GB2518616A - A method and apparatus for secure product registration - Google Patents
A method and apparatus for secure product registration Download PDFInfo
- Publication number
- GB2518616A GB2518616A GB1317010.5A GB201317010A GB2518616A GB 2518616 A GB2518616 A GB 2518616A GB 201317010 A GB201317010 A GB 201317010A GB 2518616 A GB2518616 A GB 2518616A
- Authority
- GB
- United Kingdom
- Prior art keywords
- encrypted message
- identifier
- product
- message
- consumer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/01—Customer relationship services
- G06Q30/012—Providing warranty services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
Landscapes
- Business, Economics & Management (AREA)
- Marketing (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Storage Device Security (AREA)
Abstract
A method of securely associating a product with a unique token identifier comprising: generating the unique token identifier to be associated with the product; generating a first encrypted message encrypted using a first encryption parameter, the plaintext version of the first encrypted message comprising the unique token identifier; providing the first encrypted message to a manufacturer of the product;Â receiving, from the product manufacturer, the first encrypted message and an identifier of the product; decrypting and authenticating the first encrypted message; and when the first encrypted message has been decrypted and authenticated, extracting the unique token identifier from the plaintext version of the first encrypted message and associating the identifier of the product with the unique token identifier. Preferably, a second encrypted message, the plaintext version of which comprises the unique token identifier is sent to the consumer that bought the product, the consumer returns the second encrypted message together with a customer identifier to link the consumer to the product to register for a warranty or guarantee for the product.
Description
A Method and Apparatus for Secure Product Re!istration
BACKGROUND
Field of the Disclosure
The present invention relates to a method and apparatus for secure product registration.
Description of the Related Art
The "background" description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described iii the background section, as well as aspects of the description which may not otherwise quaJi1' as prior art at the time of filing, are neither expressly or impliedly admitted as prior art against the present invention.
Consumers continue to purchase products which usually come with a time limited guarantee from the manufacturer, These products arc often expensive and thercfore it is in the consumer's interest to register their product to take advantage of this guarantee and ease any service request with the manufacturer or their appointed services partner. Manufacturers are required to provide a guarantee with their products.
Often however because manufacturers have faith in their product quality and reliability they offer further extensions to their guarantees if a consumer registers their details. The manufacturer often wants i.tser details for marketing purposes or during product recalls the manufacturer has an obligation to attempt to contact consumers that own their products so that they can reetiIr any issues with the products and therefore the registering of products by consumer's aids the manufacturer.
Traditionally consumers have been required to register their product by post, phone or via the internet.
The traditional method requires the user to provide the relevant personal details every time they wish to register a new product with the manufacturer or their appointed services partner. This not only takes time but also requires the consumer to keep the product guarantee details for each individua.l product. These will generally be kept in a physical storage location such as a drawer or the like until the consumer needs to contact the manufacturer or appointed services partner with a service issue. Having to separately keep product guarantee details for each product in this manner is inconvenient to the consumer. It can also result in the guarantee details for a particular product being lost or misplaced.
Tn order to overcome this problem, in embodiments of the present invention, an electronic code can be included with a product purchased by the consumer. For example, a quick response (QR) code could be provided with the product when it is purchased. This QR code will have been associated with the product by the manufacturer prior to the user purchasing the product. The user can then scan this QR code with a smartphone or tablet computer so that they are taken to a particular website in which they may register their personal details and associate those details with the product, the product being identified by the scanned QR code. The consumer's details can then be sent to the manufacturer. :1
This is very convenient to the user, since all the user has to do when they purchase a new product is to scan the electronic code and fill in a small number of personal details in order to register for benefits such as an extended warranty or the like. In particular, if the user creates an account with the website, then all they may have to do to register a newly purchased product is scan the electronic code and enter account details such as a usernanie and password. Ultimately, the user may register many products iii this way and will thus accumulate an online repository storing guarantee details for all products purchased by the user.
the problem. however, is that the electronic codes musi he provided with the purchased product in such a way that they cannot be counterfeited or faked by an unauthorised party. For example, it must not be possible for a consumer to counterfeit an electronic code so that they receive warranty benefits for a product which they have not actually purchased.
In embodiments of the invention, in order to alleviate the problem of counterfeited warranties, measures arc taken to ensure that the registration of products with a service provider server is secure. That is, it is ensured that only manufacturers and consumers who are legitimately entitled to the benefits provided by product registration are able to take part in such a registration process.
SUMMARY
The foregoing paragraphs have been provided by way of general introduction, and are not intended to limit the scope of the following claims. The described embodiments, together with further advantages, will be best understood by reference to the following detailed description taken in conjunction with the accompanying drawl ngs.
In a first aspect the present invention provides a method of securely associating a product with a unique token identifier, the method comprising: generating the unique token identifier to be associated with the product and generating a first encrypted message encrypted using a first encryption parameter, the plaintext version of the first encrypted message comprising the unique token identifier; providing the first encrypted message to a manufacturer of the product; receiving, from the product manufacturer, the first encrypted message and an identifier of the product; decrypting and authenticating the first encrypted message; and when the first encrypted message has been decrypted and authenticated, extracting the unique token identifier from the plaintext version of the first encrypted message and associating the identifier of the product with the unique token identifier.
Advantageously, by providing the unique token identifier to the manufacturer in the encrypted form of the first encrypted message, no unauthorised party, including the manufacturer or a party who intercepts the first encrypted message, is able to obtain the unique token identifier which is to be associated with the product. Because it cannot be obtained, the unique token identifier cannot be used by any unauthorised party in order to illegitimately obtain any benefit such as a guarantee or warranty of the product. This improves the security and integrity of the system.
ft embodiments, the first encrypted message may be encrypted using a plurality of first encryption parameters.
Advantageously, the use of a plurality of first encryption parameters increases the security of the encryption of the first encrypted message.
In embodiments, the plurality of first encryption parameters may comprise a first security algorithm identifier, a first initialization vector and a first message hash which arc provided and received with the first encrypted message, wherein: the first security algorithm identifier identifies a first encryption/decryption algorithm for decrypting the first encrypted message, a first secret key for decrypting the first encrypted message, a first hashing algorithm for regenerating the first message hash and a first secret security code for use in regenerating the first message hash; the first initialization vector is for use with the first secret key and first encryptionldeeryption algorithm for decrypting the first encrypted message and the first message hash is a hash of the plaintext version of the first encrypted message with the first secret security code appended.
Advantageously, the use of these particular first encryption parameters increases the security of the S encryption of the first encrypted message.
In embodiments, the decryption and authentication of the first encrypted message and the extraction of the uniqiLe token identifier from the plaintext version of the first encrypted message may comprise: determining if the first security algorithm identifier received with the first encrypted message cxists; when the first security algorithm identifier exists, decrypting the first encrypted message to obtain the plaintext vcrsion of the first encrypted message using the first initialization vector received with the first encrypted message and the first secret key and first encryption/decryption algorithm identified by the first security algorithm identifier; appending the first secret security code identified by the first security algorithm identifier to the plaintext version of the first encrypted message and regenerating the first message hash using the first hashing algorithm identified by the first security algorithm identifier; determining if the regenerated first message hash matches the first message hash received with the fir st encrypted message; and when the regenerated first message hash matches the first message hash received with the fir st encrypted message, extracting the unique token identifier from the plaintext version of the first encrypted message.
Advantageously, the use of this decryption, authentication and extraction method means that multiple tests must be passed in order for the first encrypted message to be decrypted and authenticated. This improves the security and integrity of the system.
In cmhodhnents, the pla.intext version of the first encrypted message may comprise a manufacturer access key identii'ing the product manufacturer, and the method may comprise extracting the manufacturer access key from the plaintext version of the first encrypted message with the unique token identifier; and using the manufacturer access key to determine that the first encrypted message has been received from the manufacturer.
Advantageously, this results in reduced processing time, since it is known immediately from the decrypted first encrypted message that the message has been received from a manufacturer.
In embodiments, the product identifier may comprise one of a manufacturer name, a model name and a serial number of the product.
Advantageously, this helps a. single, specific instance of a product to be identified.
In embodiments, the first encrypted message and identifier of the product may be received from the product manufacturer via a secure network interface.
Advantageously, this means minimises the chance that an unauthorised party is able to intercept the first encrypted message as it is sent to and from the manufacturer. This improves the security and integrity of the system.
In a second aspect, the present invention provides a method of securely associating a product with a consumer, the method comprising the method of associating the product with a unique token identifier according to the first aspect; generating a second encrypted message encrypted using a second encryption parameter, the plaintext version of the second encrypted message comprising the unique token identifier; providing the second encrypted message to the consumer; receiving, from the consumer, the second encrypted message and an identifier of the consumer; decrypting and authenticating the second encrypted message; and when the second encrypted message has been decrypted and authenticated, extracting the unique token identifier from the plaintext version of the second encrypted message, associating the identifier of the consumer with the unique token identifier, and associating the identifier of the product with the identifier of the consumer.
Advantageously, by providing the unique token identifier to the consumer in thc encrypted form of the second encrypted message, no unauthorised party, including the consumer or a party who intercepts the second encrypted message, is able to obtain the unique token identifier which is associated with the product. Because it cannot be obtained, the unique token identifier cannot be used by any unauthorised party in order to illegitimately obtain any benefit such as a guarantee or warranty of the product. This improves the security and integrity of the system.
In embodiments, the second encrypted message may be encrypted using a plurality of second encryption parameters.
Advantageously, the use of a plurality of second encryption parameters increases the security of the encryption of the second encrypted message.
In embodiments, the pluraiity of second encryption parameters may comprise a second security algorithm identifier, a second initialization vector and a second message hash which are provided and received with the second encrypted message, wherein: the second security algorithm identifier identifies a second encryption/decryption algorithm for decrypting the second encrypted message, a second secret key for decrypting the second encrypted message, a second hashing algorithm for regenerating the second message hash and a second secret security code for use in regenerating the second message hash; the second initialization vector is for use with the second secret key and second encryption/decryption algorithm for decrypting the second encrypted message; and the second message hash is a hash of the plaintext version of the second encrypted message with the second secret security code appended.
Advantageously, the use of these particular second encryption parameters increases the security of the encryption of the second encrypted message.
In embodiments, the decryption and authentication of the second encrypted message and the extraction of the unique token identifier from the piaintext version of the second encrypted message may comprise: determining if the second security algorithm identifier received with the second encrypted message exists; when the second security algorithm identifier exists, decrypting the second encrypted message to obtain the plaintext version of the second encrypted message using the second initialization vector received with the second encrypted message and the second secret key and second enciyption/deciyption algorithm identified by the second security algorithm identifier; appending the second secret security code identified by the second security algorithm identifier to the plaintext version of the second encrypted message and regenerating the second message hash using the second hashing algorithm identified by the second security algorithm identifier; determining if the regenerated second message hash matches the second message hash received with the second encrypted message; and when the regenerated second message hash matches the second message hash received with the second encrypted message, extracting the unique token identifier from the plaintext version of thc second encrypted message.
Advantageously, the use of this decryption, authentication and extraction method means that multiple tests must be passed in order for the second encrypted message to be decrypted and authenticated. This improves the security and integrity of the system.
In embodiments, the plaintext version of the second encrypted message may comprise a consumer access key identifjing the consumer; and the method may comprise: extracting the consumer access key from the paintext version of the second encrypted message with the unique token identifier; and using the consumer access key to determine that the second encrypted message has been received from the consumer.
Advantageously, this results in reduced processing time, since it is known immediately from the decrypted second encrypted message that the message has been received from a consumer.
embodiments, the second encrypted message may form a poftion of a unifonn resource locator (URL) provided to the consumer which directs the consumer to a secure network interface through which the identifier of the consumer may be received.
Advantageously, the use of a secure network interface ensures that the identifier of the consumer and the second encrypted message cannot be intercepted by an unauthorised party. This improves the security and integri of the system.
In embodiments, the URi may be in the fo of a quick response (QR) code.
Advantageously, this means that the user may be directed to the secure network interface by simply scanning the QR code with a suitable device such as a smaftphone or tablet computer. This improves the convenience for the user.
in embodiments, the identifier of the consumer may be one of a name, address, telephone number, email address and usemame.
Advantageously, this helps a single, specific consumer to be identified.
BRIEF DESCRIPTION OF THE DRAWINGS
A more complete appreciation of the disclosure and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings, wherein: Figure 1 shows a system for allowing a manufacturer and a consumer to register a product with a vendor via a service provider server according to an embodiment of the present invention; Figure 2 is an illustration of a website interface for use with the system; Figure 3 is an illustration of an account creation webpage of the website interface; Figure 4 is an illustration of a homepa.ge of the website interface; Figure 5 is an illustration of an account registration confirmation webpage of the website interface; Figure 6 is an illustration of a product registration webpage of the website interface; Figure 7 is an illustration of a product confirmation webpage of the website interface; Figure 8 is an illustration of a personal bomepage of the website interface; Figure 9 is an illustration of a central repository webpage of the website interface; Figure 10 is an illustration of a product summary webpage of the website interface; Figure II shows a process for associating a product identifier with a unique tokcn idcntifier according to embodiments; Figure 12 shows a process for associating a consumer identifier with the unique token identifier according to embodiments; Figure 13 shows a process for decrypting and authenticating an encrypted message containing the unique token identifier according to embodiments; and Figure 14 shows a detailed view of the service provider server according to embodiments.
DESCRIPTION OF THE EMBODIMENTS
Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views.
S As shown in Figure 1, a system 50 for facilitating the registration of a product guarantee/warranty generally comprises a service provider server 100 through which a centralised vendor operates, an owner/consumer 102 of the product 60 and a manufacturer or their appointed services partner 104. To he clear, the central ised vendor is an entity which provides the product registration service facilitated by the system 50. The appointed services provider is a different entity to the manufacturer who may be appointed by the manufacturer to deal with service requests, such as requests for product replacement or repair, from the consumer, The overall system 50 is described for context. A detailed explanation of the improved security mechanism is then provided from Figure 11.
Through the service provider server 100, the vendor provides the necessary infrastructure to facilitate interaction between the consumer 102 who owns the product 60 and the manufacturer or their appointed services partner 104. The vendor provides the mechanism for the consumer 102 to communicate with the manufacturer or their appointed services partner 104 and may not necessarily directly deal with the consumer 102 or the manufacturer or their appointed services parther 1 04 regarding guarantee/warranty issues.
The manufacturer places an order with the vendor for a batch of new QR codes 202. These are created by the service provider server 100. The manufacturer 104 then supplies details of the products 60 which they wish to be associated with the new QR codes, For each product to be assigned a QR code 202, information which uniquely identifies the product will be provided. This could include the model and serial number of the product, together with any other pertinent information for the guarantee/warranty to be provided by the manufacturer or appointed services partner 104.
The service provider server 100 will assign a QR code 202 to each product 60 for which details are received from the manufacturer or appointed services partner 104 and associate the manufacturer, model, serial number and any other pertinent information for the guarantee/warranty with the QR code 202. The service provider server 100 will produce a secure vendor database which will be comprised of all the assigned QR codes 202 and associated products.
The vendor and manufacturer or appointed services palmer 104 have a. number of options on how the QR codes 202 are supplied to the manufacturer or appointed services partner 104. For example, the vendor can supply the secure vendor database electronically to the manufacturer or appointed services partner 104 and the manufacturer or appointed services provider can then print and pair each QR code with the correct product 60. Alternatively, the vendor can manage the printing of the QR codes 202 and supply these to the manufacturer or appointed services partner 104. The manufacturer or appointed services provider then simply has to pair each QR code with the correct product 60.
Regardless of what option the vendor and manufacturer or appointed services partner 104 aee on, the QR code 202 will usually need to be printed so that it can be provided to the consumer 102 at the lime they purchase the product 60. Depending on the manufacturer or appointed services partner 104 preferences, the QR code 202 can be a sticker on the product 60, a piece of paper/card/sticker or a combination packaged with the product 60 literature.
The vendor generally creates and maintains an online presence via the services provider server 100 that is easily accessible to consumers via the Internet. This is illustrated in Figure 2. The online presence generally comprises providing a website interface 21 0, including providing access to the website interface to a device capable of scanning QR codes such as a smartphone or tablet computer. Additionally and/or alternatively, a software application (or "app") may be provided for the smartphone or tablet computer.
As will be explained, such an interface allows consumers to access previously created individual accounts or advice on how to register products 60 with all partner manufacturers or appointed services partners 104.
Figure 3 illustrates an account creation webpage 216 of the website interface 210 which a consumer may use to create an individual account. Here, the consumer is required to provide a variety of personal information 218, as is generally required by the terms and conditions of the guaranteclwarranty registration of a manufacturer. This personal information 218 acts as a consumer identifier which imiquely identifies the consumer.
The individual account set-up is a one time process which takes place when a consumer 102 buys their first product 60 which has been registered with the vendor by the manufacturer. As shown in Figure 4, when a consumer scans the provided QR code 202 of the product which they have purchased. they will be presented with the homepage 220 of the website interface 210. Here, the consumer 102 is required to log in or create a new individual account. Because it is the first product 60 the user has purchased which has been registered with the vendor, the consumer 102 in this scenario will create a new individual account and provide personal information 218. In order to do this, the eonsmner will be directed to the account creation webpage 216 for the creation of a new individual account, as already discussed with reference to Figure 3.
[he persona! information 218 can include a variety of information that allows the consumer 102 to be individually identified. It may also include information which facilitates the registration of a product 60 by the consumer for a guarantee/warranty and/or facilitates the subsequent communication between the consumer 102 and the manufacturer or their appointed services partner 104. I'he personal information 218 includes, for example, information such as legal names and contact information including mailing address, phone numbers and email addresses. Additional information such as social media information could also be included. This information can be very useful to the manufacturer, as it may allow the manufacturer to interact with the consumer via a social networking website for the purposes of advertising, marketing and the like.
During the individual account creation process, the consumer 102 also establishes a usemame 21 8a (which, in this case, is the consumer's email addrcss, but which could also he any other unique combination of alpha-numeric characters) and a password 218b. This allows the user to rcturn to the website interface 210 at a later date and log in to their individual account. The usc of a password prevents unauthorised access to the user's account and to their personal information 218.
As shown in FigLire 5, once the consumer 102 has entered all the necessary personal information 218 and established a username 21 8a and password 218b, the consumer 102 will be redirected to an account registration confirmation wcbpage 230. This confirms to the consumer that their account creation is complete.
As shown in Figure 6, upon completing creation of the individual account, the consumer 102 is directed to a product registration webpage 222 which lists thc manufacturer, model and serial number 204 of the recently purchased product 60. The manufacturer, model and serial number 204 together act as a product identifier which uniquely identifies the product 60, and will automatically appear on the product registration webpage 222. This is possible because the manufacturer will have already associated the QR code scanned by the user with the product 60 at the service provider server 100 of the vendor.
In addition to the automatically generated manufacturer, model and serial number 204, the consumer 102 will need to enter the date of purchase 224 of the product 60 and retailer details 226, as per the manufacturer's 104 guarantee/warranty terms and conditions. The consumer 102 will also have the option to select their marketing preferences 228.
As shown in Figure 7, the consumer 102 will then be directed to a product confirmation webpage 232 which confirms the registration of the product 60 by the consumer. The product confirmation webpage 232 will include the product manufacturer, model and serial number 204, the date of purchase 224, the retailer 226 and the expiry date of the guarantee/warranty 234. The expiry date of the guarantee/warranty will be calculated from the date of purchase and the guarantee/warranty time offered by the manufacturer (this information can be included with the product identifier infbrmation provided by the manufacturer when the product 60 is initially associated with a QR code before sale).
The service provider server 100 will automatically send an email to the consumer 102 confirming their successful account registration. This email will include the username 218a created during individual account creation. A separate em2il will also be sent to the consumer 102 by the service provider server confirming the registration of their recently purchased product 60 to include the manufacturer, product model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234.
The consumer identifier (comprising the consumer personal information 21 8) and the product identifier (comprising the manufacturer, model, serial number, etc.) will be associated with each other by the service provider server 100. This infonnation will also he sent to the manufacturer so that the manufacturer has a record of the consumer 102 and the product 60 that they have purchased and registered.
The QR code 202 will be recorded at the service provider server 100 as having been used. This means that the QR code 202 cannot be registered again. Any scanning of the same QR code 202 will result in the consumer 102 having to authenticate with the system 50 by entering their username 21 8a and password 218b created during the individual account setup.
As shown in Figure 8, following the creation of the individual account, and when the consumer 102 is logged in, the consumer 102 can interact with a personal homepage 238. The personal homepage 238 allows the consumer 102 to update personal information, adjust other general settings such as marketing preferences or access their central repository wcbpage 240 which, as shown in Figure 9, lists the products that have been registered with the service provider server 100 by the user using the QR code system.
The consumer 102 can access their individual account by either scanning a QR code 202 of a previously registered product 60 or by accessing the wcbsite interface 210 of the service provider server using a nonnal web browser.
When scanning a QR code 202 of a previously registered product 60, the consumer 102 will initially have to authenticate the use of the QR code 202 by entering their username 218a and password 218b created during individual account setup. The consumer 102 will then be directed to a product summary webpage 242 which, as shown in Figure 10, details the manufacturer, product model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234. The page may also include manufacturer or appointed services provider 104 contact details 244, a link to documentation (such as user manuals) for the product 60 (now shown) and also the "Request call from Manufacturer" facility 246. The "Request call from Manufacturer" facility is detailed later on in the document. As each QR code 202 is unique to a product 60, the product summary webpage 242 may also show the branding/logo of the manufacturer 104 when the consumer 102 accesses it. The consumer 102 can then navigate from the product summary webpage 242 to their personal homepage 238.
It is noted that if the consumer 102 scans the QR code 202 of a product 60 which is registered with the vendor but which is not actually registered to the consumer 1 02 (that is, it has been previously registered to a different consumer), then once the user enters their username 21 8a and password 21 Sb, the service provider sewer 100 will recognise that there is a discrepancy and will inform the consumer [02 of this fact. The consumer 102 will, in this case, be redirected to their personal liomepage 238.
If accessing their individual account by accessing the website interface 21 0 via a web browser, the consumer 102 will have to anthenticate by entering their uscrname 218a. and password 218b. They will then be directed to their personal homepage 238, from which they may access their central repository webpage 240.
The central repository webpage 240 allows the consumcr 102 to see all thcir products 60 that have been registered with the vendor in one place. The consumer 102 can follow a link for each product which will direct them to thc product summary webpage 242 for that product, which details the manufacturer, product model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234. The product summary page 242 will also include manufacturer or appointed services provider 104 contact details 244 and also the "Request call from Manufacturer" facility 246. This facility is detailed later on in the document.
When the consumer 102 updates any of their personal information 218, for example their address, the service provider server 100 will update each manufacturer or appointed services partner 104 automatically. This allows the consumer 102 to use the website interface 210 to update all their product manufacturers or appointed services partners without the need to contact each manufacturer or appointed services partner 104 individually.
When the consumer 102 buys another product 60, whether from the same manufacturer as the previous product or a product from another manufacturer, the consumer 102 scans the provided QR code 202 and will be redirected to the homepage 220 of the website interface 210 which requires the consumer 102 to login. The consumer 102 will follow the log in process by entering their username 218a and password 21 Sb. The consumer 102 will then he directed to the product registration webpage 222 for that product, which lists the manufacturer, product model and serial number 204 of the recently purchased product 60 (as shown in Figure 5). The consumer 102 will nced to enter thc date of purchase 224 of the product 60 and retailer details 226 as per the manufacturer's 104 guarantee/warranty terms and conditions. The consiLmer 102 svill also have the option to select their marketing preferences 228.
The consumer 102 will then be directed to the product confirmation webpage 232 confirming the registration of the product 60 with the manufacturer or their appointed services partner 104 (as shown in Figure 7). The product confirmation webpage 232 will include product manufacturer, model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234. An email 236 will be sent to the consumer 102 automatically by the service provider server 100 confirming the registration of their recently purchased product 60 to include the manufacturer, product model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234.
The process of registering a guarantee/warranty that the consumer 102 wishes to register can be repeated S for each product 60 irrespective of manufactlLrer or appointed services partner 104 by using the QR code scanning and association system provided by the vendor via the service provider server 100. Each time the consumer 102 registers a product 60 for a guarantee/warranty, the service provider server 100 will update its records so as to associate the consumer identifier (comprising the consumer personal information 218) with the product identifier (comprising the manufacturer, model and serial number, etc.) and will push the record for that product 60 and associated consumer 102 to the specific manufacturer or appointed services partner 104 whose product 60 has been registered. The manufacturer or appointed services partner 104 can then update their records accordingly. This process is likely to happen at intervals so that a number of data records are pushed to the manufacturer or appointed services partner 104 rather than individual product data records. However, it would be possible to send individual product data records if required.
Typically, with a good data connection, be that Wi-H or 3G14G, and using a device capable of scanning a QR code, after the individual account setup 216, each new product 60 could be registered within 1 minute using the system 50.
When a consumer 102 has a problem with a registered product 60 and wishes to report it to the manufacturer or their appointed service partner 104, the consumer 102 may do this via the website interface 210 provided by the service provider server 100.
In this scenario, the consumer 102 will scan the QR code 202 associated with the product 60 and will then he redirected to the homepage 220 of the website interface 210 that requires the consumer 102 to log in. The consumer 102 will follow the log in process by entering their username 21 8a and password 21 8b.
The service provider server 100 will identify that the QR code 202 has already been registered with the consumer 102 and the consumer 102 will be directed to the product summary webpage 242 detailing the manufacturer, product model and serial number 204, date of purchase 224, retailer 226 and expiry date of the guarantee/warranty 234 of the product 60.
The product summary webpage 242 includes manufacturer or appointed services provider 104 contact details 244 and also the "Request call from Manufacturer" facility 246. The consumer 102 can thus contact the manufacturer or appointed services partner 104 using the manufacturer contact details 244 to resolve their issue. Alternatively, if the issue is not urgent and the consumer 102 wishes to be called back later, the product summary webpage 242 allows the consumer 102 to report to the manufacturer or appointed services partner 104 that they require assistance under the guarantee/warranty and would like a.
call back. This facility can be invoked by selecting the "Request call from Manufacturer" button 246.
This facility will only be available if the consumer's personal information 218 contains a telephone contact number. The service provider server 100 will facilitate the "Request call from Manufacturer" facility 246 by sending the request to the manufacturer or appointed services partner 104. The service provider server 100 can then send an email confirmation or SMS text message or the like to the consumer that the request for call back has been received by the manufacturer or appointed services provider 104.
It is noted that a consumer may only think to scan the QR code of a product, in the case that the consumer experiences a problem with the product. This may be several months or years after the product was originally purchased, meaning that any extended guarantee or warranty offered by the manufacturer may not be available (manufacturers often put a time limit from the date of purchase on when a consumer can register for an extended guarantee or warranty). In this ease, however, when the user scans the QR code, they may still register the product with their individual user account (creating an individual user account if necessary) and access the manufacturer contact details 244 and "Request call front Manufacturer" facility 246 provided on the product summary webpage 242. This will allow the consumer to at least contact thc manufacturer and obtain details on how they may resolve their problem with the product, even though they may not be entitled to the guarantee or warranty offered by the maiiufacturer'. In this case, the expiry date of the guarantee/warrénty 234 on the product summary wcbpage 242 would inform the consumer that they are not entitled to a guarantee/warranty.
Although the Figures 3-10 refer to webpages of a website interface 210, everything that has been described so far could also equally apply to a software app installed on a smartphone or tablet computer.
In this case, the information provided via each of the webpages described with rcfercncc to Figures 3-10 would instead be presented via interactive screens of the software app.
Thus, in embodiments, a convenient way of allowing a consumer to register newly purchased products with the manufacturer is provided. However, in order for the integrity and security of such a product registration method to be maintained, it must be ensured that the QR codes generated for product registration cannot he counterfeited or faked by an unauthorised party. This ensures only genuine QR codes can be used for product registration, preventing, for example, a consumer for counterfeiting a QR code so as to obtain warranty benefits or the like which they are not entitled to.
In embodiments, the secure registration of products is implemented using a token encryption method. In such a method, a unique token identifier is encrypted and passed between parties as a number of discrete parameters in order to ensure that only authorised parties may decrypt the unique token identifier and that unique token identifiers cannot be guessed or created artificially.
A process 1100 of securely registering a product with the service provider server 100 is described with reference to Figure 11. This registration is achieved by associating the product with a unique token identifier at the service provider server 100.
The process starts at step 11 02, At step 1104, a token to be associated with the product is generated by the service provider server 100. The token comprises a unique token identifier (such as, for example, a number, name or any unique combination of alpha-numeric characters) which uniquely identifies the token. This will later allow the token to be associated with the single, specific instance of a product.
The unique token identifier is used to generate a first encrypted message encrypted using a first encryption parameter. The first cneryption parameter contains information which is used to encrypt the first encrypted message. As well be explained later, the first cncryption parameter may he provided in any suitable form. For example, the first encryption parameter may be a secret key which is used to encrypt and decrypt the first encrypted message. Alternatively, there may be a plurality of first encryption parameters which are used to encrypt and decrypt the first encrypted message. For example, the plurality of first encryption parameters could include a security algorithm identifier, an initialisation vector and a message hash. Each of these parameters is explained in detail later on. In embodiments, it is only the service provider server 100 which is able to encrypt and decrypt the first encrypted message using the one or more first encryption parameters.
In its plaintext (that is, non-encrypted) form, the first encrypted message comprises the unique token identifier and a manufacturer access key. As will be explained, the manufacturer access key is a number, name or any unique combination of alpha-numeric characters which identifies the manufacturer as the party to and from which the first encrypted message will be sent and received.
hi step 1106, the first encrypted message is provided to the product manufacturer. The first encrypted message may be provided to the manufacturer in any suitable form. For example, it may be provided to the manufacturer electronically via a secure network interface, it may he attached to an email or it may be sent via the postal network. As already mentioned, the product manufacturer is unable to decrypt the first encrypted message to obtain the unique token identifier. Rather, the manufacturer may simply read the message in its encrypted form.
In step 1108, the first encrypted message and an identifier of the product that the manufacturer wishes to register are received back at the service provider server 100 from the manufacturer. As already mentioned, the identifier of the product may include any suitable detail which uniquely identifies the single, specific instance of the product. For example, in the embodiments previously described, the product identifier may be a make, model and/or serial number 204 of the product.
In step 1110, the service provider server 100 performs a decryption process in order to decrypt the received first encrypted message and to obtain the unique token identifier and manufacturer access key.
The service provider server 100 then checks whether the message has decrypted correctly (step 1112). In other words. the decryption of the first encrypted message is authenticated using a suitable authentication technique. As will be explained later, due to the encryption method used, only a first encrypted message which has been genuinely created by the service provider server 100 will decrypt correctly at this stage. If S the message cannot be decrypted correctly, then it is assumed to be a fake or unofficial message, and the request will be refused (step 1115) and the process will end (step 1116). On the other hand, if the message can be decrypted correctly, then the process moves onto step 1114.
At step 1114, the identifier of the product is associated with the unique token identifier of the token. The association of the product with the unique token identifier is then recorded by the service provider server 100. The process then ends at step 1116.
Advantagcously, by providing the unique token identifier to the manufacturer in the encrypted form of the first encrypted message, no unauthorised party, including the manufacturer or a party who intercepts the first encrypted message, is able to obtain the unique token identifier which is to be associated with the product. Because it cannot be obtained, the unique token identifier cannot be used by any unauthorised party in order to illegitimately obtain any benefit such as a guarantee or warranty of the product. This improves the security and integrity of the system.
In embodiments, once a single, specific instance of a product has been registered with the seivice provider server 100 by the manufacturer, a consumer who purchases the product may also register it with the service provider server 100. As explained above, this allows the personal details of the consumcr to be shared with the manufacturer for marketing purposes. It also benefits the consumer, as by registering the product, the consumer may obtain an extended warranty or the like.
The secure registration of products by the consumer is implemented by adding some extra steps to the process 1100 shown in Figure 11. This is illustrated by the process 1200 shown in Figure 12.
The process starts at step 1202. Then, the process 1100 of Figure 11 is carried out. Here, a sinale, specific instance of a product is registered withthe service provider server 100 by the manufacturer, as already mentioned. This involves associating the product with the unique token identifier of the generated token.
At step 1204, the unique token identifier is used to generate a second encrypted message encrypted using a second encryption parameter. The second encryption parameter contains information which is used to encrypt the second encrypted message. As with the first encryption parameter for the first encrypted message, the second encryption parameter may be provided in any suitable form. For example, the second encryption parameter may be a secret key which is used to encrypt and decrypt the first encrypted message. Alternatively, there may be a plurality of second encryption parameters which are used to encrypt and decrypt the second encrypted message. For example, the plurality of second encryption parameters could include a security algorithm identifier, an initialisation vector and a message hash.
Again, each of these parameters is explained in detail later on. As for the first encrypted message, in embodiments, it is only the service provider server 100 which is able to encrypt and decrypt the second encrypted message using the one or more second encryption parameters.
S In its plaintext (that is, non-encrypted) form, the second encrypted message comprises the unique token identifier and a consumer access key. As will be explained, the consumer access key is a number, name or any unique combination of alpha-numeric characters which identifies the consumer as the party to and from which the first encrypted message will be sent and received. The second encrypted message is then provided to the consumer.
The second encrypted message may be provided to the consumer in any suitable form. For example, it may be a text string, a uniform resource locator (UIRL), a barcode or a quick response (QR) code. To he clear, in the embodiments previously described, the QR code 202 provided to the consumer 102 with a purchased product 60 will comprise thc second encrypted message. In general, the second encrypted message will be provided to the consumer by the manufacturer when the product is purchased. As already mentioned, the consumer is unable to decrypt the second encrypted message to obtain the unique token identifier. Rather, the consumer simply reads the message in its encrypted form.
Instep 1206, the second encrypted message and an identifier of the consumer are received hack from the consumer. As already mentioned, the identifier of the consumer may include any suitable detail which uniquely identifies the consumer. in the embodiments described above, when a consumer first creates an account with the service provider server 100, the consumer identifier will be the personal information 218 of the consmner, such as a name, address, telephone number, email address, etc., together with the newly created uscmame 21 8a of the consumer. On the other hand, if the consumer has previously created an account with the service provider server 100, then the consumer identifier will simply be the previously created username 218a of the consumer (since the service provider server 100 may then look up the personal intbrmation 218 associated with the consumer when necessary using the consumer's usernamc 218a), In step 1208, the service provider server 100 performs a decryption process in order to decrypt the second encrypted message and to obtain the unique token identifier and consumer access key. The service provider server then checks whether the message has decrypted correctly (step 1210). In other words, the decryption of the second encrypted message is authenticated using any suitable authentication technique.
As for the first encrypted message, due to the encryption method used, only a. second encrypted message which has been genuinely created by the service provider server 100 will decrypt correctly at this stage. If the message cannot be decrypted correctly, then it is assumed to be a fake or unofficial message, and the request will be refused (step 1212) and the process 1200 will end (step 121 8). On the other hand, if the message can be decrypted correctly, then the process moves onto step 1214.
At step 1214, the identifier of the consumer is associated with the unique token identifier of the token.
The association of the consumer with the unique token identifier is then recorded by the sen-ice provider server 100.
Since the association of both the product and the consumer with the unique token identifier has now been recorded by the service provider server 100 (step 1114 of process 1100 for the product and step 1214 of the process 1200), the product and the consumer can now be associated with each other. This is step 1216.
The process then cnds at step 1218.
Thus, through the processes described above, a manufacturer may securely register a product at the service provider server 100 using the first encrypted message. Also, once a consumer has purchased the registered product, the consumer may securely associate their personal details with the registered product at the service provider server 100 using the second encrypted message The server then associates the product with the consumer using the common association of the product and consumer with the unique token identifier comprised within the first and second encrypted messages. The personal information 218 of the consumer (name, address, etc.) can thus be shared with the product manufacturer, for the purposes of marketing or an extended warranty or the like, in a convenient and secure manner.
In embodiments, a manufacturer may register their details with the service provider server 100. This registration process can include creating a manufacturer username and password which allows the manufacturer to log in to a secure web service interface of the service provider server 100.
Once the manufacturer has registered with the service provider sen-er 1 00, they may order a batch of tokens to be created. liach of these tokens will have an associated unique token identifier which will be used for generating a first and second encrypted message. As described above with reference to Figure 11, the first encrypted message comprises, in an encrypted form, the unique token identifier and the manufacturer access key. Also, as described above with reference to Figure 12, the second encrypted message comprises, in an encrypted form, the unique token identifier and the consumer access key.
For each created token, the first encrypted message may be provided to the manufacturer electronically via the securc web services interface (which the manufacturer can log in to with the manufacturer usemame and password). The manufacturer may then provide a product identifier (such as make, model and/or serial number) for a single, specific instance of a product which is to he associated with the token to the secure web services interface. Once the product identifier has been provider, the first encrypted message and product identifier are then transmitted to the service provider server 100 so that the product identifier and unique token identifier can be associated with each other.
Similarly, for each created token, the second encrypted message may be provided to the manufacturer for inclusion with the single, specific instance of the product which is to be registered with the token and eventually sold to a consumer. In embodiments, the second encrypted message may be comprised within a TIRL. The manufacturer then provides the TJRL with the product when sold.
\When the user wishes to register the product, they can then enter the IJRI into an ordinary web browser, where they will be directed to the secure web service interface. Here, as akcady described, the user may S create an account or, if an account for the user already exists, die user may log in to this existing account.
By creating or having an account via the secure web service interface, an identifier of the consumer (such as a name, address, telephone number and email address or a usemame) may he provided to the service provider sewer 100.
Once the user has created or logged in to their secure web service account, the identifier of the consumer can be associated with the unique token identifier comprised within the second encrypted message of the TJRL. The identifier of the product and the identifier of the consumer can then be associated with each other and details of the consumer can then be shared with the product manufacturer, as already described.
The URL can be provided by the manufacturer in any suitable form. For example. as already described, the URL can be provided as a QR code. Advantageously, the use of a QR code is very convenient for the user, since all they must do is capture an image of the code with a suitabic electronic device (such as a smartphone or tablet computer) and they will be taken to the secure web service interface. All the user then has to do is create or log in to their account and the registration of the product with the service provider server 100 (and hence, with the manufacturer) may he completed.
Examples of the encryption method for the first and second encrypted messages, as used in embodiments, will now he described. As described earlier, each of the first and second encrypted messages is encrypted using one or more first and second encryption parameters, respectively. In the following explanation, it is to he understood that the term "encrypted message" could correspond to either of the first and second encrypted message. Similarly, it is to be understood that the tenn "encryption parameter" could correspond to either of the first and second encryption parameter(s).
An example encryption method in which a single encryption parameter is used is a method in which the encryption parameter is a secret key which is known only to the service provider scrvcr 100. In this case, a plaintext message is eiicrypted to form an encrypted message using the secret key. The encrypted message is then sent to the manufacturer (in the case of the first encrypted message) or consumer (in the case of the second encrypted message), but the secret key is not sent. The manufacturer or consumer may thus receive the encrypted message in order to send relevant details (that is, a product identifier in the case of the manufacturer and a consumer identifier in the case of the consumer) back to the service provider server 100 with the encrypted message. However, neither the consumer nor the manufacturer will be able to decrypt the encrypted message in order to obtain the unique token identifier.
An example encryption method in which a plurality of encryption parameters is used is a method in which the encryption parameters include a security algorithm identifier, an initialisation vector and a message hash. Unlike the previous example in which the single encryption parameter is a secret key which is known only to the service provider sewer 100, each of the plurality of encryption parameters is sent with the encrypted message so that they may be read by an outsider. However, the security from this method comes from the fact that only the service provider server 100 will know how to use the encryption parameters correctly in order to decrypt the encrypted message.
The security algorithm identifier is a unique identifier (such as a unique alpha-numeric identifier) which determines how to decrypt the encrypted message. hi this example, the security algorithm identifier determines the encryption/decryption algorithm used, a secret key used in encrypting and decrypting the message, a hashing algorithm used in creating a hash of the message and a secret security code to be used when creating a hash of the message. These terms are explained in more detail below. The meaning of the security algorithm identifier is known only to the service provider server 100. To an outsider (for example, the manufacturer or consumer), the security algorithm identifier will have no discernible meaning. Rather, it will appear to he a random set of characters.
The initialisation vector is used in combination with the secret key identified by the security algorithm identifier to decrypt the encrypted message. The purpose of an initialisation vector is to prevent repetition in different encrypted messages which are encrypted using the same secret key. Initialisation vectors are known in the art, and hence will not be described in detail here. The way in which the secret key and the initialisation vector are used to decrypt the encrypted message depends on the encryption algorithm used, as defined by the security algorithm identifier.
The message hash is a hash of the dcerypted message with the secret security code appended. In other words, the message hash is created by appending the secret security code to the plaintext version of the encrypted message and creating a hash of the resulting plaintext message and secret security code combination. The validation of the message hash adds an extra level of security to the encrypted message.
The process 1400 of decryption and authentication of a received encrypted message according to embodiments with a plurality of encryption parameters is now explained with reference to Figure 13. In embodiments, thc process 1400 corresponds to the decryption and authentication steps 1110 and 1112 of Figure 11 for the first encrypted message and the decryption and authentication steps 1208 and 1210 of Figure 12 for the second encrypted message.
The process starts at step 1402. At step 1404, the security algorithm identifier, which is received with the encrypted message, is read. At step 1406, it is then determined whether or not the security algorithm identifier is valid. This involves comparing the security algorithm identifier received with the encrypted message with one or more security algorithm identifiers known to the service provider server 100. If the received security algorithm identifier is known to the service provider server 100, then it is decided that the received security algorithm identifier is valid and the process moves onto step 1408. On the other hand, if the received security algorithm identifier is not known to the service provider server 100, then it is decided that the security algorithm identifier is not valid and the request is rethsed (step 1410). This will amount to the received encrypted message not being decrypted correctly and hence to a failure of the authentication process 1112 of Figure 11 or the authentication process 1210 of Figure 12.
The number of possible security algorithm identifiers is set such that it is very difficult to guess a valid security algorithm identifier. For example, the security algorithm identifier may be comprised of 128, 256 or more bits.
At step 1408, the message is decrypted using the secret key identified by the security algorithm identifier and the initialisation vector. The way in which the secret key and initialisation vector are used depends on the encryption/decryption algorithm identified by the security algorithm identifier. Encryption/decryption algorithms which usc both a secret key and an initialisation vector are known in the art, and will hence not be discussed in detail here. The decrypted message is the plaintext message.
At step 1412, the secret security code is appended to the piaintext message and a hash of the plaintext message and secret security code combination is created. The way in which the hash is created depends on the hashing algorithm identified by the security algorithm identifier.
At step 1414, it is determined whether or not the newly created message hash is correct. That is, it is determined whether or not the newly created message hash matches the message hash received with the encrypted message. If the newly created message hash matches the received message hash, then the process moves onto step 1416. On the other hand, if the newly created message hash does notmatch the received message hash. then it is decided that there is something wrong with the received message hash.
For example, the wrong hashing algorithm, the wrong secret security code, the wrong secret key and/or the wrong decryption algorithm may have been used, indicating that the encrypted message and encryption parameters may not have been created legitimately. hi this case, the request is refused (step 1416). This will amount to the received encrypted message not being decrypted correctly and hence to a failure of the authentication process 1112 of Figure 11 or the authentication process 1210 of Figure 12.
At step 1416, the unique token identifier and access key (the manufacturer access key in the case of the first encrypted message and the consumer access key in the case of the second encrypted message) are extracted and checked against the unique token identifiers and access keys known to the service provider server 100. The relevant information received with the encrypted message (product information in the ease of the first encrypted message received from the manufacturer and consumer information in the case of the second encrypted message received from the consumer) can then be associated with the unique token identifier by the service provider server 100. The process then ends at step 1418.
Although not shown in Figure 13, if the unique token identifier and/or access key extracted from the decrypted message at step 1416 do not match those known to thc service provider server 100, then an en-or may be returned to the manufacturer or consumer (as appropriate). In this ease, they manufacturer or consumer may be advised to make contact with the service provider to report the error, as it may be the ease that the unique token identifier and/or access key were not registcred correctly at the service provider server 100 when the first and second encrypted messages were sent out, for example. On the other hand, it could be assumed that an unauthorised party has gained sufficient information about the encryption process so as to pass the previous security cheeks (that is, the validation of the security algorithm identifier and the message hash), and that the request should be refused. In this case, the lack of a match between the received unique token identifier and/or access key with those known to the service provider server 100 amounts to the received encrypted message not being decrypted correctly and hence to a failure of the authentication process 1112 of Figure 11 or the authentication process 1210 of Figure 12.
To be clear, in the process described with reference to Figure 13, the security algorithm identifier identifies to the service provider server TOO the encryption/decryption algorithm used, the secret key used in encrypting and decrypting the message, the hashing algorithm used hi creating a hash of the message and a. secret security code to he used when creating a hash of the message. These will he known only to the service provider server 100 (for example, they may be stored in a storage medium associated with the service provider server 100), and the service provider server 100 will use these only in response to detecting the correct security algorithm identifier in the received encrypted message. Furthermore, the security algorithm identifier is meaningful only to the service provider server 100. To any other party, the security algorithm identifier will have no discernible meaning. Rather, it will appear to be a random set of characters.
Advantageously, all of these pieces of information (that is, the security algorithm identifier and all of the pieces of information which the security algorithm identifier identifies) must be known in order to correctly encrypt or decrypt a message for use with the service provider server 100. This makes it very difficult for an unauthorised party to encrypt or decrypt such a message, thus improving the security and integrity of the system.
In particular, because correctly encrypting a message is difficult, and because the unique token identifier must be provided by the manufacturer or consumer in the form of a correctly encrypted message which will pass the various tests of the decryption and authentication process shown in 1-igure 13, it is very difficult for unique token identifiers to be used by any unauthorised party.
For example, if an unauthorised individual tried to guess a unique token identifier in order to obtain benefits (such as a. warranty) for a product that they did not actually own (or, indeed, if a manufacturer tried to use a unique token identifier which they had not paid the service provider for), then even if they tre to guess an existing unique token identifier, the registration would not work. This is because they would not know how to correctly encrypt the unique token identifier and hence it would not he decrypted and authenticated correctly. The security and integrity of the system is thus improved.
It is also noted that if an encrypted message is received in which certain pieces of information appear to be known hut other pieces of information appear not to be known, then this could be interpreted as a brute force attack (where the attacker attempts to pass the authentication test by exhaustively glLessmg the pieces of information which they do not know).
In embodiments, this kind of situation is detected and dealt with appropriately. For example, if an unauthorised party comes learn of a valid security algorithm identifier, hut they do not know at least one of the encryption/decryption algorithm, the secret key, the hashing algorithm or the secret security code, then the first authentication test at step 1404 of Figure 13 will be passed, however the second authentication test at step 1414 will not be passed. The service provider server 100 detects the fact that only a single authentication test has been passed and determines that a brute force attack is taking place.
In this ease, the service provider may be alerted to the fact that a brute force attack is taking place, and encrypted messages which use the security algorithm identifier which appears to have been discovered can be cancelled.
In the embodiments described so far, the first encrypted message comprises the manufacturer access key and the second encrypted message comprises the consumer access key. This is advantageous, since it ensures that the service provider server 100 knows immediately whether it is a manufacturer frying to register a product identifier (with the first encrypted message comprising the manufacturer access key) or a consumer trying to register a consumer identifier (with the second encrypted message comprising the consumer access key).
This results in reduced processing for the service provider server 100 compared to if no access key were provided. This is because, if no access key were provided, then the only way to determine whether it was a manufacturer or a consumer registration procedure which was required would be to perform an extra processing step of checking whether or not the decrypted unique token identifier had already been registered with a product identifier. If the unique token identifier had already been registered with a product identifier, then the registration request must be from a consumer. On the other hand, if the unique token identifier had not already been registered with a product identifier, then the registration request must be from a manufacturer. Including the appropriate access key within the first and second encrypted messages means that this extra processing step can be skipped, since the service provider server 100 will know immediately from the access key whether it is a manufacturer or a consumer making the request.
It is envisaged, however, that there will be embodiments in which the manufacturer and consumer access keys are not provided as part of the first and second encrypted messages, respectively. In this case, the first and second encrypted messages will comprise only the unique token identifier in an encrypted form.
Alihough the advantages of including the manufacturer and consumer access keys will not he present in these embodiments, the advantage of having a system with improved security and integrity resulting from the use of encryption in the first and second messages will still be enjoyed. Additionally. a further advantage in this scenario is that the first and second encrypted messages will comprise less data, and thus less data will need to be passed around the system 50 during product and consumer registration. This leads to improvements in the network over which the system 50 operates.
It is noted that, iii the case in which the manufacturer and consumer access keys are included in the first and second encrypted messages, respectively, then the first and second encrypted messages will be different (at least in the plaintext version). However, in the case which the manufacturer and consumer access keys are not included in the first and second encrypted messages, respectively, then the first and second encrypted messages may be the same (at least in die plaintext version).
The first and second encryption parameters used for encrypting the fir st and second encrypted messages can be the same (in certain situations, such as when the first and second encrypted messages are the same) or can be different. However, the lack of repetition which results from the use of different first and second encryption parameters (even if the same first and second parameters could be used) is advantageous, since it results in the increased security and integrity of the system.
In embodiments, the consumer and/or manufacturer access key may be randomly generated and have a large degree of variability. This further improves the security of the system, since it makes it even more difficult for an authorised party to create counterfeit encrypted messages. As already mentioned, in embodiments, the authentication process for an encrypted message received by the service provider server includes cross-checking the received consumer/manufacturer access key with the access keys known to the service provider server 100. If the access keys known to the service provider server 100 are randomly generated and have a large degree of variability, then they are very difficult to guess.
The service provider server 100 is described in more detail with reference to Figure 14.
The unique token identifier generator 1302 generates the unique token identifier which is to be associated with a product. [he unique token identifier generator also generates the first and second encrypted messages.
The encrypted message provider 1304 provides the first and second encrypted messages to the manufacturer and consumer, respectively. In embodiments, it vil1 be appreciated that the encrypted message provider could, in fact, comprise two separate devices, that is, a first encrypted message provider for providing the first encrypted message and a second encrypted message provider for providing the second encrypted message.
The encpted message receiver 1306 receives the first encted message and the identifier of the product and the second encrypted message and the identifier of the consumer from the manufacturer and consumer, respectively. In embodiments, it will he appreciated that the encrypted message receiver could, in fact, comprise two separate devices, that is, a first encrypted message receiver for receiving the first encrypted message and manufacturer identifier and a second encrypted message receiver for receiving the second encrypted message and consumer identifier.
The dcerypter and authenticatorl 308 decrypts and authenticates the first and second encrypicd messages received by the encrypted message receiver 1306. In embodiments, it will be appreciated that the decrypter and authenticator could, in fact, comprise two separate devices, that is, a first decrypter and authenticator for decrypting the first encrypted message and a second decryptcr and authenticator for decrypting the second encrypted message. Also, the decrypter and authenticator 1308 could, in fact, be formed from a separate decryper and a separate authenticator (this could apply to the case of a single deerypter and authenticator for both the first and second encrypted messages or to the case of a first and second decrypter and authenticator for the first and second encrypted messages, respectively).
The extractor 1310 extracts the unique token identifier from the plaintext versions of the first and second encrypted messages when the first and second encrypted messages have been decrypted and authenticated. In embodiments, it will be appreciated that the extractor could, in fact, comprise two separate devices, that is, a first extractor for extracting thc unique token identifier from the first encrypted message and second extractor for extracting the unique token identifier froni the second encrypted message.
The associator 1312 associates the product identifier received with the first encrypted message with the unique token identifier and associates the consumer identifier received with the second encrypted message with the unique token identifier. Once both the product identifier and consumer identifier have been associated with the unique token identifier, the associator 1312 also associates the product identifier with the consumer identifier. In embodiments, it will be appreciated that the authenticator could, in fact, comprise three separate devices, that is, a first associator for associating the manufacturer identifier with the unique token identifier, a second assoeiator for associating the consumer identifier with the unique token identifier and a third associator for associator for associating the manufacturer identifier with the consumer identifier.
The operation of the service provider server 100 and the interaction of the various componenLs is controlled by the controller 1300.
In embodiments of the present invention, there is provided a system for facilitating the registration of a product guarantee/warranty with the manufacturer or their appointed services partner by the new owner of a product by way of a unique web link for that product. More specifically, in embodiments, product specific electronic codes, such as conventional barcodes and or QR codes (for example), are used which associate a purchased product with a unique web link which is already populated with the manufacturer, product model, serial number etc. The system provides a mechanism for the product purchaser to register their details against the product. The system will only require the consumer to register their personal details once. If another product, regardless of manufacturer, is registered using the system then the system will use the previous personal details associated with that consumer to make registering of products that much quicker. The system then provides a mechanism to forward the new owner details to the manufacturer or their appointed services partner.
In embodiments, the system will provide the consumer with a central repository for all their product guarantees/warranties regardless of manufacturer. Consumers require a convenient time efficient way of registering their products and also a repository to store all the product guarantee/warranty information for all manufacturers in one place. The system aims to replace the traditional method of storing multiple manufacturer product guarantee paperwork in a physical location with storing multiple manufacturer product guarantee information in a web based repository.
As an example, a unique QR code will be generated and this will be associated to a product. More specifically, the QR code will be associated with information which uniquely defines a single, specific instance of a product, such as the serial number and model of the product. Other desired information that the manufacturer believes may enhance the product registration process may also be included. The QR code can be used on all manner of products from small electronic devices such as laptops or tablet computers, vacuum cleaners, right through to larger items that a consumer might buy such as fridge-freezers, washing machines, dishwashers, etc. This list is not exhaustive and merely provides examples of products that generally require registration in order to fully enjoy the manufacturer's guarantee. The system will be able to adapt to any product that a manufacturer would want registering as part of their manufacturer's guarantee terms and conditions.
The unique QR code can be presented to the consumer in a number of different combinations. Ideally the QR code would be attached to the product in a location easily accessible to the consunier for registration and for future use should the consumer need to contact the manufacturer or their service partner. If it is not possible to attach the QR code to the product then a printed QR code can he provided in the product support pack. This can take the form ofjust a piece of card or it could be stickers with the QR code. the stickers will allow the consumer to place it on the product in a location of their choice.
Prior to the selling of the product to the consumer, the manufacturer will provide the serial number and model of the product to the vendor. The vendor will associate the manufacturer, product niodel and serial number information with a newly generated QR code. The vendor will maintain a database of products, the associated manufacturer information for each product and the QR code associated with each product.
The vendor will either supply the QR codes to the manufacturer to print out as part of their business process or the vendor can provide a senice to pnt the QR codes for the manufacmrer. The vendor will also maintain the web presence which will allow the consumer to register the product and create their secure personal guarantee/warranty web based repository. This web based repository will provide all product guarantee/warranty information for all products registered using the QR code system. The consumer will also be able to update their personal details should they change their contact details (for example, their address or email address) or change their marketing preferences. Any changes to personal information will be passed to all manufacturers that the consumer has bought products from and which have been registered on the system.
In embodiments, the sharing of marketing information between partner manufacturers and the vendor is facilitated. The vendor will maintain a database of registered consumers. The vendor will only provide registration details of the consumer with the product manufacturer. The vendor will, however, hold information on all products a specific consumer has registered and this information can be useful to manufacturers. Depending on the marketing preferences the consumer has chosen the system will also allow the vendor to share products that a consumer has bought from other partner manufacturers so that they can use the information to target their marketing.
Obviously, numerous modifications and variations of the present disclosure are possible in light of the above teachings. It is therefore to be understood that within the scope of the appended claims, the disclosure may be practiced otherwise than as specifically described herein.
In so far as embodiments of the disclosure have been described as being implemented, at least in part, by software-controlled data processing apparatus, it will be appreciated that a non-transitory machine-readable medium carrying such software, such as an optical disk, a magnetic disk, semiconductor memory or the like, is also considered to represent an embodiment of the present disclosure.
It will be appreciated that the above description for clarity has described embodiments with reference to different functional units, circuitry and/or processors. However, it will be apparent that any suitable distribution of functionality between different functional units, circuitry and/or processors maybe used without detracting from the embodiments.
Described embodiments may be implemented in any suitable fonn including hardware, software, finnware or any combination of these. Described embodiments may optionally be implemented at least partly as computer software running on one or more data processors and/or digital signal processors. The elements and components of any embodiment may be physically, functionally and logically implemented in any suitable way. Indeed the functionality may be implemented in a single unit, in a plurality of units or as part of other functional units. As such, the disclosed embodiments may he implemented in a single unit or may be physically and functionally distributed between different units, circuitry and/or processors.
Although the present disclosure has been described in connection with some embodiments, it is not intended to be limited to the specific fonn set forth herein. Additionally, although a feature may appear to be described in connection with particular embodiments, one skilled in the art would recognize that various features of the described embodiments may be combined in any manner suitable to implement the technique.
Claims (19)
- CLAIMS1. A method of securely associating a product with a unique token identifier, the method comprising: S generating the unique token identifier to be associated with the product and generating a first encrypted message encrypted using a fir st encryption parameter, the plaintext version of the first encrypted message comprising the unique token identifier; providing the first encrypted message to a manufacturer of the product; receiving, from thc product manufacturer, the first encrypted message and an identifier of the product; decrypting and authenticating the first encrypted message; and when the first encrypted message has been decrypted and authenticated, extracting the unique token identifier from the plaintext version of the first encrypted message and associating the identifier of the product with the unique token identifier.
- 2. The method according to claim 1, wherein the first encrypted message is cnerypted using a plurality of first encryption parameters.
- 3. The method according to claim 2, wherein the plurality of first encryption parameters comprises a first security algorithm identifier, a first initialization vector and a first message hash which are provided and received with the first encrypted message, wherein: the fir st security algorithm identifier identifies a first encryption/decryption algorithm for decrypting the first encrypted message, a first secret key for decrypting the first encrypted message, a first hashing algorithm for regenerating the first message hash and a first secret security code for use in regenerating the first message hash; the first initialization vector is for use with the first secret key and first encryption/decryption algorithm for decrypting the first encrypted message; and the first message hash is a hash of the plaintext version of the first encrypted message with the first secret security code appended.
- 4. The method according to claim 3, wherein the decryption and authentication of the first encrypted message and the extraction of the unique token identifier from the plaintext version of the first encrypted message comprises: determining if the first security algorithm identifier received with the first encrypted message exists; when the first security algorithm identifier exists, decrypting the first encrypted message to obtain the plaintext version of the first encrypted message using the first initialization vector received with the first encrypted message and the first secret key and first encryption/decryption algorithm identified by the first security algorithm identifier; appending the first secret security code identified by the first security algorithm identifier to the plaintext version of the first encrypted message and rcgenerating the first message hash using the S first hashing algorithm identified by the first security algorithm identifier; determining if the regenerated first message hash matches the first message hash received with the first encrypted message; and when the regenerated first message hash marches the first message hash received with the first encrypted message, extracting the unique token identifier from the plaintext version of the first encrypted message.
- 5. The method according to any preceding claim, wherern: the plaintext version of the first encrypted message comprises a manufacturer access key identifying the product manufacturer; and the method comprises: extracting the manufacturer access key from the plaintcxt version of the first encrypted message with the unique token identifier; and using the manufacturer access key to determine that the first encrypted message has been received from the manufacturer.
- 6. The method according to any preceding claim, wherein the product identifier comprises one of a manufacturer name, a model name and a serial number of the product.
- 7. The method according to any preceding claim, wherein the first encrypted message and identifier of the product are received from the product manufacturer via a secure network interface.
- 8. A method of securely associating a product with a consumer, the method comprising: the method of associating the product with a unique token identifier according to any preceding claim; generating a second encryptcd message encrypted using a second encryption parameter, the plaintext version of the second encrypted message comprising the unique token identifier; providing the second encrypted message to the consumer; receiving, from the consumer, the second encrypted message and an identifier of the consumer; decrypting and authenticating the second encrypted message; and when the second encrypted message has been decrypted and authenticated, extracting the unique token identifier from the plaintext version of the second encrypted message, associating the identifier of the consumer with the unique token identifier, and associating the identifier of the product with the identifier of the consumer.
- 9. The method according to claim 8, wherein the second encrypted message is encrypted using a plurality of second encryption parameters.
- 10. The method according to claim 9, wherein the plurality of second encryption parameters comprises a second security algorithm identifier, a second initialization vector and a second message hash which are provided and received with the second encrypted message, wherein: the second security algorithm identifier identifies a second encryption/decryption algorithm for decrypting thc second encrypted message, a second secret key for decrypting the second encrypted message, a second hashing algorithm for regenerating the second message hash and a second secret security code for use in regenerating the second message hash; the second initialization vector is for use with the second secret key and second encryptionldeciyption algorithm for decrypting the second encrypted message; and the second message hash is a hash of the plaintext version of the second encrypted message with the second secret security code appended.
- 11. The method according to claim 10, wherein the decryption and authentication of the second ericryptcd message and the extaction of the unique token identifier from the plaintext version of the second encrypted message comprises: determining if the second security algorithm identifier received with the second encrypted message exists; when the second security algorithm identifier exists, decrypting the second encrypted message to obtain the plaintext version of the second encrypted message using the second initialization vector received with the second encrypted message and the second secret key and second encryption/decryption algorithm identified by the second security algorithm identifier; appending the second secret security code identified by the second security algorithm identifier to the plaintext version of the second encrypted message and regenerating the second message hash using the second hashing algorithm identified by the second security algorithm identifier; determining if the regenerated second message hash matches the second message hash received with the second encrypted message; and when the regenerated second message hash matches the second message hash received with the second encryptcd message, extracting the unique token identifier from the plaintext version of the second encrypted message.
- 12. The method according to any of claims 8-11, wherein: the plaintext version of the second encrypted message comprises a consumer access key identiI'ing the consumer; and the method comprises: extracting the consumer access key from the p!aintext version of the second encrypted message with the unique token identifier; and using the consumer access key to determine that the second encrypted message has been received from the consumer.
- 13. The method according to any of claims 8-12, whercin the second encrypted message forms a portion of a uniform resource locator (URL) provided to the consumer which directs the consumer to a secure network interface through which the identifier of the consumer n-lay be received.
- 14, The method according to claim 13, wherein the URL is in the form of a quick response (QR) code.
- 15. The method according to any of claims 8-14, whercinthe identifier of the consumer is one of a name, address, telephone number, email address and usernarne.
- 16. A device for securely associating a product with a product manufacturer, the device comprising: a unique tokcn identifier generator operable to generate a unique token identifier to be associated with the product and to generate a first encrypted message encrypted using a fir st encryption parameter, the plaintext version of the first encrypted message comprising the unique token identifier; a first encrypted message provider operable to provide the first encrypted message to the product manufacturer; a first encrypted message receiver operable to receive, from the product manufacturer, the first encrypted message and an identifier of the product; a first decrypter and authenticator operable to decrypt and authenticate the first encrypted message; a first extractor operable to extract the unique token identifier from the plaintext version of the first encrypted message whcn the first encryptcd message has been decrypted and authenticated; and a first associator operable to associate the identifier of the product with the unique token identifier.
- 17. A device for securely associating a product with a consumer, the device comprising: the device for associating the product with a product manufacturer according to claim 16, wherein the unique token identifier generator is operable to generate a second encrypted message encrypted using a second encryption parameter, the plaintext version of the second encrypted message comprising the unique token identifier; a second encrypted message provider operable to provide die second encrypted message to the consumer; S a second encrypted message receiver operable to receive, from the consumer, the second encrypted message and an identifier of the consumer; a second dectypter and authenticator operable to decrypt and authenticate the second encrypted message; a second extractor operable to extract the unique token identifier from the plaintext version of the second encrypted message when the second encrypted message has been decrypted and authenticated; a second associator operable to associate the identifier of the consumer with the unique token identifier; and a third associator operable to associate the identifier of the product with the identifier of the consumer.
- 18. A program for controlling a computer to perform the method according to any of claims 1-15.
- 19. A storage medium storing a computer program according to claim 18.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1317010.5A GB2518616A (en) | 2013-09-25 | 2013-09-25 | A method and apparatus for secure product registration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1317010.5A GB2518616A (en) | 2013-09-25 | 2013-09-25 | A method and apparatus for secure product registration |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201317010D0 GB201317010D0 (en) | 2013-11-06 |
GB2518616A true GB2518616A (en) | 2015-04-01 |
Family
ID=49553382
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1317010.5A Withdrawn GB2518616A (en) | 2013-09-25 | 2013-09-25 | A method and apparatus for secure product registration |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2518616A (en) |
-
2013
- 2013-09-25 GB GB1317010.5A patent/GB2518616A/en not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
GB201317010D0 (en) | 2013-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11107088B2 (en) | Open registry for internet of things | |
AU2005318933B2 (en) | Authentication device and/or method | |
CN106230784B (en) | Equipment verification method and device | |
US9628270B2 (en) | Cryptographically-verifiable attestation label | |
US20160358184A1 (en) | Open registry for identity of things including tamperproof tags | |
CN111164593B (en) | Registration authorization method and system | |
TWI526037B (en) | Method and system for abstrcted and randomized one-time use passwords for transactional authentication | |
US20180019872A1 (en) | Open registry for internet of things including sealed materials | |
US20130191289A1 (en) | Method and system for utilizing authorization factor pools | |
US9025834B2 (en) | Input validation, user and data authentication on potentially compromised mobile devices | |
WO2015042668A2 (en) | Mobile authentication method and system for providing authenticated access to internet-supported services and applications | |
TWI529641B (en) | System for verifying data displayed dynamically by mobile and method thereof | |
JP2009534739A (en) | Authentication for commerce using mobile modules | |
KR20070120125A (en) | Network commercial transactions | |
JP2007527059A (en) | User and method and apparatus for authentication of communications received from a computer system | |
FR2900486A1 (en) | Original product or detached part individualizing method for Internet, involves associating confidential code and identifying codes in database on server connected to Internet, and verifying authenticity of product via connection to server | |
KR20230007346A (en) | Application-based point-of-sale system within mobile operating system | |
US10990982B2 (en) | Authenticating a payment card | |
US20230161847A1 (en) | System and method for identifying ownership and managing transfer of ownership of premium goods | |
WO2018064329A1 (en) | Open registry for internet of things including sealed materials | |
US9871890B2 (en) | Network authentication method using a card device | |
JP2018055149A (en) | Shipping product authentication system and server apparatus | |
KR102337582B1 (en) | Security-enhanced genuine product certification system and the method thereof | |
JP2018072977A (en) | Commodity authenticity determination system | |
GB2518616A (en) | A method and apparatus for secure product registration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |