GB2589323A - Secure verification of product authenticity - Google Patents

Secure verification of product authenticity Download PDF

Info

Publication number
GB2589323A
GB2589323A GB1917156.0A GB201917156A GB2589323A GB 2589323 A GB2589323 A GB 2589323A GB 201917156 A GB201917156 A GB 201917156A GB 2589323 A GB2589323 A GB 2589323A
Authority
GB
United Kingdom
Prior art keywords
code
marked
product
stored
database system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1917156.0A
Other versions
GB201917156D0 (en
Inventor
Bircham Simon
A Grace Tom
Abhinav, (Abe) Parvataneni
P Coleman Benjamin
Santaguida Anthony
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eaton Intelligent Power Ltd
Original Assignee
Eaton Intelligent Power Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eaton Intelligent Power Ltd filed Critical Eaton Intelligent Power Ltd
Priority to GB1917156.0A priority Critical patent/GB2589323A/en
Publication of GB201917156D0 publication Critical patent/GB201917156D0/en
Publication of GB2589323A publication Critical patent/GB2589323A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products

Landscapes

  • Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

A method 50 for verifying authenticity of a product, comprises scanning 52 a first marked code and determining 54 whether the first marked code corresponds to a first stored code stored in a central database system, the first stored code being indicative of a unique identifier of the product. A second stored security code associated with the first stored code is then retrieved and checked against a second marked code visibly marked on the product 76.The first marked code may be a QR code and the second code is human readable and is adjacent the first and covering an area an order of magnitude smaller than the first. The first and second marked codes may be scanned together in a single scan event and checked at the central database system. A user may inspect the second marked codes and may be verified at a separate trusted scanning device. Position and orientation of the second code may also be checked. An alphanumeric code associated with the product may also be input 64. Also claimed is a method performed by the scanning device and a method performed by the central database, and a product having a plurality of marked codes.

Description

SECURE VERIFICATION OF PRODUCT AUTHENTICITY
TECHNICAL FIELD
The present invention relates generally to a method for verifying authenticity of the product. Aspects of the invention relate to a method, to a product, to a mobile device, and to a central database system.
BACKGROUND
It is known for a product to be marked with one or more codes used to verify its authenticity. In particular, such product markings enable authentication processes aimed at preventing counterfeit versions of a product from entering the market. This is important for a variety of reasons; for instance, an authentication process may be used as security verification where the product is safety-critical equipment.
It is common for a product to be associated with a unique identifier -for instance, in the form of a serial number -during manufacture of the product, to enable tracking of individual products throughout the manufacturing process and once they enter the market. This is useful for a number of reasons, such as quality control of products.
A Quick Response (QR) barcode -also referred to as a matrix barcode or a two-dimensional code -is often marked or printed on a product and linked to a website of the product manufacturer, for example. In particular, a product user may scan the QR code with a camera in a mobile device in order to be automatically and directly taken to the website by the mobile device.
More recently, the unique serial number of a product may be inserted into a QR code printed on the product. That is, each product has its own unique QR code. An authentication process may then be performed by scanning the QR code to check the validity and/or uniqueness of the linked serial number against data stored in a central or master database or against a serial number printed on the product. A successful authentication of the serial number would be indicative that the product is also authentic.
One disadvantage of such an authentication process is that OR codes are an open format and may be replicated relatively easily and encoded with any particular information that is desired. This means it may be relatively simple for someone to print a copied QR code linked to a genuine serial number on a counterfeit product such that it is almost indistinguishable from the genuine product having that serial number.
One idea for addressing this issue is to include hidden images in the OR code not easily readable by a human, and using a smart device to read the code and perform image processing to extract the encoded information. Another idea is to conceal part or all of a QR code using a scratch-off material that is to be revealed upon purchase of a product. A further idea is to mark a product with micro particles that form a unique pattern The above ideas suffer one or more drawbacks in that they require the QR code itself to be altered, they require dedicated equipment to read/decode the information contained in the code, they may be used only once to perform product authentication, and/or they include further information that requires a further decoding operation.
It is against this background to which the present invention is set.
SUMMARY OF THE INVENTION
According to an aspect of the present invention there is provided a method for verifying authenticity of a product. The method comprises scanning, using a scanning device, a first marked code that is overtly marked on the product. The method comprises determining whether the first marked code corresponds to a first stored code stored in a central database system in wireless communication with the scanning device, the first stored code being indicative of a unique identifier of the product. If the first marked code corresponds to the first stored code, the method comprises retrieving, in the central database system, a second stored code associated in the central database system with the first stored code. The method then also comprises enabling a determination as to whether the retrieved second stored code corresponds to a second marked code visibly marked on the product in order to verify authenticity of the product. The second marked code is human-readable and separate from the first marked code on the product.
The method may comprise, prior to scanning the first marked code, inspecting the product for the second marked code, wherein absence of the second marked code on the product is indicative of the product not being authentic.
The second marked code may be adjacent to the first marked code on the product. Scanning the first marked code may comprise scanning the first marked code and the second marked code as part of a single scan event of the scanning device.
Enabling the determination as to whether the second stored code corresponds to the second marked code may comprise determining, by the central database system, whether the second stored code corresponds to the scanned second marked code received from the scanning device.
The method may comprise sending, from the central database system, the retrieved second stored code. Enabling the determination as to whether the retrieved second stored code corresponds to the second marked code on the product may comprise inspection by a user to compare the retrieved second stored code and the second marked code on the product.
The method may comprise determining, by the central database system, whether the scanning device is a trusted device and wherein, if so, the retrieved second stored code may be sent to the scanning device.
If the scanning device is determined to not be a trusted device then the retrieved second stored code may be sent to a separate trusted scanning device accessible by the user.
Enabling the determination as to whether the retrieved second stored code corresponds to the second marked code may comprise checking a position or orientation of the second marked code on the product relative to the first marked code.
The second stored code may be a randomly generated code.
An area on the product covered by the second marked code may be less than that of the first marked code.
The area on the product covered by the second marked code may be at least an order of magnitude smaller than that covered by the first marked code, and optionally at least two orders of magnitude smaller than that covered by the first marked code.
The second marked code may comprise at least one of: one or more alphanumeric characters; one or more two-dimensional shapes; and, one or more images.
The first marked code may be in the form of a barcode. Optionally, the barcode is a two-dimensional barcode or matrix barcode. Optionally, the two-dimensional barcode is a Quick Response (QR) code.
The method may comprise obtaining, by the scanning device, metadata associated with the step of scanning the first marked barcode, and sending the obtained metadata to the central database system. The method may comprise determining, by the central database system, an indication of authenticity of the product in dependence on the obtained metadata.
Determining the indication of authenticity of the product may be made in dependence on at least one of: a number of occasions the first marked code has been scanned and sent to the central database system; a frequency of occasions the first marked code has been scanned and sent to the central database system; a time at which scanning of the first marked code is performed; an amount of time between manufacture of a product associated with the unique identifier and the first marked code being sent to the central database system; a location in which scanning of the first marked code is performed; and, a number of different locations in which scanning of the first marked code is performed.
The method may comprise inputting to the scanning device an alphanumeric marked code that is overtly marked on the product, and sending the inputted alphanumeric marked code to the central database system. The method may comprise, prior to the step of retrieving the second stored code, determining whether the inputted alphanumeric marked code is associated with the first stored code in the central database system. The inputted alphanumeric marked code being determined to not be associated with the first stored code may be indicative of the product not being authentic.
According to an aspect of the present invention there is provided a method performed by a scanning device for verifying authenticity of a product. The method comprises scanning a first marked code that is overtly marked on the product. The method comprises providing an indication as to whether the first marked code corresponds to a first stored code stored in a central database system in wireless communication with the scanning device, the first stored code being indicative of a unique identifier of the product. If the first marked code corresponds to the first stored code, the method comprises receiving, from the central database system, an indication of whether a second stored code associated in the central database system with the first stored code corresponds to a second marked code visibly marked on the product. The method comprises providing a user of the scanning device with the indication in order to verify authenticity of the product. The second marked code is human-readable and separate from the first marked code on the product.
According to an aspect of the present invention there is provided a method performed by a central database system for verifying authenticity of a product. The method comprises receiving, from a scanning device in wireless communication with the central database system, data indicative of whether a first marked code that is overtly marked on the product corresponds to a first stored code stored in the central database system. The first stored code is indicative of a unique identifier of the product. If the first marked code corresponds to the first stored code, the method comprises retrieving a second stored code associated in the central database system with the first stored code. The method then comprises transmitting, to the scanning device, an indication to enable determination as to whether the retrieved second stored code corresponds to a second marked code visibly marked on the product in order to verify authenticity of the product.
The second marked code is human-readable and separate from the first marked code on the product.
According to an aspect of the present invention there is provided a product having a plurality of marked codes thereon to be used for verifying authenticity of the product. The plurality of marked codes comprises a first marked code in the form of a two-dimensional barcode overtly marked on the product, and which is indicative of a unique identifier of the product. The plurality of marked codes comprises a second marked code in the form of a human-readable code visibly marked on the product. An area on the product covered by the second marked code is at least an order of magnitude smaller than that covered by the first marked code, and the second marked code is positioned adjacent to the first marked code on the product such that a scanning device can scan both the first and second marked codes as part of a single scan event for sending to a central database system to verify that the first and second marked codes are associated with each other in the central database system.
According to an aspect of the present invention there is provided a scanning device for use in verifying authenticity of a product. The product has a first marked code overtly marked on the product, and a second marked code in the form of a human-readable code visibly marked on the product. The scanning device is arranged to scan the first marked code to determine an indication as to whether the first marked code corresponds to a first stored code stored in a memory device of a central database system in wireless communication with the scanning device. The first stored code being indicative of a unique identifier of the product. The scanning device is arranged to inform a user when the first marked code does not correspond to the first stored code. When the first marked code corresponds to the first stored code, the scanning device is arranged to receive an indication from the central database system as to whether the second marked code corresponds to a second stored code stored in the memory device, the second stored code being associated with, and retrievable based on, the first stored code in the central database system, and inform the user based on the received indication in order to verify authenticity of the product.
According to an aspect of the invention there is provided a central database system for use in verifying authenticity of a product. The central database system comprises an input arranged to receive data, from a scanning device, indicative of a first marked code that is overtly marked on the product. The central database system comprises a processor arranged to search a memory device of the central database system for a first stored code corresponding to the first marked code, the first stored code being indicative of a unique identifier of the product, and retrieve from the memory device a second stored code associated in the memory device with the first stored code. The central database system comprises an output arranged to transmit to the scanning device a signal used to enable a determination as to whether the retrieved second stored code corresponds to a second marked code in the form of a human-readable code visibly marked on the product in order to verify authenticity of the product.
BRIEF DESCRIPTION OF THE DRAWINGS
Examples of the invention will now be described with reference to the accompanying drawings, in which: Figure 1 shows a schematic view of an arrangement including a product having a number of codes marked thereon, a scanning device, and a central database system with which the scanning device may communicate; Figure 2 shows the product codes of Figure 1, the product codes including a OR code, a OR validation code, and a primary alphanumeric code; Figure 3 shows the steps of a method performed by the arrangement of Figure 1; Figure 4 shows the steps of a method performed by the scanning device of Figure 1; Figure 5 shows the steps of a method performed by the central database system of Figure 1; Figure 6 shows product codes with a OR validation code according to a different example from Figure 2; Figure 7 shows product codes with a OR validation code according to another different example from Figure 2, and, Figure 8 shows product codes with a OR validation code according to a further different example from Figure 2.
DETAILED DESCRIPTION
Figure 1 illustrates an arrangement 10 including a product 12, a scanning device 14 and a central database system 16. The arrangement 10 is to be used to perform an authentication process to verify the authenticity of the product 12. The product 12 includes a plurality of codes -generally referred to at 18 -printed or otherwise marked thereon, to be used as part of the authentication process.
The scanning device 14 includes a camera that is able to scan or read one or more of the marked codes 18 on the product 12, and a transceiver for allowing wireless communication with the central database system 16. The scanning device 14 may also include a processor and software for decoding the one or more marked codes 18 that have been scanned in order to extract the information encoded within. The scanning device 14 may be in the form of a mobile or handheld device such as a cellular telephone device, a dedicated mobile or fixed scanning device, or any other suitable device.
The central database system 16 includes a master database or memory device 20 that stores information related to the product 12, e.g. one or more unique identifiers of the product 12 such as a serial number. The central database system 16 includes an input or receiver 22 arranged to receive wireless communication signals from the scanning device 14 via a wireless network 23, and an output or transmitter 24 arranged to transmit wireless communication signals to the scanning device 14 via the wireless network 23.
The central database system 16 also includes a processor 26 arranged to perform processing steps or operations of the product authentication process, as will be described below.
Figure 2 shows the plurality of codes 18 printed or marked on the product 12 in greater detail. In particular, there is provided a unique identifier in the form of a serial number 30 of the product 12. In the described example, the marked serial number 30 is unique to the individual product, item or article 12.
The plurality of codes 18 also includes a machine-readable, two-dimensional or matrix barcode 32 -also referred to throughout as the first marked code 32 -formed by black squares on a square grid on a white or plain background. The two-dimensional code 32 is overtly marked or displayed on the product 12 in that it is not concealed from normal view. In the described example, the two-dimensional barcode 32 is a Quick Response (QR) code. Specifically, the QR code 32 is a serialised QR code in which the serial number 30 of the product 12 is inserted. As the QR code 32 is not human-readable -and instead the serial number is encoded within -then the QR code 32 needs to be decoded in order to reveal the serial number. The OR code 30 may therefore be decoded to compare the revealed serial number with the marked serial number 30 to provide an indication of authenticity of the product 12.
The plurality of codes 18 also includes a security code 34 associated with the OR code 32, and the association will be discussed in greater detail below. The security code 34 -also referred to throughout as the second marked code 34 or the OR validation code 34 -is marked on the product 12 adjacent to the QR code 32. In particular, the OR code 32 and associated security code 34 are printed sufficiently close together on the product 12 such that they may be scanned together by the scanning device 14 at the same time, i.e. as part of a single scan event or operation. The security code 34 is human-readable and, in this example, is in the form of a sequence of two letters. More generally, the security code 34 is randomly generated and may include a sequence of images or characters, e.g. alphanumeric characters, two-dimensional shapes, etc., and may include any suitable number of characters or images. It may be seen in Figure 2 that an area covered by the security code 34 on the product 12 is smaller than an area covered by the QR code 32. In particular, in the described example the area covered by the security code 34 is more than two orders or magnitude smaller than that of the QR code 32. More generally, the area covered by the security code 34 is significantly smaller than that of the QR code 34, e.g. at least one order of magnitude smaller.
The plurality of codes 18 may be marked at any suitable position on the product 12 and in any suitable positions relative to one another. Furthermore, the plurality of codes 18 may be marked on the product 12 in any suitable orientation relative to one another. In the example shown in Figure 2, the arrows 36, 38 indicate upward 36 and sideward 38 directions of the product 12. It may be seen, therefore, that in the described example the security code 34 is marked on the product 12 to the left of the QR code 32 at a lower end of the QR code 32. It may also be seen that the security code 34 is oriented differently from the QR code 32; in particular, in the described example the security code 34 is rotated through ninety degrees relative to the QR code 32 and to the upward direction 36.
In the described example, the plurality of codes 18 also includes a six-character alphanumeric code 40 -or alphanumeric marked code 40 -which may be used as part of an additional check of the authentication process, as will be described below. In particular, the code 40 includes characters that may be input by a user to the scanning device 14 -e.g. on a keyboard device or function of the scanning device 14-such as letters, numbers, or a combination thereof More generally, the alphanumeric code 40 is human-readable. The alphanumeric code 40 is unique to the product 12. In examples other than the presently-described example, the product may not include the alphanumeric code 40, in which case the alphanumeric code 40 is not part of the authentication process.
In the described example, it is seen that the serial number 30 and alphanumeric marked code 40 are positioned adjacent to each other on the product 12 -specifically, the alphanumeric code 40 is printed immediately below the serial number 30 -and that the serial number 30 and alphanumeric marked code 40 have the same orientation and font size. This is in contrast to the security code 34, which has a smaller font size than the serial number 30 and alphanumeric marked code 40, and is rotated through an angle of ninety degrees relative to the serial number 30 and alphanumeric marked code 40. It is also noted that, in this example, the security code 34 has fewer characters than the alphanumeric marked code 40 and the serial number 30.
Figure 3 shows the steps of a method 50 performed by the arrangement 10 to verify the authenticity of the product 12. In particular, in the described example each of the plurality of codes 18 marked on the product 12 are used as part of the verification method or process 50. However, in different examples the alphanumeric marked code 40 may not be present on the product, in which case the steps relating to that code do not form part of the authentication process.
A first part of the authentication process 50 may involve the OR code 32. At step 52 the scanning device 14 is used to scan the OR code 32 and the associated security code 34. As mentioned above, the QR code and associated security code 34 are printed adjacent each other on the product 12 such that the scanning device 14 can capture both of these printed codes 32, 34 as part of a single scan event. The codes 32, 34 may be scanned automatically upon the camera being appropriately aligned relative to the codes 32, 34 and with the scanning device 14 running appropriate software. The scan event may alternatively be in the form of a captured image of the codes 32, 34 taken using the camera.
At step 54, it is determined whether the QR code 32 is valid. In the described example, the scanning device 14 uses suitable software running thereon to decode the QR marked code 32 scanned from the product 12. In particular, the scanning device 14 decodes the scanned QR code 32 to reveal the serial number within. The revealed serial number is communicated to the user, e.g. by displaying it on a screen of the scanning device 14.
The user can then compare, by inspection, the revealed serial code with the serial code marked on the product 12. If the revealed and marked serial codes to not match, then this is an indicator that the product 12 may not be authentic (step 56), and the process 50 may terminate here. If, however, the revealed and serial codes do match, then the method may proceed to the next part of the authentication process at step 58.
Note that the validity of the marked OR code 32 may be determined in an alternative manner to the above. For instance, the scanning device 14 may decode the scanned OR code 32 to reveal the serial number contained within, as above, and then the revealed serial number may be sent by the scanning device 14 to the central database system 16.
A check may then be performed by the central database system 16 to determine whether the revealed serial number is a valid serial number by checking the revealed serial number against a database of valid serial numbers stored in the master database 20. If the revealed serial number is determined not to be valid -i.e. it does not match one of the stored valid serial numbers -then this is an indicator that the product 12 is not authentic (step 56). Optionally, the scanned OR code 32 itself may be sent by scanning device 14 to the central database system 16, with the central database system 16 performing the decoding operation in addition to the check against stored valid serial numbers. This central database system 16 check of the serial number validity may be in addition to, or as an alternative to, the user inspection of the revealed serial code with the marked serial code 30 that is described above.
If the OR code 32 is determined to be valid at step 54, then a next part of the authentication process 50 may involve the alphanumeric marked code 40. In particular, in examples in which the product 12 includes the alphanumeric marked code 40, at step 58 a user of the scanning device 14 enters or inputs the alphanumeric marked code 40 from the product 12 into the scanning device 14 using any suitable interface or hardware of the scanning device, e.g. keyboard function, voice recognition function, etc. The scanning device 14 then sends the user-inputted alphanumeric marked code 40 to the central database system 16.
At step 64, it is determined whether the alphanumeric marked code 40 is linked to, or associated, with the marked OR code 32 -in particular, the serial number encoded within -in the central database system 16. In the master database 20, each alphanumeric code is referenced to a valid serial number. This check at step 64 ensures that this alphanumeric marked code 40 accompanies the correct serial number 30 on the product 12. In particular, for the alphanumeric marked code 40 that has been sent to the central database system 16, the central database system 16 retrieves from its memory 20 the serial number that is associated with that particular stored alphanumeric code. A comparison with the serial number of the product 12 is then performed, which may be achieved in a number of different ways. For instance, the retrieved serial number may be sent to the scanning device 14 and displayed to the user so that the user can compare the retrieved serial number with the serial number 30 printed on the product 12, by inspection. Alternatively, an automatic comparison may be performed by the central database system 16 using the serial number encoded within the OR code 32 if this has been sent to the central database system 16. If the alphanumeric marked code 40 is not linked, referenced or associated with the serial number 30 in the master database 40 then this is an indicator that the product 12 is not genuine or authentic (step 66). If, however, the alphanumeric marked code 40 is indeed linked to the serial number 30 in the central database system 16 then the method 50 may proceed to the next step of the authentication process. The alphanumeric marked code 40, together with the associated steps of the authentication process described above in determining its uniqueness and link to the OR code 32, may be referred to as a primary authentication feature. Note that, in examples in which the alphanumeric code 40 is not present on the product then the authentication process 50 does not include steps 58, 64 or 66.
A next part of the authentication process involves the security code 34 associated with the OR code 32. In particular, in the master database 20 of the central database system 16 there is stored a security code associated with each OR code or serial number. It is therefore to be determined whether this is replicated on the product 12 for the particular marked OR code 32 and serial number 30. The scanned OR code 32 and/or decoded serial number within may have been sent from the scanning device 14 to the central database system 16 at an earlier step of the method 50. If not, this is sent to the central database system 16 at this step of the process. At step 68, the central database system 16 retrieves the security code associated or linked in the memory 20 to the QR code and/or revealed serial number. It must then be verified that the retrieved security code stored in memory corresponds to the security code 34 marked on the product 12.
Prior to this verification, the process may involve checking that the device from which the security code verification request has been received -in this case, the scanning device 14 -is a trusted device. In particular, this check may be used to determine whether it is appropriate to communicate with the scanning device 14 with information regarding the validity of the security code. At step 70 of the method 50, it is therefore determined whether the scanning device 14 is a trusted device. A trusted device may be a mobile device of a registered user of the system. For instance, the registered user may be required to provide user identification and/or password credentials. If such credentials are provided successfully -as verified by the system -then the mobile device may be determined to be a trusted device at step 70. In particular, the extended authentication functionality of the described process may be unavailable to anonymous users, guest users or registered users that fail a login process.
If at step 70 it is determined that the scanning device 14 is a trusted device then at step 72 the central database system 16 communicates with the scanned device 14 with information indicative of whether the marked security code 34 is valid or correct. If, however, at step 70 it is determined that the scanning device 14 is not a trusted device then at step 74 the central database system 16 communicates with a separate or further device with such information. The further device is a trusted device that is accessible by the user. This will guard against security-related information being disclosed to a potentially unauthorised person.
Irrespective of the outcome at step 70 of the process, at step 76 it is determined whether the stored security code associated in the master database 20 corresponds to the marked security code 34 on the product 12. In the described example, the retrieved security code is sent from the central database system 16 to the scanner device 14 (step 72) or to a further trusted device (step 74). The user then compares the retrieved security code with the marked security code 34, by inspection. If they do not match then this is an indication that the product 12 is counterfeit or not authentic (step 78), whereas if they do match then this is an indication that the product 12 is authentic or genuine (step 79). In particular, the data sent by the central database system 16 to enable a determination as to whether the stored security code corresponds to the marked security code 34 may simply include the characters and/or images forming the security code such that the user must only check that the characters between the stored and marked security codes are a match. However, the data sent to enable the determination may additionally include data indicative of a size, position and/or orientation that the security code 34 should be on the product 12, in particular a size, position and/or orientation of the security code 34 relative to the marked QR code 32. In such cases, the data sent by the central database system 16 may be displayed to the user as an image of the OR code and associated security code indicating their position and orientation relative to each other so that the user can check this matches the marked codes 32, 34 on the product 12.
The complete absence of a marked security code 34 from the product 12 can also be an indication that the product 12 is not authentic. In particular, prior to inputting the alphanumeric marked code 40 or prior to scanning the marked OR code 32, the user may inspect the product 12 for the presence of the security code associated with the OR code 32. If such a security code is absent from the product 12 then it may be determined that the product 12 is not authentic without needing to perform the remainder of the authentication process The marked security code 34, together with the associated steps of the authentication process described above in determining its validity and link to the QR code 32, may be referred to as a secondary authentication feature.
In some examples, metadata associated with the scan event performed by the scanning device 14 when scanning the QR code 32 is used as part of the authentication process.
Specifically, when the scanning device 14 scans the OR code 32, metadata associated with that scan event is logged by the scanning device 14 and then sent to the central database system 16 along with the scanned OR code 32 and/or decoded serial number.
The collected metadata may be stored in the central database system 16, in particular in a scan event database of the central database system 16. The scan event database stores a history of user interaction with the particular OR code in question. For instance, the database may store data indicative of the number of occasions on which a particular QR code has been scanned and sent to the central database system 16 for verification, a frequency of occasions the OR code has been used for verification, and/or times of day that a verification request for the OR code is made. The database may also store data indicative of different locations at which the OR code has been scanned. The collected scan event metadata is then added to the stored data relating to the OR code -i.e. the metadata may include a time and location of the scan event, and whether the verification request is then successful.
Based on the collected scan event data related to the scanning device 14, the central database system 16 may determine whether the authentication request from the scanning device 14 is genuine. The determination may be based on the collected scan event data alone; for instance, if the scan event occurred at a particular time of day or in a particular location, then this may automatically indicate whether the request is genuine or not. The determination may alternatively be based on the data stored in the scan event database. For instance, the request may be determined to not be genuine if the number or frequency of verification requests for that particular OR code exceeds a prescribed limit. Alternatively, or in addition, the determination may be based on whether an amount of time between manufacture of the product 12 and the scan event is above or below a threshold. Alternatively, or in addition, the authentication request may be determined to not be genuine if the number of different locations from which verification for that particular QR code is requested exceeds a prescribed limit.
Figure 4 summarises the steps performed by, or at, the scanning device 14 as part of the overall authentication process described above to verify the authenticity of the product 12. The scanning device method steps -referred to as the method 80 -includes at step 81 using the scanning device 14 to scan the marked QR code 32 and the associated security code 34.
At step 82, the scanning device 14 provides an indication as to whether the marked QR code 32 -indicative of a serial number of the product 12 -corresponds to a serial code stored in the central database system 16. This may involve the scanned QR code 32 being sent to the central database system 16 for decoding and comparison with the stored serial number. Alternatively, this may involve the scanning device 14 decoding the QR code 14 to reveal the stored code. The decoded serial number may then be presented to the user for comparison with the printed serial number 30. Alternatively, the decoded serial number may be sent to the central database system 16 for comparison with the stored serial number, with the result being received back at the scanning device 14 for providing to the user.
At step 83, the method 80 includes receiving the user-inputted alphanumeric marked code 40, e.g. via a keyboard function of the scanning device 14, and sending the inputted code 40 to the central database system 16. At step 84, the scanning device 14 receives an indication back from the central database system 16 as to whether the inputted code 40 is linked to the QR code, and provides an indication of this to the user.
If the alphanumeric marked code 40 is linked to the QR code 32, then at step 85, the scanning device 14 receives, from the central database system 16, an indication of whether a stored security code associated in the central database system 16 with the stored QR code corresponds to the marked security code 34 on the product 12. If the scanned QR code 32, or the decoded serial number, has not been sent to the central processing system 16 in an earlier step, then this is sent from the scanning device 14 to allow retrieval of the stored security code. The indication received from the central database system 16 may be data indicative of the retrieved security code for presentation to the user by the scanning device 14 for comparison, by the user, with the marked security code 34. Alternatively, the comparison may be performed by the central database system, and so the received indication is simply an outcome of that comparison.
Figure 5 summarises the steps performed by, or at, the central database system 16 as part of the authentication process to verify the authenticity of the product 12. The central database system method steps -referred to as the method 90 -includes at step 91 the central database system 16 receiving, from the scanning device 14, data indicative of whether the marked QR code corresponds to a stored QR code, or associated serial number, stored in the central database system 16. In particular, this may in the form of a confirmation that this has been checked, by inspection, at the scanning device side. Alternatively, this may involve the central database system 16 searching a database of valid serial numbers in the master database 20 to determine whether the received serial code within the marked QR code 32 appears. This may involve the central database system 16 decoding the marked OR code 32 if this is not done by the scanning device 16.
If the QR code is valid at step 91, then at step 92 the method 90 includes receiving data indicative of the user-inputted alphanumeric marked code 40. At step 93, the central database system 16 determines whether the received code 40 is linked to the QR code 32 -for instance, by searching a database of the alphanumeric and OR codes stored in the master database 20 -and sends the result of the determination to the scanning device 14.
At step 94, the central database system 16 transmits, to the scanning device 14, an indication to enable determination as to whether the retrieved stored security code corresponds to marked security code 34 on the product 12. This may involve simply transmitting the retrieved security code to the scanning device 14 for comparison with the marked security code 14 by inspection by the user. Alternatively, if the marked QR code data received by the central database system 16 includes data indicative of the marked security code 34, then the comparison between the retrieved and marked security codes may be performed automatically by the central database system 16, in which case the indication transmitted by the central database system 16 may simply be the outcome of the comparison.
Many modifications may be made to the above-described examples without departing from the scope of the appended claims.
In the above-described example, the security code 34 associated with the QR code 32 is a string of two letters (see Figure 2). Figures 6 to 8 show further examples of a OR code with an associated security code located adjacent thereto as printed on a product. Figure 6 shows a QR code 132 with an associated security code 134. Similarly to the security code 34 in Figure 2, the security code 134 in Figure 6 is located to a lower left side of the OR code 134, is oriented at an angle of ninety degrees relative to the OR code 134, and is formed by two characters. Unlike the security code 34 in Figure 2, however, the security code 134 in Figure 6 includes a two-dimensional shape -specifically, a triangle -as one of the characters. Figure 7 shows a further example of a OR code 232 with an associated security code 234, which differs from the examples in Figures 2 and 6 in that the security code 234 is printed to an upper left side of the OR code 232 and that it is formed by more than two -specifically, eight -characters. Figure 8 illustrates a further example of a OR code 332 with an associated security code 334, and shows the security code 334 having three characters including a mixture of a number and two letters.
In the above-described examples, the product and associated authentication method includes a user-inputted alphanumeric code, e.g. the alphanumeric marked code 40. In different examples, however, the product and associated authentication method may only include the OR code and associated OR validation code -or security code -for determining product authenticity.
In the above-described examples a OR code -also referred to as a two-dimensional barcode or a matrix barcode -is used to identify the serial number of the product. In different examples, however, a different machine-readable code may be used, e.g. a one-dimensional barcode.
In the above-described examples the serial number identifier code is a machine-readable code, in particular a OR code; however, in different examples the serial number identifier code may be a human-readable code.
In the above-described examples, the security or OR validation code that is stored in the central database system is retrieved and then sent to the scanning device -or other trusted device -so that the user may compare the respective stored and marked security codes by inspection in order to determine an indication of authenticity. In different examples, however, the comparison between the stored and marked security codes may instead be performed automatically at the central database system. In particular, in such examples the OR code and associated security (or OR validation) code are printed adjacent to each other on the product so that the scanning device scans both of the codes as part of a single scan event. The automatic comparison between the stored and marked security codes performed by the central processing system may include a check that there is a match between characters, and order thereof, forming the codes. The automatic comparison may additionally include a check that a relative position and/or orientation of the marked security code relative to the QR code matches that of the stored security and QR codes.
In the above-described examples, the security code is marked on the product adjacent to the QR code, in particular such that the two codes may be captured as part of a single scan event by the scanning device. In different examples, however, this need not be the case. In particular, in an example in which the security code stored in the central database system associated with the QR code is sent to the user device so that the user checks the stored code against the marked code, then the security code may be located distant from the QR code on the product. Specifically, an informed user -e.g. an employee or associate of the manufacturer -may have knowledge of where to look on the product for the security code (unlike an end user of the product, for instance), and perform the check accordingly. The position of the security code on the product may be part of the security feature, where the central database system stores and transmits the position of the security code on the product for checking by the user.
In the above-described examples, the primary alphanumeric code 40 is printed on the product 12 adjacent to the QR code 32; however, in different examples the primary alphanumeric code 40 and QR code 32 may be located at different parts of the product 12.
In some examples, when the mobile device is used to scan the QR code a photograph of the QR code and surrounding area -including the additional security code -of the product is taken. This photograph may be sent or uploaded to the server or central database system to allow a manual or automatic check -e.g. using optical character recognition (OCR) technology -of the security code. Each scan event may be timestamped, and an analysis of this information may be used as part of the authentication process. For instance, a recurrence of events associated with a particular unique serial number may indicate that the relevant product is not authentic.
Examples of the invention are advantageous in that they provide for a security feature that is useful in distinguishing between genuine and copied OR codes on products or articles, or other machine-readable codes. In particular, the invention is advantageous in that it provides an additional code on a product that, to a third party, is not obviously part of, or associated with, the OR code. Specifically, the additional associated code may be overlooked by someone trying to copy the OR code, and so the additional step in an authentication process to check the presence of the additional code is useful in distinguishing genuine products or articles from copies. The additional code can advantageously be made to be relatively discreet or unnoticeable on the product, for instance by making it relatively short and/or small relative to the OR code, whilst still being readable.
Examples of the invention are advantageous in that no decoding of the additional security code is needed, meaning that no additional software is needed for performing the authentication process, and that validation may be performed by visual inspection. Also, the additional code being external to, or separate from, the OR code means that no changes to a OR code are needed. This in turn means that the OR code can advantageously continue to be generated in a standard way.
Examples of the invention are advantageous in that the additional code is positioned relative to the OR code so that both may be captured as pad of a single scan event, meaning that authentication process steps including one or both of the codes may be performed automatically with relatively little input needed. Equally, examples of the invention may advantageously position the additional code distant from the OR code so that it less obviously associated with the OR code. In examples in which the authentication process is aimed at an informed user -rather than an end user or customer -this may be particularly beneficial. Absence of the additional code on a product is also advantageously a relatively quick way for an informed user to observe that the product may not be genuine.
Examples of the invention are advantageous in that they allow for product authenticity to be checked as many times as needed at different stages of the product lifecycle as the printed OR and additional codes are permanent features of the product, and the authentication process does not alter the printed codes in any way. Examples of the invention are advantageous in that no special hardware is required to perform the authentication process; in particular, a standard mobile device having a standard QR code reader and/or image capture function (camera) is sufficient.

Claims (15)

  1. CLAIMS1. A method (50) for verifying authenticity of a product (12), the method (50) comprising: scanning (52), using a scanning device (14), a first marked code (32) that is overtly marked on the product (12); and, determining (54) whether the first marked code (32) corresponds to a first stored code stored in a central database system (16) in wireless communication with the scanning device (14), the first stored code being indicative of a unique identifier of the product (12), wherein, if the first marked code (32) corresponds to the first stored code, the method (50) comprises: retrieving (68), in the central database system (16), a second stored code associated in the central database system (16) with the first stored code; and, enabling a determination (76) as to whether the retrieved second stored code corresponds to a second marked code (34) visibly marked on the product (12), the second marked code (34) being human-readable and being separate from the first marked code (32) on the product (12), in order to verify authenticity of the product (12).
  2. 2. A method (50) according to Claim 1, the method (50) comprising, prior to scanning (52) the first marked code (32), inspecting the product for the second marked code (34), wherein absence of the second marked code (34) on the product (12) is indicative of the product (12) not being authentic.
  3. 3. A method (50) according to Claim 1 or Claim 2, wherein the second marked code (34) is adjacent to the first marked code (32) on the product (12), and wherein scanning (52) the first marked code (32) comprises scanning the first marked code (32) and the second marked code (34) as part of a single scan event of the scanning device (14).
  4. 4. A method (50) according to Claim 3, wherein enabling (76) the determination as to whether the second stored code corresponds to the second marked code (34) comprises determining, by the central database system (16), whether the second stored code corresponds to the scanned second marked code (34) received from the scanning device (14).
  5. 5. A method (50) according to any previous claim, the method (50) comprising sending, from the central database system (16), the retrieved second stored code, and wherein enabling the determination (76) as to whether the retrieved second stored code corresponds to the second marked code (34) on the product (12) comprises inspection by a user to compare the retrieved second stored code and the second marked code (34) on the product (12).
  6. 6. A method (50) according to Claim 5, the method (50) comprising determining (70), by the central database system (16), whether the scanning device (14) is a trusted device and wherein, if so, the retrieved second stored code is sent (72) to the scanning device (14).
  7. 7. A method (50) according to Claim 6, wherein if the scanning device (14) is determined to not be a trusted device then the retrieved second stored code is sent (74) to a separate trusted scanning device accessible by the user.
  8. 8. A method (50) according to any previous claim, wherein enabling the determination (76) as to whether the retrieved second stored code corresponds to the second marked code (34) comprises checking a position or orientation of the second marked code (34) on the product (12) relative to the first marked code (32).
  9. 9. A method (50) according to any previous claim, wherein an area on the product (12) covered by the second marked code (34) is less than that of the first marked code (32).
  10. 10. A method (50) according to Claim 9, wherein the area on the product (12) covered by the second marked code (34) is at least an order of magnitude smaller than that covered by the first marked code (32), and optionally at least two orders of magnitude smaller than that covered by the first marked code (32).
  11. 11. A method (50) according to any previous claim, wherein the second marked code (34) comprises at least one of: one or more alphanumeric characters one or more two-dimensional shapes; and, one or more images.
  12. 12. A method (50) according to any previous claim, the method (50) comprising: inputting (58) to the scanning device (14) an alphanumeric marked code (40) that is overtly marked on the product (12), and sending the inputted alphanumeric marked code (40) to the central database system (16); and, prior to the step of retrieving (68) the second stored code, determining (64) whether the inputted alphanumeric marked code (40) is associated with the first stored code in the central database system (16), wherein the inputted alphanumeric marked code (40) not being associated with the first stored code is indicative of the product (12) not being authentic.
  13. 13. A method (80) performed by a scanning device (14) for verifying authenticity of a product (12), the method (80) comprising: scanning (81) a first marked code (32) that is overtly marked on the product (12); and, providing (82) an indication as to whether the first marked code (32) corresponds to a first stored code stored in a central database system (16) in wireless communication with the scanning device (14), the first stored code being indicative of a unique identifier of the product (12), wherein, if the first marked code (32) corresponds to the first stored code, the method (80) comprises: receiving (85), from the central database system (16), an indication of whether a second stored code associated in the central database system (16) with the first stored code corresponds to a second marked code (34) visibly marked on the product (12), the second marked code (34) being human-readable and being separate from the first marked code (32) on the product (12), and providing a user of the scanning device (14) with the indication in order to verify authenticity of the product (12).
  14. 14. A method (90) performed by a central database system (16) for verifying authenticity of a product (12), the method (90) comprising: receiving (91), from a scanning device (14) in wireless communication with the central database system (16), data indicative of whether a first marked code (32) that is overtly marked on the product (12) corresponds to a first stored code stored in the central database system (16), the first stored code being indicative of a unique identifier of the product (12), wherein, if the first marked code (32) corresponds to the first stored code, the method (90) comprises: retrieving (92) a second stored code associated in the central database system (16) with the first stored code; and, transmitting (95), to the scanning device (14), an indication to enable determination as to whether the retrieved second stored code corresponds to a second marked code (34) visibly marked on the product (12), the second marked code (34) being human-readable and being separate from the first marked code (32) on the product (12), in order to verify authenticity of the product (12).
  15. 15. A product (12) having a plurality of marked codes (32, 34) thereon to be used for verifying authenticity, the plurality of marked codes (32, 34) comprising: a first marked code (32) in the form of a matrix barcode overtly marked on the product (12), and being indicative of a unique identifier of the product (12); a second marked code (34) in the form of a human-readable code visibly marked on the product (12), an area on the product (12) covered by the second marked code (34) being at least an order of magnitude smaller than that covered by the first marked code (32), and the second marked code (34) being positioned adjacent to the first marked code (32) on the product (12) such that a scanning device (14) can scan both the first and second marked codes (32, 34) as part of a single scan event for sending to a central database system (16) to verify that the first and second marked codes (32, 34) are associated with each other in the central database system (16).
GB1917156.0A 2019-11-26 2019-11-26 Secure verification of product authenticity Withdrawn GB2589323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1917156.0A GB2589323A (en) 2019-11-26 2019-11-26 Secure verification of product authenticity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1917156.0A GB2589323A (en) 2019-11-26 2019-11-26 Secure verification of product authenticity

Publications (2)

Publication Number Publication Date
GB201917156D0 GB201917156D0 (en) 2020-01-08
GB2589323A true GB2589323A (en) 2021-06-02

Family

ID=69137161

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1917156.0A Withdrawn GB2589323A (en) 2019-11-26 2019-11-26 Secure verification of product authenticity

Country Status (1)

Country Link
GB (1) GB2589323A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080129037A1 (en) * 2006-12-01 2008-06-05 Prime Technology Llc Tagging items with a security feature
WO2013061335A2 (en) * 2011-08-09 2013-05-02 Bilcare Limited Integrated package authentication system and method thereof
US20150076218A1 (en) * 2013-07-17 2015-03-19 Covectra, Inc. Systems and methods for authenticating goods
CN107194701A (en) * 2017-04-05 2017-09-22 李峰 Method and checking method that a kind of anti-counterfeiting information is bound with identifying code
CN108734477A (en) * 2017-04-21 2018-11-02 南亚塑胶工业股份有限公司 anti-counterfeiting identification method
WO2019154392A1 (en) * 2018-02-07 2019-08-15 徐颂 Method and system for acquiring supply chain data compatible with standardized article coding, and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080129037A1 (en) * 2006-12-01 2008-06-05 Prime Technology Llc Tagging items with a security feature
WO2013061335A2 (en) * 2011-08-09 2013-05-02 Bilcare Limited Integrated package authentication system and method thereof
US20150076218A1 (en) * 2013-07-17 2015-03-19 Covectra, Inc. Systems and methods for authenticating goods
CN107194701A (en) * 2017-04-05 2017-09-22 李峰 Method and checking method that a kind of anti-counterfeiting information is bound with identifying code
CN108734477A (en) * 2017-04-21 2018-11-02 南亚塑胶工业股份有限公司 anti-counterfeiting identification method
WO2019154392A1 (en) * 2018-02-07 2019-08-15 徐颂 Method and system for acquiring supply chain data compatible with standardized article coding, and server

Also Published As

Publication number Publication date
GB201917156D0 (en) 2020-01-08

Similar Documents

Publication Publication Date Title
US9576194B2 (en) Method and system for identity and age verification
EP3695397B1 (en) Authentication of a person using a virtual identity card
US7860268B2 (en) Object authentication using encoded images digitally stored on the object
US20090037339A1 (en) Methods of authenticating a bank customer desiring to conduct an electronic check deposit transaction
US7984849B2 (en) Portable magnetic stripe reader for criminality security applications
US7637429B2 (en) Electronic voting system and associated method
US9697298B2 (en) ID tag authentication system and method
KR20140016121A (en) Certification system and method for the honest goods using qr code and computer readable recoding medium for performing it
KR101675728B1 (en) Method and apparatus for processing user authentification using information processing device
CN114648819A (en) Conversion security document registration system
US9361742B2 (en) Highly secure combination lock system
US20180130108A1 (en) Embedding security information in an image
US20200402336A1 (en) Method for Controlling Package Delivery
US20150356803A1 (en) Item authentication
US8905304B1 (en) System and method for processing certified or registered mail
KR102033621B1 (en) System for detecting false qr code
JP4057501B2 (en) Authentication system and computer-readable storage medium
US10129266B2 (en) Identity information systems and methods
CN100409252C (en) General anticounterfeiting method and system
US20230418927A1 (en) System and method for identifying and authenticating counterfeiting articles
US20210166515A1 (en) Mobile voting and voter verification system and method
GB2589323A (en) Secure verification of product authenticity
CN111611465A (en) Product detection system, method, device, computer equipment and storage medium
JP2009211448A (en) Product certification system
US11863682B2 (en) Systems and methods for encrypted multifactor authentication using imaging devices and image enhancement

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)