[rtkwe]

Not sure a system like that can really work. All a counterfeiter needs to do is buy or scan a legitimate product if it's just a code printed on it and now all the devices validate as 'real'. Can't do a challenge response authentication with a simple printed HMAC.

I guess if we did a lot more intensive inventory tracking so whatever validation service knew batch 213489234 was made 10/21/2019 and was being sold by Amazon/CVS/etc. and was all sold out by 3/14/2020. Then grandma could say 'Oh no' I bought this from BobsDiscountPharma.com so it's maybe fake.

Another option that could maybe make it work with a little RFID/powered chip so you could actually do authentication but that's more expensive and creates a lot of ewaste if it gets applied to a lot of products.

[pitaa]

If retailers actually started using the EPC standard this would be easy. EPC is the RFID equivalent of a UPC barcode, and it has the capability to also transmit a unique serial number for each product. If this were actually used, it would be simple to deploy an interface for a customer to verify when/where the product was manufactured through when/where it was sold. Unfortunately it seems the adoption of EPC has stalled in the last few years (AFAIK, I'm no longer as involved in the retail supply chain), which is interesting because I had high hopes for it. I remember buying a package of socks 5+ years ago that already had an RFID tag embedded in the packaging.

[FireBeyond]

That's what I thought too, then it was pointed out that another part of the system is that "someone else has scanned this code".

Which if you're a counterfeiter, you obviously don't scan the code... but then you use it to make your product, and as soon as one of your buyers uses it...

[rtkwe]

That becomes a huge amount data to track though if it's individual labeling. It'll start out ok but quickly get huge.

Also doing that requires a decent percentage of people to be actively scanning things, otherwise counterfeiters could just play the odds.

[FooHentai]

>That becomes a huge amount data to track though if it's individual labeling. It'll start out ok but quickly get huge.

No, it's the same pattern as software CD-Keys and that's been working fine at scale for decades. You draw from a pool of unique, unpredictable codes based on a secret seed, and keep a tally of the number of claims over that code. The only difference here is that instead of the online service 'failing activation' for your software, it simply displays the number of activations to the end user. If 'this code has already been redeemed' comes up for your $2 ali express MOSFETs, you know you're dealing with a knock-off.

>doing that requires a decent percentage of people to be actively scanning things, otherwise counterfeiters could just play the odds

I'll partially concede this point - It's certainly a factor. However, if the down-stream effect is product returns, the middle man sellers are likely to take corrective action against the suppliers. I'm not convinced that this limitation of the proposed system will render it ineffective.

[rtkwe]

> No, it's the same pattern as software CD-Keys and that's been working fine at scale for decades. [Truncate for brevity]

It's similar except you're not tracking one product with a few hundreds of thousands to a million or so at the largest scale to tracking many products with billions of copies sold. Just taking vitamins/nutritional supplements for example, last year that market sold 36.1 billion dollars in the US alone so ROM that's 1-3 billion codes to track. That gets whittled down pretty quickly by people who don't use the service but it's still a lot when you start adding other industries too.

[FooHentai]

The variety of products shouldn't matter though - You only need to know unique code and number of times redeemed. There is no need to track it back to an individual product.

For example, if you ship the unique codes with your products via a small card in the packaging, or a small product-neutral sticker applied to the outside, the end result is the same.

I hear you on the volume problem but I'm not sure it's a significant issue. A key/value store meets the need and will scale to billions while remaining space and compute efficient.