WO2013120511A1 - Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude - Google Patents

Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude Download PDF

Info

Publication number
WO2013120511A1
WO2013120511A1 PCT/EP2012/052452 EP2012052452W WO2013120511A1 WO 2013120511 A1 WO2013120511 A1 WO 2013120511A1 EP 2012052452 W EP2012052452 W EP 2012052452W WO 2013120511 A1 WO2013120511 A1 WO 2013120511A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
product
pdc
certificate
data
Prior art date
Application number
PCT/EP2012/052452
Other languages
English (en)
Inventor
Giancarlo Niccolai
Original Assignee
Nareos Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nareos Limited filed Critical Nareos Limited
Priority to PCT/EP2012/052452 priority Critical patent/WO2013120511A1/fr
Publication of WO2013120511A1 publication Critical patent/WO2013120511A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • the present invention relates to a system for providing additional information about an on sale product, in particular for preventing fraud practices.
  • the most important element composing the brand awareness structure is the recognizability of the product as being produced by a trusted manufacturer. Modern business practices put maximum emphasis into establishing the awareness in the audience about the characteristics of a certain product.
  • Prior art systems aim to provide the customers with a tangible, physical proof that the product they are evaluating or that they have bought has been produced by a certain, renown manufacturer.
  • Existing inventions can be mainly divided into two categories: one kind of invention aim to increase the difficulty that is required for a fraud business practitioner to copy a product in every detail, and then offer a visual help to the customers in discerning an original product from a copied on.
  • Various kinds of hologram print system, specially produced labels, and detail elements applied to the final products which require complex production processes are the most common solution adopted in the context of this kind of inventions.
  • the other kind of inventions use an identifier that can be associated with a product, a code that a customer can check to verify that the associated product was actually produced by the declared manufacturer.
  • Some inventions combine elements of both kinds; for instance, some known solutions apply a product identifier code on labels that have a complex and non easily reproducible printing process.
  • Imitations of original products may carry imitations of product ID codes, diverting the customers into checking the validity of a product on a facility controlled by the illegal product copy manufacturer. For instance, they may require to send the code via an SMS to a different phone number, or to contact a different site where to check their code.
  • Systems requiring an active cooperation of the final customers, and possibly of the sell point personnel, are plagued with the "laziness pitfall".
  • the sellers might be resistant to accepting practices that require some operations on their side (for instance, voiding a product manually or through a complex procedure), preferring to push the selling of products which do not require any extra activity on them, and the customers might just perceive the activity of manually entering a product code on a site, or sending it via SMS, as a useless burden.
  • Predated inventions are specifically aiming a single selling model, and are from hard to impossible to apply to selling contexts outside their boundaries. For instance, methods necessarily requiring the intervention of a seller are not applicable in on-line sales or when the sell happens in a supermarket or convenience store.
  • none of the art prior to this invention takes into consideration the necessity of unbranded products to certify their quality to unaware customers. They are all aiming to protect the value of established brands; they are useless if applied to products having a high quality value embedded into them but whose value is unknown to the customers. For instance, applying an hologram on a bottle of fine wine can indicate that the wine is produced by the manufacturer that declares having produced it, but it won't tell anything about the fact that the quality provided by that manufacturer is higher than what offered by a competitor not applying an hologram. Moreover, the manufacturer may apply some brand protection device on the bottle, but provide a totally made up and untrue explanation about the origins, history and quality of the product. As the certification device and the textual description and product envelope that is part of the entity to be certified are originally separate, the certification authority has not any control over the utilization of the certification device.
  • the invention hereby disclosed aims to address all the problems exposed thus far.
  • One purpose of the present invention is to render information about a product unmodifiable, in the sense that once the information is stored on a readable media, the stored information cannot be altered.
  • Another purpose of the present invention is to guarantee the originality of the products to the final customers by creating a direct link between them and the manufacturer, certifying both the identity of the manufacturer and providing extended and trusted information about the product contents and quality, and can be configured to be employed in very different sale contexts while aiming even the same production.
  • the system comprises a "cryptographically encrypted certificate" and a code ID is injected in a CODE, such as a bidimensional barcode, or any other mean that transports said first and second amount of digital data and that can be read through a low-cost device, such as a smartphone, a tablet computer or home computer.
  • a CODE such as a bidimensional barcode, or any other mean that transports said first and second amount of digital data and that can be read through a low-cost device, such as a smartphone, a tablet computer or home computer.
  • the CODE is readable-by-image and the low-cost device comprises a camera able to acquire such CODE.
  • the systems also comprises means for reading and elaborating such acquired CODE, working on such low-cost device, and a remote server collecting a fourth data (KEY).
  • Said means for elaborating such CODE are able to extract third data from such "cryptographically encrypted certificate", such as a HASH code and able to send said second and third data to the remote server.
  • the server comprises means for verifying the matching of such second and third data and, in positive case, to return said fourth data (KEY) correlated to said second data in order to decrypt said cryptographically encrypted certificate.
  • the means for reading and elaborating said first and second data are able to decrypt the cryptographically encrypted certificate thanks to said returned third data (KEY) and to reproduce on a display of said low-cost device the content of such certificate.
  • said remote server further comprises means for detecting the originality of said product through at least one heuristic and/or deterministic algorithm applied to said second and fourth data and means for sending a fifth data to the means for reading and elaborating such acquired CODE in order to show also such fifth information relating to the originality of the product.
  • the digital data included in the product certificate are encrypted, this ensures that the data cannot be arbitrarily altered. For instance, it is not possible to copy the data in the certificate, changing some critical data as the name of the manufacturer or the selling point where the good is headed to and then regenerate the certificate, as the key used to certify the validity of the data in the certificate wouldn't match anymore.
  • the key for decrypting the certificate is stored on a remote server towards witch the connection is managed by means of said means for reading and elaborating such acquired CODE.
  • each access to the remote server about one cryptographically encrypted certificate and a relative code ID are accounted to determine the originality of the product as disclosed below.
  • This prior the device is enabled to decrypt, on his side, the certificate and present it's content to the final user. Therefore, additional dynamic historic information about a certificate, it's usage, the users that accessed it and those who bought the item associated with that certificate may be recorded.
  • An embodiment of the present invention is meant to determine whether a certificate is correctly associated to an original item or if there is a suspicion about fraud application of a certificate to a non original product are integral part of the invention.
  • Another embodiment of the present invention is further directed to the management of the ownership of goods.
  • the present invention may be implemented by means of a communication architecture made of known elements and by means of an application freely downloadable and installable on a said low-cost device.
  • the elaborating means running on the low-cost device may comprise a software comprising one or more software modules to carry out the method herewith described.
  • Drawing 1 schematically illustrates an embodiment of a workflow according to the present invention, comprising optional steps
  • Drawing 2 schematically illustrates an embodiment of a workflow of including the steps of the decision algorithms for determining whether a product can be consider authentic or not; next following drawings illustrate some of the possible applications of the invention in terms of how it can be differently configured to cover different buying experiences;
  • Drawing 3 shows an application of the invention on grocery products and illustrate how customers might take benefit even from the simplest configuration of the invention
  • Drawing 4 shows how the invention can be configured to certify the uniqueness of a single product physical entity after or contextually to the buy
  • Drawing 5 shows the application of the invention to products that are at disposal of the customers for inspection and try, but need to be bought at a counter, as in the case of dress shops.
  • Drawing 6 show how the invention can be configured to accompany per-product guarantee certificates, which have also the role of defining a legitimate product owner.
  • Drawing 7 shows an example of configuration of a "Correspondence Table", that is, a mapping of electronically readable product Ids in a computer file format and corresponding printed electronic certificates.
  • Drawing 8 shows the process of declaring that a product related with a given product certificate has been bought through an "activation token”.
  • the invention relates to a method of accessing an encrypted digital product originality certificate on a support that is easily readable through simple and generic electronic devices that are now available on the large, while storing the cryptographic key on a server that must be accessed by applications willing to read the certificate, thus using the related key to decrypt it.
  • the disclosure covers also the kind of information that the server where the keys are stored and the client application on the reading and decrypting the certificate must exchange in order to determine the event of a fraud, with varying degrees of certainty. Due to the nature of the process, which requires that the cryptographic key is stored on a server, the underlying cryptography technology is neutral to the working process hereby disclosed.
  • asymmetric key cryptography algorithm which ensures greater cryptographic robustness of the encrypted data, given the same key and data size.
  • asymmetric cryptographic algorithms may be employed for the same purpose in case they are more easily implemented (for instance, in case the software supporting asymmetric cryptography is readily available to the final implementor).
  • a certificate is created and encrypted (101).
  • the encrypted form of the certificate once stored on a suitable media, such as an image file, a printed label, a RFID chip, etc. is called Physical Digital Certificate (PDC).
  • PDC Physical Digital Certificate
  • the certificate in clear is a digital document (or text file) 30 to 500 characters long, containing all the relevant data regarding the related product. Details about the structure of the certificate are described below in the paragraph named "Certificate contents and structure".
  • the limit of 500 characters is totally arbitrary and not directly related with intrinsic limits in the elaborating means in this disclosure; advancement in readily available mass technology might provide room for even much larger certificates that will fall under the same means hereby disclosed.
  • the PDC is associated to an unique ID is used to match the decrypting key that can open the certificate, the extra information that is related to the certificate (called "extra info") and the certificate itself (102).
  • extra info the extra information that is related to the certificate
  • One mandatory content of the extra data is the result of a hash function extracted from the PDC.
  • the manufacturer and the provider of the depicted system will negotiate some other extra data that can be useful during the production chain of the good to which the certificate relates. More details about the most commonly needed "extra info” are given in the paragraph "Extra Info Details”.
  • the PDC is then sent to the manufacturer (103), usually as a digital entity (an image file containing a 2D barcode), or already stored on a physical support depending on the agreement between goods manufacturer and system implementor. Contextually, the related key and extra info (104) are sent to a central elaboration system (105).
  • manufacturer usually as a digital entity (an image file containing a 2D barcode), or already stored on a physical support depending on the agreement between goods manufacturer and system implementor.
  • Contextually, the related key and extra info (104) are sent to a central elaboration system (105).
  • the goods manufacturer then applies the PDC to the product through its production systems (106).
  • the delivery system on which the manufacturer and the solution provider agreed upon should be set up so that a certain PDC can be checked and applied to a precise product during some parts of the manufacturer logistic chain where this comes useful. More details on the delivery of the PDC to the manufacturers are described on the "PDC Delivery Examples" paragraph.
  • the manufacturer can be provided with a special application that can ask for the key without the restrictions and the semantics that are enforced on the final customer applications.
  • the product complete with its own certificate is then sent to shops or sell points (107).
  • the product may be accompanied with a "clearing PDC", which is used to simplify the step of declaring that a product has been sold.
  • the clearing PDCs need not to be strictly related with a given product-bound PDC in advance, so they can be shipped separately by the manufacturer to the shops. The usage of clearing PDCs will be detailed below, in the paragraph named "Usage of PDC in hybrid sell point".
  • the PDC could now be exposed on the product for sale (109) or made available only after the customer has bought the product (110).
  • the PDC will be either given to the customer after he has bought the product by a seller (111), or he will be physically allowed to access the PDC only after having opened an open-only packaging structure.
  • the customer Whenever the customer is able to access the PDC, it will be able to read the certificate through an application made available on common devices provided with a camera apparatus, as smartphone, tablet PC, portable PC or desktop PC using a webcam (112).
  • the application is designed as a part of the system here disclosed, and is provided to the users through standard and well known application distribution means. Whenever necessary, the application is required to authenticate with the server and provide proof of being a legitimate part of the system via any of the well-known and publicly available computer application certification means.
  • An in-store check would require the customer to use a portable device, or eventually a simple non-portable device available for that purpose in the store, where a said application has been previously loaded.
  • the application would read the PDC unique ID and determine its hash key value, and send this information along with other relevant user and location information (113) to the central server (115).
  • the server will determine, if possible, the originality of the product by performing a set of heuristic or deterministic analysis on the data recorded for that given certificate ID.
  • the result of this elaboration, along with some extra info and the key needed to decrypt the PDC will be delivered to the application (114).
  • the application will decrypt the certificate, and if it's valid (116), the customer will then be able to read its contents, other product specific dynamic information and have a precise or approximate indication about the originality of the product associated with the certificate (117).
  • the product certificate may contain some minimal information about the manufacturer, the product and eventually the sell point where the product is to be sold so that the contained information is enough for a customer to determine the correspondence of the certificate with the product it is associated to.
  • the certificate should contain the name of the product and its physical aspects, such as packaging, weight and best before date in case of grocery products, or size and color in case of dresses and so on.
  • the information about the manufacturer should contain some contact information (phone hot-line, customer service e-mail etc.) so that the customers can directly contact the manufacturer in case they suspect a fraud, either based on the evidence they gather directly or on the evaluation that the server performs on the PDC status.
  • a customer directly contacting the manufacturer to investigate an issue concerning its products is an asset which, although in need to be managed, has a great value for marketing oriented companies.
  • the certificate in its encrypted form must be stored on simple digital-data carrier device to form the final PDC.
  • the amount of data that can be read back by commonly available devices depends on the current technology and, in case of well established optical storage systems as QR-code and DataMatrix, at the time this disclosure is written a safe size for even low-end 2D barcode is about 500 characters.
  • the encrypting process and and the adding of some small meta-information (as an unique ID) to the PDC will easily grow the size of a 500 character certificate to 512 bytes.
  • the technology advancements makes widely available devices able to read more data, the increase of capacity of a PDC would not invalidate this disclosure.
  • each field might separated from the other by a ASCII/UNICODE 10 (Line feed) character. All the fields can be prefixed by a one or two characters code which indicates the meaning of that field, followed by an ASCII/UNICODE 58 (':', colon) if the field is meant to be visible by the final buyer, and ASCII/UNICODE 59 (';', semicolon) if the field is meant to be hidden from the final customer and used just as support for manufacturer logistic chain. To spare some characters, some first fields of the certificate may have a fixed meaning depending on their position, and thus not require any naming prefix.
  • certificate structure with field names (the first three fields being at fixed position 1, 2 and 3 respectively).
  • PR Product ID (in internal naming convention or logistic ID).
  • An example certificate may look like the following:
  • G;1234567890123 PDC reading application may give special significance to the fields they know (and display them with particular display conventions and formatting).
  • the fact that the certificate is mostly clear text allows the reading application to display unknown fields (as xN in the above example) plainly presenting them as-is to the final customers, on a "generic unknown fields" display area.
  • Extra info are herewith indicated an open set of further information associated server-side with a unique PDC identification code, and thus, with the cryptographic key that can be used to access the original certificate, or sent by reading applications for further contextual elaboration server-side and discarded after their usage.
  • Each Extra info element is indicate by a symbolic name, for instance, it may get the form of a non-empty sequence of up to 16 Latin characters. Its contents are a text, which may have special significance and formatting known to some of the reading application, and the decision process.
  • the coordinates sent by a PDC reading application indicating the place where a PDC is being read could be stored as a sequence of ASCII characters, representing the numerical values of latitude, longitude and confidence interval, possibly separated by space characters (ASCII/Unicode 32).
  • each Extra info is determined by the way the applications and the decision process uses them. This causes a minor penalty in terms of processing power needed to interpret the information stored in the Extra info fields, but thanks to modern computing devices and software, this drawback is growingly less severe, and its deemed irrelevant when compared to the time needed to transfer the information on the network.
  • rc_ckp Y Free Read count at checkpoint Used to detect anomalies, it stores the read count of a PDC at a given time, or possibly a set of read counts at given time points.
  • type Y Free Indicates various information about the PDC, especially if its found on the packaging of the item related to the certificate or if it's handled to the buyers after the sale took place.
  • last_coord Y Coordinates Last coordinates where a read has been performed
  • coord_hist Y Coordinates History of the read coordinates, eventually transformed into a mean read point, a radius and a dispersion factor.
  • holder B Free Personal information of a customer declaring having bought the product.
  • pwd N Text Password of the owner of the reading application when required.
  • chg N Hash Challenge or login information regarding the owner of the reading application when required.
  • ep_site Y URL Internet URL, indicating a web site containing extended packaging information (e.g. promotional material related to the product).
  • ep_img Y Image An image or photo of the product.
  • ep_desc Y Text A textual description of the product to be displayed after a valid PDC has been read (eventually stored in a rich text format as HTML).
  • Extra info fields can be employed to store or communicate data which can be useful for certain commercial practices which can complement the activity of fraud protection; for instance, information about commercial promotions, counters to promote push advertisement campaign on shop owners, data to support discount policies and customer fidelization campaigns may be driven by specific Extra info that the system could support and that manufacturer-specific reading application could interpret.
  • the PDC are delivered as an electronic format that might be applied directly on a digital support (image files, binary data for RFID ROM- writing and so on), but they might be delivered also in physical form (printed labels, RFID chips).
  • Processes involving the PDC delivery can be divided into three categories.
  • Random application In case of mass production, the manufacturer may just want to apply a random PDC taken from a pool of PDC all encrypting same certificate, which stays valid for the whole production. This method can be applied both to electronic and physical delivery.
  • each label or RFID chip must expose a readable number or alphanumeric sequence corresponding to the manufacturer code; possibly, this code should also be represented in a machine-readable format, as a barcode or 2D barcode.
  • a correspondence table In case of hybrid delivery, as pre -printed labels on a digital document ready to be directly sent to a print device, a correspondence table must be prepared.
  • the correspondence table reports the manufacturer code for each item on the target printout, so that the manufacturer code for a given PDC printed on a certain page, row and column of the printout appears on the the same page, row and column of correspondence table.
  • the format of the table can be a common delimiter-separated-field text file, with the first field representing the page number, the second field representing the row number, and the other fields indicating the manufacturer ID corresponding to the PDC at that page, row and occupying the same position in the row. See drawing 7 for an example.
  • the manufacturer ID might be part of the Certificate, as an hidden or exposed field. In that case, the manufacturer must be provided with a signed application that can access the PDC key and read the certificate indicating to the server that it should not record the access to the PDC as it performs in case of an access performed by a customer.
  • the quality of the deduction that can be exerted highly depends on the extra info that is made available to the decision process by the PDC reading application and by the manufacturer. This elements depend on the kind of buying experience that the selling point structure and typology can provide, and in the choices and optional features that the manufacturer wants to activate in order to protect his business and enrich the buying experience of the customer.
  • the PDC unique ID is used to retrieve the associated extra info already stored on the central server together with the extra info provided by the PDC reading application (201).
  • the first decision step is checking whether the PDC has been either associated with a specific buyer identity or has been voided as a "sold" (202) if one of this two extra information are available, the remote application is immediately notified that the product has been sold to someone else (203). In case the buyer is testing the PDC validity at a shop or after buying the product, this outcome indicates that identical copies of a PDC had been applied on multiple products.
  • the PDC is not owned, then it is verified if some geographic information are provided in the request and/or already associated with the PDC (204). In the simple case where there aren't such data, then the count of times the PDC has been accessed is considered (205). If the certificate has been accessed multiple times, then there are two possibilities (206): either the PDC is freely accessible to multiple readers, in which case the checking proceeds, or it was accessible only to buyers through physical protection form access (for instance, by printing it inside a non reusable packaging). If this is the case, then the PDC was necessarily copied and then re-applied on unauthorized copies of the manufacture (217).
  • this data can be used to determine the originality of the PDC or the lawfulness of the positioning of the associated products.
  • some manufacturer are interested in ensuring that intermediate entities in the distribution chain respect contractual obligations to sell some items at some location; in those cases, a geographic information might be passed as an extra info to accompany the PDC key by the manufacturer, and can be used to certify the regularity of the activity of the distribution chain.
  • geographic information can be built and stored as extra info as a freely visible and readable PDC is being accessed by reading applications.
  • Discrepancies between declared selling location (if any), history of read location, and current read location can be used to determine the status of the item associated with the PDC, with various degrees of certainty (210). If the data is coherent, then the PDC can be considered valid and the route previously taken for checking acquisition rules can be followed (207). If it's not, then it's necessary to evaluate the relevance of the discrepancy (211). To exemplify some of the criteria that might be used to determine anomalies based on geographic information data, the following non- exhaustive list can be given:
  • Time and absolute distances are also relevant: if a PDC is read roughly at the same time in two different towns, or countries, this indicates a fraud. Contrarily, when a PDC is read in a reasonable place and time distance from previous reads (e.g. within the same town or city area and within few minutes), the product might be considered "bought" (removed from the shop) and thus invalidated. Of course, subsequent reads would indicate this fact.
  • the discrepancy falls into a certain range (212)
  • the legitimate buyer has performed a "buyout read", as indicated in the drawing 5.
  • the decision process falls back to the acquisition or voiding choice (207). If not, then it's necessary to determine if the degree of confidence by which is possible to determine if the inconsistent read was actually indicating a fraud
  • anomalies in statistic distribution of read request in time can be used to determine potential frauds.
  • the embodiment of the invention herein disclosed is particularly suitable to protect mass market targeted products from sophistication or copying, as it can be applied on massive amount of PDCs with a minimal unit cost that can be exposed to the public in an unguarded selling environment (for example, a convenience store).
  • the time interval used to check for anomalies in PDC retrieval can be as short as a week, or even a single day if it's critical for the business at stake to have prompt warnings about possible ongoing frauds.
  • some of the indicators that can be employed to detect such anomalies are:
  • the parts of the PDC reading process dedicated to the operations of "acquisition” and “voiding”.
  • the same processes and methods comprising the transmission of PDC identifier, cryptographic key and Extra info are used also to transmit information about the ownership of the items associated with a given certificate, or the fact that a certain item has been sold, and so, is not available for sale anymore.
  • This information is both useful for the manufacturer, which has an immediate feedback about the status of sold products, and possibly also the personal data of the buyers, if they agree to share their data with the manufacturer, and to the buyers, which have then a very solid information about evident frauds.
  • the coupling of personal data with a PDC may be of direct interest for the buyers also for different reasons.
  • the ownership of a certificate can be relevant when the item is re-sold to a second-hand buyer, or in case of claiming back a stolen property.
  • Buyers may also find useful to communicate their identity to the manufacturer, for instance, in exchange for promotional material.
  • the acquisition of a PDC happens by sending the personal data of the buyer through an Extra info at PDC read time.
  • the buyer data might just be limited to the service account information, or it might be a full set of personal data, compiled and sent contextually to the read, if the reading application isn't requiring a certified login to operate.
  • PDC PDC that are visible to casual potential customers cannot be acquired immediately, otherwise they might be made useless by customers misbehaving and declaring to have bought the item associated with the PDC when this isn't actually happened. For those PDC, it is necessary to provide a proof that the buying has actually took place. Conversely, PDC that are either physically protected by access to customers prior the actual selling takes place can be directly acquired by just invoking this function on the reading application.
  • the seller (801) provides the buyer with a coupon congaing a special PDC, called "acquisition token" (802).
  • acquisition token a special PDC
  • the server system records the activity on the PDC (803).
  • the reader application verifies that the data stored in the PDC is not a standard product certificate, but an acquisition token and then prepare itself to read a second token that must be acquired.
  • the reader application sends the owner personal information together with the unique PDC ID of the acquisition token in the Extra info. If this ID matches that of the previously read PDC, then the acquisition token is invalidated and the PDC containing the item certificate is associate to the product owner, which is notified about the fact of being the legitimate owner (805).
  • the acquisition token may contain information about the PDC that it is able to acquire; for instance, each token may be limited to acquire PDC holding product certificates generated by a single producer, or they may even be enabled exclusively for a certain product indicated in the target certificates.
  • Another mean to assign an owner to a PDC can be applied when geographic information have been recorded for it. In that case, to acquire a PDC it might be sufficient to use a device providing high-resolution geographic data, and
  • Voiding a PDC means to declare that a PDC is not longer associate with an item for sale, usually because the item has been bought.
  • the operation can be performed by a reader application that can be provided to the sellers, providing a special signature as they perform a voiding read.
  • Some PDC that are associated with durable or high value products could be subject to ownership transfers when the product is sold to a second-hand buyer. Through the act of ownership transfer, the buyer is reassured about the authenticity of the product and the legitimacy of the seller, and the manufacturer is notified about the status of the secondary market of the manufactured products.
  • One mean of ownership transfer may happen typically through the following steps:
  • the legitimate owner shows that he or she is the owner of the item by using his or her own reading application, which will certify the ownership status.
  • the legitimate owner requires the reader application to disengage his or her ownership, by sending the PDC ID and a specially signed Extra info to the server.
  • the second hand buyer checks the freed PDC. If it's considered valid and free for acquisition, the product can be considered original and rightfully owned by the seller.
  • This example covers the scenario of grocery products left unattended for the customers to pick them up and check a publicly accessible certificate in total autonomy.
  • the low unit price of each product and the high selling volume calls for a simple and immediate employ of the certificate.
  • the certificate is rendered in clear text (303).
  • statistic data about customer behavior is already collected, and unless the PDC is grossly counterfeit, a valid certificate will be displayed.
  • the data about the product for instance, best before date), it's detailed description and eventually an image of it (304) will help the customers in determining the originality of the product.
  • the Extra info might contain also a link to a web site (305) where the product may be shown in greater detail.
  • the aim of the invention depicted in this disclosure is that of protect and improve the value of a brand against business frauds, the ability to reach the customers with relevant information about the history, contents, structure, and usage of a product are as important as preventing the brand image from being targeted by low-quality imitations.
  • This example covers the scenario of both high value grocery products and low value shop products, having a PDC physically not accessible before the good has been bought (for instance, because it is necessary to break a seal, or open a packaging to access it).
  • the customer After buying the product (401), the customer is able to access the PDC inside a breakable seal or a open-once packaging (402). If the system confirms that the PDC has never been read, it indicates that the product is original (403); the contents of the clear text certificate and eventually even external web sites (404) can be shown to enrich the buying experience of the customer.
  • a certificate can be copied, but it can't be altered nor produced anew (405). In that case, if another customer accesses a copied certificate (406) the system will immediately detect that the certificate was already accessed (407), which is obviously incompatible with the uniqueness of the access to the sealed PDC, thus exposing a fraud.
  • a product left unattended with a publicly readable certificate (501) can be read multiple times (502), but all those reads shall be performed from the same location. As long as reads have Extra data containing geographic location compatible with the known previous position of the good, the product can be considered original (503). As in the other cases, the product certificate and other on-line resources (504) can be displayed contextually. In case the product is accessed from an unknown location, it is not possible to issue any warning, but the customer will be advised about the fact that it's not possible to determine the originality of the product unless he explicitly declares the location, or uses a device able to provide more precise geographic information. Notice that most of the times the simple IP Network Address of a computing device provides a reasonable approximation in regional or national contexts, which might be adequate to unveil the most evident frauds by itself.
  • the PDC could be declared voided or could be assigned to the buyer (505), as described in the paragraph "Assigning and voiding means". Trying to access a PDC that was already considered associated to a sold item would cause the same highly visible warnings as indicated in the previous paragraph.
  • High unit value products are characterized for a peculiar selling model and for the need to be properly associated with a legitimate owner. As items falling in this category have an high unit price, they are exclusively let in the access of the user under the supervision of the seller. The selling process is usually complex and long, and it might even require documents and contracts being signed.
  • the PDC may be applied on a document usually transferred contextually with the ownership of the item (601), as guarantee certificates, contracts, use manuals etc. Also, the owner is usually willing or required to declare its identity and associate it to the acquired item. In case the product is original, the certificate will show its characteristics and the reader application will declare that the PDC is currently free for acquisition. The buyer will then be allowed to actually declare its acquisition of the PDC, and of the item it relates to, after the selling is complete.
  • This invention can be implemented advantageously in a computer program comprising program code means for performing one or more steps of such method, when such program is run on a computer.
  • the patent shall also cover such computer program and the computer-readable medium that comprises a recorded message, such computer-readable medium comprising the program code means for performing one or more steps of such method, when such program is run on a computer.

Abstract

Système comprenant un « certificat chiffré par cryptographie » et un code ID injectés dans un CODE, tel qu'un code à barres bidimensionnel, ou tout autre moyen transportant lesdites première et deuxième quantités de données numériques et pouvant être lu par un dispositif à faible coût. Le dispositif à faible coût comprend une caméra capable de détecter un tel CODE. Le système comporte également des moyens permettant de lire et de créer un tel CODE acquis, en s'appuyant sur un tel dispositif à bas coût, et un serveur à distance collectant une quatrième quantité de données (CLÉ). Le dispositif à faible coût est capable d'extraire une troisième quantité de données d'un tel « certificat chiffré par cryptographie », telle qu'un code de hachage, et d'envoyer lesdites deuxième et troisième quantités de données vers le serveur à distance. Le serveur comprend des moyens permettant de vérifier la correspondance de ces deuxième et troisième quantités de données et, en cas de résultat positif, de renvoyer la quatrième quantité de données (CLÉ) mise en corrélation avec la deuxième quantité de données afin de décrypter le certificat chiffré par cryptographie.
PCT/EP2012/052452 2012-02-14 2012-02-14 Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude WO2013120511A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/052452 WO2013120511A1 (fr) 2012-02-14 2012-02-14 Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/052452 WO2013120511A1 (fr) 2012-02-14 2012-02-14 Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude

Publications (1)

Publication Number Publication Date
WO2013120511A1 true WO2013120511A1 (fr) 2013-08-22

Family

ID=45952456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/052452 WO2013120511A1 (fr) 2012-02-14 2012-02-14 Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude

Country Status (1)

Country Link
WO (1) WO2013120511A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT201600124072A1 (it) * 2016-12-07 2018-06-07 Guido Pes Metodo ed sistema per l’identificazione della provenienza dei prodotti.
US10158495B2 (en) 2016-08-30 2018-12-18 Microsoft Technology Licensing, Llc Remote hardware device conversion
EP3936988A1 (fr) * 2014-07-28 2022-01-12 Between The Flags (aust) Pty Ltd Dispositif de calcul, système, procédé, programme informatique et signal de données conçu pour faciliter l'affichage d'informations

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070022294A1 (en) * 2005-07-25 2007-01-25 Silverbrook Research Pty Ltd Method of authenticating an object
US20070228166A1 (en) * 2006-04-04 2007-10-04 Ho Chung Lui System for detecting couterfeiting products using camera

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070022294A1 (en) * 2005-07-25 2007-01-25 Silverbrook Research Pty Ltd Method of authenticating an object
US20070228166A1 (en) * 2006-04-04 2007-10-04 Ho Chung Lui System for detecting couterfeiting products using camera

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CHAVES L W F ET AL: "Industrial Privacy in RFID-based Batch Recalls", ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS, 2008 12TH, IEEE, PISCATAWAY, NJ, USA, 16 September 2008 (2008-09-16), pages 192 - 198, XP031742144, ISBN: 978-0-7695-3720-7 *
CHIU C TAN ET AL: "A Robust and Secure RFID-Based Pedigree System (Short Paper)", INFORMATION AND COMMUNICATIONS SECURITY LECTURE NOTES IN COMPUTER SCIENCE;;LNCS, SPRINGER, BERLIN, DE, vol. 4307, 1 January 2006 (2006-01-01), pages 21 - 29, XP019051576, ISBN: 978-3-540-49496-6 *
KWOK S K ET AL: "Design and development of a mobile EPC-RFID-based self-validation system (MESS) for product authentication", COMPUTERS IN INDUSTRY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 61, no. 7, 1 September 2010 (2010-09-01), pages 624 - 635, XP027147243, ISSN: 0166-3615, [retrieved on 20100302] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3936988A1 (fr) * 2014-07-28 2022-01-12 Between The Flags (aust) Pty Ltd Dispositif de calcul, système, procédé, programme informatique et signal de données conçu pour faciliter l'affichage d'informations
US10158495B2 (en) 2016-08-30 2018-12-18 Microsoft Technology Licensing, Llc Remote hardware device conversion
IT201600124072A1 (it) * 2016-12-07 2018-06-07 Guido Pes Metodo ed sistema per l’identificazione della provenienza dei prodotti.

Similar Documents

Publication Publication Date Title
US10412071B2 (en) Secure transaction systems and methods
US10387695B2 (en) Authenticating and managing item ownership and authenticity
US10152720B2 (en) Authentication tags and systems for golf clubs
JP6189454B2 (ja) 無認可製品検出技法
CN109598540B (zh) 一种广告精准推送方法及广告精准推送系统
US8413885B2 (en) Internet community based counterfeit and grey market combating method
US8421593B2 (en) Apparatus, systems and methods for authentication of objects having multiple components
CN105096134A (zh) 用于验证数字实体及聚合对象来源的安全方案的系统及方法
US20070205258A1 (en) System and Method of Product Information Coding and Authentication
EP2453398A1 (fr) Système d'authentification de produit
US20170193525A1 (en) System and Method for Detecting Counterfeit Products
WO2015160505A1 (fr) Système et procédé d'authentification d'un produit
CA2891654A1 (fr) Mecanisme d'authentification d'elements
CN108604261B (zh) 用于防止未经授权产品在在线站点上销售的方法和系统
KR102058159B1 (ko) 정품인증코드를 이용한 물품거래 이력 관리방법 및 프로그램
US20160314474A1 (en) Geo-analytic system and method for authentication of goods
US11810179B2 (en) Method for tracking products using distributed, shared registration bases and random numbers generated by quantum processes
KR20070020680A (ko) 제품인증 방법 및 그 장치
US20110211727A1 (en) Authentication of "SOURCE" for brands
WO2013120511A1 (fr) Système permettant de fournir des informations supplémentaires sur un produit à la vente, en particulier pour prévenir les pratiques de fraude
KR20220167089A (ko) 인공지능을 활용한 온라인 위조상품 모니터링 방법
EP2894596A1 (fr) Procédé et système pour indiquer l'authenticité d'un produit
RU79201U1 (ru) Система обнаружения утерянных предметов (варианты)
GB2567186A (en) A method and system for authenticating a product
WO2005119535A1 (fr) Processus et systeme d'authentification de produit autonome

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12713611

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 12/12/2014)

122 Ep: pct application non-entry in european phase

Ref document number: 12713611

Country of ref document: EP

Kind code of ref document: A1