WO2006125757A1 - Information security method and system for deterring counterfeiting of articles. - Google Patents

Information security method and system for deterring counterfeiting of articles. Download PDF

Info

Publication number
WO2006125757A1
WO2006125757A1 PCT/EP2006/062474 EP2006062474W WO2006125757A1 WO 2006125757 A1 WO2006125757 A1 WO 2006125757A1 EP 2006062474 W EP2006062474 W EP 2006062474W WO 2006125757 A1 WO2006125757 A1 WO 2006125757A1
Authority
WO
WIPO (PCT)
Prior art keywords
article
certificate
owner
verifier
group
Prior art date
Application number
PCT/EP2006/062474
Other languages
French (fr)
Inventor
Fabian Leroo
Philippe Marneth
Original Assignee
Fabian Leroo
Philippe Marneth
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP05104325A external-priority patent/EP1727096A1/en
Application filed by Fabian Leroo, Philippe Marneth filed Critical Fabian Leroo
Publication of WO2006125757A1 publication Critical patent/WO2006125757A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Definitions

  • the invention relates to an information security method for deterring counterfeiting of articles, each article being provided with an article reference affixed or attached thereto and a certificate; each certificate being provided with a certificate reference affixed or attached thereto; and data storing means being provided with each article reference, the corresponding certificate reference and a corresponding substitutable owner reference.
  • the invention also relates to an information security system for deterring counterfeiting of articles, comprising articles and certificates, wherein each article is provided with an article reference affixed or attached thereto; each article is provided with a certificate; each certificate is provided with a certificate reference affixed or attached thereto, and data storing means provided with each article reference, the corresponding certificate reference and a corresponding substitutable owner reference.
  • European patent application EP 0 957 459 Al discloses a system for verifying ownership of articles, based on attributing a unique article number and a certificate to each article.
  • the certificate carries an individual certification number different from the article number.
  • a central computer with storage means contains a list of matching pairs of article and certification numbers. The system can be queried by entering both the article and certification numbers. The system then returns an indication of whether the two numbers match or not. If they match, the article is considered to be authentic.
  • a storage for storing a current owner or an owner history for each article. Additionally, access privilege is attributed, i.e. only the current owner can enter a transferral of ownership into the database.
  • the data storing means are further provided with at least one verifier reference
  • the information security method includes the steps of receiving, through electrical, electronic or computer means, an article reference, a certificate reference and a verifier reference or an owner reference; checking, through electrical, electronic or computer means, whether an article reference, a certificate reference and an owner reference are received, or whether an article reference, a certificate reference and a verifier reference are received; if an article reference, a certificate reference and an owner reference are received: checking, through electrical, electronic or computer means, whether the article reference, the certificate reference and the owner reference match in the data storing means; and if so, returning, through electrical, electronic or computer means, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; and if an article reference, a certificate reference and a verifier reference are received: checking, through electrical, electronic or computer means, whether the article reference and the certificate reference match and whether the verifier reference is provided in the data storing means as one of the at least one verifier reference; and if so,
  • the article When the first or second signal is returned, the article may be said to be authentic or identified as authentic.
  • the expressions "the first signal is returned”, “the second signal is returned” or “the article is identified as authentic” are used indifferently to refer to what results from the situation either in which the article reference, the certificate reference and the owner reference match, or in which the article reference and the certificate reference match while the received verifier reference is one of the listed verifier references.
  • access privilege is attributed, i.e. only the current owner is allowed to enter a transferral of ownership into the database.
  • the system still returns an indication that the article is authentic.
  • the information security method according to the invention when the information security method according to the invention is put into operation, three references are required to obtain the first or second signal, i.e. a signal indicating that the article is authentic. Receiving two of the three references does not provide authenticity information regarding an article, unless a third element is provided, that is, either the owner reference or a verifier reference belonging to the list of verifier references as provided in the data storing means .
  • a party purchases an authentic article from a trusted retailer, he receives an article and certificate reference. The party also receives an owner reference at that time or before. In the event the party copies the article and certificate, he might then be able to sell the forged article and forged certificate as if they were the original authentic article and certificate.
  • the party who may be called "the counterfeiter", may do so, in the presence of the potential purchaser, by sending a query to the data storing means. The first signal would then be returned, indicating that the article is deemed to be authentic. The purchaser would then be confident that the article is authentic and he would then substitute the current password (the current owner reference) with his own password (his own owner reference) .
  • the owner reference is indeed substitutable in the data storing means.
  • the counterfeiter could still in theory prove that the pair of article and certificate references corresponding to the above-mentioned transfer are authentic. He could do so by asking a verifier, for instance a customs officer, to check whether the two elements are authentic. However, he could not do so by himself since he is neither a verifier, with a verifier reference, nor the owner anymore, with the corresponding owner reference. So he would be left with no means to authenticate the article with an owner reference, nor to sell an article. In other words, the counterfeiter would have no means anymore to indicate in a credible and reliable manner, i.e. using an owner reference, an article authenticity by sending a query to the data storing means .
  • the counterfeiter would be left with no practical incentive to utter yet another forged article with the same pair of article reference and certificate reference. Even in the event the counterfeiter had bought an original article to forge the copy, the counterfeiter would further be left with no means to identify the original article as authentic using the owner reference within the information security method according to the invention.
  • the information security method of the invention more efficiently deters counterfeiting of articles and reduces black market. It actually targets the prime mover of counterfeiting.
  • Counterfeiting is deterred because, on the one hand, verifiers can check at anytime the authenticity of an article, and, on the other hand, an owner is required to give up the owner reference associated with the article, literally releasing the article, when a regular transfer takes place. As a result, once an article is regularly transferred, a forged copy of the article cannot be regularly transferred anymore. Alternatively, once a forgery of an article is regularly transferred as if it was an original, the original article can neither be authenticated by its owner nor can it be regularly transferred anymore.
  • the owner reference corresponding to an article changes each and every time an article is transferred. It does not stay identical.
  • the method disclosed in European patent EP 1 204 078 solves the same above-described problem in view of the prior art, i.e. deterring counterfeiting of articles. However, the proposed solution differs.
  • the method disclosed in EP 1 204 078 consists in adding a geographical verification by comparing the article's position to the area attributed to the article. This solution assumes that, if an authentication query relating to a given article comes from an area far away from the predetermined area associated with the article, this is likely to indicate fraud activities carried out in relation with the article, i.e. counterfeiting.
  • the information security method according to the invention deters counterfeiting of articles wherever counterfeiting is carried out, and not only far away from a preset area.
  • the information security method and system of the invention deters counterfeiting and leads to an improved atmosphere of mutual confidence amongst the actors for instance on the luxury goods market, i.e. brand owners, manufacturers, importers, retailers, buyers, sellers, etc.
  • the information security method may be used to deter insurance fraud and false insurance claims .
  • an insurance company may require the article owner to provide the certificate (and the certificate reference) as well as the owner reference as a condition for receiving any compensation. If the claimant does not validly complete the triplet, the insurer would not award him any compensation. If the claimant does so, the insurer may change the owner reference and award the claimant with compensation while being reassured that the article cannot be sold anymore as an authentic article.
  • prestige and values of goods may be improved by the information security method and system of the invention.
  • the certificate is provided with conventional security features, such as holograms, fine printed patterns, and/or magnetic strips, to make it difficult to copy.
  • security features such as holograms, fine printed patterns, and/or magnetic strips.
  • the data storing means according to the invention is secure in such a manner as to make it impossible, or very difficult at least, to obtain a valid triplet consisting of an article reference, a certificate reference and an owner reference, without the required permissions.
  • the invention also relates to an above-described information security system for deterring counterfeiting wherein the data storing means are further provided with at least one verifier reference, and in that the system further includes electrical, electronic or computer receiving means for receiving an article reference, a certificate reference and a verifier reference or an owner reference; electrical, electronic or computer checking means for checking whether an article reference, a certificate reference and an owner reference are received, or whether an article reference, a certificate reference and a verifier reference are received; (1-i) electrical, electronic or computer checking means for checking, if an article reference, a certificate reference and an owner reference are received, whether the article reference, the certificate reference and the owner reference match in the data storing means; (1-ii) electrical, electronic or computer returning means for returning, if the article reference, the certificate reference and the owner reference match, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; (2-i) electrical, electronic or computer checking means for checking, if an article reference, a certificate reference and a verifier reference are received, whether the
  • the article reference and its corresponding certificate reference are not derivable or substantially not derivable for one another. To this end, they may be randomly chosen.
  • Fig.l shows a schematic flow chart representation of an embodiment of the information security method according to the invention
  • Fig.2 to 5 show schematic flow chart representations of aspects of the information security method according to the invention
  • Fig.6 shows a schematic view of the inputs of an embodiment of the information security method according to the invention.
  • Fig.7 shows a schematic representation of an embodiment of the information security system according to the invention
  • Fig.8 shows an exemplary box with a group label according to the batch-based embodiment
  • Fig.9 shows said exemplary group label in more details.
  • Fig. 1 a schematic flow chart representation
  • Fig. 6 a schematic view of the inputs.
  • the information security method for deterring counterfeiting of articles 24 may be applied to any kind of articles, objects, items, products, merchandises, consumer goods, trademarked goods or branded luxury goods which are transferable and capable of being owned, in particular valuable articles, such as handbags, purses, luggages, watches, pens, garments, jewelry, belts, bracelets, pendants, chains, diamonds, art objects, paintings, sport collectibles, autograph memorabilities, accessories, bottles of wine, or the like.
  • the security method includes the steps of providing 2 each article 24 with an article reference 26; providing 4 each article 24 with a certificate 28; and providing 6 each certificate 28 with a certificate reference 30. These steps need not necessarily be carried out according to the sequence illustrated in Fig. 1.
  • the article reference 26, certificate reference 30 and owner reference 32 (see below) , whatever the names by which they are called, for instance respectively "product code” or “product key”, “certification code” or “private key” and “password”, may be numbers, words, alphanumeric expressions, keys, codes or any string or combination of signs, characters, letters, digits or ideograms.
  • the article reference 26 and certificate reference 30 may also be patterns such as bar code, two-dimensional or three-dimensional patterns capable of being recognized by mechanical, electrical, electronic or computer means. They are affixed or attached respectively to the article 24 or certificate 28, by any kind of fastening means. That is, they may for instance be imprinted, embossed, engraved, directly or indirectly affixed or attached, fastened with an adhesive material, such as glue or tape, with a chain, a cord, clips, staples, magnetic fastening means, or the like. They may also be magnetically, electronically stored on or in the article 24 or certificate 28, or in a integrated circuit or microchip fastened to the article 24 or certificate 28.
  • the article reference 26 is a digital representation of a surface portion of the article 24, for instance at a microscopic or nanometric level.
  • this embodiment may be disadvantageous for some articles, compared to the patterns mentioned above, in that the surface may be affected by defects so that the article reference 26 can no longer be properly recognized.
  • the article reference 26 and certificate reference 30 may physically be provided by the manufacturer or later on by the brand owner or retailer for instance. This may be done through a random number generator algorithm, or through a dedicated algorithm.
  • the article reference 26 is attached or affixed to the article 24 so as to mark it in a substantially lasting manner.
  • the article reference 26 is not intended to change, and needs not be kept secret.
  • the certificate 28 serves as a support for the certificate reference 30 and may be a simple voucher or alternatively a more elaborate item.
  • the certificate reference 30 is not intended to change, and needs not be kept secret .
  • the information security method further includes the step of providing 8 data storing means 38 with each article reference 26, the corresponding certificate reference 30 and a corresponding substitutable owner reference 32.
  • the data storing means 38 may for instance be a database, a computer file or a register, and may for instance be accessible through a computer, a telephone network or any remote communication channel.
  • the data storing means 38 may contain further optional fields besides the article reference field, the certificate reference field and the owner reference field.
  • Optional fields may include a field indicating whether or not the pair has already been attributed (this is particularly useful if the article and certificate references are attributed prior to the article manufacture) , a field describing the article and/or its status.
  • Data storing means may be brand-specific or general purpose oriented.
  • the owner reference 32 is intended to be kept secret by the owner of the article 24. It may be substituted or modified any number of times.
  • the owner reference 32 is conditionally substitutable provided that a matching triplet exists, as illustrated with reference to Fig. 3 (see below) .
  • Owner references 32 may be memorizable strings of letters, of numbers, of combined letters and numbers, or of any other signs as described above, whatever is the length of the string. They may also be patterns which are not intended to be memorized such as signature patterns, fingerprints, eye retinas and irises, voice patterns, facial patterns, hand measurements, genetic fingerprints or any physical characteristics used to identify individuals in the field of biometrics. They may also be any types of digital signature saved on any type of medium, for instance a digital signature stored on an electronic ID card.
  • the information security method further includes the step of providing 46 the data storing means 38 with at least one verifier reference 42.
  • the verifier references 42, or password, are intended to be kept secret by their corresponding verifier.
  • Verifier references 42 may be memorizable strings or patterns not intended to be memorized. They may also be any types of digital signature saved on any- type of medium, for instance a digital signature stored on an electronic ID card.
  • any party may query the data storing means 38, for instance by sending an HTTP request to a dedicated web server.
  • the step of receiving 10 the triplet of references i.e. the article reference 26, the certificate reference 30 and the owner reference 32, may take place at any time whenever necessary or desired, not only when an article 24 is transferred or sold.
  • the method includes a step of checking 12 whether the three references 26, 30, 32 match in the database 38.
  • Checking 12 may for instance consist in transforming the HTTP request into a data retrieval operation, beginning a database transaction, executing the query, for instance an SQL SELECT query, and committing the transaction. If a row comprising the three submitted references 26, 30, 32 exists in the corresponding columns of the database, then the references match. If the references exist in a row, if they match, a first signal is returned 14. This may prompt a client computer to display a message indicating that the article reference 26 and the certificate reference 30 match, and that the article 24 is deemed to be authentic. The first signal authenticates the corresponding article and enables the registration of its transfer.
  • a failure signal is returned 16. This may prompt a client computer to display a message indicating that the correspondence between the article reference 26 and the certificate reference 30 cannot be verified. Alternatively, returning no signal may be possible .
  • Fig. 3 illustrates the step of returning 14 the first signal and indicating the possibility of replacing the owner reference 32, i.e. enabling transfer registration.
  • the method includes the steps of receiving 20 a new or second owner reference; and a step of substituting or replacing 22 the owner reference 32 in the data storing means 38 with the new or second owner reference.
  • An SQL UPDATE query may for instance be used for the substitution.
  • the embodiment illustrated in Fig. 2 provides an owner reference substitution method or a new owner reference recording method.
  • the step of receiving 10 the alternative triplet of references i.e. the article reference 26, the certificate reference 30 and a verifier reference 42, may take place at any time whenever necessary or desired.
  • the method includes a step of checking 52 whether the verifier reference 42 exists in the database 38 and whether the article reference 26 and certificate reference 30 match in the database 38.
  • a second signal is returned 44 if the result of the checking step 52 is positive.
  • a failure signal is returned 16 otherwise. The second signal authenticates the corresponding article 24 and prevents any transfer registration.
  • Fig. 7 illustrates a schematic representation of an embodiment of the information security system according to the invention where the receiving means 34, the checking means 36, the data storing means 38 and the returning means 40 are illustrated by black boxes.
  • a query containing the triplets of references is transmitted 10 via a network to the receiving means 34.
  • the checking means 36 query the data storing means 38, for instance by establishing a transaction database and by executing an SQL SELECT query.
  • the returning means 40 transform the physical bits such that a first signal, a second signal or a failure signal is returned on the network, according to whether the triplet exists in the database 38 or according to whether the verifier reference 42 exists and the article reference 26 and the certificate reference 30 matches.
  • the receiving means 34, the checking means 36, the data storing means 38 and the returning means 40 may for instance be implemented through a microprocessor with a central processing unit (CPU) and a memory unit.
  • CPU central processing unit
  • either the system or the method in the cases where several triplets are successively received 10 from the same location or origin, or in the cases said triplets relates to the same pair of article and certificate references, the method and the system may be configured to cause a delay or threshold mechanism to be initiated, in order to deter brute force attacks or the like. Since temporary denial of service in relation to a particular article may occur, this mechanism should only be carried out under certain conditions, for instance if the certificate reference 30 is not public, according to the data storing means' proprietor desire.
  • IP addresses are recorded to track a person trying to crack the system.
  • each article reference 26 and/or certificate reference 30 are unique, that is, unique in the data storing means 38.
  • each certificate reference 30 is different from the corresponding article reference 26. This does not prohibit however an article reference 26 from being identical to a certificate reference 30 which corresponds to another article reference 26.
  • the step of providing 8 the data storing means 38 with each article reference 26, the corresponding certificate reference 30 and a corresponding substitutable owner reference 32 further includes providing the data storing means 38 with at least a fourth reference.
  • the further steps of receiving 10, checking 12 and returning 14, 16 apply mutatis mutandis .
  • the nth reference, n being equal or larger than 4 serves to enable the validation of the (n-2)th and (n-l)th references.
  • the fourth reference is the IP (Internet Protocol) address of the owner, so that a transfer or an authentication check may only be triggered from a specific IP address. The same may apply mutatis mutandis for the verifier.
  • steps of receiving 10, 20, returning 14, 16, 44, checking 12, 52, replacing 22 and preventing 54 may be carried through a public network, such as the Internet, or a private network, or interconnection of networks, via any transmission protocol, and through a secure communication or not.
  • a public network such as the Internet
  • a private network such as the Internet
  • data phone communications or SMS messages may also be used.
  • the article reference 26, the certificate reference 30 and the verifier reference 42 or owner reference 32 are not all received simultaneously.
  • First the owner reference 32 or the verifier reference 42 is received by the receiving means, when the owner or verifier accesses a computer system, web application or the like by providing his owner reference 32 or verifier reference 42 to said system, web application or the like. In doing so, the owner or verifier logs in to the system.
  • the owner reference 32 or the verifier reference 42 may include a login and a password. They may include memorizable strings or patterns not intended to be memorized as described above.
  • the owner reference 32 or the verifier reference 42 is temporarily stored, and then the article reference 26 and the certificate reference 30 are received.
  • the non-simultaneous receiving operation embodiment is advantageous in that the system may be configured such that the owner can access a repository of all articles 24 he owns at one given moment in time in order to track them.
  • the repository or register may be a centralized, secure computer data storage system, as a back-end, supplemented by a web application, comprising a web server and an application, as a front-end for interacting with end-users .
  • a role is assigned to each owner. In another embodiment, a role is assigned to each owner and verifier.
  • An owner may for instance have the following roles : manufacturer, retailer, or purchaser.
  • the verifier may for instance have the following roles: customs office, expert, insurer, or any other recognized organization or judicial body related role.
  • the role-based owner and verifier embodiment is advantageous in that when combined with a non-simultaneous receiving operation embodiment as described above, the front- end for interacting with the repository within the system according to the invention can be tailored to fit the needs of and authorized actions that can be performed by the owner or verifier with a specific role.
  • the front-end may make certain functions of the system available to some of the roles only and adapt the user interface layout accordingly.
  • the owner reference 32 may be received before receiving the pair of article reference 26 and certificate reference 30 (see above-mentioned non-simultaneous receiving operation embodiment) so that an account-based method and system can be set up.
  • the accounts may be role-based as well (when combined with the above-mentioned role-based owner embodiment) .
  • Each person may be authorized to register in the information security system according to the invention, so as to obtain a personal account. Said person may then be able to register any article 24 he owns in his account within the data storing means 38.
  • an owner with an account can print a member card.
  • This member card contains a bar code or any other machine readable representation of information, representing his owner reference 32 so as to facilitate any transaction with the system, and to accelerate the introduction of the owner reference 32.
  • On the member card there may be no name, thus preserving the card anonymous character.
  • the owner Once the owner has accessed his account he can visualize the list of all his registered articles 24. If need be, the list may be automatically sent to an insurer in order to prove ownership of said articles 24.
  • Each registered article 24 in the list may be accompanied by a picture, a serial number, characteristics of the model, the manufacturer's name, the type of article, the period of warranty, the purchase price, the estimated current value, the authenticity index, or the like.
  • the authenticity index or status indicates the probability that an article 24 registered in the account is authentic.
  • An article 24 purchased from an authorized retailer would typically have a higher authenticity index than an article 24 introduced by the owner himself, unless the authenticity has been backed by an expert.
  • (1) Possibility to insert, authorize and control a new retailer This may include a control by the manufacturer of article sales made by the retailer, as well as the status of each specific article 24. Statistical reports may be obtained regarding the retailer sales. This enables close control of a distribution network.
  • the manufacturer duly authorized by the brand owner, may introduce new articles 24 in the data storage means 38 through his account.
  • the manufacturer receives articles references 26 and certificate references 30 to be assigned to the articles 24, from the information security system. These references 26, 30 are inserted in the data storage means 38.
  • the manufacturer, or the brand owner, may specify the authorized retailers in the distribution network for each range of articles 24.
  • Much other information regarding the articles 24 can be introduced in batch, i.e. for a range of articles 24: the model, the serial numbers, the period of warranty, the minimum price, the manufacturer and/or brand owner web site, information in order to retrieve the user manual, and the like.
  • An end-user owner or purchaser owner is therefore capable of retrieving useful information regarding the article 24 without any need to keep a stack of paper documents.
  • the end-user may be able to easily retrieve the user manual, evidence and particulars of warranty, address of authorized repairers, software updates, services packs or patches where appropriate, and so on.
  • the manufacturer may receive certificates 28 upon introducing new articles 24 in the data storage means 38.
  • the certificates 28 may be printed.
  • an owner has a retailer role, he typically has an account with reduced functionalities, for instance equal to those of an owner with a purchaser role.
  • the owner reference 32 of a retailer owner may change automatically each day or more often, for improving the security against irregular purchases.
  • the retailer is only- able to sell and transfer 22 an article 24 upon due notice of its daily owner reference 32. For instance, if a sale manager is made redundant, he is not able to know any owner reference 32 anymore, such that he is not able to regularly transfer 22 any article 24 from his former outlet.
  • a new owner reference is sent 15 minutes before opening the outlet and stays valid until the outlet is closed. There may be no valid owner reference 32 assigned to the retailers during closing days and hours.
  • an owner has a purchaser role, he typically has an account with functionalities to enable him to see the articles 24 he owns, but also to auction one of his registered articles 24, e.g. by a simple selection of his article 24 in the list of articles 24.
  • the transfer of an article 24 from one owner to another may be anonymous, i.e. none of each of the owners, the seller or the buyer, knows the identity of the other. Once the transfer is registered the former owner leaves the article 24 at an authorized outlet, where the new owner can pick it up. Batch-based embodiment
  • the information security system and method is applied to a group or batch of articles 24. That is, a group of articles 24 is packaged in a box 60, carton, parcel or the like, and is provided with a group article reference 64 affixed or attached thereto.
  • a group article reference 64 provided on a box 60 is defined as a reference which is provided in the data storing means 38 and which is bound in the data storing means 38 to all the article references 26 of the articles 24 contained in the box 60, so that the group article reference 64 corresponds to all the articles 24 in the box 60.
  • the group article reference 64 corresponds to the batch of articles 24 in the box 60 or container.
  • the group article reference 64 may be provided as a bar code or any other human or machine readable label on an outer surface of the box 60.
  • a group certificate reference (not represented) is provided on a transport voucher or bill of lading (not represented) which is normally due to travel with the box 60.
  • the group certificate reference is affixed or attached to, for instance inscribed or written on, the transport voucher or bill of lading.
  • One owner and one owner reference 32 are associated to the group of articles 24 in the box 60, so that there is unicity of the group ownership.
  • the group of articles 24 can be authenticated or transferred in one operation when the owner reference 32 is received along with the group article reference 64 and the group certificate reference. Receiving this triplet by the information security system enables authentication and transfer.
  • a verifier can check the authenticity of the group of articles 24 in one operation. Receiving the verifier reference 42, the group article reference 64 and the group certificate reference enables authentication while preventing transfer.
  • the verifier may scan, or read, the group article reference 64 and the group certificate reference from the box 60 and the bill of lading respectively.
  • the information security method and system according to this embodiment provide faster and easier authentication of a batch of goods during shipping. Ownership privacy is preserved without hindering free movement of goods, and counterfeiting is deterred.
  • a portion 66 of the group certificate reference is affixed or attached to the box 60, for instance inscribed or written thereto.
  • the bill of lading or transport voucher cannot be forged from the information on the box 60, should the box 60 be stolen or lost.
  • a portion 66 of the group certificate reference may consist in the four last digits of the group certificate reference (as illustrated in Fig. 9) .
  • the group article reference 64 is additionally affixed or attached to the transport voucher or bill of lading, for instance inscribed or written thereto.
  • the verifier may scan, or read (and then introduce the data into the system for receiving by the system) , the group article reference 64 and the group certificate reference from the bill of lading alone and then check whether the information on the box 60, i.e. on the group label, properly corresponds.
  • the box 60 is sealed, which provides an improved security method and system in combination the above-cited technical means .
  • Fig. 8 shows a box 60 with an exemplary security group label 62.
  • Each article 24 (not represented) in the box 60 is provided with an article reference 26 affixed or attached thereto.
  • a box 60 may contain 10 or 50 articles, such as watches.
  • Fig. 9 shows an exemplary group label 62 with a group article reference 64 and a portion 66 of a group certificate reference 66.
  • Other pieces of information may be written on the label 62, such as the number of articles 24 in the container 60, the total weight, the new owner address, the authorized carrier name, and/or an expiration date (see below) .
  • a plurality of groups of articles 24, i.e. a plurality of packages, is further encapsulated into a recognizable group of groups, which may for instance consist in a shipping container.
  • a recognizable group is authenticable and transferable within the information security system through receiving a unique triplet of references as described above.
  • an owner of an article 24 or of a package of articles 24 predetermines the new owner. More precisely, the transfer is carried out by the owner before shipping, with an additional measure. That is, the owner reference 32, the article reference 26 and the certificate reference 30 are received by the information security system and, in addition, a new owner reference is received and attributed, but the transfer is carried out in the data storing means 38 as a transfer to be confirmed.
  • the new owner reference is the owner reference 32 of the party to which the article 24 or package is intended to be shipped.
  • an automatic reverse transfer takes place, i.e. the ownership of the article 24 or package of articles 24 is automatically changed to the original owner, for instance the manufacturer.
  • the information security system replaces the owner reference 32 by the original owner reference in the data storing means 38 as soon as the expiration date is met. This ensures proper shipping management by deterring irregular shipping of the article 24 or package.
  • the predetermined transfer embodiment may be combined with the batch-based embodiment.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

The invention is an information security method for deterring counterfeiting of articles (24), with article references (26), certificates (28), certificate references (30), and storing means (38) with each article reference (26), the corresponding certificate reference (30) and a corresponding owner reference (32). The data storing means (38) also contain verifier references (42). The method includes receiving (10) an article reference (26), a certificate reference (30) and a verifier reference (42) or an owner reference (32); checking what is received; if an article reference (26), a certificate reference (30) and an owner reference (32) are received: checking (12) whether they match; and, if so, returning (14) a first authenticating signal enabling transfer registration; and if an article reference (26), a certificate reference (30) and a verifier reference (42) are received: checking (52) whether the first two references match and whether the verifier reference (26) is one of the verifier references (42); and, if so, returning (44) a second authenticating signal but preventing transfer registration.

Description

INFORMATION SECURITY METHOD AND SYSTEM FOR DETERRING COUNTERFEITING OF ARTICLES
Field of the invention The invention relates to an information security method for deterring counterfeiting of articles, each article being provided with an article reference affixed or attached thereto and a certificate; each certificate being provided with a certificate reference affixed or attached thereto; and data storing means being provided with each article reference, the corresponding certificate reference and a corresponding substitutable owner reference.
The invention also relates to an information security system for deterring counterfeiting of articles, comprising articles and certificates, wherein each article is provided with an article reference affixed or attached thereto; each article is provided with a certificate; each certificate is provided with a certificate reference affixed or attached thereto, and data storing means provided with each article reference, the corresponding certificate reference and a corresponding substitutable owner reference.
Description of prior art Such methods and systems are known from the art. For instance, European patent application EP 0 957 459 Al discloses a system for verifying ownership of articles, based on attributing a unique article number and a certificate to each article. The certificate carries an individual certification number different from the article number. A central computer with storage means contains a list of matching pairs of article and certification numbers. The system can be queried by entering both the article and certification numbers. The system then returns an indication of whether the two numbers match or not. If they match, the article is considered to be authentic.
In one embodiment of the above-referred prior art system, a storage is provided for storing a current owner or an owner history for each article. Additionally, access privilege is attributed, i.e. only the current owner can enter a transferral of ownership into the database.
The methods and systems of the art, such as the system described above, are neither immune to counterfeiting nor are they efficiently deterring counterfeiting. Indeed, a counterfeiter may still copy any number of times both the article and the certificate along with their article and certification numbers. Interrogating the database returns that the two numbers match even though the article and certificate are both forgeries.
Summary of the invention It is an object of the invention to provide an information security method and a system which more efficiently deter counterfeiting of articles .
To this end, the data storing means are further provided with at least one verifier reference, and the information security method includes the steps of receiving, through electrical, electronic or computer means, an article reference, a certificate reference and a verifier reference or an owner reference; checking, through electrical, electronic or computer means, whether an article reference, a certificate reference and an owner reference are received, or whether an article reference, a certificate reference and a verifier reference are received; if an article reference, a certificate reference and an owner reference are received: checking, through electrical, electronic or computer means, whether the article reference, the certificate reference and the owner reference match in the data storing means; and if so, returning, through electrical, electronic or computer means, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; and if an article reference, a certificate reference and a verifier reference are received: checking, through electrical, electronic or computer means, whether the article reference and the certificate reference match and whether the verifier reference is provided in the data storing means as one of the at least one verifier reference; and if so, returning, through electrical, electronic or computer means, a second signal for authenticating of the corresponding article and for preventing the registration of its transfer.
When the first or second signal is returned, the article may be said to be authentic or identified as authentic. In the description, the expressions "the first signal is returned", "the second signal is returned" or "the article is identified as authentic" are used indifferently to refer to what results from the situation either in which the article reference, the certificate reference and the owner reference match, or in which the article reference and the certificate reference match while the received verifier reference is one of the listed verifier references.
When the method and device disclosed in EP 0 957 459 Al are put into operation on articles, said method and device neither prevent nor deter a counterfeiter from copying both the article and certificate along with their respective reference, in which case each counterfeited pair of article and certificate are identified as an authentic pair. Indeed, when an article number and a certification number are received, means are provided for verifying in a storage whether said numbers are attributed to the same article. The means indifferently return a signal indicating that the article number and a certification number match whether or not the article and the certificate are genuine, and whoever sends the query to the database.
In the prior art method and device, there is no means for deterring counterfeiting of articles when both the article and the certificate are copied along with their respective article and certificate numbers. Providing a storage with the current owner or the owner history for each article does not constitute, on the one hand, sufficiently efficient deterring means, and it may raise privacy concerns on the other hand. This feature does not efficiently deter counterfeiting of articles since any person may verify whether a pair of article and certificate numbers match in the database, and said person would then obtain an indication that the article is authentic even though it is actually not. Privacy concerns may also be raised since anyone may obtain information about the owner of a given article and since the owner needs to reveal its identity to prove to a third party that the article is authentic, something which may not be desirable in many situations.
Additionally, in the prior art system, access privilege is attributed, i.e. only the current owner is allowed to enter a transferral of ownership into the database. However, if a pair of article and certificate numbers match in the database, the system still returns an indication that the article is authentic.
In contrast, when the information security method according to the invention is put into operation, three references are required to obtain the first or second signal, i.e. a signal indicating that the article is authentic. Receiving two of the three references does not provide authenticity information regarding an article, unless a third element is provided, that is, either the owner reference or a verifier reference belonging to the list of verifier references as provided in the data storing means .
When a party purchases an authentic article from a trusted retailer, he receives an article and certificate reference. The party also receives an owner reference at that time or before. In the event the party copies the article and certificate, he might then be able to sell the forged article and forged certificate as if they were the original authentic article and certificate. The party, who may be called "the counterfeiter", may do so, in the presence of the potential purchaser, by sending a query to the data storing means. The first signal would then be returned, indicating that the article is deemed to be authentic. The purchaser would then be confident that the article is authentic and he would then substitute the current password (the current owner reference) with his own password (his own owner reference) . The owner reference is indeed substitutable in the data storing means.
Once the owner reference is modified by the purchaser, the counterfeiter could still in theory prove that the pair of article and certificate references corresponding to the above-mentioned transfer are authentic. He could do so by asking a verifier, for instance a customs officer, to check whether the two elements are authentic. However, he could not do so by himself since he is neither a verifier, with a verifier reference, nor the owner anymore, with the corresponding owner reference. So he would be left with no means to authenticate the article with an owner reference, nor to sell an article. In other words, the counterfeiter would have no means anymore to indicate in a credible and reliable manner, i.e. using an owner reference, an article authenticity by sending a query to the data storing means .
The counterfeiter would be left with no practical incentive to utter yet another forged article with the same pair of article reference and certificate reference. Even in the event the counterfeiter had bought an original article to forge the copy, the counterfeiter would further be left with no means to identify the original article as authentic using the owner reference within the information security method according to the invention.
Accordingly, the information security method of the invention more efficiently deters counterfeiting of articles and reduces black market. It actually targets the prime mover of counterfeiting.
The use of the first triplet "article reference - certificate reference - owner reference", which enables authenticating the article and its ownership and enables transfer of the article, is combined with the use of the second triplet "article reference - certificate reference - verifier reference", which enables article authentication only. By separating within the information security system the ownership management (ownership authentication and transfer) from the article authentication management (counterfeiting detection) , a combined effect is provided in that privacy and free movement of goods are preserved while counterfeiting is deterred.
Privacy and free movement of goods are preserved because a verifier can check the authenticity of an article without knowing the owner identity and without requiring the owner to be permanently travelling with the article.
Counterfeiting is deterred because, on the one hand, verifiers can check at anytime the authenticity of an article, and, on the other hand, an owner is required to give up the owner reference associated with the article, literally releasing the article, when a regular transfer takes place. As a result, once an article is regularly transferred, a forged copy of the article cannot be regularly transferred anymore. Alternatively, once a forgery of an article is regularly transferred as if it was an original, the original article can neither be authenticated by its owner nor can it be regularly transferred anymore.
The owner reference corresponding to an article changes each and every time an article is transferred. It does not stay identical.
The method disclosed in European patent EP 1 204 078 solves the same above-described problem in view of the prior art, i.e. deterring counterfeiting of articles. However, the proposed solution differs. The method disclosed in EP 1 204 078 consists in adding a geographical verification by comparing the article's position to the area attributed to the article. This solution assumes that, if an authentication query relating to a given article comes from an area far away from the predetermined area associated with the article, this is likely to indicate fraud activities carried out in relation with the article, i.e. counterfeiting.
The information security method according to the invention deters counterfeiting of articles wherever counterfeiting is carried out, and not only far away from a preset area. The information security method and system of the invention deters counterfeiting and leads to an improved atmosphere of mutual confidence amongst the actors for instance on the luxury goods market, i.e. brand owners, manufacturers, importers, retailers, buyers, sellers, etc.
As a further advantage, the information security method may be used to deter insurance fraud and false insurance claims . In case of theft of an article provided with a given article reference, an insurance company may require the article owner to provide the certificate (and the certificate reference) as well as the owner reference as a condition for receiving any compensation. If the claimant does not validly complete the triplet, the insurer would not award him any compensation. If the claimant does so, the insurer may change the owner reference and award the claimant with compensation while being reassured that the article cannot be sold anymore as an authentic article.
As a further advantage, prestige and values of goods may be improved by the information security method and system of the invention.
In one embodiment of the invention, the certificate is provided with conventional security features, such as holograms, fine printed patterns, and/or magnetic strips, to make it difficult to copy. These additional security provisions are not indispensable however, in contrast with the prior art method disclosed in EP 0 957 459. The certificate according to the invention may be structurally very simple.
In one embodiment of the invention, the data storing means according to the invention is secure in such a manner as to make it impossible, or very difficult at least, to obtain a valid triplet consisting of an article reference, a certificate reference and an owner reference, without the required permissions.
The invention also relates to an above-described information security system for deterring counterfeiting wherein the data storing means are further provided with at least one verifier reference, and in that the system further includes electrical, electronic or computer receiving means for receiving an article reference, a certificate reference and a verifier reference or an owner reference; electrical, electronic or computer checking means for checking whether an article reference, a certificate reference and an owner reference are received, or whether an article reference, a certificate reference and a verifier reference are received; (1-i) electrical, electronic or computer checking means for checking, if an article reference, a certificate reference and an owner reference are received, whether the article reference, the certificate reference and the owner reference match in the data storing means; (1-ii) electrical, electronic or computer returning means for returning, if the article reference, the certificate reference and the owner reference match, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; (2-i) electrical, electronic or computer checking means for checking, if an article reference, a certificate reference and a verifier reference are received, whether the article reference and the certificate reference match and whether the verifier reference is provided in the data storing means as one of the at least one verifier reference; and (2-ii) electrical, electronic or computer returning means for returning, if the article reference and the certificate reference match and if the verifier reference is provided as one of the at least one verifier reference, a second signal both for authenticating of the corresponding article and for preventing the registration of its transfer.
In one embodiment of the invention, the article reference and its corresponding certificate reference are not derivable or substantially not derivable for one another. To this end, they may be randomly chosen.
Short description of the drawings
These and further aspects of the invention will be explained in greater detail by way of example and with reference to the accompanying drawings in which:
Fig.l shows a schematic flow chart representation of an embodiment of the information security method according to the invention; Fig.2 to 5 show schematic flow chart representations of aspects of the information security method according to the invention;
Fig.6 shows a schematic view of the inputs of an embodiment of the information security method according to the invention;
Fig.7 shows a schematic representation of an embodiment of the information security system according to the invention; Fig.8 shows an exemplary box with a group label according to the batch-based embodiment; and
Fig.9 shows said exemplary group label in more details.
The figures are not drawn to scale. Generally, identical components are denoted by the same reference numerals in the figures. Detailed description of preferred embodiments
An embodiment of the information security method according to the invention will be now described with reference to both Fig. 1, a schematic flow chart representation, and Fig. 6, a schematic view of the inputs.
The information security method for deterring counterfeiting of articles 24 may be applied to any kind of articles, objects, items, products, merchandises, consumer goods, trademarked goods or branded luxury goods which are transferable and capable of being owned, in particular valuable articles, such as handbags, purses, luggages, watches, pens, garments, jewelry, belts, bracelets, pendants, chains, diamonds, art objects, paintings, sport collectibles, autograph memorabilities, accessories, bottles of wine, or the like.
The security method includes the steps of providing 2 each article 24 with an article reference 26; providing 4 each article 24 with a certificate 28; and providing 6 each certificate 28 with a certificate reference 30. These steps need not necessarily be carried out according to the sequence illustrated in Fig. 1. The article reference 26, certificate reference 30 and owner reference 32 (see below) , whatever the names by which they are called, for instance respectively "product code" or "product key", "certification code" or "private key" and "password", may be numbers, words, alphanumeric expressions, keys, codes or any string or combination of signs, characters, letters, digits or ideograms.
The article reference 26 and certificate reference 30 may also be patterns such as bar code, two-dimensional or three-dimensional patterns capable of being recognized by mechanical, electrical, electronic or computer means. They are affixed or attached respectively to the article 24 or certificate 28, by any kind of fastening means. That is, they may for instance be imprinted, embossed, engraved, directly or indirectly affixed or attached, fastened with an adhesive material, such as glue or tape, with a chain, a cord, clips, staples, magnetic fastening means, or the like. They may also be magnetically, electronically stored on or in the article 24 or certificate 28, or in a integrated circuit or microchip fastened to the article 24 or certificate 28.
In one embodiment, the article reference 26 is a digital representation of a surface portion of the article 24, for instance at a microscopic or nanometric level. However this embodiment may be disadvantageous for some articles, compared to the patterns mentioned above, in that the surface may be affected by defects so that the article reference 26 can no longer be properly recognized.
The article reference 26 and certificate reference 30 may physically be provided by the manufacturer or later on by the brand owner or retailer for instance. This may be done through a random number generator algorithm, or through a dedicated algorithm.
The article reference 26 is attached or affixed to the article 24 so as to mark it in a substantially lasting manner. The article reference 26 is not intended to change, and needs not be kept secret.
The certificate 28 serves as a support for the certificate reference 30 and may be a simple voucher or alternatively a more elaborate item. The certificate reference 30 is not intended to change, and needs not be kept secret .
The information security method further includes the step of providing 8 data storing means 38 with each article reference 26, the corresponding certificate reference 30 and a corresponding substitutable owner reference 32. The data storing means 38 may for instance be a database, a computer file or a register, and may for instance be accessible through a computer, a telephone network or any remote communication channel. The data storing means 38 may contain further optional fields besides the article reference field, the certificate reference field and the owner reference field. Optional fields may include a field indicating whether or not the pair has already been attributed (this is particularly useful if the article and certificate references are attributed prior to the article manufacture) , a field describing the article and/or its status. Data storing means may be brand-specific or general purpose oriented.
The owner reference 32, or password, is intended to be kept secret by the owner of the article 24. It may be substituted or modified any number of times. The owner reference 32 is conditionally substitutable provided that a matching triplet exists, as illustrated with reference to Fig. 3 (see below) . Owner references 32 may be memorizable strings of letters, of numbers, of combined letters and numbers, or of any other signs as described above, whatever is the length of the string. They may also be patterns which are not intended to be memorized such as signature patterns, fingerprints, eye retinas and irises, voice patterns, facial patterns, hand measurements, genetic fingerprints or any physical characteristics used to identify individuals in the field of biometrics. They may also be any types of digital signature saved on any type of medium, for instance a digital signature stored on an electronic ID card.
The information security method further includes the step of providing 46 the data storing means 38 with at least one verifier reference 42. The verifier references 42, or password, are intended to be kept secret by their corresponding verifier. Verifier references 42 may be memorizable strings or patterns not intended to be memorized. They may also be any types of digital signature saved on any- type of medium, for instance a digital signature stored on an electronic ID card.
Once the fifth initialization or configuration steps 2, 4, 6, 8, 46 have been performed, any party may query the data storing means 38, for instance by sending an HTTP request to a dedicated web server. Now referring to the set 48 of operations as illustrated on Fig. 2, the step of receiving 10 the triplet of references, i.e. the article reference 26, the certificate reference 30 and the owner reference 32, may take place at any time whenever necessary or desired, not only when an article 24 is transferred or sold.
After the step of receiving 10 the triplet, the method includes a step of checking 12 whether the three references 26, 30, 32 match in the database 38. Checking 12 may for instance consist in transforming the HTTP request into a data retrieval operation, beginning a database transaction, executing the query, for instance an SQL SELECT query, and committing the transaction. If a row comprising the three submitted references 26, 30, 32 exists in the corresponding columns of the database, then the references match. If the references exist in a row, if they match, a first signal is returned 14. This may prompt a client computer to display a message indicating that the article reference 26 and the certificate reference 30 match, and that the article 24 is deemed to be authentic. The first signal authenticates the corresponding article and enables the registration of its transfer.
Otherwise, if there is no match, a failure signal is returned 16. This may prompt a client computer to display a message indicating that the correspondence between the article reference 26 and the certificate reference 30 cannot be verified. Alternatively, returning no signal may be possible .
Fig. 3 illustrates the step of returning 14 the first signal and indicating the possibility of replacing the owner reference 32, i.e. enabling transfer registration. In one embodiment, the method includes the steps of receiving 20 a new or second owner reference; and a step of substituting or replacing 22 the owner reference 32 in the data storing means 38 with the new or second owner reference. An SQL UPDATE query may for instance be used for the substitution.
In other words, the embodiment illustrated in Fig. 2 provides an owner reference substitution method or a new owner reference recording method. As soon as the transfer from a first to a second party has been enacted by the substitution of owner references, only a person knowing the owner reference 32 (unless the person is a verifier) can verify the correspondence between the article reference 26 and the certificate reference 30, or in other words the article's 24 authenticity. Now referring to the set 50 of operations as illustrated on Fig. 4, the step of receiving 10 the alternative triplet of references, i.e. the article reference 26, the certificate reference 30 and a verifier reference 42, may take place at any time whenever necessary or desired.
After the step of receiving 10 the alternative triplet, the method includes a step of checking 52 whether the verifier reference 42 exists in the database 38 and whether the article reference 26 and certificate reference 30 match in the database 38. A second signal is returned 44 if the result of the checking step 52 is positive. A failure signal is returned 16 otherwise. The second signal authenticates the corresponding article 24 and prevents any transfer registration.
If a new or second owner reference is received 20, as illustrated in Fig. 5, the replacement of the owner reference 32 by the second owner reference is prevented 54.
Fig. 7 illustrates a schematic representation of an embodiment of the information security system according to the invention where the receiving means 34, the checking means 36, the data storing means 38 and the returning means 40 are illustrated by black boxes. A query containing the triplets of references is transmitted 10 via a network to the receiving means 34. The checking means 36 query the data storing means 38, for instance by establishing a transaction database and by executing an SQL SELECT query. Then the returning means 40 transform the physical bits such that a first signal, a second signal or a failure signal is returned on the network, according to whether the triplet exists in the database 38 or according to whether the verifier reference 42 exists and the article reference 26 and the certificate reference 30 matches.
The receiving means 34, the checking means 36, the data storing means 38 and the returning means 40 may for instance be implemented through a microprocessor with a central processing unit (CPU) and a memory unit.
In one embodiment of the invention, either the system or the method, in the cases where several triplets are successively received 10 from the same location or origin, or in the cases said triplets relates to the same pair of article and certificate references, the method and the system may be configured to cause a delay or threshold mechanism to be initiated, in order to deter brute force attacks or the like. Since temporary denial of service in relation to a particular article may occur, this mechanism should only be carried out under certain conditions, for instance if the certificate reference 30 is not public, according to the data storing means' proprietor desire. In one embodiment, IP addresses are recorded to track a person trying to crack the system.
In one embodiment, each article reference 26 and/or certificate reference 30 are unique, that is, unique in the data storing means 38.
In one embodiment, each certificate reference 30 is different from the corresponding article reference 26. This does not prohibit however an article reference 26 from being identical to a certificate reference 30 which corresponds to another article reference 26. In one embodiment of the information security method according to the invention, the step of providing 8 the data storing means 38 with each article reference 26, the corresponding certificate reference 30 and a corresponding substitutable owner reference 32 further includes providing the data storing means 38 with at least a fourth reference. In this embodiment, the further steps of receiving 10, checking 12 and returning 14, 16 apply mutatis mutandis . In one embodiment, the nth reference, n being equal or larger than 4, serves to enable the validation of the (n-2)th and (n-l)th references. These embodiments provide increased security guarantees .
In one embodiment, the fourth reference is the IP (Internet Protocol) address of the owner, so that a transfer or an authentication check may only be triggered from a specific IP address. The same may apply mutatis mutandis for the verifier.
It will be clear for the person skilled in the art that the steps of receiving 10, 20, returning 14, 16, 44, checking 12, 52, replacing 22 and preventing 54 may be carried through a public network, such as the Internet, or a private network, or interconnection of networks, via any transmission protocol, and through a secure communication or not. Data phone communications or SMS messages may also be used.
Non-simultaneous receiving operation embodiment
In one embodiment of the information security method and system according to the invention, the article reference 26, the certificate reference 30 and the verifier reference 42 or owner reference 32 are not all received simultaneously. First the owner reference 32 or the verifier reference 42 is received by the receiving means, when the owner or verifier accesses a computer system, web application or the like by providing his owner reference 32 or verifier reference 42 to said system, web application or the like. In doing so, the owner or verifier logs in to the system. In this embodiment, the owner reference 32 or the verifier reference 42 may include a login and a password. They may include memorizable strings or patterns not intended to be memorized as described above.
The owner reference 32 or the verifier reference 42 is temporarily stored, and then the article reference 26 and the certificate reference 30 are received.
The non-simultaneous receiving operation embodiment is advantageous in that the system may be configured such that the owner can access a repository of all articles 24 he owns at one given moment in time in order to track them. The repository or register may be a centralized, secure computer data storage system, as a back-end, supplemented by a web application, comprising a web server and an application, as a front-end for interacting with end-users .
Role-based owner and verifier embodiment:
In one embodiment of the information security method and system according to the invention, a role is assigned to each owner. In another embodiment, a role is assigned to each owner and verifier.
An owner may for instance have the following roles : manufacturer, retailer, or purchaser. The verifier may for instance have the following roles: customs office, expert, insurer, or any other recognized organization or judicial body related role.
The role-based owner and verifier embodiment is advantageous in that when combined with a non-simultaneous receiving operation embodiment as described above, the front- end for interacting with the repository within the system according to the invention can be tailored to fit the needs of and authorized actions that can be performed by the owner or verifier with a specific role. The front-end may make certain functions of the system available to some of the roles only and adapt the user interface layout accordingly.
Account-based embodiment
The owner reference 32 may be received before receiving the pair of article reference 26 and certificate reference 30 (see above-mentioned non-simultaneous receiving operation embodiment) so that an account-based method and system can be set up.
The accounts may be role-based as well (when combined with the above-mentioned role-based owner embodiment) . There may be a manufacturer-type account, a retailer-type account and a purchaser-type account.
Each person may be authorized to register in the information security system according to the invention, so as to obtain a personal account. Said person may then be able to register any article 24 he owns in his account within the data storing means 38.
In one embodiment, an owner with an account can print a member card. This member card contains a bar code or any other machine readable representation of information, representing his owner reference 32 so as to facilitate any transaction with the system, and to accelerate the introduction of the owner reference 32. On the member card, there may be no name, thus preserving the card anonymous character.
The same may apply to the verifier and the verifier reference 42.
Once the owner has accessed his account he can visualize the list of all his registered articles 24. If need be, the list may be automatically sent to an insurer in order to prove ownership of said articles 24.
Each registered article 24 in the list may be accompanied by a picture, a serial number, characteristics of the model, the manufacturer's name, the type of article, the period of warranty, the purchase price, the estimated current value, the authenticity index, or the like. The authenticity index or status indicates the probability that an article 24 registered in the account is authentic. An article 24 purchased from an authorized retailer would typically have a higher authenticity index than an article 24 introduced by the owner himself, unless the authenticity has been backed by an expert.
If an owner has a manufacturer role, he typically has an account with the following functionalities :
(1) Possibility to insert, authorize and control a new retailer This may include a control by the manufacturer of article sales made by the retailer, as well as the status of each specific article 24. Statistical reports may be obtained regarding the retailer sales. This enables close control of a distribution network.
(2) Possibility to insert new articles 24
The manufacturer, duly authorized by the brand owner, may introduce new articles 24 in the data storage means 38 through his account. The manufacturer receives articles references 26 and certificate references 30 to be assigned to the articles 24, from the information security system. These references 26, 30 are inserted in the data storage means 38. The manufacturer, or the brand owner, may specify the authorized retailers in the distribution network for each range of articles 24.
Much other information regarding the articles 24 can be introduced in batch, i.e. for a range of articles 24: the model, the serial numbers, the period of warranty, the minimum price, the manufacturer and/or brand owner web site, information in order to retrieve the user manual, and the like. An end-user owner or purchaser owner is therefore capable of retrieving useful information regarding the article 24 without any need to keep a stack of paper documents. The end-user may be able to easily retrieve the user manual, evidence and particulars of warranty, address of authorized repairers, software updates, services packs or patches where appropriate, and so on.
In addition to receiving certificate references 30, the manufacturer may receive certificates 28 upon introducing new articles 24 in the data storage means 38. The certificates 28 may be printed.
If an owner has a retailer role, he typically has an account with reduced functionalities, for instance equal to those of an owner with a purchaser role.
The owner reference 32 of a retailer owner may change automatically each day or more often, for improving the security against irregular purchases. The retailer is only- able to sell and transfer 22 an article 24 upon due notice of its daily owner reference 32. For instance, if a sale manager is made redundant, he is not able to know any owner reference 32 anymore, such that he is not able to regularly transfer 22 any article 24 from his former outlet.
In one embodiment, a new owner reference is sent 15 minutes before opening the outlet and stays valid until the outlet is closed. There may be no valid owner reference 32 assigned to the retailers during closing days and hours.
If an owner has a purchaser role, he typically has an account with functionalities to enable him to see the articles 24 he owns, but also to auction one of his registered articles 24, e.g. by a simple selection of his article 24 in the list of articles 24.
The transfer of an article 24 from one owner to another may be anonymous, i.e. none of each of the owners, the seller or the buyer, knows the identity of the other. Once the transfer is registered the former owner leaves the article 24 at an authorized outlet, where the new owner can pick it up. Batch-based embodiment
In one embodiment, the information security system and method is applied to a group or batch of articles 24. That is, a group of articles 24 is packaged in a box 60, carton, parcel or the like, and is provided with a group article reference 64 affixed or attached thereto. A group article reference 64 provided on a box 60 is defined as a reference which is provided in the data storing means 38 and which is bound in the data storing means 38 to all the article references 26 of the articles 24 contained in the box 60, so that the group article reference 64 corresponds to all the articles 24 in the box 60. In other words, the group article reference 64 corresponds to the batch of articles 24 in the box 60 or container. The group article reference 64 may be provided as a bar code or any other human or machine readable label on an outer surface of the box 60.
In addition, a group certificate reference (not represented) is provided on a transport voucher or bill of lading (not represented) which is normally due to travel with the box 60. The group certificate reference is affixed or attached to, for instance inscribed or written on, the transport voucher or bill of lading.
One owner and one owner reference 32 are associated to the group of articles 24 in the box 60, so that there is unicity of the group ownership. The group of articles 24 can be authenticated or transferred in one operation when the owner reference 32 is received along with the group article reference 64 and the group certificate reference. Receiving this triplet by the information security system enables authentication and transfer. Likewise a verifier can check the authenticity of the group of articles 24 in one operation. Receiving the verifier reference 42, the group article reference 64 and the group certificate reference enables authentication while preventing transfer. The verifier may scan, or read, the group article reference 64 and the group certificate reference from the box 60 and the bill of lading respectively.
The information security method and system according to this embodiment provide faster and easier authentication of a batch of goods during shipping. Ownership privacy is preserved without hindering free movement of goods, and counterfeiting is deterred.
In one embodiment, a portion 66 of the group certificate reference is affixed or attached to the box 60, for instance inscribed or written thereto. The bill of lading or transport voucher cannot be forged from the information on the box 60, should the box 60 be stolen or lost. A portion 66 of the group certificate reference may consist in the four last digits of the group certificate reference (as illustrated in Fig. 9) .
In one embodiment, the group article reference 64 is additionally affixed or attached to the transport voucher or bill of lading, for instance inscribed or written thereto. In this embodiment, the verifier may scan, or read (and then introduce the data into the system for receiving by the system) , the group article reference 64 and the group certificate reference from the bill of lading alone and then check whether the information on the box 60, i.e. on the group label, properly corresponds. In one embodiment, the box 60 is sealed, which provides an improved security method and system in combination the above-cited technical means .
Fig. 8 shows a box 60 with an exemplary security group label 62. Each article 24 (not represented) in the box 60 is provided with an article reference 26 affixed or attached thereto. For instance, a box 60 may contain 10 or 50 articles, such as watches.
Fig. 9 shows an exemplary group label 62 with a group article reference 64 and a portion 66 of a group certificate reference 66. Other pieces of information may be written on the label 62, such as the number of articles 24 in the container 60, the total weight, the new owner address, the authorized carrier name, and/or an expiration date (see below) .
In a further embodiment, a plurality of groups of articles 24, i.e. a plurality of packages, is further encapsulated into a recognizable group of groups, which may for instance consist in a shipping container. A recognizable group is authenticable and transferable within the information security system through receiving a unique triplet of references as described above.
Predetermined transfer embodiment
In one embodiment, an owner of an article 24 or of a package of articles 24 predetermines the new owner. More precisely, the transfer is carried out by the owner before shipping, with an additional measure. That is, the owner reference 32, the article reference 26 and the certificate reference 30 are received by the information security system and, in addition, a new owner reference is received and attributed, but the transfer is carried out in the data storing means 38 as a transfer to be confirmed. The new owner reference is the owner reference 32 of the party to which the article 24 or package is intended to be shipped.
After shipping, upon reception of the article 24 or package, the transfer is confirmed by the new owner when his owner reference 32, the article reference 26 and the certificate reference 30 are sent to and received by the information security system.
In one embodiment, if the transfer is not confirmed by the second owner, for instance a retailer, before a given expiration date (associated with the article 24 or package in the data storing means 38) , an automatic reverse transfer takes place, i.e. the ownership of the article 24 or package of articles 24 is automatically changed to the original owner, for instance the manufacturer. The information security system replaces the owner reference 32 by the original owner reference in the data storing means 38 as soon as the expiration date is met. This ensures proper shipping management by deterring irregular shipping of the article 24 or package.
The predetermined transfer embodiment may be combined with the batch-based embodiment.
It will be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. The invention resides in each and every novel characteristic feature and each and every combination of characteristic features.

Claims

Claims
1. Information security method for deterring counterfeiting of articles (24) , each article (24) being provided with an article reference (26) affixed or attached thereto and a certificate (28); each certificate (28) being provided with a certificate reference (30) affixed or attached thereto; and data storing means (38) being provided with each article reference (26) , the corresponding certificate reference (30) and a corresponding substitutable owner reference (32); characterized in that the data storing means (38) are further provided with at least one verifier reference (42), and in that the method includes the steps of receiving (10), through electrical, electronic or computer means, an article reference (26) , a certificate reference (30) and a verifier reference (42) or an owner reference (32); checking, through electrical, electronic or computer means, whether an article reference (26) , a certificate reference (30) and an owner reference (32) are received, or whether an article reference (26) , a certificate reference (30) and a verifier reference (42) are received; if an article reference (26) , a certificate reference (30) and an owner reference (32) are received: checking (12), through electrical, electronic or computer means, whether the article reference (26) , the certificate reference (30) and the owner reference (32) match in the data storing means (38) ; and if so, returning (14), through electrical, electronic or computer means, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; and if an article reference (26) , a certificate reference (30) and a verifier reference (42) are received: checking (52), through electrical, electronic or computer means, whether the article reference (26) and the certificate reference (30) match and whether the verifier reference (42) is provided (8) in the data storing means (38) as one of the at least one verifier reference (42); and if so, returning (44), through electrical, electronic or computer means, a second signal for authenticating the corresponding article (24) and for preventing the registration of its transfer.
2. Security method of claim 1, further including the successive steps of, if and after the first signal is returned, receiving (20), through electrical, electronic or computer means, a second owner reference; and replacing (22), through electrical, electronic or computer means, the owner reference (32) corresponding to the received article reference (26) in the data storing means (38) by the second owner reference, such that a transfer of the article (24) is registered.
3. Security method of claim 1 or 2, further including the successive steps of, if and after the second signal is returned, receiving (20) , through electrical, electronic or computer means, a second owner reference; and preventing (54), through electrical, electronic or computer means, the replacement of the owner reference (32) corresponding to the received article reference in the data storing means (38) by the second owner reference, such that a transfer of the article is not registered.
4. Security method of any one of preceding claims, wherein the step of receiving (10) includes first receiving the verifier reference (42) or the owner reference (32), then receiving the article reference (26) and the certificate reference (30) .
5. Information security system for deterring counterfeiting of articles (24), comprising articles (24) and certificates (28), wherein each article (24) is provided with an article reference (26) affixed or attached thereto; each article (24) is provided with a certificate (28) ; and each certificate (28) is provided with a certificate reference (30) affixed or attached thereto; and data storing means (38) provided with each article reference (26) , the corresponding certificate reference (30) and a corresponding substitutable owner reference (32); characterized in that the data storing means (38) are further provided with at least one verifier reference (42), and in that the system further includes electrical, electronic or computer receiving means for receiving (10) an article reference (26) , a certificate reference (30) and a verifier reference (42) or an owner reference (32); electrical, electronic or computer checking means for checking whether an article reference (26) , a certificate reference (30) and an owner reference (32) are received, or whether an article reference (26) , a certificate reference (30) and a verifier reference (42) are received;
(1-i) electrical, electronic or computer checking means for checking (12), if an article reference (26), a certificate reference (30) and an owner reference (32) are received, whether the article reference (26) , the certificate reference (30) and the owner reference (32) match in the data storing means (38) ;
(1-ii) electrical, electronic or computer returning means for returning (14), if the article reference (26), the certificate reference (30) and the owner reference (32) match, a first signal for authenticating the corresponding article and for enabling the registration of its transfer; (2-i) electrical, electronic or computer checking means for checking (12), if an article reference (26), a certificate reference (30) and a verifier reference (42) are received, whether the article reference (26) and the certificate reference (30) match and whether the verifier reference (26) is provided (8) in the data storing means (38) as one of the at least one verifier reference (42); and
(2-ii) electrical, electronic or computer returning means for returning (44), if the article reference and the certificate reference match and if the verifier reference (26) is provided (8) as one of the at least one verifier reference (42), a second signal both for authenticating of the corresponding article (24) and for preventing the registration of its transfer.
6. Security system of claim 5, further including electrical, electronic or computer receiving means for receiving, if and after the first signal is returned, a second owner reference; and electrical, electronic or computer replacing means, operable if and after the first signal is returned and after a second owner reference is received, for replacing the owner reference (32) corresponding to the received article reference in the data storing means (38) by the second owner reference, such that a transfer of the article is registered.
7. Security system of claim 5 or 6, further including electrical, electronic or computer receiving means for receiving, if and after the second signal is returned, a second owner reference; and electrical, electronic or computer preventing means, operable if and after the second signal is returned and after a second owner reference is received, for preventing the replacement of the owner reference (32) corresponding to the received article reference in the data storing means (38) by the second owner reference, such that a transfer of the article is not registered.
8. Security system of any one of claims 5 to 7, wherein the receiving means for receiving (10) an article reference (26), a certificate reference (30) and a verifier reference (42) or an owner reference (32) include first receiving means for receiving the verifier reference (42) or the owner reference (32) and second receiving means for receiving the article reference (26) and the certificate reference (30) , so that the owner reference (32) or verifier reference (42) is first identified before any operation on the article reference (26) or certificate reference (30) .
9. Information security method for deterring counterfeiting of articles (24) , each article (24) being provided with an article reference (26) affixed or attached thereto and a certificate (28); each certificate (28) being provided with a certificate reference (30) affixed or attached thereto; and data storing means (38) being provided with each article reference (26) , the corresponding certificate reference (30) and a corresponding substitutable owner reference (32); characterized in that a plurality of the articles (24) corresponding to the same owner reference (32) are packaged into a group of articles (24) in at least one container (60); each container (60) is provided with a group article reference (64) affixed or attached thereto and a bill of lading or transport voucher; each bill of lading or transport voucher is provided with a group certificate reference affixed or attached thereto; the data storing means (38) are further provided with at least one verifier reference (42), each group article reference (64) and each group certificate reference, both bound in the data storing means (38) to all the article references
(26) corresponding to the articles (24) in the corresponding container (60) ; and in that the method includes the steps of receiving (10), through electrical, electronic or computer means, a group article reference (64), a group certificate reference, and a verifier reference (42) or an owner reference (32); checking, through electrical, electronic or computer means, whether a group article reference (64), a group certificate reference and an owner reference (32) are received, or whether a group article reference (64), a group certificate reference and a verifier reference (42) are received; if a group article reference (64), a group certificate reference and an owner reference (32) are received: checking (12), through electrical, electronic or computer means, whether the group article reference (64), the group certificate reference and the owner reference (32) match in the data storing means (38); and if so, returning (14), through electrical, electronic or computer means, a first signal for authenticating the corresponding group of articles (24) and for enabling the registration of its transfer; and if a group article reference (64), a group certificate reference and a verifier reference (42) are received: checking (52), through electrical, electronic or computer means, whether the group article reference (64) and the group certificate reference match and whether the verifier reference (42) is provided (8) in the data storing means (38) as one of the at least one verifier reference (42); and if so, returning (44), through electrical, electronic or computer means, a second signal for authenticating the corresponding group of articles (24) and for preventing the registration of its transfer.
10. Information security system for deterring counterfeiting of articles (24), comprising articles (24) and certificates (28), wherein each article (24) is provided with an article reference (26) affixed or attached thereto; each article (24) is provided with a certificate (28) ; and each certificate (28) is provided with a certificate reference (30) affixed or attached thereto; and data storing means (38) provided with each article reference (26) , the corresponding certificate reference (30) and a corresponding substitutable owner reference (32); characterized in that the system further includes at least one container (60) in which are packaged, into a group of articles (24), a plurality of the articles (24) corresponding to the same owner reference (32); each container (60) being provided with a group article reference (64) affixed or attached thereto and a bill of lading or transport voucher; each bill of lading or transport voucher is provided with a group certificate reference affixed or attached thereto; in that the data storing means (38) are further provided with at least one verifier reference (42), and each group article reference (64) and each group certificate reference, both bound in the data storing means (38) to all the article references (26) corresponding to the articles (24) in the corresponding container (60) ; and in that the system further includes electrical, electronic or computer receiving means for receiving (10) a group article reference (64), a group certificate reference and a verifier reference (42) or an owner reference (32); electrical, electronic or computer checking means for checking whether a group article reference (64), a group certificate reference and an owner reference (32) are received, or whether a group article reference (64), a certificate reference and a verifier reference (42) are received;
(1-i) electrical, electronic or computer checking means for checking (12), if a group article reference (64), a group certificate reference and an owner reference (32) are received, whether the group article reference (64), the group certificate reference and the owner reference (32) match in the data storing means (38); (1-ii) electrical, electronic or computer returning means for returning (14), if the group article reference (64), the group certificate reference and the owner reference (32) match, a first signal for authenticating the corresponding article (24) and for enabling the registration of its transfer;
(2-i) electrical, electronic or computer checking means for checking (12), if a group article reference (64), a group certificate reference and a verifier reference (42) are received, whether the group article reference (64) and the group certificate reference match and whether the verifier reference (26) is provided (8) in the data storing means (38) as one of the at least one verifier reference (42); and
(2-ii) electrical, electronic or computer returning means for returning (44), if the group article reference (64) and the certificate reference match and if the verifier reference (26) is provided (8) as one of the at least one verifier reference (42), a second signal both for authenticating of the corresponding article (24) and for preventing the registration of its transfer.
PCT/EP2006/062474 2005-05-23 2006-05-19 Information security method and system for deterring counterfeiting of articles. WO2006125757A1 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
EP05104325A EP1727096A1 (en) 2005-05-23 2005-05-23 Method for deterring counterfeiting of articles, for instance valuable articles, and system therefor
EP05104325.5 2005-05-23
EP05110615.1 2005-11-10
EP05110615 2005-11-10
EP05113016 2005-12-28
EP05113016.9 2005-12-28

Publications (1)

Publication Number Publication Date
WO2006125757A1 true WO2006125757A1 (en) 2006-11-30

Family

ID=36942219

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/062474 WO2006125757A1 (en) 2005-05-23 2006-05-19 Information security method and system for deterring counterfeiting of articles.

Country Status (1)

Country Link
WO (1) WO2006125757A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0957459A1 (en) * 1998-05-12 1999-11-17 Orell Füssli Graphische Betriebe AG Method and device for verifying ownership of articles
EP1204078A1 (en) * 2000-11-02 2002-05-08 Orell Füssli Security Documents AG A method for verifying the authenticity of articles
US20030085797A1 (en) * 2001-11-06 2003-05-08 Hongbiao Li System and method for determining the authenticity of a product
US20030085800A1 (en) * 2001-11-06 2003-05-08 Hongbiao Li System and method for authenticating products
US20040267711A1 (en) * 2001-10-25 2004-12-30 Zhu Xiao Jun Method and system for authenticating a package good

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0957459A1 (en) * 1998-05-12 1999-11-17 Orell Füssli Graphische Betriebe AG Method and device for verifying ownership of articles
EP1204078A1 (en) * 2000-11-02 2002-05-08 Orell Füssli Security Documents AG A method for verifying the authenticity of articles
US20040267711A1 (en) * 2001-10-25 2004-12-30 Zhu Xiao Jun Method and system for authenticating a package good
US20030085797A1 (en) * 2001-11-06 2003-05-08 Hongbiao Li System and method for determining the authenticity of a product
US20030085800A1 (en) * 2001-11-06 2003-05-08 Hongbiao Li System and method for authenticating products

Similar Documents

Publication Publication Date Title
US8421593B2 (en) Apparatus, systems and methods for authentication of objects having multiple components
KR101276902B1 (en) Method and device for obtaining item information using rfid tags
US8108309B2 (en) Protecting a manufactured item from counterfeiting
US7917443B2 (en) Authentication and tracking system
US8566598B2 (en) Method for article authentication using an article's authentication code and a second code provided by the party requesting authentication
US20020178363A1 (en) System and method for authentication of items
US11374756B1 (en) Tracking apparel items using distributed ledgers
US20010047340A1 (en) Authenticity verification method and apparatus
JP2004252621A (en) Product authentication system preventing market distribution of fake
JP6498123B2 (en) Digitally protected electronic titles for supply chain products
CA2891654A1 (en) System for authenticating items
US11810179B2 (en) Method for tracking products using distributed, shared registration bases and random numbers generated by quantum processes
US5737886A (en) Method for determining forgeries and authenticating signatures
US20030179902A1 (en) Authentication and anti-counterfeit tracking system
KR102058159B1 (en) Method and program for managing goods transaction using activation code
US20140324716A1 (en) Method and system for deterring product counterfeiting
US6030001A (en) Method for deterring forgeries and authenticating signatures
King et al. Securing the pharmaceutical supply chain using RFID
WO2002073550A1 (en) A method for verifying the authenticity of an article
US10599898B2 (en) Warranty tracking method for a consumer product
TW202134920A (en) Method for ensuring the authenticity and validity of item ownership transfer
US20080270306A1 (en) System and method of theft detection of encoded encrypted software keyed genuine goods
WO2007103120A9 (en) Authentication system and method
WO2006125757A1 (en) Information security method and system for deterring counterfeiting of articles.
EP1727096A1 (en) Method for deterring counterfeiting of articles, for instance valuable articles, and system therefor

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06763205

Country of ref document: EP

Kind code of ref document: A1