FIELD

[0001] Embodiments relate generally to document authentication, and, more particularly, to optical authentication of document security features.

BACKGROUND

[0002] Lhe use of identification documents and other credentials has become pervasive in many contexts, including proving identity, verifying age, accessing an asset, evidencing driving privileges, etc. Increasingly, individuals and organizations rely daily on various types of credentials to navigate cashless payment environments, to navigate work environments, and for other purposes. Given the potential value and access facilitate by such credentials, nefarious individuals and organizations go to great lengths to counterfeit such credentials, which has become a significant concern for agencies that rely on their authenticity.

BRIEF SUMMARY

[0003] Among other things, systems and methods are described herein for reading, analyzing, and authenticating different types of security features on a credential to

authenticate the credential. For example, the credential authentication can involve detecting different sets of security data from different security features of a credential under multiple optical conditions, and authorizing the credential according to each set of security data, correlations between sets of security data, and/or combinations thereof. In some

embodiments, multiple sets of security data are concurrently detected from multiple surfaces of a credential that are non-coplanar. For example, systems are described that can use novel arrangements of optics to concurrently read security data from security features located on opposite sides of a credential (and, in some implementations, on the edge of the credential and/or other surfaces). Some such systems can read those different security features under different illumination conditions, for example, by reading certain security data under white- light illumination and reading other security data under ultraviolet illumination.

[0004] According to one set of embodiments, a method is provided for credential authenticating. Lhe method includes: illuminating, while at least a portion of the credential is in an optical authentication environment (e.g., after the credential is received therein), a first security feature and a second security feature (e.g., concurrently), the first security feature located on a first surface of a substrate of the credential, and the second security feature located on a second surface of the substrate that is non-coplanar with the first surface (e.g., on opposite sides of a sheet material substrate); detecting, optically (e.g., and concurrently) under the illumination, first security data from the first security feature and second security data from the second security feature; determining whether to authenticate the first security data and the second security data; and authenticating the credential when it is determined to authenticate both the first security data and the second security data.

BRIEF DESCRIPTION OF THE DRAWINGS

[0005] The present disclosure is described in conjunction with the appended figures:

[0006] FIG. 1 shows an illustrative credential authenticating environment as a context for various embodiments;

[0007] FIG. 2 shows a functional block diagram of an illustrative credential authentication system, according to various embodiments;

[0008] FIG. 3 shows an exemplary computational environment for implementing a credential authentication system, according to various embodiments;

[0009] FIG. 4 shows a simplified side view of an illustrative credential authentication system, according to various embodiments;

[0010] FIG. 5 shows a perspective view of an illustrative credential authentication system, according to various embodiments;

[0011] FIG. 6 shows an illustrative image of a credential obtained by a detection subsystem of a credential authentication system, according to various embodiments;

[0012] FIG. 7 shows an image correlation example, assuming a stolen credential that has had its printed photo replaced or changed, while leaving a valid OVM in place on the credential; and

[0013] FIG. 8 shows a flow diagram of an illustrative method for authenticating a credential, according to various embodiments. [0014] In the appended figures, similar components and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label by a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.

DETAILED DESCRIPTION

[0015] In the following description, numerous specific details are set forth to provide a thorough understanding of various embodiments. However, one having ordinary skill in the art should recognize that the invention can be practiced without these specific details. In some instances, circuits, structures, and techniques have not been shown in detail to avoid obscuring embodiments.

[0016] The use of identification documents and other credentials has become pervasive in many contexts, including proving identity, verifying age, accessing an asset (e.g., secure area, financial account, computing resource, etc.), evidencing driving privileges, etc. Increasingly, individuals and organizations rely daily on various types of credentials to navigate cashless payment environments (e.g., as payment cards, account access credentials, etc.), to navigate work environments (e.g., as employee identification cards, as building access cards, etc.), and for other purposes. Examples of credentials can include government issued credentials (e.g., passports, driver's licenses, visas, etc.), identification badges, payment cards, official papers, documents of value (e.g., bonds, certificates, negotiable instruments, etc.), and many others. Given the potential value and access facilitate by such credentials, nefarious individuals and organizations go to great lengths to counterfeit (forge, illegally modify, spoof, etc.) such credentials, which has become a significant concern for agencies that rely on their

authenticity.

[0017] Accordingly, credentials typically include one or more security features to facilitate authentication of the credentials and/or credential holders. The security features can be selected for their associated attributes, such as level of human readability versus machine readability, level of copy protection, level of spoof protection, optical and/or computational complexity involved in reading and/or authenticating, cost to produce, etc. Some credentials incorporate special materials, laminating schemes, and the like that manifest characteristic optical responses under particular illumination conditions. For example, optically variable devices, invisible inks, and/or other techniques can be used, so that certain security data only appears when illuminated by certain wavelengths of visible or invisible light. Some other types of security features can include retro-reflective layers inside laminating materials, different types of inks that have one color under normal ambient light, but show up as different colors when illuminated by certain wavelengths of invisible light, magnetic and radio frequency (RF) taggants (which can be invisible to the human eye, but can be easily detectable with proper sensing equipment), embedded micro-miniature smart chips (e.g., with security data stored thereon), and others.

[0018] Increasingly, multiple security features are being incorporated into different regions of a single credential to thwart counterfeiting attempts. Further, in many instances, more complex security features are being incorporated, and reading or authenticating multiple such security features often involves multiple detection techniques. These and other aspects can tend to increase the complexities involved in reading and authenticating security data from the credentials, which can similarly increase the complexities and demands on authentication systems.

[0019] Embodiments described herein include systems and methods for credential authentication that can rapidly and reliably read, analyze, and authenticate different types of security features on a credential. For example, the credential authentication can involve detecting different sets of security data from different security features of a credential under multiple illumination conditions, and authenticating the credential according to each set of security data, relationships (e.g., correlations and/or other mathematical correspondences) between sets of security data, and/or combinations thereof. In some embodiments, multiple sets of security data are concurrently detected from multiple surfaces of a credential that are non-coplanar. For example, systems are described that can use novel arrangements of optics to concurrently read security data from security features located on opposite sides of a credential (and, in some implementations, on the edge of the credential and/or other surfaces). Some such systems can read those different security features under different illumination conditions, for example, by reading certain security data under white-light illumination and reading other security data under ultraviolet illumination. [0020] FIG. 1 shows an illustrative credential authenticating environment 100 as a context for various embodiments. The environment 100 includes a credential authentication system 110 that receives and authenticates a credential 120. The credential authentication system 110 can include any suitable interface elements for interfacing with the credential 120, with users, with computational systems, etc. For example, as illustrated, the credential authentication system 110 includes a slot 130 for receiving a credential 120 implemented as a wallet-size card. Other implementations can include feeder systems, conveyor systems, scanning beds, and/or any other suitable credential 120 interface elements. The illustrated user interface elements include a display 140, lights and/or buttons 135, etc.

[0021] The credential 120 has various security features. As used herein, the term

"credential" is intended broadly to include any type of physical documentation that can be provided by a holder of the credential 120 to authenticate a claim. For example, a credential 120 can be used to authenticate a claim of personal information (e.g., name, age, physical characteristics, demographics, biometrics, etc.), a claim of membership to a group (e.g., a claim of citizenship, employee status, loyalty program membership, etc.), a claim of permission to access an asset (e.g., access to a secured space, secured data, secured computing resource, financial accounts, etc.), a claim of authorization to perform a task (e.g., a license to operate a vehicle or piece of equipment, to practice in a field, to transport a controlled substance, etc.), etc. Some example types of credentials 120 include passports, identification badges, payment cards, access cards, driver's licenses, visas, and many others. Such credentials can be implemented in many different formats, including, for example, as badges, wallet cards, key fobs, paper documents, etc. References in the description to "authenticating the credential," and the like, can include authenticating a particular one or more security features of the credential 120 (e.g., verifying that the security features include expected security data, etc.), authenticating the entire credential 120 (e.g., verifying that the credential is authentic, has not been tampered with, etc.), authenticating a credential holder associated with the credential 120, etc.

[0022] Credentials 120 often include multiple security features 125. Each security feature 125 can include security data that facilitates determining whether to authenticate a claim according to the credential 120. For example, the security data can include human- and/or machine-readable textual data (e.g., name, date of birth, employee identification number, account number, etc.), human- and/or machine -readable textual data graphical data (e.g., a photographic image of the credential holder, an image of a credential holder's fingerprint, an official seal, etc.), non-human-readable data (e.g., microscopic data, machine-encoded data, etc.), and/or any other suitable data. Each security feature 125 can include one or more types of security data usable on its own and/or in combination with security data from one or more other security features.

[0023] As used herein, the term "security feature" is intended broadly to include any aspect of a credential 120 that adds security data to the credential 120. For example, a credential 120 typically includes a substrate (e.g., a plastic card, a piece of paper, etc.), and a security feature 125 can include a region of the substrate having printed security data (e.g., printed with ink, etched, embossed, etc.), non-substrate material integrated with the substrate and having security data thereon (e.g., an integrated computational and/or memory circuit having digital security data, a magnetic strip, etc.), and/or any other suitable implementations of a security feature 125. Different types of security features 125 can be included as part of a credential 120 for their associated attributes. For example, different security features 125 can manifest vast differences in level of human readability versus machine readability, level of copy protection, level of spoof protection, optical and/or computational complexity involved in reading and/or authenticating, etc. Some examples of security features include printed human-readable information (e.g., an image, insignia, watermark, numerical identifier, set of demographic or other data, etc.), printed machine -readable information (e.g., a barcode, microscopic image, etc.), integrated storage media (e.g., an integrated circuit with security data stored thereon), integrated electromagnetic devices (e.g., a radiofrequency identification (RFID) device, electromagnetic taggant, etc.), integrated optical devices (e.g., a hologram, film medium, or other optically variable medium (OVM) or optically variable device (OVD), etc.), an integrated macro structure (e.g., an image instantiated by perforating, etching, dimpling, blistering, bending, carving, or otherwise changing the shape of a medium, etc.), etc.

[0024] Some credentials 125 described herein include one or more optical security features 125. As used herein, the term "optical security feature" is intended broadly to include any security feature 125 with security data that can be read optically. Some optical security features 125 include information that can be read generally under illumination by detecting reflected and/or scattered light from a corresponding region of the credential. For example, a printed image or text can be read by imaging the corresponding security feature 125 and decoding the image. Some such optical security features 125 can only be read under particular illumination conditions. For example, security data of certain optical security features may only be detectable under a particular illumination wavelength (or range or combination thereof), illumination polarization, illumination intensity, illumination angle, illumination geometry (e.g. diffuse versus directionalillumination, top versus side versus back illumination, etc.), illumination pattern, etc. Some optical security features 125 include (e.g., are manufactured with, instantiated on, etc.) "optically variable media," or "OVM." OVM generally include materials in which light interacts with the material via various optical phenomena that include optical interference, diffraction, specular reflection, refraction, or dispersion, and thereby change the amount and quality of the reflected or transmitted light as a function of illumination geometry, imaging geometry, and/or illumination wavelength. Examples of such OVM are holograms, diffraction gratings and other materials with repetitive or semi-repetitive microstructures, optically variable inks, optically thin films, iridescent coatings, intaglio printing, and others of the sort. In contrast to OVM, most common objects interact with light through the properties of optical scatter and optical absorbance. Either optical scatter or absorbance may be present in OVMs but the

characteristic optical qualities of an OVM are defined by optical interactions other than scatter and absorbance.

[0025] For the sake of illustration, a government-issued identification card is shown with a number of security features 125. One type of security feature (illustrated by 125b) can include printed text and/or graphics (e.g., colors, logos, etc.) to indicate the holder's information, status, etc. Another type of security feature (illustrated by 125c) can include circuitry, or the like (e.g., a radiofrequency identification (RFID) chip) with encoded digital data. Such a security feature 125 can, for example, provide access to certain secured assets, include stored digital data, etc. Another type of security feature (illustrated by 125d) can include information that is not discernible to a human (e.g., microscopic, embedded within the substrate, etc.), discernible only under certain illumination conditions (e.g., under a particular ultraviolet wavelength, etc.), etc. Another type of security feature (illustrated by 125e) can include a proprietary or otherwise highly copy-resistant material, such as an OVM.

[0026] While the illustrated credential 120 only shows security features 125 on one side of the substrate, other security features 125 can be included in other locations. For example, some credentials 120 implemented on a sheet material (e.g., a plastic card, sheet of paper, etc.) include security features 125 on both of its sides. Certain credentials 120 can include further security features on an edge (e.g., the edge of a plastic card formed by its thickness), such as microscopic data, pigment that shows up only under a particular illumination condition, etc. Credentials 120 implemented is other three-dimensional forms can include security features on any or all of its surfaces (e.g., regardless of the shape or topology of the surface). Some security features 125 are designed, so that authentication of the credential 120 involves correlating data from multiple security features 125 that may be on a single surface or on multiple surfaces (e.g., a security feature on one side of the card can be correlated with a security feature on an opposite side of the card).

[0027] As described more fully below, embodiments of the credential authentication system 110 can receive the credential 110; detect security data from security features 120 of the credential 110, including illuminating the security features 120 to elicit certain optical responses and detecting security data associated with such responses; and authenticate the credential 120 according to the detected security data. Some implementations can concurrently detect security data from security features 125 on multiple surfaces of a credential 120. For example, security features 125 from the front side, back side, and edge of a card credential 120 can concurrently be detected and, in some instances correlated to each other, to authenticate the credential 120.

[0028] FIG. 2 shows a functional block diagram of an illustrative credential authentication system 200, according to various embodiments. The credential authentication system 200 can be implemented in any suitable manner, for example, as the credential authentication system 110 shown in FIG. 1. A credential 120 is shown for context.

[0029] The credential authentication system 200 includes a number of functional units, or subsystems. Each functional unit can be performed by any suitable manner capable of performing its corresponding functions. For example, each can include various hardware and/or software component(s) and/or module(s), including, but not limited to a circuit, an application specific integrated circuit (ASIC), or processor. Some functional units can include logical blocks, modules, and circuits described can be implemented or performed with a general purpose processor, a digital signal processor (DSP); an ASIC, a field programmable gate array signal (FPGA), or other programmable logic device (PLD); discrete gate, or transistor logic, discrete hardware components; or any combination thereof designed to perform the functions described herein. Though functions are described with reference to particular functional units, other implementations can assign functionality to different units, distribute functionality among multiple units, combine multiple units into a single unit, etc. Further some implementations may include additional functional blocks or may not include certain functional blocks shown in FIG. 2.

[0030] As illustrated, the credential authentication system 200 includes a credential receiving system 210, an illumination subsystem 220, a detection subsystem 230, a storage subsystem 255, a user interface subsystem 260, a communications subsystem 270, and a power subsystem 280. In some implementations, a shared processor 250 (or centralized set of processors 250) controls operation of some or all of the functional blocks. In other implementations, multiple processors 250 (e.g., general purpose processors, dedicated microcontrollers, etc.) are use to control operation of certain subsets of the functional blocks. The processor(s) 250 can be implemented as one or more general purpose processors, which can be microprocessors, or any other suitable processor, controller, microcontroller, state machine, etc. The processor(s) 250 can also be implemented as a set of one or more processors, a combination of computing devices (e.g., a combination of a DSP and a microprocessor), a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other suitable configuration.

[0031] Embodiments of the credential receiving system 210 can receive a credential 120 in any suitable manner. For example, as illustrated in FIG. 1, the credential receiving system 210 can include a slot into which the credential 120 can be inserted. Alternatively, the credential receiving system 210 can include a scanning bed, a platen, etc. Further, some implementations include a conveyor or other mechanism for moving the credential 120 into a location appropriate for reading its security features 125. While embodiments described herein focus on reading multiple security features 125 from a credential 120 while the credential 120 is in a substantially fixed location with respect to the illumination subsystem 220 and the detection subsystem 230 of the credential authentication system 200, other implementations can move (or permit or expect movement of) the credential 120 with respect to one or both of those subsystems to provide additional functionality. For example, certain optical, electromagnetic, and/or other types of security data can be designed to be discernible only when its corresponding security feature 125 is moved relative to an illumination source, a detector, etc. (e.g., by outputting a particular changing optical signature, a particular changing electromagnetic field, etc.). Further, some embodiments of the credential receiving system 210 include one or more sensors for detecting presence and/or position of the credential 120. For example, an optical and/or electrical switch can be actuated when a credential 120 is in a proper location and orientation (e.g., fully inserted into a slot), and the credential authentication system 200 can be designed to automatically commence or to only allow manual commencement of an authorization routine when the switch is actuated.

[0032] Embodiments of the credential authentication system 200 provide a controlled optical environment 205 for reading security features 125 from a credential 120. The optical environment 205 can include the illumination subsystem 220, the detection subsystem 230, and shared optical elements 240. Some implementations include a full or partial enclosure, so that the illumination of the security features 125 can be fully or partially controllable by the illumination subsystem 220.

[0033] Embodiments of the illumination subsystem 220 can include any suitable types, numbers, and configurations of illumination elements 225 (e.g., illumination sources, passive optics, active optics, etc.), some or all of which being controllable by an illumination controller 223. The illumination elements 225 can include various types of illumination sources arranged to provide direct illumination and/or indirect illumination (e.g., via reflection, etc.) to the credential 120. Some implementations include passive and/or active optics to affect the illumination, such as lenses, mirrors, linear polarizers (e.g., linear, circular, etc.), filters (e.g., color filters, etc.), diffusers, lenslet arrays, fiberoptics, micro- electromechanical mirror or lens systems, etc. The illumination sources can include high- coherence directional illumination sources (e.g., laser diodes, gas lasers, etc.), wide-band illumination sources (e.g., white light sources), narrow-band illumination sources (e.g., ultraviolet (UV) sources, infrared (IR) sources, visible monochromatic sources, etc.), and/or any suitable combination thereof.

[0034] As described herein, certain security features 125 of a credential 120 can be designed to be detectable (e.g., visible, discernible, decodable, etc.) only under certain types of illumination. For the sake of illustration, implementations of the illumination subsystem 220 can include UV light sources that can illuminate the credential 120 with different wavelengths of light to expose and detect various types of security data. Long-wave ultraviolet (UV-A) light, medium-wave ultraviolet (UV-B) light, and short-wave ultraviolet (UV-C) light (e.g., having wavelengths of approximately 315 - 400, 290 - 315, and 220 - 290 nanometers, respectively) can be used to cause special inks, fibers, and or other credential 120 features to fluoresce (become visible), while other areas of the credential 120 effectively disappear with respect to an image captured by the detection subsystem 230 under that illumination. Such special inks, fibers, etc. that fluoresce under UV-A, UV-B or UV-C can be printed on a credential 120 and/or otherwise integrated with the credential 120. For example, the exposed security data can be in the substrate (base material) of the credential 120, in a laminating material of the credential 120, in an overcoating of the credential 120 (e.g., as a crystogram), etc.

[0035] The exposed security data can reveal information used to authenticate the credential 120, which can include authenticating a holder of the credential 120 and/or authenticating the validity of the credential 120 itself. For example, certain credentials 120 included chemical and/or other types of taggants to produce different papers, threads, and types of inks to imprint information. These taggants show up differently under different illumination conditions (e.g., lights of different wavelengths, including visible colors, ultraviolet, infrared, etc.; and/or different intensities, polarizations, directions, etc.). Such taggants can also be magnetic or have other proper ties that are not apparent, but which are detectable when using the proper excitation source (of the illumination subsystem 220) and sensor or camera (of the detection subsystem 230). Further, alterations made to documents containing such security materials, that may be invisible to the naked eye, appear when excited with certain wavelengths of light or electromagnetic energy. Still further, special paper may be utilized that is not visibly damaged by attempts to alter the passport, but the damage can be detected using certain wavelengths of visible and invisible light. In addition, certain inks, such as those containing carbon black, absorb infrared light. Other inks do not absorb infrared light, but are transparent to it or reflect it. Both types of inks may appear to be the same color under normal light, but when illuminated with near infrared light certain printed material disappears while other printed material is visible. More specifically, printing on a credential 120 can generally be in black ink, but Machine Readable Zone (MRZ) items on the credential can be printed with a special, near-infrared-absorbing ink (e.g., B900 ink that appears black and conforms to certain international standards). Under visible light, the printing can appear as black, but, when illuminated with a near infrared source, matter printed in the MRZ appears and other printing disappears. [0036] Embodiments of the illumination subsystem 220 can also include an illumination controller 223, which can include any suitable controller or controllers implemented as part of and/or separate from the processor(s) 250. For example, some implementations use a light-emitting diode (LED) driver board. The illumination controller 223 can direct operation of one or more sources in any suitable manner, including, for example, by adjusting source illumination characteristics (e.g., to turn sources on or off, to adjust illumination level, to pulse sources in a particular pattern, to adjusting source wavelength, etc.), adjusting optics (e.g., to adjust source wavelength or frequency, polarization, intensity, focal length, etc.), repositioning elements (e.g., to move or reorient sources, lenses, filters, mirrors, etc.), etc.

[0037] As described above, various security features 125 of a credential 120 can be designed to optically respond to illumination by the illumination subsystem 220, and the optical responses can be detected by the detection subsystem 230. The detection subsystem 230 can include any suitable types, numbers, and configurations of detection elements 235, some or all of which being controllable by a detection controller 233. The detection elements 235 can include one or more optical detection elements, such as cameras (e.g., implemented as a CCD array, single-frame capture device, multi-frame capture device, video capture device, three-dimensional capture device, etc.) and active and/or passive optics (e.g., lenses, color filter arrays, polarization filters, etc.). Some implementations of the detection subsystem 230 include additional types of detectors, such as magnetic and/or electrical field detectors, radio frequency signal detectors, etc. The detection controller 233 can include any suitable controller or controllers implemented as part of and/or separate from the processor(s) 250. For example, some implementations use an off-the-shelf camera board, such as a charge-coupled device (CCD) array controller. The detection controller 233 can direct operation of one or more detection elements 235 in any suitable manner, including, for example, by adjusting detector characteristics (e.g., to change the sensitivity to a certain frequency band, to change the shutter speed or capture rate of a camera, etc.), adjusting optics (e.g., to adjust focal characteristics of a camera, etc.), repositioning elements (e.g., to move or reorient lenses, filters, mirrors, etc.), etc.

[0038] Some embodiments of the credential authentication system 200 include shared optical elements 240 in the optical environment 205 that can help direct light from the illumination subsystem 220 to desired areas of the credential 120 and/or can help direct light from the credential 120 to the detection subsystem 230. For example, the credential receiving system 210 can be designed to locate, or facilitate locating of, the credential 120 in a desired position and orientation relative to the shared optical elements 240. The shared optical elements 240 can include any suitable configuration of lenses, mirrors, and other passive and/or active optics. In one implementation, the shared optical elements 240 include a pair of mirrors, which, when a credential 120 is received in the optical environment 205 of the credential authentication system 200, permit a single camera of the detection subsystem 230 to read security data from multiple surfaces of the credential 120 (e.g., at least the front and back surfaces of a card) concurrently. Some implementations of the shared optical elements 240 include passive elements (e.g., stationary mirrors, lenses, passive filters, etc.), while other implementations include active elements (e.g., moving and/or otherwise active mirror arrays, filter arrays, etc.). It is noted that the shared optical elements 240 can permit multiple surfaces of a credential 120 to be illuminated and/or read (i.e., by one or more illumination elements 225 and/or by one or more detection elements 235) without repositioning the credential 120 with respect to the optical environment 205. Still, some implementations can use multiple detection elements 235 to read respective portions (e.g., surfaces) of the credential, line scanners or other detection elements 235 that read portions of the credential 120 as it moves with respect to those detection elements 235, and/or other techniques that may or may not exploit the shared optical elements 240.

[0039] Embodiments of the credential authentication system 200 typically include the power subsystem 280. The power subsystem 280 can include any suitable power components for receiving power from one or more power sources (e.g., via a wall plug, universal serial port (USB) cable, battery pack, etc.) and for providing appropriate power to some or all of the subsystems of the credential authentication system 200. For example, implementations of the power subsystem 280 can include power transformers, conditioners, protection circuits, etc.

[0040] Some embodiments of the credential authentication system 200 include the user interface subsystem 260. The user interface subsystem 260 can include any suitable elements for interfacing with a user of the credential authentication system 200, such as indicator lights, buttons, switches, displays, keypads, etc. For example, the credential authentication system 110 shown in FIG. 1 includes a display and indicators. The user interface subsystem 260 can also include additional interfaces, such as a biometric interface (e.g., an optical or other type of biometric scanner), additional credential interfaces (e.g., a magstripe reader, near-field communication (NFC) reader, radiofrequency identification (RFID) reader, barcode scanner, etc.), etc.

[0041] Some embodiments of the credential authentication system 200 further include the communications subsystem 270. The communications subsystem 270 can include any suitable elements to facilitate wired and/or wireless communication with one or more networks 275 and/or computational systems. For example, the communications subsystem 270 can include one or more antennas to facilitate short-range wireless communications (e.g., NFC, RFID, Bluetooth, Wi-Fi, and/or other antennas and related hardware), long-range wireless communications (e.g., cellular, satellite, and/or other antennas and related hardware), and/or wired communications (e.g., Ethernet, fiber-optic, and/or other ports and related hardware), etc. Some implementations of the credential authentication system 200 are in communication with a local security network (e.g., an asset access network, etc.) via the communications subsystem 270.

[0042] Some embodiments of the credential authentication system 200 include a storage subsystem 255. The storage subsystem 255 can be implemented as one or more local storage devices, one or more remote storage devices (e.g., cloud storage, networked storage, etc. in communication with the credential authentication system 200 via the communications subsystem 270), and/or any suitable combination thereof. For example, the storage subsystem 255 can include random access memory (RAM), read only memory (ROM), flash memory, electrically programmable ROM (EPROM) memory, electrically erasable programmable ROM (EEPROM) memory, registers, hard disks, solid-state drives, removable disks, CD-ROMs, USB thumb drives, etc. Some implementations communicatively couple one or more storage media with the processor(s) 250, such that the processor(s) 250 can read information from, and write information to, the storage medium (e.g., or the storage medium can be integral to one or more processor(s) 250).

[0043] The storage subsystem 255 can be used to store any suitable types of data for use in operating the credential authentication system 200 and/or authenticating credentials 120. For example, some implementations of the storage subsystem 255 can store security data read from credentials 120, security data to be correlated with corresponding data read from credentials 120, etc. Further, the storage subsystem 255 can store instructions for directing operation of the illumination subsystem 220, the detection subsystem 230, the user interface subsystem 260, the communications subsystem 270, etc. Such instructions can be in the form of a software module or any other suitable form to perform various types of functionality described herein. For example, a computer-readable medium can have the instructions tangibly stored (and/or encoded) thereon, and the instructions can be executable by one or more processors 250 to perform functionality of various subsystems. Additionally and/or alternatively, some functionality can be implemented using instructions transmitted from a website, server, or other remote source via the communications subsystem 270 (e.g., via a transmission medium such as a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology such as infrared, radio, or microwave).

[0044] Various functionality described above can be implemented in one or more computational environments. FIG. 3 shows an exemplary computational environment 300 for implementing a credential authentication system, according to various embodiments. The computational environment 300 may be implemented as or embodied in single or distributed computer systems, or in any other useful way. The computational environment 300 is shown including hardware elements that may be electrically coupled via a bus 355.

[0045] The hardware elements may include one or more central processing units (CPUs) and/or other processor(s) 250 (e.g., as described with reference to FIG. 2). Implementations can also include one or more input/output devices 310 (e.g., a mouse, keyboard, display device, printer, etc.). Some or all of the I/O devices 310 can be implemented as part of the user interface subsystem 260 of FIG. 2. Some implementations also include a credential receiving system 210 and/or a power subsystem 280, including any suitable hardware and/or software components, for example, as described with reference to FIG. 2.

[0046] Some implementations can permit data to be exchanged, via a communications subsystem 270 (e.g., as described with reference to FIG. 2), with a network and/or any other computer described above with respect to the computational environment 300. The communications subsystem 270 can include a modem, a network card (wireless or wired), an infra-red communication device, and/or any other suitable components or combinations thereof.

[0047] The computational environment 300 may also include one or more storage devices 320. By way of example, storage device(s) 320 may be disk drives, optical storage devices, solid-state storage device such as a random access memory (RAM) and/or a read-only memory (ROM), which can be programmable, flash-updateable and/or the like. The computational environment 300 may additionally include a computer-readable storage media reader 325a, and working memory 340, which may include RAM and ROM devices as described above. The computer-readable storage media reader 325a can further be connected to a computer-readable storage medium 325b, together (and, optionally, in combination with storage device(s) 320) comprehensively representing remote, local, fixed, and/or removable storage devices plus storage media for temporarily and/or more permanently containing computer-readable information. The storage device(s) 320, computer-readable storage media and media reader 325, and/or working memory 340 can be implemented as the storage subsystem 255 of FIG. 2. In some embodiments, the computational environment 300 may also include a processing acceleration unit 335, which can include a DSP, a special-purpose processor and/or the like.

[0048] The computational environment 300 may also include software elements, shown as being currently located within a working memory 340, including an operating system 345 and/or other code 350, such as an application program (which may be a client application, web browser, mid-tier application, etc.). For example, embodiments can be implemented as instructions, which, when executed by one or more processors 250, cause the processors 305 to perform certain functions. Such functions can include functionality of an illumination controller 223 (which can direct operation of illumination elements 225 as part of an illumination subsystem 220) and a detection controller 233 (which can direct operation of detection elements 235 as part of a detection subsystem 230), as described above with reference to FIG. 2. A software module can be a single instruction, or many instructions, and can be distributed over several different code segments, among different programs, and across multiple storage media. Thus, a computer program product may perform operations presented herein. For example, such a computer program product may be a computer readable tangible medium having instructions tangibly stored (and/or encoded) thereon, the instructions being executable by one or more processors to perform the operations described herein. The computer program product may include packaging material. Software or instructions may also be transmitted over a transmission medium. For example, software may be transmitted from a website, server, or other remote source using a transmission medium such as a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology such as infrared, radio, or microwave. [0049] Alternate embodiments of a computational environment 300 may have numerous variations from that described above. For example, customized hardware might also be used and/or particular elements might be implemented in hardware, software (including portable software, such as applets), or both. Further, connection to other computing devices such as network input/output devices may be employed. Software of the computational environment 300 may include code 350 for implementing embodiments of the present invention as described herein. For example, while not shown as part of the working memory 340, certain functionality of other subsystems (e.g., the user interface subsystem 260, credential receiving system 210, storage subsystem 255, power subsystem 280, etc.) can be implemented with any suitable combination of hardware and software, including using code 350 stored in the working memory 340.

[0050] For the sake of added clarity, FIGS. 4 and 5 show illustrative implementations of credential authentication systems. FIG. 4 shows a simplified side view of an illustrative credential authentication system 400, according to various embodiments. A credential 120 is shown inserted into (e.g., received by) the credential authentication system 400. As illustrated, the credential authentication system 400 provides an optical environment 405 that includes multiple mirrors 410, multiple illumination sources 420, and a detection device 430. As described above, the illumination sources 420 can be part of an illumination subsystem 220, the detection device 430 can be part of a detection subsystem 230, and the mirrors 410 can be part of shared optical elements 240, which can all include additional optics, controllers, etc. (not shown).

[0051] In the illustrated implementation, when the credential 120 is inserted with its front surface facing up, illumination source 420a can directly illuminate the front and edge surfaces of the credential 120, and illumination source 420b can directly illuminate the rear and edge surfaces of the credential 120. Practically, each illumination source 420 may generally illuminate the optical environment 405, thereby indirectly illuminating additional surfaces of the credential 120. Further, while the illumination sources 420 can be oriented to directly illuminate one or more surfaces of the credential 120, the mirrors 410 may cause those same illumination sources 420 to further provide indirect illumination to those same surfaces.

[0052] As described above, optical security features of the credential 120 can optically respond to illumination by the illumination sources 420. Some such optical responses can cause some or all of a particular security feature to become visible to the detection device 430. For example, the visibility can generally result from illuminating the security feature, or the visibility can specifically result from the illumination having certain characteristics and a valid security feature being designed to respond to those characteristics. The detection device 430 can effectively receive security data (or information from which security data can be derived) from the security features via their respective optical responses (which can include a lack of optical response under one or multiple illumination conditions). As illustrated, the mirrors 410 can be arranged, and the detection device 430 can be positioned, so that the detection device 430 can "see" the front, rear, and edge surfaces of the credential 120 from a single position. For example, the detection device 430 can form a direct image of the edge surface and indirect images of the front and rear surfaces concurrently (e.g., in a single image frame, for example, as shown in FIG. 6).

[0053] FIG. 5 shows a perspective view of an illustrative credential authentication system 500, according to various embodiments. For example, credential authentication system 500 can be an implementation of the credential authentication systems shown in FIGS. 1 - 4. As in FIG. 4, the credential authentication system 500 provides an optical environment 405 that includes multiple mirrors 410, multiple illumination sources 420, and a detection device 430. The illustrative implementation also shows an illustrative housing 510, detection controller board 520, and illumination controller board 530. As described above, the illumination sources 420 and illumination controller board 530 can be part of an illumination subsystem 220, the detection device 430 and detection controller board 520 can be part of a detection subsystem 230, and the mirrors 410 can be part of shared optical elements 240, which can all include additional optics, controllers, etc. (not shown). An illustrative credential 120 is shown inserted partially into the credential authentication system 500 via a slot 130 in the housing 510.

[0054] One implementation of the illustrated credential authentication system 500 is designed to authenticate a card- format credential 120. The illumination sources 420 include a first white spot-light illumination source 420a having a white-light LED positioned behind a lens and directed to illuminate the front surface of the card; a second white spot-light illumination source 420b having a white-light LED positioned behind a lens and directed to illuminate the back surface of the card; a white area-light illumination source 420c having two white-light LEDs positioned behind an optical diffuser and positioned to diffusely illuminate front, back, and edge surfaces of the card; and a UV illumination source 420d having two 365nm LEDs and positioned to illuminate the edge surface of the card. The implementation can control the various illumination sources 420 using an off-the-shelf LED driver as the illumination controller board 530.

[0055] Another implementation of the illustrated credential authentication system 500 is designed to authenticate a card- format credential 120 in a different manner. Each of the four illumination sources 420 can correspond to a respective one of four illumination states. In each illumination state, the front, back, and edge surfaces of the credential 120 are all illuminated. Two of the illumination states (e.g., corresponding, respectively, to illumination sources 420a and 420b) can illuminate the credential from different angles (e.g., using wideband or narrow-band sources). A third illumination state (e.g., corresponding to illumination source 420c) can provide diffuse illumination (e.g., using wide-band sources). A fourth illumination state (e.g., corresponding to illumination source 420d) can provide UV illumination. An image stack can be formed under the multiple illumination states, and each security feature can be analyzed by examining the subset of images in the image stack that is relevant to that feature.

[0056] FIG. 6 shows an illustrative image 600 of a credential obtained by a detection subsystem of a credential authentication system, according to various embodiments. The illustrative image 600 includes optical information from front, rear, and edge surfaces of a credential. As described above (e.g., in context of FIG. 5), the image 600 can be obtained in a single frame using particular arrangements of optical elements. The image 600 can alternatively be a series of images (e.g., each obtained under a different illumination condition), an image stack, a single image synthesized from multiple images, etc. In some embodiments, such an image 600 (or collection of image data) can be used to derive security data from multiple (non-coplanar) surfaces concurrently.

[0057] For example, each image 600 (or some images) of an image stack can be formed from detection of a credential 120 having a number of security features on multiple, non- coplanar surfaces, including first human-readable security data 625a (e.g., one instance of a facial image of the credential holder) etched into a security medium on the rear surface of the credential 120, second human-readable security data 625b (e.g., another instance of the facial image of the credential holder) printed with visible ink on the front surface of the credential 120, and a UV signature (e.g., a stripe of UV ink) printed on the edge surface of the credential 120. As described above, some implementations can use some or all of the collected sets of security data, can generate correlation data using some or all of the collected sets of security data, and or use some combination thereof to authenticate the credential 120 (e.g., and/or the credential holder). For example, the first and second human-readable security data 625 can include instances of the same image (e.g., instantiated with different color palettes, at different resolutions, at different aspect ratios, different printing processes and/or materials, etc.) that can be compared against each other as part of authenticating the credential 120.

[0058] It is noted that some embodiments are described above in context of a valid credential 120. For example, a counterfeit version of the credential 120 illustrated in FIG. 6 may be generated using a high-resolution laser or ink jet printer. However, if certain security data is instantiated in a copy-resistant manner (e.g., the first human-readable security data 625a is described above as being etched into a secondary security medium integrated into the card substrate), the counterfeit version may look substantially different from that of the authentic credential (e.g., the counterfeit version of the first human-readable security data 625a may not manifest certain characteristic optical responses expected from the authentic version). For example, forming an image of a counterfeit version of the credential 120 under certain illumination conditions may reveal a substantially accurate representation of the second human-readable security data 625b (i.e., the real and counterfeit versions of the visibly printed instance may be difficult to differentiate), but a substantially inaccurate representation of the first human-readable security data 625a. Accordingly, such a counterfeit can be detected by illuminating the various security features under particular illumination conditions and looking for characteristic optical responses and/or other optical information. As another example, a counterfeit version of the same credential 120 can be created by replacing the second human-readable security data 625b with a new visibly printed facial image of an unauthorized credential holder (e.g., by using bleaching or some other technique) and/or by lifting the first human-readable security data 625 a from a valid credential and affixing it to the counterfeit credential, etc. In such an example, each security feature may appear valid on its own (e.g., each will reveal discernable data of a proper type, appropriate optical responses, etc.), but the counterfeit credential will not show a good correlation between the first and second human-readable security data 625 (e.g., the facial images will not manifest a strong correlation).

[0059] For the sake of illustration, FIG. 7 shows an image correlation example, assuming a stolen credential that has had its printed credential holder photo replaced or changed, while leaving in place a valid security medium with an instance of a credential holder photo etched thereon. FIG. 7 shows an image derived from a visibly printed facial image of an authorized credential holder (e.g., now removed or otherwise replaced from the authentic credential), labeled "Real Photo" 710; an image derived from an etched facial image of the authorized credential holder (e.g., still remaining from the authentic credential), labeled "Etched Photo" 720; and an image derived from a visibly printed facial image of an unauthorized credential holder (e.g., used as forged data to replace the valid security data from the authentic credential), labeled "Fake Photo" 730. A first side of the rank correlation plot 740 shows very strong correlation data 715 between the real photo 710 and the etched photo 720 (i.e., 0.91 correlation), while a second side of the rank correlation plot 740 shows a relatively weak correlation data 725 between the fake photo 730 and the etched photo 720 (i.e., 0.66 correlation). Notably, the fake photo 730 may appear valid when examined on its own, but its lack of correlation with other security data on the credential can reveal its inauthenticity.

[0060] While the above example correlates two images from a credential 120, such a correlation is intended only to provide one example of the types of multi-feature comparisons that can be performed by certain embodiments. Various embodiments can look for predefined mathematical correspondences between multiple types of security data expected to be present in valid credentials 120. Such mathematical correspondences can compute and/or otherwise analyze consistency of security data across multiple security features of a credential 120 (e.g., on the same surface, different surfaces, etc.). Some implementations can read security data of a common data type from two or more security features of the credential 120 and directly compare the read security data to determine an extent of similarity or difference (e.g., whether there is a complete match, greater than a threshold match, etc.). For example, a first instance of an identification number etched into a first security feature can be compared to a second instance of the same identification number printed as a second security feature in a different location on the credential 120. The two instances of the identification number can be read and compared to determine whether there is a match. Some such comparisons involve computing a mathematical correlation, for example, as described with references to the facial images of FIG. 7.

[0061] Other implementations can read security data of different data types from two or more security features of the credential 120, transform one or more of the security data to a common data type of another of the security data, and compare the common-type security data to determine an extent of similarity or difference. For example, a first instance of an identification number etched into a first security feature using one font can be compared to a second instance of the same identification number printed as a second security feature in a different font and a different location on the credential 120. The instances of the

identification number can be read, one or both instances can be transformed into a common font or other common data type (e.g., into binary form, etc.), and the transformed instances can be compared to determine whether there is a match. The transformation can involve any suitable algorithm, such as a facial recognition algorithm, a handwriting recognition algorithm, an image processing algorithm, application of a hash function, parsing of a bit string or alphanumeric string, extraction of embedded data, etc.

[0062] Many types of security data can be compared in many different ways after being read from one or more optical security features (e.g., of one or more modalities) of the credential 120. For example, the compared data can include machine-readable and/or human- readable data, such as alphanumeric data, binary data, pattern data, biometric data (e.g., facial images, fingerprint images, etc.), combinations thereof, etc. The comparisons can involve any suitable computations or other analyses. For example, the comparison can involve computing a mathematical correlation between multiple security data sets (e.g., to compute a spatial correspondence in two or more dimensions), performing a bit-wise comparison between multiple security data sets, applying multiple security data sets to a particular function (e.g., a hash function, etc.), etc.

[0063] As one illustration, two facial images can be compared (e.g., similar to FIG. 7) where each image can be acquired and/or instantiated using a different pose, different cropping, different coloration, different resolution, etc. For example, such a comparison can involve reading the images, transforming one or both images into respective sets of comparison features using facial recognition algorithms, and computing a mathematical correspondence between the comparison features. As another illustration, a passphrase can be encoded into three alphanumeric strings using a proprietary encoding function. The first encoded string can be re-encoded into a barcode on a back side of a credential 120, the second encoded string can be printed with UV ink in microscopic characters on the edge of the credential 120, and the third encoded string can be instantiated in a hologram on the front side of the credential 120. The three encoded strings can be read under respective, appropriate optical conditions, each can be decoded into a respective purported passphrase as a function of a decoding function, and the respective purported passphrases can be compared to see if they match.

[0064] Other types of comparisons can be included in various implementations. In some implementations, security data derived (e.g., read) from one or more optical security features can be compared against security data derived from one or more non-optical security features. For example, security data from an optical security feature (e.g., printed, etched, etc.) can be compared against security data read from a magnetic stripe, an electromagnetic

communication (e.g., an RFID, near-field communication (NFC), Bluetooth, or other chip), an electrical and/or magnetic taggant, etc. On other implementations, security data derived from one or more security features on the credential can be compared against security data obtained from a source not on the credential substantially during the same authentication session. For example, a fingerprint image printed or otherwise stored on the credential can be compared against a fingerprint obtained from the credential holder by a biometric scanner substantially concurrently with reading the credential (e.g., at the same time, while the credential holder is present in an authentication location, etc.). The examples above illustrate that the different types of comparisons can involve wholly disparate types of security data and/or security features.

[0065] FIG. 8 shows a flow diagram of a method 800 for authenticating a credential, according to various embodiments. Some embodiments of the method 800 begin at stage 804 by receiving a credential in an optical environment. For example, as shown in FIGS. 4 and 5 above, the optical environment can include illumination elements, detector elements, shared optical elements, etc. Receiving the credential into the environment can involve receiving all or only part of the credential (e.g., only a portion of the credential is inserted), receiving the credeintal manually (e.g., a user pushes the credential into a slot) or mechanically (e.g., a conveyor system pulls the credential into the optical environment) etc. [0066] Embodiments continue at stage 808 by illuminating a first security feature and a second security feature of a credential while the credential is stationary with respect to an optical authentication environment. The first security feature is located on a first surface of a substrate of the credential, and the second security feature is located on a second surface of the substrate that is non-coplanar with the first surface. For example, each security feature is on an opposite side (e.g., front and back) of a sheet material credential substrate. In some embodiments, the first security feature and the second security feature are illuminated concurrently. For example, mirrors and/or other optical elements can be used to direct light from one or more illumination sources onto multiple surfaces of the credential, and the directed light can form one or multiple illumination conditions for one or more portions of the credential. In some implementations, the illumination includes multiple illumination conditions. For example, each security feature can be illuminated under one or more illumination conditions concurrently or sequentially.

[0067] At stage 812, embodiments detect, optically under the illumination of stage 808, first security data from the first security feature and second security data from the second security feature. In some embodiments, the first security data and the second security data are detected concurrently. For example, the detecting can include forming an image (e.g., or a stack of images, etc.) of both the first security feature and the second security feature by receiving light at a detector concurrently from both the first surface and the second surface (e.g., through a set of mirrors and/or other optical elements in the optical environment). Some implementations detect different security data under different illumination conditions. For example, the security features can be illuminated under multiple illumination conditions, and the first and/or second security data can be optically discemable (e.g., visible, detectable, decodable, etc.) under fewer than all (e.g., only one) of the illumination conditions when authentic.

[0068] In some implementations, the illumination and/or detection is "while the credential is stationary with respect to the optical authentication environment," such that the credential is inserted (or otherwise transported) to a particular position within the optical environment; and the illumination and/or detection commences only after the credential has reached, and is stationary with respect to, that particular position (e.g., slid half-way into a slot, thereby being positioned between two mirrors, as illustrated in FIG. 4). In other implementations, the illumination and/or detection can commence prior to, and/or continue subsequent to, the credential being "stationary with respect to the optical authentication environment." For example, one or more linear scanners can be used to scan one or more surfaces of the credential as it is being inserted into and/or removed from the optical environment.

[0069] At stage 816, a determination can be made as to whether to authenticate the first security data and the second security data. As described above, each security data can be authenticated independently and/or the security data from different security features can be compared (e.g., by finding any suitable type of mathematical correspondence, such as a correlation, bit-wise comparison, correspondence after transformation, etc.) to authenticate the security data together. If it is determined to authenticate the first security data and the second security data, the credential can be authenticated at stage 820. For example, the credential can be considered authenticated when, and only when, both of the first security data and the second security data are determined to be authentic (independently or in conjunction with each other). Alternatively, the credential can be further authenticated (e.g., according to additional security features, etc.) only after the first security data and the second security data are determined to be authentic. For example, subsequent to determining that the first and second security data are authentic, additional security features can be evaluated on the credential and/or additional types of authentication (e.g., fingerprint scanning, etc.) can be performed, before the credential is considered authenticated. If it is determined not to authenticate the first security data and/or the second security data, authentication can be denied for the credential at stage 824.

[0070] While the method 800 is described with reference to first and second security data (on first and second security features), other embodiments can illuminate, detect, and/or otherwise authenticate on the basis of more than two security data. For example, some embodioments concurrently illuminate and/or detect security data from security features on a front side, a rear side, and an edge of a credential, and authenticate the credential according to all those data. The combination of security features can be illuminated with any suitable combination of illumination conditions, each differing from the other in at least one of a set of illumination characteristics, including wavelength, polarity, geometry, timing, intensity, and/or any combination thereof. Further each set of detected security data can include human-readable data and/or machine-readable data. In some implementations, at least one of the security features is instantiated using an optically variable medium (OVM). [0071] The methods disclosed herein include one or more actions for achieving the described method. The method and/or actions may be interchanged with one another without departing from the scope of the claims. In other words, unless a specific order of actions is specified, the order and/or use of specific actions may be modified without departing from the scope of the claims.

[0072] Other examples and implementations are within the scope and spirit of the disclosure and appended claims. For example, features implementing functions may also be physically located at various positions, including being distributed such that portions of functions are implemented at different physical locations. Also, as used herein, including in the claims, "or" as used in a list of items prefaced by "at least one of indicates a disjunctive list such that, for example, a list of "at least one of A, B, or C" means A or B or C or AB or AC or BC or ABC (i.e., A and B and C). Further, the term "exemplary" does not mean that the described example is preferred or better than other examples.

[0073] Various changes, substitutions, and alterations to the techniques described herein can be made without departing from the technology of the teachings as defined by the appended claims. Moreover, the scope of the disclosure and claims is not limited to the particular aspects of the process, machine, manufacture, composition of matter, means, methods, and actions described above. Processes, machines, manufacture, compositions of matter, means, methods, or actions, presently existing or later to be developed, that perform substantially the same function or achieve substantially the same result as the corresponding aspects described herein may be utilized. Accordingly, the appended claims include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or actions.