Margaret Sturgill

A system for forensic analysis of large image sets

Counterfeiting is a major concern for brand owners. Since printing is used to convey brands, brand owners should be able to analyze images of printed areas to gauge if the printing was performed by an authentic or a counterfeit printer/label converter. In this paper, we describe a system that uses a small set of pre-classified images (either authentic or counterfeit images from the same source) for initial training, and thereafter adaptively classifies and clusters images from multiple sources as they join the population to be classified. Authentic images and multiple sources of counterfeit images are identified, and secondary links between the non-compliant samples are provided. The system currently uses a set of 420 metrics which are filtered to a smaller set of features that can reliably describe our known set. This filtered set of features, or feature signature, is used for the search and clustering thereafter. We describe the use of this system to streamline and enhance investigations for a global brand protection program.

An optical character recognition approach to qualifying thresholding algorithms

Pre-processing for raster image based document segmentation begins with image thresholding, which is a binarization process separating foreground from background. In this paper, we compare an existing (Otsu), modified existing (Kittler-Illingworth) and simple peak-based thresholding approach on a set of 982 documents for which existing ground truth (full text) is available. We use the output of an open source OCR engine which incorporates an adaptive/dynamic thresholder that can be bypassed by one of the three global thresholds we tested. This allowed comparison of these three approaches in the aggregate. We then used an independently-generated dictionary as a means of characterizing thresholder efficacy. Such an approach, if successful, will provide the means for selecting an optimal thresholder in the absence of a large set of ground truthed documents. Our preliminary findings here indicate that this approach may provide a reliable means for thresholder comparison and eventually preclude the need for time-intensive human ground truthing.

Document imaging security and forensics ecosystem considerations

Much of the focus in document security tends to be on the deterrent -- the physical (printed, manufactured) item placed on a document, often used for routing in addition to security purposes. Hybrid (multiple) deterrents are not always reliably read by a single imaging device, and so a single device generally cannot simultaneously provide overall document security. We herein show how a relatively simple deterrent can be used in combination with multiple imaging devices to provide document security. In this paper, we show how these devices can be used to classify the printing technology used, a subject of importance for counterfeiter identification as well as printer quality control. Forensic-level imaging is also useful in preventing repudiation and forging, while mobile and/or simple scanning can be used to prevent tampering -- propitiously in addition to providing useful, non-security related, capabilities such as document routing (track and trace) and workflow association.

Understanding the User: User Studies and User Evaluation for Document Engineering

Document engineering is all about building systems and tools that allow people to work with documents and document collections. A key aspect is the usefulness and usability of these tools. In this tutorial, we will look at the many different kinds of user studies and user evaluations that can be used to inform the design and improve utility and usability of document engineering applications. The tutorial will be based on actual studies and will also give participants a chance to explore how they might use these techniques in their research or system development.

Mass Serialization Method for Document Encryption Policy Enforcement

Analytics obtained during the creation of a database of mass serialized codes can also be used to help enforcement of encryption policy on documents. In this paper, we introduce a set of metrics which complement traditional NIST cryptography methods -- 4 mass serialization and one entropy metric -- which in combination can allow a discrimination between encrypted vs. zipped files. We describe the use of these methods to identify a broad range of non-randomness in number sets, and apply them to a more mundane problem-that of automatic assessment of the encryption state of a corpora of documents.