Tag: product identification

Article

The European Union will make steps towards a secure-by-design approach for hardware, software and services

Smarthome: EU führt Sicherheitszertifikate für vernetzte Geräte ein | Computer Bild (German Language / Deutschen Sprache)

From the horse’s mouth

European Commission

EU negotiators agree on strengthening Europe’s cybersecurity (Press Release)

My Comments

After the GDPR effort for data protection and end-user privacy with our online life, the European Union want to take further action regarding data security. But this time it is about achieving a “secure by design” approach for connected devices, software and online services.

This is driven by the recent Wannacry and NotPetya cyberattacks and is being achieved through the Cybersecurity Act which is being passed through the European Parliament. It follows after the German Federal Government’s effort to specify a design standard for routers that we use as the network-Internet “edge” for our home networks.

There will be a wider remit for EU Agency for Cybersecurity (ENSA) concerning cybersecurity issues that affect the European Union. But the key issue here is to have a European-Union-based framework for cybersecurity certification, which will affect online services and consumer devices with this certification valid through the EU. It is an internal-market legislation that affects the security of connected products including the Internet Of Things, as well as critical infrastructure and online services.

The certification framework will be about having the products being “secure-by-design” which is an analogy to a similar concept in building and urban design where there is a goal to harden a development or neighbourhood against crime as part of the design process. In the IT case, this involves using various logic processes and cyberdefences to make it harder to penetrate computer networks, endpoints and data.

It will also be about making it easier for people and businesses to choose equipment and services that are secure. The computer press were making an analogy to the “traffic-light” coding on food and drink packaging to encourage customers to choose healthier options.

-VP Andrus Ansip (Digital Single Market) – “In the digital environment, people as well as companies need to feel secure; it is the only way for them to take full advantage of Europe’s digital economy. Trust and security are fundamental for our Digital Single Market to work properly. This evening’s agreement on comprehensive certification for cybersecurity products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”

What the European Union are doing could have implications beyond the European Economic Area. Here, the push for a “secure-by-design” approach could make things easier for people and organisations in and beyond that area to choose IT hardware, software and services satisfying these expectations thanks to reference standards or customer-facing indications that show compliance.

It will also raise the game towards higher data-security standards from hardware, software and services providers especially in the Internet-of-Things and network-infrastructure-device product classes.

Other documents can be used to prove you bought the product at issue during a warranty or insurance claim

A situation that can easily overcome us is whenever a device breaks down while it is under warranty. Here, you have to prove to the authorised repairer that you had bought the device within the warranty period so they can go ahead with the repairs. This can extend to a repair job that went wrong and you need to seek further repairs from that repairer under warranty. These situations cover both the vendor’s warranty they provide on the goods or services; along with statutory warranties that are provided for under national consumer protection laws.

Similarly, your device may be damaged or stolen and your insurance company needs you to prove that you had purchased the device so they can fulfil the claim. It can also affect “organisational-liability” situations concerning damage to consumers’ property such as where a power utility or telco offers to repair equipment damaged due to a power spike that came over their infrastructure.

But what does the warranty repairer or insurance company need to know?

They need to know the fact that you had purchased the goods concerned and when you had purchased those goods. Typically this is represented by the sales receipt or invoice that the merchant gives us when we pay for the item we are purchasing.

But most of us aren’t really good at keeping these invoices or receipts in an easy-to-find manner unless this was to do with a business effort where we want to claim the purchase for tax or reimbursement purposes. Typically these documents end up in one of many shoeboxes, drawers or other spaces and it is hard to look for them easily when in a hurry. Even if we are reimbursed for the goods concerned or submit the receipt to our tax accountants, there is the likelihood that we don’t have it on hand should the worse come to the worse.

The situation also becomes worse when you keep in your shoebox or drawer similar material for devices you aren’t using anymore such as equipment that has hit the end of its service life or equipment you have sold or given away. Here, you may have the receipts for your new equipment muddled up with similar documentation for the prior equipment.

There are other ways you can prove your purchase of the items. If you bought a smartphone, “Mi-Fi” or similar communications device under a subsidised-equipment deal that your telco provides, the documents relating to the subsidised-equipment contract may be enough to prove this purchase. This also applies to those of us who lease IT equipment like a laptop computer for our business use.

But if you simply pay for your equipment using a credit or debit card, the transaction you made with this card provides its own record and paper trail. Here, you would need to know which card you paid for the goods with and approximately when and where you purchased those goods. Here, you can ask the merchant for a receipt or statement relating to the purchase because they could search on the first or last few digits of the card number and the time period that the transaction took place in order to verify the purchase.

This happened to a close friend of mine who had bought a new printer and the machine had broken down within the warranty period. Like most of us, he wasn’t good at keeping the receipts in a ready-to-find manner, but I made a reference to the merchant that sold him the printer and the fact that he used a credit card to pay for the item. It was similar to a situation where I bought an old friend a gift card for a bookstore but they had lost the gift card. Here, I was able to supply the bookstore the details about the card I used to purchase the gift card so that the old friend could get a replacement gift card. But this situation allowed him to continue to seek warranty repairs on the printer.

Let’s not forget that original copies of the product documentation that came with the goods concerned can be of value when it comes to filing an insurance claim for stolen or damaged goods. Here, the original documents like warranty cards or instruction manuals can be assessed as to whether they are actually what came with the device or something that was printed out after the fact. This fact can also hold true of the optical disks that come with printers, network hardware and similar IT and consumer-electronics gear and carry drivers, software and documentation in electronic form for these devices.

Another incident had happened where a camera was damaged and its owners needed to claim against their policy’s accidental-damage cover. Here, the original instruction manual that came with the camera was enough to prove the purchase and ownership of the device thus give merit to the accidental-damage claim.

What you need to remember is that it is not always just the merchant receipt that can hold its weight as a proof of purchase for your warranty or insurance claim. Rather, things like the existence of the transaction taking place, a lease or subsidised-equipment contract, the product’s documentation or something similar can exist as a substitute for these documents.

Articles

NFC detects fake wine | NFC World

NFC-based seal tracks counterfeit booze | CIO

INSIDE Secure launches CapSeal to identify counterfeiting in wine, spirits market | Drinks Business Review

From the horse’s mouth

Selinko

Press Release

INSIDE Secure

Press Release

My Comments

You could use your Android smartphone to tell if this is the Real McCoy

INSIDE Secure and Selinko are using NFC technology as part of a bottle-seal mechanism to determine whether that bottle of premium French wine or Scotch whisky was filled with the real drink rather than a cheaper poorer-quality substitute. This kind of bottle-refilling fraud has been affecting the supply of good-quality wine and spirits mainly in the Asian market in a manner similar to selling “knock-offs” of  luxury bags, watches and  similar items.

The technology is very similar to what FinnCode are doing with Giuletti Accordions to help with identifying the authenticity and provenance of the accordions that they make. This also works in tandem with an instrument registry that allows people buying any of these squeezeboxes second-hand to know whether have been stolen or not and if the instrument was used for a memorable gig or recording that someone claims it was used for,

The bottle seal works with an NFC chip that is deactivated when the bottle is opened or tampered with and works hand-in-glove with regular wine corks or bottle caps so that the look and experience isn’t lost. The NFC chip will work with NFC-capable smartphones, tablets and laptops to allow consumers, the licensed trade and others in the supply chain to identify if the bottle is still sealed and what is meant to be in the bottle.

I see this working beyond checking the authenticity and provenance of a particular wine or spirit to even checking the authenticity and provenance of other products sold in bottles or jars that are attractive to counterfeiters. Examples of these include soft-drinks such as the legendary Coca-Cola, spreads like the legendary Vegemite or even medicines that are still sold in bottle form.

Similarly, I see this also as a way to clamp down on drinks theft in other situations like hotel minibars or the home by being able to determine whether the bottle was opened and any drink was taken. This is even though one could replace the cork or cap or dilute the drink to make it look newly purchased.

It shows that NFC and QR-code technology provides a common method of creating a unique direct link to online data resources through a common smartphone or tablet as a way of “knowing more” about a product.