WO2019152055A1

Movatterモバイル変換

Info

Publication number: WO2019152055A1
Application number: PCT/US2018/016891
Authority: WO
Inventors: Theodore Harris; Yue Li; Tatiana KOROLEVSKAYA; Craig O'connell
Original assignee: Visa International Service Association
Current assignee: Visa International Service Association
Priority date: 2018-02-05
Filing date: 2018-02-05
Publication date: 2019-08-08
Anticipated expiration: 2020-08-05

Abstract

A method for certifying the authenticity of a physical entity is disclosed. Measurements of intrinsic physical entity properties can be compared to determine similarity. Additionally, network data related to inauthentic physical entities can be collected and analyzed using topological graphs in order to identify parameters that are correlated with inauthentic physical entities.

Description

PHYSICAL ENTITY AUTHENTICATION PLATFORM

CROSS REFERENCE TO RELATED APPLICATIONS [0001] None. BACKGROUND

[0002] In today’s technological environment, physical items are typically accompanied by a computer-readable label. For example, a package being shipped can include a barcode with an encoded package number. The package number can be representative of the contents of the package. As a result, a scanner can read the barcode, and a computer can identify the contents of the package, as well as other package information such as the intended destination. Similarly, a piece of jewelry can be tagged with barcode encoded with information about the jewelry, such as a gem’s quality and origin place.

[0003] These computer-readable labels can be used to track how an item is moved, and to identify a newly arrived item. For example, when an item is first inserted into a package, a barcode can be applied to the package so that a central computer can record each step in a shipping process. The barcode can be scanned when the package leaves the area, when it arrives at intermediary facility, when it leaves the intermediary facility, when it arrives at a local distribution center, when it leaves the local distribution center, and when it is finally delivered to the end destination. The central computer can track each of these events, and thereby record the time of each event and monitor shipping progress.

[0004] While this computerized system for identifying packages via barcodes is helpful for monitoring shipping progress, it does not safeguard the actual contents of the package. For example, a middle man can remove the contents of a package, switch the contents of two packages, or switch the barcodes of two packages. If contents are manipulated but the package still continues to be shipped, the central computer will only see that the package is moving forward as planned, and will not detect that the contents are changed.

[0005] For example, a first barcode for a first package containing a cut of high quality beef can be swapped with a second barcode for a second package containing a cut of low quality beef. The central computer might only record each movement event of the packages, and then finally record that each package was delivered successfully. The end recipients may not be beef experts, and thus the person that ordered high-quality beef might not be able to determine that he received the wrong beef order. [0006] As another example, a diamond’s computer-readable label can be scanned each time the diamond changes possession. Thus, a central computer can record each time a diamond changes possession, and can thereby trace the diamond back to when and where it was first harvested or examined for quality. However, the central computer essentially tracks the label, not the actual diamond. Thus, if someone swaps the label of a high quality diamond and a low quality diamond, the central computer does not detect the change. As a result, an average person browsing jewelry cannot be fully confident in a diamond’s label, and can only hope that all parties involved in obtaining and moving the diamond acted honestly.

[0007] Embodiments of the invention address these and other problems individually and collectively.

SUMMARY

[0008] Embodiments of the invention enable a central computer to register, track, and certify the authenticity of an actual physical entity, instead of just a label associated with a physical entity. A physical entity can be imaged or otherwise measured using detection hardware. At each change of possession, the physical entity can be again imaged, and the new image can be compared with the old image to verify it is the same physical item. In addition, the reliability of each participant can be examined. For example, a shipping company that has a good track record (e.g., little or no fraud reported) can be highly trusted. A central computer can utilize the image comparison, reputation data associated with participants, information about the previous ownership and movement of the physical item, and any other suitable contextual information to determine whether or not the physical entity is authentic. Thus, instead of relying solely on a barcode, the central computer can verify that package contents are authentic by using information intrinsic to the contents as well as evaluating contextual trends and risk.

[0009] One embodiment of the invention is directed to a method. The method comprises receiving, at a confirmation computer, from a custodian computer, a request to certify that a physical entity is authentic. The request includes an identifier and an image of the physical entity. The method further includes locating a record associated with the physical entity based on the identifier. The record includes a stored image of the physical entity. The method also comprises digitally comparing the received image and the stored image, determining a risk level associated with the request, and determining that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and determining that therefore the physical entity in the received image is authentic. The method also includes sending, to the custodian computer, a response certifying that the physical entity is authentic. [0010] Another embodiment of the invention is directed to a confirmation computer configured to perform the above-described method.

[0011] Another embodiment of the invention is directed to a method comprising receiving, by a custodian computer, an image of a physical entity and an identifier associated with the physical entity. The method also includes sending a request to certify that the physical entity is authentic to a confirmation computer. The request includes the identifier and the image. The confirmation computer locates a record associated with the physical entity based on the identifier. The record includes a stored image of the physical entity. The confirmation computer also digitally compares the received image and the stored image, and determines a risk level associated with the request. The confirmation computer further determines that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and that therefore the physical entity in the received image is authentic. The method further comprises receiving a response certifying that the physical entity is authentic from the confirmation computer.

[0012] Another embodiment of the invention is directed to a custodian computer configured to perform the above-described method.

[0013] Further details regarding embodiments of the invention can be found in the Detailed Description and the Figures. BRIEF DESCRIPTION OF THE DRAWINGS

[0014] FIG. 1 shows a block diagram of a system, according to an

embodiment of the invention.

[0015] FIG. 2 shows a block diagram of a confirmation computer, according to an embodiment of the invention. [0016] FIG. 3 shows an overview of physical entity registration and

certification processes, according to an embodiment of the invention.

[0017] FIG. 4 shows a flow diagram for registering a physical entity, according to an embodiment of the invention.

[0018] FIG. 5 shows a flow diagram for certifying the authenticity a physical entity, according to an embodiment of the invention.

[0019] FIG. 6 shows an example of a topological graph, according to embodiments of the invention.

[0020] FIGS. 7A-7E shows a flow diagram illustrating a method for certifying the authenticity of a physical entity, according to embodiments of the invention. DETAILED DESCRIPTION

[0021] Embodiments of the present invention provide for a system and method for certifying that a physical entity is authentic. For example, the system can certify that a specific, high-quality cut of beef received in a shipment legitimately has the quality and location origin indicated in the packing receipt. Similarly, the system can certify that a specific diamond authentically has the specifications indicated by an attached descriptive tag. As another example, the system can certify that a purchased purse was authentically produced by the indicated brand, not by a fraudulent imitator. As a further example, the system can certify that a certain person is who they claim to be (e.g., a physical person is the same person shown in an identification card).

[0022] Embodiments of the present invention can certify the authenticity of a physical entity by analyzing, in combination, multiple contextual factors and data associated with the physical entity. For example, the system can receive and consider information intrinsic to the physical entity (e.g., an image), information about parties associated with the physical entity (e.g., the current owner, previous owners, the next intended recipient), information associated with the physical entity (e.g., the item type, a batch number, a price value), and contextual parameter information associated with a transfer (e.g., a time of day when a shipment was made, a destination location).

[0023] By incorporating these different factors into a risk analysis process, the system can make a well-informed decision about whether or not the physical entity is authentic. For example, instead of certifying an item solely based on an image of the item, the system can also consider whether the current item owner is trustworthy. If a blurry or dissimilar image is received, an item can still be certified if the current item owner has a good reputation (e.g., little or no history of fraud).

[0024] The visual appearance of a physical entity cannot be changed as easily as a barcode. Further, a reputation associated with a shipping company (or other entity) can be indicative of the likelihood that an item associated with the shipping company is authentic. Such reputation data can be tracked and determined by a central computer, such that reputation data also cannot be changed or manipulated like a barcode. Accordingly, the system includes tools and information that are more reliable than a barcode or other traditional label, and that are therefore better indicators of a physical entity’s authenticity.

[0025] The system can continually track new information about the behavior of participants or other trends in fraudulent behavior. For example, a central computer can receive feedback about which physical items turned out to be fraudulent. As a result, the models used to certify a physical entity can be continually updated.

[0026] Prior to discussing specific embodiments of the invention, some terms may be described in detail.

[0027] A“physical entity” may include a tangible object. A physical entity can be a physical item, such as clothing, meat, jewelry, a mechanical device, an electronic device, any other suitable type of good. A physical entity can also be a person. In some embodiments, a physical entity can be associated with identifying information. For example, an item or good can be identified by a name, a type, a brand, a product number, a manufacture, a model, a quality, a location of origin, an age, and any other suitable parameter data. As another example, a person can be associated with a surname, a family name, an age, a social security number, a history of residence, a set of achievements, etc.

[0028] A“reputation score” may include a value associated with an entity’s standing. A reputation score can indicate an entity’s trustworthiness, as well as the likelihood that an entity will be associated with an inauthentic physical entity or fraudulent activity. A reputation score can be determined based on an entity’s prior activities, an entity’s associations (e.g. with specific contexts and with other entities), and any other suitable factors. Embodiments allow a reputation score to be described quantitatively (e.g., 75 out of 100) or qualitatively (e.g.,“good” or“bad”). [0029] A“topological graph” may refer to a representation of a graph in a plane of distinct vertices connected by edges. The distinct vertices in a topological graph may be referred to as“nodes.” Each node may represent specific information for an event or may represent specific information for a profile of an entity or object. The nodes may be related to one another by a set of edges, E. An“edge” may be described as an unordered pair composed of two nodes as a subset of the graph G = (V, E), where is G is a graph comprising a set V of vertices (nodes) connected by a set of edges E. For example, a topological graph may represent a physical entity certification network in which a node representing a certification event may be connected by edges to one or more nodes that are related to the certification event, such as nodes representing information of a physical entity, a custodian, a time of day, an IP address, a physical address, an item type, a delivery truck age, etc. An edge may be associated with a numerical value, referred to as a“weight”, that may be assigned to the pairwise connection between the two nodes. The edge weight may be identified as a strength of connectivity between two nodes and/or may be related to a cost or distance, as it often represents a quantity that is required to move from one node to the next.

[0030] A“subgraph” or“sub-graph” may refer to a graph formed from a subset of elements of a larger graph. The elements may include vertices and connecting edges, and the subset may be a set of nodes and edges selected amongst the entire set of nodes and edges for the larger graph. For example, a plurality of subgraph can be formed by randomly sampling graph data, wherein each of the random samples can be a subgraph. Each subgraph can overlap another subgraph formed from the same larger graph. [0031] A“community” may refer to a group/collection of nodes in a graph that are densely connected within the group. A community may be a subgraph or a portion/derivative thereof and a subgraph may or may not be a community and/or comprise one or more communities. A community may be identified from a graph using a graph learning algorithm, such as a graph learning algorithm for mapping protein complexes. Communities identified using historical data can be used to classify new data for making predictions. For example, identifying communities can be used as part of a machine learning process, in which predictions about information elements can be made based on their relation to one another. [0032] A“data set” may refer to a collection of related sets of information composed of separate elements that can be manipulated as a unit by a computer. A data set may comprise known data, which may be seen as past data or“historical data.” Data that is yet to be collected, may be referred to as future data or“unknown data.” When future data is received at a later point it time and recorded, it can be referred to as“new known data” or“recently known” data, and can be combined with initial known data to form a larger history.

[0033] A“server computer” may include a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers.

[0034] FIG. 1 shows a system 100 comprising a number of components. The system 100 comprises a confirmation computer 150, which may be embodied by one or more computers. The confirmation computer 150 may be in communication with a first custodian computer 130A, a second custodian computer 130B, a third custodian computer 130C, a fourth custodian computer 130D, and/or any other suitable number of additional custodian computers. Each custodian computer can be associated with and in communication with detection hardware. For example, first custodian computer 130A can be in communication with first detection hardware 135A. The system 100 additionally includes a physical item 120 and an associated item identifier 125, both of which can be measured by the different sets of detection hardware. All of the computers and detection hardware shown in FIG. 1 may be in operative communication with each other through any suitable communication channel or communications network. Suitable communications networks may be any one and/or the combination of the following: a direct interconnection; the Internet; a Local Area Network (LAN); a Metropolitan Area Network (MAN); an Operating Missions as Nodes on the Internet (OMNI); a secured custom connection; a Wide Area Network (WAN); a wireless network (e.g., employing protocols such as, but not limited to a Wireless Application Protocol (WAP), l-mode, and/or the like); and/or the like.

[0035] Messages between the computers, networks, and devices may be transmitted using a secure communications protocols such as, but not limited to, File Transfer Protocol (FTP); HyperText Transfer Protocol (HTTP); Secure Hypertext Transfer Protocol (HTTPS), Secure Socket Layer (SSL), ISO (e.g., ISO 8583) and/or the like.

[0036] In the system 100, the confirmation computer 150 can certify that the physical item 120 is authentic. For example, if the physical item 120 is transferred to a new custodian, the new custodian can communicate with the confirmation computer 150 to obtain certification that the physical item 120 is authentic (e.g., it is the same physical entity indicated in an attached tag or set of specifications). The confirmation computer 150 can use image comparison, physical item 120 transfer history, custodian reputation data, and any other suitable information to certify the authenticity of the physical item 120.

[0037] Each of the custodian computers 130A-130D may be associated with a different custodian (not shown). A custodian can be an organization, person, or any other suitable entity that possesses, manages, or owns a physical item. For example, a first custodian associated with the first custodian computer 130A can be a manufacturer, a second custodian associated with the second custodian computer 130B can be a shipping company, a third custodian associated with the third custodian computer 130C can be a retail merchant, and a fourth custodian associated with the fourth custodian computer 130D can be a consumer. A custodian computer can alternatively be a physical access device, a secure data access computer, and/or associated with any other suitable type of device for any suitable authentication application. The custodians can pass one or more physical items, such as the physical item 120, to one another. The custodians can also use their respective custodian computers 130A-130D to obtain certification from the confirmation computer for the physical item 120. Additionally, embodiments allow any suitable type of entity (e.g., custodian or otherwise) to request certification for the physical item 120. Any entity that submits a certification request can be referred to as a requestor. [0038] Each custodian can also possess a set of detection hardware for taking measurements or readings of the physical item 120. For example, the first custodian can possess the first detection hardware 135A. As examples, detection hardware can include a camera (e.g., photo and/or video), a microphone, a scale, measuring tape, chemical detectors, tactile sensors, location devices (e.g., GPS), signal decay sensors, etc. Such detection hardware can be integrated as a component in another device such a cellular phone, a tablet computer, a wearable device, a vehicle such as a car, a smart appliance, or any other suitable device.

[0039] The first detection hardware 135A can detect the physical item 120, and can transmit detection data (e.g., an image, a video, a weight, etc.) to the first custodian computer 130A. In some embodiments, the first detection hardware 135A and the first custodian computer 130A can be combined as a single device. For example, a single mobile device can be used to take an image of the physical item 120 as well as communicate with the confirmation computer 150 for certification.

[0040] The item identifier 125 can include any suitable type of label. For example, the item identifier 125 can be a barcode, a QR code, an identification chip (e.g., a radio-frequency identification chip), a serial number, a product name, a model name, and/or any other suitable item-identifying information. In some embodiments, the item identifier 125 may be used by the confirmation computer 150 to identify a record of the physical item 120. [0041] In some embodiments, the detection hardware 135A-135D can be configured to read the item identifier 125. For example the first detection hardware 135A can include a barcode scanner, a QR code scanner, or a camera with text- recognition software. [0042] An example of the confirmation computer 150, according to some embodiments of the invention, is shown in FIG. 2. The confirmation computer 150 comprises a processor 150A, a network interface 150B, a physical entity database 150C, a certification entity database 150Q, an activity database 150R, and a computer readable medium 150D. [0043] The physical entity database 150C may store records for physical entities. A physical entity record can include information describing the physical entity, such as a name, a model, a brand, a manufacturer, a quality, a production date, a serial number, one or more images or videos (or other measurement data), and/or any other suitable specifications. Additionally, a record can include a unique identifier. In some embodiments, the record can also include information about when the physical item was registered, a registration batch number, and information about the manner in which it was registered (e.g., an identifier for the party that submitted the request, an IP address, a physical location, etc.). In further embodiments, the record can be updated with information about when, where, and how a physical entity is moved, changes possession, and is certified.

[0044] The custodian database 150Q may store data associated with custodians. For example, a custodian record can include one or more zip codes, one or more store location addresses, shipping routes, types of physical entities, one or more IP addresses, typical activity times, past certification requests, past registration requests, and/or any suitable information associated with a custodian or a custodian’s behaviors.

[0045] The activity database 150R can store information related to physical entity-related activity, such as certification requests and results, registration requests and results, reports of inauthentic physical entities, shipments and movements of physical entities, and/or any other suitable data.

[0046] The computer readable medium 150D may comprise a registration module 150E, a certification module 150F, a trend analysis module 150G, a custodian evaluation module 150J, an image recognition module 150K, and any other suitable software module. The computer readable medium 150D may also comprise code, executable by the processor 150A for implementing a method comprising receiving, from a custodian computer, a request to certify that a physical entity is authentic, the request including an identifier and an image of the physical entity; locating a record associated with the physical entity based on the identifier, the record including a stored image of the physical entity; digitally comparing the received image and the stored image; determining a risk level associated with the request; determining that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and determining that therefore the physical entity in the received image is authentic; sending, to the custodian computer, a response certifying that the physical entity is authentic.

[0047] The registration module 150E may comprise code that causes the processor 150A to register a physical entity. For example, the registration module 150E may contain logic that causes the processor 150A to create a record for a physical entity and store the record in the physical entity database 150C. The registration module 150E can also be programmed to, in conjunction with the processor 150A, issue a unique identifier for the physical item. In some

embodiments, the unique identifier can be encoded into a barcode, included on a package label, or otherwise attached to the physical item.

[0052] The image recognition module 150K may comprise code that causes the processor 150A to identify a physical entity present in an image. For example, the image recognition module 150K may contain logic that causes the processor 150A to digitally compare a new image to a stored image, and determine whether a physical entity in the new image is the same as the physical entity in the stored image. The determination can produce a similarity score that indicates the similarity of the two imaged physical entities.

[0053] In some embodiments, the image recognition module 150K can, in conjunction with the processor 150A, analyze an image to determine what type of physical entity is shown. Various levels of details can be determined. For example, image analysis may be able to determine that the physical entity is a dog. Image analysis may be able to further determine the dog’s breed (e.g., a pug), the dog’s gender (e.g., female), and/or the dog’s age (e.g., adult). As another example, the system can determine that an image includes a jacket, that the jacket is a specific type of designer jacket, that the jacket has a specific serial number, and/or achieve any other suitable level of item identification resolution. As a further example, it may be determined that an image includes a person, a person of a certain age, a person belonging to certain family, or a unique personal identity. [0054] In some embodiments, a physical entity record can include specific tags indicating various details of a physical entity, and the image recognition module 150K can, in conjunction with the processor 150A, determine whether a physical entity in an image displays some or all of these details. A similarity score can be determined based on the amount of confirmed tags.

[0055] The certification module 150F may comprise code that causes the processor 150A to certify the authenticity of physical entities. For example, the certification module 150F may contain logic that causes the processor 150A to certify that a physical entity possessed by a custodian legitimately matches an identifier and/or a description shown on an accompanying label. The certification module 150F can, in conjunction with the processor 150A, identify a physical entity record in the physical entity database 150C based on a received physical entity identifier. The certification module 150F can further, in conjunction with the processor 150A, use information stored in the record, information received in a certification request, entity reputations, and other trend analyses to determine whether or not the physical entity is authentic. For example, a received physical entity image can be digitally compared with a stored physical entity image.

Additionally, the reputation of a custodian requesting certification can be analyzed and compared with the physical entity details to determine a risk level for the current certification request.

[0056] In some embodiments, the certification module 150F can additionally include instructions to update one or more databases based on a certification request and a certification result. For example, the physical entity database 150C and/or the activity database 150R can be updated to include information about a new certification request, such as the items involved, the time and location, an IP address, a custodian identifier, and whether or not the item was certified.

[0057] In some embodiments, the confirmation computer 150 can be integrated with a transaction processing computer. As a result, the confirmation computer 150 can have access to transaction records, which can be used as additional data for consideration during physical entity certification. A transaction processing computer may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services. For example, a transaction processing computer may comprise a server coupled to a network interface (e.g., by an external communication interface), and databases of information. A transaction processing computer may be representative of a transaction processing network. An exemplary transaction processing network may include VisaNet™. Transaction processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular, includes a VIP system (Visa Integrated Payments system) which processes authorization requests and a Base II system which performs clearing and settlement services. A transaction processing computer may use any suitable wired or wireless network, including the Internet. [0058] An overview of the physical item registration and certification

processes, according to embodiments of the invention, can be described with respect to FIG. 3. FIG. 3 shows a process 300 divided into four stages. The first stage T1 includes initial measurement and recording of a physical entity. The second stage T2 includes registering the physical entity with a certification system. The third stage T3 includes creating and updating risk models that can be used to determine whether to certify the authenticity of the physical entity. The fourth stage T4 includes a process for certifying the authenticity of the physical entity.

[0059] At the first stage T1 , a physical item 120 can be initially measured and recorded. These steps can be performed by a manufacturer (e.g., once a physical item 120 is produced), by a shipping company (e.g., when a physical item 120 is being prepared for shipping), or by any other suitable entity. For explanatory purposes, the entity acting during stage T1 will be referred to as the first custodian.

[0060] At step S11 , the first custodian can capture one or more images of the physical item 120, or take other initial measurements. Then, at step S12, the first custodian can request and obtain (e.g., via a first custodian computer 130A) a unique identifier for the physical item 120 from a identifier-generating service computer. In some embodiments, a blockchain computer can produce the unique identifier and add the identifier to a blockchain. The blockchain record of the identifier can include information about the physical item 120, such as an item type, model number, production batch, one or more images, etc.

[0061] At step S13, the first custodian can create and store (e.g., via a first custodian computer 130A) a record of the physical item 120 in a local database.

The record can include physical item 120 specifications, the unique identifier, a batch number, and/or any other suitable information. In some embodiments, one or more additional physical items from the same batch can similarly be imaged, assigned an identifier, and stored at the same time.

[0062] After the physical item 120 data has been gathered in the first stage T1 , the physical item 120 can then be registered with the certification system at the second stage T2.

[0063] At step S21 , the first custodian computer 130A can send a registration request message to the confirmation computer 150. Thus, a custodian computer can also be referred to as a requestor computer. The registration request message can include information identifying the first custodian (e.g., a name, an IP address, etc.), the physical item 120 specification data, the unique identifier, the images (or other measurement data), and/or any other information stored in the first custodian’s physical item record. In some embodiments, the registration request can also include a shipping route, or a set of future custodians that the physical item 120 should be passed to (e.g., in the case where a manufacturer produced a product specifically for a certain merchant or consumer). In some embodiments, registration can take place in batches, and the registration request message can include information about multiple physical items. [0064] At step S22, the confirmation computer 150 can execute one or more risk models based on the registration request in order to determine whether or not to register the physical item 120.

[0065] At step S23, the confirmation computer 150 can create a physical item record including the information in the registration request message, and store the record in a physical item database. In some embodiments, confirmation computer 150 can use the unique identifier from the first stage T1 as a unique record identifier. In other embodiments, the confirmation computer 150 may issue another physical item identifier and/or a batch group identifier that can be used to identify the record during future certification requests. The confirmation computer 150 can also update an activity database and risk models with information about the registration request. For example, a sudden increase in registration requests from the first custodian computer 130A can be indicative of fraudulent activity.

[0066] At step S24, the confirmation computer 150 can send a registration response message to the first custodian computer 130A.

[0067] In some embodiments, stage T1 and stage T2 can be combined. For example, instead of first obtaining a unique identifier from a blockchain computer, the first custodian computer 130A can skip ahead to sending the registration request to the confirmation computer 150, and the confirmation computer 150 can create the unique identifier. In some embodiments, the confirmation computer 150 can also be a blockchain computer, and can add the unique identifier and physical item 120 information to a blockchain ledger.

[0068] At stage T3 (to Tn), the confirmation computer 150 can monitor registration and certification activity, identify trends related to where authentic and inauthentic physical items are found, and use this and other suitable information for building and updating models for determining whether future certification requests are associated with authentic physical items. [0069] For example, at step S31 , the confirmation computer 150 can process one or more registration and/or certification requests. The confirmation computer 150 can also receive reports regarding inauthentic physical items (e.g., where they were found, which custodians possessed them, type of item, etc.). At step S32, the confirmation computer 150 can analyze the data to identify trends, such as determine which custodians, item types, shipping routes, etc. have higher rates of inauthentic physical items and/or certification denials. Topological graphs, frequency analysis, and any other suitable tools can be used for identifying trends.

[0070] At step S33, the confirmation computer 150 can update one or more databases (e.g., an activity database and a custodian database) with information about the processed requests, as well as indicate whether the requests were approved or denied. The confirmation computer 150 can also store information about the reports of inauthentic physical items, and the identified trends.

[0071] At step S34, the confirmation computer 150 can compile information about the identified network trends and behaviors, and then at step S35 update risk models based on the identified trends. The process shown in this stage can repeat and continuously update risk models as new information is received. This repetition is indicated by labelling the third stage as not just T3, but T3 to Tn.

[0072] At the fourth stage T4 (or Tn + 1), the confirmation computer 150 can use the risk models from the third stage T3 to process a certification request associated with the physical item 120 that was registered during the second stage T2. For example, the first custodian (e.g., a manufacturer) may provide the physical item 120 to a second custodian (e.g., a shipping company). At step S41 , the second custodian can capture a second image of the physical item 120, or otherwise take measurements of the physical item 120. The second custodian can also scan a barcode, or otherwise read and enter the unique identifier, which may be attached to the physical item 120. [0073] At step S42, the second custodian computer 130B (which can also be referred to as a second requestor computer) can send a certification request message to the confirmation computer 150, the request including the images, the unique identifier (or another identifier provided by the confirmation computer 150), as well as metadata or other contextual information associated with the request (e.g., a second custodian identifier, an IP address, a time, a location, etc.).

[0074] At step S43, the confirmation computer 150 can access one or more databases to obtain information relevant to the certification request, such as a physical entity record, information about the second custodian’s reputation, information about the first custodian’s reputation, information about trends related to parameters of the current certification request (e.g., trends concerning a certain zip code or physical item type), and/or any other suitable data.

[0075] At step S44, the confirmation computer 150 can execute one or more risk models based on the certification request and the obtained database information in order to determine whether or not to certify the physical item 120. For example, the confirmation computer 150 can identify whether any parameters associated with the certification request are high-risk parameters, assess image quality and create an image similarity score, and evaluate any other suitable information to determine whether or not to certify the physical item 120. [0076] At step S45, the confirmation computer 150 can send a certification response message back to the second custodian computer 130B indicating whether or not the physical item 120 is authentic (or providing a score indicating the likelihood it is authentic). The second custodian computer 130B can then use the certification response to determine whether to ship the item (e.g., if the second custodian is a shipping company), whether to sell the item (e.g., if the second custodian is a merchant), or whether to purchase the item (e.g., if the second custodian is a consumer). [0077] An expanded depiction of the second stage T2 for registering a physical item 120 is shown in FIG. 4. At step S401 , the first custodian computer 130A (which can also be referred to as a second requestor computer) can generate and send a registration request message for a physical item 120 to the confirmation computer 150. At step S402, the confirmation computer 150 can identify and collect information from the registration request, such as information describing the physical item 120, measurement data (e.g., photographs or videos), information about the first custodian (e.g., a name, location, IP address), and any other suitable data. At steps S403 and S404, the confirmation computer 150 can update an activity database with the collected information, and update models (e.g., risk models and reputation models). This can include creating or updating nodes and edges in a topological graph.

[0078] At step S405, the confirmation computer 150 can assess the reputation of the first custodian submitting the registration request. For example, the confirmation computer 150 can obtain information about the first custodian from a custodian database, and then determine a reputation score for the first custodian. A reputation score may be retrieved from the database, or a reputation score can be calculated by inputting the first custodian’s information (e.g., location, IP address, historical behavior) into a reputation model. In some embodiments, the model can determine whether a first custodian node is connected by edges to risky parameters (e.g., a risky zip code), whether the first custodian node is in a risky group, whether the first custodian is associated with recent inauthentic physical items, identify any other suitable trends associated with the first custodian, and then calculate a reputation score based on some or all of this information. [0079] At step S406, the confirmation computer 150 can adjust the registration information based on the first custodian’s reputation. For example, the reputation score can be added to the information from the registration request. In some embodiments, the first custodian can add warnings to the registration request based on the reputation score, such as a red flag if the reputation is poor (e.g., less than 70 out of 100).

[0080] At step S407, the confirmation computer 150 can execute risk models to determine a risk level for the registration request. For example, if a reputation score is high (e.g., more than 90 out of 100), a risk score might be low. Additionally, if the first custodian computer 130A has recently submitted an uncharacteristically large number of registration requests, the risk score might be higher. If the first custodian has a history of submitting false registration requests with this specific type of item, the risk score may be higher. The risk model can consider, in combination, these any other suitable factors, such as risks trends related to item type, item value, time of day, location, IP address, etc.

[0081] At step S408, the confirmation computer 150 can determine whether the risk score exceeds a risk score threshold. For example, a maximum acceptable risk score might be 25 out of 50. If the determined risk score exceeds the threshold, the registration request may be rejected and an error response returned to the first custodian computer 130A. If the risk score does not exceed the threshold, the registration may be approved and the process continue to step S409.

[0082] At step S409, the confirmation computer 150 may identify a set of similar physical items (e.g., in a physical entity database). For example, the confirmation computer 150 may identify other physical item records that include similar physical item 120 type, specifications or tags, manufacturer, batch number, serial number, blockchain identifier, measurement data (e.g., similar images), associated custodians, etc. At step S410, the confirmation computer 150 can determine whether the current registration request data sufficiently matches a physical item 120 that has already been registered. For example, if all of the item tags match for a certain item record, but the image does not exactly match (e.g., because it is a new image from a different angle), the identified item record can be considered a match. If there is a match, the new registration can be canceled, and the confirmation computer 150 can send a registration response with the matching record’s identifier back to the first custodian computer 130A indicating that the physical item 120 was already registered. If there is no match, the process continues to step S411.

[0083] At step S411 , the confirmation computer 150 can generate a new unique item identifier 125 for the physical item 120. Additionally, a new physical item record can be created and stored including the registration request data and the unique item identifier 125. At step S412, the confirmation computer 150 can send a registration response message with the new unique item identifier 125 to the first custodian computer 130A indicating that the physical item 120 was successfully registered.

[0084] Referring back to FIG. 3, an expanded depiction of the fourth stage T4 (or Tn + 1) for certifying the authenticity of a physical item 120 is shown in FIG. 5. There are a number of scenarios where it is beneficial to verify the authenticity of a physical item 120. For example, the first custodian may wish to certify that the physical item 120 has not been tampered with (e.g., by internal employees) before providing it to another custodian. Additionally, a second custodian may wish to verify the authenticity of a physical item 120 before purchasing it, or upon receiving it in the mail. Each time the physical item 120 is moved or transferred, both the sender and receiver may certify its authenticity. This can create a transparent travel record for the physical item 120, showing where it has been, and that it was certified at each step. For descriptive purposes, the certification requestor in FIG. 5 will be referred to as the second custodian computer 130B.

[0085] At step S501 , the second custodian computer 130B can generate and send a certification request message for a physical item 120 to the confirmation computer 150. At step S502, the confirmation computer 150 can identify and collect information from the certification request, such as a physical item identifier 125 or other label information, measurement data (e.g., photographs or videos), information about the second custodian (e.g., a name, location, IP address), and any other suitable data. [0086] The confirmation can use the physical item identifier 125 and any other suitable information to identify a physical item record. Information in the physical item record can then be compared with information received in the request. For example, if the record includes an intended shipping route and chain of custodian possession, the confirmation computer 150 can determine whether the second custodian computer 130B is the expected next custodian. The record can also include an image (or other measurement data), image-related tags, or other suitable data for assessing an image received in the certification request. For example, a stored image and received image can be digitally compared to determine a similarity score.

[0087] At step S503, the confirmation computer 150 can update an activity database with the collected information. This can include creating or updating nodes and edges in a graph based on the new certification request activity.

[0088] At steps S504-S508, the confirmation computer 150 can gather information relevant to the certification process and evaluate several risk factors.

For example, at step S504, the confirmation computer 150 can assess the reputation of the second custodian submitting the certification request. For example, the confirmation computer 150 can obtain information about the second custodian from a custodian database, and then determine a reputation score for the second custodian. The confirmation computer 150 can determine the second custodian’s reputation specifically with respect to the current certification request parameters (e.g., item type, time of day, day of week, image similarity score, etc.). For example, if a shipping company is attempting to certify at an unusual hour (e.g., typical operation are between 9 A.M. and 5 P.M., but the current request arrived at 2 A.M.), it can be indicative of fraudulent behavior.

[0089] At step S505, the confirmation computer 150 can check network models to identify what types of custodians, items, and/or any other parameters are correlated. For example, network models can identify that a certain type of purse is being sold by a certain set of merchants. [0090] At step S506, the confirmation computer 150 can execute risk models to determine whether there are any particularly risky details associated with the certification request. The confirmation computer 150 can analyze each parameter associated with the request, the physical item record, the second custodian, and/or previous custodians. When analyzing these parameters, the confirmation computer 150 can determine whether any parameters (e.g., item type, manufacturer batch, physical location, succession of custodians, custodian reputation, image similarity score, etc.), alone or in combination, are associated with inauthentic physical item 120 trends. This can include checking for risky groups and subgroups in a topological graph.

[0091] At step S507, the confirmation computer 150 can obtain outside data that may be helpful for processing the certification request. For example, the confirmation computer 150 can receive recent payment transaction data associated with the second custodian computer 130B, and thereby determine whether or not the second custodian has purchased the physical item 120. It the second custodian did purchase the item, the risk of the physical item 120 being authentic may be lower. Additionally, the confirmation computer 150 may obtain a credit score associated with some of the associated custodians. The confirmation computer 150 can further receive data about transaction disputes, reports of inauthentic physical items, news stories related to the second custodian, etc.

[0092] At step S508, the confirmation computer 150 can add some or all of the risk score results, reputation information, trend analysis results, image similarity score, obtained data, and any other suitable information to the certification request.

[0093] At step S509, the confirmation computer 150 can analyze, in combination, all of the information added to the certification request, in order to generate a total risk score (which can be referred to as a certification score), or separate risk scores for different factors (e.g., image similarity score, reputation score, scores for relevant trends, scores for outside data). The different factors can be weighted differently, or can be interdependent. For example, a low image similarity score may not prevent certification (or cause a high risk score) if the second custodian’s reputation data indicates both a history of low-quality images and a history of honest behavior (e.g., no inauthentic physical items).

[0094] At step S510, the confirmation computer 150 can determine whether the total risk score exceeds a risk score threshold, or whether a contributing risk score exceeds a threshold. If the risk score does not exceed the threshold, at step S511A, the confirmation computer 150 can consider the physical item 120 to be authentic, and can send a certification response message to the second custodian computer 130B indicating that the physical item 120 is certified. If the risk score does exceed the threshold, at step S511 B, the confirmation computer 150 can consider the physical item 120 to be inauthentic, and can send a certification response message to the second custodian computer 130B indicating that the physical item 120 is not certified.

[0095] In some embodiments, the certification response message can include more information than just positive certification or certification rejection. For example, the certification response message can include a risk score or certification score (e.g., 79 out of 100) indicating the likelihood that the physical item 120 is authentic. The certification response message can also include information about the contributing factors to the score, such as concerns about the path the physical item 120 has traveled or its previous custodians, risks associated with the type of item or its origin location, image analysis results, etc.

[0096] The confirmation computer 150 can then update one or more databases (e.g., the activity database, the second custodian’s record at the custodian database, the physical item record in the physical item database) to include the certification result, the certification score, the fact that the second custodian possesses the physical item 120, and any other suitable information.

[0097] In some embodiments, a prior certification can be overturned based on future information. For example, if it is determined that a peer group of custodians is in possession of many inauthentic items, or if a batch of physical items are resulting in rejected certifications, a prior successful certification may be reversed, or tagged as more likely to be fraudulent.

[0098] Some embodiments of the invention can include identifying a package in instead of or in addition to identifying a product within a package. For example, a physical entity can be linked with a specific package. The package can be photographed (or otherwise measured), the photo can be digitally compared with a recorded photograph of the package, and a similarity score for the package photo can be determined. This package similarity can be considered during the

certification risk analysis. Embodiments can further involve images of any other suitable objects associated with a physical entity. For example, a shipping personnel may capture an image of a door when delivering a package. The door image can be analyzed to determine whether or not this door is associated with the intended delivery address. [0099] As mentioned above, topological graphs can be used in embodiments of the invention to identify trends, evaluate risk, and to otherwise determine whether or not to certify a physical item. FIG. 6 shows an example of a topological graph that can be used in some embodiments. In FIG. 6, several nodes are shown which represent different shipping organizations (e.g., the first shipping organization 635, the second shipping organization 640) as well as zip codes (e.g., the first zip code 651 , the second zip code 652, the third zip code 653). Edges are used to connect shipping organizations to associated zip codes.

[0100] Each edge can have a weight, which can represent the level of correlation between a shipping organization and a zip code. For example, the relationship between the first shipping organization 635 and the first zip code 651 is represented by the weight W1. Specifically, an edge’s weight can represent the number of shipments made to a certain zip code, the number of certification requests submitted from within a certain zip code, or any other suitable measurement of a shipping organization’s activity within a zip code. [0101] Such a topological graph can be used to identify irregular behavior, which may be indicative of fraudulent activity, and possibly an inauthentic item being transported. As an example, one or more upscale jewelry stores may be located in the first zip code 651 , and one or more budget jewelry stores may be located in the second zip code 652 and/or the third zip code 653. The upscale jewelry stores may primarily sell high-quality diamonds, though they may also include a small selection of low-quality diamonds. In contrast, the budget jewelry stores may primarily sell low-quality diamonds, though they may also include a small selection of high-quality diamonds. [0102] In this example, the first shipping organization 635 typically delivers the high-quality diamonds (e.g., sent from a high-quality diamond supplier) to the various jewelry stores. Since most of the high-quality diamonds are sold at the upscale jewelry stores located in the first zip code 651 , the first shipping organization 635 may make frequent deliveries to stores located in the first zip code 651. However, the first shipping organization 635 may also make some deliveries to budget jewelry stores located in the second zip code 652 and/or the third zip code 653.

[0105] One day, a first delivery driver of the first shipping organization 635 may be scheduled to deliver a first shipment of 80 high-quality diamonds to an upscale jewelry store located in the first zip code 651. Also, a second delivery driver of the second shipping organization 640 may be scheduled to deliver a second shipment of 80 low-quality diamonds to a budget jewelry store located in the second zip code 652. However, an owner of the budget jewelry store in the second zip code 652 may convince both of the delivery drivers to fraudulently switch the deliveries, such that the 80 high-quality diamonds intended for the upscale store are

fraudulently delivered to the budget store, and such that the 80 low-quality diamonds intended for the budget store are fraudulently delivered to the upscale store. The owner may have interacted with both deliver drivers previously and conspired with them to have the shipments switched on this specific day.

[0106] In order to prevent the workers at the upscale store from noticing that the wrong products are delivered, the delivery drivers may switch the labels on the packages of the high-quality diamonds with the labels on the packages of the low- quality diamonds. As a result, the high-quality diamonds in the first delivery driver’s truck are now labeled as low-quality diamonds, and the low-quality diamonds in the second delivery driver’s truck are now labeled as high-quality diamonds. [0107] The first delivery driver of the first shipping organization 635 can then deliver the 80 high-quality diamonds to the budget store in the second zip code 652. Similarly, the second deliver driver of the second shipping organization 640 can deliver the 80 low-quality diamonds to the upscale store in the first zip code 651.

[0108] Upon the delivery of the 80 low-quality diamonds to the upscale store in the first zip code 651 , the second delivery driver can, pursuant to usual procedures, send a certification request for the low-quality diamonds (which have the high-quality diamond labels). The certification request can include information about the high-quality diamond labels, and thus can trigger an attempt to certify that these are high-quality diamonds. It is possible that the low-quality diamonds (and/or their packages) may have a similar appearance to the high-quality diamonds, and thus may pass as high-quality diamonds during image comparison.

[0109] However, the topological graph data can be used to recognize that the second shipping organization 640 typically does not send so many certification requests from within the first zip code 651 (e.g., 80 requests instead of the usual I Q- 15). In this example, this variation in behavior is due to high or low quality diamonds being fraudulently delivered to destinations other than their originally intended destinations. While the behavior variation (e.g., a change in the location origin of certification requests) could be attributed to other reasons (e.g., a supplier using a new shipping company), the behavior variation could be the result of the fraudulent delivery of items to destinations other than their originally intended destinations. Accordingly, the risk score associated with the authenticity of the items being delivered (in this case, diamonds), would be increased. [0110] In some embodiments, the certification request may not be

automatically rejected when such a variation in behavior is identified. Instead, the behavior can be considered when determining a risk score for the certification request (e.g., the risk score may be increased), as it reflects the possibility that diamonds were fraudulently delivered to the wrong destination. If the risk score is too high (e.g., higher than 92 out of 100), the certification request can be rejected and/or the upscale jewelry store can be alerted that the delivered diamonds could potentially be inauthentic (e.g., they are not actually high-quality diamonds).

[0111] In addition to detecting the unusual increase in the number of deliveries by the second shipping organization’s to the first zip code 651 , the topological graph can be used to identify other irregular behaviors. For example, the topological graph can also be used to recognize that the second shipping organization 640 typically does not deliver high-quality diamonds. If the second shipping organization 640 then modifies its behavior by making a delivery of high-quality diamonds, the confirmation computer can detect this irregular behavior. As explained above, this irregularity may be the result of delivery drivers exchanging the identification tags of a load of low-quality diamonds and a load of high-quality diamonds. Then, the second shipping organization 640 fraudulently delivers the low-quality diamonds to an upscale store under the pretense that they are actually high-quality diamonds. In light of this possibility of fraud, the confirmation computer can raise the risk score associated with the risk that the delivered items are inauthentic when the irregularity is detected.

[0112] Further, the travel history of the high-quality diamond item records can be used to identify that these items were last possessed by the first shipping organization 635, and not the second shipping organization 640. It is possible that this inconsistency is due to a legitimate reason, such as the first shipping

organization 635 being short on delivery drivers and subcontracting the deliver to the second shipping organization 640. However, it is also possible that this

inconsistency is the result of fraudulent delivery driver behavior, such as when the first driver of the first shipping organization 635 and the second driver of the second shipping organization 640 fraudulently exchange delivery loads or swap diamond identification tags. Accordingly, this additional factor can also be considered when calculating a risk score (e.g., each irregularity can raise this risk score), or can otherwise be sufficient cause to reject a certification request.

[0113] In another example, if the second shipping organization 640 is marked as a suspicious or risky shipping organization, any first shipping organization 635 activity similar to the second shipping organization’s typical activity may have an increased risk score. For example, the weight W6 may indicate that most (e.g., 72%) of the second shipping organization’s inauthentic physical items are found in the third zip code 653. As a result, deliveries to the third zip code 653 may be more likely to include inauthentic physical items, and the third zip code 653 can be marked as risky (e.g., because fraudulent actors reside in the third zip code 653). If the first shipping organization 635 makes a delivery to the third zip code 653, it is possible that this delivery also includes one or more inauthentic items (e.g., because inauthentic items were ordered by a fraudulent actor). As a result, a certification request received from the first shipping organization 635 from within the third zip code 653 may be marked as having a higher chance of being associated with an inauthentic physical item (e.g., a risk score can be increased). [0114] Embodiments of the invention have a number of advantages.

Embodiments of address the invention problems associated with the delivery of inauthentic items, by providing for the ability to detect inauthentic items before they are accepted by the receiver (e.g., the buyer, store owner, etc.). For example, using image comparison, reputation analysis, physical item delivery information, and/or any other suitable information, an entity receiving an item can quickly certify the authenticity of the item before accepting it. This certification can be achieved in real- time without extensively inspecting the delivered item.

[0115] T opological graphs can be used for analyzing how any other suitable parameter, or combination of parameters, can affect the likelihood that a certification request is associated with an authentic physical item. For example, topological graphs can have nodes representing specific IP addresses, physical addresses, types of custodians (e.g., a merchant, a shipping company, a manufacturer, a consumer), types or classes of items, merchant category codes, shipping times (e.g., specific hours, days, months), batch production numbers, image quality scores, image similarity scores, and/or any other suitable factor.

[0116] The nodes can be clustered into groups and subgroups, and otherwise marked to indicate risk levels. For example, in some embodiments, edge weights can be used to represent the strength of a correlation between two nodes, and an edge color can be used to indicate the risk implicated by that relationship. A risky zip code node can be colored red (darker being more risky), and edges leaving that zip code node can be similarly colored. Alternatively, an edge’s risk color can be a combination of the risk associated with each connected node.

[0117] T opological graphs can be used for any other suitable type of analysis. Additional details related to topological graphs are described in International Patent Application No. PCT/US2017/041537, US Patent Application No. 15/639,094, and US Patent Application No. 15/590,988, all of which are incorporated by reference in their entirety for all purposes.

[0118] A method 700 according to embodiments of the invention can be described with respect to FIGS. 7A-7E. Some elements in other Figures are also referred to. The steps shown in the method 700 may be performed sequentially or in any suitable order in embodiments of the invention. In some embodiments, one or more of the steps may be optional.

[0119] The various messages described below may use any suitable form of communication. In some embodiments, a request or response may be in an electronic message format, such as an e-mail, a short messaging service (SMS) message, a multimedia messaging service (MMS) message, a hypertext transfer protocol (HTTP) request message, a transmission control protocol (TCP) packet, a web form submission. The request or response may be directed to any suitable location, such as an e-mail address, a telephone number, an internet protocol (IP) address, or a uniform resource locator (URL). In some embodiments, a request or response may comprise a mix of different message types, such as both email and SMS messages.

[0120] A first custodian may create or obtain a physical entity. For example, the first custodian may be a mining company that harvests a diamond, the first custodian may be a textile manufacturer that produces a handbag, or the first custodian may be a hospital that delivers a child. The physical entity may have certain intrinsic physical properties, such as a weight, a shape, an appearance, and a quality. The physical entity may also be associated with a model name, a batch number, a production date, a brand name, and labeled with any other suitable information.

[0121] At step S701 , the first custodian computer 130A sends a request for a unique identifier for the physical entity. Embodiments allow this request to be a sent to the confirmation computer 150, or to a separate identifier provider (e.g., a blockchain network computer).

[0122] At step S702, the confirmation computer 150 can provide a unique item identifier 125 for the physical entity. The confirmation computer can send a response with the item identifier 125 back to the first custodian computer 130A.

[0123] At step S703, the first custodian can attach the item identifier 125 to the physical entity. For example, the physical entity can be placed in a package, and the item identifier 125 can be printed on the outside of the package. In some embodiments, the item identifier 125 can be attached directly to the physical entity (e.g., via a stamp, a sticker, a string and tag, etc.). The item identifier 125 can be shown plainly (e.g., as an alphanumeric string), encoded into a barcode or QR code, or included in any other suitable manner. Along with the item identifier 125, descriptive information (e.g., model type, a brand name) can also be shown on an attached label.

[0124] At step S704, the first custodian can capture an image of the physical entity, or otherwise measure one or more properties of the physical entity. In some embodiments, the first custodian can take multiple images from one or more different angles (or perspectives) of the physical entity. Additional measurements can include videos of the physical entity (e.g., a video of a bag being opened and closed, a video of a package being opened and the physical entity being removed from the package), audio recordings, an x-ray image, a weight, etc. [0125] At step S705, the first custodian computer 130A sends a registration request message to the confirmation computer 150 for registering the physical entity with the certification system. The request message can include an image of the physical entity and the item identifier 125. The request can also include additional properties and measurements of the physical entity, as well as label information associated with the physical entity (e.g., a serial number, product name, batch identifier, etc.). In some embodiments, the registration request message (at step S705) and the identifier request (at step S701) can be combined into a single message.

[0126] At step S706, the confirmation computer 150 can analyze risk associated with the registration request in order to determine whether to register the physical entity. This can include identifying the first custodian and reviewing the first custodian’s reputation, determining whether there are inauthentic item trends associated with the type of item or other parameters from the request, determining whether the item is already registered, etc. The registration process is described in more detail above with respect to FIG. 4.

[0127] At step S707, the confirmation computer 150 can register the physical entity and store a physical entity record in a physical entity database. The confirmation computer can send a registration response message back to the first custodian computer 130A indicating that registration was successful.

[0128] At step S708, the first custodian provides the physical entity to a second custodian. For example, a manufacturer may provide the physical entity to a shipping company.

[0129] At step S709, the second custodian can capture an image of the physical entity, and read, scan or image the attached item identifier 125. In some embodiments, the second custodian can take additional measurements, such as additional photos, videos, weight measurements, etc. The second custodian may repeat the measurements taken during registration.

[0130] At step S710, the second custodian computer 130B can submit a certification request message to the confirmation computer 150 for certifying the authenticity of the physical entity. The request can include the image (or other measurements), the item identifier 125, and any other suitable information. The request can further include a second custodian identifier and any other suitable contextual information or metadata (e.g., an IP address, a time, a physical location).

[0131] At step S711 , the confirmation computer 150 identifies the stored physical entity record based on the item identifier 125. The original image data stored during registration can be retrieved from the record. In some embodiments, instead of identifying a physical entity record based on an item identifier 125, a physical entity record can be identified based on images, descriptions, and other information obtained from physical entity, package, or label.

[0132] At step S712, the confirmation computer 150 can digitally compare the received image with the stored image of the physical entity, and can thereby determine an image similarity score. In other embodiments, as explained above, image recognition techniques can be used instead of or in addition to the image comparison. [0133] At step S713, the confirmation computer 150 can analyze risks and trends associated with any suitable aspect of the certification request. For example, the confirmation computer 150 can determine and analyze a reputation of the second custodian and evaluate any associated risks. The confirmation computer 150 can similarly analyze risks associated with the first custodian. The confirmation computer 150 can review trends associated with the physical entity type, the type of measurement being used, the time of the certification request, the time of shipping, etc. Some or all of the parameters can be plotted as nodes and connected with edges in a topological graph that includes data for all other registered physical entities and custodians, such that risk can be determined based on groups, subgroups, and distances between them. In some embodiments, the confirmation computer 150 can determine whether there is any mismatching or incorrect information (e.g., the requestor does not typically use the current IP address), and weigh the associated risk. The certification process is described in more detail above with respect to FIG. 5.

[0134] At step S714, the confirmation computer 150 can determine a certification score based on a combination of risk factors determined in step S716. The confirmation computer 150 can also conclude, based on the certification score, whether the physical entity is authentic. In other words, the confirmation computer 150 can determine whether the physical entity possessed by the second custodian is legitimately the same physical entity that was registered by the first custodian (and the same entity indicated in a package label). In some embodiments, the

confirmation computer may not guarantee that the physical entity is authentic, but may instead use the certification score to indicate the likelihood that the physical entity is authentic.

[0135] At step S715, the confirmation computer 150 can send a certification response message back to the second custodian computer 130B indicating that the physical entity is certified to be authentic, the message including the certification score and/or information about factors contributing to the certification score. [0136] Having verified that the physical entity is authentic, the second custodian can continue to pass the physical entity along. At step S716, the second custodian can provide the physical entity to a third custodian. For example, a shipping company can deliver the physical entity to a merchant. [0137] The third custodian computer 130C can then request another certification of the physical entity (e.g., to ensure that the second custodian did not provide an inauthentic item). For example, at step S717, the third custodian can initiate another certification process. The certification process described with respect to steps S709-S715 can essentially be repeated at steps S718-S724 with the third custodian computer submitting the certification request. However, in comparison with the previous certification process, this additional certification process can involve updated risk analysis models, reputation models, and physical entity travel history data.

[0138] The passing of the physical entity and re-certifying of the physical entity can continue in this manner as needed. For example, after the third custodian computer 130C receives a successful certification, the third custodian can provide the physical entity to a fourth custodian at step S725. This could be a merchant selling the physical entity to a consumer.

[0139] In some embodiments, a potential custodian can request certification before obtaining ownership of the physical entity. For example, a consumer may request certification of a product before purchasing it from a merchant.

[0140] As mentioned above, current physical entity tracking and identification tools, such as barcodes, have the technical problem of being inherently

disassociated from a physical entity. Physical entities can be removed from packages, and otherwise separated from their barcodes. As a result, barcodes fail to securely identify a specific physical entity or track the movements of a physical entity. For example, the labels of a high-quality diamond label and a low-quality diamond can be switched. An end consumer shopping for a high-quality diamond may not be able to tell that the diamond with the high-quality label is actually a low- quality diamond.

[0141] Embodiments of the invention advantageously solve this technical problem by using multiple technological tools, in combination, to uniquely identify different physical entities and to track their movements. A unique identifier (e.g., a barcode) can be attached to a physical entity. Later on, in order to certify the authenticity of the physical entity, the unique identifier can be read and used to identify a record of a physical entity. Detection hardware can be used to measure intrinsic qualities of a physical entity, such as a camera capturing an image of the physical entity’s exterior appearance. These measurements can be compared with initial measurements stored in the physical entity’s record. Additionally, datasets related to past certification processes and reports of inauthentic physical entities can be analyzed to determine reputations and risk levels of custodians, and to determine other trends related to where inauthentic physical entities are found (e.g., using topological graphs). As a result, even if detection hardware is unable to conclusively authenticate a physical entity, reputations and risk models can determine a probability that a physical entity is authentic.

[0142] As a result, a party that receives a physical entity can be confident that the physical entity is legitimately what is in indicated by an accompanying tag or specifications, or can be informed that the physical entity is likely not what is indicated. For example, the person shopping for diamonds need not trust just a label or shop owner, as described above. Instead, the shopper can seek more information by taking an image of the diamond and scan the diamond label. The system can then determine the likelihood that the present diamond is truly the diamond indicated by the label (e.g., a high-quality diamond), and then inform the shopper. As a result, the shopper can receive more information, and does not need to trust a label or a shop owner.

[0143] Additionally, the system can provide the shopper with information about the source of the diamond indicated by the label, the travel history, other custodians that have handled it, and any possible risk factors. Upon reviewing the information, the shopper may recognize a shipping company that the shopper does not trust, and thus the shopper may suspect that the diamond label is incorrect. In this scenario and many other scenarios, the shopper can obtain even more information and make their own better-informed decision about whether or not to trust that a diamond has the properties shown in a label or alleged by a salesperson. Thus, the system can increase trust and certainty by providing more transparent information about physical entities and their origins.

[0144] A computer system will now be described that may be used to implement any of the entities or components described herein. Subsystems in the computer system are interconnected via a system bus. Additional subsystems include a printer, a keyboard, a fixed disk, and a monitor which can be coupled to a display adapter. Peripherals and input/output (I/O) devices, which can couple to an I/O controller, can be connected to the computer system by any number of means known in the art, such as a serial port. For example, a serial port or external interface can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor to communicate with each subsystem and to control the execution of instructions from system memory or the fixed disk, as well as the exchange of information between subsystems. The system memory and/or the fixed disk may embody a computer-readable medium.

[0145] As described, the inventive service may involve implementing one or more functions, processes, operations or method steps. In some embodiments, the functions, processes, operations or method steps may be implemented as a result of the execution of a set of instructions or software code by a suitably-programmed computing device, microprocessor, data processor, or the like. The set of instructions or software code may be stored in a memory or other form of data storage element which is accessed by the computing device, microprocessor, etc. In other embodiments, the functions, processes, operations or method steps may be implemented by firmware or a dedicated processor, integrated circuit, etc.

[0146] Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer-readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

[0147] While certain exemplary embodiments have been described in detail and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not intended to be restrictive of the broad invention, and that this invention is not to be limited to the specific arrangements and constructions shown and described, since various other modifications may occur to those with ordinary skill in the art.

[0148] As used herein, the use of "a", "an" or "the" is intended to mean "at least one", unless specifically indicated to the contrary.

Claims

WHAT IS CLAIMED IS:

1. A method comprising:

receiving, at a confirmation computer, from a requestor computer, a request to certify that a physical entity is authentic, the request including an identifier and an image of the physical entity;

locating, by the confirmation computer, a record associated with the physical entity based on the identifier, the record including a stored image of the physical entity;

digitally comparing, by the confirmation computer, the received image and the stored image;

determining, by the confirmation computer, a risk level associated with the request;

determining, by the confirmation computer, that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and determining that therefore the physical entity in the received image is authentic; and

sending, by the confirmation computer, to the requestor computer, a response certifying that the physical entity is authentic.

2. The method of claim 1 , further comprising:

obtaining additional information regarding the physical entity, wherein the risk level is determined based on the additional information regarding the physical entity.

3. The method of claim 1 , further comprising:

obtaining additional information regarding a requestor of the requestor computer, wherein the risk level is determined based on the additional information regarding the requestor.

4. The method of claim 3, wherein the additional information includes a topological graph with at least one node associated with the requestor.

5. The method of claim 3, further comprising:

determining a reputation score for the requestor based on the additional information regarding the requestor, wherein the risk level is determined based on the reputation score.

6. A confirmation computer comprising:

a processor; and

a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising:

receiving, from a requestor computer, a request to certify that a physical entity is authentic, the request including an identifier and an image of the physical entity;

locating a record associated with the physical entity based on the identifier, the record including a stored image of the physical entity;

digitally comparing the received image and the stored image;

determining a risk level associated with the request;

determining that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and determining that therefore the physical entity in the received image is authentic; and sending, to the requestor computer, a response certifying that the physical entity is authentic.

7. The confirmation computer of claim 6, further comprising: obtaining additional information regarding the physical entity, wherein the risk level is determined based on the additional information regarding the physical entity.

8. The confirmation computer of claim 6, further comprising: obtaining additional information regarding a requestor of the requestor computer, wherein the risk level is determined based on the additional information regarding the requestor.

9. The confirmation computer of claim 8, wherein the additional information includes a topological graph with at least one node associated with the requestor.

10. The confirmation computer of claim 8, further comprising:

1 1. A method comprising:

receiving, by a requestor computer, an image of a physical entity and an identifier associated with the physical entity;

sending, by the requestor computer, to a confirmation computer, a request to certify that the physical entity is authentic, the request including the identifier and the image, wherein the confirmation computer locates a record associated with the physical entity based on the identifier, the record including a stored image of the physical entity, wherein the confirmation computer digitally compares the received image and the stored image, wherein the confirmation computer determines a risk level associated with the request, wherein the

confirmation computer determines that the physical entity shown in the received image is associated with the record based on the risk level and the digital

comparison, and that therefore the physical entity in the received image is authentic; and

receiving, by the requestor computer, from the confirmation computer, a response certifying that the physical entity is authentic.

12. The method of claim 1 1 , wherein the confirmation computer obtains additional information regarding the physical entity, and wherein the risk level is determined based on the additional information regarding the physical entity.

13. The method of claim 1 1 , wherein the confirmation computer obtains additional information regarding a requestor of the requestor computer, and wherein the risk level is determined based on the additional information regarding the requestor.

14. The method of claim 13, wherein the additional information includes a topological graph with at least one node associated with the requestor.

15. The method of claim 13, further comprising:

16. A requestor computer comprising:

a processor; and

receiving an image of a physical entity and an identifier associated with the physical entity;

sending, to a confirmation computer, a request to certify that the physical entity is authentic, the request including the identifier and the image, wherein the confirmation computer locates a record associated with the physical entity based on the identifier, the record including a stored image of the physical entity, wherein the confirmation computer digitally compares the received image and the stored image, wherein the confirmation computer determines a risk level associated with the request, wherein the confirmation computer determines that the physical entity shown in the received image is associated with the record based on the risk level and the digital comparison, and that therefore the physical entity in the received image is authentic; and

receiving, from the confirmation computer, a response certifying that the physical entity is authentic.

17. The requestor computer of claim 16, wherein the confirmation computer obtains additional information regarding the physical entity, and wherein the risk level is determined based on the additional information regarding the physical entity.

18. The requestor computer of claim 16, wherein the confirmation computer obtains additional information regarding a requestor of the requestor computer, and wherein the risk level is determined based on the additional information regarding the requestor.

19. The requestor computer of claim 18, wherein the additional information includes a topological graph with at least one node associated with the requestor.

20. The requestor computer of claim 18, wherein the confirmation computer determines a reputation score for the requestor based on the additional information regarding the requestor, and wherein the risk level is determined based on the reputation score.