Technical field of the invention Subject of the present invention is a system of refuse certification, for those goods destinated to material recycling after their numerical counting; such as newspapers and magazines, pharmaceutics) products etc. , in which case the certification is based on the principle of verification of known data for their identification, by the use of public key ciphering algorithms.

State of the art The main publishing houses, which publish newspapers and illustrated magazines have a problem with the refuse.

The production of said products (daily newspapers and illustrated magazines) takes place in a well-defined part of the Country, while distributing agencies and retailers guarantee the distribution throughout the country.

The first phase of distribution is relevant to the transportation of the published goods from the Publishing Houses to the agencies, the second is the one performed by the agencies towards the retailers.

In the first phase the transportation is made by truck, trains or airplanes, in the second phase is made by smaller vans which are capable to distribute a variety of products such as newspapers, which have to be distributed early in the morning for the whole year.

In Italy, the main distributing agencies are approximately 120, while the selling retailers (booths, supermarkets etc. ) are over 50,000.

In Italy, the annual volume of business of distributed publishings is estimated to amount to 7,000 billions of Lire, while the volume of publishing refuse (approximately 1 million of copies per day) is estimated to amount to 2,000 billions of Lire.

The Publishing Houses decide both the type of publications and the quantities to distribute to the market in line with their marketing evaluation. The agencies carry out the distribution to local retailers by assigning the quantities as a result of historical evaluation and statistics for each selling enterprise.

The. distribution chain is daily controlled by the Publishing Houses, due to the fact that they can access the electronic data generated by each distributer and made available on a dedicated webnet.

However, such data do not envisage their certification, for this reason the verification of the refuse must take place with the delivery of the returned pallets from the agencies to the Publishing Houses, and to these last ones is left the hard task of verifying the quantities of the returned material.

Such a process is very costly in terms of resources, of the length of time required both for the Publishing Houses which have to reimburse the agencies for the effort spent in counting the returned copies, for packaging and delivering them, and also for the agencies themselves because such costs are only partly reimbursed by the publishers.

Further, the lack'of the proper technological systems is a cause of continuous and frequent errors in the final accounting of Publishing Refuse, often sustained by the Publishing Houses who have no possibility to carry out a systematic control of the entire refuse quantity.

The determination of a system capable to certify the true quantity of the Publishing Refuse, directly at the distributing agencies, is a serious and long lasting problem for the Publishers.

To carry out a"CERTIFICATION", either if referred to persons, objects, systems, procedures etc., would require a good knowledge of the necessary information needed to perform the IDENTIFICATION and the RECOGNITION of what one is certifying.

The Recognition is based on embedded peculiarities, the Identification instead is based on the comparison of very significant data of what is under analysis.

The CERTIFICATION procedure must also guarantee the VERIFICATION of the validity and of the similarity of the identification data with what is being recognised.

The VERIFICATION is much more significant if it can be protected against any attempt of sabotage, this requires the presence of an additional parameter represented by the level of SECURITY of the system itself.

For example, the identification of a person made by the use of data referred to a false Passport, without having first verified the validity of the document itself, would result in a false certification in the identification of that person.

In this case, the"SECURITY"should be guaranteed by the capability of the Public Forces in the identification of a false or stolen Passport.

A CERTIFICATION process would require the close correlation between the RECOGNITION, IDENTIFICATION, VERIFICATION procedures and the high reliability of the SECURITY process.

RECOGNITION The RECOGNITION must guarantee the limitation of ambiguity factors and this is possible if and only if exist some factors of uniqueness to characterise what must be recognised. Without the characteristic of uniqueness, the introduction of ambiguity during the RECOGNITION phase becomes inevitable.

Factors of uniqueness are naturally missing in the publishing market, when referred to the single copy of a single title, since each copy is perfectly identical to all the others normally published.

Thus, a CERTIFICATION Process for the Publishing Refuse must allow the possibility to maRe unique those non-unique copies being subjected to the process and, further, it must guarantee me relevant controls and the verifications. To be significant, these controls and verifications must be possible even after some time has elapsed.

IDENTIFICATION The IDENTIFICATION process requires the definition of procedures for the generation and the assignment of data to each single copy to be certified. Data which must be unique and also significant. For example, the fiscal code assigned to a person is unique and not duplicable, in fact, it refers to specific anagraphic characteristics and not to the person itself. Similarly, the identifying code assigned to a returned copy must represent significant data for the verification process of identification, and it must be unique. An optimum system must guarantee the assignment of unique codes, even if generated for copies perfectly identical of the same title, which are subjected to certification processes with identical procedures in different locations, and at the same time.

VERIFICATION The CERTIFICATION process becomes complete with the VERIFICATION process. In fact, without this last phase no certification can give significant guarantee on what has been attempted to certify. The VERIFICATION must be able to guarantee both the operations of OBSERVATION and CONTROL of what has happened during the significant phases of the certification process, as well as the identification of the eventual manipulation of the generated data, as proof of the true certification performed. Two important aspects of VERIFICATION are determined by the guarantee on the identification of the originality of the certified copy and by the uniqueness of the certification process undergone by the copy.

A scheme of the certification process is shown in Figure 1.

SECURITY The SECURITY represents the most important parameter of the entire CERTIFICATION process, the higher the reliability level the better the quality value of the process used. The measure of the reliability level can be expressed in terms of costs of the necessary time and resources to allow non-identifiable attempts of data or process manipulations.

In the specific case of the CERTIFICATION of the Publishing Titles Refuse, the SECURITY parameter must be able to guarantee: that the certified data cannot be manipulated in any way, cannot be duplicated and must have a high level of secrecy: that the certification system cannot be sabotaged; that each process be unique and not duplicable for each single publisher ; the autenticity of the certified copy; the uniqueness of the certification process undergone by each individual copy; -system low cost and easy to use.

The certification problem has been challanged in various applications by the use of public key ciphering algorithms. One of these systems is illustrated in US-A1-2002/0038420, but, since the system tends to degrade the security levels, two ciphering public keys using different algorithms are being employed.

The scope of this invention is to create a Refuse Certification System, for those goods destinated to material recycling after their numerical counting; such as newspapers and magazines, pharmaceutical products etc. , in which the certification is based on the principle of the verification of recognised data for the identification, by the use of public key ciphering algorithms characterised by the fact that the ciphering module through an algorithm ciphers the incoming data, both those redundant in contents as well as those belonging to a known language or that have an expected content, that do not induct any degradation to the ciphering system, because transformed prior to the ciphering, in a pseudocasual range made up by sequences of characters with almost no frequency, which the ciphering process is subjected to a procedure of photographic traceability ; for this reason topic events are recorded photographically and ciphered again, so that an eventual manipulation would require the modification of each single frame, which results in a rather expensive cost of the manipulation, that each single frame contains both the photograph of the certified material as well as the unique crypto generated identifying code, that the certification process provides automatically such an idenfication which allows to distinguish goods truly identical, such as the magazines coverpages, by assigning such a code and imprinting it on the photograph which captures the goods before their destruction, which at the same time that the identification code is assigned, a chromatic scanning device analyses and stores the chromatic scale of the colours on the certified good.

Another characteristic of the system is given by the fact that the ciphering algorithm has several incoming inputs, which are: i. Data provided by whoever loads the material (for example: title, cost, etc. ) ; ii. Results of the chromatic analysis; iii. Photograph of the goods prior to their destruction; iv. Anti-tampering messages from the system; v. Identification code relevant to the individual ciphering device; vi. Identification code of the individual user of the ciphered data; vii. Crypto key; viii. Auto-generated crypto preamble ; From which are obtained the following output data: ix. All ciphered data; x. The codes to be assigned to each single certified copy; xi. The crypto keys of the automatic update.

Another characteristic is given by the fact that the cipher module is a sum device XOR in counter-reaction with the ciphered flow, capable to transform the input data in a pseudo-casual domain made up by sequences of characters having almost no frequency, which the certification process uses in agreement with the logic flow of the following devices: Loading device of any single material to be certified, able to provide the goods recognition data in electronic format (for example: title, number, price, etc. ), a chromatic analyser capable to detect the chromatic scale of the colours on the goods, a linear photocamera to take the pictures of the goods prior to their destruction/deformation, a deformation/destruction device of the goods so that in case these were to be re-introduced in the system for an additional certification would result in an evident fraud attempt. All the data, both the ones generated by the system (photographs, chromatic analysis results, anti-tampering messages, etc. ) and the ones loaded into the system are subjected to the ciphering process.

The entire ciphered database is made available to the end user both on CDROM and on the Network, which in turn with another compatible ciphering system with the generating one, de- ciphers the content and starts a logic process of: Simulation of the ciphering process, so as to verify eventual differences between the generated file and the one received; ii Sorting of the database to highlight eventual differences of the recognition data provided by the loading system, and those detected by means of the chromatic analysis or by the photographic process. iii Verification of the chromatic analysis results by comparison with the reference ones and relevant to the characteristics of the printing machinery. iv Numerical counting of the certified copies.

Other characteristics and advantages will become clear from the illustration of the proposed solution as a non-limitating example.

The solution to the creation of automatic systems which are capable to satisfy the Criteria imposed by the Certification Procedures of Publishing Refuse, is identified in a specific application of the Cryptologic analysis.

TheHSecurity factors derived from the adoption of ciphering logics, in addition to the criteria used in the design itself, will guarantee a high reliability grade against any attempt of manipulation of data from the very start.

In the specific case, the system being proposed is based on the adoption of a combination of the best cypher logics used within the military environment, such as the RSA and the Data Encryption Standard (DES)-Public Keys.

Their function is to cipher all the generated data in such a way that they are not accessible to anyone who doesn't have the proper decoding system, unique for each ciphering device, and of the de-cipher key derived in accord with the RSA algorithms relevant to the Public Keys. The use of cypher algorithms allows the pseudo-casual generation of unique codes that are not duplicable, which are assigned to the copies to be certified and represent the necessary identification for any certification process. The entire codification system performs the fundamental function of making unique and not duplicable in time each single event recorded in a given timeframe, thus any attempt to sabotage the devices, detected by the proper sensors, would be immediately recorded in a coded data, thus rendering impossible the manipulation.

The cipher logics purpously designed to code the data even as a function of the status of the single bit previously codified, introduce the relationship to the time sequence of the events; this permits to elevate the security parameters of the entire system because in the presence of a possible data reading violation, these would result to be non-duplicable if not at very high costs in terms of technical, economic and human resources.

The pecularity of the system does not reside in the cipher algorithms.

It must be pointed out that DES and RSA ciphering are normally in use; and that the Marconi Communications crypto card will be adopted, which is based on such algorithms.

The-system is not based on the adoption of new cipher algorithms, but dedicates itself more on what happens during the ciphering process, independently from the algorithm used.

Since such systems are based on the iterations that must be unique, otherwise they could not be anymore deciphered, the system"photographs"a determined state of the cipher process in such a way that any variation in the process would result in a manipulation of the data.

The term"photograph"is the right one, because in agreement with some adopted criteria, during the cipher process, some crypto generated records are picked and imprinted onto the coversheet photographs undergoing the certification phase.

This would require that the eventual manipulation of the file must correspond the manipulation of each individual frame. Such an operation, which is possible, would require the non-automatic manipulation of all the photographs, and thus very costly.

The flow of input data to the cipher module is in a counter-reaction mode with respect to the outpUT-'data (already cyphered, thus pseudo-casual), and the variation of each single element, such as the content of the photographs (inclusive of the assigned code) does not give easily foreseen indications on the generation of the new code to imprint on the next photograph. Such manipulation process would be very costly in terms of time and resources.

The System becomes complete with some photographic cameras, whose function is to record the certification event at the same time the pseudo-casual identification code is assigned and to analyse the chromatic spectrum of the coversheets, so as to highlight the attempted certification of copies or not original prints.

The photographic device is already technically available, but has never been used for this specific innovating application. Photographic devices are often used to check the quality of a printing process, in facts the modern printing systems (OFFSET, WEB OFFSET, etc. ) are set autõmatically based on the colour survey of what they are printing.

Such photographic device is fundamental to determine whether the copy being certified is a copy or an original document.

A normal ciphering device generally operates according to the scheme Clear/Cryptovariable/Algorithm/Ciphered Text.

For various reasons such a scheme cannot be adopted directly for the Certification process of Publishing Refuse, since in the specific case the input data (Clear Text), indeed always identical data and relevant to millions of copies repeated millions of time, would cause the degrading of any ciphering logic ; even the most secure one.

Initially, the proposed system is capable to transform the entire domain of finite elements which.. cepresent the complete Clear Text (cover title, number, date, price,...) in a random domain tenai. ng to an infinite number, made up by sequences or unique characters and with no redundant frequency, representing the entireness of data subjected to the ciphering process.

Figure 2 illustrates the transformation of"clear text"in"hypertext".

This first phase allows to cancel both the attempts of classic deciphering based on statistical analysis of the language, as well as the frequencies and the redundancies which in time tend to degrade the security level.

The clear text so treated can be ciphered according to a new configuration, innovating and unique for each single device, capable to update automatically the cryptovariables (keys) according to a logic which is of a cryptologic nature, properly conceived to be variable for each device.

Figure 3 shows the scheme of ciphering algorithms.

The ciphering algorithms are always based on factors which define the"initial conditions"of the ciphering process which are obliged to vary in time, otherwise one will obtain the same ciphered text with similar texts. This would degrade any system in terms of security.

It is thus necessary that the individual machines generate always different ciphered results, while processing the same information.

Figure 4 shows the block diagram of a recognition and identification equipment.

Each single device is made unique by the fact that internally is equal to the rest of all the other devices, however it starts from initially different alfa-numeric codes for each single machine and are variable in time with a pseudo-casual logic, for this reason every ciphering process even if done on two devices that use the same keys, and the same input data, does not provide two identical results.

This will allow the protection of the ciphered data from the attempts of identification of the access key, since this is also variable in time.

The use of crypto logics such as DES and RSA, currently used today by the U. S Ministry of Defence and by the main Banks in the world, properly designed for devices made unique for each single ciphering machine (certifying equipment), the resulting reliability grade relevant to SECURITY warrants against the risk of attempts to the secrecy of data, if not at very high costs when compairing them to the value of each protected single data.

Figure 5 shows the layout of the recognition and identification equipment.

One must note that the generation of identifying data associated to the certified copies is totally secure, reliable and absolutely of"no cost", both in terms of generation and handling.

The generation of codes is automatic. Ones the ciphering process has begun, the generation of the ciphered text is obtained. Such text, which can have a very high frequency in terms of information redundancy as output, has internally a very low redundance frequency as a result of it being a good ciphering algorithm.

For this reason a series of bit"0 and 1"appear very rarely in the same sequence.

Taking some sequences of these bits one obtains the correspondence in ASCII of some characters, which combined among themselves provide the code to imprint on the photograph of the coversheets.

Considering the use of RCE Recognition and Identification equipment, within the various publishings distributing centres, one must consider the use of an operational centre for the collection of data (Operational Centre), from which it is possible for each Publishing House to retrieve its own files by means of a device named Secure Computer, that is able to decode the content.

Figure-6 shows the lavout and location of the entire system.

Figure 7 shows the block diagram of the location of the entire system.

The data relevant to the photographic processes which fix in time the certified copy, the code assigned with the data relevant to the moment in which the process was running, besides the results of the chromatic analysis taken in real time on the coversheet, are integral part of the "clear text"which is ciphered.

Figure 8 shows the scheme of data made visualised data by the Secure Computer.

The cipher algorithm has various incoming inputs in a sequencial order. a) Input data from the loader of publications (title, cost, etc. ) ; b) Chromatic analysis results (great volume file) ; c) Photographs (great volume file) ; d) Anti-tampering messages from the system; e) Last bit generated in counter-reaction. in a environment, only the Editor proprietor of its data can interpret them, any other attempt would be useless. The VERIFICATION process is simple and semi-automatic, with an average productivity of 10,000 copies verified per hour. The system, based on the Public Key criteria, requires a most secure and very economical crypto-variable handling.

Anyway, the Editor has assured the possibility to recover the eventual wrong crypto-variable used by the ADSSE, this will allow always to access its data.

The discovery it's not limited to the presentations given by the tables, but can receive improvements and variations from specialised personnel without having to move away from the subject of the patent.

The present invention results in numerous advantages, as well as in overcoming those difficulties which could not be managed by the current systems available in the market.