ProductID – A solution for the identification, anti-counterfeiting and ownership management of products
The full article was originally published by Stefano Della Valle on Medium. Read the full article here.
The evaluation of the origin of a product, i.e. the identity of its manufacturer, is an important matter for many industrial and commercial sectors.
Preventing the illicit exploitation of established brands in which market and profit are taken is not the only objective of anti-counterfeiting. Even more important is to protect the final purchaser who expects to buy an original product, conform to the quality specifications necessary for its given purpose. The supply chain is another process affected and often exploited for the production and distribution of fake products.
The counterfeit product, intended to be sold on illegitimate business, is typically made with inferior materials and significantly lower quality of assembly compared to the original. However, these features are difficult to determine by the final consumer or by the trader who receives a proposal from a wholesaler.
The solution to the problem has always been based on the addition of distinctive elements on the product that are clearly visible and difficult to replicate. In short, the strategy is to make the replication of that product expensive. However, this approach has lost its effectiveness due to the increased availability and cost reduction of industrial printers and technological devices needed to reproduce labels, holograms, RFID tags, and other elements that would be attached to the final product to make it distinguishable. This is why manufacturers no longer adopt expensive solutions that may shortly become ineffective.
This said, in a totally different field (digital documents production) the counterfeiting issue has been completely solved with solutions based on digital encryption: the digital signature of documents (digital) and e-mail messages (certified mail).
The digital signature of e-mails and documents is costly, but since the volume of “signatureable” objects is very high, a low cost per signature is achieved.
The technology on which the digital signature is based is now virtually inviolable.
The idea behind our solution is simple: offer to every industrial and commercial sector the same level of security provided by the solutions of digital signature or certified mail.
The digital signature system
Digital signatures are based on a series of technical and organizational elements that are not easily replicable in a generic context:
- the signature is produced with an asymmetric encryption algorithm, so without the private key it is not possible to create a valid signature;
- the public key is inserted in a certificate stored on a public server. Anyone can obtain the certificate and therefore the public key to confirm the validation of the signature;
- the private key is produced and stored on a device capable of creating the signature. The private key is therefore never exposed so it is not clonable.
The organizational part of this system is too complex to validate a generic product, especially in the case of popular and low-cost items. However, the general scheme remains valid and has a superior effectiveness compared to simpler solutions because it raises the costs necessary to obtain a credible falsification.
ProductID Security Strategy
The security level of our ProdutctID solution is based on a series of measures that produce the same level of security as the digital signature, but with lower operating costs:
- use of electronic signature algorithms with an asymmetric key;
- use of cryptographic tokens similar to those used for digital signatures;
- decentralized public key repositories.
Key publication system
Unlike the system used for the signature and certified mail, ProductID does not use a centralized storage controlled by an institution or a company: the keys are stored in a registry that is distributed, unalterable, replicated on hundreds of servers and accessible to the public without intermediaries.
This reduces the operating cost of the system since the security of the public key container is intrinsic to the public register (IOTA in this case).