In many industries, counterfeiting of products is a substantial problem that significantly impacts not only the revenues of original product manufacturers, but may even pose a serious threat to health and even life of consumers or operators of counterfeited, i.e. fake products. Such safety relevant product categories include in particular parts for automobiles and aircraft, components for the construction of buildings or other infrastructure, food, and even medical devices and pharmaceuticals.
Furthermore, in a broad range of different industries traceability of goods and physical objects is a key requirement. This applies in particular to logistics and supply chain infrastructures and to highly regulated/structured work flow environments. Examples are industry work places being controlled by official regulators such as the FDA (US Food & Drug Administration), and/or being certified e.g. according to GMP (Good manufacturing practice), GLP (Good laboratory practice), GCP (Good clinical practice), or DIN ISO or similar other standards and rules. Each of these regulated environments requires in particular an audit trail and auditable technologies. A further example is the traceability of high value products such as industrial spare parts in order to proof authenticity and intended use of these parts in secondary markets.
In order to limit counterfeiting and provide supply chain and work flow integrity, including recognition and authentication of products within work flows and supply chains, various industries have developed a number of different protection measures and identification solutions. Broadly used protection measures comprise adding a so-called security feature to a product, the feature being rather difficult to fake. For example, holograms, optically variable inks, security threads and embedded magnetic particles are known security features which are difficult to reproduce by counterfeiters. While some of these security features are “overt”, i.e. can be easily seen or otherwise recognized by a user of the product, other security features are “covert”, i.e. they are hidden and can only be detected by using specific devices, such as sources of UV-light, spectrometers, microscopes or magnetic field detectors, or even more sophisticated forensic equipment. Examples of covert security features are in particular printings with luminescent ink or ink that is only visible in the infrared part of the electromagnetic spectrum but not in its visible part, specific material compositions and magnetic pigments.
A specific group of security features, which are in particular used in cryptography, is known as “Physical Unclonable Functions” (PUFs). PUFs are sometimes also referred to as “Physically Unclonable Functions” or “Physical Random Functions”. A PUF is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict, even for an attacker with physical access to the PUF. PUFs depend on the uniqueness of their physical microstructure, which typically includes a random component that is already intrinsically present in the physical entity or is explicitly introduced into or generated in the physical entity during its manufacturing and which is substantially uncontrollable and unpredictable. Accordingly, even PUFs being produced by the exact same manufacturing process differ at least in their random component and thus can be distinguished. While in most cases, PUFs are covert features, this is not a limitation and overt PUFs are also possible. PUFs are furthermore ideal for enabling passive (i.e. without active broadcasting) identification of physical objects.
PUFs are known in particular in connection with their implementation in integrated electronic circuits by way of minimal unavoidable variations of the produced microstructures on a chip within given process-related tolerances, and specifically as being used for deriving cryptographic keys therefrom, e.g. in chips for smartcards or other security related chips. An example of an explanation and application of such chip-related PUFs is disclosed in the article “Background on Physical Unclonable Functions (PUFs)”, Virginia Tech, Department of Electrical and Computer Engineering, 2011, which is available in the Internet at the hyperlink: http://rijndael.ece.vt.edu/puf/background.html.
However, also other types of PUFs are known, such as random distributions of fibers in paper used as a substrate for making banknotes, wherein the distribution and orientation of fibers can be detected by specific detectors and used as a security feature of the banknote. Also, upconverting dyes (UCDs), particularly secret mixtures thereof, may be used as PUFs.
In order to evaluate a PUF, a so-called challenge-response authentication scheme is used. The “challenge” is a physical stimulus applied to the PUF and the “response” is its reaction to the stimulus. The response is dependent on the uncontrollable and unpredictable nature of the physical microstructure and thus can be used to authenticate the PUF, and thus also a physical object of which the PUF forms a part. A specific challenge and its corresponding response together form a so-called “challenge-response pair” (CRP).
Anti-counterfeit protection methods and systems based on using PUFs to authenticate products are described in each of the two European Patent Applications published as EP 3 340 212 A1 and EP 3 340 213 (A1) and in the further European Patent Application EP 18 170 044.4, the content of each of which is incorporated herein in its entirety by way of reference. Further anti-counterfeit protection methods and systems based on automatic object recognition and authentication based on such recognition are described in the further European Patent Application EP 18 170 047.7, the content of which is also incorporated herein in its entirety by way of reference.
Asymmetric cryptography, which is sometimes also referred to as “public key cryptography” or “public/private key cryptography”, is a known technology based on a cryptographic system that uses pairs of keys, wherein each pair of keys comprises a public key and a private key. The public keys may be disseminated widely and are usually even publicly available, while the private keys are kept secret and are usually only known to their owner or holder. Asymmetric cryptography enables both (i) authentication, which is when the public key is used to verify that a holder of the paired private key originated a particular information, e.g. a message or stored data containing the information, by digitally signing it with his private key, and (ii) protection of information, e.g. a message or stored data, by way of encryption, whereby only the owner/holder of the paired private key can decrypt the message encrypted with the public key by someone else.
Recently, blockchain technology has been developed, wherein a blockchain is a public ledger in the form of a distributed database containing a plurality of data blocks and which maintains a continuously-growing list of data records and is hardened against tampering and revision by cryptographic means. A prominent application of blockchain technology is the virtual Bitcoin currency used for monetary transactions in the Internet. A further known blockchain platform is provided for example by the Ethereum project. In essence, a blockchain can be described as a decentralized protocol for logging transactions between parties, which transparently captures and stores any modifications to its distributed database and saves them “forever”, i.e. as long as the blockchain exists. Storing information into a blockchain involves digitally signing the information to be stored in a block of the blockchain. Furthermore, maintaining the blockchain involves a process called “blockchain mining”, wherein so-called “miners” being part of the blockchain infrastructure, verify and seal each block, such that the information contained therein is saved “forever” and the block can no longer be modified.
A further new ledger technology is known by the name of the “Tangle”, which is blockless and permissionless distributed ledger architecture, which is scalable, lightweight, and provides a consensus in a decentralized peer-to-peer system. A prominent related technology using the Tangle as a technical basis is known as “IOTA”, which is a transactional settlement and data integrity layer for the Internet of Things. However, the term “blockless distributed ledger” is not intended to be limited specifically to the Tangle technology.