Structure Signature: Background-Invariant Matching Through Gradient-Only Descriptors

Mechanism

The mechanism computes a structure signature in three deterministic stages: gradient extraction, background suppression, and signature compression. In gradient extraction, the artifact is mapped into a representation in which structural transitions are explicit. For images this is a multi-scale gradient field obtained by convolving the image with a bank of edge-sensitive kernels at logarithmically spaced scales. For text, this is a token-difference field obtained by walking the canonicalized syntax tree and recording, at each node, the transition pattern between adjacent children. For binaries, this is a byte-transition field obtained by recording the n-gram transition statistics over a sliding window.

In background suppression, the gradient field is filtered to remove components that correspond to non-structural variation. For images, low-frequency components corresponding to lighting, color cast, or background fill are subtracted, leaving a field dominated by edges, contours, and high-frequency structural transitions. For text, components corresponding to whitespace, comment-only changes, or order-insensitive enumerations are normalized away. For binaries, components corresponding to relocation tables, padding, and timestamp fields are masked. The suppression operation is parameterized by a class-specific filter that is chosen based on the artifact's declared media type, and the choice of filter is itself part of the signature so that two signatures computed under different filter assumptions are not collated.

In signature compression, the suppressed gradient field is compressed into a fixed-length descriptor by projecting onto a deterministic basis and applying a locality-sensitive hash. The result is a vector of bounded dimension whose Hamming or cosine distance to the signature of a related artifact reflects the structural similarity of the two artifacts. Importantly, the compression is one-way: the signature does not permit reconstruction of the underlying artifact, but it does permit deterministic comparison.

Matching against the signature is performed by recomputing the signature from a candidate artifact and comparing the result against the bound signature stored in the artifact's anchor record. A match is declared when the distance falls below a configured threshold; a mismatch is declared otherwise. The threshold is chosen per media class to balance robustness against background variation against sensitivity to structural manipulation. Crucially, because the signature suppresses background components, recoloring a logo or changing an icon's surrounding canvas does not move the signature; but altering the logo's silhouette, replacing its central glyph, or substituting its layout does.

Operating Parameters

The gradient extraction stage is parameterized by the kernel bank and the scale set. Embodiments include Sobel, Scharr, and steerable filter banks for image gradients; Gabor wavelet banks for orientation-selective extraction; and learned convolutional banks for media-specific structural emphasis. Scale sets range from single-scale (one kernel) to dyadic pyramids (typically four to eight scales) to densely sampled scale spaces. The choice trades extraction cost against discriminative power; the disclosure does not require any particular kernel choice but requires that the choice be deterministic and recorded in the signature header.

Background suppression is parameterized by the suppression filter and its threshold. For images, embodiments include high-pass filtering in the spatial frequency domain, morphological top-hat operations, retinex-style local normalization, and learned background masks. For text, embodiments include whitespace canonicalization, comment stripping, and identifier renaming under alpha-equivalence. For binaries, embodiments include relocation masking and padding normalization. The suppression class label travels with the signature.

Signature compression is parameterized by the projection basis, the output dimension, and the hashing scheme. Embodiments use random Gaussian projections, structured DCT or wavelet bases, or learned PCA bases. Output dimensions range from 64 bits for highly compact embedded use to 4096 bits for high-precision matching. Hashing schemes include SimHash, MinHash, and product quantization. The signature carries a header identifying the compression parameters so that signatures with mismatched parameters are not erroneously compared.

The match threshold is a per-media, per-application parameter. Embodiments express the threshold as a Hamming distance for binary signatures, as a cosine distance for real-valued signatures, or as a probabilistic match score derived from a calibrated distribution of intra-class and inter-class distances. The threshold is itself a policy object that may be versioned and bound to a content anchor.

Robustness budgets are parameters that bound how much surface-level change the signature is required to absorb without producing a mismatch. Typical budgets allow recoloring across the full color gamut, peripheral cropping up to a fixed fraction of the artifact's extent, paraphrasing at the surface form level, and whitespace or padding edits. Budgets that exceed the configured allowance are not absorbed; they produce a mismatch that triggers a downstream review.

Alternative Embodiments

A first alternative embodiment applies the structure signature to corporate logos and brand assets distributed across the open web. Each canonical logo is anchored with its structure signature; crawlers compute candidate signatures from images encountered in the wild and match against the registered set. Recolored, rescaled, or differently composited copies of the canonical logo produce matching signatures, while parodies, derivative works that alter the silhouette, and unrelated images do not. The embodiment supports brand-protection workflows without depending on watermarks that can be stripped.

A second alternative embodiment applies the structure signature to source code distribution. Each released source artifact is anchored with a syntax-tree-derived signature. Forks that rename identifiers, reformat whitespace, or modernize comments produce matching signatures, while forks that restructure the call graph or substitute the algorithmic core produce mismatches. The embodiment supports license compliance audits and provenance attribution in open-source ecosystems.

A third alternative embodiment applies the structure signature to document layouts. PDF and word-processed documents are anchored with a layout-derived signature that captures heading hierarchy, table structure, and figure placement, while suppressing font color, paragraph alignment microvariation, and revision metadata. Substantively identical reissues produce matching signatures; substantive layout changes produce mismatches.

A fourth alternative embodiment composes the structure signature with a generative model's perceptual embedding. The composition takes the structural gradient signature and the perceptual embedding as parallel descriptors and binds them jointly to the artifact's anchor. A consultation requires both descriptors to match within their respective thresholds, providing redundant coverage against attacks that would defeat one descriptor in isolation.

A fifth alternative embodiment is a privacy-preserving deployment in which the structure signature is computed locally on the artifact owner's device, signed under a key bound to the owner's identity, and only the signed signature is published. Comparison parties never see the underlying artifact; they verify the signature against candidate artifacts they hold locally. This embodiment supports anchoring of sensitive artifacts whose bytes must not leave the owner's premises.

Composition

The mechanism is composed of six cooperating components. The first is the canonicalizer, which transforms the artifact into a deterministic representation suitable for gradient extraction; canonicalization is media-specific and removes encoding-level variation that should not affect the signature. The second is the gradient extractor, which applies the configured kernel bank at the configured scale set and emits a multi-channel gradient field.

The third component is the background suppressor, which applies the configured suppression filter and emits a structural residual. The fourth is the signature compressor, which projects and hashes the residual to produce the final descriptor. The fifth is the signature header writer, which records the canonicalizer class, kernel bank identifier, scale set, suppression filter, and compression parameters alongside the descriptor so that downstream verifiers can confirm parameter compatibility. The sixth is the matcher, which takes two signatures, validates header compatibility, and computes the configured distance metric against the configured threshold.

The components are pure functions of their inputs: identical inputs produce identical signatures regardless of which substrate computes them. This determinism is the foundation of the cross-substrate audit guarantee for content anchoring, because it allows any verifier to recompute and confirm a signature without trusting the original computer.

Prior Art

Perceptual hashing systems such as pHash, dHash, and aHash derive image descriptors from luminance distributions and DCT coefficients. They achieve robustness to small geometric and color perturbations but bind the descriptor to absolute luminance values, which makes them sensitive to background changes that the structure signature is engineered to absorb. The structure signature differs by computing exclusively from gradient fields after explicit background suppression.

Cryptographic hashing produces descriptors that are maximally sensitive: any byte change produces a completely different hash. This is the opposite of what is required for content anchoring, where benign surface changes must not break the binding. Cryptographic hashing is used elsewhere in the content anchoring system, for ledger commitment, but it is not the mechanism by which artifact identity is established.

Locality-sensitive hashing schemes such as MinHash and SimHash produce robust descriptors but operate on raw token or feature streams without media-specific canonicalization or background suppression. They are reused as a compression stage within the structure signature mechanism but do not, by themselves, achieve the background invariance described here.

Deep perceptual embeddings produced by large vision or language models achieve strong invariance properties but are not deterministic across model versions, are expensive to compute, and rely on opaque parameter sets that cannot be independently audited. The structure signature can be combined with such embeddings as in the fourth alternative embodiment, but it does not require them and remains independently verifiable when used alone.

Watermarking schemes embed identifying signals into artifacts, producing identifiers that can be stripped or attacked. The structure signature is computed from the artifact's intrinsic structure and cannot be removed without altering that structure; an attacker who removes the signature has, by construction, also altered the artifact in a way that the signature is designed to detect.

Disclosure Scope

The disclosure within US 63/808,372 covers the structure signature as the identity primitive of the content anchoring system, including the gradient-only construction, the explicit background-suppression stage parameterized by media class, the deterministic compression to a fixed-length descriptor, the inclusion of parameter headers to prevent erroneous comparison across configurations, the binding of the signature to a content anchor record, and the use of the signature in matching, consultation, and lineage operations.

The scope extends to systems in which the structure signature is applied to images, documents, source code, binaries, audio, and video, and to systems in which the signature is composed with perceptual embeddings, watermarks, or cryptographic hashes as parallel descriptors. It extends to deployments in which the signature is computed in a privacy-preserving manner and published only in signed form, and to deployments in which signatures are used for brand protection, license compliance, layout integrity verification, and content-provenance audits.

The scope does not extend to descriptors that bind directly to absolute pixel, byte, or token values without an explicit background-suppression stage; nor to descriptors that lack the parameter-header discipline required to prevent cross-configuration false matches; nor to descriptors that require trust in a centralized model or service to compute or verify.