SECURE DUAL-MODE ANTI-COUNTERFEIT PRODUCT AUTHENTICATION
METHODOLOGY AND SYSTEM
FIELD OF THE INVENTION
[0001 ] The present invention relates to a system and method of verifying the authenticity of products. In particular, the present invention utilises Near Field Communication (NFC) technologies, Smartcard technology, mobile devices and integrated software applications to confirm the authenticity of the product.
BACKGROUND AND/OR RELATED AND/OR PRIOR ART
 Counterfeiting remains a serious problem for businesses all over the world. The manufacture and production of counterfeit branded products have increased steeply over the years costing hundreds of millions of dollars each year.
 According to the Global Impact Study Report entitled "Estimating the global economic and social impacts of counterfeiting and piracy" - a report commissioned by "Business Action To Stop Counterfeiting and Piracy" or "BASCAP" (February 201 1 ), by 2015, the International Chamber of Commerce (ICC) expects the value of counterfeit goods globally to exceed USD 1 .7 trillion. Based on the figures above, it appears that counterfeiters are no longer limited to simple peddlers of cheap imitations sold on the black market, but is a substantial, and sophisticated if illegitimate business.
 Since the onset of globalisation and outsourcing, counterfeits are given opportunities to now infiltrate worldwide distribution chains and supply chains. The difficulty for distributors and manufacturers in identifying these counterfeits further exposes them to liability claims, whereby the counterfeits cause harm to consumers, product recalls and expensive lawsuits.
 Today, the deluge of counterfeits extends to a wide variety of goods ranging from software and medicine to luxury goods and detergent to car parts. Nevertheless, watches, bags, clothing, jewellery and perfume continue to make up the bulk of the goods seized at borders.
 Existing ways of detecting counterfeits rely on holograms, Radio Frequency
Identification (RFID) tags, QR codes and tamper-proof labels at the manufacturing or shipping stages. After these initial stages, the products are subsequently verified at the retail end. Unfortunately, even though these products have been tagged with the necessary anti- counterfeit tags, counterfeit goods continue to enter into high-end retail stores. This shows that the existing ways of utilising holograms, RFID tags and QR codes are not sufficient in preventing counterfeit products from entering the market and are therefore unreliable to that extent.
 Further, existing technologies relying on RFID tags, QR codes and tamper-proof labels require specialised readers to read the information on the product. If these readers fall into the wrong hands, counterfeiters will easily be able to manipulate the system and duplicate its own RFID tags and QR codes such that customers will not be able to tell a counterfeit from an original. When this happens, customers will not also not be able to track and trace the product through its original distribution line and therefore, will not be able to tell if the store- bought product is genuine or otherwise.
 It should also be noted that most of the time, these RFID tags, QR codes and tamper-proof labels are visible to the human eye. As a result of this, counterfeiters can easily duplicate the tags and codes and forge them accordingly. Customers who are not savvy will therefore not be able to tell if an RFID tag or a QR code are indeed authentic or have been tampered with if not duplicated.
 However, even if consumers and manufactures are able to track and trace the products via the said tags and generally detect a counterfeit, the state of existing technologies today still require a more robust, sophisticated, holistic and multi-layered approach to authenticate products in the market.
 In this regard, there are still many loopholes that can be manipulated by a counterfeit at different stages of a product's distribution and supply chain, after which the customer will not be able to look out for ways to ascertain the product's authenticity.
[001 1 ] US Patent No. 8,108,309 discloses a method and system for protecting an item from counterfeiting. Each item is marked with an identifier, such as a serial number along with a code generator that has secret functions and data for generating verification codes. The item is subsequently supplied along with the corresponding code generator. Relying heavily on various types of code generators such as a hardware device, a software installed in the manufactured item and software installed in a device that is associated with the manufactured item, this patent may be potentially complicated for manufacturers and customers of the like. Even though the patent explains the functions of each type of code generator, it does not clearly explain the circumstances where each code generator might be best applied in. Simply put, there is no definite way to tell which type of code generator is preferred in relation to authenticating manufactured items.
 Moreover, US Patent No. 8,108,309 involves providing an authentication method similar to that of the 2 factor authentication (2FA) which is dependent on a separate hardware which does not have a physical security layer, and authentication needs to be carried out within a very short period of time or it will not be successful. Further, out of the 3 authentication processes mentioned, only the authentication process done remotely over the desktop is relatively the most secure out of the 3, as the others involve the introduction of another entity which can compromise the overall security.
 Further, this invention also teaches that the manufacturer is the main provider of the verification service. Under this authentication process, an item is first associated with an item identifier. Thereafter, the item identifier is associated with the code generator secrets. This process should be seen as a limitation of the invention because the authentication and verifiability is controlled by one single entity - that is the manufacturer. This is dangerous because the manufacturer should not be placed as the ultimate verifier of the product as he / she would be able to manipulate the code generator secrets and thereby, manipulating the authentication process. When this happens, customers will not be able to verify again whether the authentication process is legitimate.
 Other leading authentication technologies that are currently available but does not address the current problems are as follows:
1 . Barcode/QR Code Authentication- While scanning can be done by most smartphones today, it is common knowledge that the source is vulnerable to duplication and more often than not are duplicated as there is no security feature to the barcode or QR Code authentication technology. Unlike barcode/QR, the current invention uses Smartchip technology which has a physical security layer and cannot be duplicated due to its unique identity.
2. RFID Authentication- There are many solutions in the market which depict RFID being used as an anti-counterfeit solution as RFID is said to be able to track and trace and provide asset visibility. However, it is common knowledge that RFID does not offer any form of physical security on a tag as it can be easily replicated given that the Electronic Product Code (EPC) can be duplicated by a counterfeiter. The only form of security lies mainly in the back-end system, such as the Asset Management System, Inventory Control System, amongst others.
3. Holographic Authentication- It is a common belief that holograms cannot be counterfeited. However, the truth is that it is easy to counterfeit the holograms that are commonly used today in security applications, and studies have shown that holograms have been counterfeited more than once. Methods of duplicating hologram includes, mechanical copying, contact printing, 2 step copying, remastering and simulation amongst others (Hologram Counterfeiting: Problems and Solutions, Proc. SPIE Vol. 1210, pp. 66-76, Optical Security and Anti-counterfeiting Systems, William F. Fagan; Ed. (SPIE Homepage) April 1990).
Biometric Authentication- Biometric identification is a statistical process. Variations in conditions between enrolment and acquisition as well as bodily changes (temporary or permanent) mean that there is never a 100% match. Fraudulent reproduction of biometric data is possible; this depends heavily on the modality, application and resources being considered and availability of the data to be reproduced (John R. Vacca, Biometric Technologies and Verification Systems, Chapter 27, pp. 451 - 452, (2007, Elsevier, Inc.).
 This invention therefore seeks to address and solve the abovementioned gaps which currently plague the use of existing anti-counterfeiting technologies.
SUMMARY OF THE INVENTION
 The present invention relates to a dual-mode authentication system whereby each product is marked with a unique combination of a manufacturer identification code, and a physical tag-enabled Near Field Communication ("NFC") technology ("NFC-enabled tag") at the production stage. The information on the tag is encrypted and a secret code is randomly generated. This information is stored in an authentication server. In the preferred embodiment, the authentication server can be a physical server located with the manufacturers. It other embodiments, it is envisaged that the server can also be cloud-based and maintained by the service providers (inventors) or the manufacturers may also choose to locate the physical servers with the same service providers (inventors).
 Under the offline authentication mode, the authentication client validates the authenticity of the NFC-enabled tag without connecting to the internet network. In this instance, the user will first use the authentication client to read and/or input the manufacturer identification code (which is visible to the user) into the authentication client. Thereafter, the user will scan the NFC-enabled tag using the authentication client, thereby reading the secret code. A mutual product authentication process is thus initialised between the authentication client and the NFC- enabled tag and eventually the product is authenticated. Once authenticated, there will be a series of information displayed on the screen of the authentication client, confirming that the product is genuine. In the preferred embodiment, the displayed information would include the authentication success logo, product item name, manufacturing date, manufacturing location, product serial number and the product batch number, although a different combination of the same and other related product data may be displayed in other embodiments.
 Under the online authentication mode, product authentication is further established by connecting to an encrypted authentication server through an authentication network. The authentication client requires the customer to input the manufacturer identification code of the product to the authentication client either manually or by scanning the manufacturer identification code with the authentication client. By doing so, the unique encrypted secret code of the NFC-enabled tag will be matched with the unique manufacturer identification code of the product ("Paired Data"). The authentication client reads the Paired Data whilst the authentication server later processes the Paired Data, thereby, matching the Paired Data with the data stored in the database.
BRIEF DESCRIPTON OF THE DRAWINGS
 The following descriptions, considered together with the accompanying drawings will provide more clarity and comprehension of the present invention, wherein:
FIG. 1 shows an overview of the dual-mode product authentication system. FIG. 2 shows an illustration of the offline authentication process. FIG. 3 shows an illustration of the online authentication process. FIG. 4 shows a diagram of the mutual authentication sequence.
DETAILED DESCRIPTION OF THE INVENTION
 The present invention relates to a system and method for determining the authenticity of goods. The following description of the present invention will be described in relation to the general features of the method and system and subsequently, in 2 embodiments, an offline method and an online method.
[0021 ] The present invention is not limited to luxury goods but also applies to any other type of product that is not listed here. Therefore, the reference to product herein refers to any kind of manufactured product or item, unless stated otherwise.
 FIG. 1 provides a general overview of the dual-mode product authentication system. The dual-mode product authentication system comprises of an authentication server 10, an authentication client 11 , and a product 12, embedded with a NFC-enabled tag. Each product 12 has a unique manufacture identification code 13, which is visible and is assigned by the original manufacturer at the initial stage of manufacture. The unique manufacture identification code 13, can be represented in the following forms: 1 ) product serial number or an identification number printed on another product label affixed to the product which is visible to the human eye; 2) a product serial number or an identification number printed on a product label which contains the said tag affixed to the product which is visible to the human eye; and 3) a product serial number or an identification number printed on a warranty card or guarantee
certificate accompanied with the product. The unique manufacture identification code can be in the form of alphanumeric characters a barcode or even a QR code.
 The product is also equipped with a NFC-enabled tag which contains an encrypted secret code 14 which is covert and invisible to the human eye. The NFC-enabled tag can be authenticated repeatedly by the authentication client 11 , as long as the tag is not damaged.
 The authentication client 11 consists of a platform which delivers authentication service in the form of software applications that have been pre-configured using an algorithm that is able to authenticate the encrypted secret code found in the said tag. The authentication client 11 which is connected to a secure network 15 comprises of a portable data processing device, which may include an Android-based smart phone, a Windows portable handheld and/or an iOS-enabled device. In the preferred embodiment, the user uses his or her own mobile device or handheld as the authentication client for greater security, although the user may also rely on other third party's devices if so desired.
 The encrypted authentication server 10 is configured to receive authentication request from the authentication client 11 in order to further verify the product 12. The authentication server 10 can be in the form of a physical server connected to a database 16, containing a list of the Paired Data of the manufacturer identification code 13 and the tag's encrypted secret code 14, and other relevant data.
 In one embodiment, a customer who wishes to purchase the product 12 from the retailer, has the option to register for a user account on the product using a designated PC system. After registration of the product is complete, a web link will be provided so that the customer can install the authentication client application 11 onto the customer's mobile device. Once the said authentication client application 11 has been installed, the customer's mobile device is now an authentication client that can be used to verify the authenticity of the product.
 In another embodiment, customers can also register and carry out authentication at his / her own convenience by self-downloading and installing the encrypted authentication
client application 11 onto his / her mobile devices. This can be done before or after the purchase of the product 12.
 One main advantage of this present invention is that it is also available for brand owners or authorised regulatory bodies (e.g. custom officials or enforcement agencies). Like the customers, brand owners and regulatory bodies can also use the authentication client application 11 to perform random checks of products that are released in the market, or when required at custom checkpoints, warehouses, stores etc. This authentication client application 11 is anticipated to be especially useful for enforcement agencies to investigate and verify in the event of customer complaints and/or reports of "suspected" or known counterfeit products.
 FIG. 2 shows an illustration of the offline authentication method. The customer uses the authentication client 20 to scan the NFC-enabled tag and execute mutual authentication process with the tag. Upon communicating with the NFC-enabled tag, an authentication response consisting of a self-generated challenge "A" data 25 is generated and sent to the authentication client 20. The authentication client 20 processes the self-generated challenge "A" data and responds appropriately, and sends a further self-generated challenge "B" data 26 back to the NFC-enabled tag. The NFC-enabled tag then verifies the said challenge "A" data received and process the said challenge "B" data 26 before responding back to the authentication client 20. Upon receiving the response, the authentication client 20 verifies the challenge "B" data.
 If the product is authentic, a success message, along with product details including date of manufacture and source of manufacturing, are displayed on the screen of the authentication client, thereby, identifying the authenticity of the product instantly. However, if the product is not identified as authentic, a failure message is displayed on the screen of the authentication client 20, thereby, identifying that the product is questionable and ought to be returned to the vendor selling the product. The customer should subsequently notify the brand and/or relevant authorities of the questionable product.
[0031 ] FIG. 3 shows an illustration of the online authentication process. Under the online authentication process, product authenticity is carried out by the authentication client 32 connecting to an encrypted authentication server 30. The authentication client 32 requests the
customer to input the unique manufacturer identification code of the product 34 manually or by scanning the unique manufacturer identification code using the authentication client 32. The unique manufacturer identification code of the product can be in the form of certificate, warranty card or invoice generated at the point of purchase of the product 33.
 The authentication client 32 pairs the encrypted secret code 35 and the unique identification number of the tag with the unique manufacture identification code of the product 34 and stores this Paired Data accordingly. The authentication client 32 then makes a product authentication request and delivers the Paired Data to the encrypted authentication server 30 through a secure network 36 for processing and verification.
 The communication between the authentication client 32 and the encrypted authentication server 30 shall involve the use of at the very least, industry standards, in order to protect the privacy of the communication, thereby assuring that communication is carried out in a secure manner. This will prevent any form of data-tampering and eavesdropping. The authentication client 32 shall start the Secure Socket Layers ("SSL")/ Transport Layer Security ("TLS") negotiation protocol with the authentication server 30 to establish a SSL/TLS session. Once the secure session is duly established, data exchanged shall be in encrypted form and can only be decrypted by the authentication client 32 and the encrypted authentication server 30. Once the relevant data exchange is complete, the secure session is terminated.
 The encrypted authentication server 30 then processes and compares the encrypted secret code 35 with the manufacturer identification code. The encrypted authentication server 30 then provides the authentication response back to the authentication client 32 in a secure manner. When both data matches, the product 33 is said to be authenticated.
 When the product 33 is identified as authentic, a success message, along with product details including date of manufacture, source of manufacturing and an image of the product are displayed on the screen of the authentication client 32, thereby identifying and confirming the authenticity of the product.
 When the product 33 is not identified by the authentication client 32 as authentic, a failure message is displayed on the screen of the authentication client 32, and thereby confirming that the authenticity of the product 33 is questionable and ought to be returned to the vendor selling the product 33. In the preferred embodiment, the failure message will indicate that the authentication is invalid, although the failure message may also feature other representations depicting an unsuccessful attempt. The customer should subsequently notify the brand owner and relevant authorities of the questionable product.
 FIG. 4 shows a flowchart of the preferred embodiment of the proposed mutual authentication process sequence of this present invention. The mutual authentication process, available in the offline method, involves 2 entities whereby the authentication client 40 sends an authentication request to commence communication between the authentication client and the NFC-enabled tag 41. The NFC-enabled tag 41 responds with a self-generated challenge "A" data 43 and sends it to the authentication client 40. The authentication client 40 processes the self-generated challenge "A" data 43 and subsequently, sends the correct response to "A" and another self-generated challenge "B" data 42 to the NFC-enabled tag 41.
 The NFC-enabled tag 41 verifies both sets of data to authenticate the product. If verification of the product is successful, the NFC-enabled tag 41 processes the self-generated challenge "B" data 42 to the authentication client 40 for further verification. If the verification passes, the mutual authentication is said to be successful. However, if the verification fails, the authentication client 40 will terminate the communication with the NFC-enabled tag 41. In this regard, mutual authentication has then failed accordingly.