EP2668606A2

EP2668606A2 - System for checking the authenticity of articles

Info

Publication number: EP2668606A2
Application number: EP11764282.7A
Authority: EP
Inventors: Roberto Pittia
Original assignee: Individual
Current assignee: Individual
Priority date: 2010-08-11
Filing date: 2011-07-25
Publication date: 2013-12-04
Also published as: ITMI20101537A1; IT1401912B1; WO2012020291A3; WO2012020291A2

Abstract

The system is capable of enabling checking of authenticity of articles and includes: - a plurality of authentication labels (EU) adapted to be associated to a corresponding plurality of articles (AR), with labels (EU) containing at least a unique label identification code (CU) and first information (IU) relating to the article, - an electronic processing system (SYS) comprising a database (DB) storing for each of said labels (EU) at least the corresponding code (CU) and second information (IT) relating to the article, said second information (IT) could totally or partially comprising said first information (IU), and which also stores at least a private encryption key (KPR-1 ) and at least a corresponding public decryption key (KPU-1 ), and - a plurality of user terminals (TU) each comprising means adapted to read information from labels (EU) and means adapted to decrypt the read information through the public key (KPU-1 ); the terminals (TU) are adapted to directly and / or indirectly receive from the electronic processing system (SYS) said public key (KPU-1 ) and store it inside them, and said first information (IU) have been totally or partially encrypted by the electronic processing system (SYS) through the private key (KPR-1 ).

Description

SYSTEM FOR CHECKING THE AUTHENTICITY OF ARTICLES FIELD OF INVENTION

The invention relates primarily to a system for checking the authenticity of articles, particularly products that are on the market.

STATE OF THE ART

Counterfeiting of products is by now a widespread and serious problem and the international community seeks to remedy through more and more vigorous control measures.

Especially in recent years it has been designed and patented a variety of technical and non-technical solutions to solve this problem.

A series of existing solutions aims, in particular, to allow the buyer to directly check the authenticity of articles that are on the market.

One of these solutions requires that on the article is applied a label that contains an authentication code typically in written form. Such authentication code is generated for example by the manufacturer of the article so that each article is uniquely associated with a different code and so that the number of possible codes is much higher than the total number of articles produced and marketed; for example, if a company has a catalog of 1 ,000 (one thousand) different models of article and produces a total of 1 ,000,000 (one million) of articles per year, or an average of one thousand copies for each model, it could use an alphanumeric authentication code of 12 (twelve) characters. The authentication code of each article is generated randomly taking care to avoid any overlap and is then shown on the label of the article; furthermore, the generated code is stored in a database. The buyer who wishes to check the authenticity of an article can read the authentication code from the label applied on the article, check whether the code read is present in the database (eg by a telephone call) and on the basis of such check deduce if the article is authentic or not. The safety of this solution is entrusted to the difference between the number of possible authentication codes and the total number of articles produced and marketed, in fact, in the case of an authentication code length of 12 characters, the number of possible codes is equal to 36 (different letters and numbers) raised to 12 (code length), or about 10¹⁸ (10exp18), the number of articles produced over ten years, for example, 10⁷ (10exp7), this means that the probability that an infringer is able to guess a valid code is about 10^~11 (10exp-11 ), which is low.

SUMMARY

The main purpose of this invention is to provide a solution based on the use of one or more labels to be associated with the article, but that does not necessarily require access to a database at the moment of checking the authenticity of the said article.

Another purpose is to provide a solution that is secure, in particular more secure than those known.

Another purpose is to provide a solution that is very convenient for the user, in particular, more comfortable than those notes; the main users of the solution are to be considered buyers of the articles, but it is not excluded the use by supervisory authorities.

Another purpose is to provide a solution that allows more and better performances, in particular a more reliable check of authenticity, whenever is possible to connect to a database via the telephone network (eg mobile phone network) and / or data network (such as the Internet.)

Another purpose is to provide a solution that is suitable to be used in the field of electronic commerce.

These and other purposes are achieved by the checking system with the characteristics expressed in the claims annexed here.

According to further aspects, the present invention further relates to an electronic processing system and an authentication label specifically designed to be used for this checking system.

The idea behind the present invention is to use a label in which there are information encoded (in whole or in part) by an asymmetric encryption algorithm, then based on a private key and a public key, and related to the specific article associated to the label (for example, brand, model, color, size and point of sale for the specific article). In such way, it will be virtually impossible for a forger to generate false labels because he does not have the private key to use to encode (in whole or in part) the information and the user (primarily the buyer) will get a first check of authenticity on the basis of the information contained on the label after having decrypted them using the public key and thus without access to any database.

The use of an asymmetric encryption algorithm makes this solution very secure. To date, this solution is particularly suitable to be implemented using labels such as "two-dimensional barcode," in particular "QR code" and / or "RFID" type, particularly in "NFC" technology, whose information can be read and decrypted automatically using user terminals, particularly mobile phone user terminals. Thus, check of authenticity is very convenient for the buyer (and any user in general) which (in substance and in the simplest case) can simply bring his mobile phone near the article label and read the text displayed on the screen.

The checking system according to the present invention is capable of enabling the checking of authenticity of articles, and, in general, includes:

- a plurality of authentication labels designed to be associated with a corresponding plurality of articles, each of said authentication labels containing at least one unique label identification code and first information related to the associated article,

- an electronic processing system comprising an archive that stores for each of these labels at least the same unique label identification code and the second information related to the associated article, said second information may cover all or part of said first information, and which also stores at least a private encryption key and at least a corresponding public decryption key, and

- a plurality of user terminals each including means adapted to, upon an user's request, to read information from such labels and means adapted to, upon an user's request, to decrypt said read information (albeit encrypted) through the said public decryption key;

said user terminals are adapted to directly and / or indirectly receive such public decryption key from said electronic processing system and to store it inside them; said first information are encrypted in whole or in part by said electronic processing system through said private encryption key.

The checking system according to the present invention may be adapted to manage a plurality of key pairs. This could be useful, for example, if you want to separate the articles according to the manufacturing company; in this case, typically, the user communicates to its user terminal (eg by selection among the items in a menu) which is the manufacturing company before to decrypt the information inside an authentication label of an article and the user terminal is able to store in it more than a decryption key and locate the public key associated with the manufacturing company selected by the user. According to an embodiment of the present invention in which there is only one pair of keys, there will typically be a company that manages the service for guaranteeing the authenticity of the articles, on behalf of a large number of manufacturing companies, and this company will own the single pair of keys.

Said first information may include position information of the article indicating in particular the sales position of the article; thus, for example, the buyer can check the correspondence (possibly the identity) between its current position and the position contained in the label.

The term "sales position" is to be understood in a broad sense and therefore could correspond to, for example, a name of a shop or a name of a chain of stores or to geographic coordinates (eg longitude and latitude); the "location information" may also, in addition or alternatively to "sales position", refers to the production (factory) and / or to distribution of the article (warehouse).

Said first information may include the unique label identification code or a copy; in the first case (see, for example, Fig.l B and Fig.l D), the authentication label will not show to the user the label code which will be present only in the first information for example in encrypted form; in the second case (see for example Fig.1 and Fig.l C), instead, the user will be able to read freely and without the aid of any device the label code from the label itself (see for example section SE1 in Fig. 1 ) and a copy of such code will still be contained in the first information (see for example section SE2 in Fig. 1 ) eg in encrypted form.

Advantageously such authentication labels show the user at least the unique label identification code; it can be expected in alphanumeric format and / or a mono- dimensional barcode format (traditional barcode).

The checking system according to the present invention may further comprise: - a plurality of article labels designed to be applied respectively to said plurality of articles, each said article label containing and preferably showing to the user at least one unique article identification code (in alphanumeric format and / or mono- dimensional barcode); in fact, the presence of an authentication label does not exclude the presence of an article label (see, for example, and Fig.lC Fig.1 D): the article label can be generated and applied for example by the subject who produces the article to trace products for management purposes and the authentication label can be generated and applied for example by the subject that provides the guarantee service of the authenticity and then allows to prevent counterfeiting (the two subjects could also be the same).

In the presence of article labels, it is advantageous that the said first information, contained in the authentication label, includes a copy of the said unique article identification code, contained in and possibly shown on the said article label; in this way it is possible to obtain a beneficial synergistic effect between the two labels. Alternatively, said first information contained in such authentication labels may simply include a statement that the article is also equipped with an article label, but not the unique article identification code (so the user can read without the need for any device such code from the article label and compare it with an article identification code received by said electronic processing system).

Depending on the embodiment of the present invention, the first information (contained in the authentication label) and the second information (contained in the archive of the electronic processing system) can be very different: the first and / or the second information may include: brand of the associated article and / or model of the associated article and / or color of the associated article and / or size of the associated article and / or materials contained in the associated article and / or description of the associated article and / or list price of the associated article and / or discounts on the associated article and / or date of being put on the market (especially on sale) of the associated article and / or date of sale of the associated article and / or place of being put on the market (especially on sale) of the associated article and / or details on the manufacturer of the associated article and / or place of production of the associated article and / or production date of the associated article and / or expiration date of the associated article and / or details relating to the production of the associated article and / or warranty details of the associated article and / or maintenance details of the associated article and / or usage details of the associated article.

Said authentication labels can be advantageously of "two-dimensional barcode" type, in particular "QR code" and / or "RFID" type, particularly in "NFC" technology; and in this way, authentication labels can be easily read by user terminals.

Said user terminals may be advantageously mobile telephone user terminals, typically mobile phones; of course, nothing prevents some user terminals are telephone and others do not.

The "two-dimensional barcode" goes well with the use of mobile phones to implement the present invention; in fact, these, nowadays, very often integrate a digital camera, so it will be sufficient to load a program in the mobile phone adapted to decode the code.

Also the "RFID" fits with the use of mobile phones to implement the present invention; in fact, it is anticipated that these, in the future, will frequently integrate a reader "RFID".

Said user terminals may include means adapted to interrogate said electronic processing system based on said unique label identification code, in order to obtain information related to the associated article corresponding in whole or in part to said second information. Said query can be done in various ways depending on the embodiment of the present invention; for example, the search may take place via computer network, such as the Internet or telephone network, for example by sending and receiving SMS or MMS, with cable connections and / or wireless. Said query can be activated upon an user's request and / or automatically by the user terminal as in the case where the terminal itself detects the possibility of a connection to the Internet.

Said information obtained from said electronic processing system may include position information of the article indicating particularly the sale position of the article; thus, for example, the buyer can check the correspondence (possibly the identity) between its current position, ie the one in which the article is actually for sale, and the position obtained by the electronic processing system, ie the one where the article should be if it was the authentic one.

From the foregoing and also from the discussion below, we understand that in case of communication between user terminals and the electronic processing system, there will be more and better performances.

According to the present invention, the checking of authenticity may also be performed automatically by said user terminals by comparing the position information of the article obtained from said authentication labels and / or position information of the article obtained from said electronic processing system and / or position information obtained from devices in stores and / or position information obtained from the user terminals themselves (eg by a GPS [Global Positioning System] or the mobile network). In this regard, in the point of sale could be placed some mechanical or optical devices (such as posters or displays) showing the position of the point of sale (eg in the form of a two-dimensional barcode) readable by the user terminal or by the user; alternatively or in addition, in the point of sale could be placed some electronic devices (eg Bluetooth™ transmitter or access point Wi-Fi®) that automatically notify the user terminals the position of the point of sale.

Said electronic processing system may include means adapted to interact with cash registers in the point of sales. Thus, said second information may be written (eg the date of sale) or read (eg price or discount).

Said electronic processing system may include means adapted to send said user terminals information relating to an article found in said archive after being encrypted, in whole or in part, through said private encryption key. Thus, for example, it could be possible provide to a user a special price or discount reserved for him for example in relation to a specific article and / or position (especially the point of sale position) in which the user is located.

Said electronic processing system may include means adapted to send to a point of sale and / or a distribution warehouse information related to an article found in such archive and adapted for generating an authentication label after being encrypted in whole or in part through said private encryption key - the private encryption key must not be circulated, as far as possible, and the electronic processing system stores it inside with appropriate protections. In this way, a point of sale and / or a warehouse can generate and / or regenerate an authentication label (eg print and / or reprint a two-dimensional barcode or program and / or reprogram an RFID); and this is useful, for example, when an article is moved from one point of sale to another or from a warehouse to a point of sale.

Said electronic processing system can include at least a computer and a plurality of electronic devices connected to said computer and designed to being placed in point of sales, said electronic devices including means adapted to allow users and / or said user terminals interact with said computer; typically, said computer acts as a "server" and said electronic devices act as "clients" and could take the form of so-called "totems". Said electronic devices are adapted for the checking system according to the present invention, and may have one or more different functions: allowing to download on user terminals from said electronic processing system said public decryption key, enabling users to checking of authenticity even if they do not have the appropriate user terminal.

To implement the checking system whose main technical features have been outlined above, it is needed the appropriate electronic processing system and the appropriate user terminals and the appropriate authentication labels; however, the electronic components of the checking system can be made on the basis of electronic components already on the market with the addition of dedicated hardware and / or software.

Said system and said labels can also be used when articles are sold through the Internet (electronic commerce); possibly the labeling of an article can also be done after it was sold; the checking of authenticity may be made during the buying phase and / or when receiving the article at home. Everything will be clearer from the detailed description which follows.

In addition to the above, said system is capable of enabling checking of authenticity for other types of articles (not just products that are on the market); for example, according to another embodiment of the present invention, it is possible to use the system also for checking the authenticity of documents, considering them as "particular articles" made of paper on which surfaces are some printed information that must not be altered once written. Said information are normally in plaintext eye-readable by a person and usually consist of:

- an issuer of the document (eg: a bank or insurance company),

- a unique document identifier (eg: serial number of a check or insurance policy number),

- an intended recipient of the document (eg: the recipient of a check),

- a date of issuance and / or expiration date of the document,

- one or more identification elements (eg: the license plate number of the insured vehicle; brand and model of the insured vehicle),

- an economic value (eg the amount of the check in Euros or Dollars),

- specific data and / or images (eg a photograph on an identity card). The above information will constitute, as previously seen, the set of so called first and second information, where said second information may cover all or part of said first information that will be inserted in a label realized according to the present invention, which as mentioned before includes a phase of encrypting, in whole or in part, of said first information using a private encryption key and the realization of a two-dimensional barcode and / or RFID label, which will be then applied safely to the document to be protected (usually the label will be printed directly on the document and will present also a unique label identification code in alphanumeric format). Also in this case, priority must be given to the information, to be inserted in the label, that is most useful for the authentication of the document.

From this point on, the system provides for a check of authenticity of the written content in plaintext on the document through the reading and subsequent decryption (using a user terminal containing the corresponding public decryption key) of said first information on the label applied to that document, which will finally be compared with those presented on the document itself: should anything be different, the authenticity is not guaranteed. As seen above, in the presence of a data connection, it is also possible use the user terminal to access the said second information stored on electronic processing system to check if, for example, the photograph on the document is the same of the one stored in the system.

Although the checking of authenticity of documents can be performed without a connection to an electronic processing system, also in this case all of the features previously seen are applicable: the user terminal is able to receive and store different public decryption keys inside it and is able to select from time to time the right key to be used to make the checking of authenticity; the user terminal is able to connect to an electronic processing system, using a telephone or Internet connection, in order to obtain said second information (if any) about the document being checked, and so on.

As mentioned initially, an article (or a document) may be protected by the presence of one or more labels, each one could be of the two-dimensional barcode or RFID; so on the same article (or document) can coexist two- dimensional barcode and RFID labels with same content, with similar content or totally independent contents. BRIEF DESCRIPTION OF FIGURES

The technical features of the present invention and its advantages will be clear from the description which follows to be considered in conjunction with the attached drawings where:

Fig.1 shows four examples of articles with different labels according to the present invention,

Fig.2 is a block diagram of an example of a checking system according to the present invention,

Fig.3 is a partial block diagram of a computer contained in the system of Fig.2, Fig.4 is a flowchart related to an example of creating an authentication label according to the present invention,

Fig.5 is a flowchart related to an example of reading an authentication label according to the present invention, and

Fig.6 is a block diagram of a portion of the system of Fig.2 in which is shown the structure of a point of sale.

DETAILED DESCRIPTION

Both said description and said drawings are to be considered for illustrative purposes only and therefore not restrictive; so, the present invention may be implemented according to other and different forms of embodiment; in addition, keep in mind that these figures are schematic and simplified as it is clear to a person skilled in the art.

Fig.1 A shows an article AR on the surface of which is applied an authentication label EU according to the present invention. The label EU includes a first section SE1 and a second section SE2; the first section SE1 shows a unique label identification code CU in the form of an alphanumeric string; the second section SE2 shows a "two-dimensional barcode", in particular a "QR code", which corresponds to information IU relating to article AR encrypted using a private encryption key KPR; information IU ("authentication information") include, among other things, a copy of the label code CU, an article code CR and position information for article AR, namely the name of the point of sale where the article AR is sold. Section SE2 instead of being a "QR code" could be for example an "RFID" with "NFC" technology.

Article AR in Fig.l B differs from that of Fig.lA because the label EU does not include a section SE1 so does not show the code CU; the code CU is however included in the information IU of the section SE2.

The articles in Fig.lC and Fig.l D are similar to those of Fig.lA and Fig.l B respectively, but they also include an article label ER that shows the article code CR in the form of an alphanumeric string - the information IU then includes a copy of the article code CR. The label ER may contain and show (in different ways) also other information IR ("article information").

Many other alternatives are possible as well as those of Fig. 1.

According to a first alternative with respect of what described above, the second section SE2 could correspond to the set of information IU-P1 relating to the article AR (for example, model, color and size) non-encrypted and of information IU-P2 relating to the article AR (such as brand and name of the point of sale) encrypted using the private encryption key KPR; such alternative then provides to encrypt a smaller amount of information and therefore also the size of the section SE2 is reduced (as is known, an encrypted information has a greater size of a non- encrypted information); it should be noted that the non-encrypted information and the encrypted information may also have one or more or all data in common - this is not a problem since, according to the present invention, the encryption is not intended to keep secret information relating to the article but to allow authentication.

According to a second alternative, the section SE2 does not simply match to some "authentication information", but matches that information with the addition of a corresponding "digest" that can be considered a "summary", or rather a "footprint" of such information; both this information and the "digest" are then encrypted using the private encryption key KPR. Please note (even though these things are known to experts in coding and cryptography) that a "cryptographic hash function" is a deterministic procedure that takes an arbitrary block of data and returns a bit string of fixed length, called "cryptographic hash value", so that an accidental or intentional modification of data will modify the "hash value"; data to be encrypted are often called "message" and the "hash value" is often called "message digest" or simply "digest"; an ideal "cryptographic hash function" has four main significant properties: it is easy to calculate for any message, it is impossible to go back to the original message starting from the digest, it is not possible to change the message without changing the digest, it is impossible to find two messages with the same digest.

According to a third alternative, similar to the second alternative, in the section SE2 only the digest is encrypted using the encryption private key KPR, while the information are in plaintext.

According to a fourth alternative, similar to the second alternative, in the section SE2 some information and the digest are encrypted using the encryption private key KPR, but other information are in plaintext.

The use of a "hash function" and of a "digest" has the advantage of greatly reduce the amount of information to be encrypted and to encrypt strings of predetermined length; this gives the possibility to use long encryption keys (eg 2048 bits) and therefore very safe without requiring a very capable label (with reference to Fig. 1 , a section SE2 of the label not very large).

The articles of the types shown in Fig. 1 can be used in the system of Fig.2; in particular in this system are presented articles of the type of Fig.lC (the most complete in terms of labels) and the information IU of the section SE2 of the label EU of the article AR are made of the code label CU as well as brand, model, color, size of the article and name of the point of sale that sells the article.

In general, information IU can include: brand and / or model and / or color and / or size and / or materials contained and / or description and / or list price and / or place of being put on the market and / or details of the manufacturer and / or place of production and / or date of manufacture and / or expiration date and / or details relating to production and / or details relating to warranty and / or details relating to maintenance and / or usage details and / or .... Of course, section SE2 has a limited capacity to contain information (one can reasonably think of a minimum of 50 characters to a maximum of 1000 characters) therefore priority must be given to the information that is most useful for the authentication of the article.

The system of Fig.2 includes a computer PCS that acts as a "server" connected to a computer network NW, especially the Internet; connected to the network NW are two radio stations BS-1 and BS-2 that allow electronic mobile devices to connect to the network NW; the computer PCS, the network NW and the stations BS-1 and BS-2 are part of an electronic processing system SYS in accordance with the present invention. Of course, according to other embodiment of the present invention, the system SYS may include many other and / or different components - some of them are shown in Fig.6: can be present a different number of stations BS, the communication subsystem presents one or more computer networks and / or one or more telephone networks.

In Fig.2, are shown in particular three mobile phones TU-1 , TU-2 and TU-3 that act as "user terminal" and that can be connected to the computer PCS via the stations BS-1 and BS-2 and the network NW; it is assumed that mobile phones TU-1 and TU-2 are within a range covered by the station BS-1 (in particular a point of sale PV-1 ) and that the mobile phone TU-3 is within a range covered by station BS-2 (in particular a point of sale PV-2).

In Fig.2, are shown in particular two points of sale PV-1 and PV-2, that are in particular selling respectively articles AR-1 , AR-2, AR-3 and AR-4, AR-5 which is assumed all be produced by the same company CO-1 ; these five articles AR-1 , AR-2, AR-3, AR-4, AR-5 are each equipped with five authentication labels EU-1 , EU-2, EU-3, EU-4, EU-5.

In the schematic of Fig. 2, it is assumed that mobile phones TU-1 and TU-2 are kept respectively by two users (potential buyers) that are in point of sale PV-1 and the mobile phone TU-3 is held by a user (potential buyer) that is in point of sale PV-2.

Fig.3 shows a block diagram very partial of the computer PCS contained in the system of Fig.2: it showed only an archive DB (evidently an electronic archive or "database") that stores a set of records, one for each label EU and then for each article AR and also a private encryption key KPR-1 of the producing company CO- 1 and a public decryption key KPU-1 of the producing company CO-1 ; as already mentioned, the embodiment described here assumed all articles are produced by the same company CO-1 ; Fig.3 shows only the records related to the five labels EU-1 , EU-2, EU-3, EU-4, EU-5 respectively of the five articles-AR 1 , AR-2, AR-3, AR-4, AR-5 shown in Fig.2.

Each record is conceptually divided into two parts: a first part corresponds to code CU of the label EU and a second part corresponds to the information IT relating to article AR. information IT can include: brand and / or model and / or color and / or size and / or materials contained and / or description and / or list price and / or discounts and / or date of being put on the market and / or date of sale and / or place of being put on the market and / or details of the manufacturer and / or place of production and / or production date and / or expiration date and / or details relating to production and / or warranty details and / or maintenance details and / or usage details and / or ... .

Of course, the capacity to store information of the archive DB is much greater than that of section SE2 of the label EU and then it is possible store directly or indirectly a lot of information (for example, references to websites or web pages) as well as those useful for authentication of the article. It should be noted that it is reasonable to expect that, depending on the data, corresponding privileges are needed for access; in particular, the privileges will be different for reading, writing and erasing data.

According to the present invention, the generation of a label EU, in particular its section SE2, starts from article authentication information IU (which may also contain the label code CU and, possibly, the article code CR), as shown in Fig.4. An encryption phase 401 is needed which also needs a private encryption key KPR (this key could belong to the manufacturer of the article that is to be labeled or to the company that manages the service for guaranteeing the authenticity), evidently, therefore, encryption can be done only by those who have access under appropriate privileges to the archive DB of the computer PCS; it could be established that only the computer PCS can perform the encryption. The outcome of the encryption phase 401 are the encrypted data DCR. The data DCR are supplied in input to a generation phase 402 of label EU, specifically the section SE2; the generation phase 402 may also receive in input non-encrypted data (this is not shown in the example of Fig. 4); such generation is different depending on the type of label; for label with "two-dimensional barcode", it will be a print (to be followed by the application on the article AR - see Fig.4), while for labels such as "RFID", it will be a radio programming.

If it is intend to use also a "hash function" in the generation phase of the label EU or if the section SE2 contains authentication information and a "digest", the generation of label includes, before the encryption (phase 401 ), a selection phase of all or part of the authentication information IU and a calculation phase of the digest using a hash function applied to the selected information (these phases are not shown and presented in the example of Fig. 4). Depending on the case, the encryption (phase 401 ) can be performed either on the digest only, or on the digest and part of the information or on the digest and all the information; this means, with reference to Fig. 4, that, depending on the cases, the data input to the generation phase 402 may derive not only from data coming from the phase 401 (data DCR), but also directly from the input data.

According to the present invention, a label EU, in particular its section SE2, is accessed through an appropriate electronic device, such as a camera or a reader of "RFID"; in Fig. 5, such phase is indicated by the reference 502; the outcome of the reading can be the set of encrypted data and non-encrypted data or, as in Fig. 5, only encrypted data DCR; encrypted data are provided as input to a decryption phase 501 that also requires a public decryption key KPU (this key could belong to the manufacturer of the labeled article or to the company that manages the service for guaranteeing the authenticity - of course, it must correspond to the private encryption key KPR used during the encryption of the label being read); evidently, therefore, the decryption can be done only by those who have the key KPU available and have then received it directly or indirectly from the computer PCS - it should be noted that the key KPU can circulate freely because it is public; the key KPU can be received even long before the decryption. The outcome of the decryption phase 501 are the information IU (which may also contain the label code CU and, possibly, also the article code CR); if section SE2 contains also non- encrypted data, information IU will be formed by the set of output data from phase 502 and the output data from phase 501 (this is not shown in the example of Fig. 5); on the basis of the information, of code, or both, it is possible to check the authenticity of the article. Typically, according to the present invention, both phase 501 and phase 502 are implemented by a user terminal at the time when a user wants to check the authenticity of an article with an identification label which is close to him (for example in his hands), moreover according to the present invention, the decryption public key can be received by the terminal in very different ways and times.

In the event that was also used a "hash function" during the generation phase of the label EU or if the section SE2 contains authentication information and a "digest" (the digest and possibly the authentication information are encrypted in whole or in part, by a private encryption key KPR), checking of authenticity requires not only the decryption (phase 501 ), but also a phase of calculating a digest from the information extracted from the label and a comparing phase between the digest calculated and the digest extracted from the label (these phases are not shown and not presented in the example of Fig. 5).

In the following, we will explain briefly how the system could be used for the embodiment just described (with particular reference to Fig.2, Fig.3 and Fig.6); please note that articles used in this example are of the type shown in Fig.lC, that have an authentication label EU with two sections SE1 and SE2 and an article label ER.

The user who is carrying his mobile phone TU-2 enters the point of sale PV-1 and see the article AR-3 on which is applied an authentication label EU-3 with a section SE2 made of a two-dimensional barcode; the user decides to check the authenticity of Article AR-3, takes the mobile phone TU-2, select the application of checking of authenticity previously loaded in the mobile phone and, with his camera, framing the section SE2 that is the two-dimensional barcode; the mobile phone TU-2 asks the user to insert the name of the manufacturer of the article (in this case CO-1 ) whose label was photographed (this action may not be necessary if the checking system provides a unique key pair), the mobile phone TU-2 verify to have, within its memory, a decryption key suitable for the operation (in this case the key KPU-1 ) and, if so, proceed to the decryption displaying on its screen the decrypted data, in particular information IU-3 that match the brand, model, color, size of the article and the name of the store that sells the article; the user can then check that the brand, model, color and size of article AR-3 correspond to those decrypted from the label EU-3 and displayed on the screen of his mobile phone, and the name of the point of sale PV-1 matches with the decrypted from the label EU-3 and displayed on the screen of his mobile phone. In the event that the decryption key is not present in the mobile phone, it can be expected to try to retrieve it with the help of the user; must take into account that the existence of a decryption key for articles of any manufacturer is not guaranteed; in fact, the manufacturer may not subscribe to this service for checking of authenticity. This first check was done without any type of connection (either computer or telephone) at the time of the check itself.

The decrypted data include also the code label CU-3; this can be displayed on the screen of the mobile phone TU-2; the user can then check that the label code CU- 3 appearing in section SE1 of the authentication label EU-3 matches with the one displayed on the screen of his mobile phone. Also this second check was done without any type of connection (either computer or telephone) at the time of the check itself.

The decrypted data include also the article code CR-3; this can be displayed on the screen of the mobile phone TU-2; the user can then check that the article code CR-3 printed on the article label ER-3 corresponds to the one displayed on the screen of his mobile phone. Also this third test was done without any type of connection (either computer or telephone) at the time of the check itself.

If the user had available a connection to the computer PCS, may perform other operations: for example a centralized check of authenticity of article AR-3, a collection of many more information (many more than those in the label EU-3) about article AR-3, etc.

Regarding the centralized checking of authenticity (which is done through a telephone and / or computer connection), the user gets the label code CU-3 from the label EU-3; this can be done manually thanks to section SE1 of the label EU-3 or automatically with a dedicated electronic device thanks to section SE2 of the label EU-3; then by connecting to the computer PCS, access is given to the archive DB providing the code CU-3 of label EU-3 as a search item and specifying the requirement to conduct an authenticity check; the computer PCS will provide in response all or some of the information relating to article AR-3; typically, just a few items of information IT-3 will be enough such as brand, model, color, size, date of being put on the market, date of sale (for example, if the article was already sold in the archive DB this would mean that the article in the hands of the user is not original), place of being put on the market; on the basis of the information provided by the computer PCS the user can check the authenticity of the article AR-3.

Regarding the collection of information, the user gets the label code CU-3 from the label EU-3; this can be done manually thanks to section SE1 of the label EU-3 or automatically with a dedicated electronic device thanks to section SE2 of the label EU-3; then by connecting to the computer PCS, access is given to the archive DB providing the code CU-3 of label EU-3 as a search item and specifying the requirement to gather some information; the computer PCS will provide in response all or some of the information relating to article AR-3; typically, the user will specify which items of information are required (for example, selecting them via a menu) and the computer will only provide such information. A similar mechanism could also be used to collect user information relevant to the marketing of the articles.

The connection to the computer PCS and the query of the archive DB can be done in various ways depending on the embodiment of the present invention: thanks to the terminal TU-1 used as a computer connected to the Internet and / or thanks to the terminal TU-1 used as a telephone terminal act in the exchange of SMS or MMS and / or thanks to the terminal TU-1 used as a telephone terminal for voice communication and / or thanks to a normal computer, such as a PC, connected to the Internet and to an Internet site connected to the computer PCS.

Queries of the archive DB could be activated upon user's request. Alternatively or additionally, all or some of the queries provided by the system could be activated automatically; for example, if a user decides to check the authenticity of an article and activates the application of checking of authenticity on its mobile phone, this would automatically trigger a query of the archive DB in the computer PCS if the mobile phone was connected to the Internet.

The SW application that runs on the mobile phone can be used in many different ways. In particular, the data input by the user (e.g. the brand of one or more articles to be checked, the position of one or more products to be checked, etc..) can be done at different and variables times; for example, the user could insert into their mobile phone the name of the point of sale as soon as they enter the point of sale and then later make a series of checks; the same may hold true in the case of a "mono-brand" point of sale for the articles' brand.

Fig.6 is a block diagram of a portion of the system of Fig.2 in which is shown the structure of the point of sale PV-1 . In this scheme are incorporated many advantageous technical characteristics; however for the purposes of the present invention, it is not necessary that these are all present in a point of sale; in addition, the structure may be different depending on the point of sale.

Fig.6 shows a local computer network LAN at point of sale PV-1 which is connected, in a way that is well known, to the network NW. An electronic device TTM is connected to the LAN which, in this embodiment, is a real computer in the "totem" form and serves as a "client" in relation to the computer PCS in the system SYS; the device TTM is located in the point of sale for use by persons who enter the point of sale PV-1 (if the point of sale is a considerable size the number of "totems" would be greater than one). In addition, to the network LAN is connected a computer PCC, such as a PC, which acts as a "client" in relation to the computer PCS in the system SYS; the computer PCC is associated with a cash register system CAS for use by personnel of the point of sale PV-1 . Finally, in Fig.6, is shown a poster SGN; according to this quite simple embodiment, the poster has printed on it, among other things, the name of the point of sale in the form of an alphanumeric string and a two-dimensional barcode that encoded typically in a non-encrypted form the same information (in addition to the name could be provided longitude and latitude of the point of sale); of course, the string is for a manual reading and the code is for an automatic reading for example by a mobile phone (as described above); the poster SGN could also be realized by an electronic device such as a "smart poster" with RFID technology, or an LCD screen, which displays the string and the code; as an alternative or in addition to the poster, in the point of sales could be placed some electronic devices (eg Bluetooth™ transmitter or access point Wi-Fi®) that will automatically notify to the user terminals the location of the point of sale (position can be understood simply as such the name of the point of sale or name of the commercial chain that owns the point of sale or as longitude and latitude of the point of sale) in the embodiment of Fig.6, such an electronic device could be integrated in such totem TTM.

The totem TTM can have one or more functions that will be described below. A first function may be to allow a user lacks of a suitable user terminal to connect to the computer PCS and check the authenticity of an article and / or a collection of information about an article. A second function may be that to display to users and / or send to user terminals the position of the point of sale, in particular the name of the point of sale or the name of the retail chain that owns the point of sale. A third function may be to send, for example by radio, to the user terminals the public decryption key or the public decryption keys, for example those of the companies whose products are sold at that "multi-brand" point of sale; that key may already exist in the totem TTM (having previously received from the computer PCS) or may be requested and obtained from the computer PCS when necessary and then sent to the user terminal. A fourth function is to act as a two-way communication bridge between user terminals and electronic processing system SYS, in particular for interaction with computer PCS.

As described above, the true check of authenticity was made by the user and the system according to the present invention provides just the tools and the information for this purpose. However, according to the present invention, the checking of authenticity may also be done automatically by the user terminals by comparing the position information of the article obtained from the authentication labels (EU) and position information of the article obtained from the electronic processing system (shown with SYS in Fig.2, in particular computer PCS), or between position information of the article derived from authentication labels (EU) and position information obtained from devices installed in point of sales (eg poster SGN and / or the totem TTM) or using three elements: position information of the article obtained from the labels and position information of the article obtained from the system and position information obtained from the devices; it is worth to highlight that position information (eg longitude and latitude or cell in the mobile network) to be used for checking may be obtained directly from the user terminals (eg by a GPS [Global Positioning System] receiver or by the mobile network) and the comparison typically involve some tolerance. The association between computer PCC and cash register system CAS can be used, for example, to write the information (date of sale, ...) into the archive DB when an article is sold or to read the information (price, discount, ...) from the archive DB when an article is sold.

Up to this point, we have not dealt with who and when the authentication labels and the related contained information are generated. The labels and the information could be generated (and applied) at the end of the production of an article, when articles are in distribution warehouses, when articles are in point of sales. These three possibilities could also be combined: for example, one could envisage that, as a rule, the labels are generated when the articles are in distribution warehouses or when it is already known to which point of sale they are going to, but the points of sale can regenerate the label for example if an article is transferred from one point of sale to another. It is easy to see that the best place to generate labels depends on, for example, which information needs to be stored (it is difficult to know at the end of production to exactly which point of sale the article is going to be delivered) and on how the articles' logistics are organized. However, it is important that the generation of encrypted information, which are then inserted in the labels, be made strictly under the control of the electronic processing system that is responsible to provide the service for checking of authenticity of the articles - this service could be offered directly by the company that produce the articles or referred to a different subject that can work for more manufacturing companies. To make a good implementation of what is described in the preceding paragraph, the electronic processing system may include means adapted to send to a point of sale and / or a distribution warehouse information related to an article stored in the archive and adapted to generate an authentication label after having encrypted them (in whole or in part) through the private encryption key. In the case of Fig.6, the computer PCC could receive the encrypted information and then generate or regenerate the authentication label; for example, printing on adhesive paper the section SE2 of the label EU in the form of a "QR code" then could be applied on a card that already contains the label code in the section SE1.

Among the many features of a system according to the present invention, it is expected that the electronic processing system (shown in Fig.2 with SYS) comprising means adapted to send to user terminals information related to an article that appears in its archive (shown in Fig.3 with DB) after they have been encrypted through said private encryption key. This feature enables, among other things, to communicate to a user a special price or discount reserved for him and to be able to use it in a point of sale; in fact, presenting at the cash register of the point of sale with such encrypted information (eg with a mobile phone displaying on its screen a "QR code") that can be decrypted by the cashier and then highlight the price or discount with the certainty of the authenticity of that price or discount because the user could not create such encrypted information since he is not being in possession of private encryption key.

From the above it is important that the user terminal has at least a public decryption key, or rather the public decryption key associated with the private encryption key that has been used to encrypt the information of the authentication label. It has been said earlier that the public key could be provided to user terminals via "totem" placed in the point of sale; as an alternative or in addition, the public key can be downloaded from an Internet site, for example from the Internet site of the manager of the system for check of the authenticity of articles or from an Internet site of a manufacturing company. If a digest is used, the user terminal must know the hash function used to calculate the digest; this could be fixed and then coded in the program loaded into the user terminal or it may be distributed in a similar manner to public decryption key; the hash function may be different depending on the subject who uses the service of check of the authenticity (manufacturing company).

It should be noted that the present invention is also suitable for use in the field of electronic commerce.

The easiest way to use this is to apply a label such as described here for each article to be delivered to customers; the label can be applied directly to the article or, even more advantageously, the outside of the delivery package. In this case, the "name of the point of sale" encoded and encrypted in the label might be the name of the portal through which has been made the purchase. When the customer receives at his home the article that he bought over the Internet, he can, with his terminal, read the information of the label and check the authenticity; if the check fails, the user may reject the article or return the article to the sender. It is, in this case a check "ex post", ie after making the purchase.

The most complex and sophisticated way for such use is to apply a label such as described here for each article in the warehouse of the entity which sells through the Internet; the same label, such as a QR code, is stored in digital format into an electronic archive; when a user selects an article to be purchased through its e- commerce portal, its label is displayed on the screen of the user PC and so he can read through his mobile phone, and do the check of authenticity prior to purchase in a similar way to how he would do if he were in a "physical store" instead of a "virtual store". When the user will receive the article at his home, after purchasing it, he will again carry out the check of authenticity thanks to the label applied on the article itself. Such way of use, requires a very precise inventory management; in fact during the delivery phase of the article to the user / buyer, it must be selected exactly that article whose own label was displayed on the user's /buyer's PC.

One way of intermediate complexity for such use would be as follows. When a user selects an article to be purchased through the e-commerce portal, a "partial label" is displayed on the screen of the user's PC and he can read it through his mobile phone and make a partial check of authenticity before purchase; for example, the "partial label" may contain information such as a "unique label identification code " and a "name of the point of sale."

After the user has made the purchased, the warehouse that contains the articles requires to the entity responsible of generating labels, a label that contains not only the "unique label identification code" and that "name of the point of sale," but also for example the "unique article identification code" of the article that intends to ship and then applies the right label to that article and sends it. When the user will receive the article at home, he will make a "full check" of authenticity thanks to the label on the article itself.

From the above, it is understood that the present invention is suitable to be used in the field of electronic commerce in other ways than that described above.

Finally, it should be noted that the present invention (and thus the checking of authenticity) can be used even without a data connection and / or telephone connection, but for maximum performance and therefore the maximum guarantee of authenticity and the maximum completeness of information, a data connection (especially Internet) and / or telephone is required. This is not to be considered a disadvantage of the present invention, in fact, with the advent of UMTS, mobile phones that provide a permanent connection or semi-permanently to the Internet are now widespread and affordable to a large number of people and all this will increase further in the future giving to the present invention the maximum flexibility in terms of distribution, security and ease of use.

Claims

1 ) Checking system for checking the authenticity of articles, comprising:

- a plurality of authentication labels (EU-1 , EU-2, EU-3, EU-4, EU-5) adapted to be associated to a corresponding plurality of articles (AR-1 , AR-1 , AR-3, AR-4, AR-5), each of said authentication labels (EU) containing at least a unique label identification code (CU) and first information (IU) relating to the associated article,

- an electronic processing system (SYS) comprising a database (DB) storing, for each of said labels (EU), at least the corresponding unique label identification code (CU) and second information (IT) relating to the associated article, said second information (IT) totally or partially comprising said first information (IU), the database further storing at least a private encryption key (KPR-1 ) and at least a corresponding public encryption key (KPU-1 ), and

- a plurality of user terminals (TU-1 , TU-2, TU-3), each comprising means adapted to, upon an user's request, decrypt said information read through said public encryption key (KPU-1 );

wherein said user terminals (UT) are adapted to directly and/or indirectly receive said public encryption key (KPU-1 ) from said electronic processing system (SYS) and to store it inside them, and

wherein said first information (IU) is totally or partially encrypted by said electronic processing system (SYS) through said private encryption key (KPR- 1 ).

2) Checking system according to Claim 1 , wherein said first information (IU) comprises article position information indicating in particular the article sale position.

3) Checking system according to Claim 1 or 2, wherein said first information (IU) comprises said unique label identification code (CU) or its copy.

4) Checking system according to Claim 1 , 2, or 3, further comprising:

- a plurality of article labels (ER) adapted to be respectively applied on said plurality of articles, each of said article labels (ER) containing, and preferably showing to the user, at least a unique article identification code (CR); wherein said first information (IU) comprises a copy of said unique article identification code (CR).

5) Checking system according to any one of the preceding Claims, wherein said authentication labels (EU) show the user at least a univocal label identification code (CU).

6) Checking system according to any one of the preceding Claims, wherein said authentication labels (EU) are of the "2D barcode" type, in particular of the "QR code" type, and/or of the "RFID" type, in particular in the "NFC" technology.

7) Checking system according to any one of the preceding Claims, wherein said user terminals (UT) are mobile phone user terminals.

8) Checking system according to any one of the preceding Claims, wherein said user terminals (UT) comprise means adapted to interrogate said electronic processing system (SYS) on the basis of said unique label identification code (CU) and to obtain information concerning the associated article totally or partially corresponding to said second information (IT).

9) Checking system according to Claim 8, wherein said obtained information comprises article position information, in particular indicating the article sale position.

10) Checking system, according to any one of the preceding Claims, wherein said electronic processing system (SYS) comprises at least an electronic processor (PCS) and a plurality of electronic devices (TTM) connected (NW, LAN) to said electronic processor (PCS) and adapted to be placed in points of sale (PV-1 , PV-2), said electronic devices (TTM) comprising means adapted to allow the users and/or said user terminals (TU) to interact with said electronic processor (PCS).

11 ) Electronic processing system (SYS) comprising technical features which make it adapted to be used in the checking system according to any one of the preceding Claims from 1 to 10.

12) Authentication label (EU) able to be associated to an article and comprising technical features which make it adapted to be used in the checking system according to any one of the preceding Claims from 1 to 10.