Skip to Content

The technical solution

Project Features


The system's implementation is divided into several phases and logical components, which will be analyzed individually.

1. Physical Fingerprint Generation using 3D Optical PUF: The core of the invention lies in the ability to generate a unique and unrepeatable fingerprint from the physical object itself. The choice of component from which to extract the fingerprint (PUF) is crucial. Preferred but not exclusive, the watch movement or caliber is used, as it is a high-value, complex, and internal component, the replacement of which, even partial, of a single component is a rare and traceable event. Its surface, even when produced with the highest tolerances, presents stochastic imperfections at the microscopic level (micro-scratches, texture variations, minimal inclusions in the material) that are unique to each individual piece. These imperfections form the basis of our optical PUF. This first phase includes the following activities:

1.1. 3D Image Acquisition: To capture these features, a high-resolution optical 3D scanner is used. The preferred technologies for this phase are structured light scanning or confocal laser scanning. These systems project a light pattern (in the case of structured light) or a laser point (in the case of confocal scanning) onto the surface of the gauge and capture its deformation or reflection using one or more highly sensitive cameras. The result of this scan is a high-density, three-dimensional point cloud, representing a detailed topographic map of the gauge surface with micrometer or sub-micrometer precision.

1.2. Point Cloud Pre-Processing: The raw point cloud obtained from scanning requires a pre-processing phase to be usable.

This phase includes:

- Noise Filtering: Statistical filters (e.g. Statistical Outlier Removal) are applied to eliminate isolated points (outliers) that do not belong to the real surface, but are due to sensor noise or spurious reflections.

- Alignment and Normalization: The point cloud is aligned to a reference coordinate system and normalized in scale and orientation. This step is essential to ensure that subsequent scans of the same object are comparable, regardless of small variations in its positioning during scanning.

- Normal Estimation: For each point in the cloud, the local surface normal is calculated. This information is essential for feature extraction algorithms.

1.3. Feature Extraction: Once the point cloud has been cleaned and normalized, we proceed to extract the features that will constitute the fingerprint. This is not based on the entire point cloud (which would be too cumbersome to manage), but on a set of local descriptors computed at points of interest (keypoints). These keypoints are linked to the following activities:

- Keypoint Identification: Algorithms such as Intrinsic Shape Signatures (ISS) are used to identify geometrically salient and stable points on the surface, such as corners, edges, or points of high curvature. These points are less susceptible to alteration by small variations or noise.

- Calculation of Local Descriptors: Around each keypoint, a local descriptor is computed that encodes the surrounding geometry. A particularly effective descriptor for this purpose is the Fast Point Feature Histogram (FPFH). The FPFH creates a multidimensional histogram that represents the geometric relationships between the keypoint and its neighbors, proving robust to noise and small deformations. Other valid descriptors include SHOT (Signature of Histograms of Orientations) or Spin Images.

1.4. Binary Fingerprint Generation: The set of FPFH descriptors computed for all keypoints constitutes a rich but still complex representation. To obtain a compact, efficient, and easily comparable fingerprint, a binarization phase is performed.

- Aggregation: The descriptor vectors are aggregated into a single large feature matrix.

- Locality-Sensitive Hashing (LSH): This matrix is processed using an LSH algorithm. LSH has the property of mapping similar data points (in this case, similar geometric descriptors) to the same "bucket" with high probability, while mapping dissimilar data points to different buckets. By applying a series of LSH functions, a binary hash code (a string of 0s and 1s) of fixed length (e.g., 256 or 512 bits) is obtained. This binary code is the final fingerprint: a compact and robust representation of the caliper's unique microgeometry.

The above process, from scanning to generating the binary fingerprint, is preferably performed using software libraries specialized in 3D data processing, such as Open3D, and for hashing, such as datasketch.

2. Creation and Management of the Digital Token: The generated binary fingerprint is the core of the digital token, which serves as an electronic certificate of authenticity. This second phase includes the following activities in a cost-effective implementation:

2.1. Token Composition: The digital token is a structured data package, preferably in JSON (JavaScript Object Notation) format, which includes, for example:

- puf_fingerprint: The 256- or 512-bit binary fingerprint.

- metadata: A set of essential metadata about the watch, such as:

  • brand: Brand
  • model: Model
  • serial_number: Unique serial number of the watch
  • production_year: Year of production
  • movement_caliber: Caliber number or name.
  • list of owners (current and previous).
  • interventions and maintenance performed on the watch
  • further and any other

- timestamp: A timestamp indicating the date and time the token was created.

2.2. Token Encryption: To ensure the confidentiality and integrity of the token, it is encrypted before being stored or transmitted. The preferred encryption mode is the AES (Advanced Encryption Standard) symmetric algorithm with a 256-bit key, operating in GCM (Galois/Counter Mode). GCM mode is chosen because, in addition to ensuring confidentiality (encryption), it also provides data authentication (integrity), protecting the token from unauthorized modification.

The encryption key (K_device) is unique for each watch. It is not generated randomly, but derived from a master key (K_master) stored in an ultra-secure environment (HSM, as described below) via an HMAC-based Key Derivation Function (HKDF). The input to the HKDF is the K_master and a unique "salt" for each device, which in the preferred mode is the NFC chip's unique identifier (UID). This cryptographically binds the key to the hardware component, adding an additional layer of security.

3. Integration with the NFC Chip and Secure Element: The encrypted digital token is stored in the NFC chip integrated into the watch. The choice of chip is crucial to the system's security. This third phase includes the following activities for a successful implementation:

3.1. NFC Chip Selection: Preferably, but not necessarily, you should select a passive NFC chip (it does not require its own power, but is activated by the reader's magnetic field) that incorporates a Secure Element (SE). Examples of such chips include the NXP NTAG 5 series, the STMicroelectronics ST54J series, or the Infineon SLE 5 series. A SE is a tamper-resistant microprocessor with its own secure memory and operating system, certified to security standards such as Common Criteria EAL5+ or higher. It is designed to resist physical (e.g., microprobes, side-channel attacks, fault injection) and logical attacks.

3.2. Chip Provisioning: During manufacturing, the encrypted digital token is written to the secure memory of the Secure Element. The data is encapsulated in a standard NFC format, such as NDEF (NFC Data Exchange Format). Once written, the chip is configured to block further unauthorized writing. The Secure Element's access policies are set to allow reading of the encrypted token, but to absolutely prevent cleartext access to the decryption key (K_device), which is also securely loaded into the SE and never exposed externally. All decryption operations for verification will take place within the secure perimeter of the SE.

4. Blockchain Registration: To ensure immutability and public (or consortium) verifiability of authenticity, a blockchain platform is used. This fourth phase includes the following activities in a cost-effective implementation:

4.1. Blockchain Choice: The preferred approach uses a permissioned blockchain, such as Hyperledger Fabric. This type of blockchain is preferable to a public one (such as Ethereum) for enterprise applications, as it offers greater access control, scalability, privacy, and transaction finality. Network participants (nodes) are known and authorized entities (e.g., manufacturers, service centers, authorized resellers).

4.2. Hash Recording: To maximize privacy and efficiency, the entire digital token is not recorded on the blockchain, but only its cryptographic hash. The process is as follows:

- A hash of the already encrypted digital token is calculated using a robust algorithm such as SHA-256 or SHA3-256.

- This hash, a string of 64 hexadecimal characters, is recorded on the blockchain within a smart contract (called "chaincode" in Hyperledger Fabric).

Recording the hash of encrypted data ensures that the original data (fingerprint and metadata) are never exposed publicly, but it provides an immutable anchor for verification. Even the slightest alteration to the encrypted token would produce a completely different hash, making tampering immediately detectable.

The smart contract manages the business logic, including creating a digital asset (similar to an NFT) representing the watch, associating the hash with the serial number, and recording the initial owner. The same smart contract will manage future ownership transfers.



Authenticity verification procedure


An operator, with the appropriate authorizations, can verify the authenticity of the watch using a backend device represented by a common personal computer to which a 3D optical scanner and an NFC chip reader/writer device are connected via USB.

The first phase consists in reading the caliber (possibly also the dial if so provided by the manufacturer) via a 3D optical scanner and obtaining the PUF fingerprint of the reading (Ft).

The second phase consists in reading and decrypting the PUF fingerprint deposited on the NFC chip since the backend system has the cryptographic keys and therefore extracts the related reference PUF fingerprint (Fm).

Then the matching (authentication) is performed between the PUF fingerprints (Fm) and (Ft).

A matching threshold (θmatch) is set corresponding to the maximum acceptable distance value between the acquired PUF fingerprint (Ft) and the reference one (Fm) for the matching to be valid. Typical value: 0.12-0.18 in terms of normalized distance (e.g., Hamming or Euclidean on binary vectors).

Practical definition: If, for example, the Hamming distance between the two binary hashes is <= 0.15 (15%), the verification is considered successful. The precise value depends on the size of the fingerprint: for a 256-bit hash, this equates to ~38 different allowed bits.

If this first check is successful, the system performs the following operations:

- NFC reading: The operator holds the NFC reader/writer close to the watch. The NFC reader activates the passive chip and reads the NDEF record containing the encrypted digital token.

- Send to Backend (or Secure Local Processing): The application sends the encrypted token to a secure backend managed by the vendor. In an alternative, very high-security implementation, decryption could occur via a secure applet directly on the Secure Element of the reader/writer, if available.

- Decryption and Hash Calculation: The backend uses the appropriate K_device key (securely retrieved from its key management system) to decrypt the token. Once the cleartext token is obtained, the backend recalculates the SHA-256 hash of the original encrypted token.

- Blockchain Verification: The backend queries the blockchain (via a permissioned node) to retrieve the reference hash associated with the watch's serial number.

- Comparison and Result: The backend compares the newly calculated hash with the hash retrieved from the blockchain. Under these circumstances:

If the two hashes match, the authenticity is confirmed. The app displays a successful result, displaying the watch's metadata (brand, model, etc.) for further visual confirmation by the user.

If the two hashes do not match, the system flags an anomaly, indicating possible forgery or tampering.

In conclusion, if the PUF just read is consistent with the PUF extracted from the NFC chip and if the hash of the NFC chip matches the hash saved on the blockchain, the watch, in all its parts, is authentic.

6. Management of Variations over Time (Model Update): To ensure that the system remains robust over time, a mechanism is provided to manage small physiological variations in the PUF fingerprint (due to, for example and not limited to, wear, dust, etc.).



Periodic checks and updates


During a periodic verification (e.g., in a service center), a new 3D scan is performed and a new PUF fingerprint is generated. This new PUF fingerprint is compared with the reference PUF fingerprint stored in the token. The comparison metric is the Hamming distance between the two binary codes (i.e., the number of different bits), and specifically:

- If the Hamming distance is below a matching threshold (e.g. 15%), the watch is considered authentic.

- If the distance is below a more restrictive threshold, called the update threshold (e.g., 10%), the system can update the reference model. The update does not consist of a replacement, but rather a weighted average with parameter α (e.g., α=0.1) between the old PUF fingerprint and the new one, to slowly adapt to variations without allowing drastic changes that could conceal tampering.

- If the distance exceeds the matching threshold, or if the cumulative drift from the original PUF fingerprint exceeds an alarm threshold, a flag is generated for manual inspection.

This adaptive update mechanism is a key feature for system longevity and reliability.


Security infrastructure


Security Infrastructure (HSM and Key Management): The entire security architecture is based on rigorous cryptographic key management. The master key (K_master), from which all device keys are derived, is generated and stored within a Hardware Security Module (HSM). An HSM is a dedicated, ultra-secure physical device that protects keys from any external access. Operations involving the master key (such as deriving K_devices) take place within the HSM itself, without the master key ever being exposed. This centralized and ultra-secure approach to key management is critical to the integrity of the entire system.

Industrial applicability


The invention described finds its primary industrial application in the luxury goods sector, and more specifically in the high-end watch industry. Its industrial utility is evident and addresses a critical and growing need in this market: the fight against counterfeiting, guaranteeing authenticity, and ensuring product traceability throughout its life cycle. Its industrial applicability can be described in several ways.

a. Production and Integration into the Assembly Line: The method described can be directly integrated into the watch manufacturing process. The PUF fingerprint generation phase via 3D scanning can be incorporated as a quality control and registration station at the end of the movement or complete watch assembly line. The NFC chip scanning and provisioning stations can be automated to handle high production volumes. Watch manufacturers can therefore offer a product with an intrinsic, tamper-proof digital certificate of authenticity embedded right from the start. This increases the perceived value of the product and strengthens consumer trust in the brand.

b. Supply Chain and Distribution Management: The system offers a powerful tool for traceability along the supply chain. Every step of the watch, from manufacturer to distributor to authorized retailer, can be recorded on the blockchain by scanning the NFC chip. This creates a complete and immutable history of the product's journey, helping combat the gray market (unauthorized sales) and ensuring that products sold through official channels are authentic.

c. Secondary Market and After-Sales Services: The invention has a significant industrial impact on the secondary (pre-owned) market. The ability to easily and securely verify the authenticity of a watch facilitates transactions between individuals and through specialized sales platforms, increasing market liquidity and security. Ownership transfers can be managed via smart contracts on the blockchain, creating an official and reliable registry of provenance.

Additionally, authorized service centers can use the system to record maintenance interventions, creating a complete and verifiable service history, which helps maintain the value of the watch over time.

d. Extension to Other Industrial Sectors: Although the preferred implementation method is described for watches, the industrial principle is directly transferable to other sectors that produce high-value goods and are plagued by the problem of counterfeiting. Examples include:

- Jewelry: Authentication of designer jewelry.

- Art: Creating a physical-digital link for artworks, using the micro-texture of brush strokes or sculpture surfaces as a PUF.

- Luxury Fashion: Authentication of bags, accessories, or high-end fashion garments, using the unique characteristics of the material (e.g., leather grain) as the basis for the fingerprint.

- Fine Wines and Spirits: Bottle authentication, using imperfections in the glass or cork as a PUF to combat counterfeiting and refilling.

- Critical Components (Aeronautics, Automotive): Traceability and authentication of critical mechanical components to guarantee their origin and integrity, preventing the use of counterfeit or non-compliant parts.

In summary, the invention is susceptible to large-scale industrial application, as it provides a robust technological solution to a pervasive economic problem. The system can be produced and used in an industrial context to create, verify, and track the unique identity of physical objects, generating value for producers, security for consumers, and transparency for the entire market.

While the invention described above is susceptible to various modifications and alternative constructions, some preferred embodiments have been shown in the previously illustrated embodiment example.