ProductID

A solution for the identification and anti-counterfeiting of products

Stefano Della Valle
Mar 5, 2019 · 9 min read

Edit: why IOTA?

I have been asked to explain why we use IOTA for this solution. The answer is simple: IOTA is currently the only distributed ledger that lets us create professional applications with direct control over cost, performance and reliability. The resulting efficiency does not depend on the network usage level, nor is it affected by variable costs deriving from the transactions fees, and at the same time the data is replicated, made immutable in the process, on all the other nodes of the network. A perfect combination of control over a private node and resilience of a public network.

Image for post
Image for post
Our hardware prototype of ProductID, an IOTA-based crypto Smart Card

Introduction

The evaluation of the origin of a product, i.e. the identity of its manufacturer, is an important matter for many industrial and commercial sectors.

The digital signature system

Digital signatures are based on a series of technical and organizational elements that are not easily replicable in a generic context:

  • the public key is inserted in a certificate stored on a public server. Anyone can obtain the certificate and therefore the public key to confirm the validation of the signature;
  • the private key is produced and stored on a device capable of creating the signature. The private key is therefore never exposed so it is not clonable.

ProductID Security Strategy

The security level of our ProdutctID solution is based on a series of measures that produce the same level of security as the digital signature, but with lower operating costs:

  • use of cryptographic tokens similar to those used for digital signatures;
  • decentralized public key repositories.

Key publication system

Unlike the system used for the signature and certified mail, ProductID does not use a centralized storage controlled by an institution or a company: the keys are stored in a registry that is distributed, unalterable, replicated on hundreds of servers and accessible to the public without intermediaries.

Signature validation system

The process of validating a signature (therefore a token) is carried out by a web front end, therefore it is not necessary to create a specific app.

Token validation

The token used for the digital signature creates the signature by receiving data from an application. This element, besides being a cost, is also a potential point of attack. In the ProductID system, in most cases, an app is not required. The token generates a signature using a variable factor (the number of times the token has been read). The signature and the variable factor are stored in the register at each reading. This makes the signature only valid for a given factor and prevents that factor from being used twice.

Visualization of product data

Once the Smart Card has been validated, the verification web page is able to redirect the browser to the original product page of the brand owner’s website. The site can validate the request in two ways:

  • accepting the redirect only if it comes from the ProductID site.

Traceability

The use of the Smart Card to validate the property of a good or a product is only a simple case of traceability.

  • the smartcard is read and validated.
  • the page presents a form that the operator has to fill in;
  • when the operator confirms, the tracking page asks the back-end to write the data on the register;
  • the back-end validates the request and publishes the data.

Comparing with other common solutions

Label with QR code

QR codes can contain a variety of information. To allow the identification of a product, the QR code must contain an URL that makes it possible to activate a web page by passing a unique identification code.

NFC TAG

NFC technology allows the creation of tags that can interact with a radio reading device at close range (Near Field Communication).

Non-digital or hybrid solutions

Some manufacturers have proposed “analog” solutions to produce labels that are easy to read by an optical scanner but not as easy to reproduce thanks to a fairly complex production process.

Comparative analysis of traditional signatured-based systems vs. ProductID

Image for post
Image for post

Low-cost hybrid solution

The ProductID system offers the top security amongst the anti-counterfeit systems: however, the Smart Cart cost makes it convenient only to protect high-cost products.

  • each batch is distributed as a unit to the dealer/distributor/reseller. The reading of the Smart Card combined with the arrival of the batch to the location where it is separated into individual products creates a geographic point of reference;
  • each individual product contains a QR code that was previously associated with the Smart Card.

Proof of ownership

The life of the Smart Card is virtually unlimited. This fact, associated with the equally unlimited availability over time of the IOTA distributed ledger on special nodes (permanodes) makes it possible to attribute an additional meaning to the token associated with valuable products.

Residual risks

Decentralization combined with digital signature techniques makes it virtually impossible to breach the system’s security.

Conclusions

ProductID is the top solution for security, anti-counterfeiting, tracking and ownership management of valuable products and critical components that need to be identified with certainty. The adoption of Smart Cards in conjunction with the IOTA technology produces the best price/security ratio on the market.

Things Lab

We make things!

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store