Title of Invention	"A METHOD FOR CHECKING THE AUTHENTICITY OF A PRODUCT PIECE"
Abstract	A method for checking the authenticity of a product piece (9) by means of a product control sequence (8), affixed on or to the product piece (9), and using the Internet (10), characterized by the following method steps detecting the product control sequence (8) on the side of the person (2) submitting the control request, transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11), decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair, checking the authenticity of the decoded check sequence or a sequence derived from it, transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check.

Title of Invention

"A METHOD FOR CHECKING THE AUTHENTICITY OF A PRODUCT PIECE"

Abstract

A method for checking the authenticity of a product piece (9) by means of a product control sequence (8), affixed on or to the product piece (9), and using the Internet (10), characterized by the following method steps detecting the product control sequence (8) on the side of the person (2) submitting the control request, transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11), decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair, checking the authenticity of the decoded check sequence or a sequence derived from it, transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check.

Full Text	The present invention relates to a method for checking the authenticity of a product piece. CROSS-REFERENCE TO RELATED APPLICATION 0001 This is a continuation of International Patent Application No. PCT/EP2004/005581 filed May 25, 2004, designating the United States and claiming priority of 'German Patent Application No. 103 28 328.5 filed June 25, 2003, the disclosure of all of the foregoing applications being incorporated herein by reference. BACKGROUND OF THE INVENTION 0002 The invention relates to a system for protecting products against imitation as well as to check the authenticity of products and/or to detect product imitations. O003 Very few products "are protected against imitations. Increasingly better technical options and involved methods used by the imitators result in ever better imitations. Consumers and dealers can rarely distinguish at first glance between the original product and the imitated product. The result is a drop in turnover, liability claims, and loss of image for the producers of proprietary goods. The conventional identification features of many brand names, for example labels and packaging, no longer present obstacles for imitators. In addition to the product itself, its complete presentation is imitated these days. 0004 Attempts have been made to counter these imitations with the aid of special protective features, which require a high technical and financial expenditure and for the most part can be produced only by businesses specializing in this type of work. The product, or its packaging, or the accompanying documents are provided at the production stage already with protective features such as safeguarding threads, planchets, and the like, which are provided with one or several substances having a physical or chemical property that can be checked visually or with a machine, e.g. fluorescence or magnetism. Hologram labels, having a color effect which depends on the viewing angle and cannot be reproduced by copiers, represent a favorite protection feature that is affixed to the product or its packaging. The known measures for increasing the protection against imitation and increasing the rate of detection of imitations furthermore include the use of microtext, guilloche print, kinegrams, transponders, and the like. 5 However, the protective features used in each case make sense only for a restricted number of products, for example depending on legal, medical, or even economic requirements. Technologically involved measures may also require sensors and measuring devices, which are not readily available, for checking the imitations. Conversely, the simpler and cheaper the production of the protective feature, the smaller the technical advantage, upon which the protective feature is based, as compared to the imitator. 6 The so-called unique-card-method is known from German Unexamined Published Application DE-OS 27 34 456. With this method, an open information such as an account number and/or a personalizing information is combined with a unique number to form an encoded information, wherein this information is then input into a recording medium. During the reading and checking of the recording medium, the open information is initially derived again from the coded information and the unique number. This open information is then compared to the open information recorded on the recording medium. This method is used to protect ID cards and documents. 0007 German Unexamined Published Application DE 28 26 469 C2 discloses a method and a device for protecting documents, for which an identification number is encoded and recorded on the document. During the check, the coded identification number read out of the document is decoded and is compared to the original identification number. SUMMARY OF THE INVENTION 8 It is the object of the present invention to propose a general product protection method which can in principle be used for all types of products, has the lowest possible requirements with regard to checking, and is cost-effective. 9 This object is solved according to the invention with a method for producing a product protection identification as defined in claim 1, with a product piece that cannot be imitated as defined in claim 12, and with a method for checking the authenticity of a product piece as defined in claim 23, as well as with a product protection server structure as defined in claim 37. Advantageous modifications of the invention follow from the dependent claims. Computer program products for implementing the method according to the invention follow from claims 44, 45. 10 With the method according to the invention, a product-specific identification sequence is initially determined for each product piece in order to generate a product protection identification which is affixed to or on the product piece, thus ensuring the authenticity of a product piece. The product-specific identification sequence or a sequence derived from it is encoded with the aid of an encoding method (Fl) , using a secret encoding sequence (B) , wherein a coded check sequence is generated. A product control sequence comprising the coded check sequence or a sequence derived from it is affixed on or to the product piece. 11 In order to distinguish original products from imitations, a secret encoding sequence (B) as well as an encoding method (Fl) is made available to the producer of a product, which enables the producer to convert the respective product-specific identification sequence into a coded check sequence which is then affixed to or on the product piece. Instead of ensuring the authenticity of a product piece with the aid of physical, measuring-technical, or chemical product features, the method according to the invention identifies imitations with the aid of the cryptographically generated product control sequence. A protective feature can thus be made available, which can be used for all product groups because it is not dependent on physical or chemical product characteristics. No sensors or measuring devices are required for testing the authenticity of a product, but only a check of the authenticity of the product control sequence. Since only an encoding method is used in place of complicated protective features (for example microtext, guilloche print, kinegrams, transponders, etc.), the method according to the invention is also much more cost-effective than the protective features employed so far. 12 It is advantageous if the coded check sequence (C) cannot be generated from the product-specific identification sequence (K) without knowledge of the secret encoding sequence (B). Only producers who possess the secret encoding sequence can generate product control sequences for the product pieces they produce. The secret encoding sequence (B) cannot be derived from the product control sequences of products that are commercially available. 13 According to a different advantageous embodiment of the invention, the product control sequence comprises the product-specific identification sequence (K) in addition to the encoded check sequence (C) or the sequence derived from it. With this embodiment of the invention, the product control sequence contains the non-encoded identification sequence (K) as well as the coded check sequence (C) . Thus, the authenticity of the product control sequence can be tested by checking whether the two segments of the product control sequence match, for example by realizing a decoding of the coded check sequence (C) or an encoding of the product-specific identification sequence (K). 14 It is furthermore advantageous if the serial number for the product piece is used for the product-specific identification sequence (K). The serial number is generated during the production and permits allocating a product piece to a specific batch. In particular when producing higher-quality products, it is standard practice to affix a serial number. The serial number can be supplemented easily by adding the encoded check sequence in order to generate the product control sequence according to the invention. 15 According to a different and advantageous embodiment of the invention, the secret encoding sequence (B) is the secret code for a symmetric encoding method. Symmetric encoding methods are also referred to as single-key systems or secret key systems. A secret code, meaning a secret encoding bit sequence, is used to encode a product-specific identification sequence or a sequence derived from it. With symmetric encoding methods, the encoded sequence generated in this way can only be decoded with knowledge of this secret code, even if the encoding and decoding methods are generally known. Conversely, if the decoding of an encoded sequence with a secret code provides the underlying non-encoded sequence, this sequence can have been encoded only with knowledge of this secret code. 16 Symmetric methods can generally be realized very quickly and with little expenditure, using hardware or software. Using symmetric encoding methods furthermore has the advantage that the generally used code lengths and block lengths are relatively short. As a result, the generated check sequences and the product control sequences are also relatively short and can be affixed easily to the product pieces. 17 In particular, it is advantageous if the symmetric encoding method is selected from among the following encoding methods: Triple-DES, IDEA, CAST-128, Blowfish, RC5, f8, Rijndael. 18 Alternatively, it is an advantage if the secret encoding sequence (B) is the secret code for an asymmetric encoding method. Asymmetric encoding methods, which are also called two-key or public-key methods, use code pairs formed with a public code and a private code. Since the private code cannot be computed from the public code with the computer capacity available at the present time, the public code can be made public. With the product protection method according to the invention, it offers itself to use the secret code on the side of the producer for encoding the identification sequence or a sequence derived from it. The public code, which can be made freely available to all communication participants without secrecy requirements, can thus be used for testing the product authenticity. In particular, this allows a decentralized testing which can be carried out by the participating dealers and consumers at many different locations. All dealers can be provided with the public code required for the decoding operation. 19 It is particularly advantageous in that case if the asymmetric encoding method is selected from among the following encoding methods: RSA, ElGamal, DSA, ECC. 20 It is also advantageous if the product-specific identification sequence (K) is converted with a first hash method (hi) into a first hash sequence (hi (K) ) , prior to the encoding, wherein the encoded check sequence (C) is generated by encoding the first hash sequence (h1(K)) with the secret encoding sequence (B). Thus, a hash method (hi) is initially applied to the product-specific identification sequence and the resulting hash sequence is then encoded. The protection for the encoding that is realized can be increased on the whole by using a hash method in addition to the encoding operation. It is therefore nearly impossible for an imitator to determine the underlying encoding method (Fl) as well as the underlying secret encoding sequence (B) by using the encoded check sequence (C). 21 It is furthermore advantageous if, following the encoding, the encoded check sequence (C) is converted with the aid of a second hash method (h2) to a second hash sequence (h2 (C) ) , which is then affixed on or to the product piece as component of the product control sequence. With the aid of a second hash method (h2) , applied after the encoding operation, it is possible to shorten extremely long encoded check sequences (C) before they are affixed to or on the product piece as part of the product control sequence. In particular when using asymmetric encoding methods, which are characterized by long code lengths and block lengths, long encoded check sequences are created, which make it appear useful to apply a second hash method, wherein the second hash method on the whole increases the protection of the coding. 22 Selecting the first and second hash methods from among the following: MD 5, SEA-1, RIPE-MD 160, MDC-2 is particularly advantageous. 23 The imitation-proof product piece according to the invention comprises a product control sequence affixed to or on the product piece, which includes an encoded check sequence (C) or a sequence derived from it. The encoded check sequence (C) is generated specifically for the product piece by encoding a product-specific identification sequence (K) or a sequence derived from it with the aid of an encoding method (Fl) and using a secret encoding sequence (B) . In place of using the most expensive and hard to produce protective features possible, the protection against imitation for the product piece according to the invention is ensured by using an encoding method (Fl) and the use of a secret encoding sequence (B) . Generating and affixing the product control sequence to the product piece to be protected causes little expenditure and is cost-effective . °024 According to one advantageous embodiment of the invention, the product control sequence is affixed to the product piece in the form of an alpha-numerical character string. For example, the coded check sequence and the product control sequence can be generated in the form of bit sequences, wherein the product control sequence can be reproduced as a number sequence, with numbers ranging from 0 to 9, or as a sequence of ASCII characters, or as an optional alpha-numerical character string, and can be affixed to the product piece. 25 It is furthermore advantageous if the product control sequence is affixed to the product piece in a machine-readable form. For example, the product control sequence could be affixed to the product piece in the form of a universal unit code (barcode) or as machine-readable text. The product control sequence could also be stored on a magnetic strip, a storage chip, or any other electronic medium that is connected with the product, the product packaging, or the accompanying documents. With this type of embodiment of the invention, longer product control sequences can also be processed because no typing-in is required. 26 It is a further advantage if the product control sequence is affixed to the product piece as visually readable text. With this embodiment of the invention, the product control sequence can be checked by using a keyboard to type in the product control sequence. 27 According to a different advantageous embodiment of the invention, the product control sequence is affixed to a document enclosed with the product piece or to the packaging. In this way, a long product control sequence can be enclosed with the product without damaging the product appearance. 28 With the method according to the invention for checking the authenticity of a product piece, the authenticity of the product piece is checked via the Internet and a product control sequence that is affixed to or on the product piece. The product control sequence is detected in that case by the person submitting the control request and is transmitted via the Internet to a product protection server structure. On the side of the product protection server structure, a coded check sequence (C) that is derived from the product control sequence is decoded by means of a decoding method (F2) and a decoding sequence (A) , thereby generating a decoded check sequence. The decoding sequence (A) in this case forms a complementary code pair together with the encoding sequence (B) , used for the encoding. The authenticity of the decoded check sequence or a sequence derived from it is checked and the result of the authenticity check is then transmitted via the Internet to the person who submitted the control request. 0029 A dealer wanting to check the authenticity of product pieces can, for example, transmit the corresponding product control sequences via his/her Internet browser to the product protection server structure. There, the decoding of the encoded check sequence (C) and the authenticity check are carried out, with the advantage that no local devices are needed on the side of the dealer for checking the product authenticity. Sensors and measuring devices, such as provided according to prior art for checking physical or chemical protective features, are not needed with the method according to the invention. The total investment for implementing the product protection system according to the invention is therefore minimal. Since the decoding is not realized locally, but centrally on the side of the product protection server structure, a secret or a public code can optionally be used as decoding sequence (A). 0030 According to one advantageous embodiment of the invention, the decoding sequence (A) is the secret code for a symmetric encoding method. The use of a symmetric encoding method has the advantage of a relatively short code length as well as block length. Since the decoding of all control requests is realized centrally by the product protection server structure, keeping the decoding sequence (A) secret can be ensured with appropriate measures, for example by using firewalls, separate crypto servers, and the like. A further advantage of using a symmetric method is that the time required for each decoding operation is very short. 31 Alternatively, the public code for an asymmetric encoding method is advantageously used for the decoding sequence (A) . When using an asymmetric encoding method, no special arrangements are required to keep the public code, used for the decoding, a secret. With asymmetric encoding methods, the secret encoding sequence (B) cannot be derived either from the decoding method (F2), or the decoding sequence (A) , or from various random samples of pairs of non-encoded and encoded information bits. Even if an imitator were to obtain access to the public code, the decoding method, as well as various valid product control sequences, the imitator could not derive the secrete encoding sequence (B) from this. The imitator himself/herself therefore cannot generate valid product control sequences. 32 It is furthermore advantageous if the encoded check sequence (C) forms a sequence segment of the product control sequence or can be derived from a sequence segment of the product control sequence by applying a hash reversing function (h^1) . If, during the generating of the product control sequence, the encoded check sequence (C) was additional converted by means of a second hash method (h2) to a second hash sequence (h2(C)), then a hash reversing function (h2"1) must first be applied on the side of the product protection server structure to the respective segment of the product control sequence to obtain the coded check sequence (C). The coded check sequence (C) is subsequently decoded. 0033 It is furthermore advantageous if the decoded check sequence represents a product-specific identification sequence (K) or can be converted to a product-specific identification sequence (K) by applying a hash reversing function (h^1). If, during the generating of the product control sequence, the product-specific identification sequence (K) was converted to a first hash sequence (hi(K)), prior to the decoding and by means of a first hash method (hi) , then a hash reversing function (hi'1) must be applied after the decoding to the decoded check sequence, on the side of the product protection server structure, in order to obtain the individual identification sequence (K). 0034 According to a different advantageous embodiment of the invention, the authenticity of the decoded check sequence or a sequence derived from it is checked by comparing the decoded check sequence or the sequence derived from it with a product-specific identification code (K) , forming a segment of the product control sequence, or a hash sequence (hi(K)) derived from it. With this embodiment of the invention, the product control sequence comprises all information required for detecting the authenticity. The authenticity of the product control sequence can therefore be determined solely on the basis of the product control sequence itself, without requiring external information. 0035 Alternatively, it is an advantage if the authenticity of the decoded check sequence or a sequence derived from it is checked by checking whether the decoded check sequence or the sequence derived from it matches previously determined allotments. With this embodiment of the invention, all producers are provided with sequence allotments ahead of time. To check the authenticity of a decoded check sequence or a sequence derived from it, it is determined whether or not this sequence matches an allotment assigned to one of the producers. The advantage of this step is that for this embodiment of the invention, the product control sequence does not have to comprise the non-encoded information. The product control sequence only needs to comprise the encoded information. For that reason, relatively short product control sequences are sufficient for this embodiment of the invention. 36 It is advantageous if the legitimacy of the person submitting the control request is checked within the framework of checking a product control sequence. Only authorized dealers are permitted to inquire about product control sequences. In addition, the path of the checked product pieces can be followed by requesting the legitimacy of the person submitting the request. 37 According to another advantageous embodiment of the invention, a database entry is made into a login database within the framework of a request for a product control sequence, thus making it possible to put together a login database which comprises database entries for all previously checked product control sequences. Assuming an imitator obtains a series of product control sequences for original products and affixes these product control sequences to the imitated goods, this cryptographic method would show that the respective product control sequence is authentic. However, we now have several product pieces with identical product control sequences on the market. A multiple use of product control sequences of this type can be uncovered with the aid of the login database. 0038 It is advantageous if a login database is requested to determine whether earlier requests were submitted concerning the product control sequence of the product piece. Assuming a first dealer submits a control request for the first product pieces received and checks the product control sequences affixed to the product pieces. The cryptographic method supplies the result that the product control sequences are authentic and, in addition, enters the data for these product control sequences in the login database. If a second dealer submits control requests at a later time for second product pieces that are provided with the identical product control sequences, it can be determined with the aid of the login database that another dealer previously submitted control requests for these product control sequences. Two options are then available: the product of the first dealer was the original product, and the second dealer had the imitation, or vice versa. If a multiple use is detected, the product available to the dealer submitting the request can either be an imitation or it may have served as model for the imitation. 39 An effective protection can be achieved on the whole by combining the use of a cryptographic method with the establishment of a log for the various requests submitted by the various dealers. 40 It advantageous to compare at least one of the following: product control sequence, product-specific identification sequence (K) , encoded check sequence (C), decoded check sequence, or a sequence derived from it to database entries in the login database. In the process, the product piece is identified as either an imitation or a model for an imitation if at least one match is detected. A specific product piece can be identified with any of the aforementioned sequences because each of these sequences is specific to the respective product piece. If a multiple use is detected for the respectively used sequence, it indicates the presence of either an imitation or an original product which served as model for an imitation. 41 It is advantageous if a database entry for a control request also contains the date on which the control request was submitted. In addition, it is advantageous if a database entry contains the identity of the person submitting the control request. Upon detecting a multiple use of a product-specific sequence, the path taken by the imitation products can be traced back, using the information entered for the participating dealers and the points in time at which the dealers submitted the control requests. 42 The product protection server structure according to the invention makes it possible to implement a product production gateway for checking the authenticity of product pieces with the aid of a product control sequence affixed to or on the product piece. The product protection server structure comprises a web server module, which makes available websites of the product protection gateway via the Internet. A product control sequence is transmitted via the Internet to the web server module and the result of the authenticity check is transmitted via the Internet to the person submitting the control request. The product protection server structure furthermore comprises a cryptographic module for decoding an encoded check sequence (C) , derived from the product control sequence, by means of a decoding method (F2) and using a decoding sequence (A), thus generating a decoded check sequence. A complementary code pair is thus formed with the decoding sequence (A) and the encoding sequence (B) , used for the encoding. The authenticity of the decoded check sequence or a sequence derived from it is checked with the cryptographic module. 43 It is advantageous if the product protection server structure comprises a login database, which contains a database entry at least for each product control sequence for which the authenticity was determined. With the aid of such a login database, it is possible to prove the repeated use of product control sequences, an indication that a product imitation is present. 0044 The method used to generate a product-protection identification can be realized with a computer program product, provided with means for implementing the corresponding method steps on a computer, a signal processor, or the like. The method for checking the authenticity of a product piece can also be realized with the aid of a computer program product, which is provided with means for realizing corresponding method steps on a computer, a digital signal processor, or the like. BRIEF DESCRIPTION OF THE DRAWINGS 45 The invention is described further in the following with the aid of several exemplary embodiments shown in the drawing, which show in: 46 Figure 1 A representation of the product protection system according to the invention; 47 Figure 2 A schematic representation of the encoding and decoding of a product-specific identification sequence K; 48 Figure 3 A representation of the encoding and decoding of a product-specific identification sequence K, wherein a first hash function hi is applied to the identification sequence K prior to the encoding; 49 Figure 4 A representation of the encoding and decoding of a product-specific identification sequence K, wherein a second hash function h2 is applied to the encoded check sequence following the encoding; and 50 Figure 5 The implementing of a product protection gateway which is accessible via the Internet. DETAILED DESCRIPTION OF THE INVENTION 51 Figure 1 shows an overview over the product protection system according to the invention. The product protection system involves a producer 1 of the products, a dealer 2, as well as the provider of the product protection gateway 3. On the side of the producer 1, there is interest in permitting the buyers to check the product authenticity, so that the producer is protected against product imitations. For that purpose, the producer 1 assigns a specific identification sequence to each of the products that are produced by the producer. Any optional bit sequence, number sequence, or alphanumeric character string can be used as identification sequence. Using the serial number for the respective product as product-specific identification sequence consequently offers itself because this serial number is available as part of the production data 5. 52 Following this, an encoded check sequence 7 must first be generated on the side of the computer structure 6 for the producer, starting with the product-specific identification sequence 4 and using a secret encoding method. This encoded check sequence 7 can again be represented as bit sequence, test number, or alphanumeric character string. All encoding methods which use a secret encoding sequence can be used for encoding the identification sequence 4. Otherwise, optional product control sequences could be imitated by an imitator able to obtain the encoding sequence. Symmetric encoding methods can be used for the encoding, wherein these are also called single-key systems and/or secret-key systems. A secret code is used with these methods for encoding as well as decoding. A sequence encoded with a secrete code can only be decoded again with the aid of this secrete code, even if the encoding and decoding methods are generally known. 0053 Asymmetric encoding methods can be used as alternative to the symmetric encoding methods for encoding the product-specific identification sequence. The asymmetric encoding methods are also called two-key methods and/or public-key methods. Methods of this type utilize code pairs, which comprise respectively a secret code and an associated public code. With public key systems that correspond to present-day safety standards, the private code cannot be computed from the public code, given the presently available computer capacity. For that reason, the public code can be made freely accessible. Whereas the private code, which must be kept a secret, is known only to the owner and can be used exclusively by the owner, the public code of a user is freely accessible to all communication participants. 0054 When using an asymmetric encoding method, the private code of the producer 1 is used to encode the product-specific identification sequence 4. This code is available only on the computer system 6 of the producer 1 and must not be made public. 55 The associated public code of the code pair, which can be transmitted to all dealers and consumers without special safety precautions, is used to decode the check sequence 7 encoded in this way. In particular, this public code can also be made available via the Internet. 56 A product-specific identification sequence 4 as well as a coded check sequence 7 is then available for each product piece. To ensure the product authenticity, both sequences can be affixed jointly to the product, as product control sequence 8. The product control sequence 8 affixed on or to the product piece can take the form of a bit sequence, a number sequence, or an alphanumerical character string. For example, the product control sequence could be a number sequence containing a non-decoded serial number as the first component and an encoded test number as the second component. However, it is not absolutely necessary for the product control sequence 8 to comprise the identification sequence 4 as well as the encoded check sequence 7. The product control sequence 8 could also consist solely of the encoded check sequence 7. In that case, the product-specific identification sequence 4 would be obtained only during the decoding of the product control sequence 8. 0057 The product control sequence 8 can be affixed to the product in any optional form, for example by printing, embossing, stamping it on, or by printing it onto the packaging, and the like. The product control sequence 8 could also be printed onto a piece of paper enclosed with the packaging for the product. The product control sequence 8 can be affixed to the product in machine-readable or visually readable form. The machine-readable codes, for example, could be barcodes, but also magnetic strips or other magnetizable media for storing the product control sequence 8. 58 The product with the product control sequence 8 affixed to or on it is shipped via different distribution paths to a dealer 2 who wants to check the authenticity of the received product. The dealer 2 wants to be sure to have purchased the original product from the producer 1 and not a copy of the product, produced by an imitator. If the dealer 2 markets imitation products, the dealer risks not being able to market additional products once the imitation is discovered. The imitation products are frequently of poorer quality than the original products and, insofar, would also harm the reputation of the dealer 2. 59 To check the authenticity of a product 9 in the possession of the dealer, the dealer 2 accesses the server structure 11 of the product protection gateway 3 via the Internet 10. The dealer 2 must first provide identification to the product protection gateway by reporting the dealer identification 12, wherein a login ID and a password are generally used for legitimizing a user access. Once the dealer 2 has successfully proven his/her identity, the dealer is given access to the websites of the product protection gateway, which are transmitted by the server structure 11 via the Internet 10 to the browser of the dealer and are displayed there. The dealer can enter on one of the websites the product control sequence 8 for the good, at a specifically provided input window, whereupon the product control sequence 8 is transmitted via the Internet 10 to the server structure 11. 60 On the side of the server structure 11, the received product control sequence 8 is checked by means of a first check 13 and a second check 14 . The product control sequence 8 contains the encoded check sequence 7. This encoded check sequence is decoded in the first check 13 by means of a decoding method and using a decoding sequence, wherein a decoded check sequence is generated in the process. The decoding method complements the encoding method used on the side of the producer 1. 61 When using a symmetric method, the decoding sequence used during the decoding operation must coincide with the encoding sequence used on the side of the producer 1. With symmetric methods, it is necessary to keep the encoding sequence as well as the decoding sequence a secret. Keeping the decoding sequence a secret can be ensured because the decoding operation is realized centrally in the server structure 11. 62 If an asymmetric method is used, for which the encoded check sequence is generated on the side of the producer 1 with the aid of a secret encoding sequence, the encoded check sequence can be decoded with a public decoding sequence, a so-called "public key." Thus, when using an asymmetric method, it is not necessary to keep the decoding sequence a secret on the receiver side. This could become important for further development stages of the project, for which the product is no longer checked by means of the central server structure, but with a plurality of decentralized testing devices. The decoding sequence could then be stored in the form of a public code in all testing devices. 63 In cases where the product control sequence comprises the (non-encoded) identification sequence as well as the encoded check sequence as components, the decoded check sequence is first compared to the non- encoded identification sequence. The checked product control sequence is consistent in itself if the decoded check sequence coincides with the product-specific identification sequence, used as the starting point for computing the encoded check sequence. In that case, the result obtained with the first check 13 shows that the product control sequence of the product piece checked by the dealer 2 is authentic. If the decoded check sequence does not coincide with the product-specific identification sequence, then the product control sequence is not authentic. 0064 Thus, the product is an imitation if other sources of error can be ruled out. The check result is transmitted by the server structure 11 via the Internet 10 to the web browser for the dealer 2 and is displayed there. 65 The product control sequence of an alternative embodiment of the invention comprises as component of the product control sequence only the encoded check sequence, but not the product-specific identification sequence. In that case, the encoded check sequence is also initially decoded by means of the decoding method to generate a decoded check sequence. The decoded check sequence obtained in this way can be checked if the test-sequence allotments to the individual producers are known on the side of the server structure 11, by determining whether the decoded check sequence is contained in one of these allotted sequences. Insofar, it is not absolutely necessary for the identification number to be a component of the product control sequence. 66 However, imitations are conceivable for which the imitator obtains one or several product control sequences of original products and affixes these to the imitated product pieces. The imitated product then has a correct product control sequence and can therefore not be identified as imitation by means of the first check 13. A second check 14 is provided to discover such product imitations, wherein the actually requested product control sequence is compared to all earlier requested product control sequences. If a product control sequence is copied and affixed to an imitation product, the respectively involved dealers can over time submit control requests for the original product as well as the imitation product. As a result, multiple requests can be submitted over time for one and the same product control sequence. 0067 Multiple requests of this type are identified during the second check 14 with the aid of a login database 15. A corresponding database entry is stored in the login database 15 for each control request processed by the server structure 11. For identifying a control request, a database entry comprises at least one of the following sequences: the product control sequence, the product-specific identification sequence, the encoded check sequence, or the decoded check sequence. The database entry furthermore comprises the ID of the dealer submitting the control request, as well as the date and possibly also the time of day for the control request. Since this system is intended for world-wide use, the respective time zone where the requesting dealer resides must be entered in addition to recording the date and time of day. The date/time format must allow an international comparison of date and time for the various requests. 0068 Following each dealer request, the login database 15 is searched during the second check 14, using the product control sequence input by the dealer. If an earlier request was submitted for the product control sequence entered by the dealer, it leaves two possibilities: the product piece could be an imitation, or it could be an original product, for which the product control sequence was used as model for producing an imitation product. Further steps for checking the good can then be introduced on the basis of the identifications, stored in the login database, for the involved dealers who submitted the various requests, well as the date and time entries. 69 Once a product control sequence has been verified in the first check 13 and no multiple use of the product control sequence was detected during the second check 14, the server structure 11 will notify the dealer via the Internet 10 that the product piece presumably is not an imitation. However, this can still not be determined with absolute certainty because it would be conceivable for an imitator to have used a product control sequence of an original product which has not yet been checked. In that case, the system would detect an imitation only once it receives a request for the product control sequence of the original. 70 The encoding and decoding of the product-specific identification sequence K is shown schematically in Figure 2. On the side of the producer, the product- specific identification sequence K is encoded with the aid of the encoding method Fl and using the code B, wherein a coded check sequence C is obtained. 0071 The coded check sequence C is decoded again with the aid of the decoding method F2 and using the code A, wherein the product-specific identification sequence K is once more obtained. If the product control sequence comprises as component the product-specific identification sequence K in addition to the encoded check sequence C, then the identification sequence obtained through decoding can be compared to the identification sequence transmitted as component of the product control sequence. The product control sequence is authentic if these identification sequences coincide whereas the product control sequence could be an imitation if they do not coincide. Q072 So-called symmetric methods can be used for the encoding and decoding, which are also called single-key systems or secret-key systems. With these methods, the encoding method Fl and the respective secret code B, used for the protection, coincide with the decoding method F2 and the corresponding secret code A, used for the control. With single-key methods of this type, the code B used by the producer for the protection, as well as the code A, used on the side of the product production gateway, must be kept secret. 0073 For the encoding operation, the secret code B is used only on the side of the producers where the required measures for keeping the code a secret can be taken. For example, the product control sequences can be generated on computers which are not connected to the Internet. For the decoding, the secret code A is needed only centrally on the side of the server structure for the product protection gateway. The measures required for keeping the code A secret can also be taken on the side of the server structure. Insofar, it does not represent a major restriction if the code B as well as the code A must be kept secret. Symmetric encoding methods can generally be realized very quickly and cheaply either with hardware or software. A further advantage is that the encoded check sequences, generated by means of a symmetric encoding method, normally have relatively short lengths, meaning the product control sequences also consist only of relatively short sequences of alpha-numerical characters. 0074 The secret code B used with symmetric encoding methods cannot be derived on the basis of various random samples of pairs of non-encoded and encoded information bits. A further critical feature of symmetric encoding methods is that the encoded information (C) cannot be generated from the non-encoded information (K) without the secret code B. A number of symmetric encoding methods exist, which are suitable for use with the product protection method according to the invention. One example is the method Triple DES, which successively uses the DES encoding method three times, wherein two or three different codes are used. DES provides for encoding plain text blocks with a length of 8 byte, using a 56 bit long code for cipher text blocks of 8 byte length. A different symmetric encoding method is the IDEA method, which is based on modulo-arithmetic and can be implemented easily with hardware and software. Alternatively, the symmetric encoding methods CAST-128, RC5, or f8 can also be used. The f8 method was primarily developed by ETSI within the framework of a 3rd generation partnership project (3GPP). The f8 method is a flow cipher, wherein the length of the data block to be encoded can range from I to 20,000 bit. It is based on the KASUMI block cipher (block length 64 bit) . KASUMI, in turn, is a derivative of the MISTY algorithm which was developed by Mitsubishi. A different symmetric encoding method is the Rijndael algorithm, which uses S boxes as non-linear components and can be implemented with hardware as well as software. 0075 To avoid that a producer must realize all encodings with the aid of one and the same private code B, an additional code management can be provided when using a symmetric encoding method. For example, different secret codes can be used in a chronological sequence, such that the validity of each code is limited in time. Shell models additionally exist for the code management, for which different code components of the inner and outer shell can be used jointly for the encoding. For example, different validity periods can be specified for the code components of the inner and outer shells. 0076 As an alternative to the symmetric encoding methods, asymmetric encoding methods can also be used for encoding and decoding the product-specific identification sequences. On the side of the producer, the identification sequence K is encoded by means of an encoding method Fl and using a code B. A secret code B must be used for the encoding since the use of a public code would allow anyone to generate an associated coded check sequence C for an identification sequence K. For the decoding, the encoded check sequence C is decoded by means of a decoding method F2 and using the code A. When using an asymmetric method, also referred to as two-key or public-key system, a public code that is freely accessible to anyone can be used for the decoding operation. With a public-key method, the secret code B and the public code A form a complementary code pair. The secret code B, used for the encoding with asymmetric methods, cannot be obtained either on the basis of the decoding method F2 used during the check, or the public code A used for the decoding, at least not with presently available computer capacities. The secret code B also cannot be derived from different random samples of pairs of non-encoded and encoded information bits. The secret code B thus is available only to the producer and cannot be derived from the publicly accessible information. Another important feature of asymmetric encoding methods is that the encoded information (C) cannot be obtained on the basis of the non-encoded information (K) without using the secret code (B). 77 The RSA method, for example, can be used as asymmetric encoding method. With the RSA method, the protection is based on the factorizing of large numbers, wherein the public and private codes depend on a pair of large prime numbers (p, q). Also suitable is the asymmetric encoding method ElGamal, for which the protection depends on the difficulty of computing discrete logarithms via a finite body. Alternatively, DSA can be used and is also based on the problem of a discrete logarithm. The asymmetric encoding method DSA uses several parameters, among others a prime number p, for which the bit length is synonymously called the code length, a 160 bit long prime factor of p-1, as well as the hash function SHA. The asymmetric ECC method (elliptic curve cryptography), which can also be used, is likewise based on the problem of computing the discrete logarithm. 78 To increase the encoding protection and shorten long check sequences, so-called hash methods can be used in addition to the actual encoding method. Figure 3 shows a hash method h1 which is applied to the product- specific identification sequence K prior to the actual encoding operation, thereby generating the hashed identification sequence hi(K). This hashed identification sequence hi(K) is subsequently encoded by means of the encoding method Fl and using the code B in order to obtain the encoded check sequence C. 79 Two different options for decoding the encoded check sequence C are shown on the right side of Figure 3. For the variant with reference (i) , the encoded check sequence C is initially decoded by means of the decoding method F2 and using the code A, thereby generating the hashed identification sequence hi (K) . In a second step, the reversing function h^1 of the hash function hi is applied to this hashed identification sequence hi(K), so as to obtain the product-specific identification code K. This identification sequence, which is obtain through decoding, can then be compared to the identification sequence that is transmitted as component of the product control sequence. 80 For the decoding method variant with reference (ii), the encoded check sequence C is also initially decoded by means of the decoding method F2 and using the code A, wherein the hashed identification sequence h1 (K) is obtained. In addition, the hash function h1 is applied to the identification sequence K, transmitted as component of the product control sequence, thereby also generating the hashed identification sequence h1(K). The authenticity of the product control sequence can be checked by comparing the hashed identification sequences obtained by decoding C and applying hi to K. The encoding protection can be improved further by using a hash method prior to the encoding operation. 81 As an alternative or in addition, it is also possible to first realize the encoding and then apply the hash function to the encoded sequence, as shown in Figure 4. The identification sequence K is first encoded by means of the encoding method Fl and using the code B, wherein the encoded check sequence C is obtained. Subsequently, the hash function h2 is applied to the encoded check sequence C to obtain the hashed sequence h2 (C) . In order to decode this sequence, the reversing function h^1 of the hash function h2 must first be applied to the hashed sequence h2 (C) , so as to obtain the encoded check sequence C. The encoded check sequence C can then be converted to the identification sequence K by means of the decoding method F2 and using the code A. A hash method that is used following the encoding operation is particularly useful for shortening long check sequences. As a result, the product control sequence, which comprises the encoded check sequence, is also shortened correspondingly. 82 The hash method hi shown in Figure 3, which is used prior to the encoding, can also be used together with a hash method h2 that is used after the encoding. In that case, the reversing function h2-1 would first have to be applied during the decoding operation. The resulting sequence would subsequently be decoded and, finally, the reversing function hi"1 would be applied. 83 The hash functions MD 5, SHA-1, RIPE-MD 160, for example, which respectively provide a 160 bit long hash value, could be used as hash functions hi, h2. The hash function MDC-2 could be used as alternative, for which the length of the hash value corresponds to twice the block length. 0084 Figure 5 shows the implementation of a product protection gateway which is accessible via the Internet. For a product control sequence request, the dealer establishes with the aid of his/her web browser 16 an Internet connection 17 to the web server 18 of the product protection gateway. A protected Internet connection is preferably established, for example an Internet connection protected by the SSL (secure socket layer) protocol, which allows the dealer access to the websites of the product production gateway. The web server 18 is designed so as to allow simultaneous access by several dealers. While an Internet connection 17 to the first dealer exists, a second dealer can establish an Internet connection 20 via his/her web browser 19 to the web server 18. The web server 18 is responsible for processing and transmitting the websites of the product protection gateway, wherein the websites can be designed, for example, according to the HTML (hyper text mark-up language) standard. The web server 18 communicates via an interface 21 with the application server 22 which processes the applications for the dealer requests. Two different computers can be used for the web server 18 and the application server 22, wherein these computers communicate via an internal protocol, for example via SSL. The web server 18 and the application server 22 can also be software modules, which can be installed on one and the same server computer. In that case, the interface 21 between both modules can be realized as joint process interface. 0085 Once a dealer has entered his/her ID and password on the corresponding Internet site, these data are transmitted by the web server 18 via the interface 21 to the application server 22 where they are processed by a process 23 that is responsible for the legitimacy check. A product control sequence input by the dealer also travels via the interface 21 to the application server 22 where a process 24 is implemented, which is responsible for checking the product control sequence. The process 24 transmits the product control sequence 25 to the crypto server 26. The crypto server 26 can be a separate computer, which is separated by a firewall from the application server 22 . However, the crypto server 26 can also be installed as cryptography module on the server computer, on which the other software modules are installed as well. The crypto server 26 realizes a decoding of the encoded check sequence contained in the product control sequence 25. Once the crypto server 26 has realized the decoding operation, shown in Figures 2 to 4, it compares the decoded check sequence with the non-encoded identification sequence K, which can be a component of the product control sequence 25. For an alternative embodiment of the invention, the crypto server 26 compares the decoded check sequence to a sequence allotted to the respective dealer. An authentic product control sequence exists if a match is detected. 0086 The result 27 of the authenticity check is transmitted back to the process 24. A second test is furthermore used for each product control sequence entered by the dealer to determine whether a request for this product control sequence was submitted at an earlier date. To realize this check, a process 28 is run on the application server 22 for querying the database. The process 28 transmits a request 29 to a login database 30. The login database contains data sets for previously processed requests and is preferably implemented as relational database, which can be queried with the aid of the query language SQL (structured request language). The request 29 contains the product control sequence, the identification sequence, the encoded check sequence, the decoded check sequence, or several of these sequences. The login database 30 is then checked to determine whether or not earlier requests for these sequences were submitted. The result 31 is then transmitted by the login database 30 to the process 28, wherein multiple prior requests indicate a suspicion of product imitation. However, if no prior requests for this product control sequence were found in the login database 30 and the requested product control sequence was identified as being authentic by the crypto server 26, the product with high reliability is an original product. 87 For each request relating to a valid product control sequence, a new entry is made in the login database 30, comprising either the product control sequence, or the identification sequence, or the encoded check sequence, or the decoded check sequence (or several such sequences). The database entry can additionally also contain the ID of the requesting dealer and possibly the date and time when the request was submitted. Future requests for product control sequences, for which an earlier request was submitted, can then be identified with the aid of the database entry. 88 The invention has been described in detail with respect to preferred embodiments, and it will now be apparent from the foregoing to those skilled in the art, that changes and modifications may be made without departing from the invention in its broader aspects, and the invention, therefore, as defined in the appended claims, is intended to cover all such changes and modifications that fall within the true spirit of the invention. We claim: 1. A method for checking the authenticity of a product piece (9) by means of a product control sequence (8), affixed on or to the product piece (9), and using the Internet (10), characterized by the following method steps: - detecting the product control sequence (8) on the side of the person (2) submitting the control request; - transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11); - decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair; checking the authenticity of the decoded check sequence or a sequence derived from it; transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check. 2. The method as claimed in claim 1, wherein the decoding sequence (A) is the secret code for a symmetric encoding method 3. The method as claimed in claim 1, wherein the decoding sequence (A) is the public code for an asymmetric encoding method. 4. The method as claimed in claim 1, wherein the product control sequence (8) comprises the encoded check sequence (C) in the form of a sequence segment, or wherein the encoded check sequence (C) is derived from a sequence segment of the product control sequence (8) by using a hash reversing function (I12"1). 5. The method as claimed in claim 1, wherein the decoded check sequence represents a product-specific identification sequence (K) or is converted to a product-specific identification sequence (K) by using a hash reversing function (hi"1). 6. The method as claimed in claim 1, wherein the authenticity of the decoded check sequence or a sequence derived from it is checked by comparing the decoded check sequence or the sequence derived from it to a product-specific identification sequence (K), which forms a sequence segment of a product control sequence (8), or a hash sequence (hi(K)) derived from it. 7. The method as claimed in claim 1, wherein the authenticity of the decoded check sequence or a sequence derived from it is checked by checking whether the decoded check sequence or the sequence derived thereof matches predetermined sequence allotments. 8. The method as claimed in claim 1, wherein the product-specific identification sequence (K) is the serial number for the product piece (9). 9. The method as claimed in claim 1, wherein the legitimacy of the party (2) submitting the control request is checked within the framework of checking a product control sequence (8). 10. The method as claimed in claim 1, wherein a database entry is made to a login database (15) within the framework of a control request for a product control sequence (8). 11. The method as claimed in claim 1, wherein a database request is implemented in a login database (15) to detect earlier control requests for the product control sequence (8) of the product piece (9). 12. The method as claimed in claim 10 or 11, wherein at least one of the following: the product control sequence (8), the product-specific identification sequence (K), the encoded check sequence (C) or the decoded check sequence or a sequence derived from it, is compared to entries in the login database (15), wherein the product piece (9) is identified as either an imitation or a model for an imitation if at least one match is found. 13. The method as claimed in claim 10 or 11, wherein a database entry for a control request includes the date for the control request. 14. The method as claimed in claim 10 or 11, wherein a database entry comprises the identity of the individual (2) submitting the control request. 15. A product-protection server structure (11) for implementing a product-protection gateway for checking the authenticity of product pieces (9) with the aid of a product control sequence (8) that is affixed on or to the product piece (9), characterized by: - a web server module which makes available websites of the product-protection gateway (11) via the Internet (10), wherein a product control sequence (8) detected on the side of the control requestor (2) is transmitted via the Internet (11) to the web server module, and wherein the result of the authenticity check is transmitted via the Internet (10) to the party (2) submitting the control request; - a cryptographic module, which decodes an encoded check sequence ( c), derived from the product control sequence (8), by means of a decoding method (F2) and using a decoding sequence (A), thereby generating a decoded check sequence, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it, and wherein the decoding sequence (A) forms a complementary code pair together with the encoding sequence (B) used for the encoding. 16. The product-protection server structure (11) as claimed in claim 15, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it by comparing the decoded check sequence or the sequence derived from it with a product-specific identification sequence (K), which forms a segment of the product control sequence (8), or a hash sequence (hi(K)) derived from it. 17. The product-protection server structure (11) as claimed in claim 15, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it by checking whether the decoded check sequence or a sequence derived from it matches predetermined sequence allotments. 18. The product-protection server structure as claimed in claim 15, wherein the cryptographic module decodes the encoded check sequence (C) by means of an asymmetric decoding method, using a public decoding sequence. 19. The product-protection server structure as claimed in claim 15, wherein the cryptographic module decodes the encoded check sequence (C) by means of a symmetric decoding method and using a secret decoding sequence. 20. The product-protection server structure (11) as claimed in claim 15, wherein a login database (15) comprises a database entry, at least for each product control sequence (8) for which the authenticity has been determined. 21. The product-protection server structure as claimed in claim 20, wherein at least one of the following: product control sequence (8), product-specific identification sequence (K), encoded check sequence (C), decoded check sequence, or a sequence derived from it, is compared to entries in the login database (15), wherein the product piece (9) is identified as an imitation or as a model for an imitation if at least one match is found. 22. An apparatus for checking the authenticity of a product piece (9) by means of a product control sequence (8), affixed on or to the product piece (9), and using the Internet (10), characterized by: - means for detecting the product control sequence (8) on the side of the person (2) submitting the control request; means for transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11); means for decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair; means for checking the authenticity of the decoded check sequence or a sequence derived from it; means for transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check.

Full Text

The present invention relates to a method for checking the authenticity of a product piece.
CROSS-REFERENCE TO RELATED APPLICATION
0001 This is a continuation of International Patent Application No. PCT/EP2004/005581 filed May 25, 2004, designating the United States and claiming priority of 'German Patent Application No. 103 28 328.5 filed June 25, 2003, the disclosure of all of the foregoing applications being incorporated herein by reference.
BACKGROUND OF THE INVENTION
0002 The invention relates to a system for protecting products against imitation as well as to check the authenticity of products and/or to detect product imitations.
O003 Very few products "are protected against imitations. Increasingly better technical options and involved methods used by the imitators result in ever better imitations. Consumers and dealers can rarely distinguish at first glance between the original product and the imitated product. The result is a drop in turnover, liability claims, and loss of image for the producers of proprietary goods. The conventional identification features of many brand names, for example labels and packaging, no longer present obstacles for imitators. In addition to the product itself, its complete presentation is imitated these days.
0004 Attempts have been made to counter these imitations with the aid of special protective features, which require a high technical and financial expenditure and

for the most part can be produced only by businesses specializing in this type of work. The product, or its packaging, or the accompanying documents are provided at the production stage already with protective features such as safeguarding threads, planchets, and the like, which are provided with one or several substances having a physical or chemical property that can be checked visually or with a machine, e.g. fluorescence or magnetism. Hologram labels, having a color effect which depends on the viewing angle and cannot be reproduced by copiers, represent a favorite protection feature that is affixed to the product or its packaging. The known measures for increasing the protection against imitation and increasing the rate of detection of imitations furthermore include the use of microtext, guilloche print, kinegrams, transponders, and the like.
5 However, the protective features used in each case
make sense only for a restricted number of products,
for example depending on legal, medical, or even
economic requirements. Technologically involved
measures may also require sensors and measuring
devices, which are not readily available, for checking
the imitations. Conversely, the simpler and cheaper
the production of the protective feature, the smaller
the technical advantage, upon which the protective
feature is based, as compared to the imitator.
6 The so-called unique-card-method is known from
German Unexamined Published Application DE-OS 27 34

456. With this method, an open information such as an account number and/or a personalizing information is combined with a unique number to form an encoded information, wherein this information is then input into a recording medium. During the reading and checking of the recording medium, the open information is initially derived again from the coded information and the unique number. This open information is then compared to the open information recorded on the recording medium. This method is used to protect ID cards and documents.
0007 German Unexamined Published Application DE 28 26 469
C2 discloses a method and a device for protecting
documents, for which an identification number is
encoded and recorded on the document. During the
check, the coded identification number read out of the
document is decoded and is compared to the original
identification number.
SUMMARY OF THE INVENTION
8 It is the object of the present invention to propose
a general product protection method which can in
principle be used for all types of products, has the
lowest possible requirements with regard to checking,
and is cost-effective.
9 This object is solved according to the invention
with a method for producing a product protection
identification as defined in claim 1, with a product
piece that cannot be imitated as defined in claim 12,

and with a method for checking the authenticity of a product piece as defined in claim 23, as well as with a product protection server structure as defined in claim 37. Advantageous modifications of the invention follow from the dependent claims. Computer program products for implementing the method according to the invention follow from claims 44, 45.
10 With the method according to the invention, a
product-specific identification sequence is initially
determined for each product piece in order to generate
a product protection identification which is affixed to
or on the product piece, thus ensuring the authenticity
of a product piece. The product-specific
identification sequence or a sequence derived from it
is encoded with the aid of an encoding method (Fl) ,
using a secret encoding sequence (B) , wherein a coded
check sequence is generated. A product control
sequence comprising the coded check sequence or a
sequence derived from it is affixed on or to the
product piece.
11 In order to distinguish original products from
imitations, a secret encoding sequence (B) as well as
an encoding method (Fl) is made available to the
producer of a product, which enables the producer to
convert the respective product-specific identification
sequence into a coded check sequence which is then
affixed to or on the product piece. Instead of
ensuring the authenticity of a product piece with the
aid of physical, measuring-technical, or chemical

product features, the method according to the invention identifies imitations with the aid of the cryptographically generated product control sequence. A protective feature can thus be made available, which can be used for all product groups because it is not dependent on physical or chemical product characteristics. No sensors or measuring devices are required for testing the authenticity of a product, but only a check of the authenticity of the product control sequence. Since only an encoding method is used in place of complicated protective features (for example microtext, guilloche print, kinegrams, transponders, etc.), the method according to the invention is also much more cost-effective than the protective features employed so far.
12 It is advantageous if the coded check sequence (C)
cannot be generated from the product-specific
identification sequence (K) without knowledge of the
secret encoding sequence (B). Only producers who
possess the secret encoding sequence can generate
product control sequences for the product pieces they
produce. The secret encoding sequence (B) cannot be
derived from the product control sequences of products
that are commercially available.
13 According to a different advantageous embodiment of
the invention, the product control sequence comprises
the product-specific identification sequence (K) in
addition to the encoded check sequence (C) or the
sequence derived from it. With this embodiment of the

invention, the product control sequence contains the non-encoded identification sequence (K) as well as the coded check sequence (C) . Thus, the authenticity of the product control sequence can be tested by checking whether the two segments of the product control sequence match, for example by realizing a decoding of the coded check sequence (C) or an encoding of the product-specific identification sequence (K).
14 It is furthermore advantageous if the serial number
for the product piece is used for the product-specific
identification sequence (K). The serial number is
generated during the production and permits allocating
a product piece to a specific batch. In particular
when producing higher-quality products, it is standard
practice to affix a serial number. The serial number
can be supplemented easily by adding the encoded check
sequence in order to generate the product control
sequence according to the invention.
15 According to a different and advantageous embodiment
of the invention, the secret encoding sequence (B) is
the secret code for a symmetric encoding method.
Symmetric encoding methods are also referred to as
single-key systems or secret key systems. A secret
code, meaning a secret encoding bit sequence, is used
to encode a product-specific identification sequence or
a sequence derived from it. With symmetric encoding
methods, the encoded sequence generated in this way can
only be decoded with knowledge of this secret code,
even if the encoding and decoding methods are generally

known. Conversely, if the decoding of an encoded sequence with a secret code provides the underlying non-encoded sequence, this sequence can have been encoded only with knowledge of this secret code.
16 Symmetric methods can generally be realized very
quickly and with little expenditure, using hardware or
software. Using symmetric encoding methods furthermore
has the advantage that the generally used code lengths
and block lengths are relatively short. As a result,
the generated check sequences and the product control
sequences are also relatively short and can be affixed
easily to the product pieces.
17 In particular, it is advantageous if the symmetric
encoding method is selected from among the following
encoding methods: Triple-DES, IDEA, CAST-128, Blowfish,
RC5, f8, Rijndael.
18 Alternatively, it is an advantage if the secret
encoding sequence (B) is the secret code for an
asymmetric encoding method. Asymmetric encoding
methods, which are also called two-key or public-key
methods, use code pairs formed with a public code and a
private code. Since the private code cannot be
computed from the public code with the computer
capacity available at the present time, the public code
can be made public. With the product protection method
according to the invention, it offers itself to use the
secret code on the side of the producer for encoding
the identification sequence or a sequence derived from
it. The public code, which can be made freely

available to all communication participants without secrecy requirements, can thus be used for testing the product authenticity. In particular, this allows a decentralized testing which can be carried out by the participating dealers and consumers at many different locations. All dealers can be provided with the public code required for the decoding operation.
19 It is particularly advantageous in that case if the
asymmetric encoding method is selected from among the
following encoding methods: RSA, ElGamal, DSA, ECC.
20 It is also advantageous if the product-specific
identification sequence (K) is converted with a first
hash method (hi) into a first hash sequence (hi (K) ) ,
prior to the encoding, wherein the encoded check
sequence (C) is generated by encoding the first hash
sequence (h1(K)) with the secret encoding sequence (B).
Thus, a hash method (hi) is initially applied to the
product-specific identification sequence and the
resulting hash sequence is then encoded. The
protection for the encoding that is realized can be
increased on the whole by using a hash method in
addition to the encoding operation. It is therefore
nearly impossible for an imitator to determine the
underlying encoding method (Fl) as well as the
underlying secret encoding sequence (B) by using the
encoded check sequence (C).
21 It is furthermore advantageous if, following the
encoding, the encoded check sequence (C) is converted
with the aid of a second hash method (h2) to a second

hash sequence (h2 (C) ) , which is then affixed on or to the product piece as component of the product control sequence. With the aid of a second hash method (h2) , applied after the encoding operation, it is possible to shorten extremely long encoded check sequences (C) before they are affixed to or on the product piece as part of the product control sequence. In particular when using asymmetric encoding methods, which are characterized by long code lengths and block lengths, long encoded check sequences are created, which make it appear useful to apply a second hash method, wherein the second hash method on the whole increases the protection of the coding.
22 Selecting the first and second hash methods from
among the following: MD 5, SEA-1, RIPE-MD 160, MDC-2 is
particularly advantageous.
23 The imitation-proof product piece according to the
invention comprises a product control sequence affixed
to or on the product piece, which includes an encoded
check sequence (C) or a sequence derived from it. The
encoded check sequence (C) is generated specifically
for the product piece by encoding a product-specific
identification sequence (K) or a sequence derived from
it with the aid of an encoding method (Fl) and using a
secret encoding sequence (B) . In place of using the
most expensive and hard to produce protective features
possible, the protection against imitation for the
product piece according to the invention is ensured by
using an encoding method (Fl) and the use of a secret

encoding sequence (B) . Generating and affixing the product control sequence to the product piece to be protected causes little expenditure and is cost-effective .
°024 According to one advantageous embodiment of the invention, the product control sequence is affixed to the product piece in the form of an alpha-numerical character string. For example, the coded check sequence and the product control sequence can be generated in the form of bit sequences, wherein the product control sequence can be reproduced as a number sequence, with numbers ranging from 0 to 9, or as a sequence of ASCII characters, or as an optional alpha-numerical character string, and can be affixed to the product piece.
25 It is furthermore advantageous if the product
control sequence is affixed to the product piece in a
machine-readable form. For example, the product
control sequence could be affixed to the product piece
in the form of a universal unit code (barcode) or as
machine-readable text. The product control sequence
could also be stored on a magnetic strip, a storage
chip, or any other electronic medium that is connected
with the product, the product packaging, or the
accompanying documents. With this type of embodiment
of the invention, longer product control sequences can
also be processed because no typing-in is required.
26 It is a further advantage if the product control
sequence is affixed to the product piece as visually

readable text. With this embodiment of the invention, the product control sequence can be checked by using a keyboard to type in the product control sequence.
27 According to a different advantageous embodiment of
the invention, the product control sequence is affixed
to a document enclosed with the product piece or to the
packaging. In this way, a long product control
sequence can be enclosed with the product without
damaging the product appearance.
28 With the method according to the invention for
checking the authenticity of a product piece, the
authenticity of the product piece is checked via the
Internet and a product control sequence that is affixed
to or on the product piece. The product control
sequence is detected in that case by the person
submitting the control request and is transmitted via
the Internet to a product protection server structure.
On the side of the product protection server structure,
a coded check sequence (C) that is derived from the
product control sequence is decoded by means of a
decoding method (F2) and a decoding sequence (A) ,
thereby generating a decoded check sequence. The
decoding sequence (A) in this case forms a
complementary code pair together with the encoding
sequence (B) , used for the encoding. The authenticity
of the decoded check sequence or a sequence derived
from it is checked and the result of the authenticity
check is then transmitted via the Internet to the
person who submitted the control request.

0029 A dealer wanting to check the authenticity of product pieces can, for example, transmit the corresponding product control sequences via his/her Internet browser to the product protection server structure. There, the decoding of the encoded check sequence (C) and the authenticity check are carried out, with the advantage that no local devices are needed on the side of the dealer for checking the product authenticity. Sensors and measuring devices, such as provided according to prior art for checking physical or chemical protective features, are not needed with the method according to the invention. The total investment for implementing the product protection system according to the invention is therefore minimal. Since the decoding is not realized locally, but centrally on the side of the product protection server structure, a secret or a public code can optionally be used as decoding sequence (A).
0030 According to one advantageous embodiment of the invention, the decoding sequence (A) is the secret code for a symmetric encoding method. The use of a symmetric encoding method has the advantage of a relatively short code length as well as block length. Since the decoding of all control requests is realized centrally by the product protection server structure, keeping the decoding sequence (A) secret can be ensured with appropriate measures, for example by using firewalls, separate crypto servers, and the like. A further advantage of using a symmetric method is that

the time required for each decoding operation is very short.
31 Alternatively, the public code for an asymmetric
encoding method is advantageously used for the decoding
sequence (A) . When using an asymmetric encoding
method, no special arrangements are required to keep
the public code, used for the decoding, a secret. With
asymmetric encoding methods, the secret encoding
sequence (B) cannot be derived either from the decoding
method (F2), or the decoding sequence (A) , or from
various random samples of pairs of non-encoded and
encoded information bits. Even if an imitator were to
obtain access to the public code, the decoding method,
as well as various valid product control sequences, the
imitator could not derive the secrete encoding sequence
(B) from this. The imitator himself/herself therefore
cannot generate valid product control sequences.
32 It is furthermore advantageous if the encoded check
sequence (C) forms a sequence segment of the product
control sequence or can be derived from a sequence
segment of the product control sequence by applying a
hash reversing function (h^1) . If, during the
generating of the product control sequence, the encoded
check sequence (C) was additional converted by means of
a second hash method (h2) to a second hash sequence
(h2(C)), then a hash reversing function (h2"1) must
first be applied on the side of the product protection
server structure to the respective segment of the
product control sequence to obtain the coded check

sequence (C). The coded check sequence (C) is subsequently decoded.
0033 It is furthermore advantageous if the decoded check
sequence represents a product-specific identification
sequence (K) or can be converted to a product-specific
identification sequence (K) by applying a hash
reversing function (h^1). If, during the generating of
the product control sequence, the product-specific
identification sequence (K) was converted to a first
hash sequence (hi(K)), prior to the decoding and by
means of a first hash method (hi) , then a hash
reversing function (hi'1) must be applied after the
decoding to the decoded check sequence, on the side of
the product protection server structure, in order to
obtain the individual identification sequence (K).
0034 According to a different advantageous embodiment of
the invention, the authenticity of the decoded check
sequence or a sequence derived from it is checked by
comparing the decoded check sequence or the sequence
derived from it with a product-specific identification
code (K) , forming a segment of the product control
sequence, or a hash sequence (hi(K)) derived from it.
With this embodiment of the invention, the product
control sequence comprises all information required for
detecting the authenticity. The authenticity of the
product control sequence can therefore be determined
solely on the basis of the product control sequence
itself, without requiring external information.

0035 Alternatively, it is an advantage if the authenticity of the decoded check sequence or a sequence derived from it is checked by checking whether the decoded check sequence or the sequence derived from it matches previously determined allotments. With this embodiment of the invention, all producers are provided with sequence allotments ahead of time. To check the authenticity of a decoded check sequence or a sequence derived from it, it is determined whether or not this sequence matches an allotment assigned to one of the producers. The advantage of this step is that for this embodiment of the invention, the product control sequence does not have to comprise the non-encoded information. The product control sequence only needs to comprise the encoded information. For that reason, relatively short product control sequences are sufficient for this embodiment of the invention.
36 It is advantageous if the legitimacy of the person
submitting the control request is checked within the
framework of checking a product control sequence. Only
authorized dealers are permitted to inquire about
product control sequences. In addition, the path of
the checked product pieces can be followed by
requesting the legitimacy of the person submitting the
request.
37 According to another advantageous embodiment of the
invention, a database entry is made into a login
database within the framework of a request for a
product control sequence, thus making it possible to

put together a login database which comprises database entries for all previously checked product control sequences. Assuming an imitator obtains a series of product control sequences for original products and affixes these product control sequences to the imitated goods, this cryptographic method would show that the respective product control sequence is authentic. However, we now have several product pieces with identical product control sequences on the market. A multiple use of product control sequences of this type can be uncovered with the aid of the login database. 0038 It is advantageous if a login database is requested to determine whether earlier requests were submitted concerning the product control sequence of the product piece. Assuming a first dealer submits a control request for the first product pieces received and checks the product control sequences affixed to the product pieces. The cryptographic method supplies the result that the product control sequences are authentic and, in addition, enters the data for these product control sequences in the login database. If a second dealer submits control requests at a later time for second product pieces that are provided with the identical product control sequences, it can be determined with the aid of the login database that another dealer previously submitted control requests for these product control sequences. Two options are then available: the product of the first dealer was the original product, and the second dealer had the

imitation, or vice versa. If a multiple use is detected, the product available to the dealer submitting the request can either be an imitation or it may have served as model for the imitation.
39 An effective protection can be achieved on the whole
by combining the use of a cryptographic method with the
establishment of a log for the various requests
submitted by the various dealers.
40 It advantageous to compare at least one of the
following: product control sequence, product-specific
identification sequence (K) , encoded check sequence
(C), decoded check sequence, or a sequence derived from
it to database entries in the login database. In the
process, the product piece is identified as either an
imitation or a model for an imitation if at least one
match is detected. A specific product piece can be
identified with any of the aforementioned sequences
because each of these sequences is specific to the
respective product piece. If a multiple use is
detected for the respectively used sequence, it
indicates the presence of either an imitation or an
original product which served as model for an
imitation.
41 It is advantageous if a database entry for a control
request also contains the date on which the control
request was submitted. In addition, it is advantageous
if a database entry contains the identity of the person
submitting the control request. Upon detecting a
multiple use of a product-specific sequence, the path

taken by the imitation products can be traced back, using the information entered for the participating dealers and the points in time at which the dealers submitted the control requests.
42 The product protection server structure according to
the invention makes it possible to implement a product
production gateway for checking the authenticity of
product pieces with the aid of a product control
sequence affixed to or on the product piece. The
product protection server structure comprises a web
server module, which makes available websites of the
product protection gateway via the Internet. A product
control sequence is transmitted via the Internet to the
web server module and the result of the authenticity
check is transmitted via the Internet to the person
submitting the control request. The product protection
server structure furthermore comprises a cryptographic
module for decoding an encoded check sequence (C) ,
derived from the product control sequence, by means of
a decoding method (F2) and using a decoding sequence
(A), thus generating a decoded check sequence. A
complementary code pair is thus formed with the
decoding sequence (A) and the encoding sequence (B) ,
used for the encoding. The authenticity of the decoded
check sequence or a sequence derived from it is checked
with the cryptographic module.
43 It is advantageous if the product protection server
structure comprises a login database, which contains a
database entry at least for each product control

sequence for which the authenticity was determined. With the aid of such a login database, it is possible to prove the repeated use of product control sequences, an indication that a product imitation is present.
0044 The method used to generate a product-protection
identification can be realized with a computer program
product, provided with means for implementing the
corresponding method steps on a computer, a signal
processor, or the like. The method for checking the
authenticity of a product piece can also be realized
with the aid of a computer program product, which is
provided with means for realizing corresponding method
steps on a computer, a digital signal processor, or the
like.
BRIEF DESCRIPTION OF THE DRAWINGS
45 The invention is described further in the following
with the aid of several exemplary embodiments shown in
the drawing, which show in:
46 Figure 1 A representation of the product protection
system according to the invention;
47 Figure 2 A schematic representation of the encoding
and decoding of a product-specific identification
sequence K;
48 Figure 3 A representation of the encoding and
decoding of a product-specific identification sequence
K, wherein a first hash function hi is applied to the
identification sequence K prior to the encoding;

49 Figure 4 A representation of the encoding and
decoding of a product-specific identification sequence
K, wherein a second hash function h2 is applied to the
encoded check sequence following the encoding; and
50 Figure 5 The implementing of a product protection
gateway which is accessible via the Internet.
DETAILED DESCRIPTION OF THE INVENTION
51 Figure 1 shows an overview over the product
protection system according to the invention. The
product protection system involves a producer 1 of the
products, a dealer 2, as well as the provider of the
product protection gateway 3. On the side of the
producer 1, there is interest in permitting the buyers
to check the product authenticity, so that the producer
is protected against product imitations. For that
purpose, the producer 1 assigns a specific
identification sequence to each of the products that
are produced by the producer. Any optional bit
sequence, number sequence, or alphanumeric character
string can be used as identification sequence. Using
the serial number for the respective product as
product-specific identification sequence consequently
offers itself because this serial number is available
as part of the production data 5.
52 Following this, an encoded check sequence 7 must
first be generated on the side of the computer
structure 6 for the producer, starting with the
product-specific identification sequence 4 and using a

secret encoding method. This encoded check sequence 7 can again be represented as bit sequence, test number, or alphanumeric character string. All encoding methods which use a secret encoding sequence can be used for encoding the identification sequence 4. Otherwise, optional product control sequences could be imitated by an imitator able to obtain the encoding sequence. Symmetric encoding methods can be used for the encoding, wherein these are also called single-key systems and/or secret-key systems. A secret code is used with these methods for encoding as well as decoding. A sequence encoded with a secrete code can only be decoded again with the aid of this secrete code, even if the encoding and decoding methods are generally known.
0053 Asymmetric encoding methods can be used as alternative to the symmetric encoding methods for encoding the product-specific identification sequence. The asymmetric encoding methods are also called two-key methods and/or public-key methods. Methods of this type utilize code pairs, which comprise respectively a secret code and an associated public code. With public key systems that correspond to present-day safety standards, the private code cannot be computed from the public code, given the presently available computer capacity. For that reason, the public code can be made freely accessible. Whereas the private code, which must be kept a secret, is known only to the owner and can be used exclusively by the owner, the public code

of a user is freely accessible to all communication participants.
0054 When using an asymmetric encoding method, the
private code of the producer 1 is used to encode the
product-specific identification sequence 4. This code
is available only on the computer system 6 of the
producer 1 and must not be made public.
55 The associated public code of the code pair, which
can be transmitted to all dealers and consumers without
special safety precautions, is used to decode the check
sequence 7 encoded in this way. In particular, this
public code can also be made available via the
Internet.
56 A product-specific identification sequence 4 as well
as a coded check sequence 7 is then available for each
product piece. To ensure the product authenticity,
both sequences can be affixed jointly to the product,
as product control sequence 8. The product control
sequence 8 affixed on or to the product piece can take
the form of a bit sequence, a number sequence, or an
alphanumerical character string. For example, the
product control sequence could be a number sequence
containing a non-decoded serial number as the first
component and an encoded test number as the second
component. However, it is not absolutely necessary for
the product control sequence 8 to comprise the
identification sequence 4 as well as the encoded check
sequence 7. The product control sequence 8 could also
consist solely of the encoded check sequence 7. In

that case, the product-specific identification sequence 4 would be obtained only during the decoding of the product control sequence 8.
0057 The product control sequence 8 can be affixed to the
product in any optional form, for example by printing,
embossing, stamping it on, or by printing it onto the
packaging, and the like. The product control sequence
8 could also be printed onto a piece of paper enclosed
with the packaging for the product. The product
control sequence 8 can be affixed to the product in
machine-readable or visually readable form. The
machine-readable codes, for example, could be barcodes,
but also magnetic strips or other magnetizable media
for storing the product control sequence 8.
58 The product with the product control sequence 8
affixed to or on it is shipped via different
distribution paths to a dealer 2 who wants to check the
authenticity of the received product. The dealer 2
wants to be sure to have purchased the original product
from the producer 1 and not a copy of the product,
produced by an imitator. If the dealer 2 markets
imitation products, the dealer risks not being able to
market additional products once the imitation is
discovered. The imitation products are frequently of
poorer quality than the original products and, insofar,
would also harm the reputation of the dealer 2.
59 To check the authenticity of a product 9 in the
possession of the dealer, the dealer 2 accesses the
server structure 11 of the product protection gateway 3

via the Internet 10. The dealer 2 must first provide identification to the product protection gateway by reporting the dealer identification 12, wherein a login ID and a password are generally used for legitimizing a user access. Once the dealer 2 has successfully proven his/her identity, the dealer is given access to the websites of the product protection gateway, which are transmitted by the server structure 11 via the Internet 10 to the browser of the dealer and are displayed there. The dealer can enter on one of the websites the product control sequence 8 for the good, at a specifically provided input window, whereupon the product control sequence 8 is transmitted via the Internet 10 to the server structure 11.
60 On the side of the server structure 11, the received
product control sequence 8 is checked by means of a
first check 13 and a second check 14 . The product
control sequence 8 contains the encoded check sequence
7. This encoded check sequence is decoded in the first
check 13 by means of a decoding method and using a
decoding sequence, wherein a decoded check sequence is
generated in the process. The decoding method
complements the encoding method used on the side of the
producer 1.
61 When using a symmetric method, the decoding sequence
used during the decoding operation must coincide with
the encoding sequence used on the side of the producer
1. With symmetric methods, it is necessary to keep the
encoding sequence as well as the decoding sequence a

secret. Keeping the decoding sequence a secret can be ensured because the decoding operation is realized centrally in the server structure 11.
62 If an asymmetric method is used, for which the
encoded check sequence is generated on the side of the
producer 1 with the aid of a secret encoding sequence,
the encoded check sequence can be decoded with a public
decoding sequence, a so-called "public key." Thus,
when using an asymmetric method, it is not necessary to
keep the decoding sequence a secret on the receiver
side. This could become important for further
development stages of the project, for which the
product is no longer checked by means of the central
server structure, but with a plurality of decentralized
testing devices. The decoding sequence could then be
stored in the form of a public code in all testing
devices.
63 In cases where the product control sequence
comprises the (non-encoded) identification sequence as
well as the encoded check sequence as components, the
decoded check sequence is first compared to the non-
encoded identification sequence. The checked product
control sequence is consistent in itself if the decoded
check sequence coincides with the product-specific
identification sequence, used as the starting point for
computing the encoded check sequence. In that case,
the result obtained with the first check 13 shows that
the product control sequence of the product piece
checked by the dealer 2 is authentic. If the decoded

check sequence does not coincide with the product-specific identification sequence, then the product control sequence is not authentic.
0064 Thus, the product is an imitation if other sources
of error can be ruled out. The check result is
transmitted by the server structure 11 via the Internet
10 to the web browser for the dealer 2 and is displayed
there.
65 The product control sequence of an alternative
embodiment of the invention comprises as component of
the product control sequence only the encoded check
sequence, but not the product-specific identification
sequence. In that case, the encoded check sequence is
also initially decoded by means of the decoding method
to generate a decoded check sequence. The decoded
check sequence obtained in this way can be checked if
the test-sequence allotments to the individual
producers are known on the side of the server structure
11, by determining whether the decoded check sequence
is contained in one of these allotted sequences.
Insofar, it is not absolutely necessary for the
identification number to be a component of the product
control sequence.
66 However, imitations are conceivable for which the
imitator obtains one or several product control
sequences of original products and affixes these to the
imitated product pieces. The imitated product then has
a correct product control sequence and can therefore
not be identified as imitation by means of the first

check 13. A second check 14 is provided to discover such product imitations, wherein the actually requested product control sequence is compared to all earlier requested product control sequences. If a product control sequence is copied and affixed to an imitation product, the respectively involved dealers can over time submit control requests for the original product as well as the imitation product. As a result, multiple requests can be submitted over time for one and the same product control sequence.
0067 Multiple requests of this type are identified during the second check 14 with the aid of a login database 15. A corresponding database entry is stored in the login database 15 for each control request processed by the server structure 11. For identifying a control request, a database entry comprises at least one of the following sequences: the product control sequence, the product-specific identification sequence, the encoded check sequence, or the decoded check sequence. The database entry furthermore comprises the ID of the dealer submitting the control request, as well as the date and possibly also the time of day for the control request. Since this system is intended for world-wide use, the respective time zone where the requesting dealer resides must be entered in addition to recording the date and time of day. The date/time format must allow an international comparison of date and time for the various requests.

0068 Following each dealer request, the login database 15
is searched during the second check 14, using the
product control sequence input by the dealer. If an
earlier request was submitted for the product control
sequence entered by the dealer, it leaves two
possibilities: the product piece could be an imitation,
or it could be an original product, for which the
product control sequence was used as model for
producing an imitation product. Further steps for
checking the good can then be introduced on the basis
of the identifications, stored in the login database,
for the involved dealers who submitted the various
requests, well as the date and time entries.
69 Once a product control sequence has been verified in
the first check 13 and no multiple use of the product
control sequence was detected during the second check
14, the server structure 11 will notify the dealer via
the Internet 10 that the product piece presumably is
not an imitation. However, this can still not be
determined with absolute certainty because it would be
conceivable for an imitator to have used a product
control sequence of an original product which has not
yet been checked. In that case, the system would
detect an imitation only once it receives a request for
the product control sequence of the original.
70 The encoding and decoding of the product-specific
identification sequence K is shown schematically in
Figure 2. On the side of the producer, the product-
specific identification sequence K is encoded with the

aid of the encoding method Fl and using the code B, wherein a coded check sequence C is obtained.
0071 The coded check sequence C is decoded again with the aid of the decoding method F2 and using the code A, wherein the product-specific identification sequence K is once more obtained. If the product control sequence comprises as component the product-specific identification sequence K in addition to the encoded check sequence C, then the identification sequence obtained through decoding can be compared to the identification sequence transmitted as component of the product control sequence. The product control sequence is authentic if these identification sequences coincide whereas the product control sequence could be an imitation if they do not coincide.
Q072 So-called symmetric methods can be used for the encoding and decoding, which are also called single-key systems or secret-key systems. With these methods, the encoding method Fl and the respective secret code B, used for the protection, coincide with the decoding method F2 and the corresponding secret code A, used for the control. With single-key methods of this type, the code B used by the producer for the protection, as well as the code A, used on the side of the product production gateway, must be kept secret.
0073 For the encoding operation, the secret code B is used only on the side of the producers where the required measures for keeping the code a secret can be taken. For example, the product control sequences can

be generated on computers which are not connected to the Internet. For the decoding, the secret code A is needed only centrally on the side of the server structure for the product protection gateway. The measures required for keeping the code A secret can also be taken on the side of the server structure. Insofar, it does not represent a major restriction if the code B as well as the code A must be kept secret. Symmetric encoding methods can generally be realized very quickly and cheaply either with hardware or software. A further advantage is that the encoded check sequences, generated by means of a symmetric encoding method, normally have relatively short lengths, meaning the product control sequences also consist only of relatively short sequences of alpha-numerical characters.
0074 The secret code B used with symmetric encoding methods cannot be derived on the basis of various random samples of pairs of non-encoded and encoded information bits. A further critical feature of symmetric encoding methods is that the encoded information (C) cannot be generated from the non-encoded information (K) without the secret code B. A number of symmetric encoding methods exist, which are suitable for use with the product protection method according to the invention. One example is the method Triple DES, which successively uses the DES encoding method three times, wherein two or three different codes are used. DES provides for encoding plain text

blocks with a length of 8 byte, using a 56 bit long code for cipher text blocks of 8 byte length. A different symmetric encoding method is the IDEA method, which is based on modulo-arithmetic and can be implemented easily with hardware and software. Alternatively, the symmetric encoding methods CAST-128, RC5, or f8 can also be used. The f8 method was primarily developed by ETSI within the framework of a 3rd generation partnership project (3GPP). The f8 method is a flow cipher, wherein the length of the data block to be encoded can range from I to 20,000 bit. It is based on the KASUMI block cipher (block length 64 bit) . KASUMI, in turn, is a derivative of the MISTY algorithm which was developed by Mitsubishi. A different symmetric encoding method is the Rijndael algorithm, which uses S boxes as non-linear components and can be implemented with hardware as well as software.
0075 To avoid that a producer must realize all encodings with the aid of one and the same private code B, an additional code management can be provided when using a symmetric encoding method. For example, different secret codes can be used in a chronological sequence, such that the validity of each code is limited in time. Shell models additionally exist for the code management, for which different code components of the inner and outer shell can be used jointly for the encoding. For example, different validity periods can

be specified for the code components of the inner and outer shells.
0076 As an alternative to the symmetric encoding methods, asymmetric encoding methods can also be used for encoding and decoding the product-specific identification sequences. On the side of the producer, the identification sequence K is encoded by means of an encoding method Fl and using a code B. A secret code B must be used for the encoding since the use of a public code would allow anyone to generate an associated coded check sequence C for an identification sequence K. For the decoding, the encoded check sequence C is decoded by means of a decoding method F2 and using the code A. When using an asymmetric method, also referred to as two-key or public-key system, a public code that is freely accessible to anyone can be used for the decoding operation. With a public-key method, the secret code B and the public code A form a complementary code pair. The secret code B, used for the encoding with asymmetric methods, cannot be obtained either on the basis of the decoding method F2 used during the check, or the public code A used for the decoding, at least not with presently available computer capacities. The secret code B also cannot be derived from different random samples of pairs of non-encoded and encoded information bits. The secret code B thus is available only to the producer and cannot be derived from the publicly accessible information. Another important feature of asymmetric encoding

methods is that the encoded information (C) cannot be obtained on the basis of the non-encoded information (K) without using the secret code (B).
77 The RSA method, for example, can be used as
asymmetric encoding method. With the RSA method, the
protection is based on the factorizing of large
numbers, wherein the public and private codes depend on
a pair of large prime numbers (p, q). Also suitable is
the asymmetric encoding method ElGamal, for which the
protection depends on the difficulty of computing
discrete logarithms via a finite body. Alternatively,
DSA can be used and is also based on the problem of a
discrete logarithm. The asymmetric encoding method DSA
uses several parameters, among others a prime number p,
for which the bit length is synonymously called the
code length, a 160 bit long prime factor of p-1, as
well as the hash function SHA. The asymmetric ECC
method (elliptic curve cryptography), which can also be
used, is likewise based on the problem of computing the
discrete logarithm.
78 To increase the encoding protection and shorten long
check sequences, so-called hash methods can be used in
addition to the actual encoding method. Figure 3 shows
a hash method h1 which is applied to the product-
specific identification sequence K prior to the actual
encoding operation, thereby generating the hashed
identification sequence hi(K). This hashed
identification sequence hi(K) is subsequently encoded

by means of the encoding method Fl and using the code B in order to obtain the encoded check sequence C.
79 Two different options for decoding the encoded check
sequence C are shown on the right side of Figure 3.
For the variant with reference (i) , the encoded check
sequence C is initially decoded by means of the
decoding method F2 and using the code A, thereby
generating the hashed identification sequence hi (K) .
In a second step, the reversing function h^1 of the
hash function hi is applied to this hashed
identification sequence hi(K), so as to obtain the
product-specific identification code K. This
identification sequence, which is obtain through
decoding, can then be compared to the identification
sequence that is transmitted as component of the
product control sequence.
80 For the decoding method variant with reference (ii),
the encoded check sequence C is also initially decoded
by means of the decoding method F2 and using the code
A, wherein the hashed identification sequence h1 (K) is
obtained. In addition, the hash function h1 is applied
to the identification sequence K, transmitted as
component of the product control sequence, thereby also
generating the hashed identification sequence h1(K).
The authenticity of the product control sequence can be
checked by comparing the hashed identification
sequences obtained by decoding C and applying hi to K.
The encoding protection can be improved further by
using a hash method prior to the encoding operation.

81 As an alternative or in addition, it is also
possible to first realize the encoding and then apply
the hash function to the encoded sequence, as shown in
Figure 4. The identification sequence K is first
encoded by means of the encoding method Fl and using
the code B, wherein the encoded check sequence C is
obtained. Subsequently, the hash function h2 is
applied to the encoded check sequence C to obtain the
hashed sequence h2 (C) . In order to decode this
sequence, the reversing function h^1 of the hash
function h2 must first be applied to the hashed
sequence h2 (C) , so as to obtain the encoded check
sequence C. The encoded check sequence C can then be
converted to the identification sequence K by means of
the decoding method F2 and using the code A. A hash
method that is used following the encoding operation is
particularly useful for shortening long check
sequences. As a result, the product control sequence,
which comprises the encoded check sequence, is also
shortened correspondingly.
82 The hash method hi shown in Figure 3, which is used
prior to the encoding, can also be used together with a
hash method h2 that is used after the encoding. In
that case, the reversing function h2-1 would first have
to be applied during the decoding operation. The
resulting sequence would subsequently be decoded and,
finally, the reversing function hi"1 would be applied.
83 The hash functions MD 5, SHA-1, RIPE-MD 160, for
example, which respectively provide a 160 bit long hash

value, could be used as hash functions hi, h2. The hash function MDC-2 could be used as alternative, for which the length of the hash value corresponds to twice the block length.
0084 Figure 5 shows the implementation of a product protection gateway which is accessible via the Internet. For a product control sequence request, the dealer establishes with the aid of his/her web browser 16 an Internet connection 17 to the web server 18 of the product protection gateway. A protected Internet connection is preferably established, for example an Internet connection protected by the SSL (secure socket layer) protocol, which allows the dealer access to the websites of the product production gateway. The web server 18 is designed so as to allow simultaneous access by several dealers. While an Internet connection 17 to the first dealer exists, a second dealer can establish an Internet connection 20 via his/her web browser 19 to the web server 18. The web server 18 is responsible for processing and transmitting the websites of the product protection gateway, wherein the websites can be designed, for example, according to the HTML (hyper text mark-up language) standard. The web server 18 communicates via an interface 21 with the application server 22 which processes the applications for the dealer requests. Two different computers can be used for the web server 18 and the application server 22, wherein these computers communicate via an internal protocol, for

example via SSL. The web server 18 and the application server 22 can also be software modules, which can be installed on one and the same server computer. In that case, the interface 21 between both modules can be realized as joint process interface.
0085 Once a dealer has entered his/her ID and password on the corresponding Internet site, these data are transmitted by the web server 18 via the interface 21 to the application server 22 where they are processed by a process 23 that is responsible for the legitimacy check. A product control sequence input by the dealer also travels via the interface 21 to the application server 22 where a process 24 is implemented, which is responsible for checking the product control sequence. The process 24 transmits the product control sequence 25 to the crypto server 26. The crypto server 26 can be a separate computer, which is separated by a firewall from the application server 22 . However, the crypto server 26 can also be installed as cryptography module on the server computer, on which the other software modules are installed as well. The crypto server 26 realizes a decoding of the encoded check sequence contained in the product control sequence 25. Once the crypto server 26 has realized the decoding operation, shown in Figures 2 to 4, it compares the decoded check sequence with the non-encoded identification sequence K, which can be a component of the product control sequence 25. For an alternative embodiment of the invention, the crypto server 26

compares the decoded check sequence to a sequence allotted to the respective dealer. An authentic product control sequence exists if a match is detected. 0086 The result 27 of the authenticity check is transmitted back to the process 24. A second test is furthermore used for each product control sequence entered by the dealer to determine whether a request for this product control sequence was submitted at an earlier date. To realize this check, a process 28 is run on the application server 22 for querying the database. The process 28 transmits a request 29 to a login database 30. The login database contains data sets for previously processed requests and is preferably implemented as relational database, which can be queried with the aid of the query language SQL (structured request language). The request 29 contains the product control sequence, the identification sequence, the encoded check sequence, the decoded check sequence, or several of these sequences. The login database 30 is then checked to determine whether or not earlier requests for these sequences were submitted. The result 31 is then transmitted by the login database 30 to the process 28, wherein multiple prior requests indicate a suspicion of product imitation. However, if no prior requests for this product control sequence were found in the login database 30 and the requested product control sequence was identified as being authentic by the crypto server 26, the product with high reliability is an original product.

87 For each request relating to a valid product control
sequence, a new entry is made in the login database 30,
comprising either the product control sequence, or the
identification sequence, or the encoded check sequence,
or the decoded check sequence (or several such
sequences). The database entry can additionally also
contain the ID of the requesting dealer and possibly
the date and time when the request was submitted.
Future requests for product control sequences, for
which an earlier request was submitted, can then be
identified with the aid of the database entry.
88 The invention has been described in detail with
respect to preferred embodiments, and it will now be
apparent from the foregoing to those skilled in the art,
that changes and modifications may be made without
departing from the invention in its broader aspects, and
the invention, therefore, as defined in the appended
claims, is intended to cover all such changes and
modifications that fall within the true spirit of the
invention.

We claim:
1. A method for checking the authenticity of a product piece (9) by
means of a product control sequence (8), affixed on or to the product
piece (9), and using the Internet (10), characterized by the following
method steps:
- detecting the product control sequence (8) on the side of the person (2) submitting the control request;
- transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11);
- decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair;
checking the authenticity of the decoded check sequence or a sequence derived from it;
transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check.
2. The method as claimed in claim 1, wherein the decoding sequence (A) is the secret code for a symmetric encoding method
3. The method as claimed in claim 1, wherein the decoding sequence (A) is the public code for an asymmetric encoding method.

4. The method as claimed in claim 1, wherein the product control sequence (8) comprises the encoded check sequence (C) in the form of a sequence segment, or wherein the encoded check sequence (C) is derived from a sequence segment of the product control sequence (8) by using a hash reversing function (I12"1).
5. The method as claimed in claim 1, wherein the decoded check sequence represents a product-specific identification sequence (K) or is converted to a product-specific identification sequence (K) by using a hash reversing function (hi"1).
6. The method as claimed in claim 1, wherein the authenticity of the decoded check sequence or a sequence derived from it is checked by comparing the decoded check sequence or the sequence derived from it to a product-specific identification sequence (K), which forms a sequence segment of a product control sequence (8), or a hash sequence (hi(K)) derived from it.
7. The method as claimed in claim 1, wherein the authenticity of the decoded check sequence or a sequence derived from it is checked by checking whether the decoded check sequence or the sequence derived thereof matches predetermined sequence allotments.
8. The method as claimed in claim 1, wherein the product-specific identification sequence (K) is the serial number for the product piece (9).
9. The method as claimed in claim 1, wherein the legitimacy of the party (2) submitting the control request is checked within the framework of checking a product control sequence (8).
10. The method as claimed in claim 1, wherein a database entry is made to a login database (15) within the framework of a control request for a product control sequence (8).

11. The method as claimed in claim 1, wherein a database request is implemented in a login database (15) to detect earlier control requests for the product control sequence (8) of the product piece (9).
12. The method as claimed in claim 10 or 11, wherein at least one of the following: the product control sequence (8), the product-specific identification sequence (K), the encoded check sequence (C) or the decoded check sequence or a sequence derived from it, is compared to entries in the login database (15), wherein the product piece (9) is identified as either an imitation or a model for an imitation if at least one match is found.
13. The method as claimed in claim 10 or 11, wherein a database entry for a control request includes the date for the control request.
14. The method as claimed in claim 10 or 11, wherein a database entry comprises the identity of the individual (2) submitting the control request.
15. A product-protection server structure (11) for implementing a product-protection gateway for checking the authenticity of product pieces (9) with the aid of a product control sequence (8) that is affixed on or to the product piece (9), characterized by:
- a web server module which makes available websites of the
product-protection gateway (11) via the Internet (10), wherein a product control sequence (8) detected on the side of the control requestor (2) is transmitted via the Internet (11) to the web server module, and wherein the result of the authenticity check is transmitted via the Internet (10) to the party (2) submitting the control request;

- a cryptographic module, which decodes an encoded check
sequence ( c), derived from the product control sequence (8), by means of a decoding method (F2) and using a decoding sequence (A), thereby generating a decoded check sequence, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it, and wherein the decoding sequence (A) forms a complementary code pair together with the encoding sequence (B) used for the encoding.
16. The product-protection server structure (11) as claimed in claim 15, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it by comparing the decoded check sequence or the sequence derived from it with a product-specific identification sequence (K), which forms a segment of the product control sequence (8), or a hash sequence (hi(K)) derived from it.
17. The product-protection server structure (11) as claimed in claim 15, wherein the cryptographic module checks the authenticity of the decoded check sequence or a sequence derived from it by checking whether the decoded check sequence or a sequence derived from it matches predetermined sequence allotments.
18. The product-protection server structure as claimed in claim 15, wherein the cryptographic module decodes the encoded check sequence (C) by means of an asymmetric decoding method, using a public decoding sequence.
19. The product-protection server structure as claimed in claim 15, wherein the cryptographic module decodes the encoded check sequence (C) by means of a symmetric decoding method and using a secret decoding sequence.

20. The product-protection server structure (11) as claimed in claim 15, wherein a login database (15) comprises a database entry, at least for each product control sequence (8) for which the authenticity has been determined.
21. The product-protection server structure as claimed in claim 20, wherein at least one of the following: product control sequence (8), product-specific identification sequence (K), encoded check sequence (C), decoded check sequence, or a sequence derived from it, is compared to entries in the login database (15), wherein the product piece (9) is identified as an imitation or as a model for an imitation if at least one match is found.
22. An apparatus for checking the authenticity of a product piece (9) by means of a product control sequence (8), affixed on or to the product piece (9), and using the Internet (10), characterized by:
- means for detecting the product control sequence (8) on the side of the person (2) submitting the control request;
means for transmitting of the product control sequence (8) via the Internet (10) to a product-protection server structure (11);
means for decoding an encoded check sequence (C) that is derived from the product control sequence (8), on the side of the product-protection server structure (11), by using a decoding method (F2) and a decoding sequence (A) and generating a decoded check sequence, wherein the decoding sequence (A) and the encoding sequence (B) together form a complementary code pair;
means for checking the authenticity of the decoded check sequence or a sequence derived from it;

means for transmitting of the result of the authenticity check via the Internet (11) to the person (2) requesting the check.

Documents:

6025-delnp-2005-Abstract-(20-05-2014).pdf

6025-DELNP-2005-Abstract-(30-04-2009).pdf

6025-DELNP-2005-Claims-(30-04-2009).pdf

6025-delnp-2005-Correspondence Others-(20-05-2014).pdf

6025-DELNP-2005-Correspondence-Others (04-11-2009).pdf

6025-delnp-2005-Correspondence-Others (17-11-2009).pdf

6025-delnp-2005-Correspondence-Others-(18-10-2012).pdf

6025-DELNP-2005-Correspondence-Others-(30-04-2009).pdf

6025-DELNP-2005-Description (Complete)-(30-04-2009).pdf

6025-DELNP-2005-Drawings-(30-04-2009).pdf

6025-DELNP-2005-Form-1-(30-04-2009).pdf

6025-DELNP-2005-Form-2-(30-04-2009).pdf

6025-DELNP-2005-Form-3-(30-04-2009).pdf

6025-DELNP-2005-Form-5-(30-04-2009).pdf

6025-delnp-2005-GPA-(20-05-2014).pdf

6025-DELNP-2005-GPA-(30-04-2009).pdf

6025-DELNP-2005-Petition-137-(30-04-2009).pdf

6025-DELNP-2005-Petition-138-(30-04-2009).pdf

6025-delnp2005-abstract.pdf

6025-delnp2005-claims.pdf

6025-delnp2005-correspondence-others.pdf

6025-delnp2005-description (complete).pdf

6025-delnp2005-drawings.pdf

6025-delnp2005-form-1.pdf

6025-delnp2005-form-18.pdf

6025-delnp2005-form-2.pdf

6025-delnp2005-form-3.pdf

6025-delnp2005-form-5.pdf

6025-delnp2005-pct-210.pdf

6025-delnp2005-pct-301.pdf

6025-delnp2005-pct-304.pdf

6025-delnp2005-pct-308.pdf

6025-delnp2005-pct-332.pdf

6025-delnp2005-PCT-338.pdf

« Previous Patent

Next Patent »

Patent Number

260729

Indian Patent Application Number

6025/DELNP/2005

PG Journal Number

21/2014

Publication Date

23-May-2014

Grant Date

19-May-2014

Date of Filing

23-Dec-2005

Name of Patentee

TUV RHEINLAND HOLDING AG

Applicant Address

AM GRAUEN STEIN, 51105 KOLN, GERMANY

Inventors:

#	Inventor's Name	Inventor's Address
1	RALF WILDE	DENEN GREEN HOUSE B-301, 5-2-2 DENEN-CHOFU, OTA-KU, TOKYO 145-0071, JAPAN
2	SEBASTIAN DOOSE	4-5-12 KITAYAMA, TSUZUKI-KU, YOKOHAMA 224-0021, JAPAN
3	KURT HEINZ	1-20-3 HIGASHI-TAMGAWA, SETAGAYA-KU, TOKYO 159-0084, JAPAN.

PCT International Classification Number

G06F 17/60

PCT International Application Number

PCT/EP2004/005581

PCT International Filing date

2004-05-25

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	103 28 328.5	2003-06-25	Germany