WO2014134827A1 - System and method for authentication - Google Patents

System and method for authentication Download PDF

Info

Publication number
WO2014134827A1
WO2014134827A1 PCT/CN2013/072362 CN2013072362W WO2014134827A1 WO 2014134827 A1 WO2014134827 A1 WO 2014134827A1 CN 2013072362 W CN2013072362 W CN 2013072362W WO 2014134827 A1 WO2014134827 A1 WO 2014134827A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
authentication
accordance
replacement
tag
Prior art date
Application number
PCT/CN2013/072362
Other languages
French (fr)
Inventor
Chi Hung Tong
Kwong CHU
Original Assignee
Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited filed Critical Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited
Priority to PCT/CN2013/072362 priority Critical patent/WO2014134827A1/en
Priority to TW103107867A priority patent/TW201503005A/en
Publication of WO2014134827A1 publication Critical patent/WO2014134827A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

A system and method for authentication comprising the steps of receiving a verification request for verifying an identifier associated with an authentication subject, verifying the identifier by locating a record associated with the identifier in an authentication database, and whereupon the identifier has been verified, generate a replacement identifier for updating the record in the authentication database.

Description

SYSTEM AND METHOD FOR AUTHENTICATION
TECHNICAL FIELD
The present invention relates to a system and method for authentication, and particularly, although not exclusively, to a system and method for authenticating a product or service.
BACKGROUND
Counterfeits, imitations and non authorized products or services continue to cause various problems in today' s economy, with imitations and counterfeits occurring in a large range of goods and services ranging from luxury goods to infant formula. This in turn has caused problems ranging from economy loss suffered by intellectual property owners to health scares resultant from counterfeits health products which uses dangerous or hazards ingredients in its manufacture.
Unfortunately, with imitators becoming more sophisticated in copying, imitating or faking a product or service, it would be desirable for consumers, retailers and law enforcement agencies to readily differentiate between an authentic product or service from those which are non-authentic. Attempts have been made by product manufactures to protect their products from being imitated through unique distinguishing features which would allow a consumer, retailer or law enforcement official to identify the authenticity of the product. Some examples of how this has been achieved is by the use of unique packaging such as watermarking or laser printed labels which are more difficult to imitate as the production of these labels require a more sophisticated set of equipment.
However, as the technologies involved in the manufacture of these labels become more widespread and popular, so too are the tools which are used to make these unique labels, and thus counterfeiters or imitators can also imitate these unique packing as part of the counterfeit production. This m turn has caused many of these unique labels to become less effective in being able to assist consumers to distinguish the authenticity of the products or services.
SUMMARY OF THE INVENTION
In accordance with a first aspect of the present invention, there is provided a method for authentication comprising the steps of: receiving a verification request for verifying an identifier associated with an authentication subject; verifying the identifier by locating a record associated with the identifier in an authentication database; and whereupon the identifier has been verified, generate a replacement identifier for updating the record in the authentication database.
In an embodiment of the first aspect, the method for authentication further comprises the step of updating the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.
In an embodiment of the first aspect, the record associated with the identifier is updated to be associated with the replacement identifier.
In an embodiment of the first aspect, the method for authentication further comprises the step of transmitting a verified signal when the identifier is verified.
In an embodiment of the first aspect, the step of generating the replacement identifier for updating the record associate with the identifier includes the step of processing the identifier with a security code module to generate the replacement identifier.
In an embodiment of the first aspect, the verification request is received from a reader module arranged to communicate the identifier from the associated authentication su ject . In an embodiment of the first aspect, the identifier is stored on a tag device arranged to tag the authentication subject .
In an embodiment of the first aspect, the method for authentication further comprises the step of updating the identifier stored on the tag device with the replacement identifier .
In an embodiment of the first aspect, the step of updating the identifier stored on the tag device with the replacement identifier includes transmitting the replacement identifier to the reader module.
In an embodiment of the first aspect, the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.
In an embodiment of the first aspect, the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier .
In an embodiment of the first aspect, the tag device includes a RFID arrangement.
In an embodiment of the first aspect, the identifier is encrypted .
In an embodiment of the first aspect, the authentication subject is a product. In an embodiment of the first aspect, the identifier is an alphanumeric string.
In an embodiment of the first aspect, the alphanumeric string is of a random length.
In an embodiment of the first aspect, the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.
In an embodiment of the first aspect, the code generating algorithm is arranged to generate random alphanumeric strings.
In accordance with a second aspect of the present invention, there is provided a system for authentication comprising the steps of: a gateway arranged to receive a verification request for verifying an identifier associated with an authentication subject; a verification module arranged to verify the identifier by locating a record associated with the identifier in an authentication database; and whereupon the identifier has been verified, using an identifier generator to generate a replacement identifier for updating the record in the authentication database.
In an embodiment of the second aspect, the system for authentication further comprises a routine to update the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.
In an embodiment of the second aspect, the record associated with the identifier is updated to be associated with the replacement identifier.
In an embodiment of the second aspect, the system for authentication further comprises a transmission module arranged to transmit a verified signal when the identifier is verified . In an embodiment of the second aspect, the identifier generator is arranged to use a security code module to process the identifier to generate the replacement identifier for updating the record associate with the identifier.
In an embodiment of the second aspect, the verification request is received from a reader module arranged to communicate the identifier from the associated authentication subject .
In an embodiment of the second aspect, the identifier is stored on a tag device arranged to tag the authentication subject .
In an embodiment of the second aspect, the identifier stored on the tag device is updated with the replacement identifier .
In an embodiment of the second aspect, the replacement identifier updated on the tag device is transmitted to the tag by the reader module.
In an embodiment of the second aspect, the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.
In an embodiment of the second aspect, the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier .
In an embodiment of the second aspect, the tag device includes a RFID arrangement.
In an embodiment of the second aspect, the identifier is encrypted . In an embodiment of the second aspect, the authentication subject is a product.
In an embodiment of the second aspect, the identifier is an alphanumeric string.
In an embodiment of the second aspect, the alphanumeric string is of a random length.
In an embodiment of the second aspect, the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.
In an embodiment the second aspect, the code generating algorithm arranged to generate random alphanumeric strings.
In accordance with a third aspect of the present invention, there is provided a tag for authenticating a product comprising a storage module arranged to store an identifier associated with the product, wherein when the identifier is accessed by a communication interface, the identifier is updated with a replacement identifier.
In an embodiment of the third aspect, the storage module is arranged to receive the replacement identifier from the communication interface to update the identifier stored in the storage module.
In an embodiment of the third aspect, the tag further comprises a security code module arranged to generate a replacement identifier.
In accordance with a fourth aspect of the present invention, there is provided a system for authenticating a product comprising the steps of: engaging a tag in accordance with any one embodiment of the third aspect; reading the tag to obtain an identifier; and transmitting the identifier to a system for authentication in accordance with any one embodiment of the second aspect for verification.
In an embodiment, the RFID arrangement is secured from unauthorized accessed.
In an embodiment, the RFID arrangement is accessed after a RFID password is authenticated.
In an embodiment, the reader module is secured from unauthorized accessed.
In an embodiment, the reader module is accessible after an access token is authenticated.
In an embodiment, the RFID arrangement includes a security module to prevent unauthorized accessed.
These embodiments are advantageous in that access to the reader module or the RFID arrangement is further protected from unauthorized access and thus enhance the security of the system for authentication.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:
Figure 1 is a schematic diagram of a computing server for operation as a system for authentication in accordance with one embodiment of the present invention;
Figure 2 is a schematic diagram of an embodiment of system for authentication in accordance with one embodiment the present invention; Figure 3 is a block diagram of an embodiment of an authentication server of Figure 1;
Figure 4 is a block diagram of an embodiment of a tag for authenticating a product as shown in Figure 2;
Figure 5 is a flow diagram of an example of the operation of the system for authentication.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
With reference to Figure 1, an embodiment of the present invention is illustrated. This embodiment is arranged to provide a system for authentication, comprising:
- a gateway arranged to receive a verification request for verifying an identifier associated with an authentication subject ;
- a verification module arranged to verify the identifier by locating a record associated with the identifier in an authentication database, and whereupon the identifier has been verified, using an identifier generator to generate a replacement identifier for updating the record in the authentication database.
Preferably, in one example, the verification request is arranged to be received from a reader module arranged to communicate the identifier from the associated authentication subject having a tag arranged to store the identifier and the identifier is stored in the tag is updated with the replacement identifier upon verification of the identifier.
In this embodiment, the gateway, verification module and the identifier generator are implemented by or for operation on a computer having an appropriate user interface. The computer may be implemented by any computing architecture, including stand-alone PC, client /server architecture, "dumb" terminal /mainframe architecture, or any other appropriate architecture. The computing device is appropriately programmed to implement the invention.
Referring to Figure 1, there is a shown a schematic diagram of a computer or a computing server 100 which in this embodiment comprises a server 100 arranged to operate, at least in part if not entirely, the system for authentication in accordance with one embodiment of the invention. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions. The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc. Display 112 such as a liquid crystal display, a light emitting display or any other suitable display and communications links 114. The server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line or other type of communications link.
The server may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100.
The system has a database 120 residing on a disk or other storage device which is arranged to store at least one record 122. The database 120 is in communication with the server 100 with an interface, which is implemented by computer software residing on the server 100. Alternatively, the database 120 may also be implemented as a stand-alone database system in communication with the server 100 via an external computing network, or other types of communication links. With reference to Figure 2, there is shown an embodiment of the system for authentication 200. In this embodiment, the server 100 is used as part of an authentication system 200 as an authentication server 202 arranged to communicate with a reader module 204 arranged to read and/or write to a tag associated with an authentication subject 208, such as a product or service which is required to be authenticated. In this example, the authentication server 202 is arranged to process a verification request of an identifier stored in a tag. The server 202 is arranged to communicate with the reader module 204 such that once the reader module 204 reads the identifier stored in a tag, the identifier is transmitted to the server 202 for verification.
In this example, the reader module 204 may be in the form of a scanner, a reader, smart phone or a user operated kiosk 206 arranged to communicate with the server 202 and to read an identifier from an authentication subject 208 which may be a goods item or authentication certificate of a service. Preferably, the authentication subject 208, such as a goods item, may include a tag device 210 associated with the authentication subject 208 which is arranged to tag the authentication subject 208. This tag device 210 is in turn readable by the reader module 204 for authentication. The communication link between the reader module 204 and the server may be an internet connection 212 or a computer network which is operated on a telephone line or other types of communication links.
Preferably, the communication links, including the communication link between the authentication server 202 and the reader module 204, the communication link 214 between the reader module 204 and the authentication subject 208, and the internet connections 212, are encrypted with AES encryption, or other encryption methods, such as SSL or SSH, as appreciated by a person skilled in the art. This is advantageous in that the data transmitted between each device, module or gateway is secured to avoid hacking or reverse- engineering of the authentication system.
The identity of the reader module 204, such as the scanner or kiosk 206 may be further protected by one or more security schemes. In one example, an E-token can be used for a kiosk identity, wherein the E-token may be initialized with a kiosk private certificate stored in a protected memory space in the kiosk 206 in which the protected memory can only be reference by an on-chip unit; a platform public key which is provided by the authentication system; and a unique kiosk identity (ID) string such as a alpha-numeric string with 32 bytes. The kiosk 206 may also require a user logon before it can access the authentication server 202 for data enquiry to reduce the risk of unauthorized access. When the kiosk 206 or the reader module 204 logon to the authentication server 202, the kiosk 206 or reader module 204 sends the required E-token information to the authentication server 202. Once the logon is successful, the authentication server 202 may generate and provide a random (of say 32 bytes) key to the kiosk 206 which can be used for consequent requests and for data encryption for every communication between the kiosk 206, scanner or other forms of reader module 204 and the server 202. Examples of such keys may include the generation and usage of a session key to encrypt and identify a particular communication session, whilst an encryption key may be generated and used to encrypt any data transmitted between the different components.
In this example, the tag device 210 associated with each authentication subject 208 may also be protected by a security scheme. In one example, at least one password must be correctly entered before the tag is enabled for reading and writing data to the tag. Unauthorized kiosk or reader module can also be barred from reading, writing, or modifying data such as an identifier stored in the tag without an access password. Additionally, some information in the tag can be locked with a different passwords provided by a manufacturer. Preferably, the authentication server 202 is arranged to support item level password control.
Preferably, the tag device 210 also includes an anti-tamper arrangement arranged such that the tag cannot be removed from an authentication subject 208 without physical damage to the tag device 210 or the associated authentication subject 208. This anti-tampering arrangement may for example be arranged such that upon tampering, the tag will no longer function and cannot be read or written to by a reader module 204, although in some embodiments, the tag may have additional routine which would allow an authorized reader module 204 to instruct the tag to enter a "tamper" mode which would allow the tag to be removed or otherwise disassociate itself from a product or authentication subject 208 and thus preventing the tag from being destroyed. This in turn allows the secured reusability of the tag.
Referring to Figure 3, there is shown a block diagram of an embodiment of an authentication server 202 used as a system for authentication. In this embodiment, the authentication server 202 includes a gateway 302, a verification module 304, an authentication database 306 and an identifier generator 308, which may be implemented as individual or shared components by hardware or software on or in connection with a computer system to act or provided the functionality necessary for the server 100 to operate as a system for authentication.
In this example, the gateway 302 module is arranged to communicate with a reader module 204 to obtain an identifier associated with an authentication subject 208, such as a product. As the authentication subject 208 has an associated tag device 210, the tag device 210 is firstly read by a reader module 204 to retrieve an identifier stored in the tag. Once the identifier is read from the tag, the reader module 204 transmits the identifier to the authentication server 202 by sending a verification request. This verification request includes the identifier read from the tag and is, in turn, sent to the gateway 302 of the authentication server 202. In a non-limiting example, the identifier may be randomly composed, algorithm/mathematically composed or any combination thereof, an alpha-numeric string of a predetermined length, calculated random length or it may be a barcode, QR code or other forms of computer readable code or identifier. The gateway 302, once successfully reads the identifier, then passes the received identifier to the verification module 304 for verification.
The verification module 304 may then proceed to verify the received identifier by locating a record associated with the identifier in the authentication database 306. Preferably, the authentication database 306 stores a plurality of records associated with respective identifiers which would indicate that the identifier is valid. This authentication database 306 can be securely controlled by the manufacturer, retailer, law enforcement agency or another authorized persons or stake holders which may be entrusted to verify the authenticity of an authentication subject 208 and may be populated with records of identifiers which are representative of valid products or services. The records within the authentication database 306 may include the identifier or in some examples, associated product or service information such as make, model, colour, shipping history or other attributes or information for distribution to an authorized party so as to increase the security and usability of the authentication process.
In this example, if the verification module 304 locates a matching record in the authentication database 306, the identifier is successfully verified, and thus the associated authenticated subject is deemed to be authentic and an authentication message or alert may be sent to a user notifying the user of the authenticity of the authentication subject 208. Subsequent to the successful verification, the authentication server 202 uses an identifier generator 308 to generate a replacement identifier, which may be an alpha¬ numeric string which is different from the identifier which has just been verified. The identifier generator 308 may then write the replacement identifier to the authentication database 306 by updating the record in the authentication database 306 such that the replacement identifier is stored in the authentication database 306 to replace the identifier which has just been verified. As a result of this action, the identifier which has just been read and verified cannot be verified in the future as the next verification process of this authentication subject 208 will require a reading of the replacement identifier which has just been generated and stored in the authentication database 306, although for record keeping and logging purposes, the old identifier which is being replaced may, in another embodiment, continue to be stored in the record on the authentication database 306 but as an old record which can be used for logging purposes, but not subsequent authentication. In these other embodiments, the rules of authentication may be suitable adjusted so that an old identifier, up to a certain number of subsequent replacement identifiers, can still be considered valid for authentication. This may be advantageous in authentication of products where communication links are intermittent or unreliable.
Once the replacement identifier is stored in the authentication database 306, the replacement identifier is also sent to the gateway 302 such that it may be transmitted to the reader module 204 for updating the tag associated with the authentication subject 208. This allows the tag to be updated with the replacement identifier and thus allowing the product associated with the tag to be verified again in the future as a subsequent reading of the tag by the reader module 204 will read the replacement identifier which is now stored in the authentication database 306 for this particular authentication subject 208. In this example, the identifier generator 308 may include a security code module 310 arrange to generate the replacement identifier. When the identifier generator 308 sends a request to the security code module 310 for a replacement identifier, the security code module 310 generates a replacement identifier and returns the replacement identifier to the identifier generator 308. In a non-limiting example, the security code module 310 is arranged to generate a secure code in variable length (e.g. 4 bytes to 20 bytes or any other size) , the generated code may be a random alpha-numeric string and is one-time and unique in that it is different from any previously verified code. Other forms of replacement identifier generation algorithm may be employed to generate a replacement identifier in the security code module 310 as appreciated by a person skilled in the art.
In some embodiments, the authentication server 202 may further include an error module 312 arranged to handle an unsuccessful verification processed by the verification module 304. In one example, the error module 312 may update a record in a database indicating the number of unsuccessful verification handled by a certain reader module 204. This provides an advantage in that the error module may also provide an error message to the gateway 302 which may be further transmitted to the associated kiosk 206, reader, scanner or other reader module 204 for displaying the error message .
Referring to Figure 4, there is shown a block diagram of a tag for authenticating a product comprising a storage module arranged to store an identifier associated with the product, wherein when the identifier is accessed by a communication interface, the identifier is updated with a replacement identifier .
In this embodiment, the tag device 210 comprises a storage module 402, which may include a re-writable non-volatile memory for storing an identifier. The tag device 210 may also include other memory device including one-time-programmable memory and volatile memory for storing the identifier and information other than the identifier.
When the tag device 210 is read by a reader module 204, a communication link 214 between the tag device 210 and the reader module 204 is established. The communication interface 404 retrieves the identifier stored in the memory module 402. In one non-limiting example, the identifier is an alpha¬ numeric string. The communication interface 404 then transmits the identifier to the reader module 204 which is further verified by the authentication server 202. Upon successful verification, the authentication server 202 transmits a replacement identifier to the reader module 204, and the reader module 204 transmits the replacement identifier to the communication interface 404. The replacement identifier is subsequently updated in the memory module 402 of the tag device 210.
In an alternative embodiment, the tag device 210 may further include a security code module 406 arranged to generate a replacement identifier upon successful verification The replacement identifier is subsequently updated in the memory module 402 of the tag device 210, and may also be transmitted to the authentication server 202 for updating the associated record in the authentication database 306. In this alternative embodiment, as the tag device 210 has its own security code module 406, the replacement identifier may be generated by the tag 210 and sent back to the server 100 for updating, or alternatively, both the server 100 and the tag 210 can generate the replacement identifier, but both security code modules must be operating with the same generation method or algorithm such that the replacement identifier generated by the tag 210 and the replacement identifier generated by the server 100 must be identical. These alternative embodiments are advantageous in that the replacement identifier does not need to be transmitted from the server 100 to reader module 204 or kiosk 206 and thus reducing the risk of interception or unauthorized access or corruption of the replacement identifier during transmission.
In one example, the tag device 210 is implemented with a passive RFID arrangement arranged to communicate with an RFID reader. In this example, the RFID tag includes re-writable non-volatile memory for storage of an alpha-numeric string as an identifier. The RFID tag may be embedded in an authentication subject 208 during the manufacturing of the authentication subject 208. Alternative the RFID may be embedded in to a block of material such as plastic or epoxy, to prevent easy hacking or reverse-engineering of the tag. Additionally the tag may be arranged to be non-removable without physical damage to the tag or the authentication subject 208 to ensure a lifetime unique identification for each respective authentication subject 208, wherein a damaged tag is arranged to be rendered not readable by any reader.
These example embodiments are advantageous in that a product can be authenticated whilst ensuring an identifier used for the authentication cannot be imitated by a counterfeiter. As the identifier is arranged to change on each read operation, the identifier, even if captured by a counterfeiter or some other unauthorized party, cannot be used to falsely authenticate an imitation product or service. In a retail setting, for example, infant formula tins or other products can be attached with a tamper proof tag device 210 which can be checked by a retailer or consumer. Upon the identifier having been read, the identifier can be verified for authenticity, whilst the retailer and consumer can be assured that the identifier that has been read cannot be a copy as it is subject to authorized changes on each read operation, thus allowing assurance as to the authenticity of the product since the authentication of the product is a continuing process and not a single point of authentication which could be have been imitated by an counterfeiter. An example of the operation of the system for authentication will be described with reference to the process as outlined in Figure 5.
Firstly, an identifier of a tag device 210 associated with a product for authentication, such as a luxury item, food item or any other product or service is read by a reader module 204, such as a scanner, reader or kiosk 206 operated by a user. In one embodiment, the identifier may be a code of variable length or may comprise other characteristics associated with the tag device 210. In a preferred embodiment, the tag device 210 may be an anti-tamper RFID tag. In some other embodiments, the tag device 210 is arranged to be read by an authorized reader module 204 which may be in the form of a hand held scan gun, a PDA, a smartphone embedded with Near Field Communication (NFC) technology or a kiosk 206 with a RFID reader or any other reading means .
Starting with step 502, upon reading the identifier by the reader module 204, the identifier is sent from the reader to a gateway 302 of an authentication system which includes an authentication server 202 to perform the authentication. In some embodiments, the authentication server 202 may be an information handling system such as a computer, a PDA, a mobile device, etc. Also, the transfer of the identifier to the authentication system may be through wired or wireless communication links including but not limited to the internet or a kiosk. In one embodiment, the authentication system and the reading means may be a single unit.
Once the identifier is received at the authentication system, in step 504, the authentication server 202 verifies the identifier by locating a record associated with the identifier in an authentication database 306 of the authentication server 202. In one embodiment, the authentication server 202 matches the incoming identifier with the data in the database to perform authentication. In some other embodiments, the authentication server 202 matches the information associated with the incoming identifier with the data in the database to perform authentication. In some examples, the authentication database 306 may be part of the authentication server 202 (i.e. the same unit) . In some other examples, the authentication database 306 may be external of the authentication server 202.
Upon successful verification of the identifier, in step 506, the authentication server 202 checks for outstanding operations related to the identifier. In one embodiment, the outstanding operations may include any one of the authentication procedures in Figure 5. When an outstanding operations related to that identifier is located, these operations will be resumed in step 508.
However, if the verification of the identifier is unsuccessful, the authentication system will record that particular identifier and the authentication process will be terminated in step 516.
Once it is determined that the identifier is valid and there are no outstanding operations, in step 510, an identifier generator 308 in the authentication server 202 generates a replacement identifier. In one embodiment, the identifier generator 308 may be part of the authentication server 202 (i.e. the same unit) . In some other examples, the identifier generator 308 may be external of the authentication server 202. In one example, the replacement identifier may be a code of variable length that is different to the original identifier. Preferably, the replacement identifier is not associated with any prior tag devices 210. More preferably, the replacement identifier is not located in the authentication database 306 prior to generating by the identifier generator 308. In an event where error or failure occurs during generation of the replacement identifier, the authentication system records the event and terminates the authentication process in step 516. Upon successful generation of the replacement identifier, in step 512, the authentication server 202 transmits and writes the replacement identifier to the tag device 210. In one embodiment, the authentication system may have a gateway 302 that performs the transmission of the replacement identifier to the tag device 210. In another embodiment, authentication server 202 may utilize an external transmission system to transmit the replacement identifier. In some embodiments, the transmission of the replacement identifier to the tag device 210 may be through wire or wireless communication links such as but not limited to the internet or a kiosk. Once the replacement identifier is received at the tag device 210, the tag device 210 overwrites the original identifier with the replacement identifier. In some embodiments as mentioned, the replacement identifier may be a code comprising a different length or may comprise other characteristics associated with the tag device 210. In an event where error or failure occurs during transmission and writing of the replacement identifier, the authentication server 202 records the event and terminates the authentication process .
Upon successfully completing the writing of the replacement identifier to the tag device 210, in step 514, the authentication server 202 updates the record of the authentication database 306 to associate the replacement identifier with that tag device 210. In some embodiments, the original identifier is removed from the authentication database 306. In an event where error or failure occurs during the update of the authentication database 306, the authentication server 202 records the event and terminates the authentication process in step 516.
Once the authentication database 306 is successfully updated, the authentication process completes and terminates.
Although not required, the embodiments described with reference to the Figures can be implemented as an application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular functions, the skilled person will understand that the functionality of the software application may be distributed across a number of routines, objects or components to achieve the same functionality desired herein.
It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and "computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described .
It will be appreciated by persons skilled in the art that the term "database" may include any form of organized or unorganized data storage devices implemented in either software, hardware or a combination of both which are able to implement the function described.
It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive
Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.

Claims

CLAIMS :
1. A method for authentication comprising the steps of:
- receiving a verification request for verifying an identifier associated with an authentication subject;
- verifying the identifier by locating a record associated with the identifier in an authentication database; and
whereupon the identifier has been verified, generate a replacement identifier for updating the record in the authentication database.
2. A method for authentication in accordance with claim 1, further comprising the step of updating the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.
3. A method for authentication in accordance with claim 2, wherein the record associated with the identifier is updated to be associated with the replacement identifier.
4. A method for authentication in accordance with claim 1, 2 or 3, further comprising the step of transmitting a verified signal when the identifier is verified.
5. A method for authentication in accordance with any one of the preceding claims, wherein the step of generating the replacement identifier for updating the record associate with the identifier includes the step of processing the identifier with a security code module to generate the replacement identifier .
6. A method for authentication in accordance with any one of the preceding claims, wherein the verification request is received from a reader module arranged to communicate the identifier from the associated authentication subject.
7. A method for authentication in accordance with claim 6, wherein the identifier is stored on a tag device arranged to tag the authentication subject.
8. A method for authentication in accordance with claim 6 or 7, further comprising the step of updating the identifier stored on the tag device with the replacement identifier.
9. A method for authentication in accordance with claim 8, wherein the step of updating the identifier stored on the tag device with the replacement identifier includes transmitting the replacement identifier to the reader module.
10. A method for authentication in accordance with claim 9, wherein the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.
11. A method for authentication in accordance with claim 7, wherein the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier.
12. A method for authentication in accordance with any one of claims 7 to 11, wherein the tag device includes a RFID arrangement .
13. A method for authentication in accordance with claim 12, wherein the RFID arrangement is secured from unauthorized accessed .
14. A method for authentication in accordance with claim 13, wherein the RFID arrangement is accessed after a RFID password is authenticated.
15. A method for authentication in accordance with any one of claims6 to 14, wherein the identifier is encrypted.
16. A method for authentication in accordance with any one of claims 6 to 15, wherein the reader module is secured from unauthorized accessed.
17. A method for authentication in accordance with claim 16, wherein the reader module is accessible after an access token is authenticated.
18. A method for authentication in accordance with any one of the preceding claims, wherein the authentication subject is a product .
19. A method for authentication in accordance with any one of the preceding claims, wherein the identifier is an alphanumeric string.
20. A method for authentication in accordance with claim 19, wherein the alphanumeric string is of a random length.
21. A method for authentication in accordance with claim 5, wherein the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.
22. A method for authentication in accordance with claim 21, wherein the code generating algorithm is arranged to generate random alphanumeric strings.
23. A system for authentication comprising the steps of:
- a gateway arranged to receive a verification request for verifying an identifier associated with an authentication subject ;
- a verification module arranged to verify the identifier by locating a record associated with the identifier in an authentication database; and
whereupon the identifier has been verified, using an identifier generator to generate a replacement identifier for updating the record in the authentication database.
24. A system for authentication in accordance with claim 23, further comprising a routine to update the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.
25. A system for authentication in accordance with claim 24, wherein the record associated with the identifier is updated to be associated with the replacement identifier.
26. A system for authentication in accordance with claim 23, 24 or 25, further comprising a transmission module arranged to transmit a verified signal when the identifier is verified.
27. A system for authentication in accordance with any one of claims 23 to 26, wherein the identifier generator is arranged to use a security code module to process the identifier to generate the replacement identifier for updating the record associated with the identifier.
28. A system for authentication in accordance with any one of claims 23 to 27, wherein the verification request is received from a reader module arranged to communicate the identifier from the associated authentication subject.
29. A system for authentication in accordance with claim 28, wherein the identifier is stored on a tag device arranged to tag the authentication subject.
30. A system for authentication in accordance with claim 28 or 29, wherein the identifier stored on the tag device is updated with the replacement identifier.
31. A system for authentication in accordance with claim 30, wherein the replacement identifier updated on the tag device is transmitted to the tag by the reader module.
32. A system for authentication in accordance with claim 31, wherein the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.
33. A system for authentication in accordance with claim 29, wherein the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier.
34. A system for authentication in accordance with any one of claims 29 to 33, wherein the tag device includes a RFID arrangement .
35. A system for authentication in accordance with claim 34, wherein the RFID arrangement includes a security module to prevent unauthorized accessed.
36. A system for authentication in accordance with claim 35, wherein the security module is arranged to authenticate a RFID password before access to the RFID arrangement is allowed.
37. A system for authentication in accordance with any one of claims 28 to 36, wherein the identifier is encrypted.
38. A system for authentication in accordance with any one of claims 28 to 37, wherein the reader module includes a security function to prevent unauthorized accessed.
39. A system for authentication in accordance with claim 38, wherein the security function is arranged to authenticate an access token before access to the reader module is allowed.
40. A system for authentication in accordance with any one of the claims 23 to 39, wherein the authentication subject is a product .
41. A system for authentication in accordance with any one of the claims 23 to 40, wherein the identifier is an alphanumeric string .
42. A system for authentication in accordance with claim 41, wherein the alphanumeric string is of a random length.
43. A system for authentication in accordance with claim 27, wherein the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.
44. A system for authentication in accordance with claim 43, wherein the code generating algorithm is arranged to generate random alphanumeric strings.
45. A tag for authenticating a product comprising
- a storage module arranged to store an identifier associated with the product, wherein when the identifier is read by a communication interface, the identifier is updated with a replacement identifier.
46. A tag in accordance with claim 45, wherein the storage module is arranged to receive the replacement identifier from the communication interface to update the identifier stored in the storage module.
47. A tag in accordance with claim 45, further comprising a security code module arranged to generate a replacement identifier .
48. A system for authenticatin j a product comprising the steps of:
- engaging a tag in accordance with any one of claims 45 to 47 to the product;
- reading the tag to obtain an identifier; and
- transmitting the identifier to a system for authentication in accordance with any one of claims 23 to 44 for verification
PCT/CN2013/072362 2013-03-08 2013-03-08 System and method for authentication WO2014134827A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2013/072362 WO2014134827A1 (en) 2013-03-08 2013-03-08 System and method for authentication
TW103107867A TW201503005A (en) 2013-03-08 2014-03-07 A system and method for authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/072362 WO2014134827A1 (en) 2013-03-08 2013-03-08 System and method for authentication

Publications (1)

Publication Number Publication Date
WO2014134827A1 true WO2014134827A1 (en) 2014-09-12

Family

ID=51490589

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/072362 WO2014134827A1 (en) 2013-03-08 2013-03-08 System and method for authentication

Country Status (2)

Country Link
TW (1) TW201503005A (en)
WO (1) WO2014134827A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
CN115358246A (en) * 2022-10-24 2022-11-18 湖南会成科技有限公司 Information interaction method and device, storage medium and processor

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007136279A1 (en) * 2006-05-24 2007-11-29 Data Acquisitions Limited Radio frequency identification tag reader and method
US20090214038A1 (en) * 2005-10-24 2009-08-27 Chien Yaw Wong Security-enhanced rfid system
CN101847199A (en) * 2009-03-24 2010-09-29 复旦大学 Security authentication method for radio frequency recognition system
CN102945384A (en) * 2012-11-27 2013-02-27 上海质尊溯源电子科技有限公司 Method for enhancing high-frequency RFID (radio frequency identification) safety

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090214038A1 (en) * 2005-10-24 2009-08-27 Chien Yaw Wong Security-enhanced rfid system
WO2007136279A1 (en) * 2006-05-24 2007-11-29 Data Acquisitions Limited Radio frequency identification tag reader and method
CN101847199A (en) * 2009-03-24 2010-09-29 复旦大学 Security authentication method for radio frequency recognition system
CN102945384A (en) * 2012-11-27 2013-02-27 上海质尊溯源电子科技有限公司 Method for enhancing high-frequency RFID (radio frequency identification) safety

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
CN115358246A (en) * 2022-10-24 2022-11-18 湖南会成科技有限公司 Information interaction method and device, storage medium and processor

Also Published As

Publication number Publication date
TW201503005A (en) 2015-01-16

Similar Documents

Publication Publication Date Title
TWI813677B (en) Methods and systems for automatic object recognition and authentication
CN108053001B (en) Information security authentication method and system for electronic warehouse receipt
US9256881B2 (en) Authenticating and managing item ownership and authenticity
US8856533B2 (en) Device, system and method for determining authenticity of an item
US10019530B2 (en) ID tag authentication system and method
US20160072626A1 (en) Cryptographically-verifiable attestation label
US20160098723A1 (en) System and method for block-chain verification of goods
CN105849739B (en) Authentication system and authentication method
JP2022514784A (en) Methods and systems for preparing and performing object authentication
US20120124388A1 (en) Electronic-device theft-deterring systems
JP2009532792A (en) Product certification system
US8459550B2 (en) Method for transferring data, a computer program product, a data provision and a data receiving device and a communication system
WO2017116303A1 (en) Secure dual-mode anti-counterfeit product authentication methodology and system
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
WO2014134827A1 (en) System and method for authentication
US9672505B2 (en) Method for verifying the authenticity of a terminal, corresponding device and program
KR100497630B1 (en) Portable RF-tag reader for verifying a genuine article
WO2021105797A1 (en) Managing physical objects using crypto-anchors
RU2814089C2 (en) Methods and systems for automatic object recognition and authenticity verification
EP2770663A1 (en) Encryption Key-Based Product Authentication System and Method
AU2019100668A4 (en) A Method of Providing Secure Ownership of an Object
JP2018072977A (en) Commodity authenticity determination system
TWI644227B (en) Cross verification system implemented along with a mobile device and method thereof
KR101192972B1 (en) An authenti cation system for anti-forgery using the smart card chip and method of thereof
WO2020202216A1 (en) System and method to determine the authenticity of a wireless communication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13877249

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13877249

Country of ref document: EP

Kind code of ref document: A1