WO2015170290A1 - Procédé pour certifier et vérifier l'authenticité d'un objet - Google Patents

Procédé pour certifier et vérifier l'authenticité d'un objet Download PDF

Info

Publication number
WO2015170290A1
WO2015170290A1 PCT/IB2015/053378 IB2015053378W WO2015170290A1 WO 2015170290 A1 WO2015170290 A1 WO 2015170290A1 IB 2015053378 W IB2015053378 W IB 2015053378W WO 2015170290 A1 WO2015170290 A1 WO 2015170290A1
Authority
WO
WIPO (PCT)
Prior art keywords
article
producer
data packet
electronic device
institution
Prior art date
Application number
PCT/IB2015/053378
Other languages
English (en)
Inventor
Alberto Ferrari
Isidoro Ferrari
Claudio Girlanda
Original Assignee
Ferdiam S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ferdiam S.R.L. filed Critical Ferdiam S.R.L.
Priority to EP15732346.0A priority Critical patent/EP3140792A1/fr
Publication of WO2015170290A1 publication Critical patent/WO2015170290A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management

Definitions

  • the present invention refers, in general, to a system for certifying and verifying the authenticity of an article and to the relevant certification and verification processes. More particularly, the present invention refers to a system and relevant processes to guarantee the originality of an article, certify the authenticity of this article and allow a client to verify the authenticity of this article.
  • a data storage and transmission device may be applied to an article, this device being provided with a code associated uniquely to the article itself in order to guarantee the authenticity of the article.
  • That type of devices may utilize technologies of identification and storage such as the technology called Rfid (Radio Frequency Identification).
  • Rfid Radio Frequency Identification
  • the authenticity of the article is verified by means of a suitable reader through which the identification code stored in the device is detected so that it is possible to verify the correct correspondence with the same article - and also with the producer - by consulting a data bank allocated on an accessible server.
  • a first problem regards the preservation of data in the server after many years from the placing of the article on the market.
  • the articles that usually are protected by systems of this type are durable goods, usable also for many years.
  • the server and the relevant databases can be managed by firms that can be dissolved, bankrupted, abandoned or that are closed before the maximum duration and utilization of the article protected.
  • a system like the known system is not capable to avoid that who manages the server inserts or modifies the data of the data bank so as to create new labels to be applied to counterfeit goods.
  • Certification systems for the certification of goods are also known as the system described in the patent document EP 0 889 448 A2 in which a nested key system is provided in which a certifying institution supplies different private encryption keys together with a corresponding public decryption key to each producer of articles to be certified, said corresponding public decryption key being encrypted with the private encryption key of the certifying institution.
  • the producer signs digitally the device associated to the article to be certified with the private key supplied by the certifying institution and incorporates, in the same device, the public decryption key corresponding to the private key just used and previously encrypted by means of the private encryption key of the certifying institution.
  • Any user who wants to verify the authenticity of a product can easily recover the public key of the certifying institution and decrypt the public decryption key of the producer so as to have access to the data. By utilizing the latter, the user decrypts the private key and has access to the information contained in the device associated to the article so as to verify the authenticity of the article itself.
  • this system avoids that the user has to recover a different public key for each producer supplying the article since it is necessary to have only the public key of the certifying institution but on the other side, this system allows the producer, who can recover the public key of the certifying institution, to have access to the device to modify and / or duplicate and encrypt the device again with his/her own private key.
  • the certifying institution certifies only the public key of the producer but leaves the producer full freedom of modifying the device or produce other storage and transmission devices.
  • An aim of the invention is to solve the above mentioned problems and other problems by implementing a procedure and a system for the verification of the authenticity of an article functioning even after many years after the launch of the article on the market.
  • Another aim of the invention is to provide a system for the verification of the authenticity of an article which system does not depend on an external data bank or, in any case, on an external device such as a calculator or a server.
  • a further aim of the invention is to provide a system for the verification of the authenticity of an article which system does not allow to the person implementing the system or having access to the system for any reason to modify the system itself in order to realize counterfeit goods.
  • a system for certifying and verifying the authenticity of an article OG comprising a procedure for certifying the authenticity of the article and a procedure for verifying the authenticity of the article OG.
  • the procedure for certifying the authenticity of an article comprises the following steps:
  • the producer of the article PA generates a pair of asymmetric keys relating to a first encryption system, specifically a public key CPUPA and a private key CPRPA;
  • a first numerical value UID1 equal to the unique number UID; o data relating to the identification of the producer of the article PA, for example the corporate name and / or the trademark of the producer; o data relating to the article OG whose authenticity has to be certified;
  • the producer of the article PA encrypts, with the private key CPRPA, the first data packet identified as PDPA so as to obtain a first encrypted data packet PDPAC;
  • the producer of the article PA delivers the first encrypted data packet PDPAC and the public key CPUPA of the first encryption system to an issuing institution EE;
  • the issuing institution EE generates a pair of asymmetric keys relating to a second encryption system, specifically a public key CPUEE and a private key CPREE;
  • PDEE a second data packet identified as PDEE comprising:
  • a second numerical value UID2 equal to the unique number UID; o data relating to the identification of the issuing institution EE, for instance the corporate name and / or the trademark of the issuing institution;
  • the issuing institution EE encrypts the second data packet PDEE with the private key CPREE so as to obtain a second encrypted data packet PDEEC;
  • the issuing institution EE stores, on the electronic device DE having the unique number UID, the first series of information comprising:
  • the issuing institution EE makes, permanently, only readable and not modifiable the part of memory of the electronic device DE used to write the first series of information;
  • the final client CL reads, in the electronic device DE having the unique number UID, the first set of information.
  • the procedure for verifying the authenticity of the article comprises the following steps:
  • the final client CL decrypts the second encrypted data packet PDEEC with the public key CPUEE of the second encryption system so as to obtain a second readable data packet PDEE;
  • the final client CL verifies that the unique number UID, read initially, is equal to the second numerical value UID2 inserted by the issueing institution EE in the second data packet PDEE; - in case the unique number UID is equal to the second numerical value UID2, the final client CL is informed that the electronic device DE has been authentically worked by the issuing institution EE;
  • the final client decrypts the first encrypted data packet PDPAC with the public key CPUPA of the first encryption system used by the producer PA of the article OG so as to obtain a first readable data packet PDPA;
  • the final client CL verifies that the unique number UID read initially is equal to the first numerical value UID1 inserted by the producer PA of the article OG in the first data packet PDPA;
  • the final client CL is informed that the article OG being verified is actually an original article, realized authentically by the producer of the article PA;
  • the final client CL is informed that the article OG being verified is not an original article.
  • the system according to the invention in particular the procedure for the verification of the authenticity of the article does not need any validation on external servers that could be disused or no more under control.
  • the system according to the invention in particular the procedure for the certification of the authenticity of the article does not allow the issuing institution to alter the data packets that have been already created and encrypted, nor allows the system to generate new data packets unless there is an agreement between the parties in question, namely, the issuing institution and the producer of the article.
  • the electronic device may comprise a Rfid tag and / or a NFC tag.
  • NCF tags of the latest generation which have a wider memory than that of the tags used to date, it is possible for the producer of the original article to insert additional data relating to the product in a read-only memory or in a rewritable memory protected by a secret word.
  • the issuing institution may store on the electronic device, in addition to the first series of information, also an unencrypted internet link to a web page from which an electronic program for mobile devices of connection to internet can be downloaded to read and decode data.
  • the electronic program may include at least a recognition string ("fingerprint") that uniquely corresponds to a given public key of an encryption system used by the issuing institution.
  • the client may verify that the recognition string present in the program corresponds to the recognition string obtainable uniquely from the public key included in the first series of information.
  • the producer of the article may store other data in the unused part of memory of the electronic device.
  • the so-inserted additional data may be stored by the producer of the original article directly so that the issuing institution can not know said additional data.
  • the electronic device may be included in an identification element adapted be applied to the article whose authenticity has to be certified.
  • the final client can easily identify where verifying the authenticity of the article of interest.
  • the certification and control system has the peculiarity that all the data required to carry out the control are inserted in the electronic device and no one can alter what is stored.
  • the procedure according to the invention may provide that a certifying institution EC may verify the correspondence between the first encrypted data packet PDPAC created by the producer PA of the article OG and the same article OG.
  • the certifying institution EC may issue a third encrypted data packet PDEC comprising information regarding the verification performed by the same certifying institution EC and encrypted with a private key CPREC of the third encryption system so that a third encryption level has been created.
  • the certifying institution EC may send the third encrypted data packet PDEC to the issuing institution EE in replacement of the first encrypted data packet PDPAC of the producer of the article PA, together with the public key CPUEC of the third encryption system.
  • the procedure according to the invention may provide that a timestamp is associated with each data packet in correspondence of each step of the procedure or system so that everybody can understand when the various activities of reading, storage and / or encryption have been performed.
  • the various data packets may be saved in a "cloud" space corresponding to the electronic device DE of the article OG to be authenticated so as to perform the various activities of reading, storage and / or encryption even remotely.
  • a device for the storage and transmission of data which operates by means of the technology Rfid (Radio Frequency Identification), in particular by means of the NFC technology (Near Field Communication).
  • Rfid Radio Frequency Identification
  • NFC Near Field Communication
  • UID Unique Identifier
  • the subjects of interest in the procedure are the following:
  • EE certified data structure
  • DE electronic device
  • PD a producer of the electronic device, in this case a Rfid tag or a Nfc tag, hereinafter called PD;
  • CL final client
  • the physical objects of interest in the procedure are the following:
  • the electronic device DE in the specific case a Rfid tag or a Nfc tag;
  • the data and information of interest in the procedure are the following: - the unque number, called UID, of the electronic device DE applied to the article OG;
  • OpenPGP Internet standard
  • PDEE a data packet encrypted by the issuing institution EE
  • APP an application, hereinafter also called APP, for mobile phones, for the decryption of the data relative to the data packet of the article producer, PDPA, and to the data packet of the issuing institution, PDEE;
  • CPRPA a private key relative to the encryption system of the article producer
  • CPUPA public key relative to the encryption system of the article producer
  • CPREE a private key relative to the encryption system of the issuing institution
  • CPREE a public key relative to the encryption system of the issuing institution
  • the issuing institution EE communicates to the producer of the article PA the unique number UID of the electronic device DE that will be then applied to the article OG to be protected and whose authenticity has to be verified.
  • the above mentioned communication is done through channels ensuring both the certification of the contents and the timestamp such as the Certified Electronic Mail.
  • the article producer PA generates a pair of asymmetric keys relating to its own encryption system OpenPGP, specifically a public key, called CPUPA, and a private key, called CPRPA.
  • the producer of the article encrypts with the private key CPRPA a data packet identified as PDPA and consisting of:
  • the article producer PA gives the data packet encrypted and identified as PDPA together with the public key of its encryption system to the issuing institution EE.
  • the above mentioned communication is done through channels ensuring both the certification of the contents and the timestamp such as the Certified Electronic Mail.
  • the issuing institution EE generates a pair of asymmetric keys relative to its own encryption system OpenPGP, specifically a public key called CPREE, and a private key called CPREE.
  • the issuing institution EE encrypts with the private key CPREE a data packet identified as PDEE and consisting of:
  • CPREE the public key of the issuing institution
  • the issuing institution EE makes permanently only readable the memory part used to write the above-mentioned data so that no one, not even the issuing institution EE itself, may modify or cancel the data in question.
  • the remaining memory of the electronic device DE remains available to the article producer PA for the insertion of other data of interest.
  • the so-programmed electronic device DE is given by the issuing institution EE to the article producer PA who can apply and fix the electronic device permanently on the article OG whose authenticity can then be verified by reading the electronic device DE itself.
  • the final client is automatically directed to the website page where the final client can download an application APP for the decryption of data.
  • the application APP already comprises the so-called "fingerprints" of a set of public keys CPREE used by the issuing institution EE, although these keys have not yet been assigned to a specific object.
  • "fingerprint” it is to be intended a string of characters or an alphanumeric sequence that corresponds uniquely to a public key. In this way, the dimensions of the application are reduced because the application has not to include entire public keys by only the relevant "fingerprints", which reflects the actual validity of the public key obtained by reading the electronic device DE, as described below.
  • the data that are read from the application APP in the electronic device DE are the following:
  • the unique number UID specifically the unique number written permanently in clear, i.e. unencrypted, by the producer PD of the electronic device DE, i.e. the Rfid tag or NFC;
  • the first verification to be performed consists in controlling that the "fingerprint" of the public key CPREE present in the electronic device DE corresponds to the "fingerprint” present in the data bank of the application APP.
  • the application APP decrypts the data packet PDEE, created and encrypted by the issuing institution EE.
  • the application APP communicates that the electronic device DE has been authentically processed by the issuing institution EE.
  • the application extracts both the data packet PDPA created and encrypted by the article producer and the public key CPUPA of the encryption system of the article producer.
  • the application decrypts the data packet PDPA created and encrypted previously by the article producer PA. If the unique number UID inserted by the article producer PA inside the data packet PDPA corresponds to the original unique number UID of the electronic device DE, the application APP communicates that the article OG being verified is actually an original article, made authentically by the producer of the article itself PA.
  • the application APP communicates also all the other data present in the data packet PDEE of the certifying institution, i.e. the data that the article producer PA has inserted on indicating that also these data are certified.
  • the above described procedure for storing certified data in electronic format on electronic devices DE such as Rfid and NFC tags may be applied to certify the authenticity of any object.
  • the electronic device DE suitably managed as described previously may be incorporated in a small manufactured article, for example a decorative object which in turn is applied on the article whose authenticity has to be proved.
  • the electronic device DE incorporated in the small manufactured article above all if it is incorporated in a decorative object, becomes more easily applicable to the article to be protected.
  • the issuing institution EE becomes also the producer of the small manufactured article, i.e. the decorative object, so that in addition to its ornamental features and to the possibility of conveying the brand of the article to be protected, the object in question becomes also a means to ensure the authenticity of the object.
  • the system for the certification and verification of the originality of an article may operate also without the application downloaded from the website supplied by the issuing institution.
  • the final client may decrypt and read the various data packet by using the public keys that the final client finds in the same data packets with the possibility of verification of said public keys on public servers, known as server keys.
  • the electronic device in which the data are stored may be provided with two or more chips, the same data being stored in them except the unique number which is different for each chip.
  • the electronic device has, consequently, a degree of impossibility of reading of one in a hundred million.
  • the various operations of writing and encryption of the data can take place remotely by using also a "cloud" system for the permanent writing and storage of the data with characteristics of immutability of the stored data according to the state of art known.
  • the writing and digital signature of the issuing institution EE occurs in the place of production, namely at the article producer PA by means of an Internet channel made suitably safe.
  • the "cloud" system can be managed and guaranteed by the issuing institution EE which already guarantees the electronic devices DE on which the data are stored.
  • This level of encryption is therefore interposed between the first level of encryption, i.e. the level regarding the article producer PA of the article whose authenticity has to be certified, and the last level, i.e. the level regarding the issuing institution EE managing the sale and distribution of the electronic devices DE for data storage, in addition to any "cloud" system and verification application for the user.
  • the article producer PA orders the issuing institution EE a determined number of electronic devices DE with one or more chips according to the level of storage safety required to store data.
  • the issuing institution EE reads the unique number UID associated to the electronic device DE, initializes the "cloud” service by creating a "cloud" space of storage with a user code corresponding to the unique number UID and assigns a password generated casually. This password is encrypted with the public key CPUPA of the article producer PA and saved in the electronic device DE in rewritable mode.
  • the article producer PA receives the one or more electronic devices DE initialized.
  • the article producer PA reads the password present on the electronic device DE and decrypts it with its own private key CPRPA. By using the extracted password, the producer writes in the relevant space "cloud" its data packet PDPA also inclusive of the relevant timestamp and encrypted with its own private key CPRPA on concatenating also its own public key CPUPA in clear.
  • the producer PA changes the access password for the access to the relevant space "cloud” and encrypts it with the public key CPUEC of the certifying institution EC.
  • the producer PA writes on the electronic device DE in rewritable mode:
  • the producer applies the electronic device DE permanently to the article OG whose authenticity has to be certified.
  • An official of the certifying institution EC verifies on the production website of the producer PA that the encrypted data packet PDPA prepared by the producer and relating to the unique number UID of the electronic device DE corresponds to what has been declared by the producer. More verification levels may be defined such as:
  • the official of the certifying institution EC verifies that the electronic device DE present on the article OG to be certified is fixed permanently and reads from same the encrypted data packet PDPA and decrypts it with the public key of the producer CPUPA.
  • the official reads the password in the electronic device DE to have access to the relevant space “cloud” and decrypts it with its own private key, hereinafter called CPREC.
  • the official of the certifying institution EC enters the dedicated space "cloud” by means of the decrypted password and verifies that the data packet of the producer of the article PDPA on the space "cloud” and the relevant timestamps correspond to what has been read on the electronic device DE.
  • the official of the certifying institution EC verifies that what has been written by the producer corresponds to the article OG on which the electronic device DE has been applied according to the verification level required by the producer as listed above.
  • This data packet is then loaded on the relevant space "cloud", the public key CPUEC of the certifying institution EC being concatenated in clear.
  • the "cloud” system After the "cloud” system has verified that the unique code UID of the data packet of the article producer PDPA and the data packet of the certifying institution PDEC correspond to each other, the "cloud” system encrypts the whole data packet of the certifying institution PDEC together with the public key of the certifying institution CPUEC by using the private key of the issuing institution CPREE.
  • the official of the certifying institution EC erases all the contents of the electronic device DE, loads the entire packet encrypted of the issuing institution PDEE on concatenating the public key of the issuing institution CPUEE in clear and sets the electronic device DE in read-only mode.
  • the official of the certifying institution EC loads on the relevant space "cloud" the whole raw reading of the electronic device De which has to correspond with what has been prepared by the issuing institution EE.
  • the producer PA reads the electronic device DE once again, verifies that the data are correct and that the electronic device DE is in read-only mode, enters the relevant space "cloud" with its own password and recharges all the reading of the electronic device DE that has to correspond to the two preceding readings.
  • the electronic device is signaled also as active on the relevant space "cloud”.
  • the producer PA can use a pair of private/public keys for each object or groups of objects because the public key is contained encrypted inside the electronic device DE.
  • the certifying institution EC may use a pair of private/public keys for any object or groups of objects because the public key is contained encrypted inside the electronic device DE.
  • the issuing institution EE may change its own pair of private/public keys daily or at random time so as to insert these keys in the updates of the control application.
  • the dimension of a public key per day also over a period of decades is compatible with the dimensions of a current application, even less problematic for the future.
  • the public keys and relevant validity periods of the article producer PA, certifying institution EC and issuing institution EE may be saved not only inside the electronic device DE and verification application, but also on public servers known as "key-servers".
  • a technician of the sector may provide changes or variants which are to be considered as included in the scope of protection of the present invention.

Abstract

La présente invention concerne un procédé pour certifier et vérifier l'authenticité d'un article OG produit par un producteur PA par application, sur ledit article OG, d'un dispositif électronique DE pour le stockage et la transmission de données, identifié par un numéro unique UID. L'article OG peut être acheté par un client CL qui souhaite vérifier l'authenticité dudit article.
PCT/IB2015/053378 2014-05-08 2015-05-08 Procédé pour certifier et vérifier l'authenticité d'un objet WO2015170290A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15732346.0A EP3140792A1 (fr) 2014-05-08 2015-05-08 Procédé pour certifier et vérifier l'authenticité d'un objet

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITVR2014A000125 2014-05-08
ITVR20140125 2014-05-08

Publications (1)

Publication Number Publication Date
WO2015170290A1 true WO2015170290A1 (fr) 2015-11-12

Family

ID=51136686

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/053378 WO2015170290A1 (fr) 2014-05-08 2015-05-08 Procédé pour certifier et vérifier l'authenticité d'un objet

Country Status (2)

Country Link
EP (1) EP3140792A1 (fr)
WO (1) WO2015170290A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0889448A2 (fr) 1997-07-01 1999-01-07 Pitney Bowes Inc. Procédé pour empêcher la falsification d'articles de fabrication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0889448A2 (fr) 1997-07-01 1999-01-07 Pitney Bowes Inc. Procédé pour empêcher la falsification d'articles de fabrication

Also Published As

Publication number Publication date
EP3140792A1 (fr) 2017-03-15

Similar Documents

Publication Publication Date Title
TWI803726B (zh) 準備並執行物體驗證的方法及系統
US9858569B2 (en) Systems and methods in support of authentication of an item
US11461764B2 (en) Systems and methods for performing a reissue of a contactless card
CN101765996B (zh) 用于远程认证和交易签名的装置和方法
US20170032116A1 (en) Method and system for authenticating a user by means of an application
WO2016145705A1 (fr) Système et procédé anti-contrefaçon pour terminal de téléphone cellulaire à nfc chiffré en fonction du temps
KR20160086939A (ko) 클럭 동기화 타입 동적 암호 보안 레이블 적법성 실시간 검증 시스템 및 방법
KR101296137B1 (ko) 큐알코드이용 모바일아이디데이터 보안 방법 및 시스템
CN105027153A (zh) 用于安全配置、传送和验证支付数据的方法、装置和系统
WO2013072437A1 (fr) Procédé et système d'étiquettes nfc protégées par clé, et procédé de diversification de coupon sur une chaîne virtuelle de distribution par nfc
TW201528027A (zh) 資料加密機制和儲存加密資料的智慧卡
US20210272098A1 (en) Method and system to create a trusted record or message and usage for a secure activation or strong customer authentication
US10158493B2 (en) Solution for generating and issuing security codes with guaranteed issuer authenticity and origin
CN108573296B (zh) 防伪装置、防伪系统和防伪方法
CN105871424B (zh) 基于ecc的rfid群组验证方法
US20090040023A1 (en) RF Transponder for Off-Line Authentication of a Source of a Product Carrying the Transponder
US11977944B2 (en) Method for verifying the habilitation of a terminal to check an identity attribute of a user
CN105849739B (zh) 验证系统和验证方法
CN103530785A (zh) 一种基于nfc功能的双重防伪系统与方法
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
CN103971245B (zh) 一种用于商品电子防伪的组合加密系统
KR20040085800A (ko) 제품의 진품 여부를 확인하기 위한 비접촉식 통신 태그 및 휴대형 태그 판독기
SG128516A1 (en) Updating a mobile payment device
US9672505B2 (en) Method for verifying the authenticity of a terminal, corresponding device and program
WO2015170290A1 (fr) Procédé pour certifier et vérifier l'authenticité d'un objet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15732346

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015732346

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015732346

Country of ref document: EP