EP2697785A1 - Codes à barres authentiques utilisant des signatures numériques - Google Patents

Codes à barres authentiques utilisant des signatures numériques

Info

Publication number
EP2697785A1
EP2697785A1 EP12721018.5A EP12721018A EP2697785A1 EP 2697785 A1 EP2697785 A1 EP 2697785A1 EP 12721018 A EP12721018 A EP 12721018A EP 2697785 A1 EP2697785 A1 EP 2697785A1
Authority
EP
European Patent Office
Prior art keywords
message
barcode
public key
digital signature
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP12721018.5A
Other languages
German (de)
English (en)
Inventor
Anirban Mukherjee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Verisign Inc
Original Assignee
Verisign Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/118,680 external-priority patent/US20120308003A1/en
Application filed by Verisign Inc filed Critical Verisign Inc
Publication of EP2697785A1 publication Critical patent/EP2697785A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • G07D7/0047Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip using checkcodes, e.g. coded numbers derived from serial number and denomination
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • G07D7/0043Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip using barcodes

Definitions

  • the present disclosure relates generally to methods and systems for generating and authenticating barcodes using digital signatures.
  • Physical information may include essentially any kind of information that is stored primarily in tangible, physical form, such as on paper, and is not readily available in electronic or digital form, but must instead be converted or translated into electronic or digital form through the use of electronic devices and/or manual human data-entry.
  • a utility bill printed on a piece paper received by a customer may be a form of "physical" information.
  • the information printed on the utility bill may already exist in electronic or digital form— for example, in a commercial database operated by the utility company— that electronic information may not be available to the customer. Instead, if the customer wishes to store or manipulate the information printed on the paper document using a computer, he or she must either manually enter the information into a computer program or use a device, such as a scanner, that is designed to convert physical information into electronic or digital information.
  • a barcode is an optical, machine-readable image in which the information sought to be communicated by the barcode is arranged as a series of parallel lines of varying widths and spacings. Barcodes are typically scanned in a one-dimensional fashion by special-purpose optical scanning devices that are able to decode the information encoded in the barcodes by measuring the widths and spacings of the parallel barcode lines through reflective light feedback.
  • QR Codes are capable of storing up to 7,089 numeric code characters, 4,296 alphanumeric characters, or 2,953 bytes when encoding purely binary data.
  • QR Codes have recently gained widespread use as a result of the advancement of mobile devices, such as smartphones, capable of reading and quickly rendering barcode data such as QR Codes.
  • QR Codes has been to encode Uniform Resource Locators ("URLs"), such as website addresses, within QR Codes placed on billboards, mailers, or even buildings to provide consumers with a quick and easy way to visit a company's website without having to memorize, write down, or manually type a URL into a smartphone or other mobile device.
  • URLs Uniform Resource Locators
  • QR Codes Consumers who see a QR Code displayed may take a picture of the QR Code using a camera embedded in the smartphone, for example, and may utilize a smartphone application to automatically translate the QR Code to a URL and launch a browser application pointed to the URL. Additional commercial uses of QR Codes include encoding coupons or other purchase information into QR Codes that customers may decode into graphical or textual coupons to present at businesses to receive discounts on purchased goods or services.
  • QR Codes or any barcodes for that matter, are that they lack any inherent security mechanism for verifying that information encoded thereirl actually originated from the author from which it may be assumed, expected, or required that the information have originated, or for verifying that the encoded information has not been modified by a third party.
  • a business could display a QR Code, such as the QR
  • a competitor could surreptitiously overlay a second QR Code over the original QR Code that, when decoded by customers' mobile devices, would direct customers to the competitor's website or to an impostor website intended to mimic the website specified by the original QR Code, for example to steal passwords or identity information.
  • QR Codes for the purpose of obtaining coupons or discounts could potentially print out or display forged QR Codes that fraudulently entitle them to increased discounts or rewards.
  • the invention comprises methods and systems for generating and authenticating barcodes, such as QR codes, using digital signatures.
  • the invention provides functionality for a creator or "author" of a message to generate a barcode that includes not only the author's message, but also a digital signature associated with the message.
  • the digital signature associated with the message may be generated by encrypting the message, or a digest of the message, using the author's private key.
  • a user may read the barcode using a barcode reader device, such as a smartphone or other mobile device that includes hardware and/or software for optically reading graphical barcode data and decoding the same to derive alphanumeric or binary barcode information, including a message, such as a URL, e-mail address, or image.
  • the barcode reader may verify the authenticity of the message by decrypting the digital signature using the author's public key and confirming that the decrypted digital signature matches the barcode message.
  • the author may include a copy of its public key certificate, such as an X.509 certificate, in the barcode, and the barcode reader may use the public key contained in the public key certificate to decrypt the digital signature and verify the authenticity of the message.
  • the author may include author identification information in the barcode in place of a public key certificate.
  • the barcode reader may thereafter request a copy of the author's public key certificate from a verification service provider, such as a Certificate Authority, using the author identification information.
  • the barcode reader may transmit all information necessary to determine the authenticity of the barcode message, for example the barcode message, digital signature, and author identification information, to a separate or remote verification service provider.
  • the verification service provider may retrieve the public key certificate associated with the author identification information, and may determine the authenticity of the barcode message by determining whether the digital signature, as decrypted by the public key contained in the public key certificate, matches the barcode message. The verification service provider may then transmit the results of its authenticity determination back to the barcode reader device.
  • users can be certain that digitally signed barcode messages purported to be from particular authors or entities in fact originated from those authors or entities, and were not tampered with prior to being optically scanned by the user's barcode reader device.
  • the invention may be applied to any type of barcode standard, including 2-dimensional matrix barcodes, such as QR codes.
  • FIG. 1 depicts an exemplary, conventional QR code, consistent with certain disclosed embodiments
  • FIG. 2 is a diagram depicting an exemplary device for generating authentic barcodes, consistent with certain disclosed embodiments
  • FIG. 3 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and a public key certificate corresponding to the digital signature, consistent with certain disclosed embodiments;
  • FIG. 4 is a diagram depicting various data input and output operations associated with an exemplary method of generating an authentic barcode, consistent with certain disclosed embodiments;
  • FIG. 5 is a flow diagram illustrating an exemplary method of generating an authentic barcode that includes a digitally signed message and an author identifier associated with the encryption key used to generate the digital signature, consistent with certain disclosed embodiments;
  • FIG. 6 is a diagram depicting various data input and output operations associated with an exemplary method of generating an authentic barcode, consistent with certain disclosed embodiments
  • FIG. 7 is a diagram depicting an exemplary device for reading and verifying authentic barcodes, consistent with certain disclosed embodiments
  • FIG. 8 is a flow diagram illustrating an exemplary method of reading
  • FIG. 9 is a diagram depicting various data input and output operations associated with an exemplary method of reading and authenticating an authentic barcode that includes a public key certificate, consistent with certain disclosed embodiments;
  • FIG. 10 is a flow diagram illustrating an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments
  • FIG. 1 1 is a diagram depicting various data input and output operations associated with an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments;
  • FIG. 12 is a flow diagram illustrating an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments
  • FIG. 13 is a diagram depicting various data input and output operations associated with an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments;
  • FIG. 14 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments;
  • FIG. 15 depicts an exemplary authentic bar code, consistent with certain disclosed embodiments;
  • FIG. 16 depicts the decoded information contained in the authentic bar code of FIG. 15;
  • FIG. 17 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments
  • FIG. 18 depicts an exemplary authentic bar code, along with its decoded text, consistent with certain disclosed embodiments
  • FIG. 19 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments.
  • FIG. 20 depicts an exemplary authentic bar code, along with its decoded text, consistent with certain disclosed embodiments.
  • FIG. 1 depicts an exemplary, conventional QR code, consistent with certain disclosed embodiments.
  • information representing a URL 1 10 is encoded as a series of black and white boxes arranged in two dimensions.
  • FIG. 2 is a diagram depicting an exemplary device for generating authentic barcodes, consistent with certain disclosed embodiments.
  • Device 200 may be essentially any kind of computing device capable of inputting information; operating on that information by performing cryptographic operations, for example, utilizing exponentiation and modulo arithmetic; and outputting the results of any cryptographic operations.
  • device 200 may be a general purpose computer, comprising one or more micro processors 210 of varying core configurations and clock frequencies; one or more hard disk drives 220 of varying physical dimensions and storage capacities; one or more random access memory (RAM) modules 230 of varying clock frequencies and memory bandwidth; one or more input/output network connections 240; and one or more peripheral connections or interfaces 250.
  • RAM random access memory
  • Device 200 may include or be operatively connected— e.g., by network or wireless connection— to printing device 270 capable of printing any generated barcodes on a number of physical materials, such as paper, plastic, billboard material, etc.
  • printing device 270 capable of printing any generated barcodes on a number of physical materials, such as paper, plastic, billboard material, etc.
  • device 200 or the owner or operator associated with device 200 need not necessarily print or graphically render any barcodes that it generates, but instead may provide electronic or digital data representative of generated barcodes to third parties for printing or distributing the barcodes in other manners.
  • FIG. 3 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and a public key certificate corresponding to the digital signature, according to data operations depicted in FIG. 4, and consistent with certain disclosed embodiments.
  • a message 410 is selected for encoding into a barcode and is input into a barcode generation process or device, such as device 200.
  • Message 410 may be any kind of numeric or alphanumeric text string, such as a URL, email address, coupon code, etc.; or binary data, such as an image, sound clip, application-specific file type, etc.
  • device 200 generates a digital signature of the message using a private key associated with the author of the message.
  • an "author" of a digitally signed barcode need not indicate the literal author of the information encoded in the barcode or the entity responsible for generating the actual barcode patterns. Rather, in some embodiments, the term "author” may simply indicate any party or entity for which a user or barcode reader expects or requires the barcode information to have originated from, be attributed to, or be endorsed by in some manner in order to be considered authentic.
  • device 200 may first create a digest of message 410 using techniques known in the art, such as hashing according to the MD5 or SHA-1 algorithms (step 320).
  • step 330 device 200 creates a digital signature 440 of the message 410 by digitally encrypting the message 410 or a digest of the message 410 using the author's private key 420.
  • Device 200 may be configured to encrypt a digest of message 410, rather than the entire message in order to reduce the necessary size of the digital signature— for example, to ensure that the addition of the digital signature does not cause the data to be encoded in the barcode to exceed certain size limitations for barcode data, or to reduce the necessary granularity of the barcode to reduce the likelihood of machine reading errors.
  • message 410 itself, or a portion thereof, may be encrypted using the author's private key, so that the length of the digital signature is approximately proportional to the length of the message itself.
  • Message 410 might also first be compressed, using any one of many compression techniques known in the art, and that compressed data may be digitally signed. Since those skilled in the art will appreciate that the invention may generate digital signatures based on either message digests or the messages themselves, the terms "message" and
  • Device 200 may generate the digital signature 440, for example, using a dedicated signature generating software or hardware component 430.
  • step 340 device 200 generates a barcode 470 that includes a graphical representation of information comprising the message 410, the digital signature 440 of the message or message digest, and a public key certificate 450.
  • Public key certificate 450 may include a public key 455 corresponding to the author's private key 420.
  • Public key certificate 450 may also include information identifying the holder of the public key (not depicted), and may itself be digitally signed by a trusted third party, such as the Certificate Authority that issued the certificate to the author.
  • Device 200 may generate the barcode 470, for example, using a dedicated barcode generating software or hardware component 460.
  • FIG. 5 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and an author identifier associated with the key used to generate the digital signature, according to data operations depicted in FIG. 6, consistent with certain disclosed embodiments.
  • a message 610 is selected for encoding into a barcode and is input into a barcode generation process or device, such as device 200.
  • device 200 creates a digest of message 610 using techniques known in the art, such as MD5 hashing or SHA-1 hashing.
  • device 200 creates a digital signature 640 of the message 610 by digitally encrypting the message 610 or a digest of the message 610 using the author's private key 620, for example, using a dedicated barcode generating software or hardware component 630.
  • device 200 may determine an author identifier 650 associated with the message.
  • the author identifier may be the name of the entity to which the public key certificate associated with private key 620 has been issued by a Certificate Authority.
  • device 200 generates a barcode 670 that includes a graphical representation of information comprising the message 610, the digital signature 640 of the message or message digest, and the author identifier 650.
  • barcode 670 By including a shorter author identifier 650 in the barcode 670 instead of a longer public key certificate (which would likely also include an author identifier), less metadata should need to be encoded in barcode 670. This allows for either a longer message 610 or a simpler barcode that requires less granularity and is therefore less prone to machine-reading errors or data-density limitations.
  • FIG. 7 is a diagram depicting an exemplary device for reading and verifying authentic barcodes, consistent with certain disclosed embodiments.
  • Device 700 may be essentially any kind of computing device capable of optically reading graphical bar code data; decoding the graphical bar code data to derive bar code information; operating on that information by performing cryptographic operations, for example, utilizing exponentiation and modulo arithmetic; and outputting the results of any cryptographic operations.
  • device 700 may be a commercially available mobile device such as a smartphone with optical camera componentry and one or more software applications for decoding images of barcodes captured by the camera componentry.
  • Device 700 may further comprise one or more micro processors 710 of varying core configurations and clock frequencies; one or more flash drives 720 of varying physical dimensions and storage capacities; one or more random access memory (RAM) modules 730 of varying clock frequencies and memory bandwidth; one or more wireless transceivers 740; and one or more peripheral connections or interfaces 750.
  • Device 700 may communicate with other devices via cellular wireless access, such as using Code Division Multiple Access (“CDMA”), via wireless Ethernet protocols, or via a serial wire interface such as USB, etc.
  • CDMA Code Division Multiple Access
  • USB serial wire interface
  • FIG. 8 is a flow diagram illustrating an exemplary method of reading
  • reading device 700 optically reads a barcode 910.
  • barcode 910 is an authentic barcode generated in a manner consistent with this invention.
  • device 700 may include functionality or logic for reading multiple types of barcodes and, for each type of barcode, determining whether the barcode is an authentic barcode before performing any of the below described authentication operations.
  • reading device 700 decodes barcode 910 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 920.
  • reading device 700 parses the barcode information to extract a message 940, digital signature 930, and public key certificate 950, which includes a public key 955.
  • reading device 700 verifies the authenticity of public key certificate 950.
  • reading device 700 may inspect public key certificate 950 for a "Subject” indicating the holder of the certificate or the "signer” of the digital signature; an "Issuer” indicating a trusted third party, such as a Certificate Authority, responsible for issuing certificates or digitally signing certificates; and a "Thumbprint” or “Fingerprint” representing a digital signature of the public key certificate itself (or a digest of the public key certificate) signed using the Issuer's private key.
  • Reading device 700 may verify the authenticity of public key certificate 940 by decrypting the "Thumbprint” using the Issuer's public key and confirming that the decrypted Thumbprint matches the public key certificate or digest of the public key certificate. Those skilled in the art will appreciate other methods of confirming the authenticity of public key certificate 950. Reading device 700 may also confirm that the "Subject" or “signer" of the public key certificate corresponds to the identity of an author or creator from whom the information encoded in the barcode is expected to have originated.
  • reading device 700 decrypts the digital signature 930 using the public key 955 to generate message data 970, for example, using a dedicated decryption software or hardware component 960.
  • message data 970 will represent either the barcode message 940 or a digest of that message.
  • step 860 device 700 compares decrypted message data 970 to the barcode message 940. If decrypted message data 970 represents a message digest, then device 700 may first independently create a digest of message 940 using the same algorithm used by the author of the barcode (operations not depicted). Device 700 may then compare decrypted message data 970 to its independently generated digest of message 940 to determine whether the strings are equivalent or match in a predefined manner. If decrypted message data 970 represents a copy of the message 940 itself, then device 700 may compare the decrypted message data 970 to message 940 to determine whether the strings are equivalent or match in a predefined manner. These operations may be performed, for example, using a dedicated comparison engine software or hardware component 980.
  • decrypted message data 970 matches barcode message 940 (step 860, yes)
  • device 700 may determine that the barcode message 940 was actually created or authored by the entity associated with public key certificate 950, since only the holder of the certificate should have had access to the private key to generate the digital signature 930 capable of decryption by the public key 955 associated with the certificate. If decrypted message data
  • device 700 may determine that barcode message 940 was not authored by the holder of public key certificate 950 or that barcode message 940 was altered on barcode 910 subsequent to the creation of digital signature 930
  • device 700 may generate a verification result 990 indicating whether it was able to authenticate barcode
  • step 910 may take appropriate subsequent action, such as indicating that the barcode was successfully authenticated (step 870) or alerting a user that the barcode was not successfully authenticated (step 880).
  • FIG. 10 is a flow diagram illustrating an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, according to operations depicted in FIG. 1 1 , consistent with certain disclosed embodiments.
  • reading device 700 optically reads a barcode 1 1 10.
  • reading device 700 decodes barcode 1 1 10 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 1 120.
  • reading device 700 parses the barcode information to extract a message 1 121, a digital signature 1 122, and an author identifier 1123.
  • barcode 1 1 10 may include only an author identifier 1 123 (e.g., for the purpose of reducing the amount of information stored in barcode 1 1 10).
  • Author identifier 1 123 may indicate the identity of an author or creator from whom the information encoded in the barcode is expected to have originated.
  • device 700 may request a copy of the author's public certificate 1 135 from another device or entity, such as a verification service provider 1 130. For example, device 700 may transmit a copy of the author identifier 1 123 to identify the public certificate that it is requesting. Although not depicted, device 700 may further verify the authenticity of the received public key certificate 1135 in a manner similar to the certificate verification operations described with respect to FIG. 8. For example, device 700 may confirm that the "Subject" or "signer" of public key certificate 1 135 corresponds to the author identifier
  • barcode 1 1 10 also does not encode any author identifier.
  • the identity of the author may be indicated by means external to the encoded barcode information, such as on a printed textual label in proximity to the barcode.
  • the present invention may be utilized in a circumstance in which the putative author of the barcode and the reader of the barcode have a preexisting relationship or defined set of operations such that the reader of barcode 1 1 10 would expect barcode 1 1 10 to have originated from a specific author, for which reader device 700 (or a device associated with reader device 700) already has author identity information 1 123 stored. Companies, for example, may choose to rely on such an assumed-authorship model to further free up capacity within the barcode to store additional information or to further reduce the granularity of the barcode.
  • step 1050 device 700 may extract the public key 1 136 included in the public key certificate 1 135. Thereafter, in steps 1060, 1070, 1080, and 1090, device 700 may perform operations similar to those of steps 840, 850, 860, and 870 depicted in Fig. 8. That is, device 700 may determine the authenticity of barcode 1 1 10 by determining whether decrypted message data 1 125 matches barcode message data 1 121.
  • FIG. 12 is a flow diagram illustrating an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, according to operations depicted in FIG. 13, consistent with certain disclosed embodiments.
  • reading device 700 optically reads a barcode 1310.
  • reading device 700 decodes barcode 1310 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 1320.
  • reading device 700 parses the barcode information to extract a message 1330, a digital signature 1340, and an author identifier 1350.
  • device 700 may rely on a verification service to perform all necessary verification operations with respect to message 1330 and digital signature 1340.
  • step 1240 device 700 may send message 1330, digital signature 1340, and author identifier 1350 to verification service provider 1360.
  • device 700 may send these pieces of information to verification service provider 1360 either as art of one transmission or as part of multiple transmissions.
  • device 700 may transmit either message 1330 or a digest of message 1330 to verification service provider 1360, as appropriate.
  • verification service provider 1360 may access locally or request from another party, such as a Certificate Authority, the appropriate public key certificate 1361 associated with author identifier 1350. Thereafter, similar to the authentication operations performed by device 700, as depicted in FIGS. 8-12, verification service provider 1360 may decrypt digital signature 1340 using the public key 1362 included within the public key certificate 1361 associated with author identifier 1350 to derive decrypted message data 1364, for example, using a dedicated decrypting engine software or hardware component 1363.
  • Verification service provider 1360 may then compare decrypted message data 1364 to barcode message 1330 or to a digest of barcode message 1330 to determine whether the strings match according to a predefined pattern, for example, using a dedicated comparison engine software or hardware component 1365. Verification service provider 1360 may send the results of its comparison operations to device 700 (step 1250), and device 700 may interpret the results provided by verification service provider 1360 to determine a verification result 1370. For example, verification service provider 1360 may transmit data representative of a final conclusion as to whether the barcode message 1330 is authentic or not, or verification service provider 1360 may simply provide device 700 with the details of its comparison operations and allow device 700 to draw its own conclusion about the authenticity of barcode message 1330.
  • an authentic bar code may also include an indication of, or instructions for performing, a particular type of hashing or digest algorithm. The inclusion of this information may enable message digests, rather than full messages, to be digitally signed, by informing a reading device of which hashing or digest algorithm was used by the encoding device. Elliptical curve cryptography may also be used to create digital signatures to further reduce the amount of metadata needed to be encoded within an authentic bar code.
  • the invention may also be used to define a new "purpose" for a public certificate.
  • one extension to some public key certificate standards such as X.509, is the ability to specify various purposes for which the public key or public key certificate may used, such as "encryption,” “signature,” “signature and encryption,” or “signature and smartcard logon.”
  • a new purpose related to barcode authentication may be added to a public key certificate, consistent with disclosed embodiments, for specifying that a particular public key certificate may be dedicated solely to, or have as one of its purposes, the
  • users may limit the use of some public key certificates solely to barcode authentication, or barcode authentication along with a limited list of other valid purposes; or, users may prohibit certain public key certificates from being used for barcode authentication purposes.
  • FIG. 14 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments.
  • the present invention is not limited to situations in which a barcode alone is to be authenticated. Rather, the invention may also be put to very practical use in authenticating information external to the digitally signed bar code, such as physical information to which the barcode is affixed.
  • document 1400 may be embodied in a document 1400, such as a business letter or other correspondence having business or legal significance.
  • document 1400 may also include a barcode, such as QR Code 1410, which is depicted in enlarged form as QR Code 1500 in FIG. 15.
  • the recipient of document 1400 may scan QR Code 1410 (or 1500) using a scanning device, which device may display or provide to the recipient the information encoded within QR Code 1410, such as the information depicted in FIG. 16.
  • the information encoded in QR Code 1410 may comprise data in form of XML-delimited text 1600.
  • XML text 1600 may include a schema 1610 that indicates that the XML text is meant to describe the contents of an "authentic" barcode.
  • XML text 1600 may include a message section 1620 that the author of the QR Code attests as the text of the document to which the QR code has been affixed.
  • XML text 1600 may also include a signature section 1630 that includes a digital signature of the message 1620 that has been created using the author's private encryption key.
  • XML text 1600 may also include a certificate section 1640 that sets forth the data of a public key certificate that contains a public key corresponding to the private key that was used to create digital signature 1630.
  • the recipient of document 1400 may see that the message text 1620 of QR Code 1410 does not match the text of document 1400— here, because the account number 1421 and routing number 1422 of document 1400 do not match the account number 1621 and routing number
  • the recipient may determine that document 1400 is not authentic or has been tampered with. On the other hand, if the text of document 1400 and QR
  • a digitally signed barcode may be used as a security mechanism for checks, drafts, or other commercial paper.
  • a digitally signed QR Code 1710 (which is depicted in enlarged form in FIG. 18), may be affixed to a check 1700 to attest to the authenticity of the information presented on the check— here, that a particular account holder 1720 has issued a valid check to a particular recipient 1730 for a particular amount 1740.
  • QR Code 1710 may be decoded to reveal encoded textual information 1820 meant to correspond to the text of check 1700, to which it was affixed.
  • the information 1820 encoded in QR Code 1710 may comprise only a message 1821, a digital signature 1822, and an author identifier 1823. That is, an author identifier 1823 may be encoded in lieu of a full public key certificate, such that the recipient of the QR Code would be expected to retrieve the public key certificate corresponding to author identifier 1823 from a third-party, such as a Certificate Authority. Similar to the example of FIGS.
  • the recipient may decode QR Code 1710 and may determine that check 1700 is fraudulent since the information printed on check 1700 does not match the information 1820 of decoded QR Code 1710, or may determine authenticity or lack of authenticity based on matches or mismatches between message 1821 , digital signature 1822, and author identifier 1823.
  • a digitally signed barcode may be used as a security mechanism to ensure that physical information is authentic.
  • physical indicia may be created or affixed to an object to demonstrate that money has been paid, that various duties have been satisfied, or that an object has been authorized or issued by a given entity.
  • a classic example may be that of a postage stamp, which is meant to demonstrate that certain postage fees have been paid or that an item is entitled to shipment.
  • the physical indicia is capable of easy replication or creation by unauthorized parties, as is the case with postage stamps, there is the danger that affixed physical indicia may not be authentic.
  • the present invention may be utilized in situations such as these to ensure authenticity.
  • a digitally signed QR Code 1910 (which is depicted in enlarged form in FIG. 20), may be affixed to a stamp (or other physical item that only certain entities are authorized to create) to attest to the authenticity of the information presented on the stamp— here, that a certain amount of postage 1920 has been paid.
  • QR Code 1910 may be decoded to reveal encoded textual information 2020 meant to correspond to the text of stamp 1900, to which it was affixed.
  • the recipient such as the U.S. Postal Service, may decode QR Code 1910 and may determine that stamp 1900 is authentic since the information printed on stamp 1900 matches the information 2020 of decoded QR Code 1910, or may determine authenticity or lack of authenticity based on matches or mismatches between message 2021 , digital signature 2022, and author identifier 2023.
  • the present invention may be applied to any situation in which physical objects or phenomena in which machine-readable information has been encoded are converted to digital or electronic data by a scanning, listening, or other detection advice.
  • the present invention may be applied to information encoded within magnetic strips, audio signals, RFID signals, and other real-world "hardlinks.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention porte sur des procédés et sur des systèmes qui permettent de générer et d'authentifier des codes à barres à l'aide de signatures numériques, lesdits procédés consistant : à entrer des données graphiques représentant un motif de code à barres dans une mémoire ; à traduire les données graphiques en informations de code à barres selon une norme pour traduire un type particulier de motif de code à barres en informations de code à barres ; à extraire un message et une signature numérique des informations de code à barres ; à déterminer si le message est authentique ou non en déterminant si la signature numérique correspond ou non au message.
EP12721018.5A 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques Withdrawn EP2697785A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
IN1094DE2011 2011-04-13
US13/118,680 US20120308003A1 (en) 2011-05-31 2011-05-31 Authentic barcodes using digital signatures
PCT/US2012/032964 WO2012142061A1 (fr) 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques

Publications (1)

Publication Number Publication Date
EP2697785A1 true EP2697785A1 (fr) 2014-02-19

Family

ID=47009660

Family Applications (1)

Application Number Title Priority Date Filing Date
EP12721018.5A Withdrawn EP2697785A1 (fr) 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques

Country Status (2)

Country Link
EP (1) EP2697785A1 (fr)
WO (1) WO2012142061A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9710742B2 (en) * 2015-12-02 2017-07-18 Microsoft Technology Licensing, Llc Copy and paste with scannable code
JP6857018B2 (ja) * 2016-04-28 2021-04-14 エスケー プラネット カンパニー、リミテッド 保安強化のための電子はんこシステム、その制御方法およびコンピュータプログラムが記録された記録媒体
TW201810113A (zh) * 2016-07-13 2018-03-16 博特軟體科技公司 文件鑑別系統
JP2021514493A (ja) * 2018-02-07 2021-06-10 クリプト リンクス リミテッド 署名方法、システム、及び/又はデバイス
WO2022101386A1 (fr) * 2020-11-13 2022-05-19 Detectsystem Lab A/S Évaluation d'authenticité de document

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7051206B1 (en) * 2000-11-07 2006-05-23 Unisys Corporation Self-authentication of value documents using digital signatures
US20050203854A1 (en) * 2004-02-23 2005-09-15 Pitney Bowes Incorporated Method and system for using a camera cell phone in transactions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2012142061A1 *

Also Published As

Publication number Publication date
WO2012142061A1 (fr) 2012-10-18

Similar Documents

Publication Publication Date Title
US20120308003A1 (en) Authentic barcodes using digital signatures
Hakak et al. Approaches for preserving content integrity of sensitive online Arabic content: A survey and research challenges
US8285991B2 (en) Electronically signing a document
US7178030B2 (en) Electronically signing a document
US7519825B2 (en) Electronic certification and authentication system
US20140254796A1 (en) Method and apparatus for generating and/or processing 2d barcode
CN106452756A (zh) 可离线验证安全二维码构造验证方法与装置
MX2013007923A (es) Sistema y metodo para la autenticacion de documentos de alto valor.
CN101281581A (zh) 一种检验纸制文档内容是否被篡改的方法
KR100991855B1 (ko) 전자 문서 발급 및 검증 시스템, 전자 문서 발급 방법 및전자 문서 검증 방법
WO2014154109A1 (fr) Procédé de génération, procédé de vérification pour une facture électronique ayant un code bidimensionnel (2d) anticontrefaçon et système pour ceux-ci
CN101377837A (zh) 电子支票二维码凭证的生成及验证方法
Ahamed et al. A secure QR code system for sharing personal confidential information
KR20120017044A (ko) 모바일 디바이스를 이용하는 개인 인증을 위한 시스템 및 방법
CN104809490A (zh) 一种基于多维码的证卡防伪系统及其认证方法
KR20140108749A (ko) 프라이버시 보호형 문서 인증 정보 생성 장치 및 이를 이용한 프라이버시 보호형 문서 인증 방법
WO2012142061A1 (fr) Codes à barres authentiques utilisant des signatures numériques
US7548665B2 (en) Method, systems, and media for identifying whether a machine readable mark may contain sensitive data
WO2021005405A1 (fr) Procédé et système de génération et de validation de documents et porte-document utilisant un code-barres lisible par machine
CN104156645A (zh) 一种复印件验证系统及其应用方法
US20070088953A1 (en) Method of preparing a document so that it can be authenticated
Yahya et al. A new academic certificate authentication using leading edge technology
JP4923388B2 (ja) 内容証明システム
KR101578550B1 (ko) 전용 뷰어 기반 전자증명서 생성 열람 시스템
Arief et al. Authentication of printed document using quick response (QR) code

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20131004

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20140923