ANTI-COUNTERFEIT AUTHENTICITY LABELS - SMART CHIPS WITH ELECTRONIC INK & WIRELESS I/O - DUPLICATE SERIAL NUMBER DETECTION

ABSTRACT

Authenticity labels using an electronic ink display, smart chip with embedded private key, and wireless I/O. Delayed detection of duplicate serial numbers using a central server and offline scanning. Two embodiments described: money and product labels. Duplicate detection also works with printed serial numbers.

My idea is to give smart chips an electronic ink display and wireless I/O. With wireless I/O, large groups of items can be authenticated simultaneously as with RFID tags. With a visual display, any items that fail to authenticate will stand out visually, making it easy to spot even a single counterfeit item amongst a group of valid items.

To create a counterfeit would require extracting the private key(s) from a smart chip. It will be very difficult for a counterfeiter to obtain the private key of even one smart chip. Location tracking and owner tracking of serial numbers will catch any duplicated smart chip. As soon as a serial number is found to have two locations at the same time, that serial number can be invalidated.

This document also describes my idea for an improved method of detecting duplicated serial numbers, (counterfeits), using an authentication server and scanners which can function offline for faster throughput, or online for higher security. The authentication server functions as a central processor of scan data. It detects a duplicate serial number if a serial number is found in two different locations at the same time, or if the calculated travel speed between two scan locations is unreasonably high. The method of detecting duplicates is described first for use with authenticity labels, but the application of the method to printed serial numbers will also be discussed.

Each authenticity label would have a unique serial number. Each serial number would have at least one unique public/private key pair associated with it. The private key would be securely embedded in the label's smart chip. The public key for each serial number would be available in a public database. Anyone familiar with public key cryptography knows that a message encrypted with the public key can only be decrypted using the private key. In order to verify the authenticity of a label, a random image would be encrypted using the public key and wirelessly sent to the label. The label's smart chip would decrypt the encrypted image with its private key, and display the image on its electronic ink display. Displaying the image would prove that the smart chip has the private key corresponding to the label serial number.

A serial number might also have a multiplicity of non-unique public/private key pairs associated with it. The set of non-unique keys associated with a serial number would be selected from a large pool of keys by a random number generator function. This would enable offline verifier devices to store a limited number of keys for an unlimited number of serial numbers.

Authenticity labels would be useful to prevent the counterfeiting of bearer currency and to protect intellectual property. An authenticity label can be used to indicate that a product has been produced with the permission of the IP owners. Any product not containing the authenticity label is easily recognized as counterfeit or pirated.

 

BACKGROUND

A common feature of current anti-counterfeit technologies is a display, which changes appearance depending on some action of the user. Holograms change appearance depending on which angle the user holds the label. Some anti-counterfeit features present a different image if viewed with infrared or ultraviolet light. Some change if marked with special ink marker. Even microscopic features are a variation of this: they have specific appearances if viewed with a special instrument (a magnifying lens). All of these changes in appearance can be thought of as challenge-response technologies. The label is challenged with a change in viewing conditions, and must display the correct response.

These anti-counterfeit features have two weaknesses. One problem is that suspect items must be carefully inspected, one at a time, by a person who knows what to look for. No one can do rapid inspection of multiple items simultaneously. Because of this, even poor quality counterfeits often pass unnoticed. Worse is that these features can be mass reproduced with the right equipment. The small scale counterfeiter is deterred, but not the large scale counterfeiter. Well financed counterfeiters engage in mass production on a large enough scale that the cost of the equipment does not deter them.

Serial numbers present another obstacle to the counterfeiter. It takes less equipment to mass produce one serial number than to put unique serial numbers on counterfeit items. Counterfeiters often tool up to produce only one serial number. Sometimes counterfeit currency is caught because a cashier notices two bills with the same serial number. Sometimes a particular counterfeit serial number becomes widely distributed, so stores and banks are alerted to watch for that serial number. However, cashiers do not have time to check serial numbers against a list of known counterfeits. The task could be automated with optical scanning of serial numbers into computers, but so far no widespread attempt to do so has been implemented.

RFID tags allow automatic wireless input of serial numbers. Hiromichi Fujisawa, Shojiro Asai and Minoru Ashizawa have described a method of detecting duplicate RFID tags in Japan patent application number P2002-182310 and U.S. patent application number 20030234718. In their method, RFID reader terminals communicate with a central server to verify the authenticity of an RFID tag. The central server keeps track of the time and location of all scans. The travel speed between any two scans of a serial number can be calculated by dividing the distance between the two scan locations by the time difference. If the travel speed exceeds a maximum reasonable threshold, the server judges a serial number to be a duplicate.

A problem with RFID tags is that they don't provide any visual authentication to enable consumers to recognize counterfeits. The lack of visual authentication enables an item with a non-functioning tag to pass unnoticed in a group. Another problem is that RFID tags can be easily duplicated. A third problem is that the method of detecting duplicates in the Fujisawa patent requires continuous access to a central server, and thus is vulnerable to network downtime.

The developments of public key cryptography and smart chips offer another tool against counterfeiters. The private key of a public / private key pair can be embedded in a computer processor or smart chip attached to an item. The identity of the chip can be verified by asking it to perform some computation that requires using the embedded private key. Smart chips are difficult to duplicate because doing so requires extracting the private key.

Currently, smart chips are mostly used on cards that are inserted into a card reader. The card reader provides power and an I/O interface to the smart chip through electrical contacts on the card. For authenticating large groups of items, such as consumer products or currency, having to physically contact each item with a reader would be far too slow. Smart chips lack visual authentication to make it easy to spot a counterfeit in a group of items.

 

SUMMARY

My idea is to give smart chips an electronic ink display and wireless I/O. Electronic ink is a new technology with potential uses just starting to be recognized. An electronic ink display requires very little power to change the displayed image. Some electronic ink requires no power to maintain the displayed image. The thinness and low power requirement of electronic ink will make it a good display for smart chips. With wireless I/O, large groups of items can be authenticated simultaneously. With a visual display, any items that fail to authenticate will stand out visually, making it easy to spot even a single counterfeit item amongst a group of valid items. This overcomes the weaknesses of current visual authentication technologies: careful inspection is not required, multiple items can be verified simultaneously, and counterfeiters will not be able to mass reproduce smart chips. It will be very difficult for a counterfeiter to obtain the private key of even one smart chip.

In addition, I have devised an improved method of detecting duplicate serial numbers, which will work with offline scanning, not requiring continuous access to a central server.

 

BEARER CURRENCY - A USER'S PERSPECTIVE

I will describe two embodiments of authenticity labels: bearer currency, and labels to protect intellectual property.

The first embodiment I describe will be bearer currency. The system of authenticity labels might be applied to paper currency such as $100 bills, $20 bills, etc. A smart chip and electronic ink label assembly might be made thin enough to put on paper, or the bearer currency could take the form of chips, like plastic casino chips, or made as plastic cards similar in shape and appearance to credit cards.

When cashiers accept or give out money, they would pass it near a wireless scanner. The image on the electronic ink would change as it passes near the scanner. The image on the currency would tell the cashier its status. When receiving money, the image would tell whether the money is safe to accept, whether it needs close scrutiny, or whether it is an outright known counterfeit. Those three statuses, safe, suspect, or counterfeit, would be indicated by three images chosen at the cashier station. Those three images would vary from cashier to cashier, and from time to time at the same cashier station, so that a counterfeiter could not anticipate in advance what image would be associated with any status meaning.

When the cashier gives money out of the register, she also passes it near the scanner again to record the time that the store relinquishes possession of that serial number. The scanner can put the store logo and a 'Thank You for shopping with us' type of message on the electronic ink before the cashier hands it to the customer. The appearance of that image indicates that the money has been 'scanned out' from the register. If the serial number has come under suspicion during the time it was in the cash register, the currency will show the image for 'suspect' when the cashier attempts to scan it out. If the currency does not show the right image when the cashier attempts to scan it out, then it must be retained in the cash register and not given out.

This system would use location and owner tracking of serial numbers to catch duplicates. Only the time intervals when merchants and banks possess currency would be recorded. When a serial number is in the possession of a merchant or bank, the owner and location of that serial number will be known. When a serial number is in the possession of a retail customer, its owner and location would be unknown. Retail customers would not have their ID recorded when they receive currency or pay with currency that scans as 'safe' status. The only time a retail customer's ID would need to be recorded would be if they pay with currency that scans with a status of 'suspect' or 'counterfeit'.

The three images, which mean 'safe', 'suspect' and 'counterfeit', should be chosen randomly by the verifier device. A reference screen visible to the cashier would show what the three images are at any time. The images should automatically change every few minutes. If the choice of images were left to human choice, some people would have favorite images that they use all the time. If a counterfeiter could predict in advance what image means 'safe' for a particular cashier, they could simply program that image into a counterfeit without having to crack the smart chip encryption.

The currency verification system can have two levels of security. The first, lowest level of security will be sufficient for the vast majority of serial numbers deemed to have a status of 'safe'. The first level of security will not require a connection to the authentication server. First level verification will be fast because all information needed can be stored on a local hard drive, and scan time stamps can be locally generated and stored. Thus, store cashiers will mostly accept currency at a fast pace unimpeded by any slow verification process.

However, if the cashier scans a bill and its electronic ink shows the image for 'suspect', then the verification process will be slower, as if the customer were paying by check and the store were using an online check verification service. The cashier would ask for and record the customer's ID, such as driver's license number. The cashier would also have to wait for the connection to the authentication server, and rescan the currency a second time. The currency would be accepted as valid only if it passed the second level security scan while connected to the authentication server. Such suspect currency would be put to one side in the cash drawer and not handed back out as change to any customer. When the store makes its deposit at the bank, all suspect currency would be taken by the bank and held aside from circulation.

If a bill has its electronics fail, so that the electronic ink label doesn't respond to scanning, then it would be handled similarly to suspect currency. Banks would redeem bills with failed electronics. The bank teller would record the customer's ID and manually enter or optically scan the serial number into the authentication server. If the serial number were valid, then the bill would be accepted at face value and withdrawn from circulation.

 

BEARER CURRENCY: DETAILED DESCRIPTION

Smart chips for bearer currency should have not just one, but several private keys embedded, perhaps as many as ten or more. Only one of the private keys would need to be unique for each serial number. That unique key would be used for second level scanning, and its public key would be stored at the authentication server. The other keys on the smart chip would not be unique but would map into a pool of keys reused by all serial numbers.

The separation into first level and second level scanning enables most transactions to be handled with a lower security offline verification, while enabling a higher security online verification for suspect serial numbers. One problem with offline scanning is that local hard drives do not have enough storage capacity to store a unique public key for all possible serial numbers. Twenty-dollar bills have three letters and 8 digits in the serial number, which, if all combinations of letters and numbers were used, would make more than 1.76 trillion possible serial numbers. In reality, the number of possible combinations is lower, because the first letter indicates the series, and the second letter indicates one of the 12 federal reserve banks, and the letter O is not used. Anyway, if there were 1.76 trillion possible serial numbers, and if each public key uses 4 KB, and each serial number has a unique public key, the public key database would require 7,000 terabytes of storage. A central bank can afford a server with 7,000 terabytes of storage to store a unique key for each serial number, but that would not fit on local hard drives. Current hard drives only have a capacity of a few hundred gigabytes. Hard drive capacities are doubling every year, so eventually they will be able to store 7000 terabytes, but maybe not until twenty years from now. Meanwhile, the unique key can be stored at the server for second level scanning, and local offline scanning can have a work around to solve the storage problem.

Key reuse can solve the key storage problem. Smart chips can store multiple private keys that map into a reusable pool of public keys that is small enough to fit on a hard drive. Assuming 4KB per public key, and a 400 GB hard drive, 100 million public keys could fit on a hard drive. As hard drives get larger, that key pool size could also be increased. Some number, possibly 10, private keys from the pool would be stored on the smart chip for each serial number. Which 10 keys were stored for each serial number would depend on some transformation function applied to the serial number. One type of transformation function that would work well would be to use the serial number as the seed of a random number generator. A random number generator, which uses a seed, will always put out the same series of random numbers after being started with the same seed. The first ten random numbers put out by the function could be used to choose the 10 keys from the key pool for each serial number.

When a verifier device encrypts an image to send to the smart chip, the verifier knows from the serial number which key selections are stored on the smart chip. The verifier can pick any of the ten corresponding public keys at random to challenge the smart chip with. The smart chip must be able to decrypt a display request using whichever of its keys the verifier tells it to use. If the verifier wants to, it can encrypt a display request using more than one key, or even all of them, and the smart chip must be able to decrypt and display the image. The more keys tested, the longer that verification would take. Testing only one key at random would take less time and still produce a high enough chance of catching a counterfeiter.

It can be assumed that hackers would attack currency smart chips in an attempt to extract the private keys. The cost of extracting private keys can be assumed to have some fairly high cost, but hacker ingenuity cannot be discounted. Suppose that hackers attack 10,000 smart chips and obtain 100,000 private keys, how many serial numbers could they counterfeit well enough to pass a level 1 offline scan? They could counterfeit the 10,000 serial numbers of the currency they attacked. How many serial numbers other than the original 10,000 would have all ten of their keys in the pool of 100,000 known to the hackers? The hackers would know 100,000 of the 100,000,000 private keys in the pool, or 1/1000th of the keys. Each of the ten keys of every serial number would have a 1/1000 chance of being known to the hackers. However, the chance of all ten of any serial number's keys being in the pool known to the hackers would be (1/1000)^10, or 10^-30. If the total number of serial numbers is 2 trillion, then the chance of the hackers being able to fully duplicate the ten keys of some serial number other than their original 10,000 would be 10^-30 times 2 trillion, which would be 2 * 10^-18. In other words, even if hackers obtain 1/1000th of all the private keys in the pool, they still will not be able to counterfeit any serial numbers other than the ones whose smart chips they attacked.

Some smart chips have large memories, so that they could store a large number of private keys. In that case, several pools of keys should be created, each pool exponentially larger in size than the previous. One pool could have 100 million keys, the next a billion keys, and the next 10 billion keys, etc. The keys in each pool could be longer in length, say 4KB, 6KB, 8KB, etc. Different pools could be made which use different public key algorithms, such as RSA, Diffie-Hellman, Ellipitic Curve, etc. The smart chip could have a number of keys from each of these pools. As technology rapidly advances, the shorter keys, the smaller key pools, or one algorithm or another may become insecure. Undoubtedly the central bank will upgrade the currency it produces, and replace the currency in circulation. However, having a large selection of different keys on the smart chips would enable older currency to remain secure for a reasonable length of time after it becomes obsolete. Obsolete currency may take a long time to verify when an older slower smart chip has to use the longer keys, but at least that would provide some contingency in case shorter keys become insecure.

In addition to the public keys, the local hard drive also has to store the status of every serial number. This can be done in a giant bit field, with each serial number mapping to two bits in the giant bit field. Two trillion serial numbers times two bits requires a giant bit field of 4 trillion bits, which, divided by 8 bits per byte, requires 500 GB of storage, within the capacity of current hard drives. The two bits for each serial number can store four statuses, 00, 01, 10, and 11. Only three statuses are needed, safe, suspect, and counterfeit. An addition status, "see notes", may be added.

When a cashier scans currency, the verifier device wirelessly queries it for a serial number. The verifier device can communicate with multiple authenticity labels at the same time. For each serial number, the verifier looks up the status. Depending on the status, the verifier device chooses an image to send the serial number. The image could be the image for safe, suspect, or counterfeit. Then the verifier device runs the transform function on the serial number to find out which keys from the local pool each scanned serial number has. From the 10 available public keys for each serial number, it randomly selects one key and encrypts the selected status image. The verifier wirelessly sends the encrypted image to the label, and informs it which private key to use to decrypt the image. The label decrypts the image and displays it. If the image shows a status of safe, the cashier accepts the currency. If the status is suspect, the cashier does a level 2 online verification of the currency. If the status is counterfeit, the currency must be confiscated and customer may be detained for further investigation.

The verifier keeps a record of the scan times of serial numbers, and periodically submits the data to the authentication server, by secure batch upload. During batch uploads, the verifier time clock is resynchronized with the server clock and any changes the server has made to any serial numbers' statuses are downloaded to the verifier, which updates its local serial number status data. In large institutions, verifiers may report to the institution server that in turn reports to the authentication server. In remote locations, some local server may interface between local verifiers and the authentication server. Cashiers scan currency both in and out, so the time interval when a serial number is in a store or bank's possession is recorded. Batch processing of offline data detects duplicates in the same way as online verification, but offline scanners are not fully trusted. If offline data indicates that a serial number was located in two places at the same time, the serial number is marked suspect rather than counterfeit. Time stamps of offline data could be wrong. Only the time stamps of online scans can be trusted.

If a serial number has been scanned out by a cashier to a retail customer, its owner is unknown, but its location is known to be within a radius determined by the time since the scan out, and the maximum possible travel speed of a person. If that serial number is scanned in somewhere else, the travel speed between the scan out and the scan in location can be calculated as the distance between the locations divided by the time difference. If the travel speed exceeds what is possible for a person, then the serial number is judged a duplicate by location tracking.

Once a serial number is marked suspect by the authentication server, that status will propagate to the local cache of all verifiers at their next batch upload. The next time verifier encounters that suspect serial number during offline checking, its suspect status will show to the cashier by the image on the electronic ink. The cashier will follow the procedure for suspect serial numbers, getting customer ID, and connecting to the authentication server for a level 2 verification. At this point, the authentication server may have already encountered a previous instance of the serial number during an earlier level 2 verification. If so, this instance would be considered counterfeit, and the customer would be detained for questioning. The submitter of the first copy would also be located and questioned, using his recorded ID information. If no previous instance of the serial number has been encountered in a level 2 verification, then the verifier would download the unique public key for that serial number from the authentication server. If the electronic ink can display an image encrypted using the unique public key, the cashier accepts the currency and sets it aside in the cash drawer. The authentication server knows that serial number is now out of circulation, and any further attempt to do a level 2 acceptance of that serial number will fail.

During online level 2 verification, the authentication server should assume that the scanner is not trustworthy. Somebody might want to get valid serial numbers marked as counterfeit just as a prank or for some malicious purpose. Therefore, the authentication server should encrypt some random data using the label's unique public key and send it via the scanner to the label. The label would decrypt the random data and wirelessly send it back to the authentication server via the scanner. The authentication server would only consider it to be a valid instance of that serial number if it received back the decrypted data. With this procedure, a malicious scanner would not be able to deceive the authentication server into thinking it has an instance of a serial number when it doesn't.

All electronics fail sometimes. If a bill cannot display an image encrypted with one or more of its keys, it will be treated as having failed electronics. The bill with failed electronics may be redeemed, but only with good identification of the redeemer. If a good version of that serial number later turns up, then the bill with failed electronics will be brought out of storage and examined. The submitter of the bill with failed electronics may be investigated for having submitting a counterfeit. All bills taken out of circulation by the central bank will be stored somewhere for a length of time so that they can be looked at more closely if later investigation warrants it.

This system of using smart chips to restrict duplication to only a few cracked serial numbers, combined with rigorous duplicate detection, has the potential to make counterfeiting too difficult and risky to attempt. Before being completely satisfied with this solution, possible attacks to the system still need to be considered.

One possible attack would be to make something that looks like currency, but its internals would wirelessly communicate with a device inside the counterfeiter's jacket. Inside the counterfeiter's jacket would be something that encloses a regular undamaged bill, and relays the wireless commands to the real bill from the fake one on the cashier's counter. The real bill would display the correct image, which would be optically scanned by the device enclosing it, and then sent to the fake bill on the cashier's counter. The fake bill would display the same image as the real bill inside the counterfeiter's device. At the time the fake bill is scanned, the serial number would have a status of safe, so by normal procedure the cashier would accept it without asking for ID. Because the scanning would be offline, the counterfeiter could pass copies of the same serial number at a series of stores in rapid succession before they do another batch update. This type of fake bills that communicates wirelessly to the counterfeiter's device could be mass-produced because they do not have to store any unique keys. Defenses against this attack need to be considered.

Most stores have a videotape of what happens at cash registers. When they discover that the cashier has accepted a fake, the videotape can be reviewed. At the time when the fake bill was accepted into the cash register, its serial number scan would have been recorded. This recorded scan time would make it easy to identify the person on the security video who passed the bill. Most security videotapes superimpose the date and time on one edge or corner of the videotape. The time of the serial number scan could be correlated with the time on the videotape.

Another defense against a fake bill communicating to a device in the counterfeiter's jacket would be to accurately measure the response time. An automatic way to measure the response time could be found, and if the response time was too slow, alert the cashier. For a fake bill to communicate to a device in the counterfeiter's jacket, wait for the real bill to respond, and then scan the real bill, and transmit the image to the fake bill, would introduce a wait time and make its response slower. The cashier might notice a slower response time in the appearance of the image. If a bill has a slow response time, the cashier can treat it as suspect and ask for and record the customer's ID with the scan data.

Another defense would be to put currency into a faraday cage for verification. Possibly the cash drawer into which the cashier puts the currency could be a faraday cage, or just well shielded. After the drawer is closed, the cash register could do another wireless verification of the currency. Or even if the cash register is not shielded, a final scan could be automatically done after the customer has walked away, out of range. The fake would be caught while the counterfeiter is still in the parking lot, within pursuing range.

Delayed detection should be sufficient to defeat the attacks of counterfeiters. Though there would be ways for determined counterfeiters to pass a few counterfeits, the probability of being caught would be high. Any attempt to pass counterfeits on a large scale would have near zero chance of succeeding.

One final benefit or capability worth mentioning is the possibility for the authentication server to attach notes to a serial number. Whenever the server assigns a status of suspect to a serial number, cashiers are required to do a level 2 online verification. When they connect to the server to verify a serial number, the server has the opportunity to send a text message regarding that serial number. If a store or bank has been robbed and the robbers get away with cash, the serial numbers of the stolen cash are known. Stolen serial numbers can be reported to the authentication server, which can change the status of those serial numbers to suspect and attach a note explaining the crime where they were stolen. The ability to attach notes to serial numbers might even be worth adding a fourth status, 'see notes', so that cashiers could see four possible images: 'safe', 'suspect', 'counterfeit', and 'see notes'. If the cashier sees the image meaning 'see notes', they might quietly contact the authentication server to read the note without telling the customer what they are doing. As mentioned earlier, the two bit status field enables storing four statuses, 00, 01, 10, and 11. Adding a forth possible status of 'see notes' would not require any change to the status database.

 

DUPLICATE SERIAL NUMBER DETECTION OF PRINTED CURRENCY

The method of detecting duplicated serial numbers could work for printed currency, using optical scanning of serial numbers. It could work similarly, with both offline and online scanning, but without the public key cryptography. Cashiers in stores often take time to authenticate $20, $50 or $100 bills. They either mark the bill with a special pen or hold it up and examine it. The amount of time to run an optical scanner over the serial number of $20, $50, or $100 bills would not add any significant burden. The delayed detection of duplicated serial numbers would have enough value to be worth implementing.

Large-scale counterfeiters produce bills of such high quality that even experts have trouble distinguishing them from the real thing. These high quality counterfeits are sometimes called superdollars. Cashiers have no hope of catching such bills with the methods they currently use. Delayed detection of duplicate serial numbers by optical scanning would catch high quality counterfeits that otherwise would continue to circulate. If the counterfeiter produces serial numbers in sequence, then the detection of many duplicates in a given serial number range would be sufficient to flag the whole range as suspect. Large scale counterfeiters would start using random valid serial numbers but they would still have difficulty passing counterfeits in large quantity. No matter how carefully they pass them, many of the bills would be caught within a few days, and all of them would be caught eventually. Whoever passes the counterfeit bills would be identified on cashier security video tapes by the time stamp of the serial number scan.

Banks would be the first institutions to institute serial number scanning. They could keep incoming cash separate from outgoing cash, and always identified by customer. If incoming cash is held for a few days before being given back out, then a serial number will usually still be in the bank's possession when another bank reports a duplicate to the central bank. An expert can examine both instances of the duplicate serial number. If counterfeit, the customer who submitted it will eat the loss, not the bank. In this way, banks could stop the circulation of high quality counterfeits. Currently, high quality counterfeits continue to circulate in and out of banks because the bank tellers cannot distinguish them as counterfeit.

Once banks start using this highly effective method of detecting counterfeits, then stores that receive high quality counterfeits as payment will start eating losses. Large stores will take the worse losses. Large stores will be the next, after banks, to implement serial number scanning. Even though the serial number scanning would only result in a delayed detection, it would still deter counterfeiters and make them go to some other store to pass counterfeits. Counterfeiters will know that the store may be examining its security video of them in a few days, correlating the timestamp of when they passed the bill with the timestamp on the security video. This would make the store a less preferable place to pass a counterfeit. The counterfeiter would rather go to a store that will not have a timestamp of the transaction to correlate with a security video. Thus, larger stores will find it worth the investment in scanning equipment, because it will reduce their losses.

As larger stores become harder targets, counterfeiters will target smaller stores. Smaller stores will see their losses increase, and they too may implement serial number scanning. The more stores that start to scan serial numbers, the faster that duplicates will be caught, and the more dangerous it will become to pass counterfeits. This would be like any system with network effects, where the value of the network increases with each participant added.

Since the central bank has a major interest in preventing the counterfeiting of its currency, it should be willing to subsidize the R&D to create low cost serial number scanning equipment. The lower the cost of the scanning equipment, the more stores that would implement it, and the greater the network effect. Scanning equipment should cost at most no more than a bare bones computer with a large hard drive. That would be $200 at most. It should be implemented as a Linux or BSD distribution, with open source software, so that people could download the distribution and install it on old computers to make dirt cheap scan stations. Another thing the central bank could do to facilitate scanning would be to redesign the currency to enable the use of bar code scanners for the serial number. Bar code scanners are cheaper and faster. With bar codes on money, a store cashier could scan money serial numbers with the same scanner as they use for product UPC codes. Some cashier stations might be able to integrate a currency scanning system in a way that requires no additional hardware, only a software upgrade.

If scanning equipment deters the loss from high quality counterfeits, then the return on investment for scanning equipment could be estimated with the equation R = C * D, where R is return on the investment, C is the amount of cash that a cashier station handles, and D is the density of counterfeits in circulation. Banks would have the highest return on the investment because they handle the most cash. Grocery stores and large discount stores would be next. If we assume that C is $10,000 per day, and D is .0006, then R would be $6 per day. If C is $300,000 per year, then R would be $180 per year. The scanning equipment should cost less than $180, so it would pay for itself in less than a year. Some locations have a high concentration of counterfeits in circulation. In these areas, scanning equipment could pay for itself on a daily basis.

One problem for optical scanning of serial numbers is that the central bank would have to treat serial number scans with less trust than with the smart chip system. With the smart chips, the central bank would not have to trust the scanner because the smart chip would decrypt some random message to authenticate itself to the central bank. With optical scanning of serial numbers, the central bank would have to trust the scanner to report the serial number correctly. The reliability of the scanner data would depend both on the computer network and on the person operating the scanner. Some people would attempt to sabotage the system by flooding it with bad data.

Bad data would cause valid serial numbers to be misidentified as suspect, and cause a lot of extra hassle for all concerned. One solution to this would be to only trust scan data that is verified by banks. Usually when a store cashier accepts a $20, $50 or $100 bill, these end up in the store's cash deposits to the bank. They don't get handed back out as change most of the time. The store would report the scans to the central bank, but the central bank would not trust the store's scan data until the bank processed the store's cash deposit and scanned in the same serial numbers. After the central bank received the bank's confirmation of the store scans, it would then trust the store scan data for those serial numbers, and consider the serial numbers as having been in the possession of the store from the store's scan time. If a store wanted to tamper with data to misidentify serial numbers as suspect, it could report an earlier scan time for serial numbers before it deposits them, but that could cause its own deposits to become suspect, and cause the bank to withhold deposit credit. A store would mostly hurt itself if it tampered with data in that way. The possibility exists for a corrupt bank or bank employee to tamper with data. Most duplicate serial numbers reported by a bank should still be in their possession when the central bank detects the duplicate. If a bank's serial number data results in the detection of duplicates, but somehow the bank has already handed most of those serial numbers out to customers, then all of the bank's data can be disregarded as untrustworthy, and the bank's data path should be investigated.

Another solution to the problem of untrustworthy scan data would be to authenticate persons who operate scanners, and keep metrics for each scanner operator that would indicate if they falsified data. One metric would be the average percentage of serial numbers that they scan that become suspect. This could be compared to the average percentage for their area. Another metric would be the percentage of suspect serial numbers that they scan which later becomes validated within a certain period of time by actually finding the duplicates. This would enable the use of all scan data without stores and banks having to keep incoming and outgoing cash separate. Some bank personnel have told me that it would be too much trouble for them to keep incoming and outgoing cash separate. Although serial numbers would not still be in possession when offline data suggests a duplicate, it would still enable looking at security videos to see who passed them. The duplicate notes would be recovered the next time they were spent because the next store to receive them would be warned by the suspect status.

 

 

AUTHENTICITY LABELS TO PROTECT INTELLECTUAL PROPERTY

Authenticity labels attached to products indicate that the product has been produced legitimately with the permission of the IP owner(s). An example of an authenticity label would be the Certificates of Authenticity that accompany software published by Microsoft. Most people have seen these certificates of authenticity, with the holograms and various anti-counterfeit features. These certificates protect Microsoft's copyrights and trademarks by providing consumers with a visual distinction between fraudulent and authentic use of that IP. They work well, except that pirates have successfully counterfeited them.

Authenticity labels have the potential to protect all kinds of IP, not just copyrights and trademarks. Authenticity labels made using smart chips, electronic ink and wireless I/O would have the same protection against counterfeiting as discussed for bearer currency. All products in stores could have authenticity labels. Consumers would have their own portable hand scanners that they bring into stores to authenticate items.

Where IP owners are powerless to prevent unauthorized use of their IP, authenticity labels can restore some contractual leverage to IP owners by providing a visual distinction between authorized and unauthorized use of their IP. Although producers may be able to easily pirate IP, producers will not be able to easily pirate authenticity labels that indicate the IP owner's approval. To the extent that the market demands authenticity labels, the IP owner will have contractual leverage as the only source of authenticity labels.

Some consumers will not knowingly purchase pirated products. Some percentage of people will voluntarily compensate IP owners even when no danger of punishment exists for not doing so. It can be taken as a market hypothesis that the percentage of moral people in the consumer population is high enough to create a market demand for authenticity labels even when no other IP enforcement mechanism exists. In the software market, many shareware and freeware titles succeed in collecting enough voluntary registration fees to support their authors. The people who pay voluntary shareware registration fees have no danger of punishment, but do so out of honesty and integrity. I read once that 7% of shareware users pay the registration fee. From this data, it could be extrapolated that 7% of people would buy products with authenticity labels in order to voluntarily pay IP owners. In addition to the market provided by the moral segment of the population, many people would buy products with authenticity labels out of concern for quality. Most pirated products have low quality. Especially in products where poor quality would put health or safety at risk, authenticity labels would be important to consumers.

A manufacturer of authenticity labels could have a business model that would include a product registry and an IP registry. Any product, which uses labels from the manufacturer, would have to be registered in its product registry. Any product registered in the product registry would have to declare all IP that it uses from the IP registry. In order to use any IP from the IP registry, the producer would have to pay royalties to the IP owner. If a producer failed to declare any IP that a product uses, or failed to pay royalties, the IP owner could complain to the product registry. If the product registry finds the complaint valid, it could invalidate the product registration, and invalidate the authenticity labels of that product.

Like RFID tags, authenticity labels for products will have a product number field and a serial number field. The product number might be 32 bits and the serial number might be 64 bits. When a scanner reads an authenticity label, it will read the product number and the serial number. The scanner can use the product number to obtain the network address of the authentication server for that product.

Each product can have its own authentication server. The network address of any product's authentication server can be looked up at the product registry, by product number. The authentication server for a product could be run by the IP owners, whose IP is used in the product. By controlling the authentication server, the IP owners would control the labels, even after they have been applied to products. In the event of a dispute with a producer, the IP owners of a product could invalidate the authenticity labels of that product in the distribution chain and on retail shelves. Because the product registry controls the lookup table for authentication server network addresses, the product registry can invalidate any product's authenticity labels by changing or deleting the network address of the authenticity server from its lookup table. Thus, the authenticity labels for any product could be invalidated by either the product registry or by the IP owners.

The manufacturer of authenticity labels would have to make available portable hand scanners for consumers to take into stores with them. These portable hand scanners would be made and sold to consumers as cheaply as possible, to create recognition and market share for the manufacturer's labels. The hand scanners would work similar to the scanners of currency. They would have the capability to function offline for lower security, or online for higher security. The cheaper ones would only be able to go online by connecting through another computer, maybe through the USB port. These cheap scanners would do offline scanning in stores, with batch updates to the offline database done at home through the user's home computer. The better ones would be able to use a wireless Internet connection for online scanning anywhere.

Consumers would have a motivation to buy hand scanners if they want to avoid buying pirated products. Another motivation could be given to consumers by setting up a reward system for reporting counterfeit labels, or pirated products. If the reward were high enough, people would buy hand scanners just so that they could go bounty hunting for pirated products on store shelves, like looking for hidden treasure in stores.

The stores themselves could fund the reward, if IP owners setup a contractual arrangement in the production and distribution chain. Since an IP owner can have complete control over whether any product has an authenticity label indicating the IP owners' approval, the IP owner can place any contractual requirement on production and distribution as a condition of having the label. The IP owner can require that any transfer of ownership or location of products be approved by the IP owner. The conditions of ownership can be propagated through the distribution chain all the way to retail stores. Thus, for a retail store to sell the products, it would have to agree to pay a huge fine, or reward, to any bounty hunter who finds a pirated product on its shelves. This would mean that the products would only be sold through authorized outlets, and that authorized outlets would not dare to sell pirate products alongside authentic ones.

This arrangement would not be able to penalize unauthorized stores for selling pirated products, because the unauthorized stores would not have any contractual arrangement with the IP owners. However, stores that sell pirated products could be made publicly known as such. Some of the public would prefer to shop at pirate stores for cheaper prices, but IP owners might find some other way to prevent pirate stores from operating. Such stores need a base of operations, some physical location. In a proprietary community, the landlord could simply evict pirate stores and not allow them to operate anywhere within the community.

The possible statuses for product authenticity labels could be similar to currency statuses, such as 'valid', 'suspect', 'counterfeit' and 'see notes'. Any IP owners with write access at the authentication server could change any or all serial number statuses, or attach notes to any serial numbers.

Just as with currency, the status of 'suspect' would be a temporary status indicating that offline scan data suggests that a serial number has been duplicated. Portable hand scanners themselves could determine the status of 'suspect' if they store enough information. The scanner's offline database could store the last known location and owner for each serial number in the local distribution chain. This wouldn't be done for currency because of the volume of data required, but for products in a distribution chain, it could be done. Before leaving home or office in the morning, the scanner could update its serial number owner / location database from the authentication server. During the day, if the scanner scans a serial number with a different owner or location than the one in its database, it makes the scanned label display the image for a 'suspect' status. In this case, the scanner, not the authentication server, locally determined the 'suspect' status.

Later, when the scanner connects to the authentication server again, it reports all scans. A suspect scan might be cleared of suspicion if the owner or location of that serial number had already been validly changed at the server. A suspect scan might have its suspicion validated if the server had no record of that serial number being at the owner or location where the scanner scanned it. Unlike with currency, time stamps of hand scanners would be less of an issue, because products don't move around as fast as currency. The authentication server could change a serial number's status to counterfeit on the basis of offline data. Because the hand scanner would have updated in the morning, and again in the evening, the server knows the scan occurred sometime during the day between the two connections. Since the suspect serial number should not have been scanned at that location at any time during that whole interval, the accuracy of the scanner's clock doesn't matter. The server would change the status to counterfeit. Subsequent scans of that serial number would show the status as counterfeit rather than merely suspect.

In the hand scanner's database, location and owner data could be encoded to minimize the storage requirement. Valid owner and location combinations in the distribution chain could be assigned integer number codes. If an owner has multiple locations, each location would have its own code. If there are less than 2 billion owner and location combinations, a 32 bit integer could store one owner and location data. It would be unlikely to have more than a few million owner locations in the distribution chain.

The hand scanner's serial number database for each product could be a standard relational database. Each product would have its own main table. The main table for each product would have records containing the serial number, the owner/location code, and the status. This might use 64 bits for the serial number, 32 bits for the owner location code, and one byte for the status. In this format, each record would use 13 bytes. Each billion serial numbers would require 13 GB of storage on the local hard drive. Since the hand scanner's database only has to have the serial numbers known to be in local stores, its storage could fit the serial numbers of all products in stores within driving distance. There should be a second table to tell what each owner location code means. Records in this table would have the 32 bit owner location code, and text fields with the owner name and location address. Each owner location record might use 100 bytes approximately. The hand scanner would only have to store owner location codes for the local area.

Just as with currency, product authenticity labels could draw from a reusable pool of keys. The product number and serial number combined could be the seed for the random number generator that selects which keys from the pool are used. A hand scanner's hard drive would store the reusable pool of public keys in addition to the product serial number databases.

 

DUPLICATE DETECTION OF PRINTED AUTHENTICITY LABELS

Just as with currency, the method of detecting duplicate serial numbers could be used with printed authenticity labels. It may be two or three decades before smart chips and electronic ink become low cost enough for widespread application to consumer products. Until then, consumer recognition of pirated products can be enabled cheaply with printed authenticity labels, using serial numbers designed for both optical scanning and hand entry.

A printed authenticity label should have a product number and a serial number, which a consumer can easily read and enter by hand into a PDA. A consumer with a PDA should be able to enter the product and serial number of a product on a store shelf, and see where that serial number is supposed to be. If that serial number should be somewhere else, or has a suspect status, then the consumer may distrust it. The next time they connect to the authenticity server with their PDA, the suspect data will be reported. If their PDA shows that serial number as being at the store where the consumer is, then the consumer may trust that as an authentic item.

This could be implemented to work with current handheld PDA devices such as a Palm Pilot or a Windows CE machine, as just another software for that platform. The memory requirement would be low, because the PDA would only have to store the product serial numbers for the local area where the owner intends to shop. This would work for all products whose serial numbers are tracked through the distribution chain, so that the location of that product can always be looked up by serial number. A person with a PDA would connect it to their PC, go on the Internet to the product registry web site, select their location, what stores they shop at, and what products they are interested in. The product registry would download to the PDA an updated database of all the product serial numbers that person might encounter and want to authenticate at the local stores where they shop.

People who do not have a PDA, but who intend to purchase a specific product, could download and print on paper all the serial numbers of that product that are supposed to be at the specific stores they intend to shop. They could print the serial numbers arranged in columns, to fit all on one page. The serial numbers would be printed in sorted order to make them easy to find. If a consumer went into a store and found a product serial number not on his printed page, he would know not to trust it.

If stores don't want the public to know their inventory, then authentication could still be made available by looking up a product serial number on PDA enabled web page. Some PDA devices have wireless Internet access, so a person could use a PDA with wireless Internet to look up serial numbers in a store.

In addition to tracking serial numbers in the distribution chain, an authentication server also needs to know when serial numbers are sold to the public, so that they should no longer be listed in a store's inventory. This is necessary to keep a store's inventory database from growing larger and larger, forever keeping all the serial numbers that have passed through that store. More importantly, a store could keep selling multiple copies of the same serial number if the sales of serial numbers were never reported. A store can be required to report sales, but the store's report cannot be fully trusted. If the store were dishonestly selling multiple copies of the same serial number, it would not report the sales. Therefore, the public needs to be given some incentive to report their purchases. This can be done through product registration for warranty purposes, rebates, coupons, or lottery submissions. Even though many people will never report their purchase, some will. Even if only some people report their purchase, that will turn the odds against a store which tries to sell multiple copies of a serial number. The store may get away with it for a while, but eventually two or more people will report the purchase of the same serial number from the store.

It should be noted that although any individual manufacturer or IP owner could track and make available serial number data, a synergy or network effect would be achieved if this were done through a product registry for a large number of products. The larger the number of products, the more people would become familiar with the scheme, and the product registry would provide a central Internet location for people to know where to look for the data.

Additionally, the product registry could facilitate public reports of purchases, by setting up and running rebate accounts for the public. When manufacturers want to give a small rebate incentive for people to report a purchase, they could do it through the product registry, which would credit people's rebate account online, instead of having to mail a check. People could get all their rebates from different products into their same rebate account at the product registry web site. When people purchase a product from a store, they could give their rebate account number to the store, which would report it along with the sale of the serial number. This way, rebates would be automatically credited to people's rebate account, without requiring the customer to fill out any forms or mail anything in. Rebates given in this way would have very low transaction costs, not requiring any mail, nor check printing. With low transaction costs, rebates could be small, yet still effective. People would log into their rebate account to make sure all their purchases showed up. If a purchase doesn't show up in their rebate account within a reasonable processing time, then the person should receive a larger reward rebate for reporting it. This would catch any stores which try to bypass the automatic reporting mechanism. This whole scheme of automatic effortless rebates for people would encourage most people to sign up for rebate accounts, and ensure that most serial number purchases get reported to the authentication servers. This type of synergy would only be possible through a product registry that handles a large number of products. Single products have no way to do something like this.

ACKNOWLEDGEMENTS

I wish to gratefully acknowledge those people who have contributed to my thinking on this topic. First, I credit Andrew Galambos, author of Sic Itur Ad Astra, for my understanding of the importance of protecting intellectual property, or primary property as he would call it. I also credit all of the participants on the yahoo volitional science discussion group for providing a discussion forum, which helps me think about ways to protect primary property. The ideas of volitional science inspired me to think of the need for authenticity labels, which cannot be counterfeited. I also acknowledge all of the developers of public key cryptography, without who smart chip public key encryption would not be possible. Whoever at Microsoft first thought of using certificates of authenticity provided a major contributory input. Credit is also due to those at Microsoft who developed the idea of DRM. Before I first thought of smart chips with electronic ink displays, I thought of Microsoft's proposed DRM system. I thought, what IP owners need is an authenticity label that works like a DRM system, where they can retain control of the display. Then I thought about a miniature DRM, shrinking the screen and the processor, and then I realized the processor could be a smart chip and the display could be electronic ink. While searching the patent database to see if anyone had already patented the idea, I found the Fujisawa patent application which describes their method of detecting duplicate RFID tags. This was also a helpful contributory input. Detecting if duplicate serial numbers are currently in possession at two different locations is obvious, but I hadn't thought of calculating the travel speed between scans. That idea can be useful for flagging suspect currency even after a serial number has been handed out to consumers and is not currently in the possession of a store or bank.

 

(c) 2005 by Vincent Lewis Youngs