PHOTOGRAPHIC IMAGE DATA

Cross-Reference to Related Applications

[0001] This application claims the benefit of U.S. Patent Application Serial No. 15/728,869, entitled "METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA," filed October 10, 2017, which is hereby incorporated herein by reference in its entirety. This application is related to U.S. Patent Application Serial No. 15/065,781 , filed on March 9, 2016, entitled "SYSTEMS AND METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA," which is pending; U.S. Patent No. 9,300,678, filed on August 3, 2015, entitled "SYSTEMS AND METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA" which issued on March 29, 2016; U.S. Patent No. 9,621 ,565, filed on November 16, 2015, entitled "SYSTEMS AND METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA," which issued on April 1 1 , 2017; PCT Application No. PCT/US 16/45089, filed on August 2, 2016, entitled "SYSTEMS AND METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA;" which are all hereby incorporated by reference in their entireties.

Technical Field

[0002] The present disclosure relates to systems and methods for authenticating photographic image data, including a software application for controlling photography on a client device and metadata associated therewith and an authentication server for receiving data therefrom.

Background of the Invention

[0003] Digital photography has grown steadily since its introduction. Social networks and mobile computing devices have further accelerated the growth of photographic data made available to the public. The ability to take and share photographs anytime and anywhere has resulted in the general public consuming more photographic data than ever and relying on these photographs for up to the minute information. However, it is a well-known fact that digital photographs are easily edited and the information contained within a digital photograph may not be entirely trustworthy. [0004] U.S. Patent 9,300,678, entitled "Systems and methods for authenticating photographic image data," which issued March 29, 2016, the contents of which is incorporated by reference herein its entirety, discloses, in part, a software application that resides on a client device (e.g., a smart phone or other client device) for controlling various aspects of photography on the client device where authentication of photos is desired, an authentication server for receiving a photo and associated data therefrom and creating an authenticated photo and a website for storing the authenticated photos and which enables users who subsequently receive a copy of the photo to determine if it is an authentic photo. Collectively, the image authentication application and authentication server are configured to be operable to control the taking of photos to be authenticated and the association of metadata with those photos. The image authentication application may require users, desiring to generate an authenticated photo, to invoke the image authentication application to take a picture. The image authentication application and authentication server include functionality to reduce the likelihood of alteration of metadata associated with a picture taken under control of the application.

[0005] Once a picture is taken under control of the image authentication application, it is sent from the image authentication application to the authentication server. The image authentication application may prevent a photo that has been taken from being edited or sent from the image authentication application to any location other than the authentication server. This helps prevent alteration of the photo.

[0006] To take a picture the user may be required to open the image authentication application (if it is not already open on the device). After taking a picture using the image authentication application and selecting to use the photo, the image will be transmitted to the authentication server along with various metadata, such as geographic information, e.g., the user's current latitude/longitude, time data if desired and/or other metadata.

[0007] According to one aspect, the time at which the image is received by the server is recorded. This helps prevent alteration of the time metadata associated with the photo. In various prior approaches to photo authentication, the time data is generated solely by the client device. A problem with these prior approaches is that users can alter the system time of the client device.

[0008] In certain embodiments, the application may include a feature to ensure that the time delay between opening the application and/or taking a photo in the image authentication application and sending the image to the authentication server is within an approved time frame. Similarly, the image authentication application may include a feature to ensure that the location at which a photograph was taken is within an approved distance limitation from the location from which the user transmits the photograph to the authentication server.

[0009] According to another aspect, the authentication server performs various steps to facilitate authentication of photos received from the application. When a photo is received, the authentication server may assign it a unique resource locator (e.g., a unique web address). The authenticated image (or a version of the authenticated image), and associated metadata, is stored on the authentication server. The unique resource locator (e.g., a web address or a web address proxy such as a bitly code or a tinyURL) may be provided along with the authenticated image for third party verification of the image. The website (and/or other distribution infrastructure) will allow third parties to check and reference the authenticated image to verify that it is authentic. The authentication server may host and/or be in communication with the website. Any third party can visit the authentication server website to look up the authenticated image they have been provided and to make sure that the picture they are viewing is also on the website. This insures that the image provided to the third party viewer has, in fact, been authenticated by the authentication server.

[0010] This approach has many advantages. However, it may present certain challenges when the user does not have a strong data connection at the time a picture is captured. It may also be less than desirable if the user must transmit a large file (e.g., a video file) over cellular network, particularly when the data rate is relatively expensive. Other network issues may also present challenges.

Summary of the Invention

[001 1] The invention addresses these and other potential challenges with prior approaches.

[0012] According to one aspect, the invention provides a solution to at least some of these issues by transferring a short, fixed length hash file at the time of capture, instead of immediately sending the image file. If desired, the application may transfer the full image or video file when a desirable (e.g., strong WiFi or acceptable cellular) connection is available. The file hash can be a relatively small file (e.g., less than lkB or other desired size) relative to photos and/or video which can exceed 10MB or more. This approach offers a significant decrease in the amount of data that is required to be transmitted in low or undesirable signal conditions. [0013] According to one aspect, the software application may be configured to operate as follows. The software is invoked to capture an image (e.g., still image, video image, etc.) on a device and create an image file (e.g., photograph file, video file, etc.) and capture desired metadata (e.g., user ID, latitude, longitude). The application then creates a hash of the image file. The application then transmits the metadata and the hash of the contents of the image file to the authentication server, without sending the image file.

[0014] Upon receipt, the authentication server creates a temporary record containing the hash value provided, the user ID, lat/long AND the timestamp that this request reaches the server.

[0015] When the user device has access to a desirable network connection (e.g., reaches a WIFI or strong cellular connection) the full image/video file may be transferred to the authentication server. The authentication server then hashes this data file using the same algorithm that was used on the device to create the hash. The authentication server then compares this hash to the hash stored in the temporary records and if it matches associates the image/video file with the corresponding record.

[0 16] Alternatively, the application may send to the authentication server only the file hash and not the actual image file. The authentication server can store the hash and later use this, if necessary, to authenticate an image file. This can be useful in high security or high situations where it is not desirable to have a copy of the image or video content available on a networked authentication server, but for which authentication may be desired. In these cases, the hashes stored on the authentication server can be user to later validate content.

[0017] The application may determine whether to transmit a hash file or an image file based on a characteristic of an available network connection. The characteristic may include a type and/or quality of a network connection available at the time of capturing the image. For example, the user may wish for image files to be sent only via certain types of network connections (e.g., WiFi connections) but not others (e.g. cellular network connections). In this instance, the application may send the hash file if the user device is connected via a cellular network connection, but send the image file if the user device is connected via a WiFi connection. Alternatively or additionally, the application may assess a quality of the network connection and, if the quality does not exceed a threshold quality level, the application may determine that a hash file should be sent instead of the image file. Later, if a WiFi connection becomes available and/or if the network connection quality improves, the application may send the image file.

[0018] These and other objects, features, and characteristics of the system and/or method disclosed herein, as well as the methods of operation and functions of the related elements of structure and the combination of parts and economies of manufacture, will become more apparent upon consideration of the following description and the appended claims with reference to the accompanying drawings, all of which form a part of this specification, wherein like reference numerals designate corresponding parts in the various figures. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended as a definition of the limits of the invention. As used in the specification and in the claims, the singular form of "a", "an", and "the" include plural referents unless the context clearly dictates otherwise.

Brief Description of the Drawings

[0019] The drawings are provided for purposes of illustration only and merely depict typical or example implementations. These drawings are provided to facilitate the reader's understanding and shall not be considered limiting of the breadth, scope, or applicability of the disclosure. For clarity and ease of illustration, these drawings are not necessarily drawn to scale.

[0020] FIG. 1 illustrates a system for capturing an image at a device to be authenticated in conjunction with an authentication server accessible to the device via a network communication, according to an implementation of the invention.

[0021] FIG. 2 illustrates a process for capturing an image at a device to be authenticated in conjunction with an authentication server accessible to the device via a network communication, according to an implementation of the invention.

[0022] FIG. 3 illustrates a device for authenticating image files, captured at the device, in conjunction with an authentication server, in accordance with an embodiment of the present disclosure.

[0023] FIG. 4 illustrates a process of a device for authenticating image files, captured at the device, in conjunction with an authentication server, in accordance with an embodiment of the present disclosure. [0024] FIG. 5 illustrates an authentication server for authenticating images captured at and provided by a device, according to an implementation of the invention.

[0025] FIG. 6 illustrates a process of an authentication server for authenticating image files captured at a device in conjunction with an authentication server, according to an implementation of the invention.

Detailed Description

[0026] According to one aspect, the invention provides a solution to at least some of these issues by transferring a short, fixed length hash file at the time of capture, instead of immediately sending the image file. If desired, the application may transfer the full image or video file when a desirable (e.g., strong wifi or acceptable cellular) connection is available. The file hash can be a relatively small file (e.g., less than lkB or other desired size) relative to photos and/or video which can exceed 10MB or more. This approach offers a significant decrease in the amount of data that is required to be transmitted in low or undesirable signal conditions.

[0027] FIG. 1 illustrates a system 100 for capturing an image at a device to be authenticated in conjunction with an authentication server accessible to the device via a network communication, according to an implementation of the invention. System 100 may include a user device 110, an authentication server 120, third party requesters 130, a database 140, and/or other components. The components of system 110 may be in communication with one another via a network 102.

[0028] Referring to FIG. 2, which illustrates a process for capturing an image at a device to be authenticated in conjunction with an authentication server accessible to the device via a network communication, in an operation 202, user device 110 may capture an image, generate an image file based on the captured image, generate a hash file based on a hash of the image file, and obtain metadata related to the image file.

[0029] In an operation 204, the user device 110 may transmit the hash file and information identifying the image file to the authentication server 120 without transmitting the image file at a first time. In some instances, the user device 110 may transmit the metadata to the authentication server 120 with the hash file and the information identifying the image file.

[0030] In an operation 206, the authentication server 120 may receive the hash file and the information identifying the image file and store them in association with one another, such as in a database 140. In this manner, the authentication server 120 may later retrieve a corresponding hash file based on the information identifying the image file.

[0031 ] In an operation 208, the client user device 110 may transmit the image file (along with information identifying the image file) to the authentication server 120 after the hash file and the information identifying the image file was transmitted.

[0032] In an operation 210, the authentication server 120 may receive the image file from the user device 110, and generate its own hash file based on a hash of the image file. The authentication server 120 may use the same hash function used by the user device 110 to generate its hash files.

[0033] In an operation 212, the authentication server 120 may compare the server-generated hash file with the user device-generated hash file (the hash file received from the user device 110). If the server-generated hash file matches the user device-generated hash file, the authentication server 120 may determine that the image file has not been tampered with. This is because any such tampering will result in non-matching hash files. As would be appreciated, whether or not two hash files match may be determined based on conventional file comparison techniques, such as executing a compare or diff function on the two files. Alternatively, upon receipt of the image file the authentication server 120 may store the image file in association with the information identifying the image file and the hash file received from the user device 110 for later authentication (e.g., in response to a request for authentication).

[0034] In an operation 214, in response to determining that the server-generated hash file matches the user device-generated hash file, the authentication server 120 may authenticate the image file by applying a watermark to it, storing an indication in database 140 that the image file has been authenticated, and/or take other actions to indicate that the image file is authentic.

[0035] Operations 207 and 209 may be executed instead of or in addition to operation 208. In an operation 207, the user device 110 may provide the image file and the information identifying the image file to a third party requester 130. In an operation 209, the third party requester 130 may provide the image file and information identifying the image file to authentication server 120 for authentication. For example, the third party requester 130 may wish to authenticate an image file provided from the user device 110. The authentication server 120 may receive a request to authenticate an image file from a third party requester 130 (e.g., not from the user device 110), where the request includes an image file to be authenticated and the information identifying the image file. In these implementations, the image file from the third party requester 130 is purportedly the same as the image file from which the user device- generated hash file is based. In other words, if a server-generated hash file of the image file from the third party requestor 130 matches the user device-generated hash file, then the image file from the third party requestor has not been tampered with (and is the same image file - i.e., copy - as the image file that was used to generate the user device-generated hash). In an operation 215, the image authentication server 120 may provide an indication of authentication to the user device 110 and/or the third party requester 130 as appropriate. Such indication may include the image file, authentication information (including results of the hash file comparison, the hash file output, a watermark, etc.), and/or other information indicating that the image file has been authenticated by the authentication server 120.

[0036] Having addressed an overview of implementations of the system, attention will now be turned to the user device 110 and authentication server 120.

[0037] User device 110

[0038] In an implementation, user device 110 may include any device capable of capturing images including, but not limited to, cell phones, smart phones, tablet computers, laptop computers, digital cameras, web cameras, laptop computers, desktop computers, security cameras, televisions, monitors, and the like. Referring to FIG. 3, which illustrates a device for authenticating image files, captured at the device, in conjunction with an authentication server, user device 110 may include an electronic imaging device 302, one or more network devices 304, location device 306, one or more processors 312, one or more electronic storage devices 314, and/or other components.

[0039] When a user wishes to take an image to be authenticated, the user opens the image authentication application 320 on the user device 110 to capture an image. When it is opened, the image authentication application 320 may record the time that the image authentication application is opened, the geographic location of the client device at the time the image authentication application is opened, and/or other information relevant to capturing images using the image authentication application. The foregoing and other information may be used later as metadata for authentication. Once the user captures an image using the image authentication application 320, the image authentication application may generate an image file based on the captured image and may assess an available network connection to determine whether the image file may be transmitted via the available network connection. The image authentication application 320 may obtain time, location, and/or other metadata at the time of image capture. Alternatively, prior to allowing the user to capture the image, the image authentication application 320 may assess an available network connection (or determine that no network connection is available). In this instance, the image authentication application 320 may not permit the user to capture an image if no network connection is available (or if an available network connection is available but should not be used for various reasons described herein).

[0040] In some instances, the image authentication application 320 may receive a request from the user to send the image file for authentication in response to which it may determine one or more characteristics of an available network connection and determine that the image file should not be sent via the network connection. In these instances, the image authentication application 320 may take one or more steps to confirm that the user has not had the opportunity to edit the image file by ensuring that certain time and/or geographic restrictions are satisfied. For example, the image authentication application 320 may note the time at which the image authentication application was opened, and the time at which the request to transmit the image file is made. If the request to transmit the image file is made sufficiently soon after the image authentication application is opened (for example, within one minute or other threshold time), then the image authentication application may authorize further operations to send the image file to proceed. Otherwise, the request to transmit the image file may be denied and the image file may be deleted or marked as unauthenticated. The image authentication application 320 may use other data for such verification as well or instead of time information. For example, the image authentication application 320 may compare the geographic location of the user device 1 10 at the time the image authentication application was opened and the geographic location of the device at the time the user requests transmission of the image file to the authentication server 120 to ensure that the user has not moved a great distance (e.g., less than 200 feet or other threshold distance value). Otherwise, the request to transmit the image file may be denied and the image file may be deleted or marked as unauthenticated. The foregoing time and geographic requirements help to ensure that the user has not had sufficient time to edit the image file.

[0041] Additional restrictions may be placed by the image authentication application 320 to assist in this authentication process. For example, the image authentication application 320 may only allow images taken within the image authentication application 320 to be transmitted to the authentication server 120. The image authentication application 320 may also prohibit the use of any editing tools within the image authentication application 320, or to prohibit exporting of image files so that the user cannot export image files to another program for editing. In this way, the image authentication application 320 ensures that the image file has remained within the approved application environment for the entirety of the image file's existence, and that the user has not been given the opportunity to revise any portion of the image file, including the image itself or the associated metadata.

[0042] In implementations that use the foregoing and other restrictions, once the image authentication application 320 has confirmed that the image file satisfies such restrictions, it may generate a hash file based on the image file and send the hash file to the authentication server 120. When the available network connection improves and/or another network connection becomes available, the image authentication application 320 may send the image file. Metadata (e.g., time and location data) associated with the image file may be sent along with the hash file and/or the image file. The authentication server 120 performs various tasks to authenticate the image file, including storing the hash file in association with the identifying information.

[0043] When a copy of the image file is received from the user device 110, the authentication server 120 may generate a server-generated hash file based on the copy, and compare the server-generated hash file with the user device-generated hash file. A match between the server-generated hash file and the user device-generated hash file may indicate that the copy of the image file has not been tampered with or altered since the original copy was created (because the user device-generated hash file was generated by the image authentication application 320 on the original). Upon authentication the authentication server 120 may apply a watermark and/or provide another indication that the image file has been authenticated.

[0044] Electronic imaging device 302 may include an electronic image sensor configured to detect and convey information used to generate an image. For example, electronic imaging device 302 may include, without limitation, a charge coupled device ("CCD") sensor, a complementary metal-oxide-semiconductor ("CMOS") sensor, and/or other type of device configured to detect and convey information used to generate an image. The image may include a still image (e.g., a photograph), a video image, and/or other types of images.

[0045] Network device 304 may include a network interface device configured to connect to and transmit data over a network, such as network 102 (illustrated in FIG. 1). In some implementations, user device 110 may include a network device 304 for each of different types of network connections that may be available. For example, and without limitation, one network device 304 may be configured to connect to a cellular data connection (e.g., "3G/4G/5G/etc") provided through a wireless service provider, while another network device 304 may be configured to connect to a Wireless Fidelity "WiFi") connection using a IEEE 802. XX or other specification. Other types of network connections through which communication with authentication server 130 across a network may be used as well. In some implementations, a single network device 304 may be configured to connect to multiple types of network connections as well.

[0046] Location device 306 may include a device configured to detect information used identify a physical (e.g., geographic) location of the location device. For example, and without limitation, location device 306 may include a Global Positioning System ("GPS") sensor device, a WiFi device (for obtaining hotspot location information), a network device (for obtaining IP address-based physical locations), and/or other type of location device configured to produce information used to identify a physical location of the location device 306 (and therefore the user device 110).

[0047] In an implementation, the one or more processors 312 may be programmed by computer program instructions, such as those stored in the one or more electronic storage devices 314. For example, the one or more processors 312 may be programmed by, among other instructions, a native camera application 316 and an image authentication application 320. The native camera application 316 may be an executable application, which is a different executable application than the image authentication application 320, that captures images using electronic imaging device 302. Native camera application 316 typically stores image files it generates in an accessible file location, such as a camera directory that is readable using an image album application. From the accessible file location, such image files are readily accessed and able to be edited. To help prevent such open access and editing functions, image authentication application 320 may be configured with its own image capture and storage functionality, as described herein.

[0048] In an implementation, image authentication application 320 may include various instructions such as, without limitation, a settings manager 322, an image file generator 324, a hash file generator 326, a network connection analyzer 328, a decision engine 330, and/or other instructions. As used herein, for convenience, the various instructions will be described as performing an operation, when, in fact, the various instructions program the processors 312 (and therefore user device 110) to perform the operation.

[0049] User-defined Settings and System Rules that Control Operation of the Image Authentication Application

[0050] The settings manager 322 may obtain, from a user, one or more user-defined settings to be applied to operation of the image authentication application 330. For example, the settings manager 322 may expose a user interface with input settings that allow a user to configure the behavior of the image authentication application 330. The user-defined settings may include, without limitation, a setting that indicates types of network connections in which image files should not be transferred, a setting that indicates types of network connections in which image files may be transferred, a setting that indicates a maximum file size permissible for an image file to be transferred, and/or other user-definable settings that control the behavior of the image authentication application 330.

[0051] The various settings may be combined or otherwise used in connection with one another. For example, a user may specify that image files should not be sent over a cellular data connection, but can be sent over a WiFi connection. The user may specify that image files over a certain size should not be sent over a cellular data connection. Other types of network connections may be specified as well or in the alternative. In some instances, a user setting may specify that image files should not be transmitted when an available network connection is of low quality (i.e., only when an available network connection is "strong"). Such "low quality" or "strong" quality may be measured based on, for example, network latency, network error rates, and/or other network metrics that may be measured to determine whether or not they meet certain quality thresholds (which may be specified by the user and/or predefined by the image authentication application 330). In some instances, the image authentication application 330 may decide (whether or not based on a user-defined setting) whether to send an image file based on the quality of an available network connection. For example, a predefined network metric threshold may be used to determine what is a "low quality" network connection and what is a "strong" network connection. It should be noted that a single quality metric need not be used. For instance, a combination of quality metrics may be used, weighted, and scored to generate an overall network quality score, which may be compared to an overall network quality threshold. The foregoing threshold values may be predefined by a user-defined setting and/or a system rule, discussed below. [0052] In addition to or instead of the user-defined settings, the settings manager 322 may obtain predefined system rules that control operation of the image authentication application 330. The predefined system rules may include settings that are the same as the user-defined settings, but instead of being set by the user, the predefined system rules may be set by a developer or others who are not an end user of user device 110. In this sense, in some implementations, one or more of the system rules may provide default settings for corresponding ones of the user-defined settings. In other implementations, the system rules may prohibit any user-defined settings and require only the system rules to be used.

[0053] Capturing an Image and Generating an Image File

[0054] Using the electronic imaging device 302, image file generator 324 may capture an image and generate an image file. Depending on the type of image that is captured (e.g., photograph, video, etc.), image file generator 324 may encode the captured image into an image file according to an appropriate encoding technique (e.g., JPEG/PNG/etc. for photographs, MPEG/NT SC/etc. for videos, and so on). In some implementations, image file generator 324 may store the image file in a file location on the electronic storage device 114 such as a hidden file location. Such hidden file location may not be exposed to the user of user device 110, but is accessible to the image authentication application 330. For example, the hidden file location may be obfuscated from the user using native operating system hidden file directory techniques. Other file locations may be used as well.

[0055] Generating Hash Files

[0056] In some implementations, the hash file generator 326 may generate a hash file based on an image file. For example, the hash file generator 326 may generate a hash of the image file using a hash function and generate the hash file based on the hash. In some implementations, the hash function may map data from the image file into data of a fixed size, in which the fixed size (e.g., memory footprint) is smaller than size of the image file. In some instances, the fixed size is orders of magnitudes smaller than the size of the image file (depending on the size of the image file itself). The hash function may generate a deterministic hash according to the content of the image file. For example, using the hash function, a hash of the image file will be the same as the hash of a copy of the image file if the copy is not altered. On the other hand, using the hash function, a hash of the image file will be different than a hash of a copy of the image file that has been altered (and also different than a hash of another file altogether). Examples of hash functions that may be used include, without limitation, SHA-256 and SHA-512.

[0057] Assessing Network Characteristics

[0058] In an implementation, the network connection analyzer 328 may determine one or more characteristics of an available network connection. An available network connection is a network connection detected by, or can be established by, one or more of the network devices 304 has detected (e.g., a network connection in which the network devices 304 has detected broadcast network information from an access point associated with the network connection, a network connection in which communication with an access point associated with the network connection has been established, a network connection in which an initial handshake communication has been initiated with an access point associated with the network connection, etc.). The one or more characteristics may include, without limitation, a type of an available network connection, a quality of an available network connection, and/or other types of characteristics that describe an available network connection.

[0059] Types of Network Connections

[0060] In some implementations, the network connection analyzer 328 may determine types of available network connections. For instance, the network connection analyzer 328 may identify a type of network connection currently used to transmit data to or from the user device 110 via network 102. In some implementations, the network connection analyzer 328 may determine that a network device 304 for a cellular network has indicated that a cellular network connection is available (and/or is currently being used to transmit and/or receive data from the user device 110). Other types of network connections (e.g., WiFi connections) may similarly be made. In some instances, the types of available network connections may be obtained from the operating system of user device 110 and/or from an operating system of a network device 304 if so configured.

[0061] As will be described, the type of available network connection may be used by the decision engine 330 to determine whether or not to send a hash file of an image file and/or determine whether or not to send the image file.

[0062] Quality of Network Connections

[0063] In some implementations, the network connection analyzer 328 may determine the quality of one or more available network connections. The quality may be assessed based on one or more metrics that indicate a quality of an available network connection. The one or more metrics may include, without limitation, a signal strength indicator, a number of dropped packets, a ratio of received packets to dropped packets (or vice versa), a network latency, a network throughput, and/or other network quality metrics that can be used to assess a quality of an available network connection.

[0064] In some instances, the network connection analyzer 328 may determine a signal strength of an available network connection. The signal strength may be obtained from, for example, a measurement of a signal transmitted from an access point such as a cellular base station, a signal transmitted from WiFi router or other WiFi access point, a measurement from an access point of a signal transmitted from the user device 110 to the access point, and/or other signal measurement.

[0065] In some instances, the network connection analyzer 328 may determine a number of dropped packets from information exchanged between an access point (e.g., a cellular network base station, a WiFi router, etc.) and user device 110.

[0066] In some instances, the network connection analyzer 328 may obtain a number of dropped packets versus received packets and/or a ratio of the foregoing. For instance, the network connection analyzer 328 may obtain a burst error rate and/or other network transmission metric that determines a number or ratio of received packets and dropped packets.

[0067] In some instances, the network connection analyzer 328 may obtain a current throughput of the network connection available at the first time. In some instances, the throughput may be obtained based on network performance information exchanged between the user device 110 and an access point (e.g., using control channels). In some instances, the network connection analyzer 328 may obtain an upload throughput by transmitting one or more predefined sets of data with known size to a networked device (such as authentication server 130). In this implementation, the network connection analyzer 328 may transmit a predefined set of data to the networked device and determine a length of time it took for the set of data to reach the networked device (based on an acknowledgement receipt from the networked device). The network connection analyzer 328 may determine the throughput based on the size of the set of data and the length of time. Alternatively or additionally, the network connection analyzer 328 may receive the length of time and/or the throughput calculation from the networked device.

[0068] In some instances, the network connection analyzer 328 may obtain a download throughput using similar techniques as for an upload throughput, but instead of measuring transmission of a set of data from the user device 110 to the networked device, the user device 110 and/or networked device measures a set of data transmitted from the networked device to the user device 110. It should be noted that the upload throughput and/or the download throughput may be used as a network characteristic for the decision process described herein.

[0069] In some instances, the network connection analyzer 328 may obtain a current latency of the network connection available at the first time. In some instances, the latency may be obtained based on network performance information exchanged between the user device 110 and an access point (e.g., using control channels). In some instances, the network connection analyzer 328 may obtain the latency by transmitting or receiving one or more predefined sets of data with known size to a networked device (such as authentication server 130). In this implementation, the network connection analyzer 328 may transmit a predefined set of data to the networked device and determine a length of time it took for the set of data to reach the networked device (based on an acknowledgement receipt from the networked device). The network connection analyzer 328 may determine the latency based on the length of time. Alternatively or additionally, the network connection analyzer 328 may receive the length of time and/or the latency calculation from the networked device. In some instances, the length of time is used as a latency value.

[0070] It should be noted that more than one network connection may be "available" as described herein. In these instances, the network connection analyzer 328 may assess the characteristic of an available network connection currently being used to transmit data to or from the user device 110 over a network, such as network 102.

[0071 j Decision Engine

[0072] In some implementations, a decision engine 330 may determine whether to transmit an image file and/or a hash file of the image file based on the one or more characteristics of an available network connection. For example, the decision engine 330 may obtain the one or more characteristics from the network connection analyzer 328 at a first time and determine that a hash file should be sent instead of the image file based on the one or more characteristics of a current network connection available at the first time. Upon transmission of the hash file, the decision engine 330 may periodically obtain characteristics of an available network connection at later times. For example, the decision engine 330 may obtain characteristics of an available network connection at a second time and determine that the image file may be sent. [0073] Various examples of scenarios may cause the decision engine 330 to determine that the image file should be sent at the second time (but not at the first time). In one example, network conditions (e.g., quality) on the same type of network connection may have improved from the first time to the second time. In this example, the signal strength, dropped versus successful packet ratio, latency, throughput, and/or other quality metrics may have improved beyond a threshold quality level at the second time whereas such quality metrics were below the threshold quality level at the first time. In another example, a second type of network connection may have become available at the second time but was not available at the first time. The second type of network connection may be used to send image files while the first type of network connection may not. In this example, image files may be authorized to be sent while on a WiFi network but not while on a cellular network. A cellular network connection (but not a WiFi connection) may have been available at the first time, and a WiFi connection may have become available at the second time. In some instances, the decision logic of the foregoing examples may be dictated by the user-defined settings and/or the system rules.

[0074] In some instances, the system rules and/or user-defined settings may specify one or more threshold quality values. The threshold quality values may each correspond to a given type of network quality assessment. For instance, the following may be used as a predefined threshold quality value: a minimal signal strength indicator value may be used as a predefined threshold quality value (below which the decision engine 330 considers a "poor quality" connection and above which the decision engine 330 considers a "strong" connection), a predefined number dropped packets value (above which the decision engine 330 considers a "poor quality" connection and below which the decision engine 330 considers a "strong" connection), a ratio of received packets to dropped packets (below which the decision engine 330 considers a "poor quality" connection and above which the decision engine 330 considers a "strong" connection), a network latency value (below which the decision engine 330 considers a "poor quality" connection and above which the decision engine 330 considers a "strong" connection), a network throughput value (below which the decision engine 330 considers a "poor quality" connection and above which the decision engine 330 considers a "strong" connection), and/or other threshold values that can be used to assess a poor quality or strong network connection. In implementations that use a combination of one or more of the foregoing, the threshold value may be predefined to reflect a combination quality score. In each of the foregoing examples of threshold values, the decision engine 330 may determine whether or not a weak or strong connection exists based on whether the current network quality metric deviates from the threshold value (e.g., is above or below, depending on the threshold value used).

[0075] Based on the comparison of a current quality metric and a corresponding threshold value, the decision engine 330 may determine whether or not the image file or a hash file should be sent. For example, for "poor quality" network connections, the hash file and not the image file may be sent. For "strong" network connections, the image file may be sent.

[0076] FIG. 4 illustrates a process of a device for authenticating image files, captured at the device, in conjunction with an authentication server, in accordance with an embodiment of the present disclosure.

[0077] In an operation 402, process 400 may include capturing an image. For instance, the image authentication application 320 may capture an image via the electronic imaging device 302.

[0078] In an operation 404, process 400 may include generating an image file based on the captured image. For example, the image authentication application 320 may generate the image file by encoding image information from the electronic imaging device 302. The encoding format may include conventional still (e.g., JPEG, PNG, etc.), motion (MP4, MOV, etc.), or other appropriate encoding formats, which may depend on the type of image file being created.

[0079] In an operation 406, process 400 may include capturing metadata relating to the image. For example, the image authentication application 320 may obtain metadata such as location information (indicating a geographic location at which the image was captured) from the location device 306, date and time information (indicating a date and time at which the image was captured) from a date and time source (in some implementations, a source external to user device 110 such as an online date and time server or image authentication server 230), and/or other information relevant to the captured image.

[0080] In an operation 408, process 400 may include generating a hash file based on a hash of the image file. For example, the image authentication application 320 may generate a hash of the image file and generate a hash file based on the hash.

[0081] In an operation 410, process 400 may include determining a characteristic of a network connection available at a first time. For example, the image authentication application 320 may assess a type of the network connection available at the first time, a quality of the network connection available at the first time, and/or other characteristic of the network connection.

[0082] In an operation 412, process 400 may include determining, based on the determined characteristic of the network connection available at the first time, whether to send the image file to the authentication server via the network connection available at the first time. For example, the image authentication application 320 may obtain system rules and/or user-defined settings to determine whether to send the image file or the hash file based on the determined characteristic.

[0083] In an operation 414, process 400 may include in response to a determination that the image file should not be sent, sending the hash file and identifying information that identifies the image file to the authentication server via the network connection available at the first time without sending the image file. For example, the image authentication application 320 may determine that the network connection available at the first time is a cellular network connection and determine that the image file should not be sent over a cellular network connection (e.g., to reduce network usage via cellular networks). In another example, the image authentication application 320 may determine that the network connection available at the second time is of "low quality" based on quality threshold values and determine that the image file should not be sent over low quality network connections.

[0084] In an operation 416, process 400 may include determining a characteristic of a network connection available at a second time, subsequent to having sent the hash file and identifying information that identifies the image file to the authentication server. For example, the image authentication application 320 may periodically determine whether the image file can be sent at a later time after the hash file was sent (e.g., to determine whether a different type of network connection has become available and/or whether a network connection quality has improved).

[0085] In an operation 418, process 400 may include determining, based on the determined characteristic of the network connection available at the second time, whether to send the image file to the authentication server via the network connection available at the second time.

[0086] In an operation 420, process 400 may include in response to a determination that the image file should be sent via the network connection available at the second time, causing the image file to be sent to the authentication server via the network connection available at the second time. In this manner, the image authentication application 320 may send an image file at the time of image capture when the type of available network connection is authorized to be used to send image files and/or when the available network connection is of sufficient quality. If not, at the time of image capture, the image authentication application 320 may send a hash file instead.

[0087] It should be noted that if no network connection is available at a given time, the image authentication application 320 may not permit images to be captured for authentication. Alternatively, the image authentication application 320 may store the hash file (or encrypted version of the hash file) and/or the image file (or encrypted version of the image file) for later upload when a network connection is available.

[0088] FIG. 5 illustrates an authentication server 120 for authenticating images captured at and provided by a user device 110, according to an implementation of the invention.

[0089] In some implementations, the authentication server 120 may process at least some or all of the time, geographic, and/or other restrictions assessed by the user device 110. For example, the authentication server 120 may receive, from the image authentication application 320, time, geolocation, and/or other information used to determine whether the user had sufficient time to alter an image file. Authentication server 120 may accordingly perform some or all of the assessments performed by the image authentication application 320 discussed with reference to FIG. 3. In such implementations, authentication server 120 may proceed to further authenticate an image file as described herein only when such assessments indicate that the user has not had sufficient time to alter the image file.

[0090] In some instances, the authentication server 120 may use the geographic information (e.g., coordinates) received from the user device 110 in various ways. For example, the image authentication application 320 may request the user to indicate the location the photograph was taken (e.g., an address or name of location), and transmit that information along with application-recorded coordinate information to the authentication server as part of the photographic image file. The authentication server 120 may then compare the recorded coordinate information with the address/point of interest information provided by the user to insure that the user has provided accurate geographic information. Alternatively, the authentication server 120 may take coordinate information provided by the image authentication application 320 to search for a corresponding address or nearby points of interest, and suggest these addresses/points of interest to the user. The user may be given the option to include geographic information with the authenticated image file or remove it, but is prohibited from modifying location information or adding unverifiable location information.

[0091 ] The authentication server 120 may create a resource location identifier associated with an authenticated image file and/or the watermarked image so that third party viewers can visit the URL and confirm that the image has been authenticated. The resource location identified may be a web address or a shortened web address to direct a third party viewer to a webpage where they can view the authenticated image and/or the watermarked image. A copy of the authenticated image and/or the watermarked image can be uploaded to the web address so that third party viewers can view the authenticated image and/or compare an image they have received with the authenticated image at the web address. The third party viewer may receive an allegedly authenticated image file from a user of the photographic data authentication system. The image file may include a watermark that indicates that the photograph has been authenticated. However, it is possible that the user has falsely applied the watermark to an unauthenticated and/or edited image file. To confirm that the image file has, in fact, been authenticated and has not been edited in any way, the third party viewer may visit the web address associated with the watermarked image. The web address may appear on the watermarked image itself (for example, may be part of the watermark), or may be provided by the sender of the image, or may be embedded in the image such that clicking on the watermarked image will lead the user directly to the web address. In certain embodiments, the web address may be the full address, or a representation of the address (e.g., a QR code, or a tinyURL, or a bitly address). By visiting the web address, the third party viewer can verify that the allegedly authenticated photograph has, in fact, been authenticated based on the functions described herein.

[0092] In some implementations, an authenticated image file may include authenticated metadata provided by the authentication server 120, such as a server-applied time stamp, date stamp, and geographic information. The authenticated image file may also include a resource location identifier associated with the authenticated image file. In certain embodiments, this resource location identifier may be a web address or a representation of a web address (e.g., bitly code, tinyURL, or QR code). In this scenario, the authenticated image file, or certain portions of the authenticated image file may be uploaded to a website viewable by third parties. The user can share the authenticated image file with third party viewers (block 145) to represent that the image being shared has not been edited or revised. Third party viewers can view the authenticated image file and access the web address to confirm that the image has been verified by the authentication server and has not been revised.

[0093] The authenticated image file may comprise any combination of an authenticated image (i.e., the original image once it has been verified by the authentication server), authenticated image metadata (e.g., authentication server-provided or authentication server- approved timestamp, datestamp, and geographic data), and/or a watermarked image, the watermarked image being the authenticated image with a visual watermark affixed to it to represent that it has been verified by the authentication server. Attention will now be turned to the various components the foregoing and other implementations.

[0094] Having described various implementations of whether or not a user has had time to alter an image file and results of authentication, attention will now be turned to various authentication server components 120 that facilitate these and other functions. Authentication server 120 may include one or more physical processors 502, one or more electronic storage devices 504, and/or other components.

[0095] In an implementation, the one or more processors 502 may be programmed by computer program instructions, such as those stored in the one or more electronic storage devices 504. For example, the one or more processors 502 may be programmed by, among other instructions, a server-based image authentication application 510 (also referred to interchangeably as server-based application 510 for convenience).

[0096] In an implementation, the server-based application 510 may include various instructions such as, without limitation, a hash file generator 512, a network connection analyzer 514, an authentication engine 516, and/or other instructions 518. As used herein, for convenience, the various instructions will be described as performing an operation, when, in fact, the various instructions program the processors 502 (and therefore authentication server 120) to perform the operation.

[0097] In an implementation, hash file generator 512 is the same as hash file generator 326 used by the image authentication application 320 illustrated in FIG. 3. This is so that a hash file of a given image file can be deterministically generated at both the authentication server 120 and the user device 110. In some implementations, various versions of hash file generators may be stored in a database, such as a database 160. To the extent that different versions of hash file generators are used at different devices 110 (e.g., different versions of image authentication applications use different hash file generators), database 160 may be used to retrieve an appropriate version or type of hash file generator. In these implementations, user device 110 may communicate information identifying the version or type of hash file generator used. Such information may be in the form of an image authentication application version, an identifier for the hash file generator, and/or other identifying information used by authentication server 120 to retrieve the appropriate hash file generator to use.

[0098] In an implementation, a network connection analyzer 514 may participate in network connection analysis and/or perform the functions of the network connection analyzer 328 used by the image authentication application 320 illustrated in FIG. 3. In this manner, the authentication server 120 and/or the user device 110 may assess the quality of a network connection via which the server 120 and user device 110 communicate.

[0099] In an implementation, the authentication engine 516 facilitates authentication of image files captured at devices 110 even if use of a network connection to send image files from the devices 110 to the authentication server 120 should be limited (e.g., to minimize cellular data plans and/or when the network connection is poor). For example, the authentication engine 516 may receive a hash file of an image file for an image captured at user device 110. Because the hash file is smaller in size than the image file, sending the hash file over a cellular connection or "poor" quality (as described herein) connection may be more efficient.

[00100] To facilitate the foregoing, attention will now be turned to FIG. 6, which illustrates a process of an authentication server for authenticating image files captured at a device in conjunction with an authentication server, according to an implementation of the invention.

[00101] In an operation 602, process 600 may include receiving, from the user device via a network connection, a user device-generated hash file of the image file and identifying information that identifies the image file. For example, the server-based application 320 may receive a hash file of the image file and identifying information that identifies the image file.

[00102] In an operation 604, process 600 may include storing the user device-generated hash file in association with the identifying information in the electronic storage device. In some instances, the user device-generated hash file and the identifying information may be stored in association with one another in a database, such as database 160. To be stored in association with one another means that first information (such as a hash file) and second information (such as identifying information that identifies an image file) are stored such that one can be retrieved as output given the other as input. For example, a database link between two data fields may be used to store two (or more) pieces of information in association with one another. In another example, two or more pieces of information may be stored in association with one another as a key -value pair. Other ways to store information in association with one another may be used as well.

[00103] In an operation 606, process 600 may include receiving, from the user device, a copy of the image file that was used to generate the user device-generated hash file at the user device and the identifying information that identifies the image file. The copy of the image file may be received from the user device after the hash file was received from the user device. In some instances, the copy of the image file may be received via the same type of network connection used to receive the user device-generated hash file (in which case the quality of the network connection has improved since the user device-generated hash file was received) or via a different type of network connection used to receive the user device-generated hash file (in which case a different type of network connection has become available since the user device- generated hash file was received).

[00104] In an operation 608, process 600 may include storing the copy of the image file in association with the identifying information. In some instances, operation 608 may include generating a hash of the copy of the image file, generating a server-generated hash file based on the hash, and storing the hash file in association with the identifying information and/or the copy of the image file.

[001 5] In an operation 610, process 600 may include receiving a request to obtain an authentication of the image file. The request may include the identifying information that identifies the image file.

[00106] In an operation 612, process 600 may include, in response to the request, obtaining the user device-generated hash file from the electronic storage device based on the identifying information. If the server-generated hash file was created in operation 608, operation 612 may include retrieving the server-generated hash file from the electronic storage device based on the identifying information. Otherwise, operation 612 may include retrieving the copy of the image file based on the identifying information and generating a server-generated hash file based on the retrieved copy of the image file.

[00107] In an operation 614, process 600 may include comparing the user device-generated hash file obtained from the electronic storage device with the server-generated hash file. [00108] In an operation 616, process 600 may include determining whether the user device- generated hash file and the server-generated hash file match. A non-match indicates that the copy of the image file from which the server-generated hash was generated has been altered relative to the copy of the image file from which the user device-generated hash file was generated. On the other hand, a match indicates that the copy of the image file from which the server-generated hash was generated has been unaltered relative to the image file from which the user device-generated hash file was generated.

[00109] In an operation 618, process 600 may include generating a result based on the determination of whether the user device-generated hash file and the server-generated hash file match, and transmitting an indication of the result in response to the request.

[001 10] In some implementations, instead of or in addition to receiving a copy of the image file from the device that sent the hash file, a copy of the image file may be received from a third party requester (with whom the device shared the copy of the image file). In this manner, the third party requester may upload a copy of an image file and the identifying information for authenticating the copy of the image file. In these instances, process 600 may include generating a server-generated hash file based on the copy of the image file uploaded by the third party requester and compare the server-generated hash file to the user device-generated hash file. Upon a match, process 600 may provide an indication of authentication to the third party requester (upon a non-match provide an indication of potential tampering). Such indication may include metadata or other information available to the system regarding the identifying information (including a copy of the image file from the device if such copy is available).

[001 1 1] It should readily be appreciated that authenticated images can be beneficial and useful in many different applications. By way of example, authenticated images can be used by dating websites, social networks, casting directors, and the like to ensure accurate and recent images of users. Parents may use authenticated images to verify the whereabouts and activities of their children or employers the whereabouts of their employees. Social media users can share experiences and users can view friends' images with full faith that the image is an accurate representation of their activities. Delivery services can provide reliable package tracking and location information. Customers making online purchases or reservations can verify the condition of the item they are purchasing or the item/property/vehicle they are renting. News outlets can verify source image information. Witnesses to a crime or accident can provide reliable, verifiable images taken at the scene. These are but a few of the myriad of uses that are possible with authenticated images.

[001 12] Although illustrated in FIG. 1 as a single component, computer system 110 and end user device 140 may each include a plurality of individual components (e.g., computer devices) each programmed with at least some of the functions described herein. In this manner, some components of computer system 110 and/or end user device 140 may perform some functions while other components may perform other functions, as would be appreciated. The one or more processors 112 may each include one or more physical processors that are programmed by computer program instructions. The various instructions described herein are exemplary only. Other configurations and numbers of instructions may be used, so long as the processor(s) 112 are programmed to perform the functions described herein.

[001 13] Furthermore, it should be appreciated that although the various instructions are illustrated in FIGS. 1, 3, and 5 as being co-located within a single processing unit, in implementations in which processor(s) 312, 502 include multiple processing units, one or more instructions may be executed remotely from the other instructions.

[001 14] The description of the functionality provided by the different instructions described herein is for illustrative purposes, and is not intended to be limiting, as any of instructions may provide more or less functionality than is described. For example, one or more of the instructions may be eliminated, and some or all of its functionality may be provided by other ones of the instructions. As another example, processor(s) 312, 502 may be programmed by one or more additional instructions that may perform some or all of the functionality attributed herein to one of the instructions.

[001 15] The various instructions described herein may be stored in a storage device

314, 504, which may comprise random access memory (RAM), read only memory (ROM), and/or other memory. The storage device may store the computer program instructions (e.g., the aforementioned instructions) to be executed by processor 312, 502 as well as data that may be manipulated by processor 312, 502. The electronic storage device may comprise floppy disks, hard disks, optical disks, tapes, or other storage media for storing computer-executable instructions and/or data.

[001 16] The various databases 160 described herein may be, include, or interface to, for example, an Oracle™ relational database sold commercially by Oracle Corporation. Other databases, such as Informix™, DB2 (Database 2) or other data storage, including file-based, or query formats, platforms, or resources such as OLAP (On Line Analytical Processing), SQL (Structured Query Language), a SAN (storage area network), Microsoft Access™ or others may also be used, incorporated, or accessed. The database may comprise one or more such databases that reside in one or more physical devices and in one or more physical locations. The database may store a plurality of types of data and/or files and associated data or file descriptions, administrative information, or any other data.

[001 17] The various components illustrated in FIG. 1 may be coupled to at least one other component via the network 102, which may include any one or more of, for instance, the Internet, an intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a SAN (Storage Area Network), a MAN (Metropolitan Area Network), a wireless network, a cellular communications network, a Public Switched Telephone Network, and/or other network. In FIG. 1, as well as in other drawing Figures, different numbers of entities than those depicted may be used. Furthermore, according to various implementations, the components described herein may be implemented in hardware and/or software that configure hardware.

[001 18] The various processing operations and/or data flows depicted in FIG. 2 (and in the other drawing figures) are described in greater detail herein. The described operations may be accomplished using some or all of the system components described in detail above and, in some implementations, various operations may be performed in different sequences and various operations may be omitted. Additional operations may be performed along with some or all of the operations shown in the depicted flow diagrams. One or more operations may be performed simultaneously. Accordingly, the operations as illustrated (and described in greater detail below) are exemplary by nature and, as such, should not be viewed as limiting.

[001 19] While various embodiments of the present disclosure have been described above, it should be understood that they have been presented by way of example only, and not of limitation. Likewise, the various diagrams may depict an example architectural or other configuration for the disclosure, which is done to aid in understanding the features and functionality that can be included. The disclosure is not restricted to the illustrated example architectures or configurations, but the desired features can be implemented using a variety of alternative architectures and configurations. Indeed, it will be apparent to one of skill in the art how alternative functional, logical or physical partitioning and configurations can be implemented to implement the desired features. [00120] Terms and phrases used in this document, and variations thereof, unless otherwise expressly stated, should be construed as open ended as opposed to limiting. As examples of the foregoing: the term "including" should be read as meaning "including, without limitation" or the like; the term "example" is used to provide exemplary instances of the item in discussion, not an exhaustive or limiting list thereof; the terms "a" or "an" should be read as meaning "at least one," "one or more" or the like; and adjectives such as "conventional," "traditional," "normal," "standard," "known" and terms of similar meaning should not be construed as limiting the item described to a given time period or to an item available as of a given time, but instead should be read to encompass conventional, traditional, normal, or standard technologies that may be available or known now or at any time in the future. Likewise, where this document refers to technologies that would be apparent or known to one of ordinary skill in the art, such technologies encompass those apparent or known to the skilled artisan now or at any time in the future.

[00121] Although the disclosure has been presented with reference only to the presently preferred embodiments, those of ordinary skill in the art will appreciate that various modifications can be made without departing from this disclosure. As such, the disclosure is defined only by the following claims and recited limitations.