WO2012142061A1 - Codes à barres authentiques utilisant des signatures numériques - Google Patents

Codes à barres authentiques utilisant des signatures numériques Download PDF

Info

Publication number
WO2012142061A1
WO2012142061A1 PCT/US2012/032964 US2012032964W WO2012142061A1 WO 2012142061 A1 WO2012142061 A1 WO 2012142061A1 US 2012032964 W US2012032964 W US 2012032964W WO 2012142061 A1 WO2012142061 A1 WO 2012142061A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
barcode
public key
digital signature
information
Prior art date
Application number
PCT/US2012/032964
Other languages
English (en)
Inventor
Anirban Mukherjee
Original Assignee
Verisign, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/118,680 external-priority patent/US20120308003A1/en
Application filed by Verisign, Inc. filed Critical Verisign, Inc.
Priority to EP12721018.5A priority Critical patent/EP2697785A1/fr
Publication of WO2012142061A1 publication Critical patent/WO2012142061A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • G07D7/0047Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip using checkcodes, e.g. coded numbers derived from serial number and denomination
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • G07D7/0043Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip using barcodes

Definitions

  • the present disclosure relates generally to methods and systems for generating and authenticating barcodes using digital signatures.
  • Physical information may include essentially any kind of information that is stored primarily in tangible, physical form, such as on paper, and is not readily available in electronic or digital form, but must instead be converted or translated into electronic or digital form through the use of electronic devices and/or manual human data-entry.
  • a utility bill printed on a piece paper received by a customer may be a form of "physical" information.
  • the information printed on the utility bill may already exist in electronic or digital form— for example, in a commercial database operated by the utility company— that electronic information may not be available to the customer. Instead, if the customer wishes to store or manipulate the information printed on the paper document using a computer, he or she must either manually enter the information into a computer program or use a device, such as a scanner, that is designed to convert physical information into electronic or digital information.
  • a barcode is an optical, machine-readable image in which the information sought to be communicated by the barcode is arranged as a series of parallel lines of varying widths and spacings. Barcodes are typically scanned in a one-dimensional fashion by special-purpose optical scanning devices that are able to decode the information encoded in the barcodes by measuring the widths and spacings of the parallel barcode lines through reflective light feedback.
  • QR Codes are capable of storing up to 7,089 numeric code characters, 4,296 alphanumeric characters, or 2,953 bytes when encoding purely binary data.
  • QR Codes have recently gained widespread use as a result of the advancement of mobile devices, such as smartphones, capable of reading and quickly rendering barcode data such as QR Codes.
  • QR Codes has been to encode Uniform Resource Locators ("URLs"), such as website addresses, within QR Codes placed on billboards, mailers, or even buildings to provide consumers with a quick and easy way to visit a company's website without having to memorize, write down, or manually type a URL into a smartphone or other mobile device.
  • URLs Uniform Resource Locators
  • QR Codes Consumers who see a QR Code displayed may take a picture of the QR Code using a camera embedded in the smartphone, for example, and may utilize a smartphone application to automatically translate the QR Code to a URL and launch a browser application pointed to the URL. Additional commercial uses of QR Codes include encoding coupons or other purchase information into QR Codes that customers may decode into graphical or textual coupons to present at businesses to receive discounts on purchased goods or services.
  • QR Codes or any barcodes for that matter, are that they lack any inherent security mechanism for verifying that information encoded thereirl actually originated from the author from which it may be assumed, expected, or required that the information have originated, or for verifying that the encoded information has not been modified by a third party.
  • a business could display a QR Code, such as the QR
  • a competitor could surreptitiously overlay a second QR Code over the original QR Code that, when decoded by customers' mobile devices, would direct customers to the competitor's website or to an impostor website intended to mimic the website specified by the original QR Code, for example to steal passwords or identity information.
  • QR Codes for the purpose of obtaining coupons or discounts could potentially print out or display forged QR Codes that fraudulently entitle them to increased discounts or rewards.
  • the invention comprises methods and systems for generating and authenticating barcodes, such as QR codes, using digital signatures.
  • the invention provides functionality for a creator or "author" of a message to generate a barcode that includes not only the author's message, but also a digital signature associated with the message.
  • the digital signature associated with the message may be generated by encrypting the message, or a digest of the message, using the author's private key.
  • a user may read the barcode using a barcode reader device, such as a smartphone or other mobile device that includes hardware and/or software for optically reading graphical barcode data and decoding the same to derive alphanumeric or binary barcode information, including a message, such as a URL, e-mail address, or image.
  • the barcode reader may verify the authenticity of the message by decrypting the digital signature using the author's public key and confirming that the decrypted digital signature matches the barcode message.
  • the author may include a copy of its public key certificate, such as an X.509 certificate, in the barcode, and the barcode reader may use the public key contained in the public key certificate to decrypt the digital signature and verify the authenticity of the message.
  • the author may include author identification information in the barcode in place of a public key certificate.
  • the barcode reader may thereafter request a copy of the author's public key certificate from a verification service provider, such as a Certificate Authority, using the author identification information.
  • the barcode reader may transmit all information necessary to determine the authenticity of the barcode message, for example the barcode message, digital signature, and author identification information, to a separate or remote verification service provider.
  • the verification service provider may retrieve the public key certificate associated with the author identification information, and may determine the authenticity of the barcode message by determining whether the digital signature, as decrypted by the public key contained in the public key certificate, matches the barcode message. The verification service provider may then transmit the results of its authenticity determination back to the barcode reader device.
  • users can be certain that digitally signed barcode messages purported to be from particular authors or entities in fact originated from those authors or entities, and were not tampered with prior to being optically scanned by the user's barcode reader device.
  • the invention may be applied to any type of barcode standard, including 2-dimensional matrix barcodes, such as QR codes.
  • FIG. 1 depicts an exemplary, conventional QR code, consistent with certain disclosed embodiments
  • FIG. 2 is a diagram depicting an exemplary device for generating authentic barcodes, consistent with certain disclosed embodiments
  • FIG. 3 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and a public key certificate corresponding to the digital signature, consistent with certain disclosed embodiments;
  • FIG. 4 is a diagram depicting various data input and output operations associated with an exemplary method of generating an authentic barcode, consistent with certain disclosed embodiments;
  • FIG. 5 is a flow diagram illustrating an exemplary method of generating an authentic barcode that includes a digitally signed message and an author identifier associated with the encryption key used to generate the digital signature, consistent with certain disclosed embodiments;
  • FIG. 6 is a diagram depicting various data input and output operations associated with an exemplary method of generating an authentic barcode, consistent with certain disclosed embodiments
  • FIG. 7 is a diagram depicting an exemplary device for reading and verifying authentic barcodes, consistent with certain disclosed embodiments
  • FIG. 8 is a flow diagram illustrating an exemplary method of reading
  • FIG. 9 is a diagram depicting various data input and output operations associated with an exemplary method of reading and authenticating an authentic barcode that includes a public key certificate, consistent with certain disclosed embodiments;
  • FIG. 10 is a flow diagram illustrating an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments
  • FIG. 1 1 is a diagram depicting various data input and output operations associated with an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments;
  • FIG. 12 is a flow diagram illustrating an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments
  • FIG. 13 is a diagram depicting various data input and output operations associated with an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, consistent with certain disclosed embodiments;
  • FIG. 14 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments;
  • FIG. 15 depicts an exemplary authentic bar code, consistent with certain disclosed embodiments;
  • FIG. 16 depicts the decoded information contained in the authentic bar code of FIG. 15;
  • FIG. 17 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments
  • FIG. 18 depicts an exemplary authentic bar code, along with its decoded text, consistent with certain disclosed embodiments
  • FIG. 19 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments.
  • FIG. 20 depicts an exemplary authentic bar code, along with its decoded text, consistent with certain disclosed embodiments.
  • FIG. 1 depicts an exemplary, conventional QR code, consistent with certain disclosed embodiments.
  • information representing a URL 1 10 is encoded as a series of black and white boxes arranged in two dimensions.
  • FIG. 2 is a diagram depicting an exemplary device for generating authentic barcodes, consistent with certain disclosed embodiments.
  • Device 200 may be essentially any kind of computing device capable of inputting information; operating on that information by performing cryptographic operations, for example, utilizing exponentiation and modulo arithmetic; and outputting the results of any cryptographic operations.
  • device 200 may be a general purpose computer, comprising one or more micro processors 210 of varying core configurations and clock frequencies; one or more hard disk drives 220 of varying physical dimensions and storage capacities; one or more random access memory (RAM) modules 230 of varying clock frequencies and memory bandwidth; one or more input/output network connections 240; and one or more peripheral connections or interfaces 250.
  • RAM random access memory
  • Device 200 may include or be operatively connected— e.g., by network or wireless connection— to printing device 270 capable of printing any generated barcodes on a number of physical materials, such as paper, plastic, billboard material, etc.
  • printing device 270 capable of printing any generated barcodes on a number of physical materials, such as paper, plastic, billboard material, etc.
  • device 200 or the owner or operator associated with device 200 need not necessarily print or graphically render any barcodes that it generates, but instead may provide electronic or digital data representative of generated barcodes to third parties for printing or distributing the barcodes in other manners.
  • FIG. 3 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and a public key certificate corresponding to the digital signature, according to data operations depicted in FIG. 4, and consistent with certain disclosed embodiments.
  • a message 410 is selected for encoding into a barcode and is input into a barcode generation process or device, such as device 200.
  • Message 410 may be any kind of numeric or alphanumeric text string, such as a URL, email address, coupon code, etc.; or binary data, such as an image, sound clip, application-specific file type, etc.
  • device 200 generates a digital signature of the message using a private key associated with the author of the message.
  • an "author" of a digitally signed barcode need not indicate the literal author of the information encoded in the barcode or the entity responsible for generating the actual barcode patterns. Rather, in some embodiments, the term "author” may simply indicate any party or entity for which a user or barcode reader expects or requires the barcode information to have originated from, be attributed to, or be endorsed by in some manner in order to be considered authentic.
  • device 200 may first create a digest of message 410 using techniques known in the art, such as hashing according to the MD5 or SHA-1 algorithms (step 320).
  • step 330 device 200 creates a digital signature 440 of the message 410 by digitally encrypting the message 410 or a digest of the message 410 using the author's private key 420.
  • Device 200 may be configured to encrypt a digest of message 410, rather than the entire message in order to reduce the necessary size of the digital signature— for example, to ensure that the addition of the digital signature does not cause the data to be encoded in the barcode to exceed certain size limitations for barcode data, or to reduce the necessary granularity of the barcode to reduce the likelihood of machine reading errors.
  • message 410 itself, or a portion thereof, may be encrypted using the author's private key, so that the length of the digital signature is approximately proportional to the length of the message itself.
  • Message 410 might also first be compressed, using any one of many compression techniques known in the art, and that compressed data may be digitally signed. Since those skilled in the art will appreciate that the invention may generate digital signatures based on either message digests or the messages themselves, the terms "message" and
  • Device 200 may generate the digital signature 440, for example, using a dedicated signature generating software or hardware component 430.
  • step 340 device 200 generates a barcode 470 that includes a graphical representation of information comprising the message 410, the digital signature 440 of the message or message digest, and a public key certificate 450.
  • Public key certificate 450 may include a public key 455 corresponding to the author's private key 420.
  • Public key certificate 450 may also include information identifying the holder of the public key (not depicted), and may itself be digitally signed by a trusted third party, such as the Certificate Authority that issued the certificate to the author.
  • Device 200 may generate the barcode 470, for example, using a dedicated barcode generating software or hardware component 460.
  • FIG. 5 is a flow diagram illustrating an exemplary method of generating an authentic barcode including a digitally signed message and an author identifier associated with the key used to generate the digital signature, according to data operations depicted in FIG. 6, consistent with certain disclosed embodiments.
  • a message 610 is selected for encoding into a barcode and is input into a barcode generation process or device, such as device 200.
  • device 200 creates a digest of message 610 using techniques known in the art, such as MD5 hashing or SHA-1 hashing.
  • device 200 creates a digital signature 640 of the message 610 by digitally encrypting the message 610 or a digest of the message 610 using the author's private key 620, for example, using a dedicated barcode generating software or hardware component 630.
  • device 200 may determine an author identifier 650 associated with the message.
  • the author identifier may be the name of the entity to which the public key certificate associated with private key 620 has been issued by a Certificate Authority.
  • device 200 generates a barcode 670 that includes a graphical representation of information comprising the message 610, the digital signature 640 of the message or message digest, and the author identifier 650.
  • barcode 670 By including a shorter author identifier 650 in the barcode 670 instead of a longer public key certificate (which would likely also include an author identifier), less metadata should need to be encoded in barcode 670. This allows for either a longer message 610 or a simpler barcode that requires less granularity and is therefore less prone to machine-reading errors or data-density limitations.
  • FIG. 7 is a diagram depicting an exemplary device for reading and verifying authentic barcodes, consistent with certain disclosed embodiments.
  • Device 700 may be essentially any kind of computing device capable of optically reading graphical bar code data; decoding the graphical bar code data to derive bar code information; operating on that information by performing cryptographic operations, for example, utilizing exponentiation and modulo arithmetic; and outputting the results of any cryptographic operations.
  • device 700 may be a commercially available mobile device such as a smartphone with optical camera componentry and one or more software applications for decoding images of barcodes captured by the camera componentry.
  • Device 700 may further comprise one or more micro processors 710 of varying core configurations and clock frequencies; one or more flash drives 720 of varying physical dimensions and storage capacities; one or more random access memory (RAM) modules 730 of varying clock frequencies and memory bandwidth; one or more wireless transceivers 740; and one or more peripheral connections or interfaces 750.
  • Device 700 may communicate with other devices via cellular wireless access, such as using Code Division Multiple Access (“CDMA”), via wireless Ethernet protocols, or via a serial wire interface such as USB, etc.
  • CDMA Code Division Multiple Access
  • USB serial wire interface
  • FIG. 8 is a flow diagram illustrating an exemplary method of reading
  • reading device 700 optically reads a barcode 910.
  • barcode 910 is an authentic barcode generated in a manner consistent with this invention.
  • device 700 may include functionality or logic for reading multiple types of barcodes and, for each type of barcode, determining whether the barcode is an authentic barcode before performing any of the below described authentication operations.
  • reading device 700 decodes barcode 910 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 920.
  • reading device 700 parses the barcode information to extract a message 940, digital signature 930, and public key certificate 950, which includes a public key 955.
  • reading device 700 verifies the authenticity of public key certificate 950.
  • reading device 700 may inspect public key certificate 950 for a "Subject” indicating the holder of the certificate or the "signer” of the digital signature; an "Issuer” indicating a trusted third party, such as a Certificate Authority, responsible for issuing certificates or digitally signing certificates; and a "Thumbprint” or “Fingerprint” representing a digital signature of the public key certificate itself (or a digest of the public key certificate) signed using the Issuer's private key.
  • Reading device 700 may verify the authenticity of public key certificate 940 by decrypting the "Thumbprint” using the Issuer's public key and confirming that the decrypted Thumbprint matches the public key certificate or digest of the public key certificate. Those skilled in the art will appreciate other methods of confirming the authenticity of public key certificate 950. Reading device 700 may also confirm that the "Subject" or “signer" of the public key certificate corresponds to the identity of an author or creator from whom the information encoded in the barcode is expected to have originated.
  • reading device 700 decrypts the digital signature 930 using the public key 955 to generate message data 970, for example, using a dedicated decryption software or hardware component 960.
  • message data 970 will represent either the barcode message 940 or a digest of that message.
  • step 860 device 700 compares decrypted message data 970 to the barcode message 940. If decrypted message data 970 represents a message digest, then device 700 may first independently create a digest of message 940 using the same algorithm used by the author of the barcode (operations not depicted). Device 700 may then compare decrypted message data 970 to its independently generated digest of message 940 to determine whether the strings are equivalent or match in a predefined manner. If decrypted message data 970 represents a copy of the message 940 itself, then device 700 may compare the decrypted message data 970 to message 940 to determine whether the strings are equivalent or match in a predefined manner. These operations may be performed, for example, using a dedicated comparison engine software or hardware component 980.
  • decrypted message data 970 matches barcode message 940 (step 860, yes)
  • device 700 may determine that the barcode message 940 was actually created or authored by the entity associated with public key certificate 950, since only the holder of the certificate should have had access to the private key to generate the digital signature 930 capable of decryption by the public key 955 associated with the certificate. If decrypted message data
  • device 700 may determine that barcode message 940 was not authored by the holder of public key certificate 950 or that barcode message 940 was altered on barcode 910 subsequent to the creation of digital signature 930
  • device 700 may generate a verification result 990 indicating whether it was able to authenticate barcode
  • step 910 may take appropriate subsequent action, such as indicating that the barcode was successfully authenticated (step 870) or alerting a user that the barcode was not successfully authenticated (step 880).
  • FIG. 10 is a flow diagram illustrating an exemplary method of reading and locally authenticating an authentic barcode that includes an author identifier, according to operations depicted in FIG. 1 1 , consistent with certain disclosed embodiments.
  • reading device 700 optically reads a barcode 1 1 10.
  • reading device 700 decodes barcode 1 1 10 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 1 120.
  • reading device 700 parses the barcode information to extract a message 1 121, a digital signature 1 122, and an author identifier 1123.
  • barcode 1 1 10 may include only an author identifier 1 123 (e.g., for the purpose of reducing the amount of information stored in barcode 1 1 10).
  • Author identifier 1 123 may indicate the identity of an author or creator from whom the information encoded in the barcode is expected to have originated.
  • device 700 may request a copy of the author's public certificate 1 135 from another device or entity, such as a verification service provider 1 130. For example, device 700 may transmit a copy of the author identifier 1 123 to identify the public certificate that it is requesting. Although not depicted, device 700 may further verify the authenticity of the received public key certificate 1135 in a manner similar to the certificate verification operations described with respect to FIG. 8. For example, device 700 may confirm that the "Subject" or "signer" of public key certificate 1 135 corresponds to the author identifier
  • barcode 1 1 10 also does not encode any author identifier.
  • the identity of the author may be indicated by means external to the encoded barcode information, such as on a printed textual label in proximity to the barcode.
  • the present invention may be utilized in a circumstance in which the putative author of the barcode and the reader of the barcode have a preexisting relationship or defined set of operations such that the reader of barcode 1 1 10 would expect barcode 1 1 10 to have originated from a specific author, for which reader device 700 (or a device associated with reader device 700) already has author identity information 1 123 stored. Companies, for example, may choose to rely on such an assumed-authorship model to further free up capacity within the barcode to store additional information or to further reduce the granularity of the barcode.
  • step 1050 device 700 may extract the public key 1 136 included in the public key certificate 1 135. Thereafter, in steps 1060, 1070, 1080, and 1090, device 700 may perform operations similar to those of steps 840, 850, 860, and 870 depicted in Fig. 8. That is, device 700 may determine the authenticity of barcode 1 1 10 by determining whether decrypted message data 1 125 matches barcode message data 1 121.
  • FIG. 12 is a flow diagram illustrating an exemplary method of reading and remotely authenticating an authentic barcode that includes an author identifier, according to operations depicted in FIG. 13, consistent with certain disclosed embodiments.
  • reading device 700 optically reads a barcode 1310.
  • reading device 700 decodes barcode 1310 to translate the graphical patterns of the physical barcode into the information encoded within the barcode according to the standards of the relevant barcode type, for example using a dedicated barcode decoding software or hardware component 1320.
  • reading device 700 parses the barcode information to extract a message 1330, a digital signature 1340, and an author identifier 1350.
  • device 700 may rely on a verification service to perform all necessary verification operations with respect to message 1330 and digital signature 1340.
  • step 1240 device 700 may send message 1330, digital signature 1340, and author identifier 1350 to verification service provider 1360.
  • device 700 may send these pieces of information to verification service provider 1360 either as art of one transmission or as part of multiple transmissions.
  • device 700 may transmit either message 1330 or a digest of message 1330 to verification service provider 1360, as appropriate.
  • verification service provider 1360 may access locally or request from another party, such as a Certificate Authority, the appropriate public key certificate 1361 associated with author identifier 1350. Thereafter, similar to the authentication operations performed by device 700, as depicted in FIGS. 8-12, verification service provider 1360 may decrypt digital signature 1340 using the public key 1362 included within the public key certificate 1361 associated with author identifier 1350 to derive decrypted message data 1364, for example, using a dedicated decrypting engine software or hardware component 1363.
  • Verification service provider 1360 may then compare decrypted message data 1364 to barcode message 1330 or to a digest of barcode message 1330 to determine whether the strings match according to a predefined pattern, for example, using a dedicated comparison engine software or hardware component 1365. Verification service provider 1360 may send the results of its comparison operations to device 700 (step 1250), and device 700 may interpret the results provided by verification service provider 1360 to determine a verification result 1370. For example, verification service provider 1360 may transmit data representative of a final conclusion as to whether the barcode message 1330 is authentic or not, or verification service provider 1360 may simply provide device 700 with the details of its comparison operations and allow device 700 to draw its own conclusion about the authenticity of barcode message 1330.
  • an authentic bar code may also include an indication of, or instructions for performing, a particular type of hashing or digest algorithm. The inclusion of this information may enable message digests, rather than full messages, to be digitally signed, by informing a reading device of which hashing or digest algorithm was used by the encoding device. Elliptical curve cryptography may also be used to create digital signatures to further reduce the amount of metadata needed to be encoded within an authentic bar code.
  • the invention may also be used to define a new "purpose" for a public certificate.
  • one extension to some public key certificate standards such as X.509, is the ability to specify various purposes for which the public key or public key certificate may used, such as "encryption,” “signature,” “signature and encryption,” or “signature and smartcard logon.”
  • a new purpose related to barcode authentication may be added to a public key certificate, consistent with disclosed embodiments, for specifying that a particular public key certificate may be dedicated solely to, or have as one of its purposes, the
  • users may limit the use of some public key certificates solely to barcode authentication, or barcode authentication along with a limited list of other valid purposes; or, users may prohibit certain public key certificates from being used for barcode authentication purposes.
  • FIG. 14 depicts an exemplary technique for affixing an authentic bar code to physical information for the purpose of authenticating that physical information, consistent with certain disclosed embodiments.
  • the present invention is not limited to situations in which a barcode alone is to be authenticated. Rather, the invention may also be put to very practical use in authenticating information external to the digitally signed bar code, such as physical information to which the barcode is affixed.
  • document 1400 may be embodied in a document 1400, such as a business letter or other correspondence having business or legal significance.
  • document 1400 may also include a barcode, such as QR Code 1410, which is depicted in enlarged form as QR Code 1500 in FIG. 15.
  • the recipient of document 1400 may scan QR Code 1410 (or 1500) using a scanning device, which device may display or provide to the recipient the information encoded within QR Code 1410, such as the information depicted in FIG. 16.
  • the information encoded in QR Code 1410 may comprise data in form of XML-delimited text 1600.
  • XML text 1600 may include a schema 1610 that indicates that the XML text is meant to describe the contents of an "authentic" barcode.
  • XML text 1600 may include a message section 1620 that the author of the QR Code attests as the text of the document to which the QR code has been affixed.
  • XML text 1600 may also include a signature section 1630 that includes a digital signature of the message 1620 that has been created using the author's private encryption key.
  • XML text 1600 may also include a certificate section 1640 that sets forth the data of a public key certificate that contains a public key corresponding to the private key that was used to create digital signature 1630.
  • the recipient of document 1400 may see that the message text 1620 of QR Code 1410 does not match the text of document 1400— here, because the account number 1421 and routing number 1422 of document 1400 do not match the account number 1621 and routing number
  • the recipient may determine that document 1400 is not authentic or has been tampered with. On the other hand, if the text of document 1400 and QR
  • a digitally signed barcode may be used as a security mechanism for checks, drafts, or other commercial paper.
  • a digitally signed QR Code 1710 (which is depicted in enlarged form in FIG. 18), may be affixed to a check 1700 to attest to the authenticity of the information presented on the check— here, that a particular account holder 1720 has issued a valid check to a particular recipient 1730 for a particular amount 1740.
  • QR Code 1710 may be decoded to reveal encoded textual information 1820 meant to correspond to the text of check 1700, to which it was affixed.
  • the information 1820 encoded in QR Code 1710 may comprise only a message 1821, a digital signature 1822, and an author identifier 1823. That is, an author identifier 1823 may be encoded in lieu of a full public key certificate, such that the recipient of the QR Code would be expected to retrieve the public key certificate corresponding to author identifier 1823 from a third-party, such as a Certificate Authority. Similar to the example of FIGS.
  • the recipient may decode QR Code 1710 and may determine that check 1700 is fraudulent since the information printed on check 1700 does not match the information 1820 of decoded QR Code 1710, or may determine authenticity or lack of authenticity based on matches or mismatches between message 1821 , digital signature 1822, and author identifier 1823.
  • a digitally signed barcode may be used as a security mechanism to ensure that physical information is authentic.
  • physical indicia may be created or affixed to an object to demonstrate that money has been paid, that various duties have been satisfied, or that an object has been authorized or issued by a given entity.
  • a classic example may be that of a postage stamp, which is meant to demonstrate that certain postage fees have been paid or that an item is entitled to shipment.
  • the physical indicia is capable of easy replication or creation by unauthorized parties, as is the case with postage stamps, there is the danger that affixed physical indicia may not be authentic.
  • the present invention may be utilized in situations such as these to ensure authenticity.
  • a digitally signed QR Code 1910 (which is depicted in enlarged form in FIG. 20), may be affixed to a stamp (or other physical item that only certain entities are authorized to create) to attest to the authenticity of the information presented on the stamp— here, that a certain amount of postage 1920 has been paid.
  • QR Code 1910 may be decoded to reveal encoded textual information 2020 meant to correspond to the text of stamp 1900, to which it was affixed.
  • the recipient such as the U.S. Postal Service, may decode QR Code 1910 and may determine that stamp 1900 is authentic since the information printed on stamp 1900 matches the information 2020 of decoded QR Code 1910, or may determine authenticity or lack of authenticity based on matches or mismatches between message 2021 , digital signature 2022, and author identifier 2023.
  • the present invention may be applied to any situation in which physical objects or phenomena in which machine-readable information has been encoded are converted to digital or electronic data by a scanning, listening, or other detection advice.
  • the present invention may be applied to information encoded within magnetic strips, audio signals, RFID signals, and other real-world "hardlinks.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention porte sur des procédés et sur des systèmes qui permettent de générer et d'authentifier des codes à barres à l'aide de signatures numériques, lesdits procédés consistant : à entrer des données graphiques représentant un motif de code à barres dans une mémoire ; à traduire les données graphiques en informations de code à barres selon une norme pour traduire un type particulier de motif de code à barres en informations de code à barres ; à extraire un message et une signature numérique des informations de code à barres ; à déterminer si le message est authentique ou non en déterminant si la signature numérique correspond ou non au message.
PCT/US2012/032964 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques WO2012142061A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP12721018.5A EP2697785A1 (fr) 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
IN1094/DEL/2011 2011-04-13
IN1094DE2011 2011-04-13
US13/118,680 US20120308003A1 (en) 2011-05-31 2011-05-31 Authentic barcodes using digital signatures
US13/118,680 2011-05-31

Publications (1)

Publication Number Publication Date
WO2012142061A1 true WO2012142061A1 (fr) 2012-10-18

Family

ID=47009660

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/032964 WO2012142061A1 (fr) 2011-04-13 2012-04-11 Codes à barres authentiques utilisant des signatures numériques

Country Status (2)

Country Link
EP (1) EP2697785A1 (fr)
WO (1) WO2012142061A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107341387A (zh) * 2016-04-28 2017-11-10 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法
CN109997177A (zh) * 2016-07-13 2019-07-09 博托索夫特科技有限公司 文档认证系统
EP3750101A4 (fr) * 2018-02-07 2021-10-06 Crypto Lynx Ltd Procédé, système et/ou dispositif de signature
WO2022101386A1 (fr) * 2020-11-13 2022-05-19 Detectsystem Lab A/S Évaluation d'authenticité de document
EP3384431B1 (fr) * 2015-12-02 2022-10-19 Microsoft Technology Licensing, LLC Copier-coller avec code balayable

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050203854A1 (en) * 2004-02-23 2005-09-15 Pitney Bowes Incorporated Method and system for using a camera cell phone in transactions
US7051206B1 (en) * 2000-11-07 2006-05-23 Unisys Corporation Self-authentication of value documents using digital signatures

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7051206B1 (en) * 2000-11-07 2006-05-23 Unisys Corporation Self-authentication of value documents using digital signatures
US20050203854A1 (en) * 2004-02-23 2005-09-15 Pitney Bowes Incorporated Method and system for using a camera cell phone in transactions

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3384431B1 (fr) * 2015-12-02 2022-10-19 Microsoft Technology Licensing, LLC Copier-coller avec code balayable
CN107341387A (zh) * 2016-04-28 2017-11-10 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法
CN107341387B (zh) * 2016-04-28 2022-11-18 Sk 普兰尼特有限公司 用于安全增强的电子图章系统及其控制方法
CN109997177A (zh) * 2016-07-13 2019-07-09 博托索夫特科技有限公司 文档认证系统
EP3750101A4 (fr) * 2018-02-07 2021-10-06 Crypto Lynx Ltd Procédé, système et/ou dispositif de signature
WO2022101386A1 (fr) * 2020-11-13 2022-05-19 Detectsystem Lab A/S Évaluation d'authenticité de document

Also Published As

Publication number Publication date
EP2697785A1 (fr) 2014-02-19

Similar Documents

Publication Publication Date Title
US20120308003A1 (en) Authentic barcodes using digital signatures
Hakak et al. Approaches for preserving content integrity of sensitive online Arabic content: A survey and research challenges
US8285991B2 (en) Electronically signing a document
US7178030B2 (en) Electronically signing a document
US7519825B2 (en) Electronic certification and authentication system
US20140254796A1 (en) Method and apparatus for generating and/or processing 2d barcode
CN106452756A (zh) 可离线验证安全二维码构造验证方法与装置
MX2013007923A (es) Sistema y metodo para la autenticacion de documentos de alto valor.
CN101281581A (zh) 一种检验纸制文档内容是否被篡改的方法
KR100991855B1 (ko) 전자 문서 발급 및 검증 시스템, 전자 문서 발급 방법 및전자 문서 검증 방법
WO2014154109A1 (fr) Procédé de génération, procédé de vérification pour une facture électronique ayant un code bidimensionnel (2d) anticontrefaçon et système pour ceux-ci
CN101377837A (zh) 电子支票二维码凭证的生成及验证方法
KR20120017044A (ko) 모바일 디바이스를 이용하는 개인 인증을 위한 시스템 및 방법
US20140245019A1 (en) Apparatus for generating privacy-protecting document authentication information and method of performing privacy-protecting document authentication using the same
CN104809490A (zh) 一种基于多维码的证卡防伪系统及其认证方法
EP2697785A1 (fr) Codes à barres authentiques utilisant des signatures numériques
US7548665B2 (en) Method, systems, and media for identifying whether a machine readable mark may contain sensitive data
CN106656511A (zh) 一种统一管理身份签注的方法及系统
WO2021005405A1 (fr) Procédé et système de génération et de validation de documents et porte-document utilisant un code-barres lisible par machine
CN104156645A (zh) 一种复印件验证系统及其应用方法
Yahya et al. A new academic certificate authentication using leading edge technology
KR101578550B1 (ko) 전용 뷰어 기반 전자증명서 생성 열람 시스템
JP4923388B2 (ja) 内容証明システム
Arief et al. Authentication of printed document using quick response (QR) code
CN109992984A (zh) 一种基于二维码的文件识别方法及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12721018

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012721018

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE