Present invention relates to a method for generation of authentication information which is used in one or more subsequent authentication operations. Such authentication operations can as an example be to authenticate persons, goods or other objects where the objective substantially is to decide whether some goods, person or other object is authentic in relation to given and spesific information.

The authentication information that is generated using the method according to the present invention is consisting of at least a first authentication code and at least a second authentication code. The first code can be randomly selected or otherwise obtained and the second is generated on the basis of the first authentication code.

In many applications where authentication takes place, single codes or pair of codes are used in an identification or confirmation process. For instance this takes place during loging on to certain pages on a computer network such as Internet or similar, or when using for instance identity cards, banking cards or similar. In such cases single codes are generated which are known to a user or a pair of codes where both codes are known for the user and where a query in a database with one code obtains the other code. The user can then himself investigate whether the pair of codes is correct. In such cases the codes are generated in pairs which are defined in advance and stored for instance in a database.

Objects that can be authenticated is virtually every conceivable goods and products having a"genuine"origin such as branded goods such as clothing, watches, jewelry and other consumer goods. Further pharmaceuticals and medical equipment can be authenticated. Parts for instance aircrafts and other critical vehicles or critical components in the industry can also be desirable to authenticate. Additionally it can be desirable to authenticate services that are unique such as drawings, documents, etc. Valuable objects such as passports, securities, etc, can also be authenticated by using the present invention.

Pair of codes is most often generated using so called"random number generators" that generates a series of random numbers. These numbers can again be expressed in many different ways so that they are expressed as codes in the desired form with desired characters, ect. Thus nobody can guess or deduce the relation between the codes in a pair of codes consisting of two or more codes.

The disadvantage with such stored pairs of codes arises when the number of pairs of codes for instance is very high or the number of queries in the database is very high. In such case the access time for accessing the codes is reduced. Further the database is getting very large when a large number of pairs of codes is generated.

This, is expensive in form of storage and computer processing capacity for referencing and other handling.

The objective of the present invention is to substantially reduce or nearly eliminate the need for database capacity, and simultaneously handle a high, and preferably a very high number of pairs of codes.

The objective is substantially achieved in that the pairs of codes no longer are generated in advance and stored thereafter, but that a first random code is generated that with the use of additional information and processes are used to generate the second code in a pair of codes. The additional information that is used for generating the second code in the pair of codes can be obtained as randomly selected, known information and/or in combination with one or more randomly selected, known methods or algorithms.

In order to meet the above described objectives is it according to the present invention described a method for generation of authentication information for using in one or more subsequent authentication operations, which authentication information is consisting of at least a first authentication code and at least a second authentication code. The method is characterized in that the second authentication code is generated on the basis of the first authentication code with one or more known methods known in advance, where the first authentication code originally is randomly selected or obtained, and the second authentication code is expressing reference to the methods and the information that was used in the generation of the second authentication code.

In the preferred embodiment the method known in advance uses one or more randomly selected sets of known information in combination with the first authentication code for generation of the second authentication code. This is preferred since it is this information and the combination of this information together with that or those methods that are used that defines the security margin concerning to the possibility to compromise the pair of codes.

The randomly selected information that is used during the generation of the second authentication code can be one or more elements from a group comprising of reference values such as dates or similar, reference to text or strings of numbers, reference to coordinates or other graphical information, or reference to multidimensional matrices.

Further is the authentication information attached to the object that is going to be authenticated. The authentication information is subsequent to the generation transferred to a suitable carrier such as paper, plastics or directly onto the product or goods if suitable so that the codes are made available. How the carrier with the codes are attached to the goods is known art and what is expected to be mastered for those skilled in the art.

It is however an important aspect with the present invention that the code in given circumstances is attached to the product in such a way that the authentication information is concealed until a seal is broken. One such case is boxes, bottles, containers and similar where for instance the codes are attached on the inside of the lid on a pharmaceutical packaging or box.

In another relevant example the codes for authentication of products such as clothes, where the codes are visible on the laundry tag, is sown or wowen in the fabric.

In yet another embodiment is it possible to use"object specific"information as part of the known information that is used in the generation of the second authentication code. This can for instance be packing date, serial number, information about the manufacturer, product information or other suitable object specific information that is completely or partly unique for the product or object.

Such object spesific information can during generation of authentication codes and/or during authentication for instance be obtained from the product and/or the manufacturer of the product or object.

The main principle for the present invention is that the second authentication code is generated on the basis of the first authentication code, whereby a series of different methods and algorithms are used in a randomly, but reconstructional manner. The numbers of attempts, methods or algorithms that is going to be used is a decision that is made with regard to statistical calculations where the objective is to optimize between security and computational resources and complexity that then is required to perform the method. Another important aspect with present the invention is that the process, methods and the information that is used is not known to other that the part that is generating the authentication codes. Thus this information is the only one that is required to be stored and the savings potential according to the invention lies amongst other things in the difference in required storage capacity on this background.

The first or the second code is consisting reference information or also called a sequence series that is used during reconstruction so that authentication may be performed.

The generation of a pair of codes consisting of one or more authentication codes can take place in advance, before marking of an object, or during production the marking can be generated in real time when the production and marking is taking place. For instance a secure connection between a producer of authentication information according to present invention and a manufacturer can be established.

The first authentication code can be generated at the manufacturer of the product or object, or by the party that is generating the authentication codes. Further can

product or product specific information for instance be transferred to the party that is generating the second authentication code as"part information"during generation of the second authentication code according to the present information.

The second authentication code is generated and transferred back to the manufacturer that marks the product or object with the first and the second authentication code, possibly more authentication codes if desirable together with possibly product specific information.

In one example of an embodiment of the method according to the present invention, a first random number or code is generated with a chosen length. The code can consist of any combination of alphanumeric numbers and letters or characters. This number will later form the basis for the second authentication code. Subsequently this additional information or data is supplied and is going to be used in the method at a later stage as previously described. This type of information is typically dates, time or similar.

Again a random number is generated from a number series that is selected and defined in advance. The number series thus runs from 1 to n, where n is a lower or upper defined value. For instance the number 5 emerges. The number 5 according to the method will now decide which method or algorithm that is going to be used during the generation of the second authentication code.

The first code and relevant information is"mixed"or is used with the now emerged and selected method outcome.

One or more random numbers are again generated where the method this time might be to extract some digital files. The content of these is totally irrelevant, but they all ought to be very different in nature and furthermore not to large due to performance and scalability. Digital files have numerous formats and it is appropriate to use an optimal mix of these, image files and similar.

When this is repeated and performed the desired number of times, the second authentication code is nearly obtained. The last operation, which also can be chosen to be random, is to add and supply the reference information that describes the actual performed sequence.

The random, but reconstructional process is best illustrated by explaining a imagined finished authentication code. During the generation the random sequence was 3,4 and 56. In this example the process is consisting of tree steps.

The first random number was 34554 and the second number before supplying the sequential information was 676. In order to authenticate, the sequence is merged

into this code. This also can be done in many several ways. In one conceivable case this sequence can be placed after the other code. The code is thus 6763456.

In the actual authentication process, an application or system by some embodiment will extract this reference information, separate it from the rest of the code, and perform the sequence that was used to generate the codes the first time. During the authentication the process is of course not random, however it is reconstructed.

The sequence and combination of methods and algorithms is put together in any combination and number thereof.

Further it is a considerable advantage with the present invention that the authentication codes that are generated and attached onto an object that is going to be authenticated are visible in"clear text"for the user of the authentication codes.

For authentication typically Internet or other telecommunications between the party that is generating the authentication information, and the party that is authenticating an object, is used.

Further the present invention relates to authentication of a product or object preferably marked with authentication information, but not exclusively, generated according to the present invention. The method is characterized in that at least the second authentication code is transferred to a process that can reconstruct the code construction that forms the basis for the generation of the first code, and that returns at least the first authentication code. A process in this case can for instance be a computer able of performing the first required reconstruction of the first authentication code. The transfer can be done in many different ways, but preferably via telecommunication means such as telephone, Internet, other computer networks or similar.

As an alternative embodiment can the process that returns the first authentication code also be supplied with specific product information that can assist to authenticate the product or object.

The present invention is further explified and illustrated in the accompanying drawings where: Figure 1 shows a sequence for generation of authentication information according to an embodiment according to the present invention; Figure 2 shows a sequence for generation of a pair of codes according to the present invention.

Figure 1 describes a sequence for generation of authentication information in the form of a pair of codes on the basis of a first authentication code represented with a

random number with length n in the sequential step Su. This is combined with further known information (sequence S2) by a known method or algorithm (sequential step S3), where the method or algorithm is chosen amongst a number of these on the basis of a randomly selected number Rs. This is repeated a desired number of times so that a part of the second authentication number is generated in the sequential step Sm. Following this"part code"is combined with the description of the actual performed sequence (sequential step S", +1) so that this process is reconstructional and that this is expressed in the second authentication code (sequential step Su +2) It is in Figure 2 further shown an example for generation of authentication information consisting of a pairs of codes according to the present invention. The first authentication code is randomly selected to be 3640 (sequential step Si in Figure 1). Following the first steps of the method according the present invention, as described in the sequential step Sm in Figure 1, the number 5641 emerges. The sequence that is used is method 1 with information 12 and 20. This information is added (sequential step Sm+l in Figure 1) and the second authentication code is then: 564111220 (sequential step Sm + 2 in Figure 1).

The pair of codes becomes as follows: Authentication code 1: 3640 and second authentication code: 564111220.

It is obvious that the first and the second code not necessarily shall have the same length or construction. Further the codes can be presented in many different ways and can also additionally be camouflaged in other information so that the codes exists in another form.