Various documents are used to provide evidence of certain properties of specified items. For example, an MOT certificate provides evidence of the roadworthiness of a specified vehicle, and a valuation report provides evidence of the value of a specified article. Certificates are also available showing that particular articles (typically mobile telephones and other consumer electronics) have or have not been the subject of insurance claims, reported stolen, blocked by mobile phone networks, and so on.
Such documents are used by sellers to provide buyers with confidence in the items they are purchasing. A buyer of a second hand mobile telephone in particular will seek certainty that the handset has not been blocked by networks, has not been stolen, and that no third parties have potential claims to the item. As such, a certificate issued by a trusted authority which confirms these facts will increase the value of the item in the marketplace. These certificates are typically tied to a particular device by means of the serial number of the device.
Unfortunately, all documents are susceptible to forgery. In particular, an unscrupulous seller may obtain a genuine document showing a ‘clean’ history, and alter it to show a different device serial number. A buyer may thus be unwittingly tricked into buying a stolen device.
It is known to provide on-line databases for verifying the authenticity of documents. In such systems, copies of genuine documents are stored in a database, and are retrievable by means of a document identification number. Since the user requesting retrieval of a document knows that he is directly accessing the database belonging to the trusted authority which generated the document, he can be confident that the document thus retrieved will not have been tampered with by a third party.
A purported genuine document can therefore be verified by using the document identification number printed on the document to retrieve a copy of the document from the database. The retrieved copy can then be compared with the purported genuine document to ensure that no alterations have been made. However, such systems are not without their problems. Often the document identifier is the same as, or derivable from, the serial number of the article in question. An unscrupulous trader could therefore obtain documents relating to devices in which he has no legitimate interest. Those documents could be used to defraud consumers, for example by changing the serial number of a device to match that shown in the (genuine and verifiable) document. An even simpler fraud could involve obtaining documents relating to devices with serial numbers differing by one digit from stolen devices which the trader is attempting to sell. A consumer could readily be misled by such documents, since a difference of one digit in, say, a sixteen digit serial number could easily go unnoticed.
A large-scale system for generating documents will likely comprise a plurality of computer systems working in parallel to generate and store documents. This is necessary to deal with large volumes of requests, but creates a problem in terms of document retrieval. It is possible to generate a central index of document identifiers which can be queried, and which points to the storage location of a particular individual document. However, such an arrangement creates an extra layer of complexity, and makes the overall system more vulnerable to failure.
In a system where multiple computers work in parallel, for some document identifier generation schemes there is a risk that different computers in the same cluster will generate document identifiers which are the same. In other words, there is a collision. This can be avoided by checking between clusters for existing documents. However, this creates additional network and database load, impacting performance. It also imposes a practical limit on the size of the cluster.
It is an object of the present invention to reduce or substantially obviate the above mentioned problems.