In many applications where authentication and track and trace takes place, single codes or pair of codes are used in an identification or confirmation process. For instance this takes place during logging on to certain pages on a computer network such as Internet or similar, or when using for instance identity cards, banking cards or similar. In such cases single codes, or pair of codes are generated which are known to a user and where a query in a database with one code obtains the other code. The user can then himself investigate whether the pair of codes is correct. In such cases the codes are generated in pairs which are defined in advance and stored for instance in a database.
All types of genuine goods and products, like branded clothes, jewelry and other consumer articles may be marked with a secure code. Further, medicines and medical equipment, critical parts for the industry, or parts for aircrafts or automobiles should be marked if product integrity and counterfeiting is a problem in the particular business. Unique objects related to services, such as drawings, documents, passports, security papers etc. may also be marked for the purpose of later authentication and/or track and trace operations.
Pair of codes is most often generated using so called “random number generators” that generates a series of random numbers. These numbers can again be expressed in many different ways so that they are expressed as codes in the desired form with desired characters, etc. Thus nobody should be able to guess or deduce the relation between the codes in a pair of codes consisting of two or more codes.
The disadvantage with such stored pairs of codes arises when the number of pairs of codes for instance is very high or the number of queries in the database is very high. In such case the access time for accessing the codes is increased. Further the database is getting very large when a large number of pairs of codes is generated.
This, is expensive in form of storage and computer processing capacity for referencing and other handling.
U.S. Pat. No. 6,442,276 (Doljack), describes a system and a method of verifying the authenticity of goods including generating one or more random codes and storing the one or more random codes in a database. The goods are then marked with one of the generated random codes such that each of the goods contain their own unique random code. Upon field checking and inventory of marked goods and comparing the codes on the marked goods to codes within the database, the authenticity of goods may be verified.
In GB2342743 (Elliot) a method of verifying the authenticity of goods is provided, wherein a set of public data and security code are applied to the goods, the security code having been derived from the public data by means of a predetermined encryption algorithm. Upon receiving a request for verification, the public data applied to the goods is entered into the predetermined encryption algorithm to generate a verification code. The verification code is then compared with the security code applied to the goods to assess the authenticity of goods.
In WO0300725 (Loken) describes a method for generating authentication information and use thereof in one or several subsequent authentication operations. The authentication information that is generated is consisting of at least a first authentication code and at least a second authentication code. The first code can be randomly chosen or otherwise obtained and the second code is generated on the basis of the first authentication code. Rather than storing the codes in a database they are regenerated for the purpose of validation or track and trace.
In Authentication News, Vol 8, No 7, September 2002 it is described a coding system to check the authenticity of a product where the codes are not stored in the database. The document also describes the use of Attached tagged information (ATI), allowing information, such as product type, manufacturing plant etc. to be linked automatically to the code and presented to the clients during authentication.
US2006/0180661 (Grant et al) describes a method and system for authenticating goods and thereby detecting and deterring counterfeits. According to one aspect of the invention, a client utilizes data received from a host to generate a plurality of security codes and to direct a printing device to print the plurality of security codes on a plurality of products, without retaining the plurality of security codes after the printing device has printed the plurality of security codes on the plurality of products. After the security codes have been printed, a person can communicate the security code to the host, which can verify its authenticity.
The background art described above is not able to address the need of clients requiring more control of the code generation and validation process, and the systems may be subject to fraud by someone being able to break into the systems. This could even be the system administrator.