|
ANTI-COUNTERFEIT
AUTHENTICITY LABELS - SMART CHIPS WITH ELECTRONIC INK & WIRELESS I/O -
DUPLICATE SERIAL NUMBER DETECTION ABSTRACT Authenticity
labels using an electronic ink display, smart chip with embedded private key,
and wireless I/O. Delayed detection of duplicate serial numbers using a
central server and offline scanning. Two embodiments described: money and
product labels. Duplicate detection also works with printed serial numbers. My idea is to
give smart chips an electronic ink display and wireless I/O. With wireless
I/O, large groups of items can be authenticated simultaneously as with RFID
tags. With a visual display, any items that fail to authenticate will stand
out visually, making it easy to spot even a single counterfeit item amongst a
group of valid items. To create a
counterfeit would require extracting the private key(s) from a smart chip. It
will be very difficult for a counterfeiter to obtain the private key of even
one smart chip. Location tracking and owner tracking of serial numbers will
catch any duplicated smart chip. As soon as a serial number is found to have
two locations at the same time, that serial number can be invalidated. This document
also describes my idea for an improved method of detecting duplicated serial
numbers, (counterfeits), using an authentication server and scanners which
can function offline for faster throughput, or online for higher security.
The authentication server functions as a central processor of scan data. It
detects a duplicate serial number if a serial number is found in two
different locations at the same time, or if the calculated travel speed
between two scan locations is unreasonably high. The method of detecting
duplicates is described first for use with authenticity labels, but the
application of the method to printed serial numbers will also be discussed. Each authenticity
label would have a unique serial number. Each serial number would have at
least one unique public/private key pair associated with it. The private key
would be securely embedded in the label's smart chip. The public key for each
serial number would be available in a public database. Anyone familiar with
public key cryptography knows that a message encrypted with the public key
can only be decrypted using the private key. In order to verify the
authenticity of a label, a random image would be encrypted using the public
key and wirelessly sent to the label. The label's smart chip would decrypt
the encrypted image with its private key, and display the image on its
electronic ink display. Displaying the image would prove that the smart chip
has the private key corresponding to the label serial number. A serial number
might also have a multiplicity of non-unique public/private key pairs
associated with it. The set of non-unique keys associated with a serial
number would be selected from a large pool of keys by a random number
generator function. This would enable offline verifier devices to store a
limited number of keys for an unlimited number of serial numbers. Authenticity
labels would be useful to prevent the counterfeiting of bearer currency and
to protect intellectual property. An authenticity label can be used to
indicate that a product has been produced with the permission of the IP
owners. Any product not containing the authenticity label is easily
recognized as counterfeit or pirated. BACKGROUND A common feature
of current anti-counterfeit technologies is a display, which changes
appearance depending on some action of the user. Holograms change appearance
depending on which angle the user holds the label. Some anti-counterfeit
features present a different image if viewed with infrared or ultraviolet light.
Some change if marked with special ink marker. Even microscopic features are
a variation of this: they have specific appearances if viewed with a special
instrument (a magnifying lens). All of these changes in appearance can be
thought of as challenge-response technologies. The label is challenged with a
change in viewing conditions, and must display the correct response. These
anti-counterfeit features have two weaknesses. One problem is that suspect
items must be carefully inspected, one at a time, by a person who knows what
to look for. No one can do rapid inspection of multiple items simultaneously.
Because of this, even poor quality counterfeits often pass unnoticed. Worse
is that these features can be mass reproduced with the right equipment. The
small scale counterfeiter is deterred, but not the large scale counterfeiter.
Well financed counterfeiters engage in mass production on a large enough
scale that the cost of the equipment does not deter them. Serial numbers
present another obstacle to the counterfeiter. It takes less equipment to
mass produce one serial number than to put unique serial numbers on
counterfeit items. Counterfeiters often tool up to produce only one serial
number. Sometimes counterfeit currency is caught because a cashier notices
two bills with the same serial number. Sometimes a particular counterfeit
serial number becomes widely distributed, so stores and banks are alerted to
watch for that serial number. However, cashiers do not have time to check
serial numbers against a list of known counterfeits. The task could be
automated with optical scanning of serial numbers into computers, but so far
no widespread attempt to do so has been implemented. RFID tags allow
automatic wireless input of serial numbers. Hiromichi Fujisawa, Shojiro Asai
and Minoru Ashizawa have described a method of detecting duplicate RFID tags
in A problem with
RFID tags is that they don't provide any visual authentication to enable
consumers to recognize counterfeits. The lack of visual authentication
enables an item with a non-functioning tag to pass unnoticed in a group.
Another problem is that RFID tags can be easily duplicated. A third problem
is that the method of detecting duplicates in the The developments
of public key cryptography and smart chips offer another tool against
counterfeiters. The private key of a public / private key pair can be
embedded in a computer processor or smart chip attached to an item. The
identity of the chip can be verified by asking it to perform some computation
that requires using the embedded private key. Smart chips are difficult to
duplicate because doing so requires extracting the private key. Currently, smart
chips are mostly used on cards that are inserted into a card reader. The card
reader provides power and an I/O interface to the smart chip through
electrical contacts on the card. For authenticating large groups of items, such
as consumer products or currency, having to physically contact each item with
a reader would be far too slow. Smart chips lack visual authentication to
make it easy to spot a counterfeit in a group of items. SUMMARY My idea is to
give smart chips an electronic ink display and wireless I/O. Electronic ink
is a new technology with potential uses just starting to be recognized. An
electronic ink display requires very little power to change the displayed
image. Some electronic ink requires no power to maintain the displayed image.
The thinness and low power requirement of electronic ink will make it a good
display for smart chips. With wireless I/O, large groups of items can be
authenticated simultaneously. With a visual display, any items that fail to authenticate
will stand out visually, making it easy to spot even a single counterfeit
item amongst a group of valid items. This overcomes the weaknesses of current
visual authentication technologies: careful inspection is not required,
multiple items can be verified simultaneously, and counterfeiters will not be
able to mass reproduce smart chips. It will be very difficult for a
counterfeiter to obtain the private key of even one smart chip. In addition, I
have devised an improved method of detecting duplicate serial numbers, which
will work with offline scanning, not requiring continuous access to a central
server. BEARER CURRENCY -
A USER'S PERSPECTIVE I will describe
two embodiments of authenticity labels: bearer currency, and labels to
protect intellectual property. The first
embodiment I describe will be bearer currency. The system of authenticity
labels might be applied to paper currency such as $100 bills, $20 bills, etc.
A smart chip and electronic ink label assembly might be made thin enough to put
on paper, or the bearer currency could take the form of chips, like plastic
casino chips, or made as plastic cards similar in shape and appearance to
credit cards. When cashiers
accept or give out money, they would pass it near a wireless scanner. The image
on the electronic ink would change as it passes near the scanner. The image
on the currency would tell the cashier its status. When receiving money, the
image would tell whether the money is safe to accept, whether it needs close
scrutiny, or whether it is an outright known counterfeit. Those three
statuses, safe, suspect, or counterfeit, would be indicated by three images
chosen at the cashier station. Those three images would vary from cashier to
cashier, and from time to time at the same cashier station, so that a
counterfeiter could not anticipate in advance what image would be associated
with any status meaning. When the cashier
gives money out of the register, she also passes it near the scanner again to
record the time that the store relinquishes possession of that serial number.
The scanner can put the store logo and a 'Thank You for shopping with us'
type of message on the electronic ink before the cashier hands it to the
customer. The appearance of that image indicates that the money has been 'scanned
out' from the register. If the serial number has come under suspicion during
the time it was in the cash register, the currency will show the image for
'suspect' when the cashier attempts to scan it out. If the currency does not
show the right image when the cashier attempts to scan it out, then it must
be retained in the cash register and not given out. This system would
use location and owner tracking of serial numbers to catch duplicates. Only
the time intervals when merchants and banks possess currency would be
recorded. When a serial number is in the possession of a merchant or bank,
the owner and location of that serial number will be known. When a serial
number is in the possession of a retail customer, its owner and location
would be unknown. Retail customers would not have their ID recorded when they
receive currency or pay with currency that scans as 'safe' status. The only
time a retail customer's ID would need to be recorded would be if they pay
with currency that scans with a status of 'suspect' or 'counterfeit'. The three images,
which mean 'safe', 'suspect' and 'counterfeit', should be chosen randomly by
the verifier device. A reference screen visible to the cashier would show
what the three images are at any time. The images should automatically change
every few minutes. If the choice of images were left to human choice, some
people would have favorite images that they use all the time. If a
counterfeiter could predict in advance what image means 'safe' for a
particular cashier, they could simply program that image into a counterfeit
without having to crack the smart chip encryption. The currency
verification system can have two levels of security. The first, lowest level
of security will be sufficient for the vast majority of serial numbers deemed
to have a status of 'safe'. The first level of security will not require a
connection to the authentication server. First level verification will be fast
because all information needed can be stored on a local hard drive, and scan
time stamps can be locally generated and stored. Thus, store cashiers will
mostly accept currency at a fast pace unimpeded by any slow verification
process. However, if the
cashier scans a bill and its electronic ink shows the image for 'suspect',
then the verification process will be slower, as if the customer were paying
by check and the store were using an online check verification service. The
cashier would ask for and record the customer's ID, such as driver's license
number. The cashier would also have to wait for the connection to the
authentication server, and rescan the currency a second time. The currency
would be accepted as valid only if it passed the second level security scan
while connected to the authentication server. Such suspect currency would be
put to one side in the cash drawer and not handed back out as change to any
customer. When the store makes its deposit at the bank, all suspect currency
would be taken by the bank and held aside from circulation. If a bill has its
electronics fail, so that the electronic ink label doesn't respond to
scanning, then it would be handled similarly to suspect currency. Banks would
redeem bills with failed electronics. The bank teller would record the
customer's ID and manually enter or optically scan the serial number into the
authentication server. If the serial number were valid, then the bill would
be accepted at face value and withdrawn from circulation. BEARER CURRENCY:
DETAILED DESCRIPTION Smart chips for
bearer currency should have not just one, but several private keys embedded,
perhaps as many as ten or more. Only one of the private keys would need to be
unique for each serial number. That unique key would be used for second level
scanning, and its public key would be stored at the authentication server.
The other keys on the smart chip would not be unique but would map into a
pool of keys reused by all serial numbers. The separation
into first level and second level scanning enables most transactions to be
handled with a lower security offline verification, while enabling a higher
security online verification for suspect serial numbers. One problem with
offline scanning is that local hard drives do not have enough storage
capacity to store a unique public key for all possible serial numbers.
Twenty-dollar bills have three letters and 8 digits in the serial number,
which, if all combinations of letters and numbers were used, would make more
than 1.76 trillion possible serial numbers. In reality, the number of
possible combinations is lower, because the first letter indicates the
series, and the second letter indicates one of the 12 federal reserve banks,
and the letter O is not used. Anyway, if there were 1.76 trillion possible
serial numbers, and if each public key uses 4 KB, and each serial number has
a unique public key, the public key database would require 7,000 terabytes of
storage. A central bank can afford a server with 7,000 terabytes of storage
to store a unique key for each serial number, but that would not fit on local
hard drives. Current hard drives only have a capacity of a few hundred
gigabytes. Hard drive capacities are doubling every year, so eventually they
will be able to store 7000 terabytes, but maybe not until twenty years from
now. Meanwhile, the unique key can be stored at the server for second level
scanning, and local offline scanning can have a work around to solve the
storage problem. Key reuse can
solve the key storage problem. Smart chips can store multiple private keys
that map into a reusable pool of public keys that is small enough to fit on a
hard drive. Assuming 4KB per public key, and a 400 GB hard drive, 100 million
public keys could fit on a hard drive. As hard drives get larger, that key
pool size could also be increased. Some number, possibly 10, private keys
from the pool would be stored on the smart chip for each serial number. Which
10 keys were stored for each serial number would depend on some
transformation function applied to the serial number. One type of
transformation function that would work well would be to use the serial
number as the seed of a random number generator. A random number generator,
which uses a seed, will always put out the same series of random numbers
after being started with the same seed. The first ten random numbers put out
by the function could be used to choose the 10 keys from the key pool for
each serial number. When a verifier
device encrypts an image to send to the smart chip, the verifier knows from the
serial number which key selections are stored on the smart chip. The verifier
can pick any of the ten corresponding public keys at random to challenge the
smart chip with. The smart chip must be able to decrypt a display request
using whichever of its keys the verifier tells it to use. If the verifier
wants to, it can encrypt a display request using more than one key, or even
all of them, and the smart chip must be able to decrypt and display the
image. The more keys tested, the longer that verification would take. Testing
only one key at random would take less time and still produce a high enough
chance of catching a counterfeiter. It can be assumed
that hackers would attack currency smart chips in an attempt to extract the
private keys. The cost of extracting private keys can be assumed to have some
fairly high cost, but hacker ingenuity cannot be discounted. Suppose that
hackers attack 10,000 smart chips and obtain 100,000 private keys, how many
serial numbers could they counterfeit well enough to pass a level 1 offline
scan? They could counterfeit the 10,000 serial numbers of the currency they
attacked. How many serial numbers other than the original 10,000 would have
all ten of their keys in the pool of 100,000 known to the hackers? The
hackers would know 100,000 of the 100,000,000 private keys in the pool, or
1/1000th of the keys. Each of the ten keys of every serial number would have
a 1/1000 chance of being known to the hackers. However, the chance of all ten
of any serial number's keys being in the pool known to the hackers would be
(1/1000)^10, or 10^-30. If the total number of serial numbers is 2 trillion,
then the chance of the hackers being able to fully duplicate the ten keys of
some serial number other than their original 10,000 would be 10^-30 times 2
trillion, which would be 2 * 10^-18. In other words, even if hackers obtain
1/1000th of all the private keys in the pool, they still will not be able to
counterfeit any serial numbers other than the ones whose smart chips they
attacked. Some smart chips
have large memories, so that they could store a large number of private keys.
In that case, several pools of keys should be created, each pool
exponentially larger in size than the previous. One pool could have 100
million keys, the next a billion keys, and the next 10 billion keys, etc. The
keys in each pool could be longer in length, say 4KB, 6KB, 8KB, etc.
Different pools could be made which use different public key algorithms, such
as RSA, Diffie-Hellman, Ellipitic Curve, etc. The smart chip could have a
number of keys from each of these pools. As technology rapidly advances, the
shorter keys, the smaller key pools, or one algorithm or another may become
insecure. Undoubtedly the central bank will upgrade the currency it produces,
and replace the currency in circulation. However, having a large selection of
different keys on the smart chips would enable older currency to remain
secure for a reasonable length of time after it becomes obsolete. Obsolete
currency may take a long time to verify when an older slower smart chip has
to use the longer keys, but at least that would provide some contingency in
case shorter keys become insecure. In addition to
the public keys, the local hard drive also has to store the status of every
serial number. This can be done in a giant bit field, with each serial number
mapping to two bits in the giant bit field. Two trillion serial numbers times
two bits requires a giant bit field of 4 trillion bits, which, divided by 8
bits per byte, requires 500 GB of storage, within the capacity of current
hard drives. The two bits for each serial number can store four statuses, 00,
01, 10, and 11. Only three statuses are needed, safe, suspect, and
counterfeit. An addition status, "see notes", may be added. When a cashier
scans currency, the verifier device wirelessly queries it for a serial
number. The verifier device can communicate with multiple authenticity labels
at the same time. For each serial number, the verifier looks up the status.
Depending on the status, the verifier device chooses an image to send the
serial number. The image could be the image for safe, suspect, or
counterfeit. Then the verifier device runs the transform function on the
serial number to find out which keys from the local pool each scanned serial
number has. From the 10 available public keys for each serial number, it
randomly selects one key and encrypts the selected status image. The verifier
wirelessly sends the encrypted image to the label, and informs it which
private key to use to decrypt the image. The label decrypts the image and
displays it. If the image shows a status of safe, the cashier accepts the
currency. If the status is suspect, the cashier does a level 2 online
verification of the currency. If the status is counterfeit, the currency must
be confiscated and customer may be detained for further investigation. The verifier
keeps a record of the scan times of serial numbers, and periodically submits
the data to the authentication server, by secure batch upload. During batch
uploads, the verifier time clock is resynchronized with the server clock and
any changes the server has made to any serial numbers' statuses are
downloaded to the verifier, which updates its local serial number status
data. In large institutions, verifiers may report to the institution server
that in turn reports to the authentication server. In remote locations, some
local server may interface between local verifiers and the authentication
server. Cashiers scan currency both in and out, so the time interval when a
serial number is in a store or bank's possession is recorded. Batch
processing of offline data detects duplicates in the same way as online
verification, but offline scanners are not fully trusted. If offline data
indicates that a serial number was located in two places at the same time,
the serial number is marked suspect rather than counterfeit. Time stamps of
offline data could be wrong. Only the time stamps of online scans can be
trusted. If a serial
number has been scanned out by a cashier to a retail customer, its owner is
unknown, but its location is known to be within a radius determined by the
time since the scan out, and the maximum possible travel speed of a person.
If that serial number is scanned in somewhere else, the travel speed between
the scan out and the scan in location can be calculated as the distance
between the locations divided by the time difference. If the travel speed
exceeds what is possible for a person, then the serial number is judged a
duplicate by location tracking. Once a serial
number is marked suspect by the authentication server, that status will
propagate to the local cache of all verifiers at their next batch upload. The
next time verifier encounters that suspect serial number during offline
checking, its suspect status will show to the cashier by the image on the
electronic ink. The cashier will follow the procedure for suspect serial
numbers, getting customer ID, and connecting to the authentication server for
a level 2 verification. At this point, the authentication server may have
already encountered a previous instance of the serial number during an
earlier level 2 verification. If so, this instance would be considered
counterfeit, and the customer would be detained for questioning. The
submitter of the first copy would also be located and questioned, using his
recorded ID information. If no previous instance of the serial number has
been encountered in a level 2 verification, then the verifier would download
the unique public key for that serial number from the authentication server.
If the electronic ink can display an image encrypted using the unique public
key, the cashier accepts the currency and sets it aside in the cash drawer.
The authentication server knows that serial number is now out of circulation,
and any further attempt to do a level 2 acceptance of that serial number will
fail. During online
level 2 verification, the authentication server should assume that the
scanner is not trustworthy. Somebody might want to get valid serial numbers
marked as counterfeit just as a prank or for some malicious purpose.
Therefore, the authentication server should encrypt some random data using
the label's unique public key and send it via the scanner to the label. The
label would decrypt the random data and wirelessly send it back to the
authentication server via the scanner. The authentication server would only
consider it to be a valid instance of that serial number if it received back
the decrypted data. With this procedure, a malicious scanner would not be
able to deceive the authentication server into thinking it has an instance of
a serial number when it doesn't. All electronics
fail sometimes. If a bill cannot display an image encrypted with one or more
of its keys, it will be treated as having failed electronics. The bill with failed
electronics may be redeemed, but only with good identification of the
redeemer. If a good version of that serial number later turns up, then the
bill with failed electronics will be brought out of storage and examined. The
submitter of the bill with failed electronics may be investigated for having
submitting a counterfeit. All bills taken out of circulation by the central
bank will be stored somewhere for a length of time so that they can be looked
at more closely if later investigation warrants it. This system of
using smart chips to restrict duplication to only a few cracked serial
numbers, combined with rigorous duplicate detection, has the potential to
make counterfeiting too difficult and risky to attempt. Before being
completely satisfied with this solution, possible attacks to the system still
need to be considered. One possible
attack would be to make something that looks like currency, but its internals
would wirelessly communicate with a device inside the counterfeiter's jacket.
Inside the counterfeiter's jacket would be something that encloses a regular
undamaged bill, and relays the wireless commands to the real bill from the
fake one on the cashier's counter. The real bill would display the correct
image, which would be optically scanned by the device enclosing it, and then
sent to the fake bill on the cashier's counter. The fake bill would display
the same image as the real bill inside the counterfeiter's device. At the
time the fake bill is scanned, the serial number would have a status of safe,
so by normal procedure the cashier would accept it without asking for ID.
Because the scanning would be offline, the counterfeiter could pass copies of
the same serial number at a series of stores in rapid succession before they
do another batch update. This type of fake bills that communicates wirelessly
to the counterfeiter's device could be mass-produced because they do not have
to store any unique keys. Defenses against this attack need to be considered. Most stores have
a videotape of what happens at cash registers. When they discover that the
cashier has accepted a fake, the videotape can be reviewed. At the time when
the fake bill was accepted into the cash register, its serial number scan
would have been recorded. This recorded scan time would make it easy to
identify the person on the security video who passed the bill. Most security
videotapes superimpose the date and time on one edge or corner of the
videotape. The time of the serial number scan could be correlated with the
time on the videotape. Another defense
against a fake bill communicating to a device in the counterfeiter's jacket
would be to accurately measure the response time. An automatic way to measure
the response time could be found, and if the response time was too slow,
alert the cashier. For a fake bill to communicate to a device in the
counterfeiter's jacket, wait for the real bill to respond, and then scan the
real bill, and transmit the image to the fake bill, would introduce a wait
time and make its response slower. The cashier might notice a slower response
time in the appearance of the image. If a bill has a slow response time, the
cashier can treat it as suspect and ask for and record the customer's ID with
the scan data. Another defense
would be to put currency into a faraday cage for verification. Possibly the
cash drawer into which the cashier puts the currency could be a faraday cage,
or just well shielded. After the drawer is closed, the cash register could do
another wireless verification of the currency. Or even if the cash register
is not shielded, a final scan could be automatically done after the customer
has walked away, out of range. The fake would be caught while the
counterfeiter is still in the parking lot, within pursuing range. Delayed detection
should be sufficient to defeat the attacks of counterfeiters. Though there
would be ways for determined counterfeiters to pass a few counterfeits, the
probability of being caught would be high. Any attempt to pass counterfeits
on a large scale would have near zero chance of succeeding. One final benefit
or capability worth mentioning is the possibility for the authentication
server to attach notes to a serial number. Whenever the server assigns a
status of suspect to a serial number, cashiers are required to do a level 2
online verification. When they connect to the server to verify a serial
number, the server has the opportunity to send a text message regarding that
serial number. If a store or bank has been robbed and the robbers get away
with cash, the serial numbers of the stolen cash are known. Stolen serial
numbers can be reported to the authentication server, which can change the
status of those serial numbers to suspect and attach a note explaining the
crime where they were stolen. The ability to attach notes to serial numbers
might even be worth adding a fourth status, 'see notes', so that cashiers
could see four possible images: 'safe', 'suspect', 'counterfeit', and 'see
notes'. If the cashier sees the image meaning 'see notes', they might quietly
contact the authentication server to read the note without telling the
customer what they are doing. As mentioned earlier, the two bit status field
enables storing four statuses, 00, 01, 10, and 11. Adding a forth possible
status of 'see notes' would not require any change to the status database. DUPLICATE SERIAL
NUMBER DETECTION OF PRINTED CURRENCY The method of
detecting duplicated serial numbers could work for printed currency, using
optical scanning of serial numbers. It could work similarly, with both
offline and online scanning, but without the public key cryptography.
Cashiers in stores often take time to authenticate $20, $50 or $100 bills.
They either mark the bill with a special pen or hold it up and examine it.
The amount of time to run an optical scanner over the serial number of $20,
$50, or $100 bills would not add any significant burden. The delayed
detection of duplicated serial numbers would have enough value to be worth
implementing. Large-scale
counterfeiters produce bills of such high quality that even experts have
trouble distinguishing them from the real thing. These high quality
counterfeits are sometimes called superdollars. Cashiers have no hope of
catching such bills with the methods they currently use. Delayed detection of
duplicate serial numbers by optical scanning would catch high quality
counterfeits that otherwise would continue to circulate. If the counterfeiter
produces serial numbers in sequence, then the detection of many duplicates in
a given serial number range would be sufficient to flag the whole range as
suspect. Large scale counterfeiters would start using random valid serial
numbers but they would still have difficulty passing counterfeits in large
quantity. No matter how carefully they pass them, many of the bills would be
caught within a few days, and all of them would be caught eventually. Whoever
passes the counterfeit bills would be identified on cashier security video
tapes by the time stamp of the serial number scan. Banks would be
the first institutions to institute serial number scanning. They could keep
incoming cash separate from outgoing cash, and always identified by customer.
If incoming cash is held for a few days before being given back out, then a
serial number will usually still be in the bank's possession when another
bank reports a duplicate to the central bank. An expert can examine both
instances of the duplicate serial number. If counterfeit, the customer who
submitted it will eat the loss, not the bank. In this way, banks could stop
the circulation of high quality counterfeits. Currently, high quality
counterfeits continue to circulate in and out of banks because the bank
tellers cannot distinguish them as counterfeit. Once banks start
using this highly effective method of detecting counterfeits, then stores
that receive high quality counterfeits as payment will start eating losses.
Large stores will take the worse losses. Large stores will be the next, after
banks, to implement serial number scanning. Even though the serial number
scanning would only result in a delayed detection, it would still deter
counterfeiters and make them go to some other store to pass counterfeits.
Counterfeiters will know that the store may be examining its security video
of them in a few days, correlating the timestamp of when they passed the bill
with the timestamp on the security video. This would make the store a less
preferable place to pass a counterfeit. The counterfeiter would rather go to
a store that will not have a timestamp of the transaction to correlate with a
security video. Thus, larger stores will find it worth the investment in
scanning equipment, because it will reduce their losses. As larger stores
become harder targets, counterfeiters will target smaller stores. Smaller
stores will see their losses increase, and they too may implement serial
number scanning. The more stores that start to scan serial numbers, the
faster that duplicates will be caught, and the more dangerous it will become
to pass counterfeits. This would be like any system with network effects,
where the value of the network increases with each participant added. Since the central
bank has a major interest in preventing the counterfeiting of its currency,
it should be willing to subsidize the R&D to create low cost serial
number scanning equipment. The lower the cost of the scanning equipment, the
more stores that would implement it, and the greater the network effect.
Scanning equipment should cost at most no more than a bare bones computer with
a large hard drive. That would be $200 at most. It should be implemented as a
Linux or BSD distribution, with open source software, so that people could
download the distribution and install it on old computers to make dirt cheap
scan stations. Another thing the central bank could do to facilitate scanning
would be to redesign the currency to enable the use of bar code scanners for
the serial number. Bar code scanners are cheaper and faster. With bar codes
on money, a store cashier could scan money serial numbers with the same
scanner as they use for product UPC codes. Some cashier stations might be
able to integrate a currency scanning system in a way that requires no
additional hardware, only a software upgrade. If scanning
equipment deters the loss from high quality counterfeits, then the return on
investment for scanning equipment could be estimated with the equation R = C
* D, where R is return on the investment, C is the amount of cash that a
cashier station handles, and D is the density of counterfeits in circulation.
Banks would have the highest return on the investment because they handle the
most cash. Grocery stores and large discount stores would be next. If we
assume that C is $10,000 per day, and D is .0006, then R would be $6 per day.
If C is $300,000 per year, then R would be $180 per year. The scanning
equipment should cost less than $180, so it would pay for itself in less than
a year. Some locations have a high concentration of counterfeits in
circulation. In these areas, scanning equipment could pay for itself on a
daily basis. One problem for
optical scanning of serial numbers is that the central bank would have to
treat serial number scans with less trust than with the smart chip system.
With the smart chips, the central bank would not have to trust the scanner
because the smart chip would decrypt some random message to authenticate
itself to the central bank. With optical scanning of serial numbers, the
central bank would have to trust the scanner to report the serial number
correctly. The reliability of the scanner data would depend both on the
computer network and on the person operating the scanner. Some people would
attempt to sabotage the system by flooding it with bad data. Bad data would
cause valid serial numbers to be misidentified as suspect, and cause a lot of
extra hassle for all concerned. One solution to this would be to only trust
scan data that is verified by banks. Usually when a store cashier accepts a
$20, $50 or $100 bill, these end up in the store's cash deposits to the bank.
They don't get handed back out as change most of the time. The store would
report the scans to the central bank, but the central bank would not trust
the store's scan data until the bank processed the store's cash deposit and
scanned in the same serial numbers. After the central bank received the
bank's confirmation of the store scans, it would then trust the store scan
data for those serial numbers, and consider the serial numbers as having been
in the possession of the store from the store's scan time. If a store wanted
to tamper with data to misidentify serial numbers as suspect, it could report
an earlier scan time for serial numbers before it deposits them, but that
could cause its own deposits to become suspect, and cause the bank to
withhold deposit credit. A store would mostly hurt itself if it tampered with
data in that way. The possibility exists for a corrupt bank or bank employee
to tamper with data. Most duplicate serial numbers reported by a bank should
still be in their possession when the central bank detects the duplicate. If
a bank's serial number data results in the detection of duplicates, but
somehow the bank has already handed most of those serial numbers out to
customers, then all of the bank's data can be disregarded as untrustworthy,
and the bank's data path should be investigated. Another solution
to the problem of untrustworthy scan data would be to authenticate persons
who operate scanners, and keep metrics for each scanner operator that would
indicate if they falsified data. One metric would be the average percentage
of serial numbers that they scan that become suspect. This could be compared
to the average percentage for their area. Another metric would be the
percentage of suspect serial numbers that they scan which later becomes
validated within a certain period of time by actually finding the duplicates.
This would enable the use of all scan data without stores and banks having to
keep incoming and outgoing cash separate. Some bank personnel have told me
that it would be too much trouble for them to keep incoming and outgoing cash
separate. Although serial numbers would not still be in possession when
offline data suggests a duplicate, it would still enable looking at security
videos to see who passed them. The duplicate notes would be recovered the
next time they were spent because the next store to receive them would be
warned by the suspect status. AUTHENTICITY
LABELS TO PROTECT INTELLECTUAL PROPERTY Authenticity
labels attached to products indicate that the product has been produced
legitimately with the permission of the IP owner(s). An example of an
authenticity label would be the Certificates of Authenticity that accompany
software published by Microsoft. Most people have seen these certificates of
authenticity, with the holograms and various anti-counterfeit features. These
certificates protect Microsoft's copyrights and trademarks by providing
consumers with a visual distinction between fraudulent and authentic use of
that IP. They work well, except that pirates have successfully counterfeited
them. Authenticity
labels have the potential to protect all kinds of IP, not just copyrights and
trademarks. Authenticity labels made using smart chips, electronic ink and
wireless I/O would have the same protection against counterfeiting as
discussed for bearer currency. All products in stores could have authenticity
labels. Consumers would have their own portable hand scanners that they bring
into stores to authenticate items. Where IP owners
are powerless to prevent unauthorized use of their IP, authenticity labels
can restore some contractual leverage to IP owners by providing a visual
distinction between authorized and unauthorized use of their IP. Although
producers may be able to easily pirate IP, producers will not be able to
easily pirate authenticity labels that indicate the IP owner's approval. To
the extent that the market demands authenticity labels, the IP owner will
have contractual leverage as the only source of authenticity labels. Some consumers
will not knowingly purchase pirated products. Some percentage of people will
voluntarily compensate IP owners even when no danger of punishment exists for
not doing so. It can be taken as a market hypothesis that the percentage of
moral people in the consumer population is high enough to create a market
demand for authenticity labels even when no other IP enforcement mechanism
exists. In the software market, many shareware and freeware titles succeed in
collecting enough voluntary registration fees to support their authors. The
people who pay voluntary shareware registration fees have no danger of
punishment, but do so out of honesty and integrity. I read once that 7% of
shareware users pay the registration fee. From this data, it could be
extrapolated that 7% of people would buy products with authenticity labels in
order to voluntarily pay IP owners. In addition to the market provided by the
moral segment of the population, many people would buy products with
authenticity labels out of concern for quality. Most pirated products have
low quality. Especially in products where poor quality would put health or
safety at risk, authenticity labels would be important to consumers. A manufacturer of
authenticity labels could have a business model that would include a product
registry and an IP registry. Any product, which uses labels from the
manufacturer, would have to be registered in its product registry. Any
product registered in the product registry would have to declare all IP that
it uses from the IP registry. In order to use any IP from the IP registry,
the producer would have to pay royalties to the IP owner. If a producer
failed to declare any IP that a product uses, or failed to pay royalties, the
IP owner could complain to the product registry. If the product registry finds
the complaint valid, it could invalidate the product registration, and
invalidate the authenticity labels of that product. Like RFID tags,
authenticity labels for products will have a product number field and a
serial number field. The product number might be 32 bits and the serial
number might be 64 bits. When a scanner reads an authenticity label, it will
read the product number and the serial number. The scanner can use the
product number to obtain the network address of the authentication server for
that product. Each product can
have its own authentication server. The network address of any product's
authentication server can be looked up at the product registry, by product
number. The authentication server for a product could be run by the IP
owners, whose IP is used in the product. By controlling the authentication
server, the IP owners would control the labels, even after they have been
applied to products. In the event of a dispute with a producer, the IP owners
of a product could invalidate the authenticity labels of that product in the
distribution chain and on retail shelves. Because the product registry
controls the lookup table for authentication server network addresses, the
product registry can invalidate any product's authenticity labels by changing
or deleting the network address of the authenticity server from its lookup
table. Thus, the authenticity labels for any product could be invalidated by
either the product registry or by the IP owners. The manufacturer
of authenticity labels would have to make available portable hand scanners
for consumers to take into stores with them. These portable hand scanners
would be made and sold to consumers as cheaply as possible, to create
recognition and market share for the manufacturer's labels. The hand scanners
would work similar to the scanners of currency. They would have the
capability to function offline for lower security, or online for higher
security. The cheaper ones would only be able to go online by connecting
through another computer, maybe through the USB port. These cheap scanners
would do offline scanning in stores, with batch updates to the offline
database done at home through the user's home computer. The better ones would
be able to use a wireless Internet connection for online scanning anywhere. Consumers would
have a motivation to buy hand scanners if they want to avoid buying pirated
products. Another motivation could be given to consumers by setting up a
reward system for reporting counterfeit labels, or pirated products. If the
reward were high enough, people would buy hand scanners just so that they
could go bounty hunting for pirated products on store shelves, like looking
for hidden treasure in stores. The stores
themselves could fund the reward, if IP owners setup a contractual
arrangement in the production and distribution chain. Since an IP owner can
have complete control over whether any product has an authenticity label
indicating the IP owners' approval, the IP owner can place any contractual
requirement on production and distribution as a condition of having the
label. The IP owner can require that any transfer of ownership or location of
products be approved by the IP owner. The conditions of ownership can be
propagated through the distribution chain all the way to retail stores. Thus,
for a retail store to sell the products, it would have to agree to pay a huge
fine, or reward, to any bounty hunter who finds a pirated product on its
shelves. This would mean that the products would only be sold through
authorized outlets, and that authorized outlets would not dare to sell pirate
products alongside authentic ones. This arrangement
would not be able to penalize unauthorized stores for selling pirated
products, because the unauthorized stores would not have any contractual arrangement
with the IP owners. However, stores that sell pirated products could be made
publicly known as such. Some of the public would prefer to shop at pirate
stores for cheaper prices, but IP owners might find some other way to prevent
pirate stores from operating. Such stores need a base of operations, some
physical location. In a proprietary community, the landlord could simply
evict pirate stores and not allow them to operate anywhere within the
community. The possible
statuses for product authenticity labels could be similar to currency
statuses, such as 'valid', 'suspect', 'counterfeit' and 'see notes'. Any IP
owners with write access at the authentication server could change any or all
serial number statuses, or attach notes to any serial numbers. Just as with
currency, the status of 'suspect' would be a temporary status indicating that
offline scan data suggests that a serial number has been duplicated. Portable
hand scanners themselves could determine the status of 'suspect' if they
store enough information. The scanner's offline database could store the last
known location and owner for each serial number in the local distribution
chain. This wouldn't be done for currency because of the volume of data
required, but for products in a distribution chain, it could be done. Before
leaving home or office in the morning, the scanner could update its serial
number owner / location database from the authentication server. During the
day, if the scanner scans a serial number with a different owner or location
than the one in its database, it makes the scanned label display the image
for a 'suspect' status. In this case, the scanner, not the authentication
server, locally determined the 'suspect' status. Later, when the
scanner connects to the authentication server again, it reports all scans. A
suspect scan might be cleared of suspicion if the owner or location of that
serial number had already been validly changed at the server. A suspect scan
might have its suspicion validated if the server had no record of that serial
number being at the owner or location where the scanner scanned it. Unlike
with currency, time stamps of hand scanners would be less of an issue,
because products don't move around as fast as currency. The authentication
server could change a serial number's status to counterfeit on the basis of
offline data. Because the hand scanner would have updated in the morning, and
again in the evening, the server knows the scan occurred sometime during the
day between the two connections. Since the suspect serial number should not
have been scanned at that location at any time during that whole interval,
the accuracy of the scanner's clock doesn't matter. The server would change
the status to counterfeit. Subsequent scans of that serial number would show
the status as counterfeit rather than merely suspect. In the hand
scanner's database, location and owner data could be encoded to minimize the
storage requirement. Valid owner and location combinations in the
distribution chain could be assigned integer number codes. If an owner has
multiple locations, each location would have its own code. If there are less
than 2 billion owner and location combinations, a 32 bit integer could store
one owner and location data. It would be unlikely to have more than a few
million owner locations in the distribution chain. The hand
scanner's serial number database for each product could be a standard
relational database. Each product would have its own main table. The main
table for each product would have records containing the serial number, the
owner/location code, and the status. This might use 64 bits for the serial
number, 32 bits for the owner location code, and one byte for the status. In
this format, each record would use 13 bytes. Each billion serial numbers would
require 13 GB of storage on the local hard drive. Since the hand scanner's
database only has to have the serial numbers known to be in local stores, its
storage could fit the serial numbers of all products in stores within driving
distance. There should be a second table to tell what each owner location
code means. Records in this table would have the 32 bit owner location code,
and text fields with the owner name and location address. Each owner location
record might use 100 bytes approximately. The hand scanner would only have to
store owner location codes for the local area. Just as with
currency, product authenticity labels could draw from a reusable pool of
keys. The product number and serial number combined could be the seed for the
random number generator that selects which keys from the pool are used. A
hand scanner's hard drive would store the reusable pool of public keys in
addition to the product serial number databases. DUPLICATE
DETECTION OF PRINTED AUTHENTICITY LABELS Just as with
currency, the method of detecting duplicate serial numbers could be used with
printed authenticity labels. It may be two or three decades before smart
chips and electronic ink become low cost enough for widespread application to
consumer products. Until then, consumer recognition of pirated products can
be enabled cheaply with printed authenticity labels, using serial numbers
designed for both optical scanning and hand entry. A printed
authenticity label should have a product number and a serial number, which a
consumer can easily read and enter by hand into a PDA. A consumer with a PDA
should be able to enter the product and serial number of a product on a store
shelf, and see where that serial number is supposed to be. If that serial
number should be somewhere else, or has a suspect status, then the consumer
may distrust it. The next time they connect to the authenticity server with
their PDA, the suspect data will be reported. If their PDA shows that serial
number as being at the store where the consumer is, then the consumer may
trust that as an authentic item. This could be
implemented to work with current handheld PDA devices such as a Palm Pilot or
a Windows CE machine, as just another software for that platform. The memory
requirement would be low, because the PDA would only have to store the
product serial numbers for the local area where the owner intends to shop.
This would work for all products whose serial numbers are tracked through the
distribution chain, so that the location of that product can always be looked
up by serial number. A person with a PDA would connect it to their PC, go on
the Internet to the product registry web site, select their location, what
stores they shop at, and what products they are interested in. The product
registry would download to the PDA an updated database of all the product
serial numbers that person might encounter and want to authenticate at the
local stores where they shop. People who do not
have a PDA, but who intend to purchase a specific product, could download and
print on paper all the serial numbers of that product that are supposed to be
at the specific stores they intend to shop. They could print the serial
numbers arranged in columns, to fit all on one page. The serial numbers would
be printed in sorted order to make them easy to find. If a consumer went into
a store and found a product serial number not on his printed page, he would
know not to trust it. If stores don't
want the public to know their inventory, then authentication could still be
made available by looking up a product serial number on PDA enabled web page.
Some PDA devices have wireless Internet access, so a person could use a PDA
with wireless Internet to look up serial numbers in a store. In addition to
tracking serial numbers in the distribution chain, an authentication server
also needs to know when serial numbers are sold to the public, so that they
should no longer be listed in a store's inventory. This is necessary to keep
a store's inventory database from growing larger and larger, forever keeping
all the serial numbers that have passed through that store. More importantly,
a store could keep selling multiple copies of the same serial number if the
sales of serial numbers were never reported. A store can be required to report
sales, but the store's report cannot be fully trusted. If the store were
dishonestly selling multiple copies of the same serial number, it would not
report the sales. Therefore, the public needs to be given some incentive to
report their purchases. This can be done through product registration for
warranty purposes, rebates, coupons, or lottery submissions. Even though many
people will never report their purchase, some will. Even if only some people
report their purchase, that will turn the odds against a store which tries to
sell multiple copies of a serial number. The store may get away with it for a
while, but eventually two or more people will report the purchase of the same
serial number from the store. It should be
noted that although any individual manufacturer or IP owner could track and
make available serial number data, a synergy or network effect would be
achieved if this were done through a product registry for a large number of
products. The larger the number of products, the more people would become
familiar with the scheme, and the product registry would provide a central
Internet location for people to know where to look for the data. Additionally, the
product registry could facilitate public reports of purchases, by setting up
and running rebate accounts for the public. When manufacturers want to give a
small rebate incentive for people to report a purchase, they could do it
through the product registry, which would credit people's rebate account
online, instead of having to mail a check. People could get all their rebates
from different products into their same rebate account at the product
registry web site. When people purchase a product from a store, they could
give their rebate account number to the store, which would report it along
with the sale of the serial number. This way, rebates would be automatically
credited to people's rebate account, without requiring the customer to fill
out any forms or mail anything in. Rebates given in this way would have very
low transaction costs, not requiring any mail, nor check printing. With low
transaction costs, rebates could be small, yet still effective. People would
log into their rebate account to make sure all their purchases showed up. If
a purchase doesn't show up in their rebate account within a reasonable
processing time, then the person should receive a larger reward rebate for
reporting it. This would catch any stores which try to bypass the automatic
reporting mechanism. This whole scheme of automatic effortless rebates for
people would encourage most people to sign up for rebate accounts, and ensure
that most serial number purchases get reported to the authentication servers.
This type of synergy would only be possible through a product registry that
handles a large number of products. Single products have no way to do
something like this. ACKNOWLEDGEMENTS I wish to
gratefully acknowledge those people who have contributed to my thinking on
this topic. First, I credit Andrew Galambos, author of Sic Itur Ad Astra, for
my understanding of the importance of protecting intellectual property, or
primary property as he would call it. I also credit all of the participants
on the yahoo volitional science discussion group for providing a discussion
forum, which helps me think about ways to protect primary property. The ideas
of volitional science inspired me to think of the need for authenticity
labels, which cannot be counterfeited. I also acknowledge all of the
developers of public key cryptography, without who smart chip public key
encryption would not be possible. Whoever at Microsoft first thought of using
certificates of authenticity provided a major contributory input. Credit is
also due to those at Microsoft who developed the idea of DRM. Before I first
thought of smart chips with electronic ink displays, I thought of Microsoft's
proposed DRM system. I thought, what IP owners need is an authenticity label
that works like a DRM system, where they can retain control of the display.
Then I thought about a miniature DRM, shrinking the screen and the processor,
and then I realized the processor could be a smart chip and the display could
be electronic ink. While searching the patent database to see if anyone had
already patented the idea, I found the (c) 2005 by
Vincent Lewis Youngs |