TECHNICAL FIELD

The present invention relates to a system and method for authentication, and particularly, although not exclusively, to a system and method for authenticating a product or service.

BACKGROUND

Counterfeits, imitations and non authorized products or services continue to cause various problems in today' s economy, with imitations and counterfeits occurring in a large range of goods and services ranging from luxury goods to infant formula. This in turn has caused problems ranging from economy loss suffered by intellectual property owners to health scares resultant from counterfeits health products which uses dangerous or hazards ingredients in its manufacture.

Unfortunately, with imitators becoming more sophisticated in copying, imitating or faking a product or service, it would be desirable for consumers, retailers and law enforcement agencies to readily differentiate between an authentic product or service from those which are non-authentic. Attempts have been made by product manufactures to protect their products from being imitated through unique distinguishing features which would allow a consumer, retailer or law enforcement official to identify the authenticity of the product. Some examples of how this has been achieved is by the use of unique packaging such as watermarking or laser printed labels which are more difficult to imitate as the production of these labels require a more sophisticated set of equipment.

However, as the technologies involved in the manufacture of these labels become more widespread and popular, so too are the tools which are used to make these unique labels, and thus counterfeiters or imitators can also imitate these unique packing as part of the counterfeit production. This m turn has caused many of these unique labels to become less effective in being able to assist consumers to distinguish the authenticity of the products or services.

SUMMARY OF THE INVENTION

In accordance with a first aspect of the present invention, there is provided a method for authentication comprising the steps of: receiving a verification request for verifying an identifier associated with an authentication subject; verifying the identifier by locating a record associated with the identifier in an authentication database; and whereupon the identifier has been verified, generate a replacement identifier for updating the record in the authentication database.

In an embodiment of the first aspect, the method for authentication further comprises the step of updating the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.

In an embodiment of the first aspect, the record associated with the identifier is updated to be associated with the replacement identifier.

In an embodiment of the first aspect, the method for authentication further comprises the step of transmitting a verified signal when the identifier is verified.

In an embodiment of the first aspect, the step of generating the replacement identifier for updating the record associate with the identifier includes the step of processing the identifier with a security code module to generate the replacement identifier.

In an embodiment of the first aspect, the verification request is received from a reader module arranged to communicate the identifier from the associated authentication su ject . In an embodiment of the first aspect, the identifier is stored on a tag device arranged to tag the authentication subject .

In an embodiment of the first aspect, the method for authentication further comprises the step of updating the identifier stored on the tag device with the replacement identifier .

In an embodiment of the first aspect, the step of updating the identifier stored on the tag device with the replacement identifier includes transmitting the replacement identifier to the reader module.

In an embodiment of the first aspect, the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.

In an embodiment of the first aspect, the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier .

In an embodiment of the first aspect, the tag device includes a RFID arrangement.

In an embodiment of the first aspect, the identifier is encrypted .

In an embodiment of the first aspect, the authentication subject is a product. In an embodiment of the first aspect, the identifier is an alphanumeric string.

In an embodiment of the first aspect, the alphanumeric string is of a random length.

In an embodiment of the first aspect, the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.

In an embodiment of the first aspect, the code generating algorithm is arranged to generate random alphanumeric strings.

In accordance with a second aspect of the present invention, there is provided a system for authentication comprising the steps of: a gateway arranged to receive a verification request for verifying an identifier associated with an authentication subject; a verification module arranged to verify the identifier by locating a record associated with the identifier in an authentication database; and whereupon the identifier has been verified, using an identifier generator to generate a replacement identifier for updating the record in the authentication database.

In an embodiment of the second aspect, the system for authentication further comprises a routine to update the record in the authentication database with the replacement identifier such that the record associated with the identifier is updated with the replacement identifier.

In an embodiment of the second aspect, the record associated with the identifier is updated to be associated with the replacement identifier.

In an embodiment of the second aspect, the system for authentication further comprises a transmission module arranged to transmit a verified signal when the identifier is verified . In an embodiment of the second aspect, the identifier generator is arranged to use a security code module to process the identifier to generate the replacement identifier for updating the record associate with the identifier.

In an embodiment of the second aspect, the verification request is received from a reader module arranged to communicate the identifier from the associated authentication subject .

In an embodiment of the second aspect, the identifier is stored on a tag device arranged to tag the authentication subject .

In an embodiment of the second aspect, the identifier stored on the tag device is updated with the replacement identifier .

In an embodiment of the second aspect, the replacement identifier updated on the tag device is transmitted to the tag by the reader module.

In an embodiment of the second aspect, the reader module is arranged to update the identifier stored on the tag device with the replacement identifier.

In an embodiment of the second aspect, the tag device is arranged to generate a tag replacement identifier upon communication with the reader module, wherein the tag replacement identifier is identical to the replacement identifier updated in the record associated with the identifier .

In an embodiment of the second aspect, the tag device includes a RFID arrangement.

In an embodiment of the second aspect, the identifier is encrypted . In an embodiment of the second aspect, the authentication subject is a product.

In an embodiment of the second aspect, the identifier is an alphanumeric string.

In an embodiment of the second aspect, the alphanumeric string is of a random length.

In an embodiment of the second aspect, the security code module is arranged to use a predetermined code generating algorithm to generate the replacement identifier.

In an embodiment the second aspect, the code generating algorithm arranged to generate random alphanumeric strings.

In accordance with a third aspect of the present invention, there is provided a tag for authenticating a product comprising a storage module arranged to store an identifier associated with the product, wherein when the identifier is accessed by a communication interface, the identifier is updated with a replacement identifier.

In an embodiment of the third aspect, the storage module is arranged to receive the replacement identifier from the communication interface to update the identifier stored in the storage module.

In an embodiment of the third aspect, the tag further comprises a security code module arranged to generate a replacement identifier.

In accordance with a fourth aspect of the present invention, there is provided a system for authenticating a product comprising the steps of: engaging a tag in accordance with any one embodiment of the third aspect; reading the tag to obtain an identifier; and transmitting the identifier to a system for authentication in accordance with any one embodiment of the second aspect for verification.

In an embodiment, the RFID arrangement is secured from unauthorized accessed.

In an embodiment, the RFID arrangement is accessed after a RFID password is authenticated.

In an embodiment, the reader module is secured from unauthorized accessed.

In an embodiment, the reader module is accessible after an access token is authenticated.

In an embodiment, the RFID arrangement includes a security module to prevent unauthorized accessed.

These embodiments are advantageous in that access to the reader module or the RFID arrangement is further protected from unauthorized access and thus enhance the security of the system for authentication.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:

Figure 1 is a schematic diagram of a computing server for operation as a system for authentication in accordance with one embodiment of the present invention;

Figure 2 is a schematic diagram of an embodiment of system for authentication in accordance with one embodiment the present invention; Figure 3 is a block diagram of an embodiment of an authentication server of Figure 1;

Figure 4 is a block diagram of an embodiment of a tag for authenticating a product as shown in Figure 2;

Figure 5 is a flow diagram of an example of the operation of the system for authentication.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

With reference to Figure 1, an embodiment of the present invention is illustrated. This embodiment is arranged to provide a system for authentication, comprising:

- a gateway arranged to receive a verification request for verifying an identifier associated with an authentication subject ;

- a verification module arranged to verify the identifier by locating a record associated with the identifier in an authentication database, and whereupon the identifier has been verified, using an identifier generator to generate a replacement identifier for updating the record in the authentication database.

Preferably, in one example, the verification request is arranged to be received from a reader module arranged to communicate the identifier from the associated authentication subject having a tag arranged to store the identifier and the identifier is stored in the tag is updated with the replacement identifier upon verification of the identifier.

In this embodiment, the gateway, verification module and the identifier generator are implemented by or for operation on a computer having an appropriate user interface. The computer may be implemented by any computing architecture, including stand-alone PC, client /server architecture, "dumb" terminal /mainframe architecture, or any other appropriate architecture. The computing device is appropriately programmed to implement the invention.

Referring to Figure 1, there is a shown a schematic diagram of a computer or a computing server 100 which in this embodiment comprises a server 100 arranged to operate, at least in part if not entirely, the system for authentication in accordance with one embodiment of the invention. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions. The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106, and input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc. Display 112 such as a liquid crystal display, a light emitting display or any other suitable display and communications links 114. The server 100 includes instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as a server, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communications link may be connected to an external computing network through a telephone line or other type of communications link.

The server may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system 116 which resides on the disk drive or in the ROM of the server 100.

The system has a database 120 residing on a disk or other storage device which is arranged to store at least one record 122. The database 120 is in communication with the server 100 with an interface, which is implemented by computer software residing on the server 100. Alternatively, the database 120 may also be implemented as a stand-alone database system in communication with the server 100 via an external computing network, or other types of communication links. With reference to Figure 2, there is shown an embodiment of the system for authentication 200. In this embodiment, the server 100 is used as part of an authentication system 200 as an authentication server 202 arranged to communicate with a reader module 204 arranged to read and/or write to a tag associated with an authentication subject 208, such as a product or service which is required to be authenticated. In this example, the authentication server 202 is arranged to process a verification request of an identifier stored in a tag. The server 202 is arranged to communicate with the reader module 204 such that once the reader module 204 reads the identifier stored in a tag, the identifier is transmitted to the server 202 for verification.

In this example, the reader module 204 may be in the form of a scanner, a reader, smart phone or a user operated kiosk 206 arranged to communicate with the server 202 and to read an identifier from an authentication subject 208 which may be a goods item or authentication certificate of a service. Preferably, the authentication subject 208, such as a goods item, may include a tag device 210 associated with the authentication subject 208 which is arranged to tag the authentication subject 208. This tag device 210 is in turn readable by the reader module 204 for authentication. The communication link between the reader module 204 and the server may be an internet connection 212 or a computer network which is operated on a telephone line or other types of communication links.

Preferably, the communication links, including the communication link between the authentication server 202 and the reader module 204, the communication link 214 between the reader module 204 and the authentication subject 208, and the internet connections 212, are encrypted with AES encryption, or other encryption methods, such as SSL or SSH, as appreciated by a person skilled in the art. This is advantageous in that the data transmitted between each device, module or gateway is secured to avoid hacking or reverse- engineering of the authentication system.

The identity of the reader module 204, such as the scanner or kiosk 206 may be further protected by one or more security schemes. In one example, an E-token can be used for a kiosk identity, wherein the E-token may be initialized with a kiosk private certificate stored in a protected memory space in the kiosk 206 in which the protected memory can only be reference by an on-chip unit; a platform public key which is provided by the authentication system; and a unique kiosk identity (ID) string such as a alpha-numeric string with 32 bytes. The kiosk 206 may also require a user logon before it can access the authentication server 202 for data enquiry to reduce the risk of unauthorized access. When the kiosk 206 or the reader module 204 logon to the authentication server 202, the kiosk 206 or reader module 204 sends the required E-token information to the authentication server 202. Once the logon is successful, the authentication server 202 may generate and provide a random (of say 32 bytes) key to the kiosk 206 which can be used for consequent requests and for data encryption for every communication between the kiosk 206, scanner or other forms of reader module 204 and the server 202. Examples of such keys may include the generation and usage of a session key to encrypt and identify a particular communication session, whilst an encryption key may be generated and used to encrypt any data transmitted between the different components.

In this example, the tag device 210 associated with each authentication subject 208 may also be protected by a security scheme. In one example, at least one password must be correctly entered before the tag is enabled for reading and writing data to the tag. Unauthorized kiosk or reader module can also be barred from reading, writing, or modifying data such as an identifier stored in the tag without an access password. Additionally, some information in the tag can be locked with a different passwords provided by a manufacturer. Preferably, the authentication server 202 is arranged to support item level password control.

Preferably, the tag device 210 also includes an anti-tamper arrangement arranged such that the tag cannot be removed from an authentication subject 208 without physical damage to the tag device 210 or the associated authentication subject 208. This anti-tampering arrangement may for example be arranged such that upon tampering, the tag will no longer function and cannot be read or written to by a reader module 204, although in some embodiments, the tag may have additional routine which would allow an authorized reader module 204 to instruct the tag to enter a "tamper" mode which would allow the tag to be removed or otherwise disassociate itself from a product or authentication subject 208 and thus preventing the tag from being destroyed. This in turn allows the secured reusability of the tag.

Referring to Figure 3, there is shown a block diagram of an embodiment of an authentication server 202 used as a system for authentication. In this embodiment, the authentication server 202 includes a gateway 302, a verification module 304, an authentication database 306 and an identifier generator 308, which may be implemented as individual or shared components by hardware or software on or in connection with a computer system to act or provided the functionality necessary for the server 100 to operate as a system for authentication.

In this example, the gateway 302 module is arranged to communicate with a reader module 204 to obtain an identifier associated with an authentication subject 208, such as a product. As the authentication subject 208 has an associated tag device 210, the tag device 210 is firstly read by a reader module 204 to retrieve an identifier stored in the tag. Once the identifier is read from the tag, the reader module 204 transmits the identifier to the authentication server 202 by sending a verification request. This verification request includes the identifier read from the tag and is, in turn, sent to the gateway 302 of the authentication server 202. In a non-limiting example, the identifier may be randomly composed, algorithm/mathematically composed or any combination thereof, an alpha-numeric string of a predetermined length, calculated random length or it may be a barcode, QR code or other forms of computer readable code or identifier. The gateway 302, once successfully reads the identifier, then passes the received identifier to the verification module 304 for verification.

The verification module 304 may then proceed to verify the received identifier by locating a record associated with the identifier in the authentication database 306. Preferably, the authentication database 306 stores a plurality of records associated with respective identifiers which would indicate that the identifier is valid. This authentication database 306 can be securely controlled by the manufacturer, retailer, law enforcement agency or another authorized persons or stake holders which may be entrusted to verify the authenticity of an authentication subject 208 and may be populated with records of identifiers which are representative of valid products or services. The records within the authentication database 306 may include the identifier or in some examples, associated product or service information such as make, model, colour, shipping history or other attributes or information for distribution to an authorized party so as to increase the security and usability of the authentication process.

In this example, if the verification module 304 locates a matching record in the authentication database 306, the identifier is successfully verified, and thus the associated authenticated subject is deemed to be authentic and an authentication message or alert may be sent to a user notifying the user of the authenticity of the authentication subject 208. Subsequent to the successful verification, the authentication server 202 uses an identifier generator 308 to generate a replacement identifier, which may be an alpha ^¬ numeric string which is different from the identifier which has just been verified. The identifier generator 308 may then write the replacement identifier to the authentication database 306 by updating the record in the authentication database 306 such that the replacement identifier is stored in the authentication database 306 to replace the identifier which has just been verified. As a result of this action, the identifier which has just been read and verified cannot be verified in the future as the next verification process of this authentication subject 208 will require a reading of the replacement identifier which has just been generated and stored in the authentication database 306, although for record keeping and logging purposes, the old identifier which is being replaced may, in another embodiment, continue to be stored in the record on the authentication database 306 but as an old record which can be used for logging purposes, but not subsequent authentication. In these other embodiments, the rules of authentication may be suitable adjusted so that an old identifier, up to a certain number of subsequent replacement identifiers, can still be considered valid for authentication. This may be advantageous in authentication of products where communication links are intermittent or unreliable.

Once the replacement identifier is stored in the authentication database 306, the replacement identifier is also sent to the gateway 302 such that it may be transmitted to the reader module 204 for updating the tag associated with the authentication subject 208. This allows the tag to be updated with the replacement identifier and thus allowing the product associated with the tag to be verified again in the future as a subsequent reading of the tag by the reader module 204 will read the replacement identifier which is now stored in the authentication database 306 for this particular authentication subject 208. In this example, the identifier generator 308 may include a security code module 310 arrange to generate the replacement identifier. When the identifier generator 308 sends a request to the security code module 310 for a replacement identifier, the security code module 310 generates a replacement identifier and returns the replacement identifier to the identifier generator 308. In a non-limiting example, the security code module 310 is arranged to generate a secure code in variable length (e.g. 4 bytes to 20 bytes or any other size) , the generated code may be a random alpha-numeric string and is one-time and unique in that it is different from any previously verified code. Other forms of replacement identifier generation algorithm may be employed to generate a replacement identifier in the security code module 310 as appreciated by a person skilled in the art.

In some embodiments, the authentication server 202 may further include an error module 312 arranged to handle an unsuccessful verification processed by the verification module 304. In one example, the error module 312 may update a record in a database indicating the number of unsuccessful verification handled by a certain reader module 204. This provides an advantage in that the error module may also provide an error message to the gateway 302 which may be further transmitted to the associated kiosk 206, reader, scanner or other reader module 204 for displaying the error message .

Referring to Figure 4, there is shown a block diagram of a tag for authenticating a product comprising a storage module arranged to store an identifier associated with the product, wherein when the identifier is accessed by a communication interface, the identifier is updated with a replacement identifier .

In this embodiment, the tag device 210 comprises a storage module 402, which may include a re-writable non-volatile memory for storing an identifier. The tag device 210 may also include other memory device including one-time-programmable memory and volatile memory for storing the identifier and information other than the identifier.

When the tag device 210 is read by a reader module 204, a communication link 214 between the tag device 210 and the reader module 204 is established. The communication interface 404 retrieves the identifier stored in the memory module 402. In one non-limiting example, the identifier is an alpha ^¬ numeric string. The communication interface 404 then transmits the identifier to the reader module 204 which is further verified by the authentication server 202. Upon successful verification, the authentication server 202 transmits a replacement identifier to the reader module 204, and the reader module 204 transmits the replacement identifier to the communication interface 404. The replacement identifier is subsequently updated in the memory module 402 of the tag device 210.

In an alternative embodiment, the tag device 210 may further include a security code module 406 arranged to generate a replacement identifier upon successful verification The replacement identifier is subsequently updated in the memory module 402 of the tag device 210, and may also be transmitted to the authentication server 202 for updating the associated record in the authentication database 306. In this alternative embodiment, as the tag device 210 has its own security code module 406, the replacement identifier may be generated by the tag 210 and sent back to the server 100 for updating, or alternatively, both the server 100 and the tag 210 can generate the replacement identifier, but both security code modules must be operating with the same generation method or algorithm such that the replacement identifier generated by the tag 210 and the replacement identifier generated by the server 100 must be identical. These alternative embodiments are advantageous in that the replacement identifier does not need to be transmitted from the server 100 to reader module 204 or kiosk 206 and thus reducing the risk of interception or unauthorized access or corruption of the replacement identifier during transmission.

In one example, the tag device 210 is implemented with a passive RFID arrangement arranged to communicate with an RFID reader. In this example, the RFID tag includes re-writable non-volatile memory for storage of an alpha-numeric string as an identifier. The RFID tag may be embedded in an authentication subject 208 during the manufacturing of the authentication subject 208. Alternative the RFID may be embedded in to a block of material such as plastic or epoxy, to prevent easy hacking or reverse-engineering of the tag. Additionally the tag may be arranged to be non-removable without physical damage to the tag or the authentication subject 208 to ensure a lifetime unique identification for each respective authentication subject 208, wherein a damaged tag is arranged to be rendered not readable by any reader.

These example embodiments are advantageous in that a product can be authenticated whilst ensuring an identifier used for the authentication cannot be imitated by a counterfeiter. As the identifier is arranged to change on each read operation, the identifier, even if captured by a counterfeiter or some other unauthorized party, cannot be used to falsely authenticate an imitation product or service. In a retail setting, for example, infant formula tins or other products can be attached with a tamper proof tag device 210 which can be checked by a retailer or consumer. Upon the identifier having been read, the identifier can be verified for authenticity, whilst the retailer and consumer can be assured that the identifier that has been read cannot be a copy as it is subject to authorized changes on each read operation, thus allowing assurance as to the authenticity of the product since the authentication of the product is a continuing process and not a single point of authentication which could be have been imitated by an counterfeiter. An example of the operation of the system for authentication will be described with reference to the process as outlined in Figure 5.

Firstly, an identifier of a tag device 210 associated with a product for authentication, such as a luxury item, food item or any other product or service is read by a reader module 204, such as a scanner, reader or kiosk 206 operated by a user. In one embodiment, the identifier may be a code of variable length or may comprise other characteristics associated with the tag device 210. In a preferred embodiment, the tag device 210 may be an anti-tamper RFID tag. In some other embodiments, the tag device 210 is arranged to be read by an authorized reader module 204 which may be in the form of a hand held scan gun, a PDA, a smartphone embedded with Near Field Communication (NFC) technology or a kiosk 206 with a RFID reader or any other reading means .

Starting with step 502, upon reading the identifier by the reader module 204, the identifier is sent from the reader to a gateway 302 of an authentication system which includes an authentication server 202 to perform the authentication. In some embodiments, the authentication server 202 may be an information handling system such as a computer, a PDA, a mobile device, etc. Also, the transfer of the identifier to the authentication system may be through wired or wireless communication links including but not limited to the internet or a kiosk. In one embodiment, the authentication system and the reading means may be a single unit.

Once the identifier is received at the authentication system, in step 504, the authentication server 202 verifies the identifier by locating a record associated with the identifier in an authentication database 306 of the authentication server 202. In one embodiment, the authentication server 202 matches the incoming identifier with the data in the database to perform authentication. In some other embodiments, the authentication server 202 matches the information associated with the incoming identifier with the data in the database to perform authentication. In some examples, the authentication database 306 may be part of the authentication server 202 (i.e. the same unit) . In some other examples, the authentication database 306 may be external of the authentication server 202.

Upon successful verification of the identifier, in step 506, the authentication server 202 checks for outstanding operations related to the identifier. In one embodiment, the outstanding operations may include any one of the authentication procedures in Figure 5. When an outstanding operations related to that identifier is located, these operations will be resumed in step 508.

However, if the verification of the identifier is unsuccessful, the authentication system will record that particular identifier and the authentication process will be terminated in step 516.

Once it is determined that the identifier is valid and there are no outstanding operations, in step 510, an identifier generator 308 in the authentication server 202 generates a replacement identifier. In one embodiment, the identifier generator 308 may be part of the authentication server 202 (i.e. the same unit) . In some other examples, the identifier generator 308 may be external of the authentication server 202. In one example, the replacement identifier may be a code of variable length that is different to the original identifier. Preferably, the replacement identifier is not associated with any prior tag devices 210. More preferably, the replacement identifier is not located in the authentication database 306 prior to generating by the identifier generator 308. In an event where error or failure occurs during generation of the replacement identifier, the authentication system records the event and terminates the authentication process in step 516. Upon successful generation of the replacement identifier, in step 512, the authentication server 202 transmits and writes the replacement identifier to the tag device 210. In one embodiment, the authentication system may have a gateway 302 that performs the transmission of the replacement identifier to the tag device 210. In another embodiment, authentication server 202 may utilize an external transmission system to transmit the replacement identifier. In some embodiments, the transmission of the replacement identifier to the tag device 210 may be through wire or wireless communication links such as but not limited to the internet or a kiosk. Once the replacement identifier is received at the tag device 210, the tag device 210 overwrites the original identifier with the replacement identifier. In some embodiments as mentioned, the replacement identifier may be a code comprising a different length or may comprise other characteristics associated with the tag device 210. In an event where error or failure occurs during transmission and writing of the replacement identifier, the authentication server 202 records the event and terminates the authentication process .

Upon successfully completing the writing of the replacement identifier to the tag device 210, in step 514, the authentication server 202 updates the record of the authentication database 306 to associate the replacement identifier with that tag device 210. In some embodiments, the original identifier is removed from the authentication database 306. In an event where error or failure occurs during the update of the authentication database 306, the authentication server 202 records the event and terminates the authentication process in step 516.

Once the authentication database 306 is successfully updated, the authentication process completes and terminates.

Although not required, the embodiments described with reference to the Figures can be implemented as an application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular functions, the skilled person will understand that the functionality of the software application may be distributed across a number of routines, objects or components to achieve the same functionality desired herein.

It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and "computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described .

It will be appreciated by persons skilled in the art that the term "database" may include any form of organized or unorganized data storage devices implemented in either software, hardware or a combination of both which are able to implement the function described.

It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive

Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.