The optical key

to authenticate products and documents,

and to enable everyone to identify

face to face and online

 

Franck GUIGAN

Version française

franck.guigan@popimscode.com

+33 6 14 63 93 36

 

Two disruptive innovations bring major advantages

For the first time,

anybody can prove his or her identity safely, face to face and online, but can be sure not to be unknowingly identified;

everyone can identify those who wish to be, but only them;

everyone can communicate selected personal information, located in an online safe, and allow access to each information to one or more selected people;

access to digital identity services is not restricted to smartphone owners, since a third party’s smartphone or a public terminal can be safely used;

no one may build databases with names, faces, or other biometric features;

and the loss of an identification card does not enable any third party to use it.

2

POPIMSCODE.COM

First innovation : a 3D optical key that is authenticated with a Smartphone

Identifier

3D optical signature

It comprises.

an Identifier which may for example be a barcode

And a 3D optical signature which is a random optical chaos.

3

POPIMSCODE.COM

Second innovation :

Dynamic authentication

The smartphone application displays a virtual sign on the screen, indicating to the user where to place the smartphone.

All operations are fully automated and transparent for the user.

The server:

indicates to the application one or several points of view, where to place the smartphone and when to turn on and off the flash,

passes to the server a video shot by the camera, in real-time,

compares the optical key with its "description" stored in the database or the Blockchain,

and validates or not the optical key as being the original.

This scenario cannot be repeated because it is dynamic. Nobody could predict what the server will ask. Nobody can know how the authentication decision has been made.

There are billions of possible combinations of requested viewpoints and of effective viewpoints seen by the camera. What the hacker should find is the whole set of "original descriptions", and it would be very difficult to find any of them as they are not the same as the random viewpoints required by the server.

Of course, additional factors of authentication can be used by the application.

The Smartphone application can call the user when identification is required via a PC.

4

POPIMSCODE.COM

With these innovations, a lost or stolen

card cannot be used

Face to face, the name and the photo that appear on the screen of the Smartphone come from the official server. Any attempt to use a lost or stolen card has no effect.

Online, the application moves to a next step that may include personal questions, or even biometrics checking.

In both cases, the communication of personal information can only be carried out by order of the holder and after these very secure procedures.

Important details

The name and photos of a holder are displayed only after authentication of a card that correspond to the relevant description in the server. The manufacture of a card is impossible. It is therefore not possible to create a database by trying to create simple identifiers.

Even in the case of verification of biometric elements, the server only uses the record of the person corresponding to the lost or stolen card which has not yet been declared as such, but the server does not consult a whole biometric database.

5

POPIMSCODE.COM

The choice of the key is essential.

The digital identity system stores and redistribute personal information

in a controlled way.

Therefore, there must be a key with the following functionalities:

1.it must prevent a person from accessing the personal information of a third party has not given its consent to the transmission of this information,

2.it must allow everyone to communicate the personal information of his or her choice to a designated third party, in three different modes:

face to face identification,

online identification,

and personal information transfer.

6

POPIMSCODE.COM

Face to face identification

to prove an identity to the police, customs, administrations, banks, or any person or entity with which one wants to sign a contract, or in the premises of one wants to enter,

to check the quality of a person who must be trusted: police officer, fireman, doctor, seller of a good or a service, tenant, etc.

to control access to premises,

etc.

7

POPIMSCODE.COM

On line identification

to carry out administrative procedures,

to sign contracts, to place orders,

to make payments,

to file comments on goods and services,

etc.

8

POPIMSCODE.COM

Personal information transfer

to allow a doctor access to all or part of a medical file

to allow a bank to access pay slips or tax slip,

to allow the owner of an apartment to access the insurance policy of a tenant,

to allow a sports club to access a medical certificate of aptitude,

and, more generally, to allow a third party to access personal information located in an online safe.

9

POPIMSCODE.COM

Our 3D optical key respects the 10 constraints

1.It is not be itself a personal information.

2.It may not be duplicated.

3.It cannot fail.

4.It cannot be the vector of a computer infection.

5.It remains stealth and may be seen only if its owner shows it to a smartphone camera,

6.It enables face to face authentication of the key holder by the beneficiary of the authentication.

7.It allows the key holder to identify online with his or her own Smartphone.

8.It allows the key holder to identify online with the Smartphone of a third party.

9.It is easily transported, on all occasions.

10.It has a negligible cost.

10

POPIMSCODE.COM

Our proposal

This technology is one of the bricks of future secured digital identity solutions in the study.

It is compatible with all possible global solutions.

It is protected by a patent already granted in the United States of America, and should soon be delivered also in Europe .

If this solution is adopted by the French Digital Identity Program, it will set an example that is likely to become a world standard, as has been the smart card, also invented by a French.

We will designate the Principal operator that will handle routers secure worldwide network, and are consulting the French authorities on that subject.

We shall grant this Principal Operator a license of the patent and all of the technology that is already developed, with the right to sub-license to all users of the system, for all applications of the technology (including the fight against counterfeiting, the secure traceability, the payment, document and banknotes protection, etc.

September 2018

11

POPIMSCODE.COM

The optical key

Annex 1 – Comparison with other technologies

 

Franck GUIGAN

October 2018

franck.guigan@popimscode.com

 

+33 6 14 63 93 36

The necessary characteristics of the key

The 10 essential constraints

1.The key must not be itself a personal information.

2.It must be impossible to duplicate.

3.It should not be able to fail.

4.It should not be the vector of a computer infection.

5.It must be stealth and be seen only if its owner accepts it.

6.It must enable face to face authentication of the key holder by the beneficiary of the authentication.

7.It must allow the key holder to identify online with his or her own Smartphone.

8.It must allow the key holder to identify online with the Smartphone of a third party.

9.It must be easily transported, on all occasions.

10.It must have a negligible cost.

13

POPIMSCODE.COM

1- Not a personal information

The key cannot be itself personal information, since it is on the contrary used to protect personal information.

For example, using the fingerprint as the key would require to put a database of fingerprints at the disposal of those who want to be able to identify a third party.

This constraint excludes all morphological features recognition devices, whatever they may be.

However, such devices can be used with the express consent of the owner of the morphological features, after such owner has identified the beneficiary of the authentication procedure.

So there is a notion of first key, which then allows the use of other types of additional keys.

14

POPIMSCODE.COM

2- Impossible to duplicate

The key must be impossible to duplicate, to prevent fraudsters from quietly making copies and using them later.

This constraint excludes the following methods:

simple bar codes,

login + password.,

They can be heard on the network, and reused without heir owner. being aware of it.

Moreover, many people write them down, communicate them to one or more friends or colleagues, or use the same login and password on unprotected sites.

2D markings,

A goods converter works with CTP up to 10 000 DPI while the resolution of a Smartphone does not exceed 1000 DPI .

A well-equipped counterfeiter can easily reproduce large series of any 2D markings.

USB keys and NFC chips,

and more generally all industrial devices that do not use random processes, even those based on an encryption method, which can be stolen.

15

POPIMSCODE.COM

3- No possible failure

The key must be a passive component that cannot fail.

This constraint excludes all methods that require a smartphone that can fail, and so:

the “2D secure” method,

and “Fido 2” procedures.

In a more general way, this constraint excludes all electrical devices with a battery, as for example semi-passive and active RFID chips.

16

POPIMSCODE.COM

4- Not a possible infection vector

The key should run no risk of infection to the computers responsible for its authentication.

This constraint excludes all computing devices at such risk, and therefore:

USB keys, and methods using such keys like for example the "Titan Security Key" of Google,

and radio frequency devices such as badges RFID and NFC chips.

17

POPIMSCODE.COM

5- Stealth

The key should not be able to report the presence of its owner without his consent.

This constraint excludes the following devices:

radio identification badges and especially NFC chips,

and all devices that one can use only with its own smartphone

The “2D secure” method,

and “Fido 2“ procedures.

as an on smartphone allows to trace its owner, with little precision with the telephone antennas, but very precisely with WiFi and/or BlueTooth.

18

POPIMSCODE.COM

6- Identification of a third party with any Smartphone

A person wishing to identify another must be able to use any smartphone, hand-held, without any accessory.

This constraint excludes the following methods:

methods involving the use of radio frequency (e.g. chips NFC), since only some smartphone are able to read them,

the marking analysis procedures requiring an accessory for positioning the smartphone,

and “Fido 2” procedures.

The computer of the person wishing to authenticate a key should know the private key of the key holder.

19

POPIMSCODE.COM

7- Online identification of the key holder with his or her own Smartphone

A person must be able to identify on line with his or her own Smartphone, hand-held, without any accessory.

This constraint excludes the following methods:

2D markings authentication

Simulating by software the vision of marking by sending to the server its image would be enough.

3D with a limited number of acquisitions

Characterizing a hologram or another 3D feature by a limited number of views, for example one with flash and one without flash, can simulate by software the vision of the hologram by sending these images to the server.

and marking analysis procedures requiring a positioning accessory.

20

POPIMSCODE.COM

8- Online identification of the key holder with the Smartphone of a third party

A person must be able to identify with the Smartphone to a third party, held in the hand, without accessory online.

Many people do not have a personal Smartphone and should not be excluded from the system.

This constraint excludes the following methods:

the “2D secure” method

a SMS confirmation cannot be sent to the phone of a third party.

the “Fido 2“ procedures

The computer of the person wishing to authenticate a key should know the private key of the key holder.

2D markings

Simulating by software the vision of marking by sending to the server its image would be enough.

Authentication of 3D markings with a limited number of acquisitions,

Characterizing a hologram or another 3D marking by a limited number of views, for example one with flash and one without flash, can simulate by software the vision of the marking.

and marking analysis procedures requiring a positioning accessory.

21

POPIMSCODE.COM

9- Portability

The key must be carried at all times, even when the holder practices water sports, skiing, skydiving, or simply wears a garment with no pocket.

This constraint excludes all techniques requiring that the owner has a smartphone or another electronic equipment to prove his or her identity:

the “2D secure" method,

and the “Fido 2” procedures.

It should be enough that the only beneficiary of authentication (e.g. a police officer or a customs officer) has a smartphone.

22

POPIMSCODE.COM

10- Negligible cost

The key must have a negligible cost, ,

1.so that everyone may have one, without this causing a significant expense for the holder or for the State,

2.and so that everyone may also have several in advance and put them into service without delay in the event of loss or theft.

This constraint does not allow any electronic devices or methods that can be implemented only by a smartphone:

the “2D secure” method,

and the "Fido 2” procedures.

A person can also have multiple keys with different powers,

issued by operators who may also be different.

In case of loss or theft, the holder of the key informs the relevant operator

of the replacement of the lost or stolen key by another key which has already been registered.

23

POPIMSCODE.COM

The optical key

Annex 2 – Technical aspects

 

Franck GUIGAN

October 2018

franck.guigan@popimscode.com

 

+33 6 14 63 93 36

Why it is impossible to replicate

Such a 3D chaos is not reproducible

imagine that you ask a body painter to paint a small surface with the original metallic paint of your car, but to place each of the metal particles in the same location in x, y and z, with the same slope and with the same direction...

That is impossible.

Many methods are available

One can use ink, varnish, paint, particles drown in the mass of any material, 3D features to the product, sandblasting, and a large number of other surface treatments.

The shining particles remain visible even if they are much smaller than the details visible by the smartphone, when they are under the light of the flash, because the amount of reflected light remains noticeable.

It's the principle of the mirrors used to show the presence of castaways.

25

POPIMSCODE.COM

The appearance of the key changes gradually with the displacement of the point of view.

The appearance varies little

The appearance varies a lot

for a low displacement.

for a major shift

With two French companies, we have developed inks and varnishes which allow to implement this innovation.

All printers can achieve optical keys in screen printing, flexography, as well as with many other printing techniques

26

POPIMSCODE.COM

The enlistment of the optical key is simple

According to the reading comfort one wants to give to the user, and to the desired level of security, one can take a single photo or several for several complementary points of view.

These operations are automated on the production line of the keys.

27

POPIMSCODE.COM

Many of the positions of the Smartphone allow authentication

When the smartphone is in a position, the comparison its done between what it sees and the enlisted image corresponding to the nearest position.

This feature allows a very easy and fast smartphone positioning.

A more accurate positioning and/or two or more acquisitions at different places allow to increase the strength of authentication, based on needs.

28

POPIMSCODE.COM

Why this optical key has such a low cost

It's a mere printing

most of printing methods, including the less costly (flexography) allow to print such unique 3D signatures.

Holograms, chips and RFID antennas are much more expensive and reproducible.

Customization can be instant

labels can be stuck on all existing documents.

Plastic cards can receive a customization with a simple badge printer.

Secure enlisting can be achieved with a simple smartphone.

29

POPIMSCODE.COM

How the system works

Every customer of the digital identity system (e.g. administration or company) is independent.

1.It chooses only its own databases and their storage method (servers or blockchain).

2.It freely chooses his printing methods and the converters.

3.It designs independently its smartphone applications, using the libraries that are proposed by PopimsCode.

4.It freely determines its authentication algorithms.

There is a "Principal operator" that manages secure routers

1.These routers ensure that it is the right server which is called.

2.They also have a proxy functionality to protect databases and the smartphone against intrusion (e.g. cookie or capture of fingerprint of a smartphone).

30

POPIMSCODE.COM

Network architecture

Customer

Authentication

(Administration, company,

Servers

 

club, association, etc.)

 

Switchboards

Principal Operator

User

PopimsCode Applications

= Encrypted communications

POPIMSCODE.COM

31

Network operations

Step 1 : Information

 

7. Consulting Database

4.

Checking if the Identifier

 

is allowed

5.

Reading which

Authentification

Server

8.Sending

the First Answer and

the Signature Reading Method

(including methods that are

in the public domain such as RFID, or proposed by competitors)

Authentication Server

 

is relevant

 

6. Transmiting to this

Switchboard

relevant server the

Identifier and User

Information

9.Transmitting

the First Answer and

the Signature Reading Method

1.

Reading the Identifier (i.e.barcode)

 

 

2.

Finding an available Switchboard

Application

10. Displaying

3.

Sending the Identifier and the

 

the First Answer

User Information to the Switchboard

32

POPIMSCODE.COM

Network operations

Step 2 : Authentication

4. Consulting the

 

5. Sending the

 

Second Answer

Authentication Database

Authentification

 

 

 

 

Server

 

3. Transmiting the

6. Transmiting the Second Answer

Signature to the

 

relevant

Switchboard

Authentication Server

 

1.

Reading the Signature

7.

Displaying the

 

with the Signature Reading Method

Application

Second Answer

2.

Sending the Signature to the Switchboard

8.

Other interactions

 

 

 

 

33

POPIMSCODE.COM

The optical key

Annex 3 – The main patent

Franck GUIGAN

franck.guigan@popimscode.com

+33 6 14 63 93 36

The main claim

To establish the authenticity of an object protected by the optical key, one compares the description made after its printing with a new description resulting from at least two acquisitions,

one in the same conditions,

and the other by changing the point of view and/or lighting.

We strongly believe it is the industry's first and only solution for consumers and businesses providing anyone the ability to quickly and conveniently verify the authenticity of products, and documents.

The patent protects all tags with 3 dimensional structures, which are the only ones impossible to reproduce by printing techniques.

Anyone using a smartphone application implementing this method is counterfeiting this patent.

View the patent on USPTO

View the patent on Espacenet

35

POPIMSCODE.COM

Useful links

VIEW THE DEMO

"Are random 3D markings going to kill the security printing industry?" (LinkedIn post)

A note on the "Relational Identity" concept

An article in the Journal du Dimanche (in French)

The special issue of Contrefaçon Riposte, the French newsletter dedicated to fighting counterfeiting

The LinkedIn page of Franck Guigan

36

POPIMSCODE.COM

Thank you!

Technical development and industrialization are finalized.

They were funded in entirety on our own funds.

The French ink manufacturer Encres Dubuit already proposes specific inks and varnishes,

and the French converter Gen' etiq already produces stickers,

and consumables that are compatible with most plastic cards printers,

especially those of the French company Evolis.

The iPhone app is already available on iTunes.

It is being finalized on Android .

Franck GUIGAN franck.guigan@popimscode.com +33 6 14 63 93 36