We have discussed how to prevent the misuse of the new GS1 Digital Links technology in relation to counterfeit products.
In short, Anything that can be printed (as a QR code) can be copied. (Some special, advanced technologies add “faults” to the QR code, which are then used for authenticity validation using a special QR scanner or image upload.)
However, with the broad use of QR (links), an easier way to increase security might be needed.
Therefore, we have now added the ability to add a “shared secret” to GS1 Digital Links. Since there is no attribute for this, we have made the 90 attribute as default.
As it works, each link is generated with a checksum based on the regular parts of the GS1 DL link, like BATCH, SERIAL, BEST-BEFORE DATE, etc. The checksum is calculated using the industry-standard SHA-256 algorithm.
In Blippa, the shared secret is entered paired with the setting “Enable Authenticity.” This setting allows the use of links with the checksum but does not require it. This is to allow backward compatibility in older Blippa accounts. So, a valid URL + checksum will work, but a fake checksum will result in an error.
The second setting, “Require Authenticity,” forces every URL to be used with a valid checksum.
This will prevent counterfeit manufacturers from " inventing" products with fake serial, batch, expiration dates, etc. The only valid option would be to copy one or more genuine QR codes and use them on the counterfeit goods.
To prevent this, the Blippa system will detect suspicious web traffic to these objects and notify the user with messages like “Suspicious use of this QR, detected traffic from various countries within unrealistic timeframes.”
This security approach might not be sufficient for high-end products but might be used with mass-market products.
One downside of the Blippa Link Authenticity technology is that the resulting QR code needs to contain a lot of info (e.g., the checksum). This results in a QR code with a “lot of dots,” making it unsuitable for smaller QR labels.
We are working to reduce the checksum data in the future to allow smaller QR labels.
Note: The use of technologies like Blockchain will not solve the “Copy The QR Code” problem since it can only be used to ensure that the events in product history have remained the same.
Support: Blippa Link Authenticity is supported through Blippa Professional Services and Blippa Partners.
