RU2183349C1 - Article marking and identification system - Google Patents

Abstract

FIELD: marking and authenticating controlled articles. SUBSTANCE: system used for marking and identifying excitable commodities such as alcohol, tobacco, video products, and the like has central data base 1, data input device 2, n working data bases 4 (n = 1, 2, Е), n working data base access devices 7, m marking devices 8 (m = 1, 2, ...), and k data input stations 10 (k = 1, 2, ...). Novelty is introduction of k peripheral data bases 3, monitoring and control center 5, k peripheral workstations 6 for printing protection marks, and n identification devices. EFFECT: enlarged functional capabilities, enhanced reliability of authenticating marked articles. 7 cl, 8 dwg

Description

 The invention relates to systems for marking and identifying the authenticity of controlled objects and can find application in marking and identification of excisable goods (alcohol, tobacco, video products, etc.).

 A well-known automated system for the manufacture and registration of driver's documents according to the patent of the Russian Federation 2128856, class. G 06 F 17/60, 1999, comprising a unit for forming an information insert of an identity card, a unit for receiving personal data, an operator console, a monitor, a printer.

 The disadvantage of this system is the limited scope, high technological complexity of obtaining identification features, as well as low reliability of identification of the authenticity of documents in the process of their use.

 Also known is an automated system for identifying an object and registering its state according to the patent of the Russian Federation 2107943, class. G 06 F 17/60, 17/40, 1998, comprising a computer of the main information base, N channels for input and processing of information, a communication and switching unit, two recording units.

 The disadvantages of this device is the difficulty in the formation and use of external information systems, as well as the high probability of errors in identification due to the presence of subjective factors in the formation of identification characteristics by the operator.

 A similar system is known from the application WO 91/10202, cl. G 06 F 15/46, 1991, including the marking position on the product, the marking device in the database, the marking device for reading at remote locations, the communication line between the database and the marking device, a device for comparing the read marking with that stored in the database and decision-making device for further product movement.

 This system has drawbacks that are associated with a very limited scope of its application, which does not make it possible to use it to identify excisable goods due to the lack of technical means to identify the authenticity of products during their illegal production and use.

 Also known is a system (EP, application 0112944, class G 07 F 7/10, 1984), including a central point with a main database, a network of remote terminals with its own databases, communication lines for connecting remote terminals with a central point, a collection of credit cards and devices for marking them.

 The disadvantages of this system include the low reliability of determining the legality of using a credit card if its illegal holder enters an identification number that matches the number stored in the database of the central point.

 Closest to the technical nature of the claimed is a system for identifying registered products according to the patent of the Russian Federation 2106689, cl. G 06 K 17/00, G 06 F 17/60, 1998, which is selected for the prototype. The known system comprises a reference database, at least one working database, at least one database access device, communication lines connecting the reference database with at least one database access device, at least one comparison device, connected to the corresponding database access device, at least one marking device, at least one data input device for inputting information about the manufactured product into the reference base yes data, at least one data entry point for entering information about the product, put into economic circulation, in at least one working database through the appropriate device access to databases and at least one decision-making device.

 The prototype system, in contrast to the previously considered analogues, allows marking and identification of registered products.

However, the prototype system has disadvantages:
- narrow scope. This is due to the fact that the prototype system does not have functions that ensure centralized production and accounting of security labels, therefore, it is impossible to identify (limit) the number and nomenclature of manufactured products by product labeling. In addition, there is no possibility of labeling and accounting for products manufactured outside this system, for example, imported from abroad and also entering the market (for economic circulation). This limits the scope of the system and does not allow its use for accounting and control of the production and turnover of excisable goods;
- low reliability of identification of the authenticity of marked products due to the fact that the marking on the product, applied in the form of an individual account number, has great vulnerability to counterfeiting. The number on the product can be falsified (changed, tampered with, reused, for example, in clandestine (illegal) production, etc.). At the same time, in the prototype there are no tools that provide high marking stability from falsification.

 The technical result of the claimed system is to expand the scope of its application and increase the reliability of identification of the authenticity of marked products by providing it with a centralized manufacture and accounting for security marking marks and their high resistance to counterfeiting.

 To achieve the above technical result in a known system for identifying registered products containing a central database, n working databases, n devices for accessing them, where n = 1, 2 ,. . . , the first output of each of them is connected to the control input of the corresponding working database, the information output of which is connected to the first input of the database access device, the data input device, the output of which is connected to the data recording input of the central database, k data entry points, where k = 1, 2, ..., m marking devices, where m = 1, 2, ..., an additional control and monitoring center, k peripheral databases, k peripheral workstations for printing security signs, n identification devices have been introduced. The output of each of n identification devices is connected to the third input of the corresponding device for accessing the working database. The third output of each of the n devices accessing the working database is connected to the second input of the corresponding identification device. The first output of the control and monitoring center is connected to the input of the data input device. The first output of each of k peripheral workstations for printing security signs is connected to the input of the corresponding data entry point, the output of which is connected to the data recording input of the corresponding peripheral database. The second output of the control and monitoring center is connected to the second input of each peripheral workstation for printing security signs and the second input of each device for accessing the working database. The second output of each device for accessing the working database and the second output of each peripheral workstation for printing security signs are connected to the second input of the control and monitoring center. The third output and the third input of the control and monitoring center are connected respectively to the control input and the information output of the central database. The third output and the third input of each of k peripheral workstations for printing security signs are connected respectively to the control input and the information output of the corresponding peripheral database. The first input of the control and control center is the central input of the system, and the fourth output of the control and control center is the central output of the system. The first input of each of the k peripheral workstations for printing security signs is the corresponding peripheral input of the system, and the fourth output of each of the k peripheral workstations for printing security signs is the corresponding peripheral output of the system. The first input of each of the n identification devices is the corresponding control input of the system. Security signs are received on marking devices from the control and control center and from peripheral workstations for printing security signs.

 The control and control center consists of a data exchange device, a control operator console, a database access device, a print unit, a monitor, a verification device, and a statistical processing unit. The input of the print unit is connected to the fifth output of the database access device. The first output of the database access device is connected to the second input of the verification device, the first input of which is the barcode reader. The output of the verification device is connected to the first input of the database access device. The second input of the database access device is connected to the third output of the operator’s control panel. The second output of the control panel is connected to the input of the monitor. The first input of the operator’s control panel is the first input of the control and monitoring center. The first output and the second input of the control panel are connected respectively to the second input and the first output of the data exchange device. The first input and the third output of the communication device are respectively the second input and second output of the control and monitoring center. The second output and the third input of the database access device are the third output and third input of the control and monitoring center, respectively. The third output of the database access device is connected to the third input of the data exchange device, the second output of which is the first output of the control and monitoring center. The fourth output of the database access device is connected to the input of the statistical processing unit, the output of which is the fourth output of the control and monitoring center. Security signs come from the output of the print unit.

 The verification device consists of a reading unit, a cryptographic unit, a comparison unit, a control operator panel and a monitor. The monitor input is connected to the first output of the operator’s control panel. The input of the control operator panel is connected to the output of the comparison unit. The first and second inputs of the comparison block are connected respectively to the first and second outputs of the cryptographic block. The input of the cryptographic unit is connected to the output of the reader unit. The second output of the control operator panel is the output of the verification device, and the first and second inputs of the verification device are the input of the reader and the third input of the comparison unit, respectively.

 The print unit according to the first embodiment consists of an electronic digital signature shaper, a secret key carrier, a text shaper, a printer and a bar code shaper. The first input of the barcode generator is connected to the output of the electronic digital signature generator. The second input of the electronic digital signature driver is connected to the output of the secret key carrier, and the first input is connected to the input of the text driver and is the input of the print unit. The output of the text shaper is connected to the second input of the bar code shaper, the output of which is connected to the printer input. The printer output is the output of the print unit.

 The print unit according to the second embodiment consists of an electronic digital signature shaper, a secret key carrier, a bar code shaper, a text shaper, a public key carrier and a printer. The first input of the barcode generator is connected to the output of the electronic digital signature generator. The second input of the electronic digital signature driver is connected to the output of the secret key carrier, and the first input is connected to the input of the text driver and is the input of the print unit. The output of the public key carrier is connected to the third input of the barcode driver. The second input of the barcode generator is connected to the output of the text generator. The output of the barcode driver is connected to the printer input. The printer output is the output of the print unit.

 The cryptographic unit according to the first embodiment comprises a public key carrier, an electronic digital signature extractor, a product information extractor and an electronic digital signature identifier. The first input and the second input of the electronic digital signature identifier are connected respectively to the output of the public key carrier and to the output of the electronic digital signature allocator. The input of the digital signature extractor is connected to the input of the product information extractor and is the input of the cryptographic block. The output of the electronic digital signature identifier is the first output of the cryptographic block. The output of the product information extractor is connected to the third input of the electronic digital signature identifier and is the second output of the cryptographic unit.

 The cryptographic unit according to the second embodiment comprises a public key carrier, a public key allocator, an electronic digital signature extractor, an item information extractor and an electronic digital signature identifier, the first and second inputs of which are connected to the outputs of the public key carrier and electronic digital signature isolator, respectively. The input of the digital signature extractor is connected to the input of the public key extractor and to the input of the product information extractor and is the input of the cryptographic block. The output of the public key allocator is connected to the fourth input of the electronic digital signature identifier. The output of the electronic digital signature identifier is the first output of the cryptographic block. The output of the product information extractor is connected to the third input of the electronic digital signature identifier and is the second output of the cryptographic unit.

 Due to the new set of essential features due to the introduction of a control and control center, peripheral workstations for printing security signs, the implementation of centralized manufacturing and accounting of security marking signs with cryptographic information applied to them, the introduction of identification devices that implement an electronic digital signature authentication algorithm when identifying marked products, the scope of the system is expanding, allowing to take into account and to control the production and turnover of excisable products, as well as to identify counterfeit products with high reliability.

 The analysis of the prior art made it possible to establish that analogues that are characterized by a combination of features that are identical to all the features of the claimed technical solution are absent, which indicates compliance of the claimed device with the patentability condition of "novelty".

 Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the popularity of the impact provided by the essential features of the claimed invention transformations to achieve the specified technical result. Therefore, the claimed invention meets the condition of patentability "inventive step".

The claimed system is illustrated by schemes:
figure 1 is a block diagram of the claimed system;
figure 2 is a block diagram of a control and monitoring center (CCU);
figure 3 is a block diagram of a printing unit (option-1);
figure 4 is a block diagram of a printing unit (option-2);
5 is a block diagram of a verification device;
6 is a block diagram of a cryptographic block (option-1);
7 is a block diagram of a cryptographic block (option-2);
Fig - the appearance of a protective sign for alcoholic beverages.

The product labeling and identification system shown in Fig. 1 consists of a control and monitoring center (CMS) 5, a central database (DB) 1, a data input device 2, k peripheral databases 3 ₁ ... 3 _k , where k can be any non-negative integer, as well as the same number of peripheral workstations (AWS) 6 ₁ ... 6 _k print security signs and paragraphs 10 ₁ . . .10 _k data entry. In addition, the system contains n working databases 4 ₁ ... 4 _n , the same number of devices 7 ₁ ... 7 _n access to them and identification devices 9 ₁ ... 9 _n , as well as m marking devices 8 ₁ ... 8 _m , where n and m can also be any non-negative integers.

The output of the data input device 2 is connected to the data recording input of the central database 1. The output of each of their data entry points 10 ₁ ... 10 _k is connected to the data recording input of the corresponding peripheral database 3 ₁ ... 3 _k . The first output of the CCU 5 is connected to the input of the data input device 2. The first output of each peripheral AWP 6 ₁ . . . 6 _k print security signs connected to the input of the corresponding paragraph 10 ₁ ... 10 _k data entry. The third output and the third input of the MCC 5 are connected respectively to the control input and the information output of the central database 1. The third output and the third input of each peripheral workstation 6 ₁ ... 6 _k print security signs are connected respectively to the control input and the information output of the corresponding peripheral database 3 ₁ ... 3 _k . The first output and the first input of each device 7 ₁ . ..7 _n accesses to the working database are connected respectively to the control input and information output of the corresponding working database 4 ₁ . ..4 _n . The third output and the third input of each device 7 ₁ ... 7 _n access to the working database are connected respectively with the second input and output of the corresponding identification device 9 ₁ ... 9 _n . The first input of each of n identification devices 9 is the corresponding control input of the system. The second output and the second input of each peripheral AWP 6 ₁ ... 6 _k print security signs and each device 7 ₁ ... 7 _n access to the working database are connected respectively to the second input and second output of the CCM 5. The first input of the CCM 5 is the central input system. The fourth output of the central control unit 5 is the central output of the system. The first input of each of the k peripheral workstations 6 ₁ ... 6 _{k of} printing security characters is the corresponding peripheral input of the system, and the fourth output of each of the k peripheral workstations 6 ₁ ... 6 _{k of} printing security characters is the corresponding peripheral output of the system. Protective signs from the central control unit 5 and from peripheral workstations 6 ₁ ... 6 _{k of the} printing of protective signs are sent to marking devices 8 ₁ ... 8 _m .

 The control and control center 5 (CCU 5) is the main element of the system and is designed to control the system, enter data into the central database 1, print security labels and verify them, shown in figure 2 and consists of a device 5.1 for data exchange, operator panel 5.2 control, device 5.3 access to the database, block 5.4 print, monitor 5.5, device 5.6 verification and block 5.7 statistical processing. The first output and the first input of the database access device 5.3 are connected respectively to the second input and output of the verification device 5.6. The first input of the verification device 5.6 is a barcode reader input. The fourth and fifth outputs of the database access device 5.3 are connected to the inputs of the statistical processing unit 5.7 and the printing unit 5.4, respectively. The third output of the device 5.3 access to the database is connected to the third input of the device 5.1 data exchange. The second input of the device 5.3 access to the database is connected to the third output of the remote control 5.2 operator control. The first output and the second input of the console 5.2 of the control operator are connected respectively to the second input and the first output of the device 5.1 data exchange. The second output of the console 5.2 of the control operator is connected to the input of the monitor 5.5. The first input of the console 5.2 of the control operator is the first input of the Central Control Unit 5 and at the same time the central input of the system. The second output of the data exchange device 5.1 is the first output of the CCM 5. The first input and the third output of the data exchange device 5.1 are the second input and the second output of the CCM 5. The second output and the third input of the database access device 5.3 are the third output and the third input of the CCM 5, respectively The output of the statistical processing unit 5.7 is the fourth output of the CCM 5 and at the same time the central output of the system. The security signs come from the output of the printing unit 5.4, as shown in FIG. 2 with a dashed line with an arrow.

Peripheral workstations 6 ₁ ... 6 _k print security signs act as branches of the Central Control Commission 5 within certain territories and are designed to enter applications into the system, write data to peripheral databases 3 ₁ ... 3 _k , as well as print security signs and their verification . The construction and composition of each peripheral AWP 6 ₁ ... 6 _k print security signs identical to the Central Control Unit 5, shown in figure 2. Input 1 of each peripheral AWP 6 ₁ ... 6 _{k of} printing security signs is the corresponding peripheral input of the system, and output 4 is the corresponding peripheral output of the system. The presence in the system of k peripheral workstations 6 ₁ ... 6 _{k of} printing security signs and k of peripheral databases 3 ₁ ... 3 _k increases the speed of entering applications and printing security signs in the field and thereby improves the performance of the system as a whole. The number of peripheral workstations 6 ₁ ... 6 _{k of} printing security signs and peripheral databases 3 ₁ ... 3 _k in the claimed system is determined by the requirements for the production of security signs and depends on the number of manufacturers of products (wholesale bases) and their productivity, capacity product market, availability and condition of communication systems, etc.

 Block 5.4 printing is designed to convert information from digital form into alphanumeric text and bar code and applying them to a special form of a protective sign. The construction of the printing unit 5.4 may be different, for example, may be performed in one of two ways. In the block 5.4 printing, constructed according to the first embodiment, the bar code is generated without entering into it information containing the public key to verify the digital signature. The printing unit 5.4, constructed according to the second embodiment, provides for the inclusion in the barcode of information containing the public key to verify the digital signature.

 The printing unit 5.4 (option-1) is shown in FIG. 3 and consists of an electronic digital signature generator (EDS) 5.4.1, a secret key carrier 5.4.2, a barcode generator 5.4.3, a text generator 5.4.4, and a printer 5.4. 5. The first input of the shaper 5.4.1 EDS and the input of the shaper 5.4.4 text are combined and are the input of block 5.4 printing. The second input of the shaper 5.4.1 EDS is connected to the output of the medium 5.4.2 of the secret key. The first and second inputs of the bar code generator 5.4.3 are connected to the outputs of the digital signature generator 5.4.1 and the text generator 5.4.4, respectively. The output of the bar code driver 5.4.3 is connected to the printer input 5.4.5. The output of the printer 5.4.5 is the output of the printing unit 5.4.

 The printing unit 5.4 (option-2) is shown in FIG. 4 and consists of a digital signature generator 5.4.1, a secret key carrier 5.4.2, a barcode generator 5.4.3, a text generator 5.4.4, a printer 5.4.5 and a medium 5.4. 6 public keys. The first input of the shaper 5.4.1 EDS and the input of the shaper 5.4.4 text are combined and are the input of block 5.4 printing. The second input of the shaper 5.4.1 EDS is connected to the output of the medium 5.4.2 of the secret key. The first and third inputs of the barcode driver 5.4.3 are connected to the outputs of the digital signature generator 5.4.1 and the public key holder 5.4.6, respectively. The second input of the barcode generator 5.4.3 is connected to the output of the text generator 5.4.4. The output of the bar code driver 5.4.3 is connected to the printer input 5.4.5. The output of the printer 5.4.5 is the output of the printing unit 5.4.

 Verification device 5.6, the block diagram of which is shown in FIG. 5, is intended for reading information from a security sign, verifying EDS authenticity and comparing read information with information stored in the central database 1. Verification device 5.6 consists of a reading unit 5.6.1, a cryptographic block 5.6.2, comparison block 5.6.3, panel 5.6.4 of the control operator and monitor 5.6.5. The output of the read block 5.6.1 is connected to the input of the cryptographic block 5.6.2. The first and second outputs of the cryptographic block 5.6.2 are connected respectively with the first and second inputs of the comparison block 5.6.3. The output of the comparison unit 5.6.3 is connected to the input of the control operator panel 5.6.4. The first output of the control operator panel 5.6.4 is connected to the monitor input 5.6.5. The second output of the control operator panel 5.6.4 is the output of the verification device 5.6. The input of the reading unit 5.6.1 is the first input of the verification device 5.6 and, at the same time, the barcode reader. The third input of the comparison block 5.6.3 is the second input of the verification device 5.6.

The composition and construction of each identification device 9 ₁ ... 9 _n are identical to the verification device 5.6 shown in FIG. Input 1 of each device 9 ₁ . . .9 _n identification is the corresponding control input of the system.

 The cryptographic block 5.6.2 is designed to highlight EDS and product information and to identify the authenticity of EDS using a public key. The construction of a cryptographic block 5.6.2 is possible according to one of two options, depending on the presence or absence of a public key in the barcode. In the first of them, the public key is entered only from the output of the public key carrier, and in the second embodiment, the public key can be entered both from the output of the public key carrier and from the output of the public key allocator.

 The cryptographic unit 5.6.2 constructed according to the first embodiment is shown in FIG. 6 and consists of a public key carrier 5.6.2.1, an EDS allocator 5.6.2.2, an EDS extractor 5.6.2.3 and an EDS identifier 5.6.2.4. The output of the public key medium 5.6.2.1 is connected to the first input of the digital signature identifier 5.6.2.4. The inputs of the isolators 5.6.2.2 and 5.6.2.3 are combined and are the input of the cryptographic block 5.6.2. The output of the isolator 5.6.2.2 EDS is connected to the second input of the identifier 5.6.2.4 EDS. The output of the product information isolator 5.6.2.3 is connected to the third input of the identifier 5.6.2.4 EDS and is the second output of the cryptographic block 5.6.2. The output of the identifier 5.6.2.4 EDS is the first output of the cryptographic block 5.6.2.

 The cryptographic unit 5.6.2 constructed according to the second embodiment is shown in FIG. 7 and consists of a public key highlighter 5.6.2.1, EDS highlighter 5.6.2.2, product information highlighter 5.6.2.3, public key highlighter 5.6.2.5 and EDS identifier 5.6.2.4. The inputs of the isolators 5.6.2.5, 5.6.2.2 and 5.6.2.3 are combined and are the input of the cryptographic block 5.6.2. The outputs of the isolators 5.6.2.5 and 5.6.2.2 are connected respectively to the fourth and second inputs of the identifier 5.6.2.4 EDS. The output of the product information isolator 5.6.2.3 is connected to the third input of the identifier 5.6.2.4 EDS and is the second output of the cryptographic block 5.6.2. The output of the identifier 5.6.2.4 EDS is the first output of the cryptographic block 5.6.2.

 The data input device 2 can be performed, as indicated in the prototype, and comprise a data input unit, for example, a keyboard, a display, for example, on a cathode ray tube and a communication unit with a central database, which plays the role of an interface.

 The central database 1 is implemented on the computer’s hard drive using appropriate software, for example, SQL-server 7.0, developed by Microsoft, publ. in Shpenik M., Sledge O. "Database Administrator Guide", trans. from English., M., publishing house "Williams", 1999. This software allows you to implement a built-in two-level system of access control by user name and password. The hardware of a computer can be a two or more processor platform with 256 MB or more RAM, with a set of hard drives and special RAID-type controllers. Peripheral databases 3 and operational databases 4 can be implemented in the same way, using the appropriate software, for example, SQL-server 7.0 deskop edition, publ. in the same place, with. 833-861.

 Data exchange between the central control center 5 and peripheral workstations 6 for printing security signs, as well as between the central control center 5 and devices 7 for accessing working databases is carried out through the device 5.1 for exchanging data via communication lines, for example, via dedicated digital communication channels or via public networks, for example INTERNET, INTRANET with support for TCP / IP communication protocols. As a device 5.1 data exchange can be used a modem connected to a computer via a network card. To protect information transmitted over communication channels, a cryptographic information protection tool can be used in the data exchange device.

 The formation of the digital signature is carried out according to the standard cryptographic algorithm, for example, according to the standard GOST R 34.10-94, which allows both software and hardware implementation. In the case of a software implementation, the shaper 5.4.1 EDS can be implemented using well-known software tools for cryptographic information protection, for example, Verba-O, developed and commercially supplied by the Moscow branch of the Penza Research Institute of Electronic Engineering or CryptonArcMail, developed and mass-supplied by ANKAD, Moscow, publ. . Romanets Yu.V., Timofeev P.A., Shangin V.F. "Information Protection in Computer Networks", M.: Radio and Communications, 1999, p. 282.

 The barcode generator 5.4.3 is implemented in software, for example, using the Anex Tools for PDF 417 ("Anx 417") software module version 1.61, developed by Anex Technologies Inc., Canada.

 As a medium 5.4.2 of the private key and mediums 5.4.6 and 5.6.2.1 of the public keys, smart cards, or flexible magnetic disks of a computer, can be used. The required amount of allocated memory for storing keys is at least two kilobytes.

 As a printer 5.4.5, you can use a special barcode printer such as Data Max "Titan 6200", manufactured by DataMax Inc. The United States, which allows you to print barcodes and alphanumeric text on special forms of protective signs, completed in tape rolls.

 As a reading unit 5.6.1, a specialized reader can be used, for example, a Scanteam 3400 PDF / HD scanner or Image Reader manufactured by WelchAllyn, which can read a two-dimensional bar code and convert it to digital form.

 The marking device 8 can be of any design, ensuring the reliable application (fixing) of a protective sign on each product during its manufacture or upon completion of manufacture. In particular, for marking products in glass containers, the marking device may consist of an automatic applicator like LA 2015 RH ST, a fastener like U-arm and a special product sector for glass like Product sensor.

 The functions of devices 7 access to the working database and device 5.3 access to the database, as in the prototype, are implemented in a computer using a software interface, for example ADO (ActiveXData Objects), developed by Microsoft publ. in the Microsoft SQL Server Building Applications, ed. Microsoft Corporation, 1998, c. 379-419.

 In the claimed system, the number n of working databases 4 and the corresponding number of devices 7 for accessing working databases and identification devices 9 can be any and depends on the number of manufactured products and the required completeness of control. A working database 4, a device 7 for accessing a working database and an identification device 9 can be installed on a mobile monitoring station and implemented on the basis of a personal computer, for example, a notebook of the Roverbook type, equipped with a network card for communicating with the central control center 5 and receiving and transmitting data. A PCMCIA PC Curd type card, commercially available from Cnet Technology Inc., USA, can be used as a network card. A mobile point is a control tool of an authorized official - inspector. In the event that the security signs have holograms with hidden images, microtexts, etc., the mobile control center can additionally be equipped with optical monitoring tools, for example, a hidden image verification device manufactured by Atlas State Unitary Enterprise, Moscow, and a microtext reader, for example a contact microscope 30 times manufactured by Mikko.

 Block 5.7 of statistical processing is intended for generating reports and inquiries; it is implemented in a computer programmatically, for example, using OLAP server and Microsoft Offic-2000 application programs developed by Microsoft and published in the Microsoft SQL Server Building Applications, ed . Microsoft Corporation, 1998, c. 883-1292. To display and output the results of statistical processing, data output devices, for example, a printer and a monitor, which are part of the CCU 5, can be used.

 The control operator panel 5.2 and the control operator panel 5.6.4 can be implemented on the basis of the computer operator’s workstation or include a standard keyboard for dialing control and data input signals and / or a panel for formalized commands, as well as switching equipment for connecting to appropriate blocks (devices).

 Selectors 5.6.2.2, 5.6.2.3, 5.6.2.5 and the identifier 5.6.2.4 EDS are implemented in software, based on well-known cryptographic information protection tools, for example, CryptonArcMail from ANKAD or Verba-O.

 The claimed system operates as follows.

 Marking is the basis for the creation of automated centralized control systems for the production and circulation of certified products and includes the manufacture of protective signs, applying them to products and entering information about security signs and marking objects into the information system. The essence of the claimed system is to create an ordered set of technical and information technologies using computer and communication tools that implement information support for the manufacturing and verification of security signs, as well as control over their movement and use.

Functionally, the system can be divided into the following five stages:
- receipt and registration of applications for the manufacture of protective signs;
- printing of security signs and their verification;
- product labeling;
- identification of the authenticity of marked products;
- statistical data processing.

 An application for the manufacture of security signs from manufacturers or suppliers (wholesale authorized bases) of products can be received both at the central entrance of the system (via CMS 5), and at any of the k peripheral inputs of the system (at the first input of any of k peripheral AWS 6 printing protective signs) (figure 1). Consider the operation of the system as an example of the receipt of an application for the central entrance of the system.

 Application from the manufacturer (supplier) for the production of a batch of security signs in the form of a formalized list of data (hereinafter, the application refers to data containing information about the marker (marking organization), manufacturer, supplier (names, codes, legal and actual addresses, TIN etc.), type of product, certificate of conformity, production date, packaging capacity, consumer properties, the requested number of security signs) is received at the first input of the central control unit 5, in which the administrative decision is made ie for the production of the requested party protective marks. If the decision is positive, the application is assigned the current number (batch number of security signs) and a range of unique (individual) numbers of security signs (batch volume) is determined. Then, the data on the application is entered into the system from the remote control 5.2 of the control operator of the central control unit 5 (figure 2). The processing and data entry is displayed on the monitor 5.5. From this moment, the application receives the status of "approved". From the output 1 of the console 5.2 of the control operator, the approved application arrives at input 2 of the device 5.1 for data exchange, in which it is converted into a form convenient for transmission via communication lines. From the output 2 of the device 5.1 data exchange application is recorded at the input of data recording in the Central database 1 through the device 2 data input (figure 2). Access to the central database 1 is allowed with a password to a strictly limited circle of persons and is provided by a two-level access control system restricting access to both the computer and the central database 1.

 Features of the passage and accounting of the application received through one of the k peripheral inputs of the system are that the application, after being entered from the operator’s control panel, is transmitted through the data exchange device and from the output 2 of the corresponding peripheral AWP 6 the printing of security signs (Fig. 1) is sent to input 2 of the central control unit 5, where it is converted to digital form in the device 5.1 for data exchange (Fig. 2), is fed to input 2 of the panel 5.2 of the control operator, it is approved and output 1 of the panel 5.2 of the control operator is transmitted through the device 5.1 data exchange in the device Data entry 2 for recording to the central database 1. From the output 3 of the CCU 5 data exchange device 5, the corresponding peripheral security workstation 6 receives a response-permission to print security signs according to the approved application, indicating the lot number of the security signs and the selected unique range ( individual) numbers of protective signs. The response-permission is received at input 2 of the corresponding peripheral AWP 6 for printing security characters, which is converted to digital form in a data exchange device, fed to the control operator’s panel, displayed on the monitor and, by the control signal of the control operator, recorded in the corresponding peripheral database 3 through the appropriate item 10 data entry.

 Thus, the decision to print security signs is taken only in the Central Control Commission 5, data on all approved applications are entered in the central database 1, which ensures their centralized accounting. Local (peripheral) accounting of applications approved in the Central Control Commission 5 and transferred to the corresponding peripheral AWP 6 for printing security signs by response-permission is carried out by recording information in the corresponding peripheral database 3.

 The printing of security signs is carried out in the Central Control Commission 5 or in the corresponding peripheral AWP 6 of the printing of security signs and is carried out only if there is an "approved" application in DB 1 or in the corresponding peripheral DB 3. The number of printed security signs strictly corresponds to that indicated in the approved application.

 Consider the operation of the system at this stage by the example of printing security signs in the central control center 5. Printing begins with a control signal from output 3 of the console 5.2 of the control operator (figure 2) to input 2 of the device 5.3 access to the database. According to the signal from the output 2 of the database access device 5.3 to the DB control input 1, information is digitally read out from the information output from the central database 1 and fed from the output of the database access device 5.3 to the input of the printing unit 5.4. Here, the information is signed with an electronic digital signature, converted from a digital form into a bar code and into alphanumeric text and applied (printed) to a special form of a protective sign. Consider the operation of block 5.4 printing (option-1). Information in digital form is fed to the input of the shaper 5.4.4 of the text (Fig. 3) and in parallel to the input of the shaper 5.4.1 EDS, where the EDS is signed using the secret key of the marker (marking organization), entered from the medium 5.4.2 of the secret key. The cryptographic strength of the digital signature is guaranteed by the well-known algorithm for its formation and the length of the secret key, which can be different and can be, for example, 256, 512 or 1024 bits.

 Shaper 5.4.4 text converts the digital information received at its input into alphanumeric text at the output. The alphanumeric text may contain information about the consumer properties of the products and the code-digital parameters of the manufacturer of the product, for example, as shown in Fig.3. Information on the consumer properties of products determines the properties of products, determined visually, by color and smell, for example, "Cognac Anniversary, 0.5l.", "Menthol cigarettes, 20pcs.", Etc. The code-digital parameters of the product manufacturer may contain the following data: region code, code (name) of the manufacturer (supplier), product batch number, unique (individual) product number in the batch. The presence of an alphanumeric text allows you to control the authenticity of the product by any interested person at all stages of the promotion of marked products from manufacturers (suppliers) to consumers without the use of special technical means. Information in alphanumeric text is duplicated in a bar code, thereby ensuring its security. Any distortion, including an attempt to falsify the alphanumeric text, will be detected by decoding the bar code and verifying the authenticity of the digital signature.

 The information in digital form, signed by an electronic digital signature, from the output of the electronic signature generator 5.4.1 (Fig. 3) is fed to the input 1 of the bar code generator 5.4.3, which is converted into a bar code, for example, a two-dimensional bar code of type Micro PDF-417, and combined with alphanumeric text coming from the output of the former 5.4.4 into a single image, which is applied by the printer 5.4.5 on a special form of a protective sign. The form for protection against counterfeiting and copying can be performed on special paper that has security labels, such as watermarks, holographic images, microtexts, etc., and combinations thereof. Special forms of protective signs can be made using elements that provide additional protection against reuse by removing them from products, for example, it is possible to use notches and / or perforations that lead to rupture of the protective sign when trying to remove it.

 To simplify the operation of the system when identifying the authenticity of marked products, it is possible to include a digital signature check in the bar code of the public key. When identifying (verifying) the security sign, the public key for verifying the digital signature can be extracted from the bar code and thereby eliminates the need to send, store and enter public keys of all possible markers in identification devices 9. To ensure this, the printing unit 5.4 is constructed according to the second embodiment, as shown in FIG. 4. The peculiarity of his work is that in the former 5.4.3, the public key is also subject to conversion to the bar code, which comes in digital form from the output of the public key carrier 5.4.6 to the input 3 of the bar code former 5.4.3. Otherwise, the operation of the printing unit 5.4 (option-2) does not differ from the operation of the printing unit 5.4 (option-1), discussed above.

 Instrument verification of the security sign is carried out in the verification device 5.6 (Fig. 5). Verification of the security sign consists in checking the possibility of instrumental reading of the bar code, the correctness of the formation of the EDS and the public key. A positive verification result guarantees the correct application (printing) of the bar code and excludes the receipt on the marking device of 8 defective security signs with errors and printing errors. The information applied to the security sign in the bar code is read by the reading unit 5.6.1, converted to digital form and fed into the cryptographic unit 5.6.2 (option-1) (Fig. 6), in which the digital signature, information about the product in digital form and EDS is authenticated using the public key. For this, the cryptographic unit 5.6.2 (option-1) includes a public key carrier 5.6.2.1, an EDS allocator 5.6.2.2, an electronic information extractor 5.6.2.3, and an EDS identifier 5.6.2.4. In the latter, using the public key and product information in digital form, the authenticity of the electronic digital signature is verified using a known verification algorithm, for example, according to the standard GOST R 34.10-94.

 A feature of the operation of the cryptographic block 5.6.2 according to option-2 (Fig. 7) is the possibility of extracting the public key from the input information and supplying it from the output of the public key allocator 5.6.2.5 to input 4 of the digital signature identifier 5.6.2.4. As in the first embodiment, it is possible to receive the public key at input 1 of identifier 5.6.2.4 from the output of the public key carrier 5.6.2.1. This allows you to verify the authenticity of the security sign, regardless of the presence of the public key in the barcode.

 When confirming the digital signature from the output 1 of the cryptographic block 5.6.2, the corresponding signal is supplied to the input 1 of the comparison block 5.6.3 (Fig. 5). Simultaneously with the output 2 of the cryptographic block 5.6.2, information about the product in digital form is fed to the input 2 of the comparison block 5.6.3. If there is a confirmation signal of the digital signature at the input 1 of the comparison block 5.6.3, it compares the information read from the bar code and received at the input 2 with the information at the input 3 coming from the central database 1. The signal on the results of the comparison from the output of the block 5.6. 3 comparisons are sent to the operator control panel 5.6.4 and displayed on the monitor 5.6.5. If the comparison result is positive, the security sign is considered printed correctly and an output signal for printing (verification) of the next security sign is sent from the output 2 of the control panel 5.6 of the control operator.

 In the absence of a signal confirming the digital signature at the output 1 of the cryptographic block 5.6.2, or if there is a signal confirming the digital signature, but if the information received at input 2 does not match the information read from the central database 1 and received at the input 3 of block 5.6.3 comparison, the input of the control panel 5.6.4 of the control operator receives a signal about the authenticity of the printed protective sign. Based on this signal, a printed security mark with the current number is rejected. By the signal from the output 2 of the console 5.6.4 of the control operator through the device 5.3 access to the database (figure 2), the device 5.1 data exchange and device 2 data input in the central database 1 is entered a mark on the number of the rejected sign and re-print a protective sign under that same number. Reprinting is necessary to maintain continuity in the continuous numbering of security signs in the lot. Data on the number and numbers of rejected security signs are stored in the central database 1 and are used by personnel in the future, for example, when preparing documents for the destruction of all rejected forms.

 Information about the end of printing of a batch of security signs for an approved application is also recorded in the central database 1 and, in particular, may contain information about the number of the approved application, the place and date of printing, as well as the number of signs printed with an indication of the range of unique (individual) numbers. From this moment on, the application stored in the central database 1 changes its status and is considered “executed”.

 The peculiarity of printing security signs in peripheral AWP 6 of printing security signs is that the data for printing on the approved application is read by the information output from the corresponding peripheral database 3, there is also a note on the execution of the application (end of printing of the batch of security signs), as well as data defective safety signs. In addition, the mark on the execution of the application from the peripheral database 3 through the data exchange device (output 3) (Fig. 2) and the data exchange device (output 3) of the corresponding peripheral security workstation 6 for printing security characters is transmitted to the central control unit 5 and is recorded in the central database 1. Otherwise, the process of printing and verifying security signs in the peripheral AWP 6 of printing security signs is similar to the printing process in CCU 5, discussed above.

 In TSUK 5 and in each of the peripheral AWP 6 of printing security signs, the digital signature is generated using its own, unique, secret key. This allows, when identifying the authenticity of the marked product, to uniquely determine the place (point) of printing of protective signs and the manufacturer (supplier) of the product.

 The printed security signs from the Central Control Unit 5 or from the corresponding peripheral AWP 6 the security seal printing is transferred (delivered, delivered) to the marking devices 8, which are placed at manufacturing plants or at authorized suppliers' bases. The number of marking devices is not related to the number of peripheral workstations 6 of printing security signs and, based on the needs of production (delivery), it can be any.

 In the marking device 8, security signs are applied (fixed) to the products as indicated in the prototype, while the main requirements are the reliability of the application (fixing) of security signs and the possibility of instrumental reading of the bar code. The reliability of the application (fixing) of the protective sign on the product must be such as to exclude the removal of the protective sign without damaging it. The presence of an alphanumeric text on a security mark allows personnel to visually control the conformity of the type of marked products with the information reflected in the alphanumeric text. The number and type of marked products (volume of the batch produced) corresponds to the number of protective signs received by the marking device 8. The products marked with protective signs enter the wholesale (retail) distribution network and are sold to consumers.

 To protect the market from "left" products and prevent the sale of unaccounted (falsified) products to consumers, their authenticity and the legality of their appearance on the market are identified. In preparation for verification activities, information about "completed" applications from the central database 1 is copied to the working database 4 through the device 7 access to the working database (figure 1). Identification can be carried out along the entire path of promotion of marked products, up to retail outlets, and is carried out by an authorized specialist (inspector). During the verification, the information from the protective sign of the marked product enters the control input 1 of the system identification device 9 by reading the identification device 9, in which the digital signature, the public key are allocated, the authenticity of the digital signature and product information is verified. The operation of the identification device 9 is similar to the operation of the verification device 5.6 discussed above. The results of identification from the output of identification device 9 through the device 7 access to the working database (Fig. 1) are recorded in the working database 4, and from the output 2 of the device 7, access to the working database are fed to input 2 of the central control unit 5 and are recorded in the central database 1 for accounting and subsequent use in statistical processing. The process of barcode identification is automated, which eliminates the subjective factor and the possibility of falsification of results. The information about the product and the manufacturer (supplier), read from the protective sign, can be used by the inspector to compare with the information available in the accompanying documents. The inspector also has the ability to visually read the alphanumeric text from the security mark and compare it with the information read from the bar code and coming from the working database 4. In addition, the inspector can check the presence and compliance of the security marks (watermarks, holograms, hidden images, microtexts, etc.) using appropriate optical controls.

 The identification of the authenticity of the marked product can also be carried out under stationary conditions in the central control center 5 or in any of the k peripheral workstations 6 of printing security signs using the corresponding verification device included in them.

 The system allows you to perform statistical processing and synthesis of data that can be presented in the form of reporting documents, look-up tables, etc. According to the control signal from output 3 of panel 5.2 of the control operator (Fig. 2), information from the information output of the central database 1 is also read from the output 4 devices 5.3 access to the database goes to the input of block 5.7 of statistical processing, where it is generalized, converted to a form convenient for analysis, and goes to the central output of the system in the form of reporting documents, look-up tables, hist grams, etc. The composition of reporting documents and certificates may be different and is determined by the operator of management, based on administrative requirements. The data on peripheral areas (districts, manufacturing plants) are processed in the peripheral AWP 6 for printing security signs in a similar way, and formalized data is also received from the peripheral outputs of the system.

 The operation of the system is based on system-wide principles of logical and physical implementation of hardware and software, protocols and interfaces, as well as the construction of local and geographically distributed information systems.

 A similar technical solution was tested in the bodies controlling the production and turnover of certified alcohol products in the Leningrad Region and confirmed the possibility of creating an effective system for labeling and identification of products.

Claims (7)

 1. A system for marking and identification of registered products, including a central database, n working databases, n devices for accessing them, where n = 1, 2,. . . , the first output of each of them is connected to the control input of the corresponding working database, the information output of which is connected to the first input of the device for accessing the working database, the data input device, the output of which is connected to the data recording input of the central database, k data entry points, where k = 1, 2,. . . , m marking devices, where m = 1, 2,. . . characterized in that an additional control and monitoring center, k peripheral databases, k peripheral workstations for printing security signs, n identification devices, the output of each of which is connected to the third input of the corresponding device for accessing the working database, and the third output of each of n devices for accessing the working database is connected to the second input of the corresponding identification device, the first output of the control and monitoring center is connected to the input of the data input device, the first the output of each of k peripheral workstations for printing security signs is connected to the input of the corresponding data entry point, the output of which is connected to the data recording input of the corresponding peripheral database, the second output of the control and monitoring center is connected to the second input of each peripheral workstation for printing security signs and the second input of each access device to the working database, the second output of each access device to the working database and the second output of each the peripheral workstation for printing security signs is connected to the second input of the control and monitoring center, the third output and the third input of the control and monitoring center are connected respectively to the control input and the information output of the central database, the third output and the third input of each of k peripheral printing workstations security signs are connected respectively to the control input and the information output of the corresponding peripheral database, the first input of the control center and to Control is the central input of the system, and the fourth output of the control and monitoring center is the central output of the system, the first input of each of k peripheral workstations for printing security characters is the corresponding peripheral input of the system, and the fourth output of each of k peripheral workstations for printing security characters is the corresponding peripheral output of the system, the first input of each of n identification devices is the corresponding control input of the system, when than security signs come to marking devices from the control and control center and from peripheral workstations for printing security signs.  2. The system according to claim 1, characterized in that the control and monitoring center consists of a data exchange device, a control operator console, a database access device, a monitor, a verification device, a statistical processing unit and a print unit, the input of which is connected to the fifth output a database access device, the first output of which is connected to the second input of the verification device, the first input of which is the barcode reader input, the output of the verification device is connected to the first input of the access device The data base, the second input of which is connected to the third output of the control panel, the second output of which is connected to the monitor input, the first input of the control panel is the first input of the control and monitoring center, the first output and the second input of the control panel are connected to the second input and the first the output of the data exchange device, the first input and the third output of which are respectively the second input and the second output of the control and monitoring center, the second output and the third input of the device are generally The database is connected to the third input of the data exchange device, the second output of which is the first output of the control and monitoring center, and the fourth output of the database access device is connected with the input of the statistical processing unit, the output of which is the fourth output of the control and monitoring center, in addition, the security signs come from the output of the print unit.  3. The system according to claim 2, characterized in that the verification device consists of a reading unit, a cryptographic unit, a control operator panel, a comparison unit and a monitor, the input of which is connected to the first output of the control operator panel, the input of which is connected to the output of the comparison unit, the first and the second inputs of which are connected respectively to the first and second outputs of the cryptographic block, the input of which is connected to the output of the reader, the second output of the control operator panel is the output of the verification device, and the first and torym verification apparatus inputs are respectively read input and a third input of the comparator unit.  4. The system according to one of p. 2 or 3, characterized in that the printing unit consists of an electronic digital signature generator, a secret key carrier, a text generator, a printer and a bar code generator, the first input of which is connected to the output of the electronic digital signature generator, the second the input of which is connected to the output of the secret key carrier, and the first input is connected to the input of the text shaper and is the input of the print unit, the output of the text shaper is connected to the second input of the bar code shaper, the output to connected to the printer input, the printer output is the output of the print unit.  5. The system according to one of p. 2 or 3, characterized in that the printing unit consists of an electronic digital signature shaper, a secret key carrier, a text shaper, a public key carrier, a printer and a bar code shaper, the first input of which is connected to the output of the electronic shaper digital signature, the second input of which is connected to the output of the private key carrier, and the first input is connected to the input of the text driver and is the input of the printing unit, the output of the public key carrier is connected to the third input of the bar code generator, the second input of which is connected to the output of the text shaper, the output of the bar code shaper is connected to the printer input, the printer output is the output of the print unit.  6. The system of claim 3, wherein the cryptographic unit comprises an electronic digital signature extractor, a product information extractor and an electronic digital signature identifier, the first input of which is connected to the output of the public key carrier, the second input of the electronic digital signature identifier is connected to the output of the extractor electronic digital signature, the input of which is connected to the input of the product information selector and is the input of the cryptographic block, the output of the identifier of the electronic digital signature is is the first output of the cryptographic block, and the output of the product information extractor is connected to the third input of the digital signature ID and is the second output of the cryptographic block.  7. The system according to claim 3, characterized in that the cryptographic unit comprises a public key carrier, a public key allocator, an electronic digital signature isolator, a product information extractor and an electronic digital signature identifier, the first and second inputs of which are connected to the outputs of the public key carrier, respectively and an electronic digital signature extractor, the input of which is connected to the input of the public key extractor and to the input of the product information extractor and is the input of the cryptographic block, the output is the public key divider is connected to the fourth input of the electronic digital signature identifier, the output of which is the first output of the cryptographic block, and the output of the product information extractor is connected to the third input of the electronic digital signature identifier and is the second output of the cryptographic block.

Images