Logistics as a field inherently attracts information technology solutions, and as internet technology has developed through the twentieth century a number of different mechanisms for making a connection between any physical object and an electronic information handling system have been developed. Punched cards were developed as the original input means for computing devices, and the possibility of using similar cards was quickly identified as a rapid means of registering the sale of an object. A major development in this field came with the development of the Universal Product Code (UPC) system, based on the reading of a one or two dimensional barcode with a laser scanner. On the basis of this and related technologies, virtually all packaged consumer goods today are provided with such a code. More recently, matrix, or two dimensional bar codes, such as “QR Codes” (registered trade mark in some jurisdictions) described in U.S. Pat. No. 5,726,435 have become common. Such codes are able to encode more information in a small area than conventional 1 dimensional bar codes, and as such are frequently used to encode a Uniform Resource Indicator (URI) for example as defined in IETF Request For Comments RFC 1630. Meanwhile, in addition to these optical solutions, radio based tagging solutions such as those based on RFid tags are increasingly widespread.
One frequent usability issue with machine readable codes of this kind is that the machine readable code is often not comprehensible to a human reader. It is therefore common to accompany the machine readable code with a human readable representation of the key content of the machine readable code.
While in the context of the tagging of commercial goods there is little incentive to use misleading or corrupts tags, as such tags become common in a wide range of situations outside the strictly regulated field of commerce, such misuse becomes more likely. This is compounded by the increasing capabilities of modern tagging systems. For example, the capacity for QR codes or RFID tags to incorporate a URI which may point to an internet site hosting dangerous code, or even to incorporated harmful scripting itself means that these technologies may become a threat. Meanwhile, the fact that QR tags may appear on posters, business cards, letters and so on means that the context in which such codes are used is increasingly uncontrolled.
Accordingly, it is desirable to provide a mechanism whereby the content of a machine readable code may be verified with regard to the object with which it is associated.
Certain partial solutions to this problem are known.
Each NFC Chipset memory has a unique serial number, called the UID (Unique Identifier). It may be 7 bytes long (7×8=56 bits, 04:73:91:A2:16:3C:81) or 4 bytes long (4×8=32 bits, like 04:73:91:A2).
On some NFC Chipsets a specific feature allows a so called UID ASCII mirror for automatic serialization of NDEF messages”. Writing a URL (ex http://xt.ag/#) in an NFC tag for example in the form UID: 04:73:91:A2:16:3C:81 gives an extended URL stored in the NFC Chipset memory. This feature writes the UID in ASCII hex format in the NDEF URL. This may support some server side verification concerning the registered usage of the chip in question.
Meanwhile, an extension to the standard QR Code format has been developed entitled: “Security QR Code (SQRC)”. The terms “Security QR Code” and “SQRC” are registered trademarks in some jurisdictions. SQRC contains both encrypted and normally readable data. While these features can be used to combat fraud and help prevent counterfeit, grey-market and black-market issues, this approach remains dependant either on the reader device being pre-programmed with the encryption algorithm and parameters of the code to be decoded (and no others), or being in communication with a remote server which is able to provide the required information.
FR3008211 describes a method for printing security graphics on a support that is to be secured, characterized in that it involves using, in combination, at least three different types of printing security graphics taken from a group of eligible printing security graphics items, and in that said printing security graphics items that are used are interdependent by construction, such that a modification to one of the EGS items forming the print item automatically results in an identifiable inconsistency.
FR3009409 concerns a method for encoding an access to a computer resource, consisting of including, in a physical representation of the code, a first item of information encoded according to a first encoding type corresponding to the access path and to the identification of said computer resource, and capable of being decoded by a reader, characterised in that: the physical representation further comprises an item of validity condition information encoded according to a second encoding type, corresponding to a validity condition of the access to said computer resource,—said validity condition information being capable of being decoded by an application installed on an element of the network including the reader of the physical representation, one or a plurality of gateways and the server that hosts said computer resource. Where this system operates at a purely local level, it relies on a predefined encryption key whereby security is reinforced with reference to additional validity information entered by a user or from an additional machine readable code. It is desirable to provide an approach offering satisfactory security without recourse to these additional steps. It is desirable to provide a tagging solution offering security and improved flexibility.