that anyone intercepting the output from transmitter 10 will be unable to readily decipher it. This aspect relates both to the specific card-encoding aspect of the invention, and also shows the broader application of the invention to data transmission in general.
Transmitter 10, therefore, may take any of a number of forms, depending upon the particular application of the invention. In the broad sense, transmitter 10 is a means for transferring the scrambled data from the output of scrambler 8 to recorder 12, which places the scrambled information into (onto) some sort of storage medium. Depending upon the specific implementation of the invention, however, transmitter 10 may comprise a radar transmitter, a microwave transmitter, or, as in the embodiment shown, appropriate wiring for passing the scrambled data from die scrambler 8 (or from storage after scrambling) to recorder 12, such that no over-the-air transmission occurs at all.
Returning to Figure 1, the encoder 6 thus provides scrambled data to recorder 12. For die current embodiment, in which recorder 12 preferably records me data onto a data card, recorder 12 may take any of a variety of forms known to the art. For example, recorder 12 may comprise an optical recorder; the data card thus must be capable of being written onto and read from in an optical format. Any optical system known to the art that is capable of recording die required volume of data onto the size of the card may be used. A person's face, for example, may require as much as 0.25 Mbytes or more of digital information to fully encode according to die invention; present technology is capable of recording at least 16 times that much information onto a credit card-sized data card in an arcuate format.
The scrambled data may also be recorded according to any of die known magnetic encoding systems. One drawback, however, to a magnetic system is that a magnetic system is incapable of storing as much information as may be necessary for many applications of the invention. A great volume of data, for example, is required simply to digitize an image, without considering error correction, redundancy, instructions, and otiier information that may be desired to be encoded along with the image. Where practical, however, a magnetic system may be used.
One of ordinary skill will also recognize that a chip-embedded smart card may implement the invention, assuming sufficient memory space in the chip. A smart card may also be utilized for only a portion of the procedure (e.g.. to store instructions) if practicable.
Turning to Figure 2, a preferred form of the data card and its encoded fields is shown. By way of example, data card 14 includes two fields on one side of die card. Field 16 is illustratively a bar-coded field, set aside for storing a preliminary enablement code (such as a PIN number) for accessing the scrambled data. Field 18, which may comprise much of me rest of the side of die card or more, is illustratively reserved for die scrambled information. The information contained in bar code field 16 may alternatively or additionally be contained in field 18, in scrambled or unscrambled form.
Figure 3 is a block diagram illustrating the operation of signal decoder 20. When die data card or odier source of scrambled information outputs its digital information into decoder 20, the information is first read by reader 22. Decoder 20 tiien descrambles the data according to a novel visual algorithm once the enabling key or keys encoded in field 16 are satisfied. Following die descrambling procedure, the data is presented either on display means 24 as shown, or in some odier suitable form, depending on die application.
Figure 4 illustrates how the signal decoder subsystem works in a preferred embodiment. In the illustration, decoder 20 is shown connected to display 24, widi both resting on the transaction counter in, for example, a retail store or a commercial bank. According to one aspect of the invention, when a card bearer presents a card to make a purchase or odier transaction, the clerk runs the card tiirough decoder 20, and die image stored on the card appears on the screen of display 24. The clerk can then verify that the card bearer is authorized to use die card by comparing the image on display 24 to the bearer. Following the verification procedure, wheώer or not use of die card is approved, die image descrambled by decoder 20 is preferably recorded by printer 28. The printout need not be of highest quality, but merely adequate to assist in the identification of die image in case d e card holder has somehow managed to encode his own image onto die card of anodier. Of course, any other suitable form of recording the image for later reference may be implemented.
Aldiough signal decoder 20 has been described in d e environment of reading and descrambling data cards, die broader teachings of die invention should be kept in mind, since decoder 20 is more properly considered a signal decoder and not merely a card reader. Its function in a non-card, secure data signal transmission environment is thus apparent from the description. Turning to Figure 5, a preferred visual scrambling algoridim is shown for scrambling an image for later retrieval by a decoder. The term visual algorithm is used to emphasize that the scrambling process relies on the image nature of the data to be scrambled. Therefore, textual data, for example, may be captured as an image and men encoded, radier tiian encoding character-by-character. As mentioned above, me embodiment described next is illustrative of a much broader scope belonging to the invention; any information in tangible form may be converted into an image by photographing or otherwise imagewise recording it. Similarly, the scrambling algorithm described below may be adapted to nonimage information without undue experimentation.
The first step in the preferred visual scrambling algorithm is to subdivide die image into a plurality of pixels. Each pixel is capable of representing one color from a range of possible colors. For example, a range of color from white to gray in a black-and-white image may be represented by 360 shades. Even a textual image of black characters on a lighter background has shades of color in the sense that some individual pixels represent subdivisions diat are part background and part character, and dierefore average to a shade of gray. For the purposes of die invention, a smaller range may well be suitable for capturing an accurate image of a card holder's face. Of course, true color (as opposed to shades of black and white) images may be encoded according to die invention.
Each pixel is then digitized according to known methods, resulting in a stream of data. The system may be designed to handle die stream one pixel at a time, or it may be designed with plural processors to parallel-process the data. In eidier case, one pixel 26 is chosen to be a "point-of-origin" pixel. This pixel may or may not be altered. For the purpose of illustration, it will be assumed mat it is not scrambled. Pixel 26 is termed a point-of-origin pixel because it is the first pixel at which decoder 20 will begin unscrambling. As such, it must somehow be encoded in such a way that decoder 20 can tell that it is the point of origin. One such way to "highlight" pixel 26 is to make it occupy the same location in the pixel stream in every scrambling operation. While this may appear to make the system less secure, in fact d e security of the system may not be breached, since odier aspects of the algorithm lend protection as well.
Pixel 26 may be highlighted in odier ways as well. It may be a color that is uniquely defined as the origin. It may also be designated in an appropriately secure manner in the bar- coded field 16. Furthermore, it may be designated by a particular data string embedded in die image data by die encoder.
Pixel 26 represents more than just the beginning point for the scrambling operation: it also holds the first instruction for die scrambler 8. Scrambler 8 reads the color of pixel 26 and, on die basis of the color, scans the entire data stream (serial or parallel) for all pixels of a first particular color. The color sought may be the same as pixel 26, or it may be a different color found, for example, by consulting a lookup table accessible to the encoder.
Pixel 26 may indicate the first color by any odier manner mat would properly enable pixels of the first color to be identified and retrieved during the scan, so long as the data space required to perform the function does not exceed die capacity of die card.
Once all pixels of the first color are retrieved, diey are scrambled within die data stream at random. Alternatively, they could be stored for later scrambling onto the data field
16. However scrambled, when all pixels of die first color have been processed, the first color is assigned a first digit, and die first digit stored in scrambled or unscrambled form, preferably within the data stream. This first digit will later be compared to a unique number to verify tiiat decoder 20 is properly decoding me scrambled information. The invention is not limited to numerals as digits, although diey are preferred so that die digit sequence may be tied to the time of encoding, as described in detail below. An alphabetical or alphanumerical code could alternatively be used. Digit, therefore, should be understood as meaning character in a broader sense.
After the first digit is assigned, a second color is chosen based upon die last pixel retrieved from me pixels of the first color. Again, a lookup table may be employed to correlate a location with a color or die first color with die second color, or some odier means of associating the last pixel of the first color may be used. As a further example, the last pixel of the first color may be encoded widi a "jump right" or "jump left" instruction into its color, directing me decoder 20 to choose die second color by simply moving in die direction indicated.
All pixels of the second color are then retrieved in die same manner as were the first, until the last pixel of the second color is retrieved. At this point, the second-color pixels are scrambled into me data stream (or into memory with die first-color pixels) according to a predetermined algorithm or at random. A second digit is assigned to die second color and stored, and an instruction from the last second-color pixel read to determine the third color to be retrieved.
All pixels of a sequence of colors are tiius retrieved and scrambled until a desired number of pixels have been so processed. It is not strictly necessary to scramble every color in an image having a wide range of colors, for a scrambling of fewer than all pixels will still render the image unintelligible. This fact may be beneficial for compression purposes, should compression be desired, since, ejj„ background color may be compressed to save storage space widiout affecting the complexity of the scrambling or the unintelligibility of the image.
When all colors desired to be retrieved and scrambled have been, a sequence of digits will have been produced. This sequence of digits is preferably stored, unscrambled or scrambled, for later retrieval. As mentioned above, die sequence of digits may be stored in the image data stream, or in a separate location on the card.
All data thus compiled are then recorded onto d e data card using, for example, an optical system of die type manufactured by The Drexler Corporation of Mountain View, California, or Optical Recording Corporation of Toronto, Canada. All data may be written in uncompressed form, or any form of data compression known to the art may be used on some or all of the data. For example, the relatively unimportant background data may be compressed, while die scrambled image data is uncompressed to ensure accurate descrambling. Error correction data may also be written onto the card, space permitting, should such be desired.
Figure 6 illustrates the decoding process of die invention in die data card environment. When a card holder in die current embodiment presents a card for payment at a retail store, for example, die sales clerk runs the card through decoder 20. Decoder 20 first reads field 16 (or field 18) for the initial PIN number or odier key stored there. Pursuant to a prompt, then, the card holder enters the key for comparison by the decoder substantially as performed by, e.g.. a conventional ATM. Of course, any key may be used, including a code word, digitized fingerprint, etc. Moreover, a plurality of keys may be stored, each key corresponding to a different type of data stored on die card. For example, a PIN number may be required to access banking information, the user's mother's maiden name for access to medical data stored on die card, and a key word stored for access to the user's facial image data. All data, of course, may be stored in one mass field or in separate fields using the encoding procedure described above.
Assuming mat the user enters a valid key word and diat the encoder verifies the validity, decoder 20 next seeks the point-of-origin pixel 26. Upon locating pixel 26, decoder 20 "reads" the information stored tiierein and begins scanning all data pertaining to the accessed information (here, the authorized user's face) for pixels of the first color. When all pixels of the first color have been retrieved, die first digit stored to correspond to die first color is retrieved as well. This digit is dien compared to the first digit (e.g.. the most significant digit) of the stored sequence. If die comparison is valid, the pixels of the first color are reassembled according to an algorithm that is constant to the system as a whole (i.e.. all cards are scrambled and descrambled according to die same algorithm), according to an algoridim stored on die card by die encoder, or according to some odier method that cannot be divined by an unautiiorized user.
Once reassembling is complete, decoder 20 follows the instruction encoded in the last first-color pixel to jump to die next color and repeat die above procedure. All colors scrambled during die encoding process are similarly retrieved, descrambled (if necessary) and reassembled, and any pixels remaining are filled in as well, after decompression, if necessary.
Of course, if die scrambled data are compressed during encoding, diey will need to be decompressed prior to reassembly. It is important to note that each place in the digit sequence must be verified before die next color is read. To further secure d e data from unauthorized access, the digit sequence may be tied to die precise time at which encoding took place, carried out to as many digits as there are colors to be scrambled. For example, if encoding took place at precisely 13.0795743839 hours of the day (approximately 1:05 p.m.), a 12-digit number is provided that can be correlated digit-by-digit widi 12 scrambled colors. The system thus requires a prospective hacker to potentially churn 1012 numbers before exhausting all possibilities simply to crack the order of scrambling. Another possibility is to devise an absolute standard of time so that, no matter what time of day encoding takes place, no two encodings could ever have die same digit sequence. This feature is especially important when the data is transferred over airwaves, where interception of a signal is * vial.
Additionally, die digit sequence may be established using a random or pseudorandom number generated by d e encoder. The number could even be designed so that each digit is unique. This limits the number of pixel colors that can be encoded, however.
Returning to the current embodiment, die decoder system is men capable of displaying die image on display 24 for verification by die sales clerk. After audiorization is approved or denied, a printout of the descrambled image is preferably made by printer 28 as described above. A separate recording of the transaction may also be desired, which recording may be of the descrambled image or die nature of the transaction and made to a central memory, for example.
As mentioned previously, the present invention has broad applications to the field of secure storage and transmission of data. The term image, where used above, should be understood as pertaining to the data stored on die card, whedier diey comprise a photographic image, an x-ray, or alphabetical or numerical data stored as an image. Therefore, the use of a card for storage of the secured facial image is pertinent to the specific embodiment described as well as to any embodiment in which data stored on a card is desired. A card, though, is merely one example of a storage medium in which the secured data may be held.
In fact, if the data represent, for example, a document transmitted by microwave, no card may be needed or desired. The receiver may simply be the input to the decoder 20 as outiined above.
Various modifications to e invention described above will become apparent to one of ordinary skill in the art. All such modifications that rely on die teachings dirough which the invention has advanced die state of the art are properly considered wid in the spirit and scope of die invention.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4531024 *||25 Oct 1983||23 Jul 1985||At&T Bell Laboratories||Multilocation video conference terminal including video switching contention control|
|US4864108 *||25 Jun 1987||5 Sep 1989||Hitachi Ltd.||Apparatus for recording transactions and a recording method therefor|
|US4879747 *||21 Mar 1988||7 Nov 1989||Leighton Frank T||Method and system for personal identification|
|1||*||See also references of EP0543893A4|
|International Classification||H04N1/44, G06T9/00, G06K17/00, G06K19/10, G06K19/14, G07C9/00, G07F7/08, G06Q40/00, G09C5/00, G09C|
|Cooperative Classification||G07C9/00079, G06K19/14, G07F7/086, G09C5/00|
|European Classification||G07F7/08B, G09C5/00, G07C9/00B6D2, G06K19/14|
|23 Jan 1992||AK||Designated states|
Kind code of ref document: A1
Designated state(s): AU BB BG BR CA CS FI HU JP KP KR LK MC MG MN MW NO PL RO SD SU
|23 Jan 1992||AL||Designated countries for regional patents|
Kind code of ref document: A1
Designated state(s): AT BE BF BJ CF CG CH CI CM DE DK ES FR GA GB GN GR IT LU ML MR NL SE SN TD TG
|29 Dec 1992||ENP||Entry into the national phase in:|
Ref country code: CA
Ref document number: 2086430
Kind code of ref document: A
Format of ref document f/p: F
|29 Dec 1992||WWE||Wipo information: entry into national phase|
Ref document number: 2086430
Country of ref document: CA
|31 Dec 1992||WWE||Wipo information: entry into national phase|
Ref document number: 1991914928
Country of ref document: EP
Ref document number: 925985
Country of ref document: FI
|2 Jun 1993||WWP||Wipo information: published in national office|
Ref document number: 1991914928
Country of ref document: EP
|8 Apr 1998||WWG||Wipo information: grant in national office|
Ref document number: 1991914928
Country of ref document: EP
|31 Aug 1999||WWG||Wipo information: grant in national office|
Ref document number: 925985
Country of ref document: FI