1. Field of the Invention
This invention relates to product security, and more particularly to a system and method for verifying the authenticity of a product or service in connection with a personal, business, or commercial transaction.
2. Description of the Related Art
Many fields of activity today use portable objects comprising information processing means and information storage means, particularly in the form of microprocessor cards, to protect access to the services they offer. While offering a high level of security, these portable objects do not provide total security; for the most sensitive applications (electronic purse, debit/credit card for payment, pay television), authentication of the portable object by means of symmetric or even asymmetric cryptography has proven insufficient. In essence, this means of authentication is based on the portable objects' holding of secret keys. Experience has shown that highly competent hackers having substantial means at their disposal can succeed in discovering secret keys, even when they are located in storage areas that are normally inaccessible from outside the portable objects. A corrupted secret key allows a hacker or a fraudulent organization to profit substantially by selling low priced, cloned portable objects that offer the same services as the authentic portable objects. The hacker produces a portable object that is a clone of the authentic portable object by producing a product that fulfills the functions of the authentic portable object, without supporting anything that would limit the use of the portable object or anything related to the security of the product.
In the field of chip cards, when a telecommunications or television operator or a banking institution uses the card, it establishes an approval procedure for the product, which includes two parts:    1) the functional certification of the product, which guarantees compliance with the specifications;    2) the security evaluation of the product, which makes it possible to verify that the security requirements are met.
Once the product is approved (in terms of hardware and software), there is no way to verify that a card has gone through an approval procedure, other than via authentication using a secret key, which presupposes that this key has not been corrupted in any way and can therefore only be associated with an approved product.