WO2014091252A1 - Perfectionnements se rapportant à l'authentification d'identifiant - Google Patents

Perfectionnements se rapportant à l'authentification d'identifiant Download PDF

Info

Publication number
WO2014091252A1
WO2014091252A1 PCT/GB2013/053307 GB2013053307W WO2014091252A1 WO 2014091252 A1 WO2014091252 A1 WO 2014091252A1 GB 2013053307 W GB2013053307 W GB 2013053307W WO 2014091252 A1 WO2014091252 A1 WO 2014091252A1
Authority
WO
WIPO (PCT)
Prior art keywords
information item
label
pattern element
code
data
Prior art date
Application number
PCT/GB2013/053307
Other languages
English (en)
Inventor
Ralph Mahmoud Omar
Original Assignee
Omarco Network Solutions Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omarco Network Solutions Limited filed Critical Omarco Network Solutions Limited
Priority to CN201380065675.8A priority Critical patent/CN104903903A/zh
Publication of WO2014091252A1 publication Critical patent/WO2014091252A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention concerns improvements relating to identifier authentication, for example to systems, apparatus and methods for authenticating a product or service identifier such as a barcode or a two-dimensional quick response code (QR code).
  • the invention also relates to composite information items arranged to enable identifier authentication and to elements of such composite elements.
  • QR codes Two-dimensional barcodes
  • QR codes and other two-dimensional codes provide can provide a large amount of information in a highly compact form that is readily extracted and processed by smartphones to provide an internet address for the browser of the phone for example which explains why they have become so widespread in recent years.
  • QR and other codes can be developed to hijack the normal processing behaviour of a smartphone and take the user, via the smart phone browser, to a malicious website to elicit information or even funds from the user or his/her smartphone memory.
  • malicious QR codes can be placed as stickers over legitimate codes or printed on scam advertisements, or even provided in phishing emails or webpages. Since it is impossible to tell whether a code is legitimate just by looking at it, there is nothing to stop a user from capturing an image of the code - by which time it may be impossible to prevent the attack.
  • a basic prior art strategy is to use a malicious QR code 1 to deliver a link (website address) to a user device 2 that directs the user device browser to a malicious webpage 3.
  • the webpage 3 can be designed to masquerade as a legitimate advertiser and to phish information such as social networking or mobile banking login details or credit card details from the user device memory.
  • phishing webpages include a form with instructions for signing up for a service or purchasing goods which trick the user into entering sensitive data.
  • Various forms of social engineering, including spearphishing which targets specific groups of individuals, can be used to launch small and large-scale attacks on personal and financial data.
  • malicious QR codes are arranged to pharm a user device browser to a malicious webpage arranged to install malware onto the user device.
  • Attack vectors could vary from browser-based vectors such as Cross-Site-Scripting (XSS) to specific buffer- overflow and command injection.
  • XSS Cross-Site-Scripting
  • Another strategy for taking funds from a user is to instruct the user device 2 to repeatedly send SMS messages to a premium (charging Short code) number thereby defrauding the user of funds. So far, attempts to address the problem of malicious information items have had limited success.
  • Software is available for smartphones for displaying a webpage safety rating or a webpage preview to a user and requesting user approval before proceeding, but this does not prevent the user from visiting a malicious webpage.
  • Antivirus software is available and can prevent some virus attacks but there is always a time delay between the latest viruses and availability of antidotes provided by the latest antivirus software.
  • the present invention seeks to address some or all of the above issues.
  • a portable telecommunications device for authenticating an information item such that the information item can be used in a subsequent process by the telecommunication device.
  • the device comprises an image capture module for capturing an image of a composite information item which comprises an encoded pattern element representing data including a unique pattern element identifier, a label element having a verifiable relationship with label data encoded in the pattern element, and an encrypted extraction key element.
  • the device also has a decoding module for obtaining the unique pattern element identifier from the captured image and sending the same to a keyholder server.
  • the device also has a processing module arranged to receive a decryption key from the keyholder server associated with the unique pattern element identifier, to decrypt the extraction key element using the received key, and to use the decrypted extraction key element to extract the label data such that the label data can be compared with the label element to verify the relationship between them and thereby the information item can be authenticated.
  • the first aspect of the invention may also be expressed as a method of authenticating an information item such that the information item can be used in a subsequent process by a telecommunication device.
  • the method comprises capturing an image of a composite information item which comprises an encoded pattern element representing data including a unique pattern element identifier, a label element having a verifiable relationship with label data encoded in the pattern element, and an encrypted extraction key element.
  • the method comprises obtaining the unique pattern element identifier from the captured image, sending the unique pattern element identifier to a keyholder server, and receiving a decryption key from the keyholder server associated with the unique pattern element identifier.
  • the method includes decrypting the extraction key element using the received key, and using the decrypted extraction key element to extract the label data such that the label data can be compared with the label element to verify the relationship between them and thereby the information item can be authenticated.
  • the first aspect of the invention may also be expressed as an authenticable composite information item for use in providing a process in a telecommunication device.
  • the item comprises an encoded pattern element representing data for instructing the execution of the process on the device, in which the data includes a unique pattern element identifier.
  • the item also comprises a label element having a verifiable relationship with label data encoded in the pattern element, and an encrypted extraction key element for use, when decrypted, in extracting the encoded label data from the pattern element.
  • the first aspect of the invention may also be expressed as a method of generating an information item capable of QR code authentication.
  • the method comprises the step of providing (i) a label, (ii) a barcode having a readable barcode ID and comprising data having a verifiable relationship with the label, and (iii) a local key for verifying the relationship between the label and the data of the barcode.
  • the method also comprises the steps of encrypting the local key and providing an external key for decrypting the encrypted local key; storing the external key in a database, the external key being retrievable by searching on the basis of the QR code ID; and providing the label, the QR code and the encrypted local key as the information item.
  • an information item comprising a pattern representing a code.
  • the pattern comprises a plurality of lines, each line incorporating at least one interruption, in which the position of each interruption encodes information.
  • an information item comprising a pattern representing a code.
  • the pattern comprises a plurality of masks each based on a fixed standard mask.
  • Each mask is either identical to the standard mask or varying from the standard mask in at least one of a set of predetermined ways.
  • the variations from the standard mask enable information to be encoded in the pattern.
  • a method of authenticating a product for sale at a retailer comprises capturing an image of a security feature associated with packaging of the product; transmitting a request for at least one product parameter associated with the product, the request including data extracted from the captured image of the security feature; receiving a product parameter associated with the product; and checking that the received product parameter conforms with the circumstances of the product, sale or offer for sale.
  • a method of authenticating a product arranged for multiple use and incorporating a unique security feature comprises logging each use of the product by capturing an image of the security feature; analysing a record of logged uses of the product to establish whether the pattern of use falls within a normal range; and authenticating the product if the pattern of use falls within the normal range.
  • Figure 1 is a block diagram showing elements of a prior art system vulnerable to an attack by a malicious QR code
  • Figure 2 is a block diagram showing a system for authenticating a QR code according to an embodiment of the present invention
  • Figure 3 is a schematic diagram showing further features of a composite information item shown in Figure 2;
  • Figure 4 is a block diagram showing further features of a user device of Figure 2;
  • FIG. 5 is a block diagram showing further features of a keyholder of Figure 2;
  • Figure 6 is a flow chart showing a method of generating an information item capable of QR code authentication used according to an embodiment of the present invention
  • Figure 7 is a flow chart showing a method of authenticating a QR code according to another embodiment of the present invention.
  • Figure 8 is a flow chart showing a method of enabling a user to authenticate a QR code according to another embodiment of the present invention.
  • Figure 9 is a schematic diagram showing an information item provided as broken concentric squares according to another embodiment of the present invention.
  • Figure 10 is a schematic diagram showing an information item provided as broken radii according to another embodiment of the present invention
  • Figure 11 is a schematic diagram showing an information item provided as an array of flags according to another embodiment of the present invention.
  • Figure 12 is a schematic diagram showing an information item provided as adapted centring points of a QR code according to another embodiment of the present invention.
  • Figure 13 is a schematic diagram showing a composite information item according to a further embodiment of the invention, the composite information item being provided as a pattern including a corner symbol for indicating an orientation of the pattern;
  • Figure 14 is a block diagram showing a system for verifying the authenticity of a keyholder used for authenticating a QR code in accordance with an embodiment of the invention
  • Figure 15 is a flow chart showing a method of using the system of Figure 14 to verify the authenticity of a keyholder according to the embodiment referred to above in relation to
  • Figure 16 is a block diagram showing how an attempt by a fraudster to replicate the system of Figure 14 will not succeed;
  • Figure 17 is a block diagram showing a system for enabling a customer to check whether a product for sale is authentic according to an embodiment of the invention
  • Figure 18 is a flow chart showing a method of using the system of Figure 17 to enable a customer to check whether a product for sale is authentic according to the embodiment referred to above in relation to Figure 17;
  • Figure 19 is a block diagram showing a system for checking the authenticity of a multiple-use product such as a banknote according to an embodiment of the invention.
  • Figure 20 is a flow chart showing a method of using the system of Figure 19 to enable the authenticity of a multiple-use product such as a banknote to be checked according to the embodiment referred to above in relation to Figure 19.
  • the system includes a composite information item 21 , a user device 22 arranged to capture an image of the information item 21 and to access the Internet using browsing functionality (an Internet browser) running on the user device 22, and a keyholder 23 accessible via the
  • the keyholder 23 may in the present embodiment be a server providing a keyholder service to requesting user devices 22.
  • the user device 22 may be a smartphone or any other mobile computer device with an image capture capability for capturing an image of two- dimensional identifier and processing the captured image to extract processable information - or the device may be connected to a separate image capture device providing such functionality.
  • the user device 22 is arranged to capture an information item comprising a QR code (typically using a camera of the device) and has processing capabilities and application software for analysing (extracting) the data provided in such an identifier.
  • the user device 22 also has processing functionality specifically arranged for decoding the information provided by the various other features of the information item 21 - which will be described further below.
  • the information item 21 contains encoded instructions (including a website address) for a web browser of the user device 22 to follow a link to a website of interest. However, in the present embodiment, this link cannot be accessed until the information item 21 has been successfully authenticated by the user device 22.
  • Authentication involves capturing an image of the information item 21 and extracting data encoded in it, transmitting a message to the keyholder 23 over the Internet using some of the decoded information, receiving a reply from the keyholder 23 and using the reply message to carry out an authentication procedure on the image of the information item 21 . If the authenticity of the information item 21 has been successfully verified, the browser of the user device 22 is permitted to follow the link to the target website. If the authenticity of the information item 21 cannot be verified, the browser of the user device 22 is prevented from following the link.
  • the information item 21 of the present embodiment includes a label (label element) 31 , a QR code (or pattern element) 32 and an encrypted local extraction key (or extraction key element) 33.
  • the label 31 is a plain alphanumeric word, phrase or similar descriptor that a user can easily understand and associate with the company or organisation to whom the information item 21 is purported to belong - so the alphanumeric word 31 could include a company name, website or other contact details - or it can for example be date information relating to a date of manufacture, recommended sale or consumption date, publication, issuing or other relevant date that the user can check and ensure it conforms with their expectations.
  • the plain alphanumeric label 31 can be provided as a reference number - for example on a product or on packaging - or as a serial number on a banknote or other value document.
  • the function of the label 31 is to provide an element of plain (un-encoded) text that an end user can easily read and check that it conforms to their expectations of what the QR code 32 is being used for or from whom the identifier is being provided.
  • the information item 21 includes a QR code 32.
  • the QR code 32 includes various standard elements within it, such as QR code centring points 34 and encoded data represents a link to the target website of the company or manufacturer or other organisation using it.
  • the QR code 32 includes a label portion 31 a of data representing an encoded version of the label 31 . This portion of data is used in the authentication procedure: if the portion of encoded data 31 a can be decoded, and checked against the label 31 to ensure they are the same, the authenticity of the information item 21 can be verified to the user.
  • the label portion 31 a of the QR code 32 which represents the label 31 is not discernible from the other information provided within the QR code 32 as all data in the QR code 32 is encoded.
  • QR code ID QR code Identifier
  • An encrypted local extraction key 33 is provided with the information item 21 . This requires unlocking before it can be used, but once it is decrypted the resulting local extraction key can be used directly to decode the label portion 31 a of the encoded data in the QR code 32, thereby enabling the user to make a comparison with the un-encoded label 31 .
  • the user device 22 recognises the various elements, performs various processing steps to obtain an externally stored key in order to decrypt the encrypted local extraction key 33, and then directly uses the result to verify the relationship (in this case that they are identical) between the decrypted label portion 31 a and the label 31 itself. If the relationship between the decrypted label portion 31 a and the label 31 can be verified, the information item 21 can be successfully authenticated to the user.
  • the encoded local extraction key 33 is provided in an alphanumeric form.
  • a user device 22 is shown in Figure 4.
  • Functional components of the user device 22 include an image capture module (image sensor) 41 arranged to capture an image of the information item 21 and to provide this image for processing, a processor 42 with a range of processing modules providing various
  • the processor 42 comprises an image processing module 44 for analysing a captured image and extracting codes and other information from that image.
  • a key request module 45 is also provided for generating a request message for obtaining an externally stored key.
  • the key request module 45 cooperates with a communication module 46 for sending and receiving messages via the Internet.
  • an authentication module 47 is provided for performing various processing steps related to the authentication process.
  • the image processing module 44 is arranged to provide information extracted from a captured image to the key request module 45 in order to generate an external key request appropriate for that particular information item 21 .
  • the image processing module 44 is arranged to extract the QR code ID 35 from the captured image, and this ID is then incorporated into the request message.
  • the key request module 45 cooperates with the communication module 46 so that request messages generated by the key request module 45 can be transmitted by the communication module 46.
  • the communication module 46 is also in communication with the authentication module 47 so that any received messages which are relevant to the authentication process can be passed to the authentication module 47 for processing.
  • One of the processing tasks carried out by the authentication module is to receive and use this to decrypt the encrypted local authentication key 33 to create a decrypted local extraction key 33a which is stored in the local data store 48. Transmitting and receiving of messages by the communication module 46 can be carried out in different ways available to the user device. However, the present embodiment makes use of the browser 43 for communication, either directly or via a suitable application (app) stored on the user device 22.
  • the keyholder 23 comprises a keyserver 51 having a communications module 52 and a searching module 53, and a database 54 which stores external keys 55.
  • the communications module 52 is arranged to receive request messages via the Internet, from the user device 22, each request message including a QR code ID 35.
  • the communication module 52 is arranged to pass the QR code ID 35 of a received request message to the searching module 53, which then searches the database 54 to retrieve an external key 55 associated with the QR code ID 35.
  • the retrieved external key 55 is then included in a reply message and sent by the communications module 52, via the internet, to the requesting user device 22.
  • the keyholder 23 thus provides a centralised, searchable database 54 of external keys 55 that enables authentication of a captured QR code 32 with the appropriate ID 35.
  • a method 60 of verifying the authenticity of the information item 21 in accordance with another embodiment of the present invention is now described with reference to Figure 6. This method is also used to authenticate the information item 21 of the previously described embodiment.
  • Figure 6 shows the steps carried out by the user device 22 in the authentication process.
  • the user device 22 captures an image of the information item 21 and carries out various processing steps in order to authenticate the QR code 32 of the information item 21 before the main instructions of the QR code 32, such as instructing a browser of a user device to follow a link to a target website, is implemented.
  • the user device 22 captures, in Step 61 , an image of the information item 21 which comprises the label 31 , the QR code 32 and the encrypted local extraction key 33.
  • Data provided in the QR code 32 has a verifiable relationship with the label 31 , and the objective of the processing steps of the method 60 is to verify that relationship.
  • the relationship provided is that the data in the QR code 32 (namely the label portion 31 a), once decrypted, should be identical to the label 31 .
  • the user device 22 analyses the captured image and recognises and reads the three different elements (label 31 , QR code 32, and encrypted local extraction key 33).
  • the user device 22 tries to establish that the three elements belong together.
  • the user device 22 extracts at Step 62, the QR code ID 35 from the QR code 32 and transmits, at Step 63, the QR code ID 35 to the keyserver 51 , in the form of a request message, to obtain the required external key 55.
  • a reply message delivering the corresponding external key 55 is then received, at Step 64, and the user device uses this external key 55 to decrypt, at Step 65, the encrypted local extraction key 33 and create the decrypted local extraction key 33a.
  • the user device 22 has the tools to verify the relationship between the data in the QR code 32 and the label 31 .
  • the decrypted local extraction key 33a is used to decrypt the encrypted label portion stored in the QR code 32, and the decrypted data is then compared to the label 31 . If the decrypted data and the label
  • the keyholder 23 first receives, at Step 71 , from the user device 22 a request message comprising the QR code ID. An external key 55 corresponding to that QR code ID must then be found. The keyholder 23 therefore conducts a search on the database 54 and retrieves, at Step 72, the external key 55 associated with the QR code ID.
  • the keyholder 23 then transmits, at Step 73, this external key 55 to the user device 22 which requested it, thereby providing to the user device 22 the ability to verify the relationship between the encrypted label portion in the QR code 32 and the unencrypted label 31 , and enabling the user device 22 to authenticate the QR code 32.
  • the keyholder 23 can store a large number of external keys 55 and always transmits a respective external key 55 retrieved from the database 54 to the specific user device 22 that requested it.
  • a method 80 of generating an information item 21 capable of QR code authentication commences with providing at Step 81 , a plaintext label 31 (such as a company name, offer-ends date or reference number) which an end-user can easily read and check that it conforms to their expectations of what the QR code
  • the label 31 is also encrypted at step 83 and then encoded so as to be incorporated into a QR code 32 as the label portion of the QR code. Accordingly, the encrypted label portion has a verifiable relationship with the user-readable label 31 of the information item 21 .
  • the result the decrypted label portion
  • the decrypted label portion will be identical (in this embodiment) to the user-readable label 31 .
  • the QR code 32 is also arranged to include the QR code ID which can be read by the user device from its captured image without the need for any external decryption key.
  • the local extraction key 33a is also provided for decrypting the encrypted label portion so that it can be compared with the label 31 for verification purposes.
  • the encrypted local extraction key 33 forms part of the information item 21 while the external key 55 is saved at Step 83 in the centralised key database 54 until it is requested by a requesting user device 22. Finally, the label 31 , the QR code 32 and the encrypted local extraction key 33 are formed, at Step 84, into an image which provides these discrete elements together as a composite information item 21 .
  • Each information item 91 , 101 , 1 1 1 , 121 comprises a two-dimensional pattern having various features that can be used to represent information including instructions and directions for an interpreting program on a user device to user to carry out some procedure (typically directing a browser to a specific website for additional information)
  • the pattern provides an information item 91 , 101 , 1 1 1 , 121 in its own right, and can for example be used as an encrypted local extraction key 33 in combination with a QR code 32 and a label 31 to form a composite information item 21 as described in the previous embodiments.
  • an information item 91 is provided as a series of thin line concentric squares.
  • Information is encoded in the concentric square pattern by including a line break 92 in each square at a specific location - the relative dimensions of the lines and the locations of the gaps encodes information in a simple readily reproducible manner. This relative positioning (with respect to the ends of the lines) and size and number of the gaps provide this information and therefore the pattern which results effectively provides an encrypted code.
  • the concentric squares can be positioned immediately around the QR code 32 in order to make efficient use of space and to avoid excessively extending the footprint of the QR code 32.
  • an additional, thicker unbroken line is provided around the concentric squares in order to define an edge. This facilitates better image capture and helps to distinguish the information item 91 from other edges (for example a product) on which the information item may be provided.
  • a compact information item 101 is provided as a series of radii having white line breaks 102 in locations that are used to encode information.
  • an information item 1 1 1 is provided as a set of standard masks 1 12, which repeat at regular intervals around the circumference of a circle. Some of the repetitions are an exact reproduction 1 12 of a fixed standard, while others 1 13 provide variations. There are fixed ways in which the standard mask 1 12 can be varied, and every deviation from the standard represents encrypted information which can be readily determined once the key, namely the schema used to create each mask is known.
  • the array of masks provides an information code that can be decrypted to form an alphanumeric or other decrypted code.
  • the standard mask 1 12 is a flag with a blue background and a white cross. Possible deviations from this standard flag include changing the colour of one or more of the corners, and filling in the cross with a colour. Other approaches could also be used - instead of flags with a cross, triangles incorporating a letter or other symbol could be used. Again, changes in colour, position or other aspects made from a predefined set of possible changes are used to encode information. In each case the schema used to create the information item is used as the decoding key (external key 55).
  • each of the three centring points of a QR code 32 is used to accommodate a standard mask 122.
  • Relative and geometric deviations 123 from the standard mask represent information which can be interpreted by a processor from a captured image of the QR code.
  • This embodiment can be used with a label 31 to form a composite information item 21 in which the information item 121 advantageously provides an encrypted local extraction key 33 that does not extend the QR code footprint.
  • the standard mask can include shapes and patterns with a predetermined set of associated deviations. Alternatively, in other embodiments, the deviation could simply be provided by choice of a plain colour for the centring point. In other related embodiments - a colour reference number (such as a pantone number) can also be provided to ensure correct colour transmission to the image sensor. In this case, deviations could be changes in colour.
  • the information items 91 , 101 , 1 1 1 , 121 can be used either alone or in combination with each other.
  • a QR code could be surrounded by concentric squares as well as having colour providing information in its centring points. Standard and variation masks could be provided in the buffering zones of a QR code.
  • Standard masks that include lines can also include line breaks to represent information.
  • the information encoded by the information item 91 , 101 , 1 1 1 , 121 can be used as a checksum against another code - such as code in alphanumeric form, QR code, one dimensional barcode or other information code.
  • a suitable encoded pattern 130 for use with the present invention has a corner symbol 132 indicating a correct orientation of the pattern 130.
  • the corner symbol 132 comprises an arrow and a capital 'N' in a similar manner to a traditional north pointer of a compass.
  • the corner symbol 132 thereby provides directional information that can assist a scanner in orienting a sensed image of the pattern 130 in order to facilitate efficient extraction of the information encoded by the pattern 130.
  • Variations of this approach are envisaged that use alternative corner symbols 132 having a directional component.
  • a happy face symbol ' ⁇ ' may be used because a vector from the centre of the mouth through the centre of the eyes provides directional information.
  • an authentic composite information item 140 is scannable by a user device 142 such as a mobile phone.
  • a user device 142 such as a mobile phone.
  • the terms 'scanable', 'scan', and 'scanning' as used throughout this description are intended to be broadly construed as electronic reading of the information item and they are intended to cover image capture as is carried out by a camera as well as conventional linear scanning techniques such as carried out by a barcode scanner.
  • the user device 142 is connected to the Internet 144 and may access an authentic keyholder 146 as has been described in previous embodiments.
  • the authentic composite information item 140 of the present embodiment has the same features as the composite information item 21 described above, namely a label, a QR code including a label portion and a QR code ID, and an encrypted local key.
  • the authentic keyholder website 146 holds a database 148 of authentic keys for decrypting the encrypted local key and has sanctioned software 150 the function of which will be described below.
  • a mobile phone service provider 152 which provides a cellular network service to the user device 142 includes a database 154 of privileged (personal) data such as full names, dates of birth and postcodes relating to the users (i.e. customers) of the cellular network.
  • the privileged data relates to the pay-as-you-go card: for example, when and/or where the card was purchased, how much credit remains on the card, and so on.
  • This relationship of trust arrangement is to provide a check that the keyholder is in fact authentic. This provides an extra layer of security because an elaborate fraudster could try to provide a malicious composite information item together with a malicious keyholder holding keys that match the malicious composite information item and take the user device to a malicious website.
  • the arrangement achieves this extra level of security by providing the authentic keyholder 146 with special access to privileged data relating to the user which can then be displayed to the user to prove that the keyholder is authentic. Only the authentic keyholder 146 has this special access. This special access is provided by way of the sanctioned software 150 which enables the authentic keyholder to select (or be provided with) privileged data relating to the user from the mobile phone service provider 152.
  • the provision of this privileged data proves the authenticity of the keyholder to the user.
  • the mobile phone service provider 152 provides the authentic keyholder 146 with the sanctioned software 150 for this purpose as a result of the relationship of trust 156 between those parties. There is no such relationship of trust between the mobile phone service provider and a malicious keyholder, so by displaying privileged data to the user it can be proven to the user that the keyholder is authentic.
  • the user device 142 scans at step 160 the authentic composite information item 140.
  • the user device 142 requests (browses to) at step 162 a website of the authentic keyholder 146 which then responds by requesting at step 164 phone ID (phone identifier - such as a IMSI of the mobile phone) from the user device 142.
  • the user device provides this phone ID by transmitting it at step 166 to the keyholder website.
  • the authentic keyholder 146 can then use the phone ID to gain special access to privileged data relating to the user.
  • the authentic keyholder 146 requests at step 168 the privileged data from the mobile phone service provider 152 using the Phone ID to identify the specific user account at the mobile phone service provider 152.
  • the mobile phone service provider 152 recognises the request for privileged data as having been constructed using the sanctioned software 150, and consequently as originating with the authentic keyholder which is a trusted party.
  • the mobile phone service provider 152 uses the phone ID to look up the privileged (personal) data of the user and transmits at step 170 the requested privileged data to the authentic keyholder 146.
  • the authentic keyholder 146 transmits at step 172 a personalised message containing the requested privileged data, such as the user's date of birth, to the user device 142.
  • the authentic keyholder 146 has a proven relationship of trust 156 with the mobile phone service provider 152, and accordingly the user inputs at step 174 a user- confirmation that the user device may follow further instructions from the composite information item.
  • these further instructions relate to obtaining a key from the authentic keyholder 146 for decrypting the encrypted local key of the authentic composite information item 140 such that the user's device can then brose to an authenticated (non- malicious) website.
  • the user device 142 scans a malicious composite information item 180 associated with a malicious keyholder 182 created by a fraudster, the lack of authenticity of the composite information item 180 and keyholder 182 can be detected.
  • the arrangement of Figure 14 can be used not only to demonstrate the legitimacy of the keyholder to the user, but also to demonstrate the legitimacy of the user to a party such as a merchant. This can be useful, for example, in know-your-customer (KYC) checks.
  • KYC know-your-customer
  • the user must enter requested personal data in response to a security challenge and the accuracy of the entered data is checked by the authentic keyholder 146 by referring to privileged data obtained from the mobile phone service provider 152.
  • Security challenges may, for example, involve requesting the user's postcode, or asking the user to verify which of several statements presented to the user relating to their privileged (personal) data are correct.
  • FIG. 17 A system for providing a check as to whether a product is authentic is shown in Figure 17.
  • the system enables a customer to access details relating to the product, and if these details match the product or the circumstances in which the product is being offered for sale, this gives the customer confidence that the product is authentic. If some of the details do not seem correct, this acts as a warning that the product may be counterfeit or may not be being sold legitimately.
  • Product details for checking against the product or circumstances may include various parameters such as the geographic location (e.g. country) in which the product is to be sold, the retailer through which the product is to be sold, a use-by date of the product, a manufactured date of the product, a name of the product, a batch number of the product, and so on. For example, if a customer in the UK can establish that a product should have been sold France, this warns the customer that the product may not be on sale legitimately.
  • the name of the product stops counterfeiters using the same authentic composite information item 140 for different products and the batch number can be something which can be confirmed by accessing an on-line database of legitimate batch numbers.
  • the customer can use the packaging to gain access to a use-by date, sell-by date, best-before date, or similar, but since this will be the date associated with the original authentic product it may be out of date which provides a warning. Similarly, a manufacturing date may be far longer than that expected for this type of product which would also provide a warning,
  • a QR code 192 (as an embodiment of an authentic composite information item 140) is provided on packaging of an authentic product.
  • the QR code 192 could be provided on the packets of an over-the-counter drug for treating headaches.
  • Other QR codes could be used on the packaging of other pharmaceutical products.
  • the authentic headache drugs are packaged and distributed to legitimate retailers.
  • a user device 142 such as a mobile phone is capable of scanning the QR code 192 and has a connection to the Internet 144 for communicating with a single-use product validation processor 194.
  • the single-use product validation processor 194 is arranged to process validation requests from the user device 142 and to interrogate a product parameter database 196 storing a directory 198 of QR codes and associated product information or product parameters.
  • a method of using the system of Figure 17 will now be described in relation to Figure 18.
  • a customer finds a product he wishes to check, he presents the QR code 192 on the packaging of the product to his user device 142 for scanning.
  • the user device 142 scans at step 200 the QR code 192 and, following instructions in the QR code, sends at step 202 a validation request to the single-use product validation processor 194.
  • the validation request includes a copy of the QR code or at least a portion of extracted code identifying the QR code.
  • the single-use product validation processor 194 retrieves at step 204 from the product parameter database 196 the product parameters corresponding to the scanned QR code 192.
  • the product parameters are extracted by searching for the QR code 192 in the directory 198 and looking up the corresponding parameters.
  • the single-use product validation processor 194 generates a response message including the retrieved product parameters and sends this to the user device 142 which receives it at step 206. Finally, the user device 142 displays at step 208 the product parameters to the customer, thereby enabling the customer to check that the displayed parameters match their expectations.
  • the user device 142 automatically detects information such as the country or retailer the customer is in (using location) and today's date, and inputs these to a process of comparison with the retrieved product parameters to check automatically whether an alert notification should be displayed to the customer.
  • the information automatically detected by the user device 142 may be included in the validation request and transmitted for a comparison process performed by the single-use product validation processor 194.
  • the QR code 192 is scanned by a scanner of the retailer and the retrieved product parameters are displayed for customer inspection on a monitor associated with the retailer such as a monitor of the point-of-sale terminal.
  • the retrieved product parameters could be displayed to the customer on their receipt, in which case the customer would have to check them after having bought the product but if the parameters do not conform to the customer's expectations the issue can be raised with the retailer and the product can be returned.
  • a system for checking the authenticity of a multiple-use product is shown in Figure 19.
  • a banknote is an example of a multiple-use product for which the checking of authenticity is of interest because banknotes can be used validly on multiple successive occasions and they are value document susceptible to fraudulent copying.
  • every banknote is unique so individual banknotes in circulation can be traced.
  • a picture of normal use can be built up for banknotes of different values to work out normal ranges of frequency and geographical spread of use. Using these normal ranges as a reference, fake banknotes can be detected because they are typically generated by copying a single banknote many times, for example one thousand copies may be made. This will lead to an outlier with far greater frequency and graphical spread of use than expected owing to the extra copies. This abnormal use pattern can be used to detect counterfeit multiple-use products.
  • each is provided with a QR code 210 as part of its security features as shown in Figure 19.
  • This QR code 210 can be scanned to log the use of the banknote at a particular time and place.
  • a picture of the use of that banknote can be built up and analysed to check whether it is within the normal ranges expected for an authentic banknote that has not been fraudulently copied. From the time when a banknote is first traced, the picture of its use builds up and it will either fall within the normal range or indicate excessive use as a result of copying. Going forward, a banknote falling within the normal use range may move into the excessive use region if fraudulent copies are released into circulation for the first time.
  • the system of Figure 19 includes a user device 142 such as a mobile phone for scanning the QR code 210 of a banknote.
  • the user device 142 is connected to the Internet 144 for transmitting a message to a multiple-use product validation processor 212 for logging the use of the banknote.
  • the instance of use is stored in a product history of use database 214 and the picture of use is analysed by an analysis module 126 of the multiple-use product validation processor 212.
  • the banknote is presented to the user device 142 which scans at step 220 the QR code 210 of the banknote.
  • the user device 142 sends at step 222 a validation request to the multiple-use produce validation processor 212 via the Internet 144.
  • the validation request includes data identifying the QR code 210 such as a copy of the QR code, an indication of the timing of the use of the banknote such as the date of use, and an indication of the location of use such as an indication of the point-of-sale terminal used or the city or town where used or global positioning satellite (GPS) location data.
  • GPS global positioning satellite
  • the data contained in the validation request is received by the multiple-use validation processor 212 which logs it at step 224 in the product history of use database 214.
  • This logging step updates a record of use (not shown) stored in the product history of use database 214 so that the analysis module 126 can determine at step 226, based on the up-to- date record, whether a risk threshold has been met - i.e. whether the pattern of use of the banknote is outside the normal range. If the risk threshold has been met, the multiple-use product validation processor 212 transmits at step 228 an alert message to the user device 142. If the risk threshold has not been met, the use pattern is in the normal range and the multiple-use product validation processor 212 transmits at step 230 a validation message to the user device 142.
  • the system may additionally or alternatively be arranged to detect specific instances in which a banknote is used simultaneously in different locations, thereby indicating that a fraudulent copy is in circulation.
  • the user device is provided as a mobile phone, perhaps of a customer, but in alternatives it could be a retailer device capable of scanning a QR code such as a device associated with a point-of-sale terminal.
  • the retailer device could be arranged for scanning a banknote when it has been presented by a customer so that the retailer can check the banknote is authentic before proceeding to accept it for a transaction.
  • the retailer device could be arranged for processing high volumes of banknotes at the end of a day of business for efficiently logging the use of the banknotes taken that day.
  • QR code in infra-red ink. This means that a forger has to forge both the serial number and the hidden QR code.
  • the hidden QR code would direct the scanner to a predetermined website where the website can validate that the scanner is a real scanner and can record the serial number (which can be embedded within the QR code for example).
  • colour shifting inks on the banknote.
  • irradiation of the banknote with light of a first wavelength produces a response from the colour-shifted ink which is at a wavelength expected by the scanner and at which the scanner (image capture device) captures an image of the QR code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif de télécommunications portable destiné à authentifier un élément d'information de sorte que l'élément d'information puisse être utilisé dans un processus subséquent par le dispositif de télécommunications. Le dispositif comprend un module de capture d'image destiné à capturer une image d'un élément composite d'information qui comprend un élément de motif codé représentant des données comprenant un identifiant d'élément de motif unique, un élément d'étiquette ayant une relation vérifiable avec les données d'étiquette codées dans l'élément de motif, et un élément de clé d'extraction chiffrée. Le dispositif comprend également un module de décodage destiné à obtenir l'identifiant d'élément de motif unique à partir de l'image capturée et à l'envoyer à un serveur détenteur de clés. Le dispositif comprend également un module de traitement conçu pour recevoir une clé de déchiffrement provenant du serveur détenteur de clés associée à l'identifiant d'élément de motif unique, pour déchiffrer l'élément de clé d'extraction à l'aide de la clé reçue, et pour utiliser l'élément de clé d'extraction déchiffré afin d'extraire les données d'étiquette de manière que les données d'étiquette puissent être comparées à l'élément d'étiquette afin de vérifier leur relation mutuelle et permettre d'authentifier l'élément d'information.
PCT/GB2013/053307 2012-12-14 2013-12-16 Perfectionnements se rapportant à l'authentification d'identifiant WO2014091252A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201380065675.8A CN104903903A (zh) 2012-12-14 2013-12-16 与标识符鉴权相关的改进

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB201222638A GB201222638D0 (en) 2012-12-14 2012-12-14 Improvements relating to identifier authentication
GB1222638.7 2012-12-14

Publications (1)

Publication Number Publication Date
WO2014091252A1 true WO2014091252A1 (fr) 2014-06-19

Family

ID=47630788

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2013/053307 WO2014091252A1 (fr) 2012-12-14 2013-12-16 Perfectionnements se rapportant à l'authentification d'identifiant

Country Status (3)

Country Link
CN (1) CN104903903A (fr)
GB (1) GB201222638D0 (fr)
WO (1) WO2014091252A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160072626A1 (en) * 2014-09-09 2016-03-10 Microsoft Corporation Cryptographically-verifiable attestation label
EP3309992A4 (fr) * 2015-07-28 2018-07-04 Fujian Landi Commercial Equipment Co., Ltd Procédé et système de chiffrement et de déchiffrement de masque de code bidimensionnel
WO2019229554A1 (fr) * 2018-05-29 2019-12-05 International Business Machines Corporation Authentification de produit conditionnés
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
WO2023001381A1 (fr) * 2021-07-23 2023-01-26 Moonify Sas Procédé et dispositif d'accès à une ressource de la toile
CN116226893A (zh) * 2023-05-09 2023-06-06 北京明苑风华文化传媒有限公司 一种基于物联网客户营销信息管理系统
EP3994007A4 (fr) * 2019-07-05 2023-11-22 Ballet Global Inc. Vérification d'inviolabilité d'un article de fabrication

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7029398B2 (ja) * 2015-09-28 2022-03-03 エイヴェリー デニソン リテール インフォメーション サービシズ リミテッド ライアビリティ カンパニー フォレンジック暗号化方法及びシステム
JP7387596B2 (ja) * 2017-07-20 2023-11-28 ラーバ アイディー プロプライアタリー リミティド 安全タグ
CN113642342A (zh) * 2020-04-27 2021-11-12 阿里巴巴集团控股有限公司 一种信息查询方法和装置、以及一种实体对象
CN113065313B (zh) * 2021-03-11 2023-07-14 交通运输部公路科学研究所 基于车路协同的数字化交通标志的编码方法、装置及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132194A1 (en) * 2003-12-12 2005-06-16 Ward Jean R. Protection of identification documents using open cryptography
WO2006116029A2 (fr) * 2005-04-21 2006-11-02 Pareskevakos, Theodore, G. Systeme et procede de validation intelligente d'une monnaie
JP2007188430A (ja) * 2006-01-16 2007-07-26 Nippon Telegr & Teleph Corp <Ntt> 具体的対象保証型バーコードシステムおよび具体的対象保証型バーコード処理方法
US20070278316A1 (en) * 2005-04-25 2007-12-06 Gregory Hovis Concentric-ring circular bar code
US20090210345A1 (en) * 2001-11-19 2009-08-20 Damien Mandy Method for editing a ticket of limited duration, system therefore and resulting ticket

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950370A (zh) * 2010-09-14 2011-01-19 厦门阳光无线网络科技有限公司 组合式二维码的编制方法
CN102571714B (zh) * 2010-12-27 2014-09-17 北京慧眼智行科技有限公司 防伪验证方法和防伪验证服务器

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090210345A1 (en) * 2001-11-19 2009-08-20 Damien Mandy Method for editing a ticket of limited duration, system therefore and resulting ticket
US20050132194A1 (en) * 2003-12-12 2005-06-16 Ward Jean R. Protection of identification documents using open cryptography
WO2006116029A2 (fr) * 2005-04-21 2006-11-02 Pareskevakos, Theodore, G. Systeme et procede de validation intelligente d'une monnaie
US20070278316A1 (en) * 2005-04-25 2007-12-06 Gregory Hovis Concentric-ring circular bar code
JP2007188430A (ja) * 2006-01-16 2007-07-26 Nippon Telegr & Teleph Corp <Ntt> 具体的対象保証型バーコードシステムおよび具体的対象保証型バーコード処理方法

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160072626A1 (en) * 2014-09-09 2016-03-10 Microsoft Corporation Cryptographically-verifiable attestation label
WO2016040199A1 (fr) * 2014-09-09 2016-03-17 Microsoft Technology Licensing, Llc Étiquette d'attestation vérifiable par cryptographie
US9628270B2 (en) 2014-09-09 2017-04-18 Microsoft Technology Licensing, Llc Cryptographically-verifiable attestation label
EP3309992A4 (fr) * 2015-07-28 2018-07-04 Fujian Landi Commercial Equipment Co., Ltd Procédé et système de chiffrement et de déchiffrement de masque de code bidimensionnel
US10659220B2 (en) * 2015-07-28 2020-05-19 Fujian Landi Commercial Equipment Co., Ltd. Method and system for encrypting and decrypting two-dimensional code mask
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
GB2589760A (en) * 2018-05-29 2021-06-09 Ibm Authentication of packaged products
WO2019229554A1 (fr) * 2018-05-29 2019-12-05 International Business Machines Corporation Authentification de produit conditionnés
DE112019001531B4 (de) 2018-05-29 2022-03-24 International Business Machines Corporation Verfahren zum Herstellen eines authentifizierten verpackten Produkts und System zum Überprüfen der Echtheit eines verpackten Produkts
GB2589760B (en) * 2018-05-29 2022-06-22 Ibm Authentication of packaged products
EP3994007A4 (fr) * 2019-07-05 2023-11-22 Ballet Global Inc. Vérification d'inviolabilité d'un article de fabrication
WO2023001381A1 (fr) * 2021-07-23 2023-01-26 Moonify Sas Procédé et dispositif d'accès à une ressource de la toile
CN116226893A (zh) * 2023-05-09 2023-06-06 北京明苑风华文化传媒有限公司 一种基于物联网客户营销信息管理系统

Also Published As

Publication number Publication date
CN104903903A (zh) 2015-09-09
GB201222638D0 (en) 2013-01-30

Similar Documents

Publication Publication Date Title
WO2014091252A1 (fr) Perfectionnements se rapportant à l&#39;authentification d&#39;identifiant
Focardi et al. Usable security for QR code
US10019530B2 (en) ID tag authentication system and method
US8500015B2 (en) Method and system for deterring product counterfeiting, diversion and piracy
EP1969880B1 (fr) Systeme et procede pour l&#39;authentification multifacteur dynamique
US9213930B2 (en) Secure barcodes
US20160323108A1 (en) Accessing Content by Processing Secure Optical Codes
US20160323107A1 (en) Secure Optical Codes for Accessing Content
CN101601222A (zh) 在线数据加密和解密
CN111919215A (zh) 包装的产品的认证
CN104854597B (zh) 认证服务器、认证系统以及认证方法
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
WO2015154482A1 (fr) Système de traçage propre à décourager la contrefaçon de certificat unique basé sur un terminal mobile et une identification par radiofréquence (rfid)
KR102256922B1 (ko) 조회 이력 통지에 의하여 인증 기능이 강화된 문서 인증 방법 및 문서 인증 시스템
CN101027630A (zh) 在线数据加密与解密
Geethanjali et al. Smart contract document authentication for digital clothing design specification based on blockchain and QR code
Wahsheh Secure and usable QR codes
WO2014053172A1 (fr) Procédé et système conçus pour authentifier avec certitude des entités
Li et al. LWSQR: lightweight secure QR code
Lembke Reducing Cybersecurity Vulnerabilities Through the Use of 12N QR Codes
Husny et al. Encrypted QR code system
US20240211709A1 (en) Method and device for accessing a web resource
Zhang et al. Enhancing QR Code Security
Teraura et al. Preventing the access of fraudulent web sites by using a special two-dimensional code
Gulia Review on QR codes security mechanism in ECommerce application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13821902

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2013821902

Country of ref document: EP

122 Ep: pct application non-entry in european phase

Ref document number: 13821902

Country of ref document: EP

Kind code of ref document: A1