0

I have got some products, lets say A, B and C. I want to print a unique barcode for each of these products i.e even if there are 1000 product Cs, they all get the same barcode but this barcode should not be able to be duplicated by another person as the essence is to prevent fraud while maintaining originality of my product. Basically, I am trying to prevent my products from being duplicated by having barcodes on it that can be scanned to show authenticity from fake ones. What's the best way to go about the creation of these barcodes if it is possible.

Dee
  • 11
  • 1
  • 3
  • 3
    Your question is unclear. You want to create a unique barcode, but have "1000 product Cs" that all have the same barcode? – Xanmashi Aug 15 '16 at 14:45
  • 10
    if you can read it you can copy it... – TheHidden Aug 15 '16 at 14:48
  • 4
    Forget about the barcode, and think of your question abstractly: you effectively want to have something that can be read by one system (barcode scanner), but not by another (photocopier), and which can be printed by one system (you), but not by another (anyone else). It's pretty clear that these are conflicting requirements! Closest you'd get was banknotes, and even they have unique IDs printed on them, and they still get copied... – Matthew Aug 15 '16 at 15:01

4 Answers4

3

Sorry, it's not possible to do what you're asking; at least not directly. Barcodes are inherently copyable. If you can see it, an attacker can forge it. Instead, you'll need a different approach to securing the data.

You could physically hide the barcode until it's time to scan it. Some retailers use barcodes on their gift cards, and hide the activation barcodes inside the package. The cashier has to tear the package open in order to scan it, and they know not to scan a package if it's already been opened. You could also consider other technically similar approaches, like a peel-off or scratch-off covering over the barcode.

You could try authorizing your customers separately from these barcodes. Let's say you had your customer register to buy your product. You'd issue them an authorization code (perhaps email them a barcode that they print out and bring to the store). Then, when it comes time to scan the product's barcode, you'd require them to provide their authorization code as well.

As others have suggested, you could use a technology that's not a barcode. Most RFID chips have static data and are therefore clonable, but smart cards are not.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Thank you all for your very brilliant contributions. There are obviously many flaws as stated. Any suggestions on a possible methods that people can verify authenticity of a product? Something not as expensive as smart cards that can be placed on the packaging like a tin of milk or box of cereal? that the user can probably pick up his phone and verify it's authenticity? – Dee Aug 18 '16 at 08:38
1

You cannot do it with barcodes, or QR codes. Even watermarks aren't perfect; the government puts layers of highly sophisticated watermarks into paper currency, and counterfeiting still happens. Most paper medication prescriptions I've seen have as many as 10 different watermark/authenticity factors listed on the back, but people still forge prescriptions. As @silverpenguin stated in the comments, "if you can read it you can copy it."

You don't say what A/B/C are, but for simple products - cheap things like licensed sports league hats or Windows software - use Security Holograms. However, these are not designed to be scanned; they use human verification rather than computer verification, and quite frankly a human can often be fooled by any sufficiently shiny thingy.

You can do it with smartcards, or chips. EMV is the most obvious example of this - for example, "Dynamic data authentication (DDA) provides protection against modification of data and cloning." You're looking for 'barcodes' that can't be cloned. However, this may not be cost-effective, as it requires you to roll out a sufficient verification network (again, see the underwhelming EMV rollout in the US) and has a higher per-unit cost than printing a barcode (EMV cards cost $2 - $4, according to this article; readers cost $500 - $1000 according to this one).

Any suggestions on a possible methods that people can verify authenticity of a product?

The traditional method is legal. Sue the pants off anyone who duplicates your product.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • 1
    EMV readers cost that much because of certification costs. In a fully in-house system not bound by PCI-DSS regulations certification won't be needed, and so any 25$ smartcard reader and a custom application would do the trick. Still way too expensive compared to just using barcodes and either accepting the small losses due to theft or looking at other options (what about security tags? they could serve as a strong deterrent even though they can be broken as well) – André Borie Aug 15 '16 at 19:49
  • Thank you all for your very brilliant contributions. There are obviously many flaws as stated. Any suggestions on a possible methods that people can verify authenticity of a product? Something not as expensive as smart cards that can be placed on the packaging like a tin of milk or box of cereal? that the user can probably pick up his phone and verify it's authenticity? – Dee Aug 18 '16 at 08:38
1

Any suggestions on a possible methods that people can verify authenticity of a product? Something not as expensive as smart cards that can be placed on the packaging like a tin of milk or box of cereal? that the user can probably pick up his phone and verify it's authenticity?

If you're going to make it that easy to authenticate, you're leaving yourself wide open to fraud. I also think you're overthinking the problem.

Let's say I'm making action figures. I would imprint in a few places unique "flaws"-- perhaps on the bottom of its foot, a tiny groove here, in its hair, one of its locks may be arranged in a very particular curl. Then I would also imprint a batch number anywhere on the item-- maybe "16" for being the current year's model, but hopefully something less obvious.

You introduce all of these quirks and document them for yourself. "On series #16, I should expect to find x on its foot, y in its hair, etc."

Then for the next batch, you change up these flaws. And document it again.

The trick here is that you DO NOT publish the list of flaws. Any counterfeiter that comes along is ideally going to not notice them at all or assume the flaws resulted from the manufacturing process and will not bother to replicate them. Or even better, the flaws are so fine that their machinery can't replicate them.

If you do publish the list, then the counterfeiter knows exactly what flaws to replicate.

So in the end, YOU need to be the authenticator, not some phone app. If someone has any questions about authenticity, you have them send you high-resolution pictures of their item, its series number and YOU look for the verification flaws that would prove the item legit-- without telling them what exactly you're looking for.

If you care, set up some kind of legal arrangement where upon your demise, that list does get passed on to some trusted third-party so your works can continue to be authenticated in the future.

You could probably charge some money to perform this service if you were so inclined.

Ivan
  • 6,288
  • 3
  • 18
  • 22
0

You could generate (and securely store) unique serial numbers which are engraved or printed on the product, somewhere not easily visible, and then also print a QR code on the outer packaging. The QR code links to your theoretical website, which asks the new product owner to enter their serial number. By checking against your database of valid serial numbers, you can confirm or deny authenticity. It's far from foolproof, but it's better than nothing.

Jesse K
  • 1,068
  • 6
  • 13
  • What stops anyone from buying one product, copying it and adding the exact same serial number? – Josef Aug 16 '16 at 09:40
  • 1
    You could mark a serial number as "checked in", and after 2+ checks, change your response to be "possible forgery" or "suspicious activity" or something along those lines. – Jesse K Aug 17 '16 at 19:06
  • Thank you all for your very brilliant contributions. There are obviously many flaws as stated. Any suggestions on a possible methods that people can verify authenticity of a product? Something not as expensive as smart cards that can be placed on the packaging like a tin of milk or box of cereal? that the user can probably pick up his phone and verify it's authenticity? – Dee Aug 18 '16 at 08:37