When discussing anti-counterfeiting technologies, it is essential to share a common understanding of the following concepts: authentication, covert and overt authentication elements, and forensic verification. While most of them may appear rather straightforward to understand, they lend themselves to different interpretations.
In this blog post, we will clarify these terms by referring to the ISO standard on “Performance criteria for authentication solutions used to combat counterfeiting of material goods” (ISO 12931:2012). This standard was developed for brand owners and technology providers to assist the process of selecting and implementing authentication technologies for product authentication.
Note that the standard explicitly excludes track and trace, stating that “track and Trace technology when used alone is not considered to be an authentication solution and as such is not covered by this International Standard”. There is another ISO standard on ”Guidelines for interoperable object identification and related authentication systems to deter counterfeiting and illicit trade” (ISO 16678:2014) which relates to track and trace (or more precisely, to unique identifiers) in the context of product authentication. We will discuss the use of this standard in a future blog post. Indeed, authentication solutions are increasingly reliant on the use of mobile phones, which are very effective when authentication elements are combined with unique identifiers.
Key ISO Definitions and Key Concepts in Anti-Counterfeiting:
Authentication is the act of establishing whether a material good is genuine or not. In this definition, an authentic (or genuine) material good is defined as a material good produced under the control of the legitimate manufacturer, originator of the good, or holder of intellectual property rights.
The brand owner must decide how authentication will be performed: will it be by human senses, or by an authentication tool? And will the authentication tool be off-the-shelf, like a mobile phone, or purpose-built for the specific authentication solution? Depending on the authentication method, the authentication element will either be overt or covert.
An overt authentication element is an authentication element that is detectable and verifiable by one or more of the human senses without resources to a tool (other than everyday tools which correct imperfect human senses, such as spectacles or hearing aids). Here one can think of a hologram, a paper watermark, intaglio printing, or any of the standard features on a banknote that can be verified with the naked eye or by touch (see here for a list of overt features on the different Euro banknotes).
A covert authentication element is an authentication element that is hidden from the human senses until the use of a tool by an informed person reveals it to their senses or else allows automated interpretation of the element. In other words, “covert” covers everything which requires the help of a tool for authentication; this tool could be a UV light or magnifier for authentication by human senses, a mobile phone for “automated interpretation” of an NFC tag, a secure graphic or digital fingerprint, or a purpose-built device such as a taggant detector.
Prior to the ISO standards, overt and covert would often refer to visible and invisible authentication elements. Today still, some websites will define covert as “invisible to the naked eye”. But such a definition is incorrect; there is indeed a number of authentication elements that are visible (e.g. a secure graphic), yet are covert as they can only be interpreted using a tool. The concept of “semi-covert” is sometimes brought up, to distinguish “simple tools” such as a UV light from more complex tools. However, I would advise ignoring this concept as the line between semi-covert and covert is rather arbitrary and it is not part of the ISO standard.
The standard defines forensic analysis as the scientific methodology for authenticating material goods by confirming an authentication element or an intrinsic attribute through the use of specialized equipment by a skilled expert with special knowledge.
It is worth noting that prior to the standard, it was generally accepted that there was a 3rd class of authentication element named “forensic”, which referred to any technology that required significant expertise and/or laboratory equipment to perform authentication. However in the spirit of the norm, authentication elements cannot be categorized as “forensic”, and an authentication element that is checked by forensic analysis is still considered to be “covert”. A number of authentication elements can be inspected both with an off-the-shelf and a purpose-built tool and more thoroughly in a laboratory at a forensic level. Forensic analyses are useful to detect high-quality counterfeits, to confirm an authentication result, or to use as legal evidence.
Choosing the Right Authentication Method for the Right Audience
A brand owner must decide which audience can perform authentication. The ISO standard recognizes two types of audiences: the general audience, where the knowledge about the authentication solution is made public, and the restricted audience, where knowledge about the authentication solution employed is made available only to a restricted group of people.
The ISO standard maps the different types of authentication methods and audiences in the following table:
Characteristics of Categories for Authentication Solutions
So what combination of authentication elements should the brand owner use? There is no generic answer to this question. Overt features intended for a general audience will be easier to verify, however, they are easier to counterfeit, at least to the level that will allow a copy to pass authentication by human senses. A lot of work has been put into developing overt authentication elements that will be easy to verify yet hard to copy ( e.g. increasingly sophisticated holograms), however, their security level will always be limited by the knowledge, skills, and motivation of the person inspecting it. On the other hand, covert features are generally harder to copy, but since they require a tool for verification, they will be less frequently verified, unless the authentication tools are widely available.
The traditional approach in security printing has been to use a combination of covert and overt features authentication elements. This approach is also recommended by the standard and is still well in use for some widely used security documents such as banknotes, where significant resources can be invested in training the general public as well as enforcement authorities, bank clerks, and so on. However, it can be too costly and complex to implement for most branded products on the market.
The modern approach is to use authentication elements that can be inspected with off-the-shelf authentication tools. Such authentication elements can be inspected by a wide audience, yet retain the security level of covert authentication elements that are verified by automated interpretation. This allows the brand owner to let different audiences perform covert authentication. The most interesting developments in the past years have indeed been related to authentication elements that can be verified through smartphones, thanks to their increasingly advanced sensors, computing capabilities, and Internet connectivity.
Dr. Justin Picard is an internationally-recognized expert on anti-counterfeiting and secure serialization technologies and an industry thought leader. He has filed numerous patents (over 15) in the field. In his roles throughout his career as CTO, Chief Scientist, and Lead R&D, he has developed disruptive counterfeit detection technologies that are currently used on billions of products from global brands. He was a member of the WEF Global Agenda Council on Illicit Trade and currently is a methodology co-leader on the OECD Taskforce on Charting Illicit Trade.
Justin Picard has a Ph.D. from the University of Neuchâtel, a Post Doctorate from EPFL, and is an IMD graduate (Mastering the Technology Enterprise program).