Few days after writing about using QR codes for authenticating consumer products, I came upon a real company that uses QR codes for this exact purpose. The company is called its-true and appears to be located in Germany. Here is a video explaining their system.
The company claims having some patents pending for the technology or system. It is really great that companies are starting to use QR codes for other purposes than advertising campaigns, and I am confident that more companies will join. In this post I would like to try to analyze their suggested solution, looking for pro and cons and whether things could have been done better.
The suggested solution needs two codes to be printed on every product. One code is exposed to public eyes; it is a Data Matrix code containing a series of numbers (twenty in the provided video) while the other code – hidden under a sticker is a QR code.
The shop owner is supposed to scan the exposed Data Matrix when merchandise arrives, causing all items in the store to be marked at database as valid items for sale. When a user buys the product the sticker is peeled and the QR code is scanned. A check is done to assure the item is for sale and then the item is removed from sales list and the user gets its validity proof.
The QR code contains a phone number and a series of another 20 digits to be sent to this phone number as an SMS message. I assume the user will get back an SMS with the authentication verdict.
The consumer is supposed to download a special application for reading the codes. Using the special app will end by a confirmation screen with validity of the product info – no SMS will be used here. Here is a picture of the labels from their video
Advantages of the system
1. One click authentication – you will have to use the It’s True app for this.
2. The code is hidden to public eyes. It is hidden under a sticker, making it harder to steal it for duplication.
3. The usage of 20 digits randomly generated and marked in a database is also a very good point since it rules out the possibility to try guessing random numbers and hoping that some of them will work.
4. A solution is provided for simple readers as well – using a regular QR code reader can do the job (through SMS).
5. Good for the brand – consumer phone number may be available. As a result of scanning the QR code an SMS is sent to the solution provider or the brand with the digits encoded for authentication. This may imply a direct channel between the brand and consumer since the consumer phone number is transmitted as part of the SMS.
Place for improvements in the system
1. The weakest point I find in this system is the SMS message for regular readers. All a pirate needs to do is to create a parallel system with similar looking stickers, only that his QR codes send the SMS to his number. Subsequently all his merchandise will be proved to be original. People will automatically assume to use their reader on these codes and users have no way to check the originality of the phone number in the code. If a URL was used users will be able to check the URL in the browser to see whether it belongs to the brand domain.
2. No strong connection between the two codes. The fact that both codes are on the same sticker has no real value, since these two codes are not checked together. Since there is no real match between the Data Matrix and the QR code in the moment of authentication, it is enough for a pirate to steal only the QR codes by taking pictures of them (after peeling the sticker) or even scanning them with any reader without sending the SMS.
3. No location info. When sending an SMS the location is missing, this leaves you actually with one series of number, only one factor to decide whether the code is original. A forged product with a duplicated QR code can be sold in another store.
4. SMS costs money and provides the consumer number to the brand. The cost could have been saved if a URL was used. Not sure that all consumer likes the idea that their phone number will be available to all kinds of brands.
5. A special app is needed to be downloaded for scanning the codes. It is a bad idea to download an app for every brand or every authentication company. The special software should be available only to the brand people, since they should be the only one with the license to remove an item from the store pool.
6. The fact that the store has to scan the Data Matrix of every product to prepare it for sale is a burden.
It may be of course that the whole suggested system was wrongly interpreted. Trying to find a more elaborate explanation through the pending patents yields no results for me.
In any case I think that the point analyzed here shed some light on possible problems in possible implementations. It is not late for IT’S TRUE Company or any other service provider to improve his system, and undoubtedly such steps of improvements are inevitable here since authenticity using barcodes is still in its infancy.
I downloaded the app, and it looks that when using it no SMS is sent, instead the app contacts the database and provides you with the needed validation.
Still expecting that people will download apps for every brand or authentication service provider is naive. Regular readers should do the job; people will not go around with dozens of authentication apps on their phones.
If anyone knows about other solutions or projects in this subject, I will be happy to hear. Every suggested solution can teach us how to reach to a real effective response to brand piracy.