Putting Unique Codes on Objects to Detect Counterfeiting
This will help some.
At least two rival systems plan to put unique codes on packages containing antimalarials and other medications. Buyers will be able to text the code to a phone number on the package and get an immediate reply of “NO” or “OK,” with the drug’s name, expiration date, and other information.
To defeat the system, the counterfeiter has to copy the bar codes. If the stores selling to customers are in on the scam, it can be the same code. If not, there have to be sufficient different bar codes that the store doesn’t detect duplications. Presumably, numbers that are known to have been copied are added to the database, so the counterfeiters need to keep updating their codes. And presumably the codes are cryptographically hard to predict, so the only way to keep updating them is to look at legitimate products.
Another attack would be to intercept the verification system. A man-in-the-middle attack against the phone number or the website would be difficult, but presumably the verification information would be on the object itself. It would be easy to swap in a fake phone number that would verify anything.
It’ll be interesting to see how the counterfeiters get around this security measure.
Jeroen Hellingman • October 6, 2010 7:22 AM
Why not add a tracking numbers as QR-codes, enabling people with camera-phones to photograph them, and get some info on them right away — by presenting them as a URL to the manufacturer website.