EP1985061A1 - Authentication method and device - Google Patents

Authentication method and device

Info

Publication number
EP1985061A1
EP1985061A1 EP07730922A EP07730922A EP1985061A1 EP 1985061 A1 EP1985061 A1 EP 1985061A1 EP 07730922 A EP07730922 A EP 07730922A EP 07730922 A EP07730922 A EP 07730922A EP 1985061 A1 EP1985061 A1 EP 1985061A1
Authority
EP
European Patent Office
Prior art keywords
code
secret key
generating
random number
truncation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07730922A
Other languages
German (de)
French (fr)
Inventor
Jean-Pierre Massicot
Alain Foucou
Zbigniew Sagan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Att- Advanced Track & Trace S A
Original Assignee
Att- Advanced Track & Trace S A
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR0601004A external-priority patent/FR2907288B1/en
Priority claimed from FR0601625A external-priority patent/FR2897955B1/en
Priority claimed from FR0601739A external-priority patent/FR2907245B1/en
Application filed by Att- Advanced Track & Trace S A filed Critical Att- Advanced Track & Trace S A
Priority to EP20140154203 priority Critical patent/EP2809030A3/en
Publication of EP1985061A1 publication Critical patent/EP1985061A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B41PRINTING; LINING MACHINES; TYPEWRITERS; STAMPS
    • B41MPRINTING, DUPLICATING, MARKING, OR COPYING PROCESSES; COLOUR PRINTING
    • B41M3/00Printing processes to produce particular kinds of printed work, e.g. patterns
    • B41M3/14Security printing
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B41PRINTING; LINING MACHINES; TYPEWRITERS; STAMPS
    • B41MPRINTING, DUPLICATING, MARKING, OR COPYING PROCESSES; COLOUR PRINTING
    • B41M5/00Duplicating or marking methods; Sheet materials for use therein
    • B41M5/24Ablative recording, e.g. by burning marks; Spark recording
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03HHOLOGRAPHIC PROCESSES OR APPARATUS
    • G03H1/00Holographic processes or apparatus using light, infrared or ultraviolet waves for obtaining holograms or for obtaining an image from them; Details peculiar thereto
    • G03H1/0005Adaptation of holography to specific applications
    • G03H1/0011Adaptation of holography to specific applications for security or authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Definitions

  • the present invention relates to a method and an authentication device. It applies, in particular, to the protection against counterfeiting of marks, distinctive signs and products bearing them.
  • Product marking systems are known, for example with ink jet printers placed on the production lines to print a serial number on each article.
  • Other systems implement codes.
  • the present invention aims to remedy these disadvantages.
  • the present invention aims, according to a first aspect, an authentication method, characterized in that it comprises: a step of generating a random number, a step of generating a time stamp, - a step generating a first secret key, - a message authentication code truncation step implementing said first secret key, a symmetrical encryption step of the random number, the time stamp and the truncation, by setting implement a second secret key to produce an authentication code.
  • a lot of information can be encrypted, including the creation date of the code, a random number and a truncation.
  • the second secret key one can find this encrypted information.
  • the first secret key is useful for retrieving authentication information.
  • each production site implements two secret keys. By testing the different secret keys possible on a code, one can thus determine the origin of this code and its date of creation.
  • a quantum generator is implemented.
  • the random number is really random and not a pseudo-random number.
  • a cryptographic message authenticator is generated by implementing the first secret key.
  • a condensate is produced in addition.
  • a condensate is also called “hash” or, in its simplest form “checksum”, for checksum. This control character makes it easy to verify that the code is correctly entered.
  • the method as briefly described above comprises a step of regularly modifying the first secret key and transmitting the new secret key to a production site.
  • a code containing alphanumeric characters is generated.
  • the present invention aims at an authentication device, characterized in that it comprises:
  • a means for generating a random number a means for generating a time stamp, a means for generating a first secret key, a message authentication code truncation means implementing said first secret key; , a means of symmetric encryption of the random number, the timestamp and the truncation, by implementing a second secret key to produce an authentication code.
  • the present invention also relates to a method and an authentication device. It applies, in particular to document marking with holograms containing information enabling the detection of copies, the securing of documents by management of intellectual property rights and the fight against counterfeiting.
  • Numerous methods are known in the field of digital rights management, known as DRM (acronym for Digital Right Management). These methods generally apply to software and multimedia works and are intended to prohibit or limit the possibility of copying a work or software. These methods have the disadvantage of being complex to implement. In addition, they do not apply to the protection of printed documents. The present invention aims to remedy these disadvantages.
  • the present invention aims, in a third aspect, an authentication method, characterized in that it comprises: - a step of transfer of a holographic matrix on a support,
  • the impact of each laser shot has a greater dimension and depth to maintain the diffractive optical properties of the hologram.
  • the method as briefly described above comprises a step of determining the digital code so that this digital code is representative of an identification of a product associated with the hologram represented by the holographic matrix.
  • a plurality of different numerical codes are formed, each associated with an identical holographic matrix.
  • the numerical codes are positioned, with respect to the corresponding holographic matrices, in different positions.
  • the relative position of the digital code and the holographic matrix is a function of information represented by said digital code.
  • the method as briefly described above comprises a step of determining an additional code and a step of printing said additional code on a document formed from said holographic matrix.
  • the present invention aims at an authentication device, characterized in that it comprises:
  • the present invention also relates to a method and a device for authenticating molded parts. It applies, in particular to the marking of molds and molded parts with information enabling the detection of copies and the fight against counterfeiting.
  • DRM digital rights management
  • the present invention aims to remedy these disadvantages.
  • the present invention aims, in a fifth aspect, an authentication method, characterized in that it comprises:
  • the protection functions of the digital code are combined with those of the mold without substantially modifying the molded part.
  • the method as briefly described above comprises a step of determining the numerical code so that this numerical code is representative of an identification of the mold or molded parts with said According to particular features, the method as briefly described above comprises a step of determining an additional code and a step of printing said additional code on a part molded with said mold.
  • the present invention relates to an authentication device, characterized in that it comprises: means for producing a mold and means for marking said mold, by laser firing, to form a non-interpretable digital code the human eye adapted to allow the detection of copy of the mold made from molded parts with said mold, or molded parts made from said copied mold.
  • FIG. 1 represents, in the form of a block diagram, the functions and steps implemented in a particular embodiment of the method that is the subject of the first aspect of the present invention for generating an authentication code
  • FIG. 2 represents, in the form of a functional diagram, the functions and steps taken
  • FIG. 3 represents, schematically, a particular embodiment of a device that is the subject of the fourth aspect of the present invention.
  • FIG. 4 represents, schematically and in section, a holographic matrix marked by the device illustrated in FIG. 3,
  • FIG. 5 represents, in the form of a logic diagram, the steps implemented in a particular embodiment of the method that is the subject of the third aspect of the present invention
  • FIG. 6 schematically represents a particular embodiment of FIG. a device object of the sixth aspect of the present invention
  • FIG. 7 represents, schematically and in section, a mold marked by the device illustrated in FIG.
  • FIG. 8 represents, in the form of a logic diagram, the steps implemented in a particular embodiment of the method that is the subject of the fifth aspect of the present invention.
  • the terms encryption or encryption are used interchangeably, these functions of encrypting data by implementing an encryption key.
  • FIG. 1 shows a random number generating means 100 realizing the random number generation function 105, a hardware key 110 realizing the timestamping function 115, a storage memory of a first secret key 120 , a message authentication code truncation function 125, a storage memory of a second secret key 130, a symmetric encryption function 135, a condensate output 140 and an authentication code output 145.
  • random number generating means 100 provides, for each process of generating an authentication code and the associated condensate, a different random number 105.
  • this means for generating random numbers comprises a quantum generator so that these numbers are not pseudo-random, which would be detrimental to the security of the process.
  • the hardware key 110 is, for example a plug-in key in a USB port. It keeps a clock that can not be modified by interactions with this key.
  • the timestamps provided by the hardware key 110 represent the date, time, minute, and second that this timestamp is provided.
  • the storage memory of a first secret key 120 may be portable, for example in the form of a plug-in key in the port of a computer or accessible only on a secure server and provided on request after identification of the transmitter. the request.
  • Message authentication code truncation function 125 For the implementation of this truncation function, known to those skilled in the art, the reader can refer to the document "http://csrc.nist.gov/ publications / fips / fips198 / fips-198a.pdf Colour With this function, a cryptographic message authenticator is generated according to the cryptographic standard "Keyed-Hash Message Authentication Code" by implementing the first secret key. This signature is truncated according to the standard in order to limit its size. It is observed that the truncation makes it possible to keep a reasonable size to the printed code. For practical reasons, the small size of the code thus has advantages of compactness and aesthetics.
  • the storage memory of the second secret key 130 may also be portable or accessible only on a secure server.
  • the symmetric encryption function 135 implements a symmetric encryption algorithm (for example, the algorithms known as Rijndael, DES, (registered trademark) has the advantages of being fast, free and considered robust. Regarding Blowfish, the reader can refer to the document http://www.schneier.com/paper-blowfish-fse.html.
  • the symmetric encryption function generates a code comprising alphanumeric characters and a condensate. It is recalled that a condensate is also called “hash” or, in its simplest form “checksum”, for checksum.
  • the condensate outlet 140 and the authentication code output 145 make it possible to associate the authentication code and the condensate with a product so that they become integral and make it possible to authenticate the product. For example, these outputs 140 and 145 are connected to an inkjet printer which prints them on the product, its label or its packaging.
  • the large numbers used in the authentication code generation method ensure that the detection of two identical codes makes it possible to immediately detect a falsification of the product protected by this authentication code.
  • the owner of the intellectual property rights related to products controls the supply, at each of the production sites of these products, of the two keys implemented in the process of generation of authentication codes. He can therefore decide on the frequency of change of these secret keys.
  • the method for generating authentication codes comprises a step of regular and automatic modification of the first secret key of each production site, each new first secret key being immediately transmitted to the production site concerned.
  • the authentication method that is the subject of the present invention comprises:
  • a step of generating a random number a step of generating a time stamp, a step of generating a first secret key, a step of truncating the message authentication code implementing said first secret key.
  • each production site implements two secret keys. By testing the different keys secret possible on a code, one can thus determine the origin of this code and its date of creation.
  • FIG. 2 shows an input 205 of an authentication code and a condensate, a condensate verification function 210, a symmetric decryption function 215 implementing two decryption keys 220 and 225 and a function Authenticity verification system 230.
  • authentication code verification the particular embodiment of the method that is the subject of the present invention implements two levels of verification: a) a verification of the integrity of the message: using all the known cryptographic key pairs (secret keys 1 and 2), it is verified that the message is integrity. This integrity is verified by comparison of the signature (HMAC) calculated after decryption of the symmetric encryption and the signature of the token, b) a consistency check of the message: once integrity has been verified, it is ensured that the message is structurally coherent. Indeed, a code generator stolen from its owner continues to generate codes integrity. However the date contained in the code makes it possible to distinguish the valid tokens
  • inconsistent codes after the date of the flight.
  • the consistency check is therefore obtained by comparing the following three elements: generator number (site); code date; cryptographic keys validated at the integrity check step, at the repository of the data generated on the USB keys.
  • the code referred to in this document is intended to be marked or printed in clear on the products.
  • the consumer who wants to learn about a product in his possession can use a website or a call center equipped to check the integrity and consistency of the code. This consultation provides a presumption of infringement in the following cases:
  • FIG. 3 shows a means for determining a digital code 300, a graphic design means 305, a means 310 for transferring a holographic matrix 315 on a support 320 and a marking means 325.
  • the digital code determining means 300 is of known type. It is adapted to determine a numerical code having at least the following functions:
  • the numerical code may include redundancies and / or error correction codes, known as "checksum” (for checksum) or "CRC” (for code redundant verification).
  • checksum for checksum
  • CRC code redundant verification
  • the entropy of the code and / or the dimension of its printing are adapted according to known anti-copy code techniques.
  • the digital code is transmitted by the digital code determination means by means of marking 325.
  • the graphic design means 305 is of known type. It makes it possible to define each graphical element of a holographic matrix 315 intended to be carried by the transfer means 310 on the support 320 in order to print holograms on printed documents.
  • the transfer means 310 is of known type.
  • the support 320 is, generally, nickel.
  • the marking means 325 is adapted to perform laser shots on the support 320, once it has the holographic matrix, at points defined by the numerical code.
  • the numerical code takes the form of a matrix of points that can take two values, one of these values being associated with a laser shot and the other being not associated with it.
  • the marking means 325 is preferably adapted to perform laser shots whose impact has a diameter and a depth to maintain the optical diffraction property of the hologram.
  • FIG. 4 shows the support 320 carrying the holographic matrix 315 and the laser firing impacts 405. Each impact 405 has a larger dimension and a depth which maintains the optical diffraction properties of the hologram made from the matrix. holographic.
  • FIG. 5 shows that the authentication method comprises, firstly, a step 505 for determining the digital code so that this digital code is representative of an identification of a product associated with the hologram represented by the holographic matrix. Then, during a step 510 of report, a holographic matrix is transferred to a support.
  • a plurality of different numerical codes each associated with an identical holographic matrix and the positions of the numerical codes are formed so that the numerical codes are found, with respect to the corresponding holographic matrices, in different positions, positions according to information represented by said digital code.
  • said holographic matrix is marked by laser firing, to form the numerical code which can not be interpreted by the human eye, maintaining the optical diffraction properties of the holographic matrix, and adapted to enable the detection of a copy of a document made from said holographic matrix.
  • the impact of each laser shot has a larger dimension and a depth to maintain the diffractive optical properties of the hologram.
  • an additional code is determined and, during a step 530, said additional code is printed on a document formed from said holographic matrix.
  • the protection functions of the digital code are combined with those of the hologram without destroying the optical diffraction properties enabling the hologram to be viewed.
  • the different products made from identical holographic matrices associated with different numerical codes are different and therefore allow better traceability.
  • these additional codes represent a first content
  • a code can represent the name of the rights holder, a product reference to be marked and / or a date of generation of the code and are possibly unique, that is to say -say
  • the additional codes include error correction codes, for example of the type known as "CRC”.
  • each additional code from the additional code are generated marks representative of this additional code and, preferably, of a key specifically assigned to the product in said set of products, the representative mark being, accordingly, different for each product of said set.
  • the mark is a barcode associated with the product.
  • the mark is a set of alphanumeric characters associated with the product.
  • the mark is a bar code in at least two dimensions or a data matrix, known as datamatrix, associated with the product.
  • the representative mark of the additional code may be printed by an ink jet printer or may be formed in the material of the product or package by impact of a laser beam or printed by thermal transfer.
  • the laser impacts are read, for example by means of a camera, and, depending on the information read, the additional code associated with the product is modified, for example by coding.
  • the mark is made invisible by the choice of a particular manufacturing method, for example locally modifying the reflection coefficient of the label or packaging or implementing an invisible ink of known type.
  • FIG. 6 shows a means for determining a digital code 600, a mold design means 605, a means 610 for manufacturing a mold 615, and marking means 625.
  • the digital code determining means 600 is of known type. It is adapted to determine a numerical code having at least the following functions:
  • the digital code may include redundancies and / or error correction codes, known as verification).
  • the entropy code and / or the size of its marking are adapted, according to known techniques in copying codes.
  • the digital code is transmitted by the digital code determination means by means of marking 625.
  • the mold design means 605 is of known type, for example computer type having computer-aided design software. It defines each element of a mold 615 to be manufactured by the manufacturing means 610 for molding parts, for example plastic.
  • the manufacturing means 610 is of known type.
  • the marking means 625 is adapted to perform laser shots on the mold 615, once it is manufactured or on the material used for producing the mold 615, at points defined by the numerical code.
  • the numerical code takes the form of a matrix of points that can take two values, one of these values being associated with a laser shot and the other being not associated with it.
  • the marking means 625 is preferably adapted to perform laser shots whose impact has a diameter and a depth to detect a copy of the mold made from a molded part with the mold 615 and molded parts from this mold. copy of mold.
  • FIG. 7 shows the mold 615 and laser firing impacts 705. It can be seen that the impacts 705 may be on a flat or curved part of the mold 615. Due to the respective dimensions, the impacts 705 and the mold 615 are not, in Figure 7, to scale.
  • the authentication method comprises, firstly, a step 805 for determining the digital code so that this numerical code is representative of an identification of the mold 615 or molded parts from this mold 615.
  • the mold 615 is manufactured.
  • the mold 615 is marked by laser firing, to form the digital code that can not be interpreted by the human eye. and adapted to allow detection of a copy of the mold made from a molded part with the mold 615 or a molded part from said copy.
  • an additional code is determined and, during a step 830, said additional code is printed on a molded part formed with said mold 615.
  • the protection functions of the digital code combine with those of the mold without substantially modifying the molded parts.
  • these codes can be made invulnerable to decoding.
  • these codes implement bi-keys in accordance with PKI (public key infrastructure) public key infrastructure.
  • PKI public key infrastructure
  • these codes are provided, upon request, to the holders of the subscribed rights holders.
  • these additional codes represent a first content, for example, a code can represent the name of the rights holder, a product reference to be marked and / or a date of generation of the code and are possibly unique, that is to say to assign to a single product or printed document.
  • the additional codes include error correction codes, for example of the type known as "CRC”.
  • the printed mark can take many forms.
  • the mark is a barcode associated with the product.
  • the mark is a set of alphanumeric characters associated with the product.
  • the mark is a bar code in at least two dimensions or a data matrix, known as datamatrix, associated with the product.
  • the print mark representative of the additional code may be printed by an inkjet printer or may be formed in the material of the product or package by impact of a laser beam or printed by thermal transfer.
  • the laser impacts are read, for example by means of a camera, and, depending on the information read, the additional code associated with the product is modified, for example by coding. .
  • the printed mark is rendered invisible by the choice of a particular manufacturing method, for example locally modifying the reflection coefficient of the label or the packaging or implementing an invisible ink of known type.
  • the printed mark is copied into several parts of the package.

Abstract

The invention concerns an authenticating method including: a step of generating a random number (105); a step of generating a timestamping (115); a step of generating a first secret key (120); a step of truncating a message authentication code using said first secret key (125); a step of symmetrically encrypting the random number, the timestamping and the truncation (135), using a second secret key (130) to produce an authentication code (145). Preferably, during the step of generating the random number, a quantum generator (100) is used. Preferably, during the truncating step, a cryptographic message authenticator is generated using the first secret key. Preferably, during the step of symmetrically encrypting the random secret key, using the second secret key, a message digest (140) is additionally produced.

Description

PROCEDE ET DISPOSITIF D'AUTHENTIFICATION AUTHENTICATION METHOD AND DEVICE
La présente invention concerne un procédé et un dispositif d'authentification. Elle s'applique, en particulier, à la protection contre la contrefaçon des marques, des signes distinctifs et des produits les portant.The present invention relates to a method and an authentication device. It applies, in particular, to the protection against counterfeiting of marks, distinctive signs and products bearing them.
On connaît des systèmes de marquage de produits, par exemple avec des imprimantes à jet d'encre placées sur les lignes de production pour imprimer un numéro de série sur chaque article. D'autres systèmes mettent en œuvre des codes.Product marking systems are known, for example with ink jet printers placed on the production lines to print a serial number on each article. Other systems implement codes.
Ces systèmes sont néanmoins fragiles et les contrefacteurs falsifient ces codes ou en déterminent le fonctionnement, ce qui leur permet de générer des codes semblant authentifier les produits contrefaits.These systems are nevertheless fragile and counterfeiters falsify these codes or determine their operation, which allows them to generate codes that seem to authenticate counterfeit products.
La présente invention vise à remédier à ces inconvénients. A cet effet, la présente invention vise, selon un premier aspect, un procédé d'authentification, caractérisé en ce qu'il comporte : une étape de génération d'un nombre aléatoire, une étape de génération d'un horodatage, - une étape de génération d'une première clé secrète, - une étape de troncature de code d'authentification de message mettant en œuvre ladite première clé secrète, une étape d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature, en mettant en œuvre une deuxième clé secrète pour produire un code d'authentification. Grâce à ces dispositions, de nombreuses informations peuvent être encryptées, y compris la date de création du code, un nombre aléatoire et une troncature. De plus, grâce à la connaissance de la deuxième clé secrète, on peut retrouver ces informations encryptées. Cependant, la première clé secrète est utile pour récupérer des informations d'authentification. Ainsi, chaque site de production met en œuvre deux clés secrètes. En testant les différentes clés secrètes possibles sur un code, on peut ainsi déterminer l'origine de ce code et sa date de création.The present invention aims to remedy these disadvantages. For this purpose, the present invention aims, according to a first aspect, an authentication method, characterized in that it comprises: a step of generating a random number, a step of generating a time stamp, - a step generating a first secret key, - a message authentication code truncation step implementing said first secret key, a symmetrical encryption step of the random number, the time stamp and the truncation, by setting implement a second secret key to produce an authentication code. Thanks to these provisions, a lot of information can be encrypted, including the creation date of the code, a random number and a truncation. Moreover, thanks to the knowledge of the second secret key, one can find this encrypted information. However, the first secret key is useful for retrieving authentication information. Thus, each production site implements two secret keys. By testing the different secret keys possible on a code, one can thus determine the origin of this code and its date of creation.
Grâce à la mise en œuvre de la présente invention, il n'est pas nécessaire de maintenir une base de données au niveau de la production, ce qui simplifie le fonctionnement de l'outil de production. De plus, la détection de deux codes identiques permet de détecter immédiatement une falsification. De plus, la troncature permet de conserver une taille raisonnable au code imprimé. Pour des raisons pratiques, la petite taille du code présente ainsi des avantages de compacité et d'esthétique.With the implementation of the present invention, it is not necessary to maintain a database at the production level, which simplifies the operation of the production tool. In addition, the detection of two identical codes makes it possible to immediately detect forgery. In addition, truncation makes it possible to keep a reasonable size of the printed code. For practical reasons, the small size of the code thus has advantages of compactness and aesthetics.
Selon des caractéristiques particulières, au cours de l'étape de génération d'un nombre aléatoire, on met en œuvre un générateur quantique.According to particular characteristics, during the step of generating a random number, a quantum generator is implemented.
Grâce à ces dispositions, le nombre aléatoire est vraiment aléatoire et non un nombre pseudo-aléatoire.Thanks to these provisions, the random number is really random and not a pseudo-random number.
Selon des caractéristiques particulières, au cours de l'étape de troncature, on génère un authentifiant de message cryptographique en mettant en œuvre la première clé secrète. Selon des caractéristiques particulières, au cours de l'étape d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature, en mettant en œuvre la deuxième clé secrète, on produit, en outre, un condensât.According to particular features, during the truncation step, a cryptographic message authenticator is generated by implementing the first secret key. According to particular features, during the step of symmetric encryption of the random number, time stamping and truncation, by implementing the second secret key, a condensate is produced in addition.
On observe qu'un condensât est aussi appelé « hash » ou, dans sa forme la plus simple « checksum », pour somme de vérification. Ce caractère de contrôle permet de vérifier de façon simple que le code est correctement saisi.It is observed that a condensate is also called "hash" or, in its simplest form "checksum", for checksum. This control character makes it easy to verify that the code is correctly entered.
Selon des caractéristiques particulières, le procédé tel que succinctement exposé ci- dessus, comporte une étape de modification régulière de la première clé secrète et de transmission de la nouvelle clé secrète à un site de production.According to particular features, the method as briefly described above comprises a step of regularly modifying the first secret key and transmitting the new secret key to a production site.
Selon des caractéristiques particulières, au cours de l'étape d'encryption symétrique, on génère un code comportant des caractères alphanumériques.According to particular characteristics, during the symmetric encryption step, a code containing alphanumeric characters is generated.
Selon un deuxième aspect, la présente invention vise un dispositif d'authentification, caractérisé en ce qu'il comporte :According to a second aspect, the present invention aims at an authentication device, characterized in that it comprises:
- un moyen de génération d'un nombre aléatoire, un moyen de génération d'un horodatage, - un moyen de génération d'une première clé secrète, un moyen de troncature de code d'authentification de message mettant en œuvre ladite première clé secrète, un moyen d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature, en mettant en œuvre une deuxième clé secrète pour produire un code d'authentification.a means for generating a random number, a means for generating a time stamp, a means for generating a first secret key, a message authentication code truncation means implementing said first secret key; , a means of symmetric encryption of the random number, the timestamp and the truncation, by implementing a second secret key to produce an authentication code.
Les avantages, buts et caractéristiques du procédé et de ce dispositif étant similaires à ceux du procédé objet du premier aspect, ils ne sont pas rappelés ici.The advantages, aims and characteristics of the process and this device being similar to those of the process object of the first aspect, they are not recalled here.
La présente invention concerne aussi un procédé et un dispositif d'authentification. Elle s'applique, en particulier au marquage de document avec des hologrammes comportant de l'information permettant la détection de copies, à la sécurisation de documents par gestion de droits de propriété intellectuelle et à la lutte contre la contrefaçon. On connaît de nombreuses méthodes dans le domaine de la gestion de droits numériques, connues sous le nom de DRM (acronyme de Digital Right Management pour gestion de droits numérique). Ces méthodes s'appliquent généralement aux logiciels et aux oeuvres multimédias et visent à interdire ou à limiter la possibilité de copie d'une œuvre ou d'un logiciel. Ces méthodes présentent l'inconvénient d'être complexes à mettre en œuvre. De plus, elles ne s'appliquent pas à la protection de documents imprimés. La présente invention vise à remédier à ces inconvénients.The present invention also relates to a method and an authentication device. It applies, in particular to document marking with holograms containing information enabling the detection of copies, the securing of documents by management of intellectual property rights and the fight against counterfeiting. Numerous methods are known in the field of digital rights management, known as DRM (acronym for Digital Right Management). These methods generally apply to software and multimedia works and are intended to prohibit or limit the possibility of copying a work or software. These methods have the disadvantage of being complex to implement. In addition, they do not apply to the protection of printed documents. The present invention aims to remedy these disadvantages.
A cet effet, la présente invention vise, selon un troisième aspect, un procédé d'authentification, caractérisé en ce qu'il comporte : - une étape de report d'une matrice holographique sur un support,For this purpose, the present invention aims, in a third aspect, an authentication method, characterized in that it comprises: - a step of transfer of a holographic matrix on a support,
- une étape de marquage de ladite matrice holographique par tir laser, pour former un code numérique non interprétable à l'œil humain, maintenant les propriétés optiques de diffraction de la matrice holographique, et adapté à permettre la détection d'une copie d'un document réalisé à partir de ladite matrice holographique. Grâce à ces dispositions, les fonctions de protection du code numérique se combinent à celles de l'hologramme sans détruire les propriétés optiques de diffraction permettant la visualisation de l'hologramme.a step of marking said holographic matrix by laser firing, to form a numerical code which can not be interpreted by the human eye, maintaining the optical diffraction properties of the holographic matrix, and adapted to allow the detection of a copy of a document made from said holographic matrix. Thanks to these provisions, the protection functions of the digital code are combined with those of the hologram without destroying the optical diffraction properties allowing the hologram to be viewed.
Selon des caractéristiques particulières, au cours de l'étape de marquage, l'impact de chaque tir laser présente une plus grande dimension et une profondeur permettant de maintenir les propriétés optiques de diffraction de l'hologramme.According to particular features, during the marking step, the impact of each laser shot has a greater dimension and depth to maintain the diffractive optical properties of the hologram.
Selon des caractéristiques particulières, le procédé tel que succinctement exposé ci- dessus comporte une étape de détermination du code numérique pour que ce code numérique soit représentatif d'une identification d'un produit associé à l'hologramme représenté par la matrice holographique. Selon des caractéristiques particulières, au cours de l'étape de marquage, on forme une pluralité de codes numériques différents associés, chacun, à une matrice holographique identique.According to particular features, the method as briefly described above comprises a step of determining the digital code so that this digital code is representative of an identification of a product associated with the hologram represented by the holographic matrix. According to particular features, during the marking step, a plurality of different numerical codes are formed, each associated with an identical holographic matrix.
Grâce à ces dispositions, les différents produits réalisés à partir des matrices holographiques identiques associées à des codes numériques différents sont différents et donc permettent une meilleure traçabilité.Thanks to these provisions, the different products made from identical holographic matrices associated with different numerical codes are different and therefore allow better traceability.
Selon des caractéristiques particulières, au cours de l'étape de marquage, on positionne les codes numériques, par rapport aux matrices holographiques correspondantes, en différentes positions.According to particular characteristics, during the marking step, the numerical codes are positioned, with respect to the corresponding holographic matrices, in different positions.
Selon des caractéristiques particulières, au cours de l'étape de marquage, la position relative du code numérique et de la matrice holographique est fonction d'une information représentée par ledit code numérique. Selon des caractéristiques particulières, le procédé tel que succinctement exposé ci- dessus comporte une étape de détermination d'un code additionnel et une étape d'impression dudit code additionnel sur un document formé à partir de ladite matrice holographique. Selon un quatrième aspect, la présente invention vise un dispositif d'authentification, caractérisé en ce qu'il comporte :According to particular features, during the marking step, the relative position of the digital code and the holographic matrix is a function of information represented by said digital code. According to particular features, the method as briefly described above comprises a step of determining an additional code and a step of printing said additional code on a document formed from said holographic matrix. According to a fourth aspect, the present invention aims at an authentication device, characterized in that it comprises:
- un moyen de report d'une matrice holographique sur un support,a means of transferring a holographic matrix on a support,
- un moyen de marquage de ladite matrice holographique par tir laser, pour former un code numérique non interprétable à l'œil humain, maintenant les propriétés optiques de diffraction de la matrice holographique, et adapté à permettre la détection d'une copie d'un document réalisé à partir de ladite matrice holographique. Les avantages, buts et caractéristiques particulières de ce dispositif étant similaires à ceux du procédé objet du troisième aspect, tel que succinctement exposé ci-dessus, ils ne sont pas rappelés ici. La présente invention concerne aussi un procédé et un dispositif d'authentification de pièces moulées. Elle s'applique, en particulier au marquage de moules et de pièces moulées avec de l'information permettant la détection de copies et à la lutte contre la contrefaçon.a means for marking said holographic matrix by laser firing, to form a numerical code which can not be interpreted by the human eye, maintaining the optical diffraction properties of the holographic matrix, and adapted to allow the detection of a copy of a document made from said holographic matrix. The advantages, aims and special features of this device being similar to those of the process object of the third aspect, as succinctly described above, they are not recalled here. The present invention also relates to a method and a device for authenticating molded parts. It applies, in particular to the marking of molds and molded parts with information enabling the detection of copies and the fight against counterfeiting.
On connaît de nombreuses méthodes dans le domaine de la gestion de droits numériques, connues sous le nom de DRM (acronyme de Digital Right Management pour gestion de droits numérique). Ces méthodes s'appliquent généralement aux logiciels et aux œuvres multimédias et visent à interdire ou à limiter la possibilité de copie d'une œuvre ou d'un logiciel. Ces méthodes présentent l'inconvénient d'être complexes à mettre en œuvre. De plus, elles ne s'appliquent pas à la protection de documents imprimés.Numerous methods are known in the field of digital rights management, known as DRM (acronym for Digital Right Management). These methods generally apply to software and multimedia works and are intended to prohibit or limit the possibility of copying a work or software. These methods have the disadvantage of being complex to implement. In addition, they do not apply to the protection of printed documents.
La présente invention vise à remédier à ces inconvénients. A cet effet, la présente invention vise, selon un cinquième aspect, un procédé d'authentification, caractérisé en ce qu'il comporte :The present invention aims to remedy these disadvantages. For this purpose, the present invention aims, in a fifth aspect, an authentication method, characterized in that it comprises:
- une étape de réalisation d'un moule,a step of producing a mold,
- une étape de marquage dudit moule par tir laser, pour former un code numérique non interprétable à l'œil humain adapté à permettre la détection de copie du moule réalisée à partir de pièces moulées avec ledit moule, ou de pièces moulées réalisées à partir dudit moule copié.a step of marking said mold by laser firing, to form a numerical code that can not be interpreted by the human eye, adapted to allow the detection of a copy of the mold made from molded parts with said mold, or molded parts made from said mold; mold copied.
Grâce à ces dispositions, les fonctions de protection du code numérique se combinent à celles du moule sans modifier sensiblement la pièce moulée.Thanks to these provisions, the protection functions of the digital code are combined with those of the mold without substantially modifying the molded part.
Selon des caractéristiques particulières, le procédé tel que succinctement exposé ci- dessus comporte une étape de détermination du code numérique pour que ce code numérique soit représentatif d'une identification du moule ou des pièces moulées avec ledit Selon des caractéristiques particulières, le procédé tel que succinctement exposé ci-dessus comporte une étape de détermination d'un code additionnel et une étape d'impression dudit code additionnel sur une pièce moulée avec ledit moule.According to particular features, the method as briefly described above comprises a step of determining the numerical code so that this numerical code is representative of an identification of the mold or molded parts with said According to particular features, the method as briefly described above comprises a step of determining an additional code and a step of printing said additional code on a part molded with said mold.
Selon un sixième aspect, la présente invention vise un dispositif d'authentification, caractérisé en ce qu'il comporte : un moyen de réalisation d'un moule et un moyen de marquage dudit moule, par tir laser, pour former un code numérique non interprétable à l'œil humain adapté à permettre la détection de copie du moule réalisée à partir de pièces moulées avec ledit moule, ou de pièces moulées réalisées à partir dudit moule copié.According to a sixth aspect, the present invention relates to an authentication device, characterized in that it comprises: means for producing a mold and means for marking said mold, by laser firing, to form a non-interpretable digital code the human eye adapted to allow the detection of copy of the mold made from molded parts with said mold, or molded parts made from said copied mold.
Les avantages, buts et caractéristiques particulières de ce dispositif étant similaires à ceux du procédé objet du cinquième aspect, tel que succinctement exposé ci-dessus, ils ne sont pas rappelés ici.The advantages, aims and particular characteristics of this device being similar to those of the process object of the fifth aspect, as briefly described above, they are not recalled here.
D'autres avantages, buts et caractéristiques de la présente invention ressortiront de la description qui va suivre, faite, dans un but explicatif et nullement limitatif en regard des dessins annexés dans lesquels : la figure 1 représente, sous forme d'un schéma fonctionnel, les fonctions et étapes mises en oeuvre dans un mode de réalisation particulier du procédé objet du premier aspect de la présente invention pour générer un code d'authentification, - la figure 2 représente, sous forme d'un schéma fonctionnel, les fonctions et étapes mises en œuvre pour vérifier l'authenticité d'un code d'authentification, selon les premier et deuxième aspects de Ia présente invention, la figure 3 représente, schématiquement, un mode de réalisation particulier d'un dispositif objet du quatrième aspect de la présente invention, - la figure 4 représente, schématiquement et en coupe, une matrice holographique marquée par le dispositif illustré en figure 3,Other advantages, aims and features of the present invention will emerge from the description which follows, made for an explanatory and non-limiting purpose with reference to the accompanying drawings, in which: FIG. 1 represents, in the form of a block diagram, the functions and steps implemented in a particular embodiment of the method that is the subject of the first aspect of the present invention for generating an authentication code; FIG. 2 represents, in the form of a functional diagram, the functions and steps taken; In order to verify the authenticity of an authentication code, according to the first and second aspects of the present invention, FIG. 3 represents, schematically, a particular embodiment of a device that is the subject of the fourth aspect of the present invention. FIG. 4 represents, schematically and in section, a holographic matrix marked by the device illustrated in FIG. 3,
- la figure 5 représente, sous forme d'un logigramme, des étapes mises en œuvre dans un mode de réalisation particulier du procédé objet du troisième aspect de la présente invention, - la figure 6 représente, schématiquement, un mode de réalisation particulier d'un dispositif objet du sixième aspect de la présente invention,FIG. 5 represents, in the form of a logic diagram, the steps implemented in a particular embodiment of the method that is the subject of the third aspect of the present invention; FIG. 6 schematically represents a particular embodiment of FIG. a device object of the sixth aspect of the present invention,
- la figure 7 représente, schématiquement et en coupe, un moule marqué par le dispositif illustré en figure 6 etFIG. 7 represents, schematically and in section, a mold marked by the device illustrated in FIG.
- la figure 8 représente, sous forme d'un logigramme, des étapes mises en œuvre dans un mode de réalisation particulier du procédé objet du cinquième aspect de la présente invention. Dans toute la description des premier et deuxième aspects (figures 1 et 2), on utilise indifféremment les termes de chiffrage ou d'encryption, ces fonctions consistant à encrypter des données en mettant en œuvre une clé d'encryption.FIG. 8 represents, in the form of a logic diagram, the steps implemented in a particular embodiment of the method that is the subject of the fifth aspect of the present invention. Throughout the description of the first and second aspects (FIGS. 1 and 2), the terms encryption or encryption are used interchangeably, these functions of encrypting data by implementing an encryption key.
On observe, en figure 1, un moyen de génération de nombres aléatoires 100 réalisant la fonction de génération de nombres aléatoires 105, une clé matérielle 110 réalisant la fonction de fourniture d'horodatage 115, une mémoire de conservation d'une première clé secrète 120, une fonction de troncature de code d'authentification de message 125, une mémoire de conservation d'une deuxième clé secrète 130, une fonction d'encryption symétrique 135, une sortie de condensât 140 et une sortie de code d'authentification 145. Le moyen de génération de nombres aléatoires 100 fournit, pour chaque processus de génération d'un code d'authentification et du condensât associé, un nombre aléatoire 105 différent. Préférentiellement, ce moyen de génération de nombres aléatoires comporte un générateur quantique pour que ces nombres ne soient pas pseudo-aléatoires, ce qui nuirait à la sécurité du processus. La clé matérielle 110 est, par exemple une clé enfichable dans un port USB. Elle conserve une horloge qui ne peut être modifiée par des interactions avec cette clé. Les horodatage fournis par la clé matérielle 110 représentent la date, l'heure, la minute et la seconde à laquelle cet horodatage est fourni.FIG. 1 shows a random number generating means 100 realizing the random number generation function 105, a hardware key 110 realizing the timestamping function 115, a storage memory of a first secret key 120 , a message authentication code truncation function 125, a storage memory of a second secret key 130, a symmetric encryption function 135, a condensate output 140 and an authentication code output 145. random number generating means 100 provides, for each process of generating an authentication code and the associated condensate, a different random number 105. Preferably, this means for generating random numbers comprises a quantum generator so that these numbers are not pseudo-random, which would be detrimental to the security of the process. The hardware key 110 is, for example a plug-in key in a USB port. It keeps a clock that can not be modified by interactions with this key. The timestamps provided by the hardware key 110 represent the date, time, minute, and second that this timestamp is provided.
La mémoire de conservation d'une première clé secrète 120 peut être portable, par exemple sous la forme d'une clé enfichable dans le port d'un ordinateur ou accessible uniquement sur un serveur sécurisé et fourni sur requête après identification de l'émetteur de la requête.The storage memory of a first secret key 120 may be portable, for example in the form of a plug-in key in the port of a computer or accessible only on a secure server and provided on request after identification of the transmitter. the request.
La fonction de troncature de code d'authentification de message 125. Pour la mise en œuvre de cette fonction de troncature, connue de l'homme du métier, le lecteur pourra se référer au document « http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf ». Avec cette fonction, un authentifiant de message cryptographique est généré selon le standard cryptographique « Keyed-Hash Message Authentication Code » (en français code d'authentification de condensât avec clé) en mettant en œuvre la première clé secrète. Cette signature est tronqué conformément au standard afin d'en limiter la taille. On observe que la troncature permet de conserver une taille raisonnable au code imprimé. Pour des raisons pratiques, la petite taille du code présente ainsi des avantages de compacité et d'esthétique.Message authentication code truncation function 125. For the implementation of this truncation function, known to those skilled in the art, the reader can refer to the document "http://csrc.nist.gov/ publications / fips / fips198 / fips-198a.pdf ». With this function, a cryptographic message authenticator is generated according to the cryptographic standard "Keyed-Hash Message Authentication Code" by implementing the first secret key. This signature is truncated according to the standard in order to limit its size. It is observed that the truncation makes it possible to keep a reasonable size to the printed code. For practical reasons, the small size of the code thus has advantages of compactness and aesthetics.
La mémoire de conservation de la deuxième clé secrète 130 peut, elle aussi, être portable ou accessible uniquement sur un serveur sécurisé. La fonction d'encryption symétrique 135 met en œuvre un algorithme de chiffrement symétrique (par exemple, les algorithmes connus sous les noms de Rijndael,DES, (marque déposée) présente les avantages d'être rapide, gratuit et considéré comme robuste. En ce qui concerne Blowfish, le lecteur pourra se référer au document http://www.schneier.com/paper-blowfish-fse.html.The storage memory of the second secret key 130 may also be portable or accessible only on a secure server. The symmetric encryption function 135 implements a symmetric encryption algorithm (for example, the algorithms known as Rijndael, DES, (registered trademark) has the advantages of being fast, free and considered robust. Regarding Blowfish, the reader can refer to the document http://www.schneier.com/paper-blowfish-fse.html.
La fonction d'encryption symétrique génère un code comportant des caractères alphanumériques et un condensât. On rappelle qu'un condensât est aussi appelé « hash » ou, dans sa forme la plus simple « checksum », pour somme de vérification. La sortie de condensât 140 et la sortie de code d'authentification 145 permettent d'associer le code d'authentification et le condensât à un produit afin qu'ils deviennent solidaires et permettent l'authentification du produit. Par exemple, ces sorties 140 et 145 sont reliéee à une imprimante à jet d'encre qui les imprime sur le produit, son étiquette ou son emballage. Les grands nombres utilisés dans le procédé de génération de code d'authentification garantissent que la détection de deux codes identiques permet de détecter immédiatement une falsification du produit protégé par ce code d'authentification.The symmetric encryption function generates a code comprising alphanumeric characters and a condensate. It is recalled that a condensate is also called "hash" or, in its simplest form "checksum", for checksum. The condensate outlet 140 and the authentication code output 145 make it possible to associate the authentication code and the condensate with a product so that they become integral and make it possible to authenticate the product. For example, these outputs 140 and 145 are connected to an inkjet printer which prints them on the product, its label or its packaging. The large numbers used in the authentication code generation method ensure that the detection of two identical codes makes it possible to immediately detect a falsification of the product protected by this authentication code.
Préférentiellement, le propriétaire des droits de propriété intellectuelle ou industrielle liés à des produits maîtrise la fourniture, à chacun des sites de production de ces produits, des deux clés mises en œuvre dans le processus de génération de codes d'authentification. Il peut donc décider de la fréquence de changement de ces clés secrètes.Preferably, the owner of the intellectual property rights related to products controls the supply, at each of the production sites of these products, of the two keys implemented in the process of generation of authentication codes. He can therefore decide on the frequency of change of these secret keys.
Préférentiellement, le procédé de génération de codes d'authentification comporte une étape de modification régulière et automatique de la première clé secrète de chaque site de production, chaque nouvelle première clé secrète étant immédiatement transmise au site de production concerné.Preferably, the method for generating authentication codes comprises a step of regular and automatic modification of the first secret key of each production site, each new first secret key being immediately transmitted to the production site concerned.
Comme on le voit, à la lecture de la description de la figure 1, le procédé d'authentification objet de la présente invention comporte :As can be seen, on reading the description of FIG. 1, the authentication method that is the subject of the present invention comprises:
- une étape de génération d'un nombre aléatoire, - une étape de génération d'un horodatage, une étape de génération d'une première clé secrète, une étape de troncature de code d'authentification de message mettant en œuvre ladite première clé secrète,a step of generating a random number, a step of generating a time stamp, a step of generating a first secret key, a step of truncating the message authentication code implementing said first secret key. ,
- une étape d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature, en mettant en œuvre une deuxième clé secrète pour produire un code d'authentification.a step of symmetric encryption of the random number, the timestamp and the truncation, by implementing a second secret key to produce an authentication code.
Ainsi, de nombreuses informations peuvent être encryptées, y compris la date de création du code, un nombre aléatoire et une troncature. De plus, grâce à la connaissance de la deuxième clé secrète, on peut retrouver ces informations encryptées. Cependant, la première clé secrète est utile pour récupérer des informations d'authentification. Ainsi, chaque site de production met en oeuvre deux clés secrètes. En testant les différentes clés secrètes possibles sur un code, on peut ainsi déterminer l'origine de ce code et sa date de création.Thus, a lot of information can be encrypted, including code creation date, random number and truncation. Moreover, thanks to the knowledge of the second secret key, one can find this encrypted information. However, the first secret key is useful for retrieving authentication information. Thus, each production site implements two secret keys. By testing the different keys secret possible on a code, one can thus determine the origin of this code and its date of creation.
On comprend aussi que la mise en oeuvre de la présente invention permet d'éviter d'avoir à maintenir une base de données des codes d'authentification générés, ce qui simplifie le fonctionnement de l'outil de production.It is also understood that the implementation of the present invention avoids having to maintain a database of generated authentication codes, which simplifies the operation of the production tool.
On observe, en figure 2, une entrée 205 d'un code d'authentification et d'un condensât, une fonction de vérification de condensât 210, une fonction de décryption symétrique 215 mettant en œuvre deux clés de décryption 220 et 225 et une fonction de vérification d'authenticité 230. En ce qui concerne la vérification de code d'authentification, le mode de réalisation particulier du procédé objet de la présente invention met en œuvre deux niveaux de vérifications : a) une vérification de l'intégrité du message : en utilisant toutes les paires de clés cryptographiques (clés secrètes 1 et 2) connues, on vérifie que le message est intègre. Cette intégrité est vérifiée par comparaison de la signature (HMAC) calculée après décryptage du chiffrement symétrique et de la signature du token, b) une vérification de cohérence du message : une fois vérifiée l'intégrité, on s'assure que le message est structurellement cohérent. En effet, un générateur de code dérobé à son propriétaire continue à générer des codes intègres. Cependant la date contenue dans le code permet de distinguer les tokens validesFIG. 2 shows an input 205 of an authentication code and a condensate, a condensate verification function 210, a symmetric decryption function 215 implementing two decryption keys 220 and 225 and a function Authenticity verification system 230. With regard to authentication code verification, the particular embodiment of the method that is the subject of the present invention implements two levels of verification: a) a verification of the integrity of the message: using all the known cryptographic key pairs (secret keys 1 and 2), it is verified that the message is integrity. This integrity is verified by comparison of the signature (HMAC) calculated after decryption of the symmetric encryption and the signature of the token, b) a consistency check of the message: once integrity has been verified, it is ensured that the message is structurally coherent. Indeed, a code generator stolen from its owner continues to generate codes integrity. However the date contained in the code makes it possible to distinguish the valid tokens
(avant la date du vol) des codes incohérents (après la date du vol). La vérification de la cohérence est donc obtenue en comparant les trois éléments suivants : numéro du générateur (site) ; date du code ; clés cryptographiques validée à l'étape de vérification d'intégrité, au référentiel des données générés sur les clés USB.(before the date of the flight) inconsistent codes (after the date of the flight). The consistency check is therefore obtained by comparing the following three elements: generator number (site); code date; cryptographic keys validated at the integrity check step, at the repository of the data generated on the USB keys.
Le code dont il est question dans ce document est destiné à être marqué ou imprimé en clair sur les produits. En variante, le consommateur qui souhaite s'informer sur un produit en sa possession peut utiliser un site web ou un centre d'appel équipé pour vérifier l'intégrité et la cohérence du code. Cette consultation fournit une présomption de contrefaçon dans les cas suivants :The code referred to in this document is intended to be marked or printed in clear on the products. Alternatively, the consumer who wants to learn about a product in his possession can use a website or a call center equipped to check the integrity and consistency of the code. This consultation provides a presumption of infringement in the following cases:
- le code n'est pas intègre ou est incohérent ou- the code is not honest or is inconsistent or
- le code à déjà été vérifié.- the code has already been verified.
En ce qui concerne les troisième et quatrième aspects de la présente invention, on observe, en figure 3, un moyen de détermination d'un code numérique 300, un moyen de conception graphique 305, un moyen 310 de report d'une matrice holographique 315 sur un support 320 et un moyen de marquage 325. Le moyen de détermination de code numérique 300 est de type connu. Il est adapté à déterminer un code numérique présentant au moins les fonctions suivantes :With regard to the third and fourth aspects of the present invention, FIG. 3 shows a means for determining a digital code 300, a graphic design means 305, a means 310 for transferring a holographic matrix 315 on a support 320 and a marking means 325. The digital code determining means 300 is of known type. It is adapted to determine a numerical code having at least the following functions:
- d'une part, représenter une information identifiant un produit, une date de fabrication, un fabricant, un propriétaire de droits, un ordre de fabrication et/ou un lieu de fabrication, par exemple, de manière suffisamment robuste pour que, même si ce code numérique est détériorer, par exemple par copie, au moins une partie de l'information qu'il représente reste accessible eton the one hand, to represent information identifying a product, a date of manufacture, a manufacturer, a rights owner, a production order and / or a place of manufacture, for example, in a sufficiently robust manner that, even if this digital code is deteriorating, for example by copy, at least part of the information it represents remains accessible and
- d'autre part, permettre de détecter toute copie de ce code numérique avec des moyens de scannerisation et d'impression de type connu. Pour réaliser la première fonction indiquée ci-dessus, le code numérique peut comporter des redondances et/ou des codes de correction d'erreur, connus sous le nom de « checksum » (pour somme de vérification) ou de « CRC » (pour code redondant de vérification). Pour réaliser la deuxième fonction l'entroprie du code et/ou la dimension de son impression sont adaptés, selon des techniques connues en matière de codes anti-copie. Le code numérique est transmis par le moyen de détermination de code numérique au moyen de marquage 325.- On the other hand, to detect any copy of this digital code with means of scanning and printing of known type. To perform the first function indicated above, the numerical code may include redundancies and / or error correction codes, known as "checksum" (for checksum) or "CRC" (for code redundant verification). In order to perform the second function, the entropy of the code and / or the dimension of its printing are adapted according to known anti-copy code techniques. The digital code is transmitted by the digital code determination means by means of marking 325.
Le moyen de conception graphique 305 est de type connu. Il permet de définir chaque élément graphique d'une matrice holographique 315 destinée à être reportée, par le moyen de report 310, sur le support 320 en vue d'imprimer des hologrammes sur des documents imprimés.The graphic design means 305 is of known type. It makes it possible to define each graphical element of a holographic matrix 315 intended to be carried by the transfer means 310 on the support 320 in order to print holograms on printed documents.
Le moyen de report 310 est de type connu. Le support 320 est, généralement, en nickel.The transfer means 310 is of known type. The support 320 is, generally, nickel.
Le moyen de marquage 325 est adapté à effectuer des tirs laser sur le support 320, une fois que celui-ci présente la matrice holographique, en des points définis par le code numérique. Par exemple, le code numérique prend la forme d'une matrice de points pouvant prendre deux valeurs, l'une de ces valeurs étant associée à un tir laser et l'autre n'y étant pas associée. Le moyen de marquage 325 est préférentiellement adapté à effectuer des tirs laser dont l'impact possède un diamètre et une profondeur permettant de maintenir les propriété optique de diffraction de l'hologramme. On observe, en figure 4, le support 320 portant la matrice holographique 315 et des impacts de tir laser 405. Chaque impact 405 présente une plus grande dimension et une profondeur maintenant les propriétés optiques de diffraction de l'hologramme réalisé à partir de la matrice holographique. On observe que les impacts 405 peuvent se trouver sur la matrice holographique 315 ou en dehors de celle-ci. Du fait des dimensions respectives cités ci-dessus, les impacts 405 et la matrice holographique 315 ne sont pas, en figure 4, à l'échelle. On observe, en figure 5, que le procédé d'authentification comporte, d'abord, une étape 505 de détermination du code numérique pour que ce code numérique soit représentatif d'une identification d'un produit associé à l'hologramme représenté par la matrice holographique. Puis, au cours d'une étape 510 de report, on reporte une matrice holographique sur un support.The marking means 325 is adapted to perform laser shots on the support 320, once it has the holographic matrix, at points defined by the numerical code. For example, the numerical code takes the form of a matrix of points that can take two values, one of these values being associated with a laser shot and the other being not associated with it. The marking means 325 is preferably adapted to perform laser shots whose impact has a diameter and a depth to maintain the optical diffraction property of the hologram. FIG. 4 shows the support 320 carrying the holographic matrix 315 and the laser firing impacts 405. Each impact 405 has a larger dimension and a depth which maintains the optical diffraction properties of the hologram made from the matrix. holographic. It is observed that the impacts 405 can be on the holographic matrix 315 or outside thereof. Because of the respective dimensions cited above, the impacts 405 and the holographic matrix 315 are not, in FIG. 4, to scale. FIG. 5 shows that the authentication method comprises, firstly, a step 505 for determining the digital code so that this digital code is representative of an identification of a product associated with the hologram represented by the holographic matrix. Then, during a step 510 of report, a holographic matrix is transferred to a support.
Au cours d'une étape 515, on forme une pluralité de codes numériques différents associés, chacun, à une matrice holographique identique et les positions des codes numériques pour que les codes numériques se retrouvent, par rapport aux matrices holographiques correspondantes, en différentes positions, positions fonction d'une information représentée par ledit code numérique.During a step 515, a plurality of different numerical codes each associated with an identical holographic matrix and the positions of the numerical codes are formed so that the numerical codes are found, with respect to the corresponding holographic matrices, in different positions, positions according to information represented by said digital code.
Au cours d'une étape 520 de marquage, on marque ladite matrice holographique par tir laser, pour former le code numérique non interprétable à l'œil humain, maintenant les propriétés optiques de diffraction de la matrice holographique, et adapté à permettre la détection d'une copie d'un document réalisé à partir de ladite matrice holographique.During a marking step 520, said holographic matrix is marked by laser firing, to form the numerical code which can not be interpreted by the human eye, maintaining the optical diffraction properties of the holographic matrix, and adapted to enable the detection of a copy of a document made from said holographic matrix.
Au cours de l'étape 520 de marquage, l'impact de chaque tir laser présente une plus grande dimension et une profondeur permettant de maintenir les propriétés optiques de diffraction de l'hologramme.During the marking step 520, the impact of each laser shot has a larger dimension and a depth to maintain the diffractive optical properties of the hologram.
Au cours d'une étape 525, on détermine un code additionnel et, au cours d'une étape 530, on imprime ledit code additionnel sur un document formé à partir de ladite matrice holographique.During a step 525, an additional code is determined and, during a step 530, said additional code is printed on a document formed from said holographic matrix.
Ainsi, par la mise en œuvre du procédé objet de la présente invention, les fonctions de protection du code numérique se combinent à celles de l'hologramme sans détruire les propriétés optiques de diffraction permettant la visualisation de l'hologramme. Les différents produits réalisés à partir des matrices holographiques identiques associées à des codes numériques différents sont différents et donc permettent une meilleure traçabilité.Thus, by implementing the method that is the subject of the present invention, the protection functions of the digital code are combined with those of the hologram without destroying the optical diffraction properties enabling the hologram to be viewed. The different products made from identical holographic matrices associated with different numerical codes are different and therefore allow better traceability.
La conservation des optiques de diffraction a pour avantage que la marque reste inaperçue. En ce qui concerne le code additionnel évoqué aux étapes 525 et 530, ils peuvent être rendus invulnérables au décodage. Par exemple, ces codes mettent en œuvre des bi- clés conformes à l'infrastructure à clés publiques PKI (pour public key infrastructure). Ces codes sont fournis, à la demande, aux serveurs de titulaires des droits abonnés.The advantage of preserving diffractive optics is that the mark remains unnoticed. With respect to the additional code discussed in steps 525 and 530, they can be made invulnerable to decoding. For example, these codes implement bi-keys in accordance with PKI public key infrastructure. These codes are provided, upon request, to the holders of the subscribed rights holders.
Préférentiellement, ces codes additionnels représentent un premier contenu, par exemple, un code peut représenter le nom du titulaire des droits, une référence de produit à marquer et/ou une date de génération du code et sont, éventuellement uniques, c'est-à-dire Préférentiellement, les codes additionnels comportent des codes de correction d'erreur, par exemple de type connu sous le nom de « CRC ».Preferably, these additional codes represent a first content, for example, a code can represent the name of the rights holder, a product reference to be marked and / or a date of generation of the code and are possibly unique, that is to say -say Preferably, the additional codes include error correction codes, for example of the type known as "CRC".
Pour imprimer chaque code additionnel, on génère, à partir du code additionnel, des marques représentatives de ce code additionnel et, préférentiellement, d'une clé spécifiquement attribuée au produit dans ledit ensemble de produits, la marque représentative étant, en conséquence, différente pour chaque produit dudit ensemble.To print each additional code, from the additional code are generated marks representative of this additional code and, preferably, of a key specifically assigned to the product in said set of products, the representative mark being, accordingly, different for each product of said set.
On observe que la marque peut prendre plusieurs formes. Selon un premier exemple,It is observed that the brand can take many forms. According to a first example,
Ia marque est un code à barres associé au produit. Selon un deuxième exemple, la marque est un ensemble de caractères alphanumériques associé au produit. Selon un troisième exemple, la marque est un code à barres en au moins deux dimensions ou une matrice de données, connue sous le nom de datamatrix, associé au produit.The mark is a barcode associated with the product. According to a second example, the mark is a set of alphanumeric characters associated with the product. In a third example, the mark is a bar code in at least two dimensions or a data matrix, known as datamatrix, associated with the product.
La marque représentative du code additionnel peut être imprimé par une imprimante à jet d'encre ou peut être formé, dans la matière du produit ou de l'emballage, par impact d'un faisceau laser ou imprimé par transfert thermique. Dans des modes de réalisation particuliers, on effectue la lecture, par exemple par l'intermédiaire d'une caméra, des impacts lasers et, en fonction de l'information lue, on modifie, par exemple par codage, le code additionnel associé au produit. En variante, la marque est rendue invisible par le choix d'un procédé de fabrication particulier, par exemple modifiant localement le coefficient de réflexion de l'étiquette ou de l'emballage ou mettant en œuvre une encre invisible de type connu.The representative mark of the additional code may be printed by an ink jet printer or may be formed in the material of the product or package by impact of a laser beam or printed by thermal transfer. In particular embodiments, the laser impacts are read, for example by means of a camera, and, depending on the information read, the additional code associated with the product is modified, for example by coding. . Alternatively, the mark is made invisible by the choice of a particular manufacturing method, for example locally modifying the reflection coefficient of the label or packaging or implementing an invisible ink of known type.
En variante, la marque est copiée en plusieurs parties de l'emballage. En ce qui concerne les cinquième et sixième aspects de la présente invention on observe, en figure 6, un moyen de détermination d'un code numérique 600, un moyen de conception de moule 605, un moyen 610 de fabrication d'un moule 615 et un moyen de marquage 625.Alternatively, the mark is copied into several parts of the package. With regard to the fifth and sixth aspects of the present invention, FIG. 6 shows a means for determining a digital code 600, a mold design means 605, a means 610 for manufacturing a mold 615, and marking means 625.
Le moyen de détermination de code numérique 600 est de type connu. Il est adapté à déterminer un code numérique présentant au moins les fonctions suivantes :The digital code determining means 600 is of known type. It is adapted to determine a numerical code having at least the following functions:
- d'une part, représenter une information identifiant un produit, une date de fabrication, un fabricant, un propriétaire de droits, un ordre de fabrication et/ou un lieu de fabrication, par exemple, de manière suffisamment robuste pour que, même si ce code numérique est détériorer, par exemple par copie, au moins une partie de l'information qu'il représente reste accessible eton the one hand, to represent information identifying a product, a date of manufacture, a manufacturer, a rights owner, a production order and / or a place of manufacture, for example, in a sufficiently robust manner that, even if this digital code is deteriorating, for example by copy, at least part of the information it represents remains accessible and
- d'autre part, permettre de détecter toute copie de ce code numérique avec des moyens de capture et de fabrication de type connu. Pour réaliser la première fonction indiquée ci-dessus, le code numérique peut comporter des redondances et/ou des codes de correction d'erreur, connus sous le nom de vérification). Pour réaliser la deuxième fonction, l'entroprie du code et/ou la dimension de son marquage sont adaptés, selon des techniques connues en matière de codes anti-copie. Le code numérique est transmis par le moyen de détermination de code numérique au moyen de marquage 625. Le moyen de conception de moule 605 est de type connu, par exemple de type ordinateur doté d'un logiciel de conception assistée par ordinateur. Il permet de définir chaque élément d'un moule 615 destinée à être fabriqué, par le moyen de fabrication 610, en vue de mouler des pièces, par exemple en matière plastique.on the other hand, it is possible to detect any copy of this digital code with known type of capture and manufacturing means. To perform the first function indicated above, the numerical code may include redundancies and / or error correction codes, known as verification). To perform the second function, the entropy code and / or the size of its marking are adapted, according to known techniques in copying codes. The digital code is transmitted by the digital code determination means by means of marking 625. The mold design means 605 is of known type, for example computer type having computer-aided design software. It defines each element of a mold 615 to be manufactured by the manufacturing means 610 for molding parts, for example plastic.
Le moyen de fabrication 610 est de type connu. Le moyen de marquage 625 est adapté à effectuer des tirs laser sur le moule 615, une fois que celui-ci est fabriqué ou sur le matériau servant à la réalisation de ce moule 615, en des points définis par le code numérique. Par exemple, le code numérique prend la forme d'une matrice de points pouvant prendre deux valeurs, l'une de ces valeurs étant associée à un tir laser et l'autre n'y étant pas associée. Le moyen de marquage 625 est préférentiellement adapté à effectuer des tirs laser dont l'impact possède un diamètre et une profondeur permettant de détecter une copie du moule réalisée à partir d'une pièce moulée avec le moule 615 et des pièces moulées à partir de cette copie de moule.The manufacturing means 610 is of known type. The marking means 625 is adapted to perform laser shots on the mold 615, once it is manufactured or on the material used for producing the mold 615, at points defined by the numerical code. For example, the numerical code takes the form of a matrix of points that can take two values, one of these values being associated with a laser shot and the other being not associated with it. The marking means 625 is preferably adapted to perform laser shots whose impact has a diameter and a depth to detect a copy of the mold made from a molded part with the mold 615 and molded parts from this mold. copy of mold.
On observe, en figure 7, le moule 615 et des impacts de tir laser 705. On observe que les impacts 705 peuvent se trouver sur une partie plane ou courbée du moule 615. Du fait des dimensions respectives, les impacts 705 et le moule 615 ne sont pas, en figure 7, à l'échelle.FIG. 7 shows the mold 615 and laser firing impacts 705. It can be seen that the impacts 705 may be on a flat or curved part of the mold 615. Due to the respective dimensions, the impacts 705 and the mold 615 are not, in Figure 7, to scale.
On observe, en figure 8, que le procédé d'authentification comporte, d'abord, une étape 805 de détermination du code numérique pour que ce code numérique soit représentatif d'une identification du moule 615 ou des pièces moulées à partir de ce moule 615.It can be seen in FIG. 8 that the authentication method comprises, firstly, a step 805 for determining the digital code so that this numerical code is representative of an identification of the mold 615 or molded parts from this mold 615.
Puis, au cours d'une étape 810 de fabrication, on fabrique le moule 615. Au cours d'une étape 820 de marquage, on marque le moule 615 par tir laser, pour former le code numérique non interprétable à l'œil humain, et adapté à permettre la détection d'une copie du moule réalisé à partir d'une pièce moulée avec le moule 615 ou d'un pièce moulée à partir de ladite copie.Then, during a manufacturing step 810, the mold 615 is manufactured. During a marking step 820, the mold 615 is marked by laser firing, to form the digital code that can not be interpreted by the human eye. and adapted to allow detection of a copy of the mold made from a molded part with the mold 615 or a molded part from said copy.
Au cours d'une étape 825, on détermine un code additionnel et, au cours d'une étape 830, on imprime ledit code additionnel sur une pièce moulée formée avec ledit moule 615.During a step 825, an additional code is determined and, during a step 830, said additional code is printed on a molded part formed with said mold 615.
Ainsi, par la mise en œuvre du procédé objet de la présente invention, les fonctions de protection du code numérique se combinent à celles du moule sans modifier sensiblement les pièces moulées.Thus, by implementing the method that is the subject of the present invention, the protection functions of the digital code combine with those of the mold without substantially modifying the molded parts.
Les différents produits réalisés à partir du moule permettent donc une meilleure traçabilité et Ia détection de copies et de contrefaçons. En ce qui concerne le code additionnel évoqué à l'étape 825, ils peuvent être rendus invulnérables au décodage. Par exemple, ces codes mettent en oeuvre des bi-clés conformes à l'infrastructure à clés publiques PKI (pour public key infrastructure). Ces codes sont fournis, à la demande, aux serveurs de titulaires des droits abonnés. Préférentiellement, ces codes additionnels représentent un premier contenu, par exemple, un code peut représenter le nom du titulaire des droits, une référence de produit à marquer et/ou une date de génération du code et sont, éventuellement uniques, c'est-à-dire affecter à un seul produit ou document imprimé.The various products made from the mold thus allow better traceability and the detection of copies and counterfeits. With respect to the additional code discussed in step 825, they can be made invulnerable to decoding. For example, these codes implement bi-keys in accordance with PKI (public key infrastructure) public key infrastructure. These codes are provided, upon request, to the holders of the subscribed rights holders. Preferably, these additional codes represent a first content, for example, a code can represent the name of the rights holder, a product reference to be marked and / or a date of generation of the code and are possibly unique, that is to say to assign to a single product or printed document.
Préférentiellement, les codes additionnels comportent des codes de correction d'erreur, par exemple de type connu sous le nom de « CRC ».Preferably, the additional codes include error correction codes, for example of the type known as "CRC".
Pour imprimer chaque code additionnel, on génère, à partir du code additionnel, des marques représentatives de ce code additionnel et, préférentiellement, d'une clé spécifiquement attribuée au produit dans ledit ensemble de produits, la marque représentative étant, en conséquence, différente pour chaque produit dudit ensemble. On observe que la marque imprimée peut prendre plusieurs formes. Selon un premier exemple, la marque est un code à barres associé au produit. Selon un deuxième exemple, la marque est un ensemble de caractères alphanumériques associé au produit. Selon un troisième exemple, la marque est un code à barres en au moins deux dimensions ou une matrice de données, connue sous le nom de datamatrix, associé au produit. La marque imprimée représentative du code additionnel peut être imprimé par une imprimante à jet d'encre ou peut être formé, dans la matière du produit ou de l'emballage, par impact d'un faisceau laser ou imprimé par transfert thermique.To print each additional code, from the additional code are generated marks representative of this additional code and, preferably, of a key specifically assigned to the product in said set of products, the representative mark being, accordingly, different for each product of said set. It is observed that the printed mark can take many forms. According to a first example, the mark is a barcode associated with the product. According to a second example, the mark is a set of alphanumeric characters associated with the product. In a third example, the mark is a bar code in at least two dimensions or a data matrix, known as datamatrix, associated with the product. The print mark representative of the additional code may be printed by an inkjet printer or may be formed in the material of the product or package by impact of a laser beam or printed by thermal transfer.
Dans des modes de réalisation particuliers, on effectue la lecture, par exemple par l'intermédiaire d'une caméra, des impacts lasers et, en fonction de l'information lue, on modifie, par exemple par codage, le code additionnel associé au produit.In particular embodiments, the laser impacts are read, for example by means of a camera, and, depending on the information read, the additional code associated with the product is modified, for example by coding. .
En variante, la marque imprimée est rendue invisible par le choix d'un procédé de fabrication particulier, par exemple modifiant localement le coefficient de réflexion de l'étiquette ou de l'emballage ou mettant en œuvre une encre invisible de type connu.In a variant, the printed mark is rendered invisible by the choice of a particular manufacturing method, for example locally modifying the reflection coefficient of the label or the packaging or implementing an invisible ink of known type.
En variante, la marque imprimée est copiée en plusieurs parties de l'emballage. Alternatively, the printed mark is copied into several parts of the package.

Claims

REVENDICATIONS
1 - Procédé d'authentification, caractérisé en ce qu'il comporte : une étape de génération d'un nombre aléatoire (105), - une étape de génération d'un horodatage (115),1 - Authentication method, characterized in that it comprises: a step of generating a random number (105), - a step of generating a time stamp (115),
- une étape de génération d'une première clé secrète (120),a step of generating a first secret key (120),
- une étape de troncature de code d'authentification de message mettant en œuvre ladite première clé secrète (125),a message authentication code truncation step implementing said first secret key (125),
- une étape d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature (135), en mettant en œuvre une deuxième clé secrète (130) pour produire un code d'authentification (145).a step of symmetric encryption of the random number, the timestamp and the truncation (135), by implementing a second secret key (130) to produce an authentication code (145).
2 - Procédé selon la revendication 1 , caractérisé en ce que, au cours de l'étape de génération d'un nombre aléatoire (105), on met en œuvre un générateur quantique (100).2 - Process according to claim 1, characterized in that, during the step of generating a random number (105), a quantum generator (100) is implemented.
3 - Procédé selon l'une quelconque des revendications 1 ou 2, caractérisé en ce que, au cours de l'étape de troncature (125), on génère un authentifiant de message cryptographique en mettant en œuvre la première clé secrète (120).3 - Process according to any one of claims 1 or 2, characterized in that, during the truncation step (125), generates a cryptographic message authenticator by implementing the first secret key (120).
4 - Procédé selon l'une quelconque des revendications 1 à 3, caractérisé en ce que, au cours de l'étape d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature (135), en mettant en œuvre la deuxième clé secrète, on produit, en outre, un condensât (140).4 - Process according to any one of claims 1 to 3, characterized in that, during the step of symmetric encryption of the random number, time stamping and truncation (135), by implementing the second secret key, it produces, in addition, a condensate (140).
5 - Procédé selon l'une quelconque des revendications 1 à 4, caractérisé en ce qu'il comporte une étape de modification régulière de la première clé secrète et de transmission de la nouvelle clé secrète à un site de production.5 - Process according to any one of claims 1 to 4, characterized in that it comprises a step of regularly changing the first secret key and transmission of the new secret key to a production site.
6 - Procédé selon l'une quelconque des revendications 1 à 5, caractérisé en ce que, au cours de l'étape d'encryption symétrique (135), on génère un code comportant des caractères alphanumériques.6 - Process according to any one of claims 1 to 5, characterized in that, during the symmetric encryption step (135), generates a code comprising alphanumeric characters.
7 - Dispositif d'authentification, caractérisé en ce qu'il comporte : un moyen de génération d'un nombre aléatoire,7 - Authentication device, characterized in that it comprises: means for generating a random number,
- un moyen de génération d'un horodatage, - un moyen de génération d'une première clé secrète, un moyen de troncature de code d'authentification de message mettant en œuvre ladite première clé secrète, un moyen d'encryption symétrique du nombre aléatoire, de l'horodatage et de la troncature, en mettant en œuvre une deuxième clé secrète pour produire un code d'authentification. a means for generating a time stamp, a means for generating a first secret key, a message authentication code truncation means implementing said first secret key, a means for symmetric encryption of the random number. , timestamping and truncation, by implementing a second secret key to produce an authentication code.
EP07730922A 2006-02-03 2007-02-05 Authentication method and device Withdrawn EP1985061A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP20140154203 EP2809030A3 (en) 2006-02-03 2007-02-05 Authentication method and device

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
FR0601004A FR2907288B1 (en) 2006-02-03 2006-02-03 AUTHENTICATION METHOD AND DEVICE
FR0601625A FR2897955B1 (en) 2006-02-24 2006-02-24 AUTHENTICATION METHOD AND DEVICE
FR0601739A FR2907245B1 (en) 2006-02-27 2006-02-27 METHOD AND DEVICE FOR AUTHENTICATING MOLDED PARTS
PCT/FR2007/000206 WO2007088288A1 (en) 2006-02-03 2007-02-05 Authentication method and device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
EP20140154203 Division EP2809030A3 (en) 2006-02-03 2007-02-05 Authentication method and device

Publications (1)

Publication Number Publication Date
EP1985061A1 true EP1985061A1 (en) 2008-10-29

Family

ID=38055442

Family Applications (2)

Application Number Title Priority Date Filing Date
EP20140154203 Withdrawn EP2809030A3 (en) 2006-02-03 2007-02-05 Authentication method and device
EP07730922A Withdrawn EP1985061A1 (en) 2006-02-03 2007-02-05 Authentication method and device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP20140154203 Withdrawn EP2809030A3 (en) 2006-02-03 2007-02-05 Authentication method and device

Country Status (3)

Country Link
US (2) US8125697B2 (en)
EP (2) EP2809030A3 (en)
WO (1) WO2007088288A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7162035B1 (en) 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
US8171567B1 (en) 2002-09-04 2012-05-01 Tracer Detection Technology Corp. Authentication method and system
US20090193265A1 (en) * 2008-01-25 2009-07-30 Sony Ericsson Mobile Communications Ab Fast database integrity protection apparatus and method
US7995196B1 (en) 2008-04-23 2011-08-09 Tracer Detection Technology Corp. Authentication method and system
US8452984B2 (en) * 2008-08-28 2013-05-28 Alcatel Lucent Message authentication code pre-computation with applications to secure memory
DE102009045133A1 (en) * 2009-09-29 2011-03-31 Robert Bosch Gmbh Method for manipulation protection of sensor data and sensor for this purpose
CN102622631A (en) * 2012-02-28 2012-08-01 深圳润鸿鑫数码技术有限公司 Anti-counterfeiting inspection device and anti-counterfeiting method for anti-counterfeiting equipment
US8534544B1 (en) * 2012-05-18 2013-09-17 Sri International System and method for authenticating a manufactured product with a mobile device
US9264404B1 (en) * 2012-08-15 2016-02-16 Marvell International Ltd. Encrypting data using time stamps
US20140061292A1 (en) * 2012-08-30 2014-03-06 Paul A. Meyers Intelligent Marketing Hardware and Software, Methods and Uses Thereof
US8505810B1 (en) * 2012-10-31 2013-08-13 Xerox Corporation Systems and methods for adding authenticating features to process molded parts and the resultant molded parts
FR3018130B1 (en) 2014-03-03 2016-03-25 Advanced Track & Trace METHOD OF MARKING A HOLOGRAPHIC MATRIX AND HOLOGRAPHIC MATRIX THUS OBTAINED
WO2015197494A1 (en) * 2014-06-23 2015-12-30 Philip Morris Products S.A. Method and system for marking manufactured items to detect unauthorised refilling
US9871660B2 (en) 2014-12-23 2018-01-16 Banco De Mexico Method for certifying and authentifying security documents based on a measure of the relative variations of the different processes involved in its manufacture
WO2017055676A1 (en) * 2015-09-30 2017-04-06 Nokia Technologies Oy Message verification
HK1213429A2 (en) 2015-12-31 2016-06-30 Master Dynamic Ltd Method of forming a marking on an article, and an article having a mark thereon
US20190139051A1 (en) * 2017-05-23 2019-05-09 Kenneth A. Kopf Biometric secure transaction system
CN109104393B (en) * 2017-06-20 2021-02-12 山东量子科学技术研究院有限公司 Identity authentication method, device and system
KR102152915B1 (en) * 2020-01-22 2020-09-07 주식회사 미래기술연구소 Method of really authentication using digital hologram tag converted by computer generated hologram

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4410431A1 (en) * 1994-03-25 1995-09-28 Giesecke & Devrient Gmbh ID card protected against unauthorized reproduction with a copier
WO1999004364A1 (en) * 1997-07-21 1999-01-28 Assure Systems, Inc. Verification of authenticity of goods by use of random numbers
WO2004081649A2 (en) * 2003-03-06 2004-09-23 Digimarc Corporation Camera and digital watermarking systems and methods
US20040201873A1 (en) * 2003-04-10 2004-10-14 Erickson Ronald R. Embedded information carrier for optical data
EP2264658A2 (en) * 2005-02-03 2010-12-22 Yottamark, Inc Method and system for deterring product conterfeiting, diversion and piracy

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5307410A (en) * 1993-05-25 1994-04-26 International Business Machines Corporation Interferometric quantum cryptographic key distribution system
US5294774A (en) * 1993-08-03 1994-03-15 Videojet Systems International, Inc. Laser marker system
EP1643340B1 (en) * 1995-02-13 2013-08-14 Intertrust Technologies Corp. Secure transaction management
JPH08281722A (en) 1995-04-18 1996-10-29 Kao Corp Molding and manufacture thereof
US5982896A (en) * 1996-12-23 1999-11-09 Pitney Bowes Inc. System and method of verifying cryptographic postage evidencing using a fixed key set
US5926796A (en) * 1997-05-05 1999-07-20 Walker Asset Management Limited Partnership Method and apparatus for selling subscriptions to periodicals in a retail environment
GB2326003B (en) 1997-06-07 2001-02-28 Aquasol Ltd Coding systems
US6125357A (en) * 1997-10-03 2000-09-26 Pitney Bowes Inc. Digital postal indicia employing machine and human verification
US6009416A (en) * 1998-03-31 1999-12-28 Pitney Bowes Inc. System and method for detection of errors in accounting for postal charges in controlled acceptance environment
US6799277B2 (en) * 1998-06-04 2004-09-28 Z4 Technologies, Inc. System and method for monitoring software
US6816968B1 (en) * 1998-07-10 2004-11-09 Silverbrook Research Pty Ltd Consumable authentication protocol and system
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
US6611916B1 (en) * 1998-12-17 2003-08-26 Pitney Bowes Inc. Method of authenticating membership for providing access to a secure environment by authenticating membership to an associated secure environment
US6938023B1 (en) * 1998-12-24 2005-08-30 Pitney Bowes Inc. Method of limiting key usage in a postage metering system that produces cryptographically secured indicium
US7197639B1 (en) * 1999-02-05 2007-03-27 Rsa Security Inc. Cryptographic countermeasures against connection depletion attacks
JP3646561B2 (en) * 1999-05-12 2005-05-11 日本電気株式会社 Key distribution method using quantum cryptography
EP1192608A2 (en) * 2000-04-19 2002-04-03 Magicaxess Electronic payment method and device
JP2001344537A (en) * 2000-05-31 2001-12-14 Ntt Docomo Inc Electronic value system, communication terminal and server
GB0016356D0 (en) * 2000-07-03 2000-08-23 Optaglio Ltd Optical structure
US7069435B2 (en) * 2000-12-19 2006-06-27 Tricipher, Inc. System and method for authentication in a crypto-system utilizing symmetric and asymmetric crypto-keys
US20020195732A1 (en) * 2001-06-20 2002-12-26 Clark Michael J. Apparatus and method for identifying ophthalmic molds
GB2400956B (en) 2002-01-03 2005-08-31 Robotic Vision Systems Apparatuses and methods to apply human and/or encoded machine readable identification to parts
JP2004072214A (en) * 2002-08-02 2004-03-04 Sharp Corp Electronic seal, ic card, authentication system for personal identification, and mobile apparatus
US7353382B2 (en) * 2002-08-08 2008-04-01 Fujitsu Limited Security framework and protocol for universal pervasive transactions
JP4290401B2 (en) * 2002-09-18 2009-07-08 三菱電機株式会社 Quantum key distribution method and communication apparatus
US20040267847A1 (en) * 2003-05-13 2004-12-30 Bsi2000, Inc. Hardware random-number generator
JP4200909B2 (en) * 2004-01-29 2008-12-24 日本電気株式会社 Random number generation and sharing system, encrypted communication device, and random number generation and sharing method used therefor
EP1715615B1 (en) * 2004-02-10 2016-04-06 Mitsubishi Electric Corporation Quantum key delivering method and communication device
US7606367B2 (en) * 2004-03-09 2009-10-20 Universrité de Geneve Quantum cryptography with fewer random numbers
JP2008502058A (en) * 2004-05-18 2008-01-24 シルバーブルック リサーチ ピーティワイ リミテッド Method and computer system for tracking security documents
JP2006048153A (en) * 2004-07-30 2006-02-16 Toshiba Corp Quantum cash system and apparatus
JP2006121524A (en) * 2004-10-22 2006-05-11 Toshiba Solutions Corp Public key encryption apparatus
JP4124194B2 (en) * 2004-11-01 2008-07-23 日本電気株式会社 Shared information generation method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4410431A1 (en) * 1994-03-25 1995-09-28 Giesecke & Devrient Gmbh ID card protected against unauthorized reproduction with a copier
WO1999004364A1 (en) * 1997-07-21 1999-01-28 Assure Systems, Inc. Verification of authenticity of goods by use of random numbers
WO2004081649A2 (en) * 2003-03-06 2004-09-23 Digimarc Corporation Camera and digital watermarking systems and methods
US20040201873A1 (en) * 2003-04-10 2004-10-14 Erickson Ronald R. Embedded information carrier for optical data
EP2264658A2 (en) * 2005-02-03 2010-12-22 Yottamark, Inc Method and system for deterring product conterfeiting, diversion and piracy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2007088288A1 *

Also Published As

Publication number Publication date
EP2809030A3 (en) 2015-04-22
WO2007088288A1 (en) 2007-08-09
US8125697B2 (en) 2012-02-28
US20090308530A1 (en) 2009-12-17
EP2809030A2 (en) 2014-12-03
US20120166800A1 (en) 2012-06-28

Similar Documents

Publication Publication Date Title
WO2007088288A1 (en) Authentication method and device
US9628270B2 (en) Cryptographically-verifiable attestation label
EP2054836B1 (en) Methods and devices for securing and authenticating documents
EP2932494B1 (en) Method and apparatus for marking manufactured items using physical characteristic
US8578162B2 (en) Unique identifier, method for providing the unique identifier and use of the unique identifier
EP2364485A1 (en) Method and device for authenticating geometrical codes
WO2007077324A1 (en) Method for certifying and subsequently authenticating original paper or digital documents for the constitution of evidence
WO2005078651A2 (en) Use of a digital signature obtained from at least one structural characteristic of a hardware element in order to protect direct reading of sensitive information and method for reading protected sensitive information
FR2841020A1 (en) AUTHENTICATION OF AN ELECTRONIC LABEL
WO2005091232A1 (en) Method for authentication of products
EP1788516B1 (en) Method and device for authentication and identification
WO2008142307A2 (en) Method and device for identifying objects or documents
FR2909922A1 (en) Object and material marking method for use in package of e.g. watch, involves marking surface and core of zone of material with laser for representing code on zone so that zone is imperceptible to naked eye
CA2992661A1 (en) Counterfeit prevention
FR2904130A1 (en) Document e.g. identification card, identifying method for microcomputer, involves marking documents to make image on each of documents with variations for each document, and characterizing variations for forming imprint for each document
EP2909817A1 (en) Methods, devices and identification document for a person or an animal
EP2336931A1 (en) Method for signature verification
FR2907288A1 (en) Product e.g. molded part, authenticating method for providing protection against counterfeiting of e.g. trademark, involves truncating authentication code, and encrypting random number, timestamping and truncation to produce another code
EP3017421B1 (en) Method for printing interdependent security graphics
FR2897955A1 (en) Product e.g. molded part, authenticating method for providing protection against counterfeiting of e.g. trademark, involves truncating authentication code, and encrypting random number, timestamping and truncation to produce another code
FR3086415A1 (en) PROCESS OF TRACEABILITY AND AUTHENTICATION OF PRODUCTS
FR2974652A3 (en) METHOD FOR UNITARY AUTHENTICATION OF A HARDWARE OBJECT USING A VISUAL CRYPTOGRAPHY ALGORITHM AND A MATERIAL SIGNATURE
EP4281955A1 (en) Securing cryptographic keys
JP2003137348A (en) Product with authenticity determination information, printing method and printer for authenticity determination, and authenticity determination device
FR2894744A1 (en) Hardcopy document securing method for e.g. computer-assisted publishing software, involves opening envelope with software and hardware configuration, and interdicting access to copy protected mark if number of access attains preset value

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080903

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20120206

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20150731