WO2005119535A1 - Off-line product authentication process and system - Google Patents

Abstract

The present invention refers to a process and system for product authentication by off-line means. According to one embodiment of the present invention, the authentication process comprises the steps of: (i) selection for each product a string of characters (20) to identify it; (ii) fixing said string of characters to the product; (iii) using a checker (31) to retrieve information from said string of characters at the moment of checking the product's authenticity and to check the validity of said string of characters retrieved; (iv) displaying a message dependent on the result of said validity check; (v) updating the indication of the validity of said string of characters in a data-storage unit (34); and (vi) periodically updating in said data-storage unit the indications of validity of said string of characters and of strings of characters that identify other products.

Description

"OFF-LINE PRODUCT AUTHENTICATION PROCESS AND SYSTEM" FIELD OF INVENTION The present invention refers to a process and system for off-line product authentication. More specifically, the present invention refers to a product authentication process and system wherein said products carry information that can be retrieved at the point of sale and/or distribution, for authentication by offline means directly before the consumer and/or distributor. BACKGROUND OF INVENTION Currently, piracy, theft, counterfeiting and contraband of industrialized goods are notorious problems. Daily, the media reports on fraud involving products such as CDs, software, brand-name clothes and accessories, liquors, pharmaceutical products, tobacco items, batteries and fuel, among others. Despite their different juridical treatment, the different forms of falsification affect the manufacturer as well as the end consumer. Both are harmed by the illegal actions. On one side, the consumer is not sure if the product being purchased is original, and when such product is related to the safety or health of its user, as is the case of pharmaceutical products, safety equipments, food, tobacco or sports equipments, for instance, the damages caused by counterfeits can be enormous. On the other hand, the manufacturer, representative or distributor of the product suffers economic losses and damage to the reputation of its brand. Nonetheless, it is also of the public authorities' interest to suppress these acts, to ensure the safety and health of its citizens as well as to prevent tax revenue losses. Therefore, manufacturers, consumers and public authorities have great interest in repressing and preventing illegal acts involving industrialized goods. For this purpose, some preventive measures have so far been adopted to prevent counterfeiting. These actions generally aim at providing some means by which the consumer can easily identify the authenticity of the product. There exist physical means for confirming the authenticity of products, such as holographic seals, scratch-and-see logotypes, tamper-evident seals or other visual identifiers. All of these are the more effective the more difficult their reproduction. In some specific cases, such as that of fuels, chemical reagents are available which, when put in contact with the product, produce special color patterns that indicate the product is authentic. However, the aforementioned physical means of authenticity verification, despite inhibiting counterfeiting, are less efficient than would be desirable. Difficult to reproduce as the original visual identifier may be, nothing prevents falsifiers from copying it, even if with inferior quality. Consumers, even the most attentive, generally do not notice the small differences that exist between an original seal or identifier and a fake one, and may purchase the counterfeit product. Besides, if a visual means of authentication is not tamper- evident as well, it will have no efficacy should the counterfeiter re-use discarded original packaging. Finally, such visual means of authentication do not help to prevent the sale of stolen original goods, contraband or products that were tampered with to show a false expiration date, concentration or similarly important characteristic. The consumer cannot tell the difference. There also exist electronic means of authenticity checking. Among them, there are on-line authentication systems that check in real time. In this case, however, the consumer must wait a long time for authentication, or it becomes impossible due to difficulty or impossibility of communication at the moment of authentication. Authenticating machines limited to giving the consumer only "yes" or "no" answers, i.e. "authentic" or "fake," are also subject to fraud, and do not guarantee the veracity of the information to the consumer as they can be tampered with to always give a positive answer. Even when not tampered with, such machines cannot identify if the product comes from theft, contraband or illicit reuse of disposed packaging, i.e. they are subject to giving the user the false impression of purchasing a product conveyed through a legitimate supply chain. This is typically the case of machines such as those that emit violet or ultraviolet light onto some visual element that is embedded in the product. Therefore, the existing means of the state of the art to promote the verification of the authenticity of a product are inefficient and subject to flaws. The need exists for a process that enables consumers to reliably check the authenticity of a product and that solves the abovementioned problems. It is, therefore, an object of the present invention to provide a process and system for the authentication of products whereby the authenticity of a product can be easily recognized by the consumer. Another object of the present invention is to provide a product authentication process and system in which copying of the verification element is impossible. It is another object of the present invention to provide a product authentication process and system in which it is possible to detect and prohibit the illegitimate reuse of an authentic verification element. It is another object of the present invention to provide a product authentication process and system that allows the authenticity of the product to be verified off-line. It is another object of the present invention to provide a product authentication process and system that is tamper-proof. It is another object of the present invention to provide a product authentication process and system that gives the manufacturer and/or distributor means to combat theft and contraband by preventing stolen or smuggled authentic products from being authenticated. Finally, it is another object of the present invention to provide a system that promotes the process of the present invention. BRIEF DESCRIPTION OF THE INVENTION For this specification, the following definitions are used: Product: a unit of any product, or a product lot, or a package of any product containing one or more product units. Product identity: a string of characters that identifies the product exclusively. Each identity corresponds to only one product. Off-line: defines the non-existence of data exchange with, or data processing by, a remote server at the moment of authenticity verification, be it by means of a network or through a dedicated communication channel. Remote server: an element that is capable of processing data and exchanging it, through a dedicated communication channel or a network other than a local-area network (LAN), with another element significantly distant from the first. Manufacturer: the manufacturer of the product, or one that adds value to the product, or the manufacturer's representative, distributor, or anyone interested in keeping the authenticity of the product. Consumer: any person interested in checking the authenticity of a product, whether buying it or not. Checker: a device that assists the consumer in verifying the authenticity of the product. Message: any message containing information comprehensible to humans, such as a visual sign, a sentence within the language that the customer can understand, audio signals, tactile patterns, and so forth. Sale: defined as any commercial transaction involving a product, including transactions for which there is no immediate payment. According to a first embodiment of the present invention, the product authentication process involves the steps of: i. Selecting for each product a string of characters to identify it; ii. Fixing said string of characters on the product; iii. Retrieving the information contained in said string of characters at the moment of checking the product's authenticity; iv. Checking the validity of said retrieved string of characters; v. Exhibiting a message dependent on the result of said validity checking; vi. Updating the indication of the validity of said string of characters in a data-storage unit; and vii. Periodically updating in said data-storage unit the validity indication of said string of characters and the validity indications of strings of characters that identify other products. According to the process of the present invention, a string of characters is chosen in such manner as to exclusively identify a given product (i). Such a string of characters, as mentioned above, is defined as that product's identity (ID). The ID can be, for instance, the product's serial number, thus preventing ambiguities with other products. However, any string of characters able to identify the product uniquely can be used as an ID in the process of the present invention. As soon as the product is put on the market, its ID becomes valid (authorized). This status can change later, as will be described. The product's ID may contain information other than the minimum necessary to individualize the product. For instance, the ID may contain characters that help to check whether it is formally consistent, and/or characters used for delivering a message. If an ID is not formally consistent, it is not considered valid. An example of characters that help to check if a product's ID is formally consistent is an identifier of the location where the product is supposed to be sold or distributed. An ID containing such an identifier will only be considered formally consistent if the verification of its consistency is done on the site the product had been destined to. Another example is a string of characters which is a function of the contents of the ID, such as a digital signature or the output of a hash function. An example of a good hash function is a transformation that takes a string of characters (input) and, based on it, produces another string of characters (output) such that it is very difficult for those who do not know the algorithm that computes the function to produce a valid input-output pair not yet disclosed. An ID containing a digital signature or a hash value will only be considered formally consistent if the latter are valid for that ID. The ID may also contain characters used for exhibiting a message, herein referred to simply as message characters. In this case, the ID provides the means to choose the message that will be exhibited to the consumer as a consequence of the validation of the ID. The ID may contain any message, such as a description of the main characteristics of the product or, as another example, a number that serves as an index for picking a message from a table of messages. The ID may also contain characters that are used both to check formal consistency and to determine what message will be exhibited. For example, the output of a hash function may be used as index for selection from a table of messages. In another example, part of the ID may be used to test consistency by comparison with the digital signature while another part is used as index for that table. In another example, the ID can be the very message, or part of it. The product's ID having been chosen, it is then (ii) fixed on the product. Fastening can be by physical means, such as marking a string of characters or a bar code onto the product, as well as by inserting information into a digital means fixed to the product, such as a magnetic strip or an electronic chip of the kind known as RFID or Smart Tag, or by any other suitable means. The choice of the means by which the ID if fixed on the product is not relevant for the scope of the present invention. Preferably, the ID thus fastened to the product becomes inseparable from it in order to prevent the use of the ID in other products. However, the ID can also be fastened to other places that accompany and/or are directly associated with the product. The ID must be fixed on the product in a manner that allows its information to be retrieved. Subsequently, generally at the point of sale or distribution of the product, the person interested in checking the authenticity of the product submits it to the device herein referred to as off-line checker, or simply checker. The checker then (iii) retrieves the information in the ID fixed on the product; (iv) checks whether the ID is valid or invalid, possibly by consulting the contents of a data-storage unit; and (v) delivers a message that depends on the validity of said ID. The message helps the person to decide if the product submitted to the process of the present invention is authentic or false. The off-line checker may be, for instance, a personal computer equipped with a bar-code reader to retrieve and process the information in the ID represented by a bar code fixed on the product. The data-storage unit may be, for example, a database that contains a list of valid IDs or a list of invalid IDs in case hash-type redundancy is used. If the ID contains characters to test formal consistency, the validity check (iv) of the retrieved ID includes testing its consistency. If the checker determines that the ID retrieved from the product is not formally consistent, it considers the ID invalid and, consequently, (v) displays a warning message or an incomprehensible message. For example, if the ID contains an identifier of the site the product is intended for sale/distribution at, the checker verifies if the identifier does in fact correspond to the site where checking is taking place, in order to prevent shipments from being illegally diverted to other sites. In case such deviation is detected, an alert or incomprehensible message is displayed. If the ID contains a digital signature, the checker tries to confirm that the signature is consistent with the rest of the data contained in the ID. If it is not, an alert or incomprehensible message is displayed. If the ID contains redundancy characters such as a hash value, the checker applies the attendant hash algorithm to the data in the ID in order to determine consistency with the redundancy characters. If they are not consistent, an alert or incomprehensible message is displayed. In case the retrieved ID is not rejected in any of the formal consistency tests, the checker consults the data-storage unit to determine if said ID is valid or invalid (iv). To make economic use of data storage capacity of said data- storage unit, the table of valid or invalid IDs does not have to store the full contents of each ID, but only the minimum that is needed to unambiguously individualize the reference to each ID. If the checker concludes that the ID is valid, it exhibits (v) a comprehensible message on a display or a video screen, and/or via audio signals, and/or via tactile patterns and so on. If the checker concludes that the

ID is invalid, it produces (v) a warning of counterfeit product or some information incomprehensible to humans. The message exhibited to the consumer in case the ID is valid can be a standard message. Preferably, however, said message is linked to the message characters contained in the ID. More preferably, said message characters are related to the properties or characteristics of the product. Based on the message exhibited, the consumer decides whether or not to accept the product as authentic. If the consumer decides to purchase the product, the validity indication of its ID is updated in the data-storage unit (vi), after the sale is registered, so as to prevent that ID from being considered valid in future authentications. Alternatively, the consumer may decide not to purchase the product after authentication, even if considered authentic. In this case, the datastorage unit can register (vi) that the product has been submitted one more time to an authenticity check, and invalidate its ID after a certain pre-defined number of times is exceeded. The data-storage unit is subjected to periodic updates (vii) to receive new lists of valid or invalid IDs. These updates bring information about IDs whose validity was cancelled since the latest update, about IDs that from then on will be considered valid, for example because they correspond to new products placed on the market. These updates (vii) may also collect from the data-storage unit information that can be sent to other data-storage units. Optionally, these updates alter other information contained in the data-storage unit, such as the contents of a table of messages. Optionally, information on IDs that ceased being valid may be sent to the product manufacturer or to third parties. These updates (vii) take place as often as the manufacturer wishes, and may also be triggered by events that justify validation of certain IDs, such as the arrival of new products on the market or at the point of sale or distribution, or by events that warrant invalidation of certain IDs, such as theft or robbery of products or a product recall. The means of update is indifferent. Online means such as the Internet, intranets, private networks or dedicated channels can be used, as well as off-line means, such as the distribution of CD- ROMs. The periodicity and the means of updating the data-storage unit are not relevant to the scope of the present invention. In a second embodiment of the present invention, the product ID is encrypted and the result of the encryption is fixed on the product. According to this second embodiment, a public-key cryptography system, also known as asymmetric cryptography, is used. In public-key cryptography, two mutually related keys are used, one public and another private. The public key can be made available to the public and may be known by any interested party. The private key, on the other hand, is kept secret by its owner. In the practice known as cryptographic signature, the private key is employed to encrypt the data. Only the bearer of the private key is able to convert comprehensible data into totally incomprehensible data that can, however, be retrieved by the use of the corresponding public key. Since decryption is accomplished with the public key, anyone can retrieve the original data previously encrypted. There are several public-key cryptography systems considered secure. One example is the system known as RSA, from RSA Security, Bedford, Massachusetts, USA. Other examples include the McEliece and the El Gamal systems. The choice of the public-key cryptography system to be employed is not relevant for the scope of this invention. The product authentication process according to the second embodiment of the present invention additionally comprises the step of encrypting said string of characters that identifies the product using a private key of a public-key cryptography system before step (ii) and after step (i). The second embodiment of the process includes an additional step of disclosing the public key that corresponds to the private key used to encrypt the ID, at any moment before step (iii). The second embodiment of the process also includes, as part of the step (iii) of retrieving the information contained in said string of characters, the decryption, by means of said public key, of the encrypted data fixed on the product. Therefore, according to the second embodiment of the present invention, the product ID is encrypted with the private key before it is fixed (ii) on the product. The public key corresponding to the private key must be disclosed to allow decryption at the moment of retrieving the information contained in the ID. Disclosure of the public key may occur at any time provided it takes place before (iii) the information contained in the encrypted ID is retrieved. When the second embodiment of the invention is employed, a suitable way of disclosing the public key is to record it in a data-storage unit to which the off-line checker has access. If there is more than one public key kept in the data-storage unit, a non-encrypted identifier must be present on the product to allow selection of the adequate public key. Another way of disclosing the public key is to fix it on the very product, explicitly, thus making it unnecessary to use other means of disclosure. The way the public key is disclosed is not relevant for the scope of the present invention. After decryption, the information contained in the ID can be retrieved (iii) and the process of the present invention follows the subsequent steps as described above. According to a third embodiment of the present invention, the product ID is encrypted by means of a symmetric cryptography system, also known as private-key cryptography. In this type of cryptography the same key is employed both for encrypting and decrypting the data and therefore the key must be secret. An example of symmetric cryptography is the system known as DES, but there are many others. The choice of the symmetric cryptography system to be employed is not relevant for the scope of the present invention. The authentication process according to the third embodiment of the present invention additionally comprises the step of encrypting said string of characters that identifies the product using a private-key cryptography system before step (ii) and after step (i). The third embodiment of the process of the present invention also comprises the step of decrypting the encrypted data with the same key used for encryption, when (iii) retrieving the information. Therefore, according to the third embodiment of the present invention the ID is encrypted before it is fastened to the product. However, according to this third embodiment, there is need to disclose the decryption key. The checker has access to the key, but it must be kept secret from the public. In any embodiment of the present invention, the information contained in the ID can be protected by additional layers of encryption. For example, after step (i) and before step (ii), an additional encryption is done with a key corresponding to the point of sale/distribution. That destination-dependent key may be chosen by the manufacturer or, alternatively, chosen and informed to the manufacturer by those responsible for the point of sale/distribution. In any of the embodiments of the present invention, the ID can be compressed before (ii) fixing it on the product. In this case, the step (iii) of retrieving the information contained in the ID includes decompression of the data. The present invention also refers to an off-line product authentication system comprising: - a data storage unit that can store at least one list of valid or invalid strings of characters; - a checker that can verify the validity of said string of characters that identifies the product; and - a message-delivery element. The system of the present invention may also comprise: - a sales register capable of recording a commercial transaction involving said product and of indicating to the data-storage unit that the string of characters that identifies that product should no longer be considered valid. When the second or third embodiment of the process of the present invention is used, the system must also comprise means of encrypting and decrypting a string of characters that identifies the product. Such means for encrypting and decrypting the ID is preferably software. Manual means may also be employed, but less preferably because they are much more burdensome and costly. The data-storage unit is preferably a database capable of storing a list of IDs. There are no restrictions on the type of database employed. Physical spreadsheets may be used, although less preferably. The checker, according to the present invention, is preferably a computer capable of retrieving information from the ID fixed on the product, processing it and checking the validity of the ID in said data-storage unit. A personal computer with an adequate data-input device is fully able to run the steps of the process of the present invention. The message-delivery element may be a display or video screen in the checker unit, such as the video monitor of a personal computer, or a display or video employed specifically to output messages. The message- delivery element may also be a speaker that outputs an audio signal. The message-delivery element may also combine both visual and sound output devices. The message-delivery element may, as well, be a tactile interface, such as a Braille display or a thermal output device. Any element capable of conveying a message to a person can be employed in the process of the present invention. The sales register, herein referred to simply as register, may be a computer or point-of-sale cash register, provided it combine the functions of registering the sale of a product and updating the information regarding the validity of the product ID in the data-storage unit. In another embodiment of the system of the present invention, the checker is combined with the register in a single unit that can check the validity of the ID, output a message, register the sale and update the ID validity indication in the data-storage unit or, in case the ID is considered invalid, block the transaction. In yet another embodiment of the system of the present invention, the checker is portable in order to allow checking authenticity in a remote site. BRIEF DESCRIPTION OF THE FIGURES These and other objectives, improvements and effects of the process and system of the present invention will become clear to those skilled in the art from the detailed description presented below, making reference to the following figures. The purpose of the figures is to illustrate specific embodiments of the invention. Said figures are schematic, with dimensions and proportions that may not correspond to reality, since they aim to illustrate the invention didactically, without imposing any limitations other than those specified in the attached claims, wherein: - Figure 1 is a block diagram that schematically represents the first embodiment of the process of the present invention; - Figure 2 is a block diagram that schematically represents the second embodiment of the process of the present invention; - Figure 3 is a block diagram that schematically represents the third embodiment of the process of the present invention; - Figure 4 is a schematic diagram that represents the system of the present invention; and - Figure 5 is an enlarged image of the PDF-417 bar code created according to the example of the present invention. DETAILED DESCRIPTION OF THE INVENTION Figs. 1 and 4 illustrate the process and system according to one embodiment of the present invention. A manufacturer (10) initially selects (100) a string of characters that identifies a product (20). As mentioned above, the string of characters that identifies the product is defined as identity (ID). Next, the ID is fixed (102) on the product (20). Preferably, the ID is fixed in such manner that it becomes fully associated with the product. More preferably, fastening is on the product itself. Fastening may be by any physical means, such as a printed bar code, or by any digital means, such as a magnetic strip or an electronic chip of the kind known as a Smart Tag, as long as the information contained in the ID can be retrieved. The means by which the ID is fixed to the product is not relevant for the scope of the present invention. Fastening may also be done onto a product lot, or onto various products at the same time in the case of those sold in more than one unit per package. The ID may contain identification of the intended site of sale or distribution (30). Inclusion of the site identification within the product ID permits verification of whether the product is effectively at the intended point of sale or distribution. The ID may also contain characters that are themselves a function of other characters in the ID, such as a digital signature or a hash value. There are several methods to generate a secure digital signature, such as DSS, RSA and El Gamal, among others. There are also many secure hash functions, such as MD-5 and SHS, among others. Inclusion of a site identifier, or of a digital signature, or of a hash value within the ID permits checking the formal consistency and integrity of the data. The ID may contain a comprehensible message to be exhibited to the consumer, or a code that serves as key or index for selecting in a datastorage unit (34) such a comprehensible message. If exhibited (105), said message will give the consumer information on the authenticity of the product. There is no restriction on the content of said comprehensible message, but preferably it should mention some of the relevant characteristics of the product. The manufacturer (10) may optionally compress the selected ID

(100) by means of some data-compression algorithm. Should that be the case, it is necessary to decompress the data when retrieving (103) the information contained in said ID. At the sale or distribution site (30), or at any time deemed necessary, the information in the ID fixed on the product is retrieved (103) through an off-line checker (31), such as a personal computer equipped with the adequate data-input device. Retrieval of the information contained in the ID fixed on the product can be accomplished by typing in the characters that compose it, by reading a bar code or a magnetic strip, by receiving radio- frequency signals, or by any other suitable means. Having retrieved (103) the information in the ID, the off-line checker (31 ) processes it in order to verify if said ID is valid (104). If the checker detects any formal inconsistency in the retrieved ID, it is considered invalid. Otherwise, the ID will only be considered valid if the contents of the data-storage unit indicate it is valid. Thus, verification (104) of the ID's validity can involve two criteria. First, if the ID has characters that allow for checking of its consistency and integrity, the checker does the appropriate computations to conduct such verification. Without rejection in the consistency and integrity criterion, the checker confers the validity of the ID by consulting (C) a table of valid or invalid identities in the data-storage unit (34). In this case, the answer (D) to this consultation will determine the validity of the ID. The data-storage unit (34) is, for example, a database that runs in said personal computer, or which the latter has local or off-line access to. A message that depends on the validity of the ID is exhibited (105) to the consumer on a display (33). The display (33) can be, for instance, a liquid-crystal screen or a video monitor. Optionally, the message is exhibited by means of an audio signal or some other form of delivery means especially useful for people with reading difficulties. The message displayed helps the person interested in authenticating the product to decide whether it is authentic or not. In case the checker (31 ) considers (104) the ID invalid, an alert message or an incomprehensible message is displayed (105). If, otherwise, the checker (31 ) considers (104) the ID valid, a comprehensible message is displayed (105). There are no restrictions to what the comprehensible message should be. Preferably, however, it is related to the contents of the ID. After the message is displayed (105), information related to the validity of said ID is updated (106) in the data-storage unit (34). This update (106) registers the fact that the validity of that ID has just been checked, and may also record the date and time when this occurred. In case the ID has been considered (104) valid, this update (106) makes a move towards canceling its validity. This cancellation of validity can be immediate or, alternatively, mediated by a few conditioners such as making the ID invalid only after a certain period of time has passed since verification, or counting how many times the validity of that ID has been checked so far and canceling it only after a certain number of times is exceeded. On the other hand, if the ID has been considered (104) invalid, this update (106) may record that a counterfeit product with that ID was submitted to an authenticity check. Registering the sale of the product (20) also provokes an update (106) of the validity status of its ID in the data-storage unit (34). The sales register (35) is capable of retrieving (103) the information contained in the ID and verifying (104) its validity in a manner analogous to that of the checker (31). In case the ID is invalid (H), the sales register (35) blocks the sale. If the ID is valid (H) and the product is sold, the sales register (35) provokes (G) an update (106) of the data-storage unit (34) in such manner that from then on that ID be considered invalid. Checker (31 ) and sales register (35) may be dissociated from one another, in separate units. In this embodiment the customer can, for example, check the authenticity of the product at the shelf or counter before deciding to buy it. Later on, when the cashier registers the sale, the sales register (35) updates (106) the data-storage unit (34), canceling the validity of that product's ID. In another embodiment, the checker (31) and the sales register (35) are associated in a single unit. This way the customer can check the authenticity and purchase the product at one and the same time at the cashier. Checker and data-storage unit may also be portable (40). Thus, they can be transported to the site of consumption or distribution instead of having the consumer or distributor go to the point of sale. This embodiment is especially useful when the consumer places an order for delivery of a product or a lot. The product or lot shipped to the consumer or distributor is submitted to authenticity check at the point of destination. The checker and data-storage unit having been taken to the same location, off-line authenticity check is done in a manner completely analogous to that described above. The portable checker can be, for example, a laptop computer equipped with the adequate data-input device, while its magnetic disk plays the role of portable data-storage device. For the same reasons, the sales register may be portable to allow registering a sale at the point of destination of the product. Those skilled in the art will understand that the same results can be obtained by updating the validity of the ID (106) in the data-storage unit before or at the same time the message is displayed (105). The exact temporal order of those two steps is not relevant for the scope of the present invention. The data-storage unit (34) is periodically updated with remote information (107) that validates certain IDs, for instance as new products are produced and put on the market, and with information that invalidates other IDs, for example as products are subjected to authentication checks and sold elsewhere, or as theft, robbery or a recall justify cancellation of certain IDs. These updates (107) also upload from the data-storage unit information to be sent to other data-storage units. Optionally, these updates (107) also change other data in the data-storage unit, such as the contents of a table of messages. The exact frequency of these updates is not relevant for the scope of this invention. Figure 4 shows information exchange involving a central administration hereafter referred to simply as administrator (50). The manufacturer (10) sends (A) to the administrator a list of identities that correspond to authentic products (20) about to be put on the market. Said list is, in turn, updated (B) into the data-storage unit (34). Optionally, the data-storage unit (34) sends (E) to the administrator a list of IDs that have become invalid, or that have been subjected to validity checks more than a certain number of times, or a list of IDs apparently corresponding to counterfeit products that have been subjected to authentication. The list sent (E) to the administrator may also be sent (F) to the manufacturer (10) as a report for statistical control or other ends. Administration of the system of the present invention may be done by an administrator (50) other than the manufacturer, such as the one in Fig. 4, as well as by the manufacturer (10) itself. Those skilled in the art will understand that the administration can be done in a distributed manner, by several data processors. In this case, the administrator can be understood as being the set of all pieces of software that, acting together but in a distributed way, implement the steps described above. The exact means by which system administration is accomplished is not relevant for the scope of the present invention. The administrator and the data-storage unit (34) can exchange information (107) through a dedicated communication channel, a private network, or the Internet. In case no telecommunication means is available, the update (107) may be carried out with the help of a portable data-storage element, such as diskettes or CDs transported to and from the points of sale/distribution. The exact means of exchanging information (107) between the administrator and the data-storage unit and the frequency with which it is done are not relevant to the scope of this invention. Figure 2 illustrates the second embodiment of the process according to the present invention, where the ID is encrypted using a public-key cryptography system. According to this embodiment, after the ID is selected

(100) it is subjected to encryption (101 ) using a public-key cryptography system. Optionally, the manufacturer may compress the ID before encrypting, or compress the encrypted ID before. Should this be the case, the data ought to be decompressed during the information retrieval step (103). The ID is encrypted (101 ) with a private key of a public-key cryptography system. The result is a sequence of characters not comprehensible to humans. Said private key is not disclosed, and is of exclusive property of the manufacturer (10) or administrator (50). The encrypted ID is then fixed (102) on the product (20).

Preferably, the encrypted ID is fully associated to the product. With greater preference, fastening is on the product itself. Fastening may be by any physical means, such as a printed bar code, or by any digital means, such as a magnetic strip or an RFID chip, as long as the information contained in the ID be retrievable. The exact means by which the encrypted ID is fastened to the product is not relevant for the scope of the present invention. The encrypted ID may also be fastened onto a product lot or onto several products at the same time in the case of those sold in more than one unit in the same package. The public key corresponding to the private key is disclosed (108) to allow decryption of the encrypted ID. Disclosure of the public key may be at any time: before selecting (100) the ID; or after selecting and before encrypting it (101 ); as well as after encryption and before fastening (102) of the encrypted ID onto the product; or even after fastening (102); as long as it occurs before the retrieval (103) of the information contained in the encrypted ID, because only in possession of the public key it is possible to run the verification step (104). The means by which the public key is disclosed is not relevant for the scope of the present invention. The process then follows the steps of the first embodiment of the invention, but including in step (iii) the decryption of the encrypted data. According to this second embodiment, the data-storage unit (34) optionally has the capacity to store the public key(s) disclosed by the manufacturer(s). Preferably, the checker (31 ) is able to recognize the manufacturer and select the adequate public key. Optionally, the public key is fixed on the product. In this case, it is neither necessary to store that public key in the data-storage unit (34) nor to disclose it by other means. Figure 3 illustrates a third embodiment of the process of the present invention, where instead of employing a public-key cryptography system, a private-key cryptography system is used. The process runs the steps described for the second embodiment of the present invention, but not including the step of disclosing the key, since the key used for ID encryption is the same as the key used for decryption and, therefore, must be kept secret. The present invention also refers to a product authentication system, as illustrated in Figure 4, comprising: - a means of fixing a string of characters that identifies the product on the product (20) in such manner that the string of characters can be retrieved; - a data-storage unit (34) for storing at least one list of valid or invalid strings of characters; - a checker (31 ) to check the validity of the string of characters that identifies the product; and - a message-delivery element (33). The system of the present invention may additionally comprise a sales register (35) to record and process a commercial transaction involving said product and to update the data-storage unit so that the string of characters that identifies said product be no longer considered valid. The means employed for fixing the string of characters that identifies the product is preferentially a physical means such as printing the string itself or a bar code representation of it. Electronic means can also be employed, such as RFID chips, magnetic strips, or any other suitable means. When either the second or the third embodiment of the process of the present invention is employed, the system must also comprise a means of encrypting and decrypting a string of characters that identifies the product. Said means of encrypting and decrypting the ID is preferably software, such as an

RSA-based software. Manual means can also be employed, but less preferably. The data-storage unit (34) is preferably a database capable of storing ID information. There are no restrictions regarding the type of database employed. Spreadsheets in physical format can also be used, but less preferably. The checker (31 ), according to the system of the present invention, is preferably a computer able to retrieve the ID and to check its validity in said data-storage unit. A personal computer with suitable peripheral equipment is fully able to run the steps of the process of the present invention. The sales register (35) may be a computer or point-of-sale cash register, as long as it combines the functions of registering the sale of the product and updating the data-storage unit. In another embodiment of the system of the present invention, checker (31 ) and sales register (35) are combined in a single unit that can verify the authenticity of a product, deliver a message, register the sale of the product and update the data-storage unit (34). In another embodiment of the system of the present invention, the checker is portable (40), thus permitting authentication of a product at a site where a checker is otherwise unavailable. In another embodiment of the system of the present invention, the sales register is portable, thus permitting the sale of a product to be registered at a site where a sales register is otherwise unavailable. According to the specification above, it will be evident for those skilled in the art that the present invention solves the problems of the state of the art by providing a process and system for product authentication that promotes easy recognition of product authenticity by the consumer by virtue of the exhibition of a message, visual, auditory or otherwise. Nonetheless, the present invention renders useless the duplication of the authentication element, as well as makes the reuse of product ID impossible. In addition, authenticity check is off-line, waiving the need for on-line connection with a remote server at authentication time. Furthermore, the present invention gives manufacturers great advantage in inhibiting illicit actions such as contraband, robbery and piracy. EXAMPLE The present invention will now be described in a practical example of the application of one of the embodiments presented above, given only as an illustration, without imposing any limitations beyond those contained in the attached claims. In this example, a drugs manufacturer prints on the package of one of its products a code which will allow the consumer to check that the product is authentic. This authenticity check is done off-line at the drugstore before the product is purchased. This manufacturer is catalogued as No. 01 in a registry of manufacturers. At a certain moment, the manufacturer selects a pair of keys of the RSA cryptographic system, one public and the other private. In order to generate that pair of keys, the manufacturer uses software that runs on a conventional computer. Initially, the manufacturer chooses four random numbers, called R1 , R2, R3 and R4, to be given as input to that software: - R1 =123456789 - R2=235619181 - R3=126171819 - R4=121256171 Based on the four inputs R1 , R2, R3 and R4, the software produces as outputs two long prime numbers P and Q, whose values in decimal notation are as follows:

P=7730063972416833541332074347972555699484007996936627505136892 8424940196293451 Q=9002600512219211542746605816952425698540062197104387541 5635710094429895131083 That same software calculates the product of P and Q, called N, so that N=PxQ, whose value in decimal notation is as follows: N=6959067787756705876553835596165330393095183089839319075724666 375734801686354559138532426783559571765453427537120582295229823 306581086097206402868379437433 The manufacturer's public key consists of two numbers: one of them is the number N above, and the other is the number 3, which will serve as exponent in the decryption procedure. The numbers that constitute the public key are stored in the data- storage unit to which the authenticity checker has off-line access, such as the magnetic storage medium of a personal computer at the point of sale. The private key consists of the pair of numbers P and Q. The private key is available as input to an encryption software that runs on the manufacturer's computer and serves to generate the code that will be printed on the package of the product. The manufacturer does not disclose the private key. Given P and Q as input, the encryption software generates two other values: one called "Phi", which is the product (P - 1 )x(Q - 1 ); and the other called D, which is the multiplicative inverse of 3, modulo Phi. Only the manufacturer is privy to the values of Phi and D. The encryption software also receives as inputs the number by which the manufacturer is catalogued in the registry, in this case the number 01 , the product's serial number, and some text chosen by the manufacturer. In the present example, the manufacturer produces a box containing capsules of the antibiotic Amoxicillin, and gives that box the serial number 1234567890. The encryption software aggregates the binary representation of the number 01 as a prefix to the binary representation of that serial number. The result is then aggregated, also as a prefix, to the binary ASCII representation of the text "AMOXICILLIN 750 MG CAPSULES - EXPIRES 03 MAY 2009". The resulting string of bits is the ID of the product. It is regarded by the software as a numerical value M. Next, the software does the mathematical calculation: M raised to the power D, modulo N. The result X is the encrypted ID, and its numerical value is shown below in hexadecimal notation: X= 71 5B F1 81 5C 1 D FE BF 14 BC 4F 3B 0D AF 6F 42 34 78 BA 51 47 41 D1 F9 83 1 B 93 DD 1 B 15 A9 C4 6C 8E 40 B6 AD E2 14 8B 03 C9 1 D 30 8E D1 B6 E1 E8 BB 96 38 4F 59 99 8B 6C D2 F1 CA E3 5F B6 E0 The binary representation of the number 01 , which identifies the manufacturer, is then aggregated as a prefix to the binary representation of the value of X. The resulting string of bits is, in hexadecimal notation: 01 71 5B F1 81 5C 1 D FE BF 14 BC 4F 3B 0D AF 6F 42 34 78 BA 51 47 41 D1 F9 83 1 B 93 DD 1 B 15 A9 C4 6C 8E 40 B6 AD E2 14 8B 03 C9 1 D 30 8E D1 B6 E1 E8 BB 96 384F 59 99 8B 6C D2 F1 CA E3 5F B6 E0 This string of bits is then converted into a kind of representation that will make it retrievable by electronic means in the future. In this example, the chosen representation is a bar code. Among many existing bar-code representations, the manufacturer chooses the bi-dimensional one known as PDF-417. The resulting bar code is shown in Figure 5, greatly enlarged to allow easy visualization of the details. The manufacturer affixes that bar code onto the box that contains the medicine. As previously mentioned, the manufacturer discloses the public key that corresponds to the private key used to encrypt the ID. In other words, the numbers N and 3 are disclosed at some moment before decryption takes place. The consumer, who is in the drugstore where that box of medicine is for sale and is interested in checking its authenticity before buying it, submits the box to the bar-code reader that is part of the checker, a device with data- processing capability. The checker retrieves the information contained in the bar code and gives it as input to software that runs on a CPU at the drugstore. The software initially finds out who the manufacturer is by reading the first byte of the string of bits. This enables the software to select, from a table of public keys, the correct public key it will use to decrypt the encrypted ID, since other manufacturers may have chosen to use other keys. Next, disregarding the fist byte, all the remainder is the value of X. According to the cryptographic method employed, the information M contained in X is recovered by performing the mathematical calculation M = X³ modulo N. Having calculated M, which is the identity of the product, the software separates the serial number from the message. If the serial number contained in the ID is not among those listed in a table of valid serial numbers pertaining to manufacturer 01 , a table which is stored in the drugstore's datastorage unit, the ID will be considered invalid and, as a consequence, the equipment will warn the consumer that the product is a counterfeit by means of showing the word "COUNTERFEIT" on its display and simultaneously having its voice synthesizer utter it aloud. The same will happen if that serial number is listed as valid but this is, for instance, the tenth time it is submitted to the checker. In this instance, ten times is the limit the manufacturer has chosen to signal to the software that something odd is going on which deserves investigation and, in the interim, to invalidate that serial number. If the serial number is considered valid, the checker will show on its display the text "AMOXICILLIN 750 MG CAPSULES - EXPIRES 03 MAY 2009" contained in M. Simultaneously, that text will be uttered aloud by the checker's voice synthesizer. When the consumer reads and/or hears clearly the name of the medicine and other comprehensible information contained in that text, he/she becomes convinced that the product is authentic. Once satisfied that the contents of the box are authentic, the consumer takes it to the cashier, pays for it and receives the sales ticket. As the cashier's terminal registers the transaction, it updates the table of valid serial numbers in the drugstore's data storage unit, invalidating that particular serial number so that no other product with the same serial number may be considered authentic. During the next on-line update of the data-storage unit, which in the present example will take place two days later, the fact that the aforementioned serial number was invalidated will be uploaded to the administrator, which in turn transmits this information to all other data-storage units. During the same on-line update, the data-storage unit receives information about serial numbers that from then on ought to be considered invalid, as well as about other serial numbers that from then on should be considered valid. It should be understood that, although the present invention has been described in relation to its preferred embodiments, those skilled in the art may develop numerous variations of details and expand the processes and system described above to cover other types of applications without, however, deviating from the principles of the invention. For example, several of the elements described for the different embodiments may be combined in a manner not illustrated above. Therefore, the attached claims should be interpreted as covering all equivalents that are within the scope and character of the present invention.

Claims

CLAIMS 1 Off-line product authentication process comprising the steps of: Selecting for each product a string of characters to identify it; ii. Fixing said string of characters on the product; iii. Retrieving said string of characters from the product at the moment of checking product authenticity; iv. Checking the validity of the string of characters retrieved; v. Exhibiting a message dependent on the result of said validity checking; and vi. Updating in a data-storage unit the validity indication of said string of characters.

2. The process of claim 1 , characterized by additionally comprising the step of periodically updating in said data-storage unit the validity indications of said string of characters and of strings of characters that identify other products.

3. The process of claim 1 , characterized in that said string of characters is the product's serial number.

4. The process of claim 1 , characterized in that said string of characters comprises characters to determine if said string of characters is valid.

5. The process of claim 1 , characterized in that said string of characters comprises characters to determine the message to be exhibited.

6. The process of claim 1 , characterized in that said string of characters comprises an identifier of the intended site of sale or distribution of the product.

7. The process of claim 1 , characterized in that said string of characters comprises a digital signature or the result of a hash function.

8. The process of claim 5, characterized in that said string of characters contains a message comprehensible to humans.

9. The process of claim 5, characterized in that said string of characters contains an index or key to select a message stored in a datastorage unit.

10. The process of claim 1 , characterized in that said string of characters is compressed.

11. The process of claim 1 , characterized in that said string of characters is fixed on the product by physical means.

12. The process of claim 11 , characterized in that said physical means is a printed bar code.

13. The process of claim 1 , characterized in that said string of characters is fixed on the product by digital means.

14. The process of claim 13, characterized in that said digital means is a magnetic strip.

15. The process of claim 13, characterized in that said digital means is an electronic chip.

16. The process of claim 1 , characterized in that said string of characters fixed on the product is inseparable from the product.

17. The process of claim 1 , characterized by additionally comprising the steps of: encrypting said string of characters with a private key of a public- key cryptography system before step (ii); disclosing the public key corresponding to said private key before step (iii); and decrypting said encrypted string of characters as part step (iii).

18. The process of claim 17, characterized in that said encrypted string of characters is accompanied by the corresponding public key to promote its decryption.

19. The process of claim 1 , characterized by additionally comprising the steps of: encrypting said string of characters using a symmetric cryptography system before step (ii); and decrypting said string of characters as part of step (iii).

20. Off-line product authentication system comprising: - a data-storage unit that can store at least one list of valid or invalid strings of characters; - a checker that can verify in said data-storage unit the validity of said string of characters that identifies the product; and - a message-delivery element to exhibit a message dependent on the result of the validity verification done by said checker.

21. The system of claim 20, characterized by additionally comprising a sales register able to record a commercial transaction involving said product and to indicate to the data-storage unit that the string of characters that identifies said product should no longer be considered valid.

22. The system according to claim 20 or 21 , characterized by additionally comprising means to encrypt and/or decrypt a string of characters that identifies the product.

23. The system of claim 22, characterized in that said means is software.

24. The system of claim 20, characterized in that said datastorage unit is a database.

25. The system of claim 20, characterized in that said checker is a computer.

26. The system of claim 21 , characterized in that said sales register is a computer.

27. The system of claim 21 , characterized in that said sales register is a cash register at the point of sale or distribution.

28. The system of claim 20 or 21 , characterized in that said checker and said sales register are combined in one single unit.

29. The system of claim 20, characterized in that said checker is portable.

30. The system of claim 21 , 26 or 27, characterized in that said sales register is portable.

31. The system of claim 20, characterized in that said message-delivery element is a display or screen.

32. The system of claim 20, characterized in that said message-delivery element produces an audio signal or any form of communication suitable for people who have difficulty reading.