Brand protection and product autentication using portable devices

Abstract

The present invention is a method and apparatus for protection of products and packaging against counterfeiting using dedicated authentication protocol coupled with portable devices. It is based on the product identification information, i.e., PIN, generated by the product manufacturer, stored in the product database and added to product or packaging in an open and/or a hidden form. The open part is directly available to the consumer before buying, opening or consuming the product or package or damaging its integrity while the hidden part is only revealed after these operations. The hidden information can also be disappearing after a predefined interval of time or number of trials or usages. Both parts are communicated to the authentication server in a predefined order to verify the product or package authenticity. The presence, absence, or multiple requests for the same product PIN, confirm or reject product authenticity or detect attempt at attacking the system or at using counterfeited products.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings shown in

FIG. 1: An embodiment for the proposed algorithm addressing the brand protection and product authentication using portable devices for the particular protocol setup supposing that all the necessary processing (decoding, decryption, hashing) and authentication procedures are performed on a consumer portable device (mobile phone, Pocket PC, Smartphone, PDA, Palm, etc.). The product (item 1) contains the uniquely assigned identification information (2) that is located on its surface, packaging, attached label or certificate. The identification information (2) is captured by standard acquisition (digital camera, microphone) or input (keyboard) means integrated into the portable device (3). The obtained information in the form of a typed text, digital photo in one of available graphic formats, audio sequence is processed thereafter by means of a locally available software that depending on the particular protocol configuration will perform the necessary operations like decoding, decryption, feature extraction or hashing. The output of the processing stage enters the authentication stage where its content is compared to the data available in the local database. Depending on the result of this comparison that is performed as the optimal solution of the multiple hypothesis testing problem or using optimal maximum likelihood/maximum a posteriori probability/sequential decoding in the decoding problem the message authenticity confirmation or rejection is generated and activated through the portable device output means (i.e., display, loudspeaker, vibro) in several possible forms that will be detailed thereafter. Depending on the result of verification procedure, the database is updated accordingly.

FIG. 2: An embodiment for the proposed algorithm addressing the brand protection and product authentication using portable devices for the particular protocol setup supposing that all the necessary processing (decoding, decryption, hashing) and authentication procedures are performed on a remote server. The portable device is uniquely used for data acquisition, its communication to the remote server, reception of the verification results and their communication to the consumer. As in the case of FIG. 1, the identification information (2) uniquely assigned to a product (1) and located on its surface, packaging, attached label or certificate is captured by standard acquisition (digital camera, microphone, etc.) or input (keyboard) means integrated into the portable device (3). The obtained information in the form of a typed text, digital photo in one of available graphic formats, audio sequence is used to compose a request transferred to the remote authentication server (4) as in the body of SMS, MMS, EMS, email, voice message or directly via audio video channels using BlueTooth, WLAN, WAP, i-mode, SMPP protocols within GSM, TDMA, CDMA, UMTC networks or any other messaging and communication facilities available. The server (4) receives the sent identification information and processes it thereafter by means of locally available software that depending on the particular protocol configuration will perform the necessary operations like decoding, decryption, feature extraction or hashing. The output of the processing stage enters the authentication stage where its content is compared to the data received from the hosted or remotely connected database (5) according to the sent request. Depending on the result of this comparison that is given as the optimal solution to a multiple hypothesis testing problem or using optimal maximum likelihood/maximum a posteriori probability/sequential decoding in the decoding problem the message authenticity confirmation or rejection is generated and transferred to the portable device in the body of SMS, MMS, EMS, email, voice message or directly via audio or video channels using BlueTooth, WLAN, WAP, i-mode, SMPP protocols within GSM, TDMA, CDMA, UMTC networks or any other messaging or communication facilities available. The received message is activated through the portable device output means mentioned before in several possible forms that will be detailed thereafter. The request information (phone number, IP address, email, time) as well as sent PIN are registered and the PIN database is updated accordingly.

FIG. 3: An embodiment for the proposed algorithm addressing the brand protection and product authentication using portable devices for the particular protocol setup supposing that all the necessary processing (decoding, decryption, hashing) are performed on the portable device while the authentication procedure is accomplished on the remote server. This architecture is a hybrid version of architectures presented in FIG. 1 and FIG. 2. As in the case of FIG. 1, the identification information (2) uniquely assigned to a product (1) and located on its surface, attached label or certificate is captured by standard acquisition (digital camera, microphone, etc.) or input (keyboard) means integrated into the portable device (3). The obtained information in the form of a typed text, digital photo in one of available graphic formats, audio sequence is processed thereafter by means of a locally available software that depending on the particular protocol configuration will perform the necessary operations like decoding, decryption, feature extraction or hashing. The output of the processing stage is used to compose a request further communicated to the remote authentication server (4) as in the body of SMS, MMS, EMS, email, voice or video message using BlueTooth, WLAN, WAP, i-mode, SMPP protocols within GSM, TDMA, CDMA, UMTC networks or any other messaging or communication facilities available. The server (4) receives the sent request and passes it to the authentication stage where the request is compared to the data received from the hosted or remotely connected database (5). Depending on the result of this comparison that is given as the optimal solution of the multiple hypothesis testing problem or using optimal maximum likelihood/maximum a posteriori probability/sequential decoding in the decoding problem the message authenticity confirmation or rejection is generated and transferred to the portable device in the body of SMS, MMS, EMS, email, voice or video message using BlueTooth, WLAN, WAP, i-mode, SMPP protocols within GSM, TDMA, CDMA, UMTC networks or any other messaging or communication facilities available. The received message is activated by the portable device audio-visual or vibro means in several possible forms that will be detailed thereafter. Depending on the result of verification procedure, the database is updated accordingly.

FIG. 4: Example of implementation of a protocol addressing the brand protection and product authentication using portable devices inside/outside a shopping zone. A consumer that is located within the restricted payment zone is selecting a product (1) of interest. The verification protocol consists of two parts: “inside restricted shopping area verification” and “outside restricted shopping area verification”. In the “inside shopping area verification”, prior to making a decision about the purchase, the open part of the identification information (2a) located on the product surface, its package or label is analyzed. Using a portable device (3) acquisition and transmission means this information is converted into an authentication request that is sent to the authentication server (4). The server processes the request accordingly and communicates the information to the database (5) that consists of two parts, i.e., database of PINs (5a) and database of requests (5b). The database (5) is playing a twofold role. The part containing the stored product PINs (5a) communicates to the server the response that certifies or rejects the requested product authenticity (i.e., the fact that such an item was produced under a certain brand and its PIN is in the database of the manufacturer). The part registering the received request information (5b) (the phone number or the caller PIN, a number of successful purchases, a number of outdated/illegal numbers sent from this phone number, request statistics, requested product PIN, etc.) provides to the server information about the existing user account if such exists or creates a new one. Finally, the server generates a composite feedback to be communicated to the consumer portable device that contains authenticity confirmation/rejection message as well as account status information. Upon receiving the message, the corresponding action informing the consumer about the result is activated on the portable device. In case the authenticity is certified, the user can proceed to the payment desk (6). In case the received information contains an authenticity rejection, a customer is free to leave the selected product on the shelf. This finalizes the inside shopping zone verification. The outside verification stage is included into the protocol in order to enhance the security of the overall product authenticity verification since in the case of protocol construction based on the open access to the secure information some misuses are possible that open protection holes (like illegal in-shop duplication). The request for the verification based on the hidden part also indicates the fact that the product integrity has been damaged. This stage is based on information that is stored on the product package, its surface, label etc. not in an open way (hidden PIN (2b)). This information can be present in the printed or engraved form and hidden under the destructive part of the label or covered by a layer of secure inks. It might be located on the internal side of the product package or be stored as an audio signal that can be reproduced by any suitable means. Moreover, this part can be designed in such a way that only a certain defined number of checks can be performed, since the mean or the mark can be destroyed. Having a paid product item, a consumer performs a necessary manipulation to access the hidden part of authentication information, acquires this information using means integrated into the portable device (keyboard, digital camera, microphone, etc.) and finally sends the request to the authentication server (4). The request is processed by the server (5) in the following way. First, based on the database of requests (5b), the portable device PIN (3) is verified if it is associated to the first authentication request that concerns the corresponding product according to the open PIN part. If there is no previous request concerning a given product based on the open PIN part, several practical situations might be considered: (a) the product was bought or delivered to the end consumer without verification based on the open PIN part; (b) an attempt to verify the product with the damaged integrity is performed. Both cases are registered in the database of requests (5b) and treated accordingly. In the case of authentic hidden PIN part and absence of previous requests, the user receives the confirmation with the corresponding warning that the open PIN part was not checked timely and that this purchase will not be counted for various promotion actions (like various discounts for future purchases of goods of the same brand as well as different actions dealing with portable device services; various prizes and lottery participations). In all opposite cases, the corresponding countermeasures are applied to inform the consumer about the potential danger of consuming non-authentic product or attempting to recheck the product whose integrity was under question. If there is a correspondence between the portable device identification data for the open and hidden parts of the PIN, the product authenticity is confirmed and the database is updated accordingly. Otherwise, the product authenticity is rejected. Depending on the taken decision, the server generates a message to be sent to the corresponding portable device in an encrypted form that finally can be organized as text message, pictograms, barcodes, noisy-like signal or any audio or video message. Besides the information certifying or denying the product authenticity the sent message contains some information that concerns the user requests statistics or bonuses, prizes or any form of promotion. This information contains, for instance, a number of made purchases based on both verification stages and might be used for the above various promotion actions (like various discounts for future purchases of goods of the same brand as well as different actions dealing with portable device services; various prizes and lottery participations). At the same time, the confirmation message can be used for taking all necessary actions in case of non-genuine sold products.

FIG. 5: Example of authentication information enrollment and inside/outside restricted shopping area verification stage. A PIN m is extracted from the database (5). Based on the secret key K, it is transformed to the encoded stream c at the encoder (7) using turbo, low-density parity check, Reed-Solomon, MLC or TCM or any other suitable available encoding technique and modulated in alphanumeric form, graphics, bar codes, consisting of dots, lines polygons, etc. or any other coded representation of encoded data. Depending on the particular version of protocol implementation two possible ways of the authentication information c enrollment are foreseen in this Example. In the first case, it is simply printed as y_P using a printing device (8) or alternatively a laser engraving on the product surface/label/package in an open/secure way depending on the use for inside/outside restricted shopping area verification. On the inside/outside restricted shopping area verification stage the information ĉ″ is directly retrieved from a storage location/from a secure storage location by removing a secure ink layer, opening a product package; de-attaching a removable part of a product label and is acquired by existing acquisition/input means integrated into a consumer portable device (like digital camera (12), keyboard (14) or any other available). In case, the optical channel is exploited for the information acquisition, either data are retrieved directly as ĉ from visually encoded patterns of dots, lines or polygons or from optical character recognition (OCR) (13) used to extract the encoded authentication information ĉ′ from its analogue form v_P. In the third possible way of authentication information acquisition used for outside restricted shopping area verification, the audio channel is used. In this case, this information is used to modulate an audio signal produced either by the consumer or by some means using spelling, vibro, piezoelectric or any other available principles of sound generation in audio modulator (9). The output y_A is stored on a storage and reproduction device (10). At the verification stage, the corresponding audio signal is activated through a transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other sound reproducing device available. This reproduced modulated audio signal is acquired by a microphone (15) of a consumer portable device and is passed to the audio demodulator/speech recognition (SR) (16) in order to extract the encoded authentication information ĉ′″. When the encoded authentication information (ĉ, ĉ′, ĉ″ or ĉ′″ depending on the particular exploited principle of this information enrollment) is acquired, the decoder (17) performs the extraction of authentication information {circumflex over (m)} based on the key K according to the used encoding, i.e., turbo, low density parity check, Reed-Solomon or any other encoding principle used by the encoder (7). The extracted {circumflex over (m)} is passed to the verification (18) where its content is verified with the corresponding data provided by the database (5). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing consumer account information is generated (19) as well as the database update is performed accordingly. The generation output is then transferred to the message activation (20) stage where it is finally communicated to the consumer via display (21), vibro (22) or audio (23) signal or any other available interfaces.

FIG. 6: Example of authentication information hybrid enrollment and inside/outside restricted shopping area verification stage. A PIN m is extracted from the database (5) and split into two parts m₁ and m₂ in order to enhance protocol security. The first part is encoded at the encoder (7) using turbo, low-density parity check, Reed-Solomon or any other suitable encoding principle based on the secret key K₁. The generated output c is used by the Gel'fand-Pinsker (GP) encoder (24) [12] with input m₂ based on key K₂ to produce a rate-optimized encoded stream w that is converted to the stego authentication data y at the embedder (25) and printed/engraved by the printer (9) on the product surface/package or adhesive label (y_P). At the extraction stage, depending on the particular protocol implementation, several possibilities exist for the stored information y_P acquisition. Among the existing alternatives, a consumer by means of digital camera (12) of the available portable device converts this information from analogue to digital form v_P. At the decoder (26) the second part of the message {circumflex over (m)}₂ is extracted based on the secret key K₂ using Gel'fand-Pinsker decoder. Simultaneously, v_P is passed either directly to the decoding (17) as ĉ or to the OCR (13) to convert the analogue authentication information into the digital form ĉ′. Alternatively, this operation (ĉ″ extraction) can be performed by a manual input or by spelling via an audio channel (audio demodulator/SR (16), extraction of ĉ′″). The result of this stage (ĉ, ĉ′, ĉ″ or ĉ′″) is passed to the decoder (17), where {circumflex over (m)}₁ is decoded based on the secret key K₁. The result of the decoding stage ({circumflex over (m)}₁ and {circumflex over (m)}₂), similarly to the setup considered in FIG. 5, is compared to the data provided by the database (5) at the verification stage (18). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing consumer account information is generated (19) as well as the database update is performed accordingly. The generation output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a customer.

FIG. 7: Example of authentication information hybrid enrollment via audio channel and outside shopping area verification stage. A PIN m is extracted from the database (5) and is passed to the random audio waveform generator (27) as a seed. The generated random audio wave y_A is stored on the storage and reproduction device (10). At the extraction stage, depending on the particular audio reproduction device used (i.e., transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other suitable means), the corresponding physical principle is exploited to reproduce this wave via the loudspeaker (11). The reproduced wave is acquired by a microphone (15) of a consumer portable device (v_A) and is passed to the verification stage (18) where it is compared to the waveforms generated by the random audio waveform generator (27) based on the product m, considered to be a seed that is received from the database (5). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing customer account information is generated (19) similarly to the protocols presented in FIG. 5 and FIG. 6 as well as the database update is performed accordingly. The generated output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a consumer.

FIG. 8: Example of encrypted authentication information enrollment via audio channel and outside restricted shopping area verification stage. A PIN m is extracted from the database (5) and is passed to the encryption (28) where the secure encrypted bit stream b is produced based on the secret key K. In order to enable reliable communications of b, it is converted to a codeword c at the K-dependent encoder (7) using turbo, low-density parity check, Reed-Solomon or any other suitable for this purpose encoding techniques. Finally, an audio signal y_A is encoded, recorded and saved in a way suitable for audio reproduction using the storage and reproduction device (10) that is attached to the product surface, its package or adhesive label. The device (10) includes transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other means available. At the extraction stage, depending on the particular audio reproduction device used (i.e., transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other techniques or devices), the corresponding physical principle is exploited to reproduce this wave via the loudspeaker (11). The reproduced wave is acquired by a microphone (15) of consumer portable device (v_A) and is passed to the audio demodulator/SR (16) were the stream Ĉ is extracted. On the next stage, ĉ enters the decoder (17) that produces the estimate of the encrypted authentication information b converted at the decryption stage (30) to the raw format {circumflex over (m)}. It is important to note that the same secret key K used at the enrollment phase is exploited by (16), (17) and (30). The output of decryption {circumflex over (m)} is passed to the verification stage (18) where it is compared to the data m provided by the database (5). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing consumer account information is generated (19) similarly to the protocols presented in FIG. 5, FIG. 6 and FIG. 7 as well as the database update is performed accordingly. The generated output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a consumer.

FIG. 9: Example of generalized authentication information enrollment with hybrid hidden-data storage via audio channel for outside restricted shopping area verification stage. A PIN is extracted from the database (5) and split into two parts m₁ and m₂ that are communicated to the encoding stage. On this stage m₁ is represented by a host signal X (31) that depending on the particular protocol implementation might be a signal selected from a database (31a), uncoded (31b) or coded (31c) random waveforms, etc. The selection is performed using a secret key K₁. The second part of the authentication information m₂ is encoded by the GP encoder given the realization of x and the secret key K₂ to obtain a sequence w_A that is combined at the embedder (25) with x to produce the final representation of the authentication information y_A. The resulting y_A is stored in the storage (10) and reproduction (11) devices attached to the product surface, its package or adhesive label, i.e., transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other mean available. At the extraction stage, depending on the particular audio reproduction device used (i.e., transducer, electromechanical or piezoelectric or magnetic buzzer, plasma tweeter or any other mean available), the corresponding physical principle is used to reproduce this wave via the loudspeaker (11). The reproduced wave v_A is acquired by a microphone (15) of a consumer portable device and is passed to the decoder (17) that retrieves {circumflex over (m)}₁ based on K₁ while the GP decoder (26) decodes {circumflex over (m)}₂ using the secret key K₂. The output of decoding {circumflex over (m)}₁ and {circumflex over (m)}₂ is passed to the verification stage (18) where it is compared with the data (m₁, m₂) provided by the database (5). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing customer account information is generated (19) similarly to the protocols presented in FIG. 5, FIG. 6, FIG. 7 and FIG. 8 as well as the database update is performed accordingly. The generated output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a consumer.

FIG. 10: Example of encoding the PIN index m into the codeword c for reliable communication via printed and audio channels. The encoder maps m and key K into c, which consists of two parts, i.e., regular part c_RP and parity check c_PC part. The main purpose of such kind of encoding consists in the possibility to use the regular part c_RP for direct reading by humans. The parity check part c_PC can be read both by humans or by machines. Moreover, the parity check part can also be communicated via some auxiliary channel. Therefore, these two parts can be either concatenated (or interleaved) and communicated via the same channel or separated and communicated via different channels.

FIG. 11: Example of FIG. 10 where the regular part and the parity check part are communicated via the same channel that might include printing, scanning, blurring, rotation, resizing or more generally affine or projective transformations and compression for the printed data and corresponding distortions that might occur during reproduction and acquisition of audio data. The output of the decoder (7) is concatenated (potentially with interleaving) into the vector [C_RP, c_PC]. The modulator (32) produces the vector y that can be either some meaningful alphanumeric data or coded symbologies or graphics. The vector y is communicated via some channel (33) that results into the distorted version v. The demodulator or feature extraction (FE) (34) produces the estimate of the vector [ĉ_RP, ĉ_PC], which can be considered as the operation inverse to the modulation, and the decoder (17) generates the estimation of the PIN {circumflex over (m)} assuming the availability of the key.

FIG. 12: Example of FIG. 10 where the regular part and the parity check part are communicated via different channels. Similarly to the previous figures, the encoder (7) generates a vector [c_RP, c_PC] based on the PIN index m and key K. However, in this protocol the regular part c_RP and parity check c_PC part are separated in block (35). The regular c_RP part of the code is communicated via the habitual channel (33). To perform this communication, the modulator produces the vector y and the demodulator/feature extractor block (34) generates the estimate ĉ_RP based on the channel output v. The c_PC part assumes machine based decoding. Therefore, the channel 2 (37) can be represented by the barcode, or any coded symbologies, watermark that can be embedded into some extra image or directly into the c_RP part. c_PC part is encoded at the encoder 2 (36) and decoded at the decoder 2 (38) that corresponds to the above cases. This system design also resembles the unequally protection properties. Similar to error correction codes with unequal protection of information bits.

FIG. 13: Example of system design that takes into account the hypothetical channel distortions at the encoding stage to avoid any possible mismatch after decoding or hashing at the verification stage due to the channel degradations. The PIN m or the encoded PIN c is modulated at the modulator (32) to produce the output data y. The vector y is distorted into the virtual channel (39) that results in v′ and the demodulator/feature extractor (34) produces an estimate ĉ. In such a way, the impact of channel degradations is predicted already at the encoding stage based on the available information about the actual channel behavior. The decoding or hashing is accomplished in the block (40) based on the key K that finally results in h. The decoding result or hash value h is stored in the database (5) under the index m. Another copy of y is communicated through the real channel (33) and decoded as ĥ passing the demodulator (34) and decoding/hashing (40). The verification of ĥ is performed in module (18) by comparing it with the counterpart h from (5).

DESCRIPTION OF THE INVENTION

23—The invention proposes a novel brand protection protocol based on portable devices that might be applied to various kinds of goods and products and targets verification of their authenticity. The authentication verification is performed based on the two kinds of secure information, two parts of a PIN, uniquely identifying the product, i.e., open and hidden parts of PIN stored on the product surface, packaging, label etc. and reproduced either by analog or digital printing, laser engraving or audio reproduction devices using audio modulation of speech, vibro, piezoelectric sounds or any other suitable principles of sound generation. The hidden part of the code might be encoded and encrypted in order to enhance the security of the proposed protocol. Accordingly to the structure of the authentication information, the authenticity verification undergoes two main stages referred to as inside shopping area verification and outside shopping area verification. At the inside shopping area verification stage the open part of the security code is directly retrieved from a storage location by any input means available on the portable device (keyboard, microphone, video camera, etc.) and will be compared on the authentication server to the corresponding data stored in the database. There are three kinds of databases involved in the protocol, a database of open parts of secure codes, a database of hidden parts of secure codes and a database of user requests. The databases of secure information have such a structure that every field in a database of the open secure codes has a unique correspondent in the database of hidden secure PINs and vice-versa.

System Architecture

24—Depending on the particular implementation of the protocol, three scenarios of authenticity verification are possible (FIG. 1-3). The system architecture presented in FIG. 1 is referred to as a local one that can be used for off-line verification. The system architecture presented in FIG. 2 is referred to as a remote one that can be used for on-line verification. The system presented in FIG. 3 is called the hybrid one and combines elements of the previous two systems. In the case of local architecture, when all databases as well as the authentication server are installed on a user portable device (FIG. 1), the corresponding data streams from both open and hidden secure PINs are compared on the portable device itself. The product (item 1) contains the uniquely assigned identification information (2) that is located on its surface, packaging, attached label or certificate. The identification information in the from of PIN (2) is captured by standard acquisition (digital camera, microphone) or input (keyboard) means integrated into the portable device (3) processed, verified and displayed on the same portable device. Other modifications of the authentication verification protocol configurations correspond to the setups when both the required computations (decoding, decryption), the databases and the authentication server are remote (FIG. 2) or while decoding/decryption is performed on the portable device and the databases and the authentication server are remote ones (FIG. 3).

Generalized Authentication Protocol

25—In the general case, the authentication procedure can be considered according to the protocol presented in FIG. 4 where both restricted shopping area verification based on the open part of the PIN (2a) and public verification based on the hidden part of the PIN (2b) are performed. Depending on this two-stage verification results, the product authenticity is confirmed or rejected as well as the databases (5a) and (5b) are modified accordingly. In particular, the first authentication verification stage is performed inside the restricted area and the database of user requests (5b) is updated, i.e., a new field containing the portable device identification number is created. The corresponding update is performed in the database of open secure PINs (5a) linking the corresponding product with the portable device identification information. In case the product is passing the second secure authentication stage performed outside the shopping area based on the hidden encoded/encrypted part of the authentication information (2b), the final decision is delivered to the consumer via the portable device (3). The decision generated by the authentication server besides the final confirmation or rejection of the product authenticity contains the update of the consumer account information stored in the database of user requests. According to the first part of the generated information, the product will be further considered as a sold out or not authentic, which will lead to the corresponding modification of the databases. In order to finally confirm the authenticity of the purchased item, the following requirements should be satisfied. First, the hidden part of the secure code located on the product, packaging or label in digital or analogue form, should coincide with the information stored in the database of hidden codes. Moreover, the pair of open/hidden secure codes retrieved from the product should have a correspondence to a linked field pair stored in the databases of open and hidden PINs. Second, both requests received during inside/outside shopping area verifications, should be delivered from a unique portable device. In the case when both requirements are satisfied, the authentication server generates the corresponding reply to be delivered to the consumer in a visual or analogue form that besides the authenticity confirmation contains the status of the user account (a number of successfully performed purchases with the confirmed authenticity, etc.). This information can be used as a basis for various encouraging actions when consumer will benefit from or will participate to various bonuses programs provided by a mobile communications operator, lotteries, prizes etc. At the same time, this information can be used for product tracing and market analysis. The corresponding database update is performed accordingly, i.e., the fields, corresponding to the open and the hidden parts of the secure codes of a certified authentic product are marked as “checked out” and will no longer be considered as valid codes for any future verification. In case when the hidden part of the PIN is not found among the valid secure PINS stored in the database of the hidden PINs or the open/hidden PINs pair does not have a unique match with the corresponding fields in the databases, the authenticity is rejected. In case, the requests that correspond to different open product PINS are sent from the same portable device multiple times or the information generated during inside and outside verification stages were received from two different portable devices, the consumer is informed about the mismatch and warned about potential consequences that might vary from preventing access attempts to the authentication verification services performed from the corresponding portable device to a legal issues initiated accordingly to the local law basis regulating mobile communications and illegal activity in mobile networks.

Pin Enrolment, Acquisition and Verification

26—Depending on the authentication information storage and acquisition, there exist several possible scenarios of PIN data enrolment proposed in the present authentication protocol. We consider a common protocol for both open and hidden parts of the PIN. We assume that the PIN can be communicated either directly from the product to the acquisition device. The possible ways of communication include but are not limited to: communication in the form that can be perceived using visual or audio modalities or using special inks or frequencies, and indirect secure part that is communicated via special steganographic protocol using tools of digital watermarking that can include images (natural, synthetic, bar codes, etc.), text or audio signals. For example according to FIG. 5, the direct part can be either reproduced on a product surface, package, and label or on a specific attached device depending on the exploited storage principle (y_P), or, it can be audio reproducible (y_A) by the device (11). One option consists in storing the PIN in the printed or engraved forms (8). In order to enhance the security of the authentication protocol as well as to establish the product tracking and to be informed about the fact of product consumption or integrity damage, it is supposed that the hidden part of the authentication information might be encoded, encrypted as well as covered by a layer or cover to be removed or destroyed to reveal the hidden information or printed on the back side of an adhesive label. Moreover, to avoid unauthorized product or packaging re-use it is also possible to cover the hidden PIN by a removable layer and to print the open part of the PIN on top on it. By disclosing the hidden part of the PIN the open part is automatically destroyed. The encoding and encryption steps exploit common or distinct secret keys.

27—In the second foreseen way of authentication information enrollment, the audio channel is exploited. In this case, the information is used to modulate an audio signal produced using spelling based on the visual data y_P, mechanical, vibro, piezoelectric or any other appropriate principles of sound generation mentioned in the previous part of the invention. The PIN is stored on a storage and reproduction device attached to the product or its package. Modulation might be performed in an insecure way as well as using corresponding encryption and encoding based on the random coding principle [13].

28—At the outside restricted shopping area verification stage the stored information is directly acquired from the product, package, label, etc. by removing a protection cover or layer, opening a product package, de-attaching a removable part of a product label, or reproducing a sound and is acquired by existing acquisition/input means integrated into a consumer portable device (like digital camera, keyboard, microphone or any other available means).

29—The acquired information in the form of a typed text, digital photo in one of available graphic formats or audio sequence is used to generate a request transferred to the authentication server.

30—The information describing the user request is processed on the secure authentication server depending on a particular channel used for its transmission (visual, audio or steganographic) and the encryption/encoding involved in the protocol.

31—In case when the optical channel is exploited for the information acquisition, direct decoding (17) of data from the barcodes with any modulation Ĉ is performed. In case of symbolic data representation, OCR (13) is used in order to extract un-encoded or encoded/encrypted PIN from its analogue form Ĉ′. When a manual input is exploited, the typed coded data Ĉ″ are directly sent to the decoder. In case the encryption/decryption is organized in an asymmetric manner, a pair of a private/public keys are exploited to encrypt and decrypt authentication information, accordingly.

32—In case, when the audio channel is exploited to communicate the PIN, the processing main steps vary depending on which authentication information transmission channel was used or the enrollment stage. When the information is transferred via an optical channel but communicated to the authentication server via audio channel by its spelling it is processed by a speech recognizer resulting in Ĉ′″ and either directly passes to the verification stage or goes through the key-dependent decryption and decoding if necessary.

33—When the authentication information is modulated as the audio signal at the enrollment stage, the processing might involve a demodulation stage if necessary.

34—Being decoded as the estimate of PIN {circumflex over (m)}, the authentication information is passed to the verification stage where it is compared to the content of the database (5) after corresponding processing. Depending on the result of the verification stage (18), the corresponding authenticity confirmation/rejection message containing customer account information is generated (19) as well as the database update is performed accordingly. This stage output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a consumer.

Authentication Based on the Printed Data

35—The authentication protocol based on printed data can be constructed based on either direct or steganographic channels. The basic direct communication protocol was already discussed in FIG. 5. The extension of this protocol can include the generation of random or encoded text data or various visual symbologies represented by c. To enhance the security of the protocol, the data c is considered as the cover data that is combined with some hidden part encoded and represented by the watermark (FIG. 6).

36—The encoding is based on a secret PIN m extracted from the database (5). To provide an additional level of freedom that will increase the security of the proposed protocol the PIN m is split into two parts m₁ and m₂. The first part m₁ jointly with the key K₁ produce the codeword c in (7) using either host selection from the database (7a), or by generation of a random codeword where the pair m₁ and K₁ are used as a seed for the random generator (7b), or encryption, encoding and modulation of m₁ (7c). In the case of (7c), m₁ is encoded using turbo, low-density parity check, Reed-Solomon or any other suitable encoding principle based on the secret key K₁. In all cases, the resulted data c can be represented in the form of text structures, dots, lines, any symbologies, etc., vector graphics components (1D, 2D or 3D objects).

37—The generated output c is passed to a Gel'fand-Pinsker (GP) encoder (24) with input m₂ based on key K₂ to produce the watermark w that is converted to the stego data y at the embedder (25) and printed/engraved by the printer (9) in the form y_P on the product surface, packaging, adhesive label or any document certifying the product origin.

38—At the extraction stage, depending on the particular protocol implementation, several possibilities exist for the stored information y_P acquisition. The product authenticity verification can be performed solely based on the direct part of y_P without taking into account watermark data similarly to FIG. 5. In the case when the steganographic channel is additionally involved into the authentication procedure, the decoder (26) extracts the message {circumflex over (m)}₂ based on the scanned data v_P and the secret key K₂ using Gel'fand-Pinsker decoder. Simultaneously, v_P is passed either directly to the decoding (17) as ĉ or to the OCR (13) to convert the analogue authentication information into the digital form ĉ′. Alternatively, this operation (ĉ″ extraction) can be performed by a manual input or by spelling via an audio channel (audio demodulator/SR (16), extraction of ĉ′″). The result of this stage (ĉ, ĉ′,ĉ″ or ĉ′″) is passed to the decoder (17), where {circumflex over (m)}₁ is decoded based on the secret key K₁. The result of the decoding stage ({circumflex over (m)}₁, and {circumflex over (m)}₂), similarly to the setup considered in FIG. 5, is compared to the data provided by the database (5) at the verification stage (18). Depending on the result of the verification stage, the corresponding authenticity confirmation/rejection message containing consumer account information is generated (19) as well as the database update is performed accordingly. The output is then transferred to the message activation (20) stage where it is finally communicated to the customer via display (21), vibro (22) or audio (23) signal or any other available information transmission form that might be perceived by a customer.

Authentication Based on the Audio Data

39—The authentication protocol based on the audio data is similar to one based on the printed data and can be constructed based on either direct or steganographic channels. The basic direct authentication protocol can be organized based on the random waveforms (FIG. 7) or coded waveforms (FIG. 8). In both cases, a PIN m is extracted from the database (5).

40—According to the random waveforms approach (FIG. 7), m is used as a seed for the random audio waveform generator (27) with the output y_A that is stored on the storage and reproduction device (10). At the extraction stage, the stored signal is reproduced via the loudspeaker (11) from which the reproduced wave is acquired by a microphone (15) of a consumer portable device (v_A) and is passed to the verification stage (18) where it is compared to the waveforms generated by the random audio waveform generator (27) based on the product m, considered to be a seed that is received from the database (5).

41—According to the coded waveforms approach (FIG. 8), a PIN m is extracted from the database (5) and is passed to the encryption (28) where the secure encrypted bit stream b is produced based on the secret key K. In order to enable reliable communications of b, it is converted to a codeword c at the K-dependent encoder (7) using turbo, low-density parity check, Reed-Solomon or any other suitable for this purpose encoding techniques. Finally, an audio signal y_A is encoded, recorded and saved in a way suitable for audio reproduction using storage and reproduction device (10) that is attached to the product surface, its package or adhesive label. The authentication is performed in the reverse order.

42—In the case when the steganographic channel is used for the secure authentication, the protocol is constructed similarly to those used for printed data (FIG. 6) and is shown in FIG. 9. The only difference consists in the fact that the audio signals and corresponding modulation, reproduction and demodulation means are used as opposed to the printing/engraving and scanning.

Practical Aspects of Robust Data Encoding and Verification

43—In the case of both printed and audio data based authentication there is a need to provide reliable decoding and verification of the product data. The problems of product authentication based on printed data using text, images or any graphical symbologies are caused by the printing/scanning, defocusing (blurring), resolution constraints of portable device imaging camera, geometrical distortions, nonlinear contrast transformation as well as restrictions of messaging protocol that might cause additional resizing and/or compression. Similar corresponding distortions can occur for the audio-based authentication. Therefore, proper techniques should be applied to enable errorless communication of PIN to the verification module (18).

44—We propose three main practical approaches to overcome the above problems based on:

• • Correcting errors that might occur at the acquisition stage by introducing proper redundancy using coding and synchronization;
  • Taking into account the above hypothetical distortions in the design of proper representation of encoded features/hashes in the database of PINS;
  • Designing robust verification procedures invariant to the defined types of distortions.

45—The first approach attempts to design reliable coding strategies capable to provide errorless decoding of the PIN index m after data acquisition in portable device and its communication to the verification stage. We will exemplify this approach based on the text data assuming that without loss of generality the same strategy can be extended to images, symbologies and audio. For the high flexibility of the PIN communication protocol, we assume that the data can be entered either manually by the human being, who is in some sense the best OCR, or acquired automatically by the camera. For this reason, the proposed construction of robust coding includes such an encoder (7) (FIG. 10), which maps the PIN m and key K into the codeword c, which consists of two parts, i.e., regular part c_RP and parity check c_PC part. The regular part c_RP is dedicated to the direct human acquisition while the parity check part c_PC can be entered either by the human (FIG. 11) or communicated via some auxiliary channel (FIG. 12). This example is rather demonstrative since in principle both parts c_RP and c_PC can also be automatically acquired by the imaging device.

46—The protocol presented in FIG. 11 generalizes the communication setups when both parts are communicated via the same channel that might include printing, scanning, blurring, rotation resizing or more generally affine or projective transformations and compression for the printed data and corresponding distortions that might occur during reproduction and acquisition of audio data. In this case, both parts [c_RP, c_PC] are modulated into data y that can be either some meaningful alphanumeric data or coded symbologies or graphics that is communicated via some channel (33) that results into the distorted version v. The demodulator or feature extraction (FE) (34) produces the estimate of the vector [ĉ_RP, ĉ_PC] and the decoder (17) generates the estimation of the PIN {circumflex over (m)}.

47—The PIN communication protocol presented in FIG. 12 is based on the redundant data encoding similar to FIG. 11 with the only difference that the c_PC part of the code is communicated via some auxiliary channel (channel 2 (37)). This provides additional flexibility since the c_RP part is human readable and can be manually or orally spelled while the c_PC part assumes machine based decoding. The channel 2 (37) can be represented by the barcode, or any coded symbologies, watermark that can be embedded into some extra image or directly into the c_RP part. c_PC part is encoded at the encoder 2 (36) and decoded at the decoder 2 (38) that correspond to the above cases.

48—The second approach attempts at predicting hypothetical channel distortions at the encoding stage to avoid a possible mismatch after decoding or hashing at the verification stage due to the channel degradations. Obviously, one can try to build the robust hash for this purpose. However, since the channel degradations are predictable at the encoder the benefit from this sort of side information can be significant, which simplifies the requirements regarding the robustness of the hash or error correction code. The block-diagram of this approach is shown in FIG. 13. The PIN m or the encoded PIN c is modulated at the modulator (32) to produce the output data y. A copy of these data goes through the channel simulator (39) that results in v′ and the demodulator/feature extractor (34) produces an estimate ĉ. The hashing or decoding is accomplished in the block (40) based on the key K that finally results in h. It should be noticed that h should not necessarily coincide with m or c on the input of the system. h is considered as a hash and stored in the database (5) under the index m. At the same time the second copy of y is communicated through the real channel (33) and decoded as ĥ passing the demodulator (34) and decoding/hashing (40). The verification of ĥ is performed in module (18) by comparing it with the counterpart h from (5).

49—The third approach is based on the usage of robust verification procedures such as for example Levenshtein distance that measures the similarity between two vectors even with different lengths. The change of the hash length might result from the channel degradations and the failure of the demodulator, the feature extractor or the OCR modules.

REFERENCES

• [1]. M. A. Amon, A. Bleikolm, O. Rozumek, E. Muller, O. Bremond, “Use of communication equipment and method for authenticating an item, unit and system for authenticating items, and authenticating device”, US Patent number No 2003/0136837, filled Jun. 22, 2001 and published Jul. 24, 2003.
• [2]. R. S. Miolla, M. R. Mehall, N. E. Lofgren, “Using digital watermarks to facilitate counterfeit inspection and inventory management”, US Patent number No 2002/0146146, filled Aug. 7, 2001 and published Oct. 10, 2002.
• [3]. G. B. Rhoads, T. F. Rodriguez, M. I. Livermore, “Methods for using wireless phones having optical capabilities”, US Patent number No 2005/0213790, filled May. 17, 2005 and published Sep. 29, 2005.
• [4]. M. Kutter, S. Voloshynovskiy, A. Herrigel, “The Watermark Copy Attack”. Proceedings of the SPIE, Security and Watermarking of Multimedia Contents II, Volume 3971, pages 371-379. San Jose, Calif., 2000.
• [5]. L. Pérez-Freire, F. Pérez-González, P. Comesañia, “Secret dither estimation in lattice-quantization data hiding: a set-membership approach”. In Edward J. Delp III and Ping W. Wong, editors, Security, Steganography, and Watermarking of Multimedia Contents VIII, San Jose, Calif., USA, January 2006.
• [6]. P. Comesaña, L. Pérez-Freire, F. Pérez-González, “An information-theoretic framework for assessing security in practical watermarking and data hiding scenarios”. In 6th International Workshop on Image Analysis for Multimedia Interactive Services, Montreux, Switzerland, April 2005.
• [7]. P. Comesaña, L. Pérez-Freire, F. Pérez-González, “The blind Newton senstivity attack”. In Edward J. Delp III and Ping W. Wong, editors, Security, Steganography, and Watermarking of Multimedia Contents VIII, San Jose, Calif., USA, January 2006.
• [8]. M. El Choubassi and P. Moulin, “A New Sensitivity Analysis Attack”, In Edward J. Delp III and Ping W. Wong, editors, Security, Steganography, and Watermarking of Multimedia Contents VII, San Jose, Calif., USA, January 2005.
• [9]. V. N. Bogdanov, D. V. Zheleznov, E. M. Kirillina, A. A. Savitskij, A. A. Subbotin, S. V. Teleljushkin, E. A. Fedkov, “Method for identification of authenticity of object”, RU Patent number No RU 2132569, filled Nov. 11, 1998 and published Jun. 27, 1999.
• [10]. E. V. Belov, “Procedure of identification of product”, RU Patent number No RU 2181503, filled Jul. 30, 2001 and published Apr. 20, 2002.
• [11]. T. Liebman, “Sound-generating containment structure”, U.S. Pat. No. 5,130,696, filled Feb. 25, 1991 and published Jul. 14, 1992.
• [12]. M. Gel'fand and M. S. Pinsker, “Coding for channel with random parameters”, Problems of Control and Information Theory, vol. 9, no. 1, pp. 19-31, 1980.
• [13]. T. Cover and J. Thomas “Elements of Information Theory”, Wiley & Sons, NY, 1991.

Claims

1. A method for the protection of valuable goods, products and brands, or the identification of their validity, expiration date or origin comprising the steps of: (a) Possibly encrypting and/or encoding identification information m using secret key K or possibly directly generating a random sequence based on m and K that results into a vector of data y modulated in the form of text, vector graphics, visual or audio representations including spatial-temporal synchronization;(b) Reproduction of data y on the product surface, packaging, label, accompanying certificate or possibly any other form of the attached document, mark or label establishing the product origin or mechanical, electronic, piezoelectric or any other devices enabling audio or frequency reproduction or synthesis of data y;(c) Storage of m and K in a special PIN database.

2. The method of claim 1 wherein said function (a) uses any encryption and/or any encoding to generate the codeword c possibly based on K, using symbols from any alphabet either binary or of higher cardinality; wherein any error correcting coding (ECC) can be used like (but not restricted to) Bose-Chaudhuri-Hochquenghem (BCH) codes, Reed-Solomon (RS) codes, low density parity check (LDPC) codes, Turbo codes, multilevel-code (MLC), or trellis coded modulation (TCM), or even direct encoding without encryption and/or without ECC can be used; wherein any framework of communication with side information, like Gel'fand-Pinsker or binning coding, can also be used to generate the watermark sequence w possibly from another secret key K2 while c is generated from K1, whereas w is combined with c resulting in y.

3. The method of claim 1 and claim 2 wherein said vector c may contain any mixture of alphanumeric symbols of any font and size in any language or vector graphics components or any selected waveforms or objects from a predefined database, uncoded random waveforms or said coded waveforms according to the selected index m1 and K1 associated with the product and representing visually readable or audible data while m2 associated with the same product in the PIN database is considered to be embedded into c as a watermark based on a secret key K2 using any suitable form of watermark coding based on Gel'fand-Pinsker or binning.

4. The method of claim 1 to claim 3 wherein said selected components for watermarking can be text structures, dots, lines, any symbologies, etc., vector graphics components (1D, 2D or 3D objects) represented by halftones, full tones or color; wherein elements suitable for modulation can be: single characters, parts or zones of single characters divided in a known manner, groups of characters, dots or lines, etc., vector graphics elements (segments, curves, polygons, etc.) or known parts/zones of them; wherein elements used for marking are selected based on any criteria, for example characters or vector graphics elements of sufficient size in prevision of future accurate detection.

5. The method of claim 1 wherein said function (b) performs the modulation of one or plural features among grayscale values, color values and halftone patterns (including round screen, line screen, elliptical screen or any its parameters including position, rotogravure screen, stochastic screen, geometric screen, continuous-tone screen or user programmable screen), within a complete character/symbol or only some of its parts applying any masking to achieve perceptual invisibility and said function (b) uses any suitable printing technology including (but not limited to) laser or ink-jet printing, offset printing, dye sublimation, thermal printing, laser engraving, electro-photographic techniques, continuous tone printing, intaglio, letter press, gravure, flexo-graphic printing or coating or any other reproduction technologies on various surfaces and using special inks.

6. The method of claim 1 wherein said function (b) performs the audio modulation of one or plural features of waveforms or its transform domain coefficients to carry said information and enabling its reproduction single or plural times using any transducer that converts electrical energy to audible vibrations, mechanical, electromechanical, piezoelectric or magnetic buzzers, tweeters, dynamic speakers, piezo-elements without oscillator (implemented in CMOS and TTL logic, GPIO pin toggled in an audio rate, etc.) or direct digital synthesizers, non-uniform coded surfaces producing sounds using various on/off, amplitude, phase or frequency modulation or combination of them.

7. The method of claim 1 and claim 6 wherein the printed information from the surface, packaging, certificate or any label yP and/or audio information yA are acquired as respectively vP and vA, processed such that the encoded data are decoded using proper secret key, comprising the steps of: (a) Acquiring the printed data yP using acquisition device (typically based but not limited to) camera of portable device or any special reader resulting in the data vP or applying direct manual input of the printed data using input means of portable device or stationary phones resulting in the vector ĉ″ or acquiring the audio signal vA reproduced either by the speaker from the printed data yP or directly by the audio reproduction device from yA;(b) Applying preprocessing and synchronization to enhance the accuracy of information extraction from the acquired data;(c) Extracting information from vP either directly ĉ or using OCR resulting in ĉ or from vA using audio demodulation and possibly decoding or speech recognition resulting in ĉ′″;(d) Decoding the information {circumflex over (m)} using secret key K and necessary synchronization;(e) Verifying the decoded information {circumflex over (m)} with said data m from claim 1(c) and generating message certifying their match or mismatch;(f) Informing the consumer about the result by displaying, vibrating, generating audio signals or messages or any other form of confirmation.

8. The method of claim 1 to claim 7 wherein the watermark data are extracted from vP and/or vA using Gel'fand-Pinsker decoder and corresponding key K2 resulting in {circumflex over (m)}2 while both {circumflex over (m)}1 and {circumflex over (m)}2 are compared with m1 and m2 considered in claim 3 to establish their match and informing the consumer about the result according to claim 7(f).

9. The method of claim 1 to claim 8 wherein said acquisition, processing and verification is performed directly on the portable device, or the acquired data are sent to the authentication server, which performs said processing and verification and sends back the confirmation of authenticity to the portable device, or said acquisition and processing are performed on the portable device and the decoded data {circumflex over (m)} or {circumflex over (m)}1, {circumflex over (m)}2 are sent to the authentication server, which performs verification and sends back the confirmation of authenticity while the information identifying the requesting portable device, time, etc. and the questioned product data {circumflex over (m)} or {circumflex over (m)}1, {circumflex over (m)}2 are jointly registered in the database of requests.

10. The method of claim 1 to claim 9 wherein said request for authentication is sent to the address (service telephone number, URL address, e-email address or any other electronic pointer), reproduced on the product surface, packaging, label, certificate or any other accompanying document, which is either very unique for a given brand, group of products or publicly known to prevent the false address attacks.

11. The method of claim 1 to claim 10 wherein said data yP or yA consist of open and hidden parts that are used for product authentication in several stages, comprising the steps of: (a) Acquiring open part of yP or yA by portable device and obtaining confirmation based on the verification procedures of claim 7 to claim 10;(b) Registering the request in the database of requests and confirming or rejecting the product authenticity within the restricted shopping or authentication area;(c) In the case of predefined number of negative confirmations from the same identified portable device, informing the consumer about the repetitive failures to authenticate the product and asking the consumer to take the corresponding measures while denying all further authentication services for a defined period of time to protect the authentication server against exhaustive search, guessing or overload attacks;(d) In the case of positive confirmation, proceeding with buying, opening and consuming stages, while the final authentication is performed based on the hidden parts of yP or yA using the acquisition by the portable device and verification procedures of claim 7 to claim 10;(e) Confirming or rejecting product authenticity based on the verification of the decoded hidden data comparing it with said data in the product database and registering the request in the request database;(f) Communicating the authentication results to the requesting portable device using any of available communication means such as SMS, MMS, EMS, E-mail, etc.;(g) Registering the number of successful and unsuccessful authentication requests from a given portable device for future usage such as bonuses, discounts, free communication services, phone ringtons, sounds or clips, or any other benefits from a frequent buying programs;(h) Marking the PIN that passed the successful authentication after two of the above stages as a bought one and updating the product database accordingly.

12. The method of claim 11 wherein said hidden part of yP or yA can be revealed by removing the protecting cover, layer, opening the packaging or product in such a way that the integrity of the hidden part is destroyed and unrecoverable.

13. The method of claim 11 and claim 12 wherein said hidden part of yP can be only read a predefined number of times or during some time after opening, for example, using printing by certain color inks whose properties might be changed shortly after opening under the light exposition, or yA can be reproduced only a predefined number of times using electrical or mechanical features of audio reproduction device or self-destroyable materials or materials that change or modify their properties under specific conditions to prevent product or packaging reuse or refillment and indicate the fact that a given product was bought or consumed.

14. The method of claim 11(f) wherein said confirmation containing PIN, time of verification requests and information about requesting portable device are additionally encrypted and encoded into text, image, graphics, barcode or audio signal using a secret key unknown to the consumer, sent to the consumer either after successful complete product authentication, or after certain number of the above attempts or on the consumer demand and can be used as the confirmation proof of product authenticity and authentication requests of the bought product certified by the authentication services.

15. The method of claim 3 and claim 4 wherein any watermark signal detection, estimation, channel state estimation and compensation, desynchronization estimation and compensation technique are applied to ĉ in order to get ŵ; wherein any decoding can be applied to ŵ to decode the message {circumflex over (m)}, including any ECC decoding like soft-decision decoder and multi-stage decoder (MSD).

16. The method of claim 7(b) wherein said function (b) uses any elements of segmentation technique, which can be (but is not limited to) contour extraction, morphological operators, or shape analysis; wherein optical character recognition (OCR) is not required in the case of text documents, although it can be also used in parallel for enhancement purpose for audio processing.

17. The method of claim 1 and wherein possible hard-copy supports include in (b) (but are not limited to) standard or special high-quality paper, cellulose, cartoon, ruffled surface, plastic, glass, metallic, ceramics, or any other physical support.

18. The methods of claims from claim 1 to claim 17 wherein said invention is applicable to numerous secure or non-secure applications, which are (but are not limited to) the following: (a) Prevention of creation of identical copies whereas the counterfeits are made with the same ingredients, formulas and packaging as originals, but not by the original manufacturer;(b) Prevention of creation of look-alikes when the counterfeits are featuring high-quality packaging and convincing appearances whereas look-alikes contain little or no active ingredients and may be made with harmful or neutral substances;(c) Prevention of usage of rejected products or brands that have been rejected by the manufacturer for not meeting quality standards;(d) Prevention of usage re-labeled goods or brands when either their expiration dates are passed or been distributed by unauthorized sources, or the value, quality or quantity been modified.(e) Prevention of reuse, refillment or illegal circulation of objects, goods or products;(f) Product or packaging tracking, tracing, quality of service control, market analysis, advertisement, promotion, marketing as well as investigation of sources of counterfeiting or counterfeited objects distribution and selling;(g) Secure delivery and distribution of products through any distribution channels in any country or region supporting said communication services;(h) Joint integration with RFIDs, barcodes, Electronic Product Codes (EPC), Physical Markup Language (PML) or any other marking methods.

19. The methods of claims from claim 1 to claim 18 wherein said invention is applicable to many kinds of products, brands and packaging, which are (but are not limited to) the following: (a) Anti-counterfeiting labels or packaging, boxes, shipping invoices, tax stamps, postage stamps and various printed documents associated with the product for authentication and certification of its origin;(b) Medical prescriptions;(c) Medicines and pharmaceutical products;(d) Adulterated food, beverages, alcohol as well as coffee and chocolate;(e) Baby food and children toys;(f) Clothing, footwear and sportswear;(g) Health, skin care products, personal care and beauty aids items including perfume, cosmetics, shampoo, toothpaste, etc.;(h) Household cleaning goods;(i) Luxury goods including watches, clothing, footwear, jewelry, glasses, cigarettes and tobacco, products from leather including handbags, gloves, etc.;(j) Car, helicopter and airplane parts and electronic chipsets for computers, phones and consumer electronics;(k) Prepaid cards for communications or other services using similar protocol of credit recharging;(l) Computer software, video and audio tapes, CDs, DVDs and other means of multimedia data storage with music, movies and video games.

20. The methods of claims from claim 1 to claim 18 wherein said invention is applicable to the authentication of lost or stolen objects including but not limited to cars, vehicles, luxury goods or arts or second hand or used objects with the need to identify their origin and to prevent attempts of unauthorized reselling when the potential consumer is communicating the PIN to the said authentication server whose address is either common for the given brand, group of products or provided by the certified authority who manages the corresponding database that contains the PINs of the above objects, their parts or components, and takes the decision depending on the authentication server reply or potentially providing the feedback information about the people attempting to perform the above unauthorized actions while with the possibility of remote database update about the lost or stolen object providing its PIN and personal data uniquely identifying the claiming person.

21. The methods of claims from claim 1 to claim 18 wherein said invention is applicable to documents certifying the origin, state or ownership status of objects that include but are not limited to: the car or vehicle technical passports, technical passports, certificates of origin, notary documents establishing the object ownership, etc. to prevent attempts at unauthorized object misusage when the certificate number is communicated to the said authentication server that contains the copy of the certificate or of the recent updated status that can be sent back to the requesting party.