The characteristics of a secure Digital Product Identity
The essential features that Connected Products and Digital Product Passports can’t go without
As brands adopt digital IDs and product passports to support their traceability, consumer engagement and sustainability strategies, it is essential that they also put in place measures to ensure their security. Simply because a product’s ID is digital and unique to each individual product does not mean that it is secure and that its ID can be robustly authenticated.
We have covered the reasons why not all Digital ID implementations can provide secure authentication in a previous article. In this article, we will cover the key principles and characteristics of what establishes a product ID as being secure.
What are the characteristics of a secure digital ID?
A secure Digital ID and its associated Product Passport must be able to be checked by everyone in the value chain, including the consumer, to prove a product’s real authenticity. However, this alone is not enough, and the security demands considering a wide range of factors. While an implementation must be able to secure the individual product, security means considering and protecting the security of the brand's entire circular ecosystem.
Secure IDs must be issued and associated with the product in a carefully controlled way, to ensure that only authentic products are issued with an ID, and systems put in place to ensure that only authentic products are granted access to a brand's content and services. Yet, security does not reside in an ability to build an impenetrable walled garden that guarantees access only to genuine products.
A secure ID implementation must detect and manage all use cases that the consumer may encounter in the real world. That includes cases of cloned IDs and also fake markers that counterfeiters will simply connect to the brand's website, in order to trick consumers that the product is genuine. Without this ability to intercept illicit products and manage the consumer experience at this highly delicate moment, a Digital ID leaves the brand exposed to the risk of eroded consumer trust. In fact, a secure ID is designed not only to recognise fakes and clones but also to increase the rate at which these illicit products are intercepted, recover stolen sales and provide data and insights for investigations so brands can understand the issue and take action against its root cause.
Secure IDs prevent illicit products from gaining access to a brand's services but importantly are designed to also protect and prevent illicit products from polluting the circular ecosystem. Circularity does not depend solely on the brand but involves a complex network of reseller marketplaces and regeneration services. Only a secure Digital ID implementation can establish trust in the consumer and marketplace. This will no longer be an optional approach, but one that brands must take, considering the imminent arrival of US and EU regulations regarding extended producer responsibility that demand brands take measures to protect consumers from fraud.
Securing Digital Product IDs and providing robust product authentication does not depend on any single tagging technology such as NFC OTP or the underlying ID management technology such as blockchain. In fact, misunderstandings around such secure technologies can often lead to undesirable consequences.
Blockchain is able to secure a product’s digital data in the cloud, but it is not a silver bullet that can secure an authentication implementation alone. Its perception as an un-hackable technology can often lead brands to trust blockchain implicitly and assume that in adopting it, their implementations are intrinsically secure. Blockchain is not infallible in authenticating physical products. Cloned unsecured physical IDs can be checked against their record on the blockchain, which can lead to a false sense of authenticity. Therefore, it is essential to complement blockchain with other forms of ID security to secure the physical ID on the product itself. NFCs with One Time Password are generally considered un-cloneable in the traditional sense, and enable brands to establish a walled garden around their connected services, that grants access only to authentic products. In increasing security for one area, this approach has the consequence of impeding it in another, by preventing brands from intercepting, monitoring and controlling the inevitable market of fake products in the market. As mentioned earlier, products will circulate with fake NFCs that simulate the brand’s own unclonable version, and once illicit products are able to circulate unmonitored, then they will inevitably enter the circularity ecosystem of the brand.
So to summarise, a secure Digital ID or Digital Product Passport is one that must be able to prove the authenticity of a product; is issued and associated with the product in a controlled way; be able to detect clones and fakes; manage all consumer use-cases; and protect the brand's circular ecosystem.
Only secure authentication will demonstrate to the consumer and the market that the brand is serious about safeguarding the consumer and sustainability.
The risk of insecure Digital Product IDs
Failure to include the capability to reliably verify the authenticity of connected products and to detect fake replicas voids the brands’ investments into product connection technologies that start from traceability and go all the way down to consumer-facing circular services.
Insecure digital IDs make the brand a target for counterfeiters because they make it easy to steal a brand’s product passports and create more convincing fakes while going undetected. Insecure IDs help give rise to a new generation of ‘super-fakes’, which as they penetrate the brand's circular ecosystem, inevitably lead to an erosion of trust in the brand from both the consumer, clients and the wider market, and negatively impact the appeal of the brand.
An inability to be able to robustly distinguish between clones and authentic items, introduces supply chain ungovernability, low organisational trust and the risk of non-compliance with impending regulations.
Secure by Design™
The ability to secure Digital IDs that can deliver robust authentication lies not in any specific technology. Security is instead a methodology that considers the needs, problems and behaviours of all stakeholders, including brands, consumers and counterfeiters, and is one that characterises Certilogo’s ‘Secure by Design’ approach to connected product security.
Secure by DesignTM is the capability to implement and manage connected product projects with security in mind, from day one, thanks to a deep knowledge of counterfeiting practices and of the vulnerabilities of common implementations.
Certilogo’s unique Secure by DesignTM approach allows brands to associate a unique digital identity (Digital ID) with each product using any type of tag, from QR codes to NFC chips, with the guarantee that the management of Digital IDs is always under control and that any attempt at counterfeiting products, unauthorised access to brand data, illicit production and distribution, reproduction of Digital Product Passports and digital content and services is recognised, reported and prevented.
Certilogo’s Secure by DesignTM methodology derives from years of experience in the secure and controlled management of unique digital identities, the use of artificial intelligence to extract valuable information from products entering the market, and the real-time management of all possible use cases encountered by the consumer, whether they are interacting with an authentic product or have come across a fake one.
In this way, brands are free to build the most creative digital experiences and the most innovative content and services, and deliver them through their connected products, knowing that they are protecting their brand from the economic and reputational risks resulting from counterfeit products, and protecting consumers and the environment throughout the product lifecycle.