GB2637465A - Authentication - Google Patents

Abstract

A user authenticator device 140 for use in authenticating a user's identity and/or a physical asset comprises a plurality of different machine-readable unique identifiers 142a provided on or in the device, each containing different ID information for identifying the authenticator device. Preferably the plurality of machine-readable unique identifiers comprises at least four physical machine-readable unique identifiers. A method of authenticating a user identity using the user authenticator device comprises communicating with a user mobile device to retrieve ID information from a particular selection of the machine-readable unique identifiers on the user’s authenticator device and authenticating the user if the received ID information matches stored ID information. A physical media asset is also envisaged comprising one or more machine-readable unique identifiers provided on or in a preferably non-playing area of the storage medium, the one or more unique identifiers containing information for identifying the copy from all other copies of the media recording.

Description

AUTHENTICATION

Technical Field

The invention relates generally to a physical media asset, such as a vinyl record, having machine-readable unique identifiers containing information for authenticating the physical media asset, an authenticator device having machine-readable unique identifiers containing information for authenticating a user identity and/or the physical media asset, a method and system for authenticating a physical media asset based on the unique identifiers, and a method and system for authenticating a user identity based on the unique identifiers.

Background to the Invention

Authentication is a process by which the claimed identity and attributes of a product, asset or a person are verified. Authentication is used in many contexts, but in particular for verifying whether or not a product or asset is genuine or fraudulent, proving ownership of a product or asset, track and trace, and preventing unauthorised parties from gaining access to secured databases, systems or facilities.

Reliable methods of proving authenticity and ownership are particularly relevant to certain high value collectable physical assets, such as limited-edition artworks or unique productions. With the evolution of digital artwork and blockchain, non-fungible tokens (NFTs) have become a popular secure means to assign and demonstrate uniqueness and value. However, there is no analogue equivalent for physical artworks, in particular physical media assets containing audio and/or video recordings.

For example, vinyl records have had a resurgence in recent years due to users/fans wanting better quality audio, a desire for ownership of a physical music product and something to show off and ritualise. Certain vinyl albums can be traded for high value based on factors such as the artist, age, edition, and history/provenance (e.g. past owners) of the album. For example, Discogs (https'itwww discoris corn!) is the world's largest database marketplace for vinyl and other disc-based media, which lists vinyl albums for sale and facilitates purchasing. However, often the authenticity of the seller's identity, the ownership and the provenance of the physical asset is taken on trust and is difficult to verify. In some cases, even the existence of the physical media asset listed for sale with its claimed attributes is taken on trust. For example, a new copy of an old vinyl album could be sold with an old sleeve/packaging to give the impression of authenticity, when in fact it is a fake.

Historically the most granular identifier on a vinyl is typically the scratched or engraved manufacturing batch number on the central run out area. Owners have to go to great lengths to try to catalogue and distinguish their collections, for example, photographing and dating the vinyl, noting the etched batch number and any other identifying features to help establish authenticity and provenance. The same is true for other physical media assets such as cassettes, video tape, CD and DVD, all of which can be desirable collectable items.

There is therefore a need for an improved method of authenticating the veracity of a physical media product and proving ownership thereof. There is also a need for an improved method of secure transaction of physical media products and verifying the identity of an individual. Aspects and embodiments of the present invention have been devised with the foregoing in mind.

Summary of the Invention

According to a first aspect of the invention, there is provided a physical media asset comprising: a storage medium for storing a copy of a media recording; and one or more machine-readable unique identifiers provided on or in a non-playing area, portion or surface of the storage medium, the one or more unique identifiers containing information for identifying the asset and/or the copy from all other copies of the media recording.

A physical media asset may be defined as a physical consumer product/item of manufacture that stores, in persistent physical form, a copy of an audio/video recording, such as a vinyl, optical disc or cassette (as opposed to a digital media asset which may exist only in virtual/electronic form and can be arbitrarily downloaded to a memory device). The physical media asset comprises a playing area, portion or surface having certain physical, optical or magnetic properties that stores the recording and which interacts with a media player to playback the recording, and a non-playing area, portion or surface, as is known in the art. In this context, a "copy" of a media recording means a genuine copy produced from a master as a one-off production or as part of a batch (e.g. multiple vinyl records are typically pressed from a stamp representing a master of the media recording, thereby creating a copy). In contrast, a fake physical copy may be produced from a genuine copy or a digital copy of an original copy.

The provision of machine-readable unique identifiers (UlDs) on the asset allows the authenticity and ownership of the asset to be verified in a secure and reliable manner, e.g. when used as part of an authentication system described in more detail below. In particular, the physical media asset and/or the storage medium may be or comprise a phonograph record disc (e.g. a vinyl record), an optical disc (e.g. CD or DVD, or Blu Ray), a cassette (e.g. audio and/or video cassette), or any other physical medium for storing a physical copy of an audio/video recording. All of which can be collectable and high-value items whose authenticity and ownership should preferably be verified before (and even after) any transaction takes places, yet traditionally such items are difficult to authenticate. In practice, the physical media asset is registered to a user who is the designated "owner" of the asset, whereby the information associated with the asset and the information contained in its UlDs is stored in a secure online database and associated with the user. The information contained in the UlDs can be read or scanned by a suitable device (e.g. by a computing device with a camera and/or other readers) and cross-referenced against the stored ID information associated with the user's registered asset to verify the authenticity and ownership of the asset. As all the information associated with the asset is stored in the database and linked to the user, if an asset is damaged, destroyed or lost, it can be replaced with an exact copy by the supplier with new identifiers linked to the user's account. The approach can be applied to new physical media assets, whereby UlDs are provided/applied as part of the manufacture process, or to pre-existing physical media assets whereby UIDs can be applied retrospectively.

This approach enables physical media asset collections to be memorialised, e.g. when handing on a collection of physical media assets to beneficiaries of wills. Rather than having to itemise each asset sometime before death, each asset is recorded in the user database and can be associated with a value. Associating a value with the user's assets in the database can also assist in insuring the collection by allowing insurance companies to know the value of individual assets or a collection at the time of insurance.

The physical media asset can also comprise packaging (e.g. a sleeve, box, case etc.), which may also be provided with one or more machine-readable UIDs containing information for identifying the packaging. The information in the UIDs on the packaging is preferably linked with the storage medium in the database (and to the user's database account). Thus, the packaging can be matched to the storage medium to further assist in proving authenticity of the asset.

Preferably, the asset comprises a plurality of different machine-readable UIDs, each containing different information for identifying the asset and/or the copy. In one example, the asset comprises at least four or at least six different UIDs.

Providing multiple different UIDs adds additional levels and factors of security to authenticate the asset. For example, much like online multi-factor verification techniques, while it might be possible for an unauthorised person to circumvent one type of UID, it is less likely for them to circumvent two different types of UIDs, and even less likely to circumvent three, and so on.

Preferably, the one or more machine-readable UIDs include at least a physical unclonable function (PUF) tag, such as a nanoparticle or quantum dot-based PUF tag; and/or a surface topography-based tag. Such tags are particularly difficult to clone or simulate. Such tags are also optically readable, i.e. readable using an optical reader or imaging device, such as a camera on a conventional smartphone or mobile device.

The one or more machine-readable UIDs may include a radio frequency identification (RFID) tag. An RFID tag can be read with an RFID reader, which may, for example, be incorporated with a mobile device such as a smartphone.

The one or more machine-readable UIDs may include at least one (i.e. any combination) from the following list of UIDs: an encoded image, such as a QR code; a symbol sequence or alphanumeric code; a production sequence number associated with the asset; a unique graphic or image; a fingerprint (e.g. the user's or owner's fingerprint); and a pattern of holes or indentations, optionally or preferably, wherein the holes or indentations have different or congruent shapes. The unique symbol sequence or graphic may be or comprise a unique set or combination of hieroglyphs. A hieroglyph is defined herein as a pictorial character. All of these UIDs are also optically readable.

In particular, providing a production sequence number associated with the physical media asset not only allows the specific asset to be identified from all other copies made in a production run/batch but also the specific position/order of the asset in the production/manufacture sequence. For example, the production sequence number may indicate whether a vinyl is the first pressing in a run or the 100th pressing or the 10,000th pressing, etc. The unique set or combination of hieroglyphs may be selected from a larger set or dictionary/library of hieroglyphs. Each hieroglyph in the larger set may itself be unique or bespoke/custom. Preferably, the set or dictionary of hieroglyphs contains at least 500 or 1000 different hieroglyphs. The hieroglyphs may be coloured, greyscale, and/or have varying pixelation (which may be used in combination in the set). One or more of the hieroglyphs may be combined or overlaid, optionally in different orientations, to provide a composite hieroglyph formed of multiple component hieroglyphs. The composite hieroglyph may extend the library of bespoke hieroglyphs. Alternatively, the composite hieroglyph may serve to obfuscate the component hieroglyphs, requiring image analysis/processing to detect and determine/extract the component hieroglyphs.

Preferably, at least some of the one or more UIDs are integrated with one or more labels attached to the a non-playing area, portion or surface of the storage medium. In this context, integrated with a label means to form part of the label or be attached or connected to the label. For example, a UID may be applied to or form part of the outer surface of the label, or it may be located on an underside of the label, or it may be embedded within the label, e.g. sandwiched or laminated between single or multiple layers of opaque or transparent material of the label. Where the one or more UIDs includes an RFID tag, this may be located beneath a label attached to the a non-playing area, portion or surface of the storage medium or embedded within the label.

Alternatively or additionally, at least some of the one or more UIDs may be embedded within the storage medium itself, preferably a non-playing surface/region of the storage medium. Preferably, an RFID tag is embedded within an insert that is located/secured (permanently or releasably) within a recess or depression in a (non-playing) surface of the storage medium. The insert is preferably located beneath a label which may comprise further UIDs. Locating the insert and/or the RFID tag beneath the label may help to prevent tampering with the UIDs.

Preferably, the dimensions of the insert substantially match the dimensions of the recess or depression such that, when secured or fitted within the recess or depression, it provides or forms a substantially smooth outer surface of a non-playing area of the storage medium to which a label can be attached/applied.

The insert may be or comprise a multilayer structure including a first layer and a second layer, wherein the RFID tag is located between the first and second layers. The insert may be formed of the same material as the storage medium, or a different material.

Optionally, the physical media asset may further comprise a unique silk thread located in the recess beneath the insert. The silk thread comprises one or more unique features such as a weave, knot, dye, or biological material (e.g. saliva, blood, etc.), that can be analysed upon removable of the insert to identify the physical media asset.

Alternatively or additionally, an optically readable UID, such as a PUF or unique graphic (e.g. unique set or combination of hieroglyphs), may be embedded with the insert. In this case, at least the material of the insert above the embedded UID is transparent to facilitate its reading. Where both an RFID tag and an optically readable UID are embedded in an insert, these may be embedded in the same insert or in different inserts.

Preferably, where the storage medium is a phonograph record disc, such as a vinyl, at least some of the one or more UIDs are integrated with a label attached to the central (non-playing) area/surface of the record disc. In this case, where the asset further includes one or more UIDs embedded in one or more inserts, these may be located beneath the label and otherwise embedded in the central (non-playing) area.

It will be appreciated from the foregoing and the below that the invention is not limited to physical media assets comprising storage mediums, but can also be applied to physical asset in general such as: physical artworks, merchandise, memorabilia, a physical product, and/or a physical document such as a deed, contract, agreement, pledge, certificate, or accreditation. Such physical assets can similarly comprise machine-readable UIDs attached thereto, each containing different information for identifying the physical asset.

According to another aspect of the invention, there is provided, an insert for a physical media asset as defined in the first aspect. The insert comprises one or more unique identifiers embedded therein, the one or more unique identifiers containing information for identifying the physical media asset (or the copy of the media recording). The insert may be configured to fit into a recess in a surface of a (preferably) non-playing area of the storage medium of the physical media asset. Optionally or preferably, the dimensions of the insert substantially match the dimensions of the recess so as to provide a substantially smooth surface of the non-playing area of the storage medium.

The insert may be or comprise a multilayer structure including a first layer and a second layer, wherein the one or more unique identifiers are located between the first and second layers.

Preferably, the one or more unique identifiers include an RFID tag. The insert may include any further features described above in the first aspect.

According to a second aspect of the invention there is provided an authenticator device for use in authenticating a user's physical asset or physical media asset, and/or for use in verifying a user's identity. The authenticator device comprises one or more machine-readable UIDs provided on or in the authenticator device containing ID information for identifying the authenticator device.

The authenticator device is configured to be used in conjunction with an authentication system described in more detail below to verify the authenticity and ownership of a user's physical (media) asset and/or to authenticate/verify a user's identity in a secure and reliable manner. The authenticator device is associated with specific user, and is unique to that user. That is, no two authenticator devices carry the same information.

Preferably, the authenticator device comprises a plurality of different machine-readable UIDs, each containing different information for identifying the authenticator device. Optionally or preferably, the authenticator device comprises at least four or at least six different UIDs. I()

Preferably, the one or more machine-readable UIDs include at least a physical unclonable function (PUF) tag, such as a nanoparticle or quantum dot-based PUF tag, and/or a surface topography-based tag. The one or more machine-readable UIDs may include a RFID tag. The one or more machine-readable UlDs may include at least one (i.e. any combination) from the following list of UlDs: an encoded image, such as a QR code; a symbol sequence or alphanumeric code; a unique graphic or image; a fingerprint (e.g. the user's or owner's fingerprint); a microchip; and a pattern of holes or indentations, optionally or preferably, wherein the holes or indentations have different or congruent shapes. The unique symbol sequence or graphic may be or comprise a unique set or combination of hieroglyphs. One or more of the hieroglyphs may be a composite hieroglyph as described above. All of these UIDs may also be optically readable.

Preferably, the authenticator device comprises a main body with one or more internal compartments configured to receive (and store) one or more drawers, wherein at least some of the one or more machine-readable UIDs of the authenticator device are provided on or in the drawers. The drawers are preferably removable and/or interchangeable. Each UID may be provided on or in a separate drawer, or each drawer may comprise a separate UID. In this way, the UIDs can be stored within the body of the authenticator device and protected from the external environment. This may in turn prevent or reduce damage to, and slow any degradation of, the UIDs that may occur over time.

Preferably, the one or more drawers are moveable between an open position in which the UIDs are located outside of the main body and readable, e.g. by a reader device such as a mobile device, and a closed position in which the UIDs are located inside the main body.

A drawer may be any element for carrying, supporting or holding a UID which can fit into and be removed from an internal compartment of the main body to provide access to the UID, e.g. by a sliding or pivoting movement. E.g. a carrier, holder, or tray etc. The one or more drawers may be received through one or more respective openings in the main body. The one or more drawers may be configured to close, and optionally seal, the one or more respective openings when in the closed position. Closing or sealing the opening to the internal compartments further assists in protecting the UlDs.

Preferably, each drawer comprises a carrier portion on which at least one of the one or more UIDs is provided. Each carrier portion may be configured to rotate relative to the respective drawer so as to adjust the orientation of the UID relative to the respective drawer. The carrier portion may be configured to rotate between at least 4, 6 or 8 (stable) positions/orientations.

Adjusting the orientation of the UIDs adds a further level of security whereby the orientation of, and the information contained in, the UID can be read and combined as part of the authentication process. For example, a user may be requested to scan/read a particular UID in a particular drawer in a particular orientation, as described in more detail below. I()

Preferably, each carrier portion comprises a set of markings (e.g. graduations) to visually identify the relative orientation. For example, the carrier portion may be substantially circular and its markings may extend along the periphery of the carrier portion. The drawer may also include at least one marking adjacent to the carrier portion to enable a relative orientation of the carrier portion to be read/determined. The markings can be captured by the reader (e.g. mobile device camera) and used to determine the relative orientation.

Preferably, the authenticator device is not connectable to a network such as the internet.

The authenticator device may be a passive device, e.g. without a power source or any other active electrical components.

Alternatively, the authenticator device may be an active device. In this case, the authenticator device may comprise: a power source, a display, one or more inputs, and a processor. The device may further comprise an audio output such as a speaker. Preferably, the authenticator device does not include a wireless communication module, or any means to be in connect to a network such as the internet, or be in data communication with a mobile device.

The processor may be configured to generate, in response to a user input via the one or more inputs, additional ID information for identifying the authenticator device. Preferably, the additional ID information is based, at least in part, on ID information from or contained in one or more of the machine-readable UIDs on/in the authenticator device. The additional ID information may comprise a unique image or dynamic image for outputting on the display. Alternatively or additionally, the additional ID information may comprise an audio signal.

The device may comprise a light source, e.g. to provide backlighting for the one or more inputs or the hieroglyphs.

According to a third aspect of the invention, there is provided a method of authenticating a physical asset comprising one or more machine readable UIDs containing ID information for identifying the asset. In one embodiment, the physical asset is a physical media asset as defined in the first aspect, and the terms can be exchanged accordingly. References to "mobile device" herein may be exchanged with "computing device".

The method comprises: receiving, at a server system in communication with a user mobile device, an authentication request from the mobile device to authenticate a user's physical asset; sending a first request to the mobile device for reading (or first information from) one or more machine-readable UIDs on the physical asset; receiving, at the server system, the first ID information or scan data comprising the first ID information read by the mobile device from each requested UID on the physical asset; comparing, at the server system, the received/requested first ID information with stored first ID information associated with the UIDs of the user's registered physical asset; and authenticating the physical asset if the received first ID information matches the stored first ID information.

The server system may comprise a secure user database storing ID information associated with the UIDs on a user's registered physical asset(s). Comparing may comprise accessing or querying the stored ID information in the secure user database.

Where the physical asset comprises a plurality of different machine-readable UlDs, each containing different first ID information for identifying the physical media asset, the first request may comprise a request for reading (or first ID information from) each of the plurality of UIDs on the physical asset, or from a particular selection of one or more of the UlDs on the physical asset. The selection may be generated randomly based on the stored ID information associated with the user's registered physical asset. Alternatively, the selection may be based on one or more predefined criteria, e.g. a user's prior authentication request history.

The method may further comprise sending, by the server system in response to the authentication request, a second request to the mobile device for reading (or second ID information from) one or more machine-readable UIDs on a user's authenticator device as defined in the second aspect; receiving, at the server system, second ID information, or scan data comprising the second ID information, read by the mobile device from each requested UID on a user authenticator device; comparing, at the server system, the received second ID information with stored second ID information associated with the UlDs of the user's registered authenticator device; and authenticating the physical asset if the received first and second ID information match the respective stored first and second ID information.

Where the physical asset comprises a plurality of different machine-readable UIDs, each containing different second ID information for identifying the authenticator device, the second request may comprise a request for reading (or second ID information from) each of the UIDs on the authenticator device, or a particular selection of one or more of the UIDs on the authenticator device. The selection may be chosen at random based on the stored second ID information, or based on one or more predefined criteria e.g. a user prior authentication request history.

The method may further comprise reading, by the user mobile device in response to the first and/or second request, the requested one or more UlDs on the respective physical asset and/or authenticator device (or the first/second ID information therefrom). This may comprise acquiring, by the mobile device, scan data comprising the respective first/second ID information. The method may further comprise, following the reading step, sending the first/second ID information or scan data comprising the first/second ID information to the server system.

Comparing may comprise processing, at the server system, the received scan data to determine or extract the respective first/second ID information. This may involve sending scan data from at least some of the UIDs to a third party server for decoding/extracting the ID information, and receiving the ID information from the third party server.

Preferably, the first/second ID information or scan data is not stored on the mobile device thereafter. That is, the reading and sending is performed without persistently storing the read first/second ID I5 information or scan data on the mobile device. This may comprise storing the first/second ID information or scan data only temporarily for the purposes of transmission to the server system, and deleting any stored first/second ID information or scan data. The method may comprise encrypting, at the mobile phone, the scan data and sending the encrypted scan data to the server system, where it is decrypted and processed to extract the relevant ID information.

The method may further comprise receiving, at the server system, a first geolocation of the mobile device associated with a time of reading the requested UIDs (or the first ID information therefrom) on the physical asset, and a second geolocation of the mobile device associated with a time of reading the requested UIDs (or the second ID information therefrom) on the authenticator device; comparing, at the server system, the received first and second geolocations associated with the respective first and second ID information; and authenticating the physical asset if the received first and second ID information match the respective stored first and second ID information, and if the first and second geolocations substantially match.

The method may further comprise, determining, by the mobile device, the first and second geolocations of the mobile device associated with a time of reading the UIDs (or the first/second ID information therefrom) on the physical asset and the authenticator device.

Where the authenticator device comprises one or more drawers, each with a rotatable carrier portion on which at least one of the one or more UIDs is provided, the second request may be a request for reading one or more machine-readable UIDs (or the second ID information therefrom) when in a particular respective orientation relative to the drawer. In this case, the scan data further comprises the relative orientation of the carrier portion, and the method may comprise determining the relative orientation of the carrier portion from the scan data (e.g. based on markings). The second request may comprise a request to adjust the orientation of the carrier portion by a predetermined amount relative to a current orientation/position or user-defined starting orientation/position of the carrier portion, whereby the requested orientation is the result of adjusting the orientation of the carrier portion from the current/start position by the requested amount. The requested orientation may be determined based on a user's prior authentication request history. The method may comprise comparing the received/requested orientation to an expected orientation. The expected orientation may be determined based on the previous requested orientation or user-defined start position and the current requested orientation or adjustment.

The start position may be user-defined set of orientations for each carrier portion, that are stored in the database (similar to a password). As such, the user may, in response to the request to adjust the orientation of the requested carrier portions by a predetermined amount, either set the carrier portion to the start position and then adjust the orientation by the predetermined amount, or the user may simply adjust the orientation from the current position by the predetermined amount.

Each carrier portion may comprise a set of markings to visually identify the relative orientation. In this case, reading the requested unique identifiers on the authenticator device may comprise capturing (by the mobile device) an image of the carrier portion including the markings and the UID.

The method may further comprise: sending, by the server system in response to the authentication request, a third request to the mobile device for reading third ID information from a user's authenticator device; generating, by the authenticator device, third ID information based, at least in part, on second ID information from one or more machine-readable UIDs on the authenticator device, wherein the third information comprises visual and/or audio information; outputting, by a display and/or speaker of the authenticator device, the third ID information; receiving, at the server system, the third ID information, or scan data comprising the third information, read by the mobile device from authenticator device.

The method may further comprises comparing, at the server system, the received third ID information to corresponding third ID information generated (at the server system) using stored second ID information associated with the UIDs on the user's authenticator device.

The method may further comprises authenticating the physical media asset if the received first ID information matches the user's stored first ID information, and if the received third ID information matches the corresponding third ID information generated by the server system.

Preferably, the third ID information comprises a unique dynamic image output on a display of the authenticator device. The third ID information may further comprise audio information output simultaneously with the dynamic image. Reading the third ID information may comprise acquiring, by the mobile device, video data of the dynamic image. The video data may optionally comprise an audio component of the third information.

Reading the requested UIDs on the physical asset and/or authenticator device may comprise, reading using one or more ID readers of the mobile device. Preferably, the one or more ID readers include an imaging device, microphone and/or an RFID reader.

According to a fourth aspect of the invention, there is provided a system for authenticating a physical asset. The system comprises a physical asset with one or more machine readable UIDs containing ID information for identifying the asset. In one embodiment, the physical asset is a physical media asset as defined in the first aspect, and the terms can be exchanged accordingly. The system further comprises a server system comprising a secure user database storing ID information associated with the UIDs on a user's registered physical asset(s). The server system is configured to communicate with a user mobile device via a network. The server system is configured to: receive an authentication request from the mobile device to authenticate the user's physical asset; send a first request to the mobile device for reading (or first ID information from) one or more UIDs of the physical asset; receive the first ID information, or scan data comprising the first ID information, read by the mobile device from each requested UID on the physical asset; compare the received first ID information with stored first ID information associated with the UIDs on the user's registered physical media asset; and authenticate the physical asset if the first ID information matches the user's stored first ID information.

Reading ID information from one or more machine-readable UIDs or reading the one or more machine-readable UIDs may comprise acquiring, by the mobile device, scan data comprising the ID information.

Comparing may comprise processing, at the server system, the received scan data to determine or extract the ID information. Comparing may comprise accessing or querying the stored ID information in the user database. The server system may be configured to analyse/process scan data from a hieroglyph UID to detect hieroglyphs in the scan data based at least in part on a library of stored hieroglyphs. Where the UID contains a composite hieroglyph, the server system may be configured to analyse/process the scan data to determine/extract the component hieroglyphs, based at least in part a library of stored hieroglyphs.

Preferably, the physical asset comprises a plurality of different machine-readable UIDs, each containing different first ID information for identifying the physical media asset. In this case, the server system may be configured to send a first request for reading (or first ID information from) each of the plurality of UIDs on the physical asset. Alternatively, the server system may be configured to send a first request for reading (or first ID information from) a particular selection of one or more of the plurality of UIDs on the physical asset. The selection may be chosen at random, e.g. based on the stored first ID information, or generated based on one or more predefined/determined criteria (e.g. a user prior authentication request history).

Preferably, the system further comprises an authenticator device as defined in the second aspect. In this case, the server system further stores in the secure user database ID information associated with the UIDs on a user's registered authenticator device The server system may be further configured to: send, in response to the authentication request, a second request to the mobile device for reading (or second ID information from) one or more machine-readable UIDs on the user's authenticator device; receive the second ID information, or scan data comprising the second ID information, read by the mobile device from each requested UID on the user authenticator device; compare the received second ID information with stored second ID information associated with the UIDs of the user's registered authenticator device. The server system may further be configured to authenticate the physical asset if the received first and second ID information match the respective stored first and second ID information.

The mobile device is configured to read the one or more UIDs on the physical asset and the authenticator device. The mobile device comprises one or more ID readers, such as an imaging device (camera), and/or a RFID reader. The mobile device is preferably further configured to determine its geolocation, e.g. the mobile device may comprise one or more locator modules, such as a GPS module or any other suitable location technology.

The server system may further be configured to: receive a first geolocation of the mobile device associated with a time of reading the UIDs of the physical asset (or the first ID information therefrom), and a second geolocation of the mobile device associated with a time of reading the UlDs of the authenticator device (or the second ID information therefrom).

The server system may be configured to compare the first and second geolocations associated with the respective first and second ID information; and authenticate the physical asset if the received first and second ID information match the respective stored first and second ID information, and if the first and second geolocations substantially match.

Preferably, the authenticator device comprises one or more drawers, each drawer comprising a carrier portion on which at least one of the one or more UIDs is provided, and wherein each carrier portion is configured to rotate relative to the respective drawer so as to adjust the orientation of the UID relative to the respective drawer. In this case, the server system may be configured to send a second request for reading the one or more UlDs on the authenticator device when in a particular respective orientation.

Preferably, each carrier portion comprise respective sets of markings to visually identify the relative orientation. The markings may be numbered to enable a user to correctly adjust the orientation prior to reading. Preferably, reading the requested UIDs on the authenticator device by the mobile device comprises capturing image data of the carrier including the UID and the markings. Preferably, the scan data includes the UID/ID information and orientation information. The server system may be configured to process the scan data to extract the ID information and determine the orientation of the carrier portion.

Where the authenticator device is an active device for generating third ID information for identifying the authenticator device based, at least in part, on second ID information from the one or more of the machine-readable UIDs on the authenticator device as described in the second aspect, the server system may be further configured to: send, in response to the authentication request, a third request to the mobile device for reading third ID information from the authenticator device; receive the third ID information, or scan data comprising the third ID information, read by the mobile device from authenticator device; compare the received third ID information to corresponding third ID information generated (at the server system) using stored second ID information associated with the UIDs on the user's authenticator device. The server system may be further configured to authenticate the physical media asset if the received first ID information matches the user's stored first ID information, and if the received third ID information matches the corresponding third ID information generated by the server system.

According to a fifth aspect of the invention, there is provided a method of secure transaction of a physical asset comprising one or more machine readable UIDs containing ID information for identifying the asset. In one embodiment, the physical asset is a physical media asset as defined in the first aspect, and the terms can be exchanged accordingly.

The method comprises receiving, at a server system configured to communicate with user mobile devices over a network, from a mobile device of a first user, an offer to purchase a second user's physical media asset listed on an online marketplace (or exchange or bourse) hosted by the server system. The server system contains a secure user database storing ID information associated with UIDs on each user's registered physical media asset(s) and on each user's registered authenticator device. The method may further comprise verifying or authenticating the identity of the first user; sending, in response to positive verification of the first user and in response to the second user accepting the offer, an authentication request to the second user's mobile device to authenticate the physical asset; and initiating a transaction for the purchase of the physical asset in response to positive authentication of the physical asset.

In this context, a registered physical asset and/or authenticator device means that the physical asset and/or the authenticator device, along with their respective ID information (and any other information associated with the assets) are stored in the user database, and associated with a user's database account -thereby indicating that the user owns the asset and/or the authenticator device.

The method may further comprise, upon completion of the transaction, deregistering or removing the purchased physical media asset and its associated ID information from the second user's database or their database account maintained by the server system. The method may then comprise (i) adding the purchased physical asset with its associated ID information to the first user's database or database account maintained by the server system. Alternatively, the method may comprise (ii) adding the purchased physical asset with ID information associated with new UIDs provided on the purchased physical asset to the first user's database or database account (if new UIDs are requested by the first user).

The method may further comprise, upon receipt of the purchased physical asset by the first user, registering or activating (or confirming registration) the purchased physical asset with the first user's database according to the method of the third aspect. This may comprise authenticating, by the first user, the purchased physical asset.

The method may further comprise, prior to receiving an offer for the physical asset from a first user: listing the second user's physical asset for sale on the online marketplace. This may comprise: receiving, at the server system, a request from the second user to list their physical asset for sale on the online marketplace; and sending, by the server system in response to that request, a request to a mobile device of the second user to authenticate the physical asset. The process of asset authentication preferably proceedings as defined in the third aspect. The method may then comprise listing the second user's physical asset for sale on the online marketplace in response to a positive authentication.

Verifying the identity of the first user may comprise: sending, by the server system, a request to the mobile device of the first user for reading (or second ID information from) one or more machine-readable UIDs on an authenticator device of the first user; receiving, at the server system, second ID information or scan data comprising the second ID information read by the mobile device from each requested UID on the authenticator device; comparing, at the server system, the received second ID information with stored second ID information associated with the UIDs on the first user's registered authenticator device; and authenticating the first user's identity if the second ID information matches the stored second ID information.

Verification may further include the particular orientation of the UID, and/or the third ID information as described above.

According to a sixth aspect of the invention, there is provided a method of authenticating a user identity, using an authenticator device as defined in the second aspect. The method comprises: sending, by a server system configured to communicate with a user mobile device over a network and containing a secure user database storing ID information associated with UIDs on each user's registered authenticator device, a request to the user mobile device for reading (or ID information from) one or more machine-readable UlDs on the user's authenticator device; receiving, at the server system, ID information or scan data comprising the ID information read by the mobile device from each requested UID on the user's authenticator device; comparing, at the server system, the received ID information with stored ID information associated with the UIDs on the user's registered authenticator device; and authenticating the user's identity if the received ID information matches the stored ID information.

The method may further comprise, receiving, at the server system, an authentication request to authenticate a user's identity. The authentication request may be received from a third party entity.

Comparing may comprise processing, at the server system, the received scan data to determine or extract the ID information. Comparing may comprise accessing or querying the stored ID information from a secure user database.

Where the authenticator device comprises a plurality of different machine-readable UIDs, each containing different ID information for identifying the authenticator device, the ID request may comprise a request for reading (or ID information from) each of the plurality of UIDs on the asset, a particular selection of one or more of the UIDs. The selection may be generated randomly, e.g. based on stored ID information, or generated based on one or more predefined criteria (e.g. a user prior authentication request history, a requesting party).

The method may further comprise: reading, by the mobile device in response to the ID request, the ID information or scan data comprising the ID information from the requested one or more UIDs on the authenticator device, and sending the ID information or the scan data comprising the ID information to the server system. Preferably, the ID information or scan data is not stored on the mobile device thereafter. That is, the reading and sending is performed without persistently storing the read first ID information or scan data on the mobile device. This may comprise storing the ID information or scan data only temporarily for the purposes of transmission to the server system, and deleting any stored first ID information or scan data. Data sent to the server system may be encrypted.

According to a seventh aspect of the invention, there is provided a system for authenticating a user's identity. The system comprises an authenticator device as defined in the second aspect; and a server system as described previously. The server system comprises a secure user database storing ID information associated with the UIDs on a user's registered authenticator device. The server system is configured to communicate with a user mobile device via a network. The server system is configured to: send an ID request to the user's mobile device for reading (or ID information from) one or more machine-readable UIDs on the user's authenticator device; receive ID information, or scan data comprising the ID information, read by the mobile device from each requested UID on the user's authenticator device; compare the received ID information with stored ID information associated with the UIDs on the user's registered authenticator device; and authenticate the user's identity if the received ID information matches the stored ID information.

The server system may further be configured to receive an authentication request to authenticate a user's identity. The authentication request may be received from a third party entity.

The authenticator device and server system may have any further features as defined in the appended claims or in the previous aspects in relation to authentication (in this case, a user's identity), such as those related to the authenticator having a plurality of different machine-readable UIDs, having drawers with optional rotatable carrier portions, and being an active device for generating third (additional) ID information, along with the corresponding features of the server system such as the requests for ID information appropriate to the features of the authenticator device.

According to an eighth aspect of the invention, there is provided a physical asset, comprising a plurality of different machine-readable UlDs attached thereto, each containing different information for identifying the physical asset. The plurality of machine-readable UIDs preferably includes a nanoparticle or quantum dot-based physical unclonable function (PUF) tag and/or a surface topography-based tag. The physical asset may be or comprise: physical artwork, merchandise, memorabilia, a document such as a deed, contract, agreement, pledge, certificate, accreditation.

The plurality of machine-readable UIDs may further include at least one (any combination) from the following list: a symbol sequence or alphanumeric code; a unique graphic or image; an encoded image, preferably a QR code; a radio frequency identification (RFID) tag; a fingerprint; and a pattern of holes or indentations, optionally or preferably, wherein the holes or indentations have different or congruent shapes.

Preferably, at least some of the one or more UlDs are integrated with one or more labels attached to the asset; and/or embedded within the asset. Preferably, the asset comprises at least four or at least six different machine-readable UIDs.

A physical asset in general can be defined as a tangible item of value, produced by a physical process, that can be held and possessed. In the context of the invention, a connection between a mobile device and a server system means a relationship in which one program (running on the mobile device or server system) requests a service or data/resource from another program (running on the other of the mobile device or server system).

An ID reading device may be any electronic device that can scan, capture, process and/or interpret the data contained in a UID. An RFID tags includes an antenna and a microchip that contains information that can be queried and retrieved by an RFD reader, and which in turn transfers the information to a data processing system (e.g. that of the mobile device or server system). RFID readers are specific to the type of RFID tag adopted, as is known the art.

Features which are described in the context of separate aspects and embodiments of the invention may be used together and/or be interchangeable. Similarly, where features are, for brevity, described in the context of a single embodiment, these may also be provided separately or in any suitable sub-combination. Features described in connection with the system(s), physical media asset and authenticator device may have corresponding features definable with respect to the method(s), and vice versa, and these embodiments are specifically envisaged.

Brief Description of Drawings

In order that the invention can be well understood, embodiments will now be discussed by way of example only with reference to the accompanying drawings, in which: Figure 1 is a schematic diagram of a system according to an embodiment of the invention; Figure 2 is a schematic diagram of a physical media asset according to an embodiment of the invention; Figure 3(a) is a schematic cross-sectional view of the physical media asset of figure 2 according to an example embodiment; Figure 3(b) is a schematic cross-sectional view of the physical media asset of figure 2 according to alternative embodiment in which the RF ID tag is embedded in an insert; Figure 3(c) is a schematic cross-sectional view of an insert; Figure 4 is a schematic diagram of an authenticator device according to an embodiment of the invention; Figure 5 is a schematic diagram of an authenticator device having drawers according to an embodiment of the invention; Figures 6(a) and 6(b) are, respectively, illustrate top and side views of an example authenticator device with drawers according to an embodiment of the invention; Figure 6(c) shows a drawer of the authenticator device of figure 6(a) and 6(b) in an open position; Figures 7(a) and 7(b) are, respectively, schematic top and side views of an authenticator device with drawers according to another embodiment of the invention; Figure 7(c) illustrates the authenticator device of figure 7(a) with the drawers in an open position; Figure 8 is a schematic diagram of an active authenticator device according to an embodiment of the invention; Figure 9 shows a schematic diagram of a method of authenticating a physical asset according to an embodiment of the invention; Figure 10 shows a schematic diagram of a method of authenticating a user identity according to an embodiment of the invention; Figure 11 shows a schematic diagram of a method of secure transaction of a physical asset according to an embodiment of the invention; Figure 12(a) is a schematic diagram of a physical media asset in the form of a vinyl record according to an embodiment of the invention; Figure 12(b) illustrates an example functional label applied to the vinyl record of figure 12(a); Figure 13(a) is a schematic exploded cross-sectional view of the vinyl record of figure 12(a); Figure 13(b) is a schematic exploded perspective view of the vinyl record of figure 12(a); Figure 14 is a schematic view of a vinyl record with a pattern of indentations or holes in the central area for identification; Figure 15 illustrates an example physical media asset in the form of an audio cassette according to an embodiment of the invention; and Figure 16 illustrates an example physical media asset in the form of an optical disc according to an embodiment of the invention.

It should be noted that the figures are diagrammatic and may not be drawn to scale. Relative dimensions and proportions of parts of these figures may have been shown exaggerated or reduced in size, for the sake of clarity and convenience in the drawings. The same reference signs are generally used to refer to corresponding or similar features in modified and/or different embodiments.

Detailed Description

Figure 1 shows a schematic diagram of a system 100 according to an embodiment of the invention.

The system 100 comprises a server system 110 configured to communicate with a mobile device 120 (or similar computing device) via a wireless network 10, a physical media asset 130 and an authenticator device 140. The physical media asset 130 may be a phonograph record disc (e.g. a vinyl record), an optical disc (e.g. CD or DVD, or Blu Ray), a cassette tape (e.g. audio and/or video cassette), or any other form of physical media recording. The physical asset 130 and the authenticator device 130 each comprise one or more machine-readable unique identifiers (UIDs) 132, 142 that contain ID information for identifying the respective physical media asset 130 and authenticator device 140. The UIDs 132 can be provided in or on, or applied to, a non-playing area, region or surface of the physical media asset 130 as part of the manufacture process or a new physical media asset 130, or UIDs 132 can be applied retrospectively to pre-existing physical media products 130. The mobile device 120 comprises one or more ID reading devices 122a, 1226 configured to scan or read the UIDs 132, 142 and a wireless communication module 124 configured to connect to the wireless network 10 so as communicate and send scan data or ID information obtained from a UID 132, 142 to the server system 110. The server system 110 comprises a secure database 112 storing at least the ID information associated with the UIDs 132, 142 on the physical media asset 130 and the authenticator device 140. The server system 110 is configured to compare ID information obtained from a scanned UID 132, 142 (via the mobile device 120) to the stored ID for authentication/verification purposes, as will be described in more detail below. The server system 110 further comprises a wireless communication module 114 for communicating with the mobile device 120 over the network 10 and one or more processing devices 116 for processing data/information received from the mobile device 120 and performing one or more of the functions described herein.

The mobile device 120 is preferably configured to establish a secure connection with the server system 110 and exchange data/information with the server system 110 via a software application, e.g. a mobile or web/browser application running on the mobile device 120, as is known in the art.

The one or more ID readers 122a, 122b of the mobile device 120 capture or acquire scan data from a UID 132, 142. As described below, the one or more UIDs 132, 142 preferably include at least one optically readable UID, and may optionally further include a radio frequency identification (RFID) tag. As such, the mobile device 120 preferably comprises at least an optical reader 122a such as a camera or imaging device to capture image scan data from a UID 132, 142, and optionally also an RFID reader 122b to capture RF scan data from an RFID tag on the asset 130 or authenticator device 140 (where present).

It will be appreciated that the scan data comprises the ID information contained in the UID 132, 142, and depending on the type of UID 132, 142, the scan data may require further analysis or processing to extract the ID information from the scan data before it can be compared to stored ID data at the server system 110 for authentication. In one example implementation, the mobile device 120 is configured with appropriate software to process and extract the ID information from the captured/acquired scan data, and then send the ID information to the server system 110. Alternatively, the data processing can take place remotely from the mobile device 120, at the server system 110. In this case, the mobile device 120 is configured to send to the scan data, i.e. captured image scan data and/or RF scan data, to the server system 110 for processing to extract the ID information. This may be appropriate for more sophisticated UlDs 132, 142 that require significant or proprietary data processing to extract the ID information from the scan data. In either case, within the context of the invention, scan data comprising the ID information is sent from the mobile device 120 to the server system 110. Preferably, the mobile device 120 is configured to encrypt the scan data and send the encrypted scan data to the server system 110, where it is decrypted and optionally processed to extract the relevant ID information. Scan data/encrypted scan data is then deleted from the mobile device 120 after sending.

It will be appreciated that the server system 110 comprises one or more servers in communication with each other. The one or more servers may be located remotely or co-located, and various functions of the present invention may be distributed or allocated between the one or more servers, as appropriate. For example, in one implementation the server system 110 comprises at least one primary server containing the database 112, and further comprises or is in communication with one or more third-party servers (e.g. a manufacturer/supplier of a particular UID 132, 142) configured to receive and process scan data obtained by the mobile device 120 to extract the ID information, which is then sent to the primary server(s) for further processing (e.g. comparison to the stored ID information).

The physical media asset 130 and the authenticator device 140 are associated with a user who is registered with the system 100. In practice, registering a user with the system 100 will typically involve a prospective user providing various details (e.g. name, address, and contact details) to the server system 110 via a secure connection established through the software application (e.g. a mobile application or web application) running on the user's mobile device 120, much like any other online service, and also passing one or more security checks to verify the user's identity. For example, this may be similar to a bank grade security check whereby a prospective user is required to provide or upload various forms of identification and proof of address etc. A user is the owner of their registered physical media asset(s) 130 and authenticator device 140.

In practice, there can be any number of users registered with the system 100, each user having a registered authenticator device 140 and any number of registered physical media assets 130. The database 112 of the server system 110 thus comprises information relating to the authenticator device 140 and physical media asset(s) 130 associated with each user, including information relating to the UIDs 132, 142 on each user's registered authenticator device 140 and physical media assets 130 (e.g. the number and types of UlDs), and the ID information associated with the UIDs 132, 142 on each user's registered authenticator device 140 and physical media asset(s) 130, as well as any other information associated with the asset(s) 130 and user. In one implementation, the database 112 is or comprises a relational database that manages the information for all the users and can be easily queried and updated, as is known in the art. The relational database 112 may also preferably offer temporal support in order to query past instances of the data content. Preferably, once registered with the system 100, each user has a user account (also referred to herein as a user database account) linked with the registered physical media asset(s) 130 and authenticator device 140 Every interaction and transaction with the system 100 can be recorded in the database 112 to build up a timeline/history for each user, and a history/provenance for each physical asset 130 that can optionally be transferred with the ownership of the physical asset 130.

As described in more detail below, the system 100 serves two primary purposes: first, the system 100 can be used, with or without the authenticator device 140, to authenticate the user's physical media asset 130 and ownership of the physical media asset 130; and second, the system 100 can be used with the authenticator device 140 to authenticate the identity of a user for various purposes. These two functions together further facilitate the secure transaction of genuine physical media assets 130 registered with the system 100 and the transfer of their ownership between registered users of the system 100 via a secure online exchange or marketplace (i.e. a bourse) hosted by the server system 110.

It will be appreciated that for authentication/verification of a user's identity, the physical media asset 130 is not necessary, while authenticating the user's identity can optionally be used to improve the process of authenticating a physical media asset 130 and ownership. As such, in certain embodiments, the system 100 can include either or both of the physical media asset 130 and the authenticator device 140, depending on the specific use application.

The authenticator device 140 is a physical tangible device belonging to a registered user with one or more physical UIDs 142 that can be scanned or read by the mobile device 120 and referenced against the stored ID information in the database 112 to verify the user's identity. Once a user is registered with the system 100, they are provided with an authenticator device 140 with one or more UIDs 142, the details and ID information of which is linked with the user account and stored in the database 112. As there is only one authenticator device 140 associated with any given registered user, each with a set of one or more UIDs 142 associated with the registered user's account on the server system 110, a positive match between read/scanned ID information and the stored ID information associated with that users registered authenticator device 140 indicates that the person purporting to be a particular registered user is in fact the registered user. The authentication device 140 can be used as part of a multi-factor verification process, whereby instead of, or in addition to, entering user-known factors such as a username, a password or a code into the mobile device 120, a user is requested to scan or read one or more of the UlDs 142 on their authenticator device 140 to provide the additional security factors (see method 400 below). Each separate UID 142 or a specific combination of UIDs 142 can be used to represent a security factor optionally in combination with a particular orientation of the UID 142 (see figure 7(c)), and requested by the server system 110 during the verification process. Unlike known software and hardware authenticator devices that generate a code based on locally or remotely stored algorithms for verification purposes, the physical nature of the UIDs 142 on the authenticator device 140 provides an entirely analogue verification means that, in a predominantly digital age, is not reliant on programming making it harder to fake or circumvent.

In a preferred embodiment, the physical media asset 130 and the authenticator device 140 comprise a plurality of different machine-readable UIDs 132, 142, each containing different ID information for identifying the respective physical media asset 130 and authenticator device 140. In one example, the physical asset 130 and the authenticator device 140 comprise at least four or at least six different UIDs 132, 142. Providing multiple different UIDs 132, 142 adds additional levels and factors of security to the authentication process. For example, much like online multi-factor verification technique, while it might be possible for an unauthorised person to circumvent one type of UID 132, 142, it is less likely for them to circumvent two different types of UIDs, and even less likely to circumvent three, and so on.

In a preferred implementation, the plurality of UIDs 132, 142 include at least a nanoparticle or quantum dot-based physical unclonable function (PUF) tag (referred to hereafter as a quantum-PUF), and a surface topography-based tag. Such tags are known in the field of product track and trace and are particularly difficult to clone or simulate. They are also optically readable using a mobile device 120 with an optical reader such as camera 122a, such as a conventional smartphone or tablet device. Accordingly, in preferred implementations, the mobile device 120 is a smartphone or tablet device with at least an optical reader 122a such as a camera. Optionally, the physical asset 130 and/or the authenticator device 140 can further include a passive RFID tag. In this case, the mobile device 120 further includes an RFID reader 122b or RFID reader functionality, e.g. a high-frequency RFID chip which is present in most near-field communication (NFC)-enabled or RFID-enabled smartphones.

Figure 2 shows a schematic diagram of a physical media asset 130 according to an embodiment of the invention. The physical media asset 130 comprises a storage medium 131 for storing a copy of a media recording (an audio and/or video recording), and a plurality of machine-readable UIDs 132a-132d provided on or in the storage medium 131, each UID 132a-132d containing ID information for identifying the asset 130 and/or the copy from all other copies of the media recording. The storage medium 131a may be a phonograph record disc (e.g. a vinyl record), an optical disc (e.g. CD or DVD, or Blu Ray), a cassette tape (e.g. audio and/or video cassette), or any other suitable physical storage medium for storing a physical copy of a media recording in persistent physical form (rather than a digital/electronic copy).

The plurality of UIDs 132a-132d includes a quantum-PUF tag 132a, a surface topography-based tag 132b, an RFID tag 132c and one or more further UIDs 132d selected from the group: an encoded image, such as a QR code; a symbol sequence or alphanumeric code; a production sequence number associated with the physical media asset 130; a unique graphic or image; a human fingerprint (e.g. the user's or owner's fingerprint applied after receiving the asset 130); and a pattern of holes or indentations (whose shapes can be the same or different). The unique symbol sequence or graphic may be or comprise a unique combination of hieroglyphs selected from a set or dictionary of hieroglyphs. Preferably, the set or dictionary of hieroglyphs is bespoke/unique and contains at least 500 or 1000 different hieroglyphs.

A PUF is a device with unique optical behaviour produced by random physical characteristics that is hard to clone, hence providing a secure fingerprint (the ID information). A quantum-PUF 132a comprises a randomly deposited array of nanoparticles or quantum dots encapsulated in a transparent layer such as a polymer, forming a unique identification tag. The ID information in a quantum-PUF 132a can be read using a conventional imaging device 122a such as a camera on a smartphone. Reading the information typically involves exciting the tag with a light source (e.g. using a smartphone's built-in camera flash) and measuring the non-linear response of the tag (e.g. using the camera) as described, e.g. in M. J. Fong et al. "Using intrinsic properties of quantum dots to provide additional security when uniquely identifying devices" Scientific Reports (2022), 12 16919. This captures the unique ID information or fingerprint, which is non-trivial to clone or simulate.

A surface topography tag 132b may be or comprise a specific coating or layer applied to the physical asset 130 which comprises a random or pseudorandom microscopic surface modulation, typically in the form of a pattern of indentations/undulations, which can represent or be assigned a unique code. An example of a suitable surface topography tag 132b is described in EP 1849139 Bl. Alternatively, the surface topography of the physical asset 130 itself can be used as the tag, whereby the microscopic structure and/or variations in the surface caused by the manufacture process provides a unique pattern or fingerprint which can be assigned or used to generate a unique code (see, e.g. EP 2960830 B1). The surface topography information can also be read using conventional optical readers 122a such as a camera on a smartphone.

The further UIDs 132d are also optically readable, e.g. using a camera 122a on a mobile device 120.

For example, ID information contained in an encoded image or QR code can be read in the usual manner, and symbols, shapes, text, numbers, or a fingerprint in image data can be detected and extracted by suitable image processing algorithms known in the art. In the case of a pattern of holes or indentations, the pattern itself contains the ID information, e.g. defined by the relative positions of the holes or indentations and optionally their shapes, which can be read from image data using suitable image processing algorithms.

Providing a production sequence number 132d associated with the physical media asset 130 not only allows the specific asset to be identified from all other copies made in a production run/batch but also the specific position/order of the physical media asset 130 in the production/manufacture sequence. For example, the production sequence number may indicate whether a vinyl 131 is the first pressing in the run, the 100th pressing, or the 10,000th pressing. It will be appreciated that, like prints of reproduced artwork, early pressings of a vinyl 131 will be more collectable/valuable than later pressings of the same media recording. The same applies to cassettes and optical discs.

At least some of the plurality of UIDs 132a-132d are incorporated into a label 134 applied to the storage medium 131. For example, a UID 132 can be provided on a surface of the label 134, or embedded within the label 134, e.g. sandwiched or laminated between single or multiple layers of opaque or transparent material. It will be appreciated that, where an optically readable UID 132 is embedded within the label 134, the material or layer(s) of the label 134 covering the UID 132 should be transparent to allow it to be optically read. The physical media asset 130 can further include packaging 136 (e.g. a sleeve, case and/or box), which can optionally include a plurality of UIDs 132a- 132d containing ID information for identifying the physical media asset 130 (not shown).

Figure 3(a) shows a schematic cross-sectional view of an example physical media asset 130 in which a quantum-PUF tag 132a and surface topography-based tag 132b is integrated with a label 134 applied to a surface 131s of the storage medium 131, and an RFID tag 132c is located beneath the label 134. In this example, the RFID tag 132c can be adhered to the surface 131s of the storage medium 131 and the label 134 applied to the surface 131s over the RFID tag 132c. The label 134 may of course comprise any combination of further UIDs 132d, as described above (not shown). In other implementations, the RFID tag 132c can be embedded within layers of the label 134 (not shown).

Figure 3(b) shows an alternative implementation whereby the RFID tag 132c is embedded within an insert 133 that is secured (permanently or releasably) within a recess 131r or depression in the surface 131s of the storage medium 131. The insert 133 can be secured within the recess 131r by adhesive or other suitable means. The insert 133 is preferably located beneath or covered by the label 134, which may again comprise further UIDs 132d. Preferably, the dimensions (e.g. shape, width and thickness) of the insert 133 substantially match the dimensions of the recess 131r or depression such that, when secured or fitted within the recess 131r or depression, it provides or forms a substantially smooth surface 131s of the storage medium 131 to which the label 134 can be applied. However, this is not essential, and in some examples, the insert 133 can have a thickness greater than the depth of the recess 131r, so that the insert 133 protrudes slightly above the surrounding surface 131s of the storage medium 131.

It will be appreciated that at least a part of the storage medium 131 typically comprises or is formed of a moulded plastic or polymer-based material in which a recess of depression can readily be formed during or after manufacture, e.g. as part of the initial moulding process or as an additional subtractive step after the initial moulding process. For example, a phonographic record is typically formed from a vinyl material, a CD, DVD or Blue Ray disc is typically formed from a plastic material (e.g. polycarbonate), and a cassette comprises a plastic shell or casing for holding spools of magnetic tape.

In a preferred implementation, the insert 133 is or comprises a multilayer structure including a first layer 133-1 and a second layer 133-2, whereby the RFID tag 132c is located between the first layer 133-1 and the second layer 133-2. The first layer 133-1 may be located on the recess side of the RFID tag 132c and the second layer 133-2 may be located on the label side of the RFID tag 132c.

The first and second layers 133-1, 133-2 are preferably formed of or comprise a polymer or paper material (and the materials of the first and second layers 133-1, 133-2 need not be the same). The multiple layers can be adhered or otherwise bonded together to form the insert 133. Alternatively, the insert 133 may be formed as a unitary plastic or polymer element in which the RFID tag 132c is embedded, e.g. during a moulding/forming process.

In another example, in addition to or instead of the RFID tag 132c, one or more optically readable UIDs 132, such as the quantum-PUF 132a and/or any of the further UIDs 132d, can be similarly embedded into an insert 133 (not shown). In this case, at least the material/layer(s) of the insert 133 above the optically readable UID(s) 132 should be transparent to allow them to be optical read. Where the insert 133 is covered by the label 134, the label 134 should similarly comprise a transparent region positioned above the optically readably UID(s) 132 to allow them to be optically read.

Figure 4 shows a schematic diagram of an authenticator device 140 according to an embodiment of the invention. The authenticator device 140 comprises a main body 144 and a plurality of different machine-readable UIDs 142a-142d provided in or on the main body 144, whereby each UID 142a- 142d contains different information for identifying the authenticator device 140.

The plurality of UIDs 142a-142d includes a quantum-PUF tag 142a, a surface topography-based tag 142b, an RFID tag 142c and one or more further UIDs 142d selected from the group: an encoded image, such as a QR code; a symbol sequence or alphanumeric code; a unique graphic or image; a human fingerprint (e.g. the user's or owner's fingerprint applied after receiving the asset 140); a microchip; and a pattern of holes or indentations (whose shapes can be the same or different). The unique symbol sequence or graphic may be or comprise a unique set or combination of hieroglyphs.

The main body 144 preferably comprises one or more internal compartments 146 configured to receive (and store) one or more drawers 148a-148d on/in which at least some of the UIDs 142a-142d are provided. The authenticator device 140 may comprise a separate drawer 148 for each UID 142a-142d, or a particular drawer 148 may comprise multiple UIDs 142a-142d. The drawers 148a-148d are moveable (slidable) between an open position in which the UIDs 142a-142d are located outside of the main body 144 and readable, and a closed position in which the UIDs 142a-142d are located inside the main body 144, within an internal compartment 146. In this way, the UIDs 142a-142d can be stored within the main body 144 of the authenticator device 140 and protected from the external environment when not in use. This may in turn prevent or reduce damage to, and slow any degradation of, the UIDs 142a-142d that may occur over time. In a preferred embodiment, the drawers 148a-148d are removable and/or interchangeable.

One of the drawers 148d may contain a user-defined/selected unique physical object, such as a seashell or other such item with unique physical or optical properties that can be optically read. For example, a user can choose an object, and send an image of it to the server system 110 (via the mobile device 120), where it is stored in the database 112 for comparison to future images acquired during an authentication process, on the basis that only the registered user would have such an item in their authenticator device 140.

Figure 5 shows a schematic diagram of an authenticator device 140 with one drawer 148a in an open position and another drawer 148b in a closed position. The drawers 148a-148d are received through respective openings 144o in the main body 144 that lead to the internal compartment(s) 146, as shown in figure 5. Preferably, the drawers 148a-148d are configured to at least partially close, and optionally seal, the openings 144o when in the closed position to further assist in protecting the UIDs 142-142d.

In one embodiment, the authenticator device 140 is a passive device which has no power source or means of connecting with another device or network 10 (other than an RFID reader 122b reading the passive RFID 142c).

Figures 6(a) and 6(b) illustrate top and side views of an example passive authenticator device 140 comprising four drawers 142d-148d. As before, each drawer 148a-148d is movable between an open and closed position. Figure 6(c) shows the authenticator device 140 with a drawer 148a in an open position. In this example, the drawer 148a comprises a quantum-PUF tag 142a and a QR code 142d.

A through hole 144t is also provided in the main body 144 for attaching the device 140 to a key ring, key chain or other loop of material.

Figures 7(a) and 7(b) illustrate top and side views of another example passive authenticator device 140 comprising eight drawers 148d-148d. As before, each drawer 148a-148d is movable between an open and closed position. Figure 7(c) shows the authenticator device 140 with the drawers 148a-148d in the open position. In contrast to the example of figure 6, each drawer 148a-148d comprises a respective carrier portion 1481 on which a UID 142 is provided, whereby each carrier portion 1481 is configured to rotate relative to the respective drawer 148. This provides for manual adjustment of the orientation of the UID 142 relative to the respective drawer 148, as indicated by the arrow in figure 7(c). In one example, the carrier portions 1481 are adjustable between eight stable positions. Each carrier portion 1481 further comprise a set of markings (e.g. graduations) 1481m to visually identify the relative orientation. In the example shown, the carrier portion 1481 is substantially circular and the markings 1481m extend around the periphery of the carrier portion 1481. The drawer 148 may also include at least one marking 148m adjacent the carrier portion 1481 to help read/set the relative orientation. The markings 148m, 1481m can be captured by the reader (e.g. mobile device camera) and used to determine the relative orientation.

Adjusting the orientation of the UIDs 142a-142d adds a further level of security whereby the orientation of, and the ID information contained in, the UID 142 can be read and combined as part of the authentication process. For example, a user may be requested to scan/read a particular UID 142 in a particular drawer 148 and in a particular orientation, as described in more detail below.

Figure 8 shows a schematic diagram of an example authenticator device 240 according to an alternative embodiment of the invention. In this example, authenticator device 140 is an active device.

In addition to the plurality of UIDs 142a-142d, the authenticator device 240 further comprises: a power source 242 such as a battery, one or more output devices 244a, 244b including at least a display 244a (e.g. a touch screen display) and optionally an audio output (speaker) 244b, one or more inputs 246, and a processor 248. The one or more inputs 246 may be separate input devices such as buttons, or they may be integrated with the display 244a where the display 244a is a touch screen display, as is known in the art. Preferably, the authenticator device 240 does not include a wireless communication module, or any means to connect to a wireless network 10 such as the internet, or be in data communication with a mobile device 120.

The processor 248 is configured with suitable programming to generate, in response to a user input via the one or more inputs 246, additional ID information for identifying the authenticator device 240.

The additional ID information is preferably a unique and dynamic image for outputting on the display 244a generated based, at least in part, on ID information in one or more of the UIDs 142a-142d on/in the authenticator device 240. The additional ID information may further comprise an audio signal output by the audio output 244b. In this case, the mobile device 120 can read or scan the additional ID information by capturing an image of the dynamic image or recording a video of the dynamic image over a period of time which may include recording the audio signal (where generated). The corresponding additional ID information can be generated by the server system 110 based on the stored ID information associated with the authenticator device 240 using the same algorithm(s) for comparison to the additional ID information received from the mobile device 120 as part of the authentication process.

Figure 9 shows an example method 300 of authenticating a physical media asset 130 using the above-described system 100 according to an embodiment of the invention. The authentication method 300 is preferably facilitated in part by a software application (mobile or web app) running on the mobile device 120 which establishes a secure connection to the server system 110 and manages the data acquisition, transmission and receipt of data and the various requests to and from the server system 110. The software application preferably comprises a graphical user interface (not shown) providing the necessary options, input fields and output fields for initiating the method 300, displaying the various prompts, requests and messages received from the server system 110, and responding to the prompts/requests in order to guide the user through the authentication process 300.

In step 301, the server system 110 receives an authentication request from the mobile device 120 to authenticate a user's physical media asset 130. In practice, this may be triggered by a user, who is logged into their user account on the software application, initiating the authentication process for a specific physical media asset 130 via the software application. The authentication request is thus associated with a specific user and physical media asset 130 linked to the user's account. The authentication request will therefore comprise enough information to identify the user or user account and the physical media asset 130 to be authenticated (e.g. the information in the request may include the user name or a user ID, and the title and type of the physical media asset 130, in a suitable format).

In step 302, the server system 110 sends a first request to the mobile device 120 for first ID information from one or more UIDs 132 on the physical media asset 130. The server system 110 may generate the first request based, at least in part, on information in the user database 112 regarding the UIDs 132 associated with the user's physical media asset 130 being authenticated -that is, the server system 110 needs to at least know what UIDs 132 should be on the physical media asset 130 before it can request ID information from it. Where the physical media asset 130 comprises a plurality of different machine-readable UIDs 132a-132d, each containing different first ID information for identifying the physical media asset 130, the first request may comprise a request for first ID information from each of the plurality of UIDs 132a-132d on the physical media asset 130. Alternatively, the first request may comprise a request for first ID information from a particular selection of one or more of the UIDs 132a-132d on the physical media asset 130. In this case, the selection may be generated randomly based on the list of UIDs 132 associated with the user's registered physical media asset 130. Alternatively, the selection may be based on one or more predefined criteria, e.g. a user's prior authentication request history, or any further information included in the authentication request. The database 112 may be queried for any relevant information needed for generating the first request.

The user is then prompted, via the software application on the mobile device 120, to scan or read the requested UlDs 132 using their mobile device 120. As such, the method 300 may further comprise reading, by the mobile device 120 in response to the first request, the requested one or more UIDs 132 on the physical asset. This involves acquiring, by the mobile device 120, scan data comprising the ID information using the appropriate ID reader 122a, 122b. Following the reading/acquisition step, the mobile device 120 sends the first ID information or scan data comprising the first ID information to the server system 110. The first ID information or scan data is not stored on the mobile device 120 thereafter -which is required for security. That is, the mobile device 120 is configured to store the first ID information or scan data only temporarily for the purposes of transmission to the server system 110, and then delete first ID information or scan data. The first ID information or scan data from each requested UID 132 is a separate piece or packet of data sent by the mobile device 120 to the server system 110 and is associated with the respective UID 132, e.g. the data may include information identifying the UID 132, such as a name, type, or code. Preferably, data is encrypted before sending to the server system 110, where it is decrypted.

In step 303, the server system 110 receives the requested first ID information, or scan data comprising the first ID information, from the mobile device 120. The server system 110 may be configured to process the received data to extract the first ID information where necessary. Where necessary, this may involve sending the data to one or more third party servers (e.g. the manufacturer of the identifier 132) for processing, and receiving the extracted ID information from the one or more third party servers.

In step 304, the server system 110 compares the received/requested first ID information with stored first ID information associated with the UIDs 132 on the user's registered physical media asset 130.

Comparing comprises querying the user database 112 for the relevant ID information associated with the user's registered physical media asset 130. Preferably, the comparison is like-for-like, that is, the received/requested first ID information from a given UID 132 is compared with the corresponding stored ID information for that same UID 132 (i.e. rather than comparing each received/requested first ID information against all the stored ID information associated with the physical media asset 130 to look for a match).

In step 305, the server system 110 authenticates the physical media asset 130 if the received first ID information matches the stored first ID information. This preferably involves generating and sending a message to the mobile device 120 confirming success or failure of the authentication. Preferably, every interaction with the server system 110 is recorded in the database 112.

The authentication method 300 may optionally involve the use of the authenticator device 140 to verify the identity of the user and improve the security of the authentication. In this way, the physical media asset 130 can only be authenticated if the physical media asset 130 is the physical media asset registered to a user, and the person purporting to be the user is in fact the user.

In this case, the method 300 further comprises a step 302a of sending, by the server system 110 in response to the authentication request, a second request to the mobile device 120 for second ID information from one or more machine-readable UIDs on a user's authenticator device 140. Similar to the first request in step 302, the server system 110 may generate the second request based, at least in part, on information in the user database 112 regarding the UIDs 142 associated with the user's registered authenticator device 140. Where the authenticator device 140 comprises a plurality of different machine-readable UIDs 142a-142d, each containing different second ID information for identifying the authenticator device 140, the second request may comprise a request for second ID information from each of the plurality of UIDs 142a-142d on the authenticator device 140. Alternatively, the second request may comprise a request for second ID information from a particular selection of one or more of the UIDs 142a-142d on the authenticator device 140. In this case, similar to step 302, the selection may be generated randomly based on the list of UIDs 142a-142d associated with the user's registered authenticator 140. Alternatively, the selection may be based on one or more predefined criteria, e.g. a user's prior authentication request history, or any further information included in the authentication request. The database 112 may be queried for any relevant information needed for generating the second request.

The user is then prompted, via the software application on the mobile device 120, to scan or read the requested UIDs 142 using their mobile device 120, as described above in step 302. Following the reading/acquisition step, the mobile device 120 sends the second ID information or scan data comprising the second ID information to the server system 110, whereby the second ID information or scan data is not stored on the mobile device 120 thereafter.

In step 303a, the server system 110 receives the requested second ID information, or scan data comprising the second ID information, from the mobile device 120. The server system 110 may be configured to process the received data to extract the second ID information where necessary. This may involve sending the data to one or more third party servers (e.g. the manufacturer of the UID 142) for processing, and receiving the extracted ID information from the one or more third party servers.

At step 304, in addition to comparing the received/requested first ID information with stored first ID information, the server system 110 compares the received/requested second ID information with stored second ID information associated with the UIDs 142 on the user's registered authenticator device 140. As described previously, comparing may comprise querying the user database 112 for the relevant ID information associated with the user's registered physical media asset 130, and is preferably a like-for-like comparison.

Finally, at step 305, the server system 110 authenticates the physical media asset 130 if the received/requested first and second ID information match the respective stored first and second ID information.

Where the authenticator device 140 comprises one or more drawers 148a-148d, each with a rotatable carrier portion 1481 on which at least one of the one or more UlDs 142a-14d is provided, the second request in step 302a may be a request for reading one or more machine-readable UIDs 142a-142d when in a particular orientation relative to the respective drawer 148. In this case, the second request preferably comprises a message prompting the user to adjust the orientation of a carrier portion 1481 containing a requested UID 142 by a predetermined amount relative to a current orientation or a user-defined starting orientation of the carrier portion 1481. In this way, the requested orientation is the result of adjusting (by the user) the orientation by the requested amount. The start positions are a user-defined set of orientations for each carrier portion 1481, that are stored in the database (similar to a password). Where the requested adjustment is from the current position, the previous requested orientation should in principle be the current orientation of the carrier portion 1481. As such, the user may, in response to the request to adjust the orientation of the requested carrier portion(s) 1481 by a respective predetermined amount, either set the carrier portion 1481 to the start position and then adjust the orientation by the predetermined amount, or the user may simply adjust the orientation from the current position by the predetermined amount.

In this case, step 303a may comprise processing the scan data to determine the relative orientation of the carrier portion 1481, and step 304 may further comprise comparing the requested orientation to an expected orientation determined based on the previous requested orientation or the user-defined starting position and the current requested adjustment. Authentication in step 305 may be conditional upon matching ID information and orientations.

Preferably, the method 300 further comprises authenticating the physical media asset 130 on the basis of matching ID information and geolocations of the physical media asset 130 and the authenticator device 140. In this way, the physical media asset 130 can only be authenticated if the physical media asset 130 is the physical media asset registered to a user, the person purporting to be the user is in fact the user, and if the user has their physical media asset 130 and authenticator device 140 with them together at the same time.

In this embodiment, the mobile device 120 is further configured to determine its geolocation at a time of scanning the UlDs 132, 142 and send the geolocation information to the server system 110 along with the data containing the ID information. For example, the mobile device 120 may comprise one or more locator modules 126, such as a GPS module or any other suitable location/tracking technology.

Then, at steps 303 and 303a, the server system 110 further receives, respectively, a first geolocation of the mobile device 120 associated with a time of reading the requested UIDs 132 on the physical media asset 130, and a second geolocation of the mobile device 120 associated with a time of reading the requested UIDs 142 on the authenticator device 140.

At step 304, in addition to comparing the received/requested first and second ID information with stored first and second ID information, the server system 110 compares the received first and second geolocations associated with the respective first and second ID information.

Finally, at step 305, the server system 110 authenticates the physical media asset 130 if the received first and second ID information match the respective stored first and second ID information, and if the first and second geolocations substantially match.

In a further embodiment, where the authenticator device 140 is an active device 240 as described above with reference to figure 8, the method 300 can comprise steps 302b, 302c and 303b. Steps 302b, 302c and 303b can be performed instead of or in addition to steps 302a and 303a. In step 302b, the server system 110 sends, in response to the authentication request, a third request to the mobile device 120 for third ID information from a user's authenticator device 240. At step 302c, the authenticator device 240 generates third ID information based, at least in part, on second ID information from UIDs 142a-142d on the authenticator device 240, and outputs the third ID information, by the one or more output devices 244a, 244b (i.e. a display and/or speaker) of the authenticator device 240. The third ID information comprises visual and/or audio information, and is preferably a dynamic image output on the display 244a with an optional audio component output simultaneously by the audio output 244b. The authenticator device 240 can be configured to generate the third ID information using suitable pre-programmed algorithms. The authenticator device 240 generates and outputs the third ID information in response to a user input via the one or more inputs 246 (i.e. via input buttons or touch screen display 244a). The user then scans or reads the third ID information using their mobile device 120. This preferably comprises capturing image or video scan data of the dynamic image output by the authenticator device 240. Following the reading/acquisition step, the mobile device 120 sends the third ID information or data comprising the second ID information (preferably encrypted) to the server system 110, and then deletes the third ID information or scan data thereafter.

At step 303b, the server system 110 receives the third ID information, or scan data comprising the third ID information. The received data may be processed by the server system 110 to extract the third ID information where necessary. At step 304, the server system 110 further compares the received/requested third ID information to corresponding third ID information generated using stored second ID information associated with the UIDs 142a-142d on the user's authenticator device 240. For example, the server system 110 can use the same algorithms as used by the processor 248 of the authenticator device 240 to generate the third ID information from the stored second ID information. Step 303b may further comprise receiving third geolocation of the mobile device 120 associated with a time of reading/scanning the third ID information.

At step 305, the server system 110 authenticates the physical media asset 130 if the received/requested first ID information matches the stored first ID information, and if the received/requested third ID information matches the corresponding third ID information generated by the server system 110, and optionally also conditional upon the first and third geolocations substantially matching, and/or the received/requested second ID information matching the respective stored second ID information.

Figure 10 shows an example method 400 of verifying or authenticating a user's identity using the above-described authenticator device 140 and system 100 according to an embodiment of the invention. The method 400 can be used as part of the authentication method 300 described above (see e.g. steps 302a and 303a), as part of the transaction method 500 described below with reference to figure 11, or as part of a third party verification process.

In step 401, the server system 110 sends, in response to a verification request to verify a user's identity, an ID request to the user mobile device 120 for ID information from one or more machine-readable UIDs 142 on the user's registered authenticator device 140. The verification request is received from a requesting entity. This may be third party entity (where the method 400 is used as part of a third party verification process), the mobile device 120 of the user, or it may be generated/initiated within the server system 110 as part of method 300 or 500.

As described above with reference to method 300, the server system 110 may generate the ID request based, at least in part, on information in the user database 112 regarding the UIDs 142 associated with the user's registered authenticator device 140. Further, where the authenticator device 140 comprises a plurality of different machine-readable UIDs 142a-142d, optionally with rotatable carrier portions 1481, the ID request may comprise a request for ID information from each of the plurality of UIDs 142a-142d on the authenticator device 140 optionally in particular orientations, or from a particular selection of one or more of the UIDs 142a-142d optionally in particular orientations. In the latter case, similar to method 300, the particular orientations and/or the selection may be generated randomly based on the list of UIDs 142a-142d associated with the user's registered authenticator 140, or generated based on one or more predefined criteria, e.g. a user's prior authentication request history, the requesting entity, or any further information included in the authentication request. The database 112 may be queried for any relevant information needed for generating the ID request.

The user is then prompted, via the software application on the mobile device 120, to scan or read the requested UIDs 142 using their mobile device 120, as described above in method 300. Following the reading/acquisition step, the mobile device 120 sends the ID information or scan data comprising the ID information (preferably encrypted) to the server system 110, and then deletes the ID information or scan data.

At step 402, the server system 110 receives the requested ID information or scan data comprising the ID information read by the mobile device 120. As described in step 303a, the received data may be processed by the server system 110 to extract the ID information where necessary. I()

At step 403, the server system 110 compares the received/requested ID information with stored ID information associated with the UIDs 142 on the user's registered authenticator device 140. As described previously, comparing may comprise querying the user database 112 for the relevant ID information associated with the user's registered physical media asset 130, and is preferably a like-for-like comparison.

Finally, at step 404, the server system 110 authenticates the user's identity if the received ID information matches the stored ID information. This preferably involves generating and sending a message to the mobile device 120 or the requesting entity confirming success or failure of the authentication.

Where the authenticator device 140 is an active device 240 as described above with reference to figure 8, the method 400 can optionally comprise steps 401a, 401b, 402a, 403a and 404a. Steps 401a to 404a can be performed instead of or in addition to steps 401 to 404. Steps 401a-403a are equivalent to steps 302b, 302c and 303b in method 300.

In step 401a, the server system 110 sends, in response to the authentication request, a second ID request to the mobile device 120 for additional ID information from a user's authenticator device 240. At step 401 b, the authenticator device 240 generates (in response to a user input via the one or more inputs 246) additional ID information based, at least in part, on ID information from UIDs 142a-142d on the authenticator device 240, and outputs the additional ID information, by the one or more output devices 244a, 244b (i.e. a display and/or speaker) of the authenticator device 240. The user then scans or reads the additional ID information using their mobile device 120. This preferably comprises capturing image or video scan data of the dynamic image output by the authenticator device 240.

Following the reading/acquisition step, the mobile device 120 sends the additional ID information or data comprising the additional ID information to the server system 110 (and deletes the additional ID information or scan data thereafter).

At step 402a, the server system 110 receives the requested additional ID information, or scan data comprising the additional ID information. The received data may be processed by the server system to extract the ID information where necessary.

At step 403a, the server system 110 compares the received/requested additional ID information to corresponding additional ID information generated using stored ID information associated with the UIDs 142a-142d on the user's authenticator device 240.

At step 404a, the server system 110 authenticates the user's identity if the received/requested additional ID information matches the corresponding additional ID information generated by the server system 110. This preferably involves generating and sending a message to the mobile device 120 or the requesting entity confirming success or failure of the authentication. Where steps 401a-404a are performed in addition to steps 401-404, the authentication is preferably further conditional upon the received ID information from the UID 142a-142d matching the stored ID information.

Figure 11 shows an example method 500 of secure transaction of a physical media product 130 using the above-described system 100 according to an embodiment of the invention. The transaction is performed between two users who are registered with the system 100.

In step 501, the server system 110 receives, from a mobile device 120 of a first user (a buyer), an offer to purchase a second user's (the seller) physical media asset 130 listed on an online marketplace (or exchange or bourse) hosted by the server system 110. Registered users can access and interact with the online market place (e.g. browse, list, and buy physical media assets 130) via the software application on their mobile device 120.

Step 501 may further comprise, prior to receiving an offer for the asset from a first user, listing the second user's physical media asset 130 for sale on the online marketplace. This involves the second user sending a request, via the software application on their mobile device 120, to the server system 110 to list their physical media asset 130 for sale on the online marketplace. In response to this request, the server system 110 sends a request to the mobile device 120 of the second user to authenticate the physical media asset 130. This process of asset authentication preferably proceeds according to method 300 described above with reference to figure 9. The second user may also be asked to send images of the physical media asset 130 to check its condition. Once the physical media asset 130 is authenticated (and optionally its condition is checked), the server system 110 lists the physical media asset 130 for sale on the online marketplace.

Step 502 comprises verifying or authenticating the identity of the first user. This preferably comprises the verification method 400 described above with reference to figure 10 (where, in this case, the requesting entity is the server system 110).

At step 503, the server system 110 sends, in response to positive verification of the first user and in response to the second user accepting the offer, an authentication request to the second user's mobile device 120 to authenticate the physical media asset 130. The authentication process preferably proceeds as described in method 300. The server system 110 may send a message to the mobile device 120 of the first user indicating success of failure of the authentication.

At step 504, the server system 110 initiates a transaction with the first user for the purchase of the physical media asset 130 in response to positive authentication of the physical asset. This may involve the first user transferring funds to an account associated with the system 100. The server system 110 may send a message to the mobile device 120 of the second user indicating the initiation of the transaction.

At step 505, upon completion of the transaction, the server system 110 deregisters or removes the purchased physical media asset 130 and its associated ID information from the second user's database or their database account. The second user may be transferred the funds at this stage.

In practice, at this point the second user (seller) preferably sends (posts) the physical media asset 130 to a location or site associated with system 100 where the condition of the physical media asset 130 and its UIDs 132 are checked. The first user may then be informed of the results of the check (e.g. via message sent to their mobile device 120).

The first user may be asked if they want to keep the UIDs 132 on the purchased physical media asset 130, or if they want new UIDs 132 on the purchased physical media product 130. This information may already be included/provided in the offer or the server system 110 may send a message to the mobile device 120 of the first user requesting this information. This request may be included in the message informing the first user of the results of the physical check, or it may be separate message.

If new UIDs 132 are requested, the physical media asset 130 with the new UIDs 132 is sent to the first user. If new UIDs 132 are not requested, the physical media asset 130 with the existing UIDs 132 is sent to the first user. The method 500 then proceeds to either step 506a or 506b.

At step 506a, the server system 110 adds the purchased physical media asset 130 with its associated (existing) ID information to the first user's database or database account. Alternatively, at step 506b, the server system 110 adds the purchased physical asset 130 with ID information associated with the new UIDs 132 provided on the purchased physical media asset 130 to the first user's database or database account (if new UlDs were requested by the first user). At this stage, the first user becomes the new owner of the physical media asset 130. A record of the transaction is stored in the database 112.

Preferably, the method proceeds to step 507, whereby upon receipt of the purchased physical media asset 130 by the first user, the first user authenticates the purchased physical media asset 130, to check it is genuine and they have bought what they thought they bought. The authentication process preferably proceeds as described in method 300. This first authentication performed by the first user may serve to confirm completion of the transfer of ownership and transaction, and/or confirm the asset registration, by informing the server system 110 that the first user has received the purchased physical media asset 130.

As described above, every interaction and transaction with the system 100 can be recorded in the database 112 to build up a timeline/history for each user, and a history/provenance for each physical asset 130 that can optionally be transferred with the ownership of the physical asset 130. This may also be used a means of verifying a user's identity, if e.g. the user loses their authenticator device 140, 240 they can reference certain interactions and transactions recorded in their database 112 to verify their identity, and/or use their physical media asset 130 as a means of user verification.

Figure 12(a) shows a schematic diagram of a physical media asset 130 according to an embodiment in which the storage medium 131 is a phonographic disc (referred to hereafter as a vinyl). The vinyl 131 comprises a substantially flat disc with central "run-off" area 1311 (a non-playing area) with a centre spindle hole 1313, surrounded by a substantially annular track area 1312 (a playing area) comprising the grooves, as is known in the art. A label 134 comprising a quantum-PUF tag 132a, a surface topography tag 132b and one or more further UIDs 132d is applied to the central area 1311. Preferably, the vinyl 131 also includes an RFID tag 132c, either located beneath the label 134 and/or embedded within an insert 133, as described above.

Figure 12(b) shows an example label 134 comprising a quantum-PUF 132a, a surface topography tag 132b, and multiple further optically readable UIDs 132d. The label 134 comprises a central spindle hole 134o to align with the spindle hole 1313 of the vinyl 131. In addition, the diameter d2 of the label 134 is less than the diameter dl of the central area 1311 of the vinyl 131 so as not to interfere with the playback of the media recording. In this example, the further optically readable UIDs 132d include: a set of symbols or a unique graphic (in this case a unique set or combination of custom hieroglyphs) 132d1; an encoded image (in this case a QR code) 132d2; a production sequence number associated with the vinyl 132d3; and a fingerprint (e.g. the user's or owner's fingerprint) 132d4. The label 134 also includes album information 134i.

Figure 13(a) shows an exploded cross-sectional view of the vinyl 131 of figure 12(a). As shown, the vinyl 131 comprises an insert 133 that fits into a recess 131r in the surface of the central area 1311 of the vinyl 131 to form a substantially flat outer surface onto which the label 134 can be applied. The insert 133 is a substantially circular or disc-shaped element with a central spindle hole 134o for aligning with the spindle hole 1313 of the vinyl 131 and the spindle hole 134o of the label 134, as shown in figure 13(b). The diameter d2 of the label 134 is greater than the diameter d3 of the recess 131r (and corresponding insert 133) in order to cover the insert 133. A unique silk thread 138 can be positioned in the recess 131r beneath the insert 133. With reference again to figure 13(b), the vinyl 131 may optionally further comprise an additional label 134' on the central area of the rear side of the vinyl 131 (e.g. with corresponding album information 134i), and one or more intermediate layers 134" between the label 134 and the central area 1311. The intermediate layers 132" may serve as spacer layers. Although the insert 133 is shown as being substantially circular/disc shaped this is not essential. In other examples, the insert 133 and recess 131r may be substantially non-circular in shape (not shown). Further, although the insert 133 is shown taking up the majority of the central area 1311 and including a spindle hole 133o, this is also not essential. In other examples, the insert 133 may instead be smaller in size and/or offset from the central spindle hole 1313 of the vinyl 131.

Figure 14 shows an example of a vinyl 131 comprising a pattern of holes or indentations provided in the central area 1311 which can serve as a further UID 132d5. The holes or indentations 132d5 can have different or congruent shapes to add further depth to the ID information encoded in the pattern.

The recess 131r and/or the pattern of holes 132d5 can be produced during the pressing of the vinyl 131 (i.e. incorporated into the vinyl stamps), or produced after the pressing using a subtractive process (e.g. milling, laser etching, or other suitable technique). It will be appreciated that the recess 131r should have a suitable depth not to substantially weaken or adversely affect the mechanical properties of the vinyl 131. It may, in some cases, be necessary to increase the thickness of the vinyl to accommodate the recess 131r. The thickness of a standard vinyl record is approximately 2.2 mm.

In one example, the recess 131r can have a depth of approximately 0.6-0.7 mm and the insert 133 has a corresponding thickness. In another example, the thickness of the vinyl 131 can be increased slightly to 2.5 mm to accommodate a slightly thicker insert 133 where necessary.

Figure 15 shows an illustration of another example physical media asset 130 in the form of an audio cassette 131 with a label 134 comprising multiple UIDs 132, including a quantum-PUF 132a, a surface topography tag 132b, an RFID tag 132c (provided beneath the label 134 optionally within an insert 133 as described above), a set of symbols or a unique graphic (in this case a set or combination of custom hieroglyphs) 132d1, an encoded image (in this case a QR code) 132d2, a production sequence number associated with the cassette 132d3, and a fingerprint (e.g. the user's or owner's fingerprint) 132d4. The label 134 also includes album information 134i. In this case, the non-playing area/region of the storage medium 131 is the casing part of the cassette that holds the spools of magnetic tape, as is known in the art.

Figure 16 shows an corresponding illustration of another example physical media asset 130 in the form of a compact disc (CD) 131 with a label 134 comprising multiple UIDs 132, including a quantumPUF 132a, a surface topography tag 132b, an RFID tag 132c (provided beneath the label 134 optionally embedded within an insert 133 as described above), a set of symbols or a unique graphic (in this case a set or combination of custom hieroglyphs) 132d1, an encoded image (in this case a QR code) 132d2, a production sequence number associated with the CD 132d3, and a fingerprint (e.g. the user's or owner's fingerprint) 132d4. The label 134 also includes album information 134i. In this case, the non-playing area/region of the storage medium 131 is the top/label side of the CD or the area surround the centre hole, as is known in the art. Other example physical media assets 130 according to the invention include a DVD, Blu Ray disc and video cassette (not shown).

Although not shown in figures 12 to 16, each of the example physical media assets 130 can include packaging 136, which can optionally include machine readable identifiers linked to the physical media asset 130 in the database 112.

Although the system 100 has been described as authenticating a physical media asset 130, such as vinyl, cassette, CDs etc, it will be appreciated that the principles described above can be applied to any form of physical asset 130 that has value and/or is collectable and requires authentication from time to time. For example, the invention can be applied to physical assets 130 including but not limited to: physical artwork, memorabilia (e.g. music, film, or entertainment memorabilia), merchandise, and physical documents such as a deed, contract, agreement, pledge, certificate, or accreditation. Such a physical asset can be provided with one or more machine-readable UIDs to integrate and be used with the system 100 and methods 300, 400, 500 in the same way as described above for physical media assets 130. Preferably, a physical asset is provided with a plurality of machine-readable UIDs including at least a quantum-PUF 132a and a surface topography tag 132c, and may further include at least one (any combination) from the following list: a symbol sequence or alphanumeric code; a unique graphic or image; an encoded image, preferably a QR code; a radio frequency identification (RFID) tag; a fingerprint; and a pattern of holes or indentations (with different or congruent shapes).

In another example, it will be appreciated that system 100 and the principles of the invention can be applied to the fields of financial transactions and secure online user verification, whereby an external entity may send an authentication request to the server system 110 to verify the identity of a user for the purposes of a financial transaction or user account set-up or sign in. Where the user is registered with the server system 110 and has a registered authenticator device 140, 240, the method 400 described above reference to figure 10 is directly applicable and can be used as part of a multi-factor verification process.

In yet another example, the system 100 and the principles of the invention can be applied to managing and tracking transactions between entities to streamline collaborations and create a secure and reliable audit trail. In this case, a transaction is any interaction or exchange between two entities. For example, a first and second entity may be individually registered with the system 100, whereby certain authorised individuals associated with the respective first and second entities (e.g. users/employees/managers) are issued with an authenticator device 140, 240 registered with/linked to the respective entity's database account. The first and second entity may enter into an agreement to undertake a joint venture, partnership, collaboration or generally to do business together. This may be established by a contract or other agreement signed by the respective authorised individuals of the first and second entities. Preferably, the agreement is in the form of a physical document (physical asset) provided with one or more UlDs 132 linked to both the entity's accounts with the system 100, such that the document can be authenticated using the authentication method 300 described above. Preferably, each entity can be further associated with a third/joint account relating to the specific joint venture/collaboration. For each transaction between the first and second entities, (e.g. an authorised person authorising an action event or process) the authorising person's identity can be verified using the method 400, and the details of the transaction (e.g. details of the authorising person, the action or event being authorised, time and date, etc.) can be automatically recorded in the database 112 linked with the third/joint account, to create an audit trail indicating who authorised what and when. In addition, any products (physical assets) owned by the respective entities and involved in the joint venture can be provided with one or more UIDs 132 and registered with the respective entity's database account, allowing any transport, exchange or change of ownership of the products to be tracked and traced using the system 100. Product track and trace can also be recorded in the database 112 linked with the third/joint account.

From reading the present disclosure, other variations and modifications will be apparent to the skilled person. Such variations and modifications may involve equivalent and other features which are already known in the art, and which may be used instead of, or in addition to, features already described herein.

Although the appended claims are directed to particular combinations of features, it should be understood that the scope of the disclosure of the present invention also includes any novel feature or any novel combination of features disclosed herein either explicitly or implicitly or any generalisation thereof, whether or not it relates to the same invention as presently claimed in any claim and whether or not it mitigates any or all of the same technical problems as does the present invention.

Features which are described in the context of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.

For the sake of completeness it is also stated that the term "comprising" does not exclude other elements or steps, the term "a" or "an" does not exclude a plurality, and any reference signs in the claims shall not be construed as limiting the scope of the claims.

Claims (46)

1. CLAIMS1. A physical media asset, comprising: a storage medium for storing a copy of a media recording; and one or more machine-readable unique identifiers provided on or in a preferably non-playing area of the storage medium, the one or more unique identifiers containing information for identifying the copy from all other copies of the media recording.
2. 2. The asset of claim 1, comprising a plurality of different machine-readable unique identifiers, each containing different information for identifying the copy; and optionally or preferably, wherein the asset comprises at least four or at least six different unique identifiers.
3. 3. The asset of claim 1 or 2, wherein the one or more machine-readable unique identifiers comprise at least one of: a physical unclonable function (PUF) tag, preferably a nanoparticle or quantum dot-based PUF tag; and a surface topography-based tag.
4. 4. The asset of any preceding claim, wherein the one or more machine-readable unique identifiers include at least one of: a radio frequency identification (RFID) tag; an encoded image, preferably a OR code; a symbol sequence or alphanumeric code; a production sequence number associated with the asset; a unique graphic or image, optionally a unique set of hieroglyphs; a fingerprint; and a pattern of holes or indentations, optionally or preferably, wherein the holes or indentations have different or congruent shapes.
5. 5. The asset of any preceding claim, wherein at least some of the one or more unique identifiers are: integrated with one or more labels attached to the non-playing area of the storage medium; and/or embedded within the non-playing area of the storage medium.
6. 6. The asset of any preceding claim, wherein the one or more unique identifiers include an RFID tag located beneath or embedded within a label attached to the non-playing area of the storage medium.
7. 7. The asset of any preceding claim, wherein an RFID tag is embedded within an insert that is located within a recess in a surface of the non-playing area of the storage medium; and optionally or preferably, wherein the dimensions of the insert substantially match the dimensions of the recess so as to provide a substantially smooth surface of the non-playing area of the storage medium to which a label is attached.
8. 8. The asset of claim 7, wherein the insert is or comprises a multilayer structure including a first layer and a second layer, wherein the RFID tag is located between the first and second layers; and/or wherein the asset further comprises a preferable unique silk thread located in the recess beneath the insert.
9. 9. The asset of any preceding claim, wherein the storage medium comprises: a phonograph record disc; an optical disc; or a cassette.
10. 10. An insert for a physical media asset as defined in any of claims 1 to 9, wherein the insert comprises one or more unique identifiers embedded therein, the one or more unique identifiers containing information for identifying the physical media asset, wherein the insert is configured to fit into a recess in a surface of a preferably non-playing area of the storage medium of the physical media asset; and, optionally or preferably, wherein the dimensions of the insert substantially match the dimensions of the recess so as to provide a substantially smooth surface of the non-playing area of the storage medium.
11. 11. The insert of claim 10, wherein the insert is or comprises a multilayer structure including a first layer and a second layer, wherein the one or more unique identifiers are located between the first and second layers, optionally wherein at least one of the one or more unique identifiers comprises an RFID.
12. 12. An authenticator device for use in authenticating a user's physical media asset and/or identity, comprising: one or more machine-readable unique identifiers provided on or in the device containing ID information for identifying the authenticator device.
13. 13. The device of claim 12, comprising a plurality of different machine-readable unique identifiers, each containing different information for identifying the device; and optionally or preferably, wherein the device comprises at least four or at least six different unique identifiers.
14. 14. The device of claim 12 or 13, wherein the one or more machine-readable unique identifiers comprise at least one of: a physical unclonable function (PUF) tag, preferably a nanoparticle or quantum dot-based PUF tag; and a surface topography-based tag.
15. 15 The device of any of claims 12 to 14, wherein the one or more machine-readable unique identifiers include at least one of: a radio frequency identification (RFID) tag; an encoded image, preferably a OR code; a symbol sequence or alphanumeric code; a unique graphic or image; a fingerprint; and a pattern of holes or indentations, optionally or preferably, wherein the holes or indentations have different or congruent shapes.
16. 16. The device of any of claims 12 to 15, comprising a main body with one or more internal compartments configured to receive and store one or more drawers, and wherein the one or more machine-readable unique identifiers of the authenticator device are provided on or in the drawers; and optionally or preferably, wherein each unique identifier is provided on or in a separate drawer.
17. 17. The device of claim 16, wherein the one or more drawers are moveable between an open position in which the unique identifiers are located outside of the main body and readable by a reader device, and a closed position in which the unique identifiers are located inside the main body; and optionally or preferably, wherein the one or more drawers are received through one or more respective openings in the main body and are configured to close, and optionally seal, the one or more respective openings when in the closed position.
18. 18. The device of claim 16 or 17, wherein each drawer comprises a carrier portion on which at least one of the one or more unique identifiers is provided, wherein each carrier portion is configured to rotate relative to the respective drawer so as to adjust the orientation of the unique identifier relative to the respective drawer; and optionally or preferably, wherein each carrier portion comprise respective sets of markings to visually identify the relative orientation.
19. 19. The device of any of claims 12 to 18, wherein the authenticator device is a passive device without a power source.
20. 20. The device of any of claims 12 to 18, wherein the authenticator device is an active device comprising: a power source, a display, one or more inputs, and a processor, wherein the processor is configured to generate, in response to a user input via the one or more inputs, additional ID information for identifying the authenticator device based, at least in part, on ID information from one or more of the machine-readable unique identifiers on the authenticator device, wherein the additional ID information comprises a unique dynamic image for outputting on the display; and optionally or preferably, wherein the authenticator device does not comprise a wireless communication module
21. 21. A method of authenticating a physical media asset as defined in any of claims 1 to 9, comprising: receiving, at a server system in communication with a user mobile device, an authentication request from the mobile device to authenticate a user's physical media asset; sending a first request to the mobile device for reading one or more machine-readable unique identifiers on the physical media asset; receiving, at the server system, scan data from the mobile device comprising first ID information from each requested unique identifier on the physical media asset; comparing, at the server system, the received first ID information with stored first ID information associated with the unique identifiers of the user's registered physical media asset; and authenticating the physical media asset if the received first ID information matches the stored first ID information.
22. 22. The method of claim 21, wherein the physical media asset comprises a plurality of different machine-readable unique identifiers, each containing different first ID information for identifying the physical media asset, and wherein the first request comprises: a request for reading a particular selection of one or more of the unique identifiers on the physical media asset, optionally wherein the selection is generated randomly or based on one or more predefined criteria; or a request for reading each of the plurality of unique identifiers on the asset.
23. 23. The method of claim 21 or 22, further comprising: reading, by the user mobile device in response to the first request, the requested one or more unique identifiers on the physical media asset, and sending scan data comprising the first ID information from each read unique identifier to the server system, wherein the scan data is not stored on the mobile device thereafter.
24. 24. The method of any of claims 21 to 23, further comprising: sending, by the server system in response to the authentication request, a second request to the mobile device for reading one or more machine-readable unique identifiers on the user's authenticator device as defined in any of claims 12 to 20; receiving, at the server system, scan data from the mobile device comprising second ID information from each requested unique identifier on the user authenticator device; comparing, at the server system, the received second ID information with stored second ID information associated with the unique identifiers of the user's registered authenticator device; and authenticating the physical media asset if the received first and second ID information match the respective stored first and second ID information.
25. 25. The method of claim 24, wherein the authenticator device comprises a plurality of different machine-readable unique identifiers, each containing different second ID information for identifying the authenticator device, and wherein the second request comprises: a request for reading a particular selection of one or more of the unique identifiers on the authenticator device, optionally wherein the selection is chosen at random or based on one or more predefined criteria; or a request for reading each of the unique identifiers on the authenticator device.
26. 26. The method of claim 24 or 25, further comprising: reading, by the mobile device in response to the second request, the requested one or more unique identifiers on the authenticator device, and sending scan data comprising the second ID information from each read unique identifier to the server system, wherein the scan data is not stored on the mobile device thereafter.
27. 27. The method of any of claims 24 to 26, further comprising: receiving, at the server system, a first geolocation of the mobile device associated with a time of reading the requested unique identifiers of the physical media asset, and a second geolocation of the mobile device associated with a time of reading the requested unique identifiers of the authenticator device; comparing, at the server system, the received first and second geolocations associated with the respective first and second ID information; and authenticating the physical media asset if the received first and second ID information match the respective stored first and second ID information, and if the first and second geolocations substantially match.
28. 28. The method of any of claims 24 to 27, wherein the user authenticator device comprises one or more drawers, each drawer comprising a rotatable carrier portion on which at least one of the one or more unique identifiers is provided, wherein the second request comprises a request for reading the one or more machine-readable unique identifiers of the authenticator device when in a particular respective orientation relative to the drawer, wherein the received scan data comprises the relative orientation of each requested unique identifiers, and wherein the method further comprises: comparing, for each requested unique identifier, the received relative orientation to an expected relative orientation; and authenticating the physical media asset if the received first and second ID information match the respective stored first and second ID information, and if the received relative orientations match the expected relative orientations.
29. 29. The method of any of claims 21 to 28, further comprising: sending, by the server system in response to the authentication request, a third request to the mobile device for reading third ID information from a user's authenticator device as defined in claim 20; generating, by the authenticator device, third ID information based, at least in part, on second ID information from one or more machine-readable unique identifiers on the authenticator device, wherein the third information comprises visual and/or audio information; outputting, by the authenticator device, the third ID information; receiving, at the server system, scan data comprising the third ID information from the mobile device; comparing, at the server system, the received third ID information to corresponding third ID information generated using stored second ID information associated with the unique identifiers on the user's authenticator device; and authenticating the physical media asset if the received first ID information matches the user's stored first ID information, and if the received third ID information matches the corresponding third ID information generated by the server system; and optionally or preferably, wherein the third ID information comprises a unique dynamic image output on a display of the authenticator device.
30. 30. A system for authenticating a physical media asset, comprising: a physical media asset as defined in any of claims 1 to 9; and a server system comprising a user database storing first ID information associated with the unique identifiers on a user's registered physical media asset(s), the server system configured to communicate with a user mobile device via a network; wherein the server system is configured to: receive an authentication request from the mobile device to authenticate the user's physical media asset; send a first request to the mobile device for reading one or more unique identifiers on the physical media asset; receive scan data from the mobile device comprising first ID information from each requested unique identifier on the physical media asset; compare the received first ID information with stored first ID information associated with the unique identifiers on the user's registered physical media asset; and authenticate the physical media asset if the first ID information matches the user's stored first ID information.
31. 31. The system of claim 30, wherein the physical media asset comprises a plurality of different machine-readable unique identifiers, each containing different first ID information for identifying the physical media asset, and wherein the first request comprises: a request for reading a particular selection of one or more of the plurality of unique identifiers on the physical media asset, optionally wherein the selection is chosen at random or generated based on one or more predefined criteria; or a request for reading each of the plurality of unique identifiers on the physical media asset.
32. 32. The system of claim 30 or 31, further comprising: an authenticator device as defined in any of claims 12 to 20, wherein the server system further stores in the secure user database second ID information associated with the unique identifiers on a user's registered authenticator device, and wherein the server system is further configured to: send, in response to the authentication request, a second request to the mobile device for reading one or more machine-readable unique identifiers on the user's authenticator device; receive scan data from the mobile device comprising second ID information from each requested unique identifier on the user authenticator device; compare the received second ID information with stored second ID information associated with the unique identifiers of the user's registered authenticator device; and authenticate the physical media asset if the received first and second ID information match the respective stored first and second ID information.
33. 33. The system of claim 32, wherein the server system is further configured to: receive a first geolocation of the mobile device associated with a time of reading the requested one or more unique identifiers of the physical media asset, and a second geolocation of the mobile device associated with a time of reading the requested one or more unique identifiers of the authenticator device; compare the first and second geolocations associated with the respective first and second ID information; and authenticate the physical media asset if the received first and second ID information match the respective stored first and second ID information, and if the first and second geolocations substantially match.
34. 34. The system of claim 32 or 33, wherein the authenticator device comprises one or more drawers, each drawer comprising a carrier portion on which at least one of the one or more unique identifiers is provided, wherein each carrier portion is configured to rotate relative to the respective drawer so as to adjust the orientation of the unique identifier relative to the respective drawer; and wherein the second request comprises a request for reading the one or more machine-readable unique identifiers on the authenticator device when in a particular respective orientation, wherein the received scan data comprises the relative orientation of each requested unique identifiers, and wherein the server system is further configured to: compare, for each requested unique identifier, the received relative orientation to an expected relative orientation; and authenticate the physical media asset if the received first and second ID information match the respective stored first and second ID information, and if the received relative orientations match the expected relative orientations.
35. 35. The system of any of claims 32 to 34, wherein the authenticator device is an active device comprising: a power source, a display, one or more inputs, and a processor for controlling the display, wherein the processor is configured to generate, in response to a user input via the one or more inputs, third ID information for identifying the authenticator device based, at least in part, on second ID information from the one or more of the machine-readable unique identifiers on the authenticator device, the third ID information comprising a unique dynamic image for outputting on the display; wherein the server system is further configured to: send, in response to the authentication request, a third request to the mobile device for reading third ID information from the authenticator device; receive scan data from the mobile device comprising the third ID information from authenticator device; compare the received third ID information to corresponding third ID information generated using stored second ID information associated with the unique identifiers on the user's physical media asset; and authenticate the physical media asset if the received first ID information matches the user's stored first ID information, and if the received third ID information matches the corresponding third ID information generated by the server system; and optionally or preferably, wherein the authenticator device does not comprise a wireless communication module.
36. 36. A method of secure transaction of a physical media asset as defined in any of claims 1 to 9, comprising: receiving, at a server system configured to communicate with user mobile devices over a network and containing a user database storing ID information associated with unique identifiers on each user's registered physical media asset(s) and on each user's registered authenticator device, an offer from a mobile device of a first user to purchase a second user's physical media asset listed on an online marketplace hosted by the server system; verifying the identity of the first user; sending, in response to positive verification of the first user and in response to the second user accepting the offer, an authentication request to the second user's mobile device to authenticate the physical media asset according to the method of any of claims 21 to 29; initiating a transaction for the purchase of the second user's physical media asset in response to positive authentication of the physical media asset; and upon completion of the transaction, deregistering the purchased physical media asset and its associated ID information from the second user's database, and either: (i) adding the purchased physical media asset with its associated ID information to the first user's database account; or OD adding the purchased physical media asset with ID information associated with new unique identifiers provided on the purchased physical media asset to the first user's database account.
37. 37. The method of claim 36, further comprising, upon receipt of the purchased physical media asset by the first user, authenticating, by the first user, the purchased physical media asset according to the method of any of claims 21 to 29.
38. 38. The method of claim 36 or 37, further comprising: receiving, at the server system, a request from the second user to list their physical media asset for sale on the online marketplace; sending, by the server system, a request to a mobile device of the second user to authenticate the physical media asset according to the method of any of claims 21 to 29; and listing the second user's physical media asset for sale on the online marketplace in response to a positive authentication.
39. 39. The method of any of claims 36 to 38, wherein verifying the identity of the first user comprises: sending, by the server system, a request to the mobile device of the first user for reading one or more machine-readable unique identifiers on an authenticator device of the first user; receiving, at the server system, scan data comprising second ID information from each requested unique identifier on the authenticator device; comparing, at the server system, the received second ID information with stored second ID information associated with the unique identifiers on the first user's registered authenticator device; 20 and authenticating the first user's identity if the second ID information matches the stored second ID information.
40. 40. A method of authenticating a user identity using the authenticator device of any of claims 12 to 20, comprising: receiving, at a server system configured to communicate with a user mobile device over a network and containing a user database storing ID information associated with unique identifiers on each user's registered authenticator device, a request to authenticate a user's identity; sending, by the server system, a request to the user mobile device for ID information from one or more machine-readable unique identifiers on the user's authenticator device; receiving, at the server system, scan data from the mobile device comprising the ID information from each requested unique identifier on the user's authenticator device; comparing, at the server system, the received ID information with stored ID information associated with the unique identifiers on the user's registered authenticator device; and authenticating the user's identity if the received ID information matches the stored ID information.
41. 41. The method of claim 40, wherein the authenticator comprises a plurality of different machine-readable unique identifiers, each containing different ID information for identifying the authenticator device, and wherein the request comprises: a request for ID information from a particular selection of one or more of the unique identifiers, optionally wherein the selection is generated randomly or based on one or more predefined criteria; Or a request for ID information from each of the plurality of unique identifiers on the asset.
42. 42. The method of claim 40 or 41, further comprising: reading, by the mobile device in response to the request, the requested one or more unique identifiers on the authenticator device, and sending, by the mobile device, scan data comprising the ID information to the server system, wherein the scan data is not stored on the mobile device thereafter.
43. 43. A system for authenticating a user's identity, comprising: an authenticator device as defined in any of claims 12 to 20; and a server system comprising a user database storing ID information associated with the unique identifiers on a user's registered authenticator device, the server system configured to communicate with a user mobile device via a network; wherein the server system is configured to: receive an authentication request to authenticate a user's identity; send an ID request to the user mobile device for ID information from one or more machine-readable unique identifiers on the user's authenticator device; receive scan data from the mobile device comprising ID information from each requested unique identifier on the user's authenticator device; compare the received ID information with stored ID information associated with the unique identifiers on the user's registered authenticator device; and authenticate the user's identity if the received ID information matches the stored ID information.
44. 44. The system of claim 43, wherein the authenticator device comprises a plurality of different machine-readable unique identifiers, each containing different ID information for identifying the authenticator device, and wherein the ID request comprises: a request for ID information from a particular selection of one or more of the plurality of unique identifiers on the authenticator device, optionally wherein the selection is chosen at random or generated based on one or more predefined criteria; or a request for ID information from each of the plurality of unique identifiers on the authenticator device
45. 45. The system of claim 43 or 44, wherein the authenticator device comprises one or more drawers, each drawer comprising a carrier portion on which at least one of the one or more unique identifiers is provided, wherein each carrier portion is configured to rotate relative to the respective drawer so as to adjust the orientation of the unique identifier relative to the respective drawer; wherein the ID request comprises a request for reading one or more machine-readable unique identifiers on the authenticator device when in a particular respective orientation, and wherein the received scan data comprises the relative orientation of each requested unique identifiers, and wherein the server system is further configured to: compare, for each requested unique identifier, the received relative orientation to an expected relative orientation; and authenticate the user's identity if the received ID information matches the stored ID information, and if the received relative orientations match the expected relative orientations.
46. 46. The system of any of claims 43 to 45, wherein the authenticator device is an active device comprising: a power source, a display, one or more inputs, and a processor for controlling the display, wherein the processor is configured to generate, in response to a user input via the one or more inputs, additional ID information for identifying the authenticator device based, at least in part, on ID information from the one or more of the machine-readable unique identifiers on the authenticator device, the additional ID information comprising a unique dynamic image for outputting on the display; wherein the server system is further configured to: send, in response to the authentication request, an ID request to the mobile device for reading additional ID information from the authenticator device; receive scan data from the mobile device comprising the additional ID information; compare the received additional ID information to corresponding additional ID information generated using stored ID information associated with the unique identifiers on the user's physical media asset; and authenticate the user's identity if the received additional ID information matches the corresponding additional ID information generated by the server system; and optionally or preferably, wherein the authenticator device does not comprise a wireless communication module.