Zortag’s Solutions

Zortag provides a unique identity to any item which is almost impossible to be duplicated, even by Zortag itself.

Our solution can uniquely identifying an item, authenticatethe genuineness of that item, and authorize who has access to information about that item.

About Our Solutions

Zortag provides a unique identity to any item which is almost impossible to be duplicated, even by Zortag itself. Such an item may be an article of commerce, an entity, or an individual. Uniquely identifying an item, authenticating the genuineness of that item, and authorizing who has access to information about that item is a major organizational challenge in today's digital economy. Furthermore, assuring the authenticity and integrity of goods, people, and information is critical in all business and personal transactions. Our technology has wide applications to this end, including protecting brands from counterfeit products, providing secure access to digital assets, making information available to different constituents at varying levels including law enforcement, authenticating products for sale on online shopping sites, and securing supply blockchains and the storage of cryptocurrencies.

Our technology has six main embodiments.

There are multiple other areas where our technology and solutions can be integrated and built into an organization’s systems utilizing our core fingerprint technology and industry standard networks and mobile devices. Contact us regarding your unique needs and ideas.

Authentication & Prevention of Counterfeiting

Counterfeiting impacts virtually all products and transactions worldwide, with concomitant dwindling public trust in product and transaction authenticity. Average consumers typically find it difficult to distinguish between authentic and counterfeit products, because their outside appearances look the same. It has been estimated that 5 to 7% of all world trade involves counterfeiting, and such illicit trade not only costs global economies in excess of trillions of dollars each year, but also threatens the lives, health, and safely of consumers. Counterfeited items span diverse sectors including:

Current technologies do not provide a comprehensive solution and they have severe limitations.

Zortag's ZorSecure™ system is comprised of labels with a unique 3-dimensional optical fingerprint, making it impossible for anyone to replicate them. Even Zortag itself is unable to recreate an identical label. Zortag's anti-counterfeiting solution ZorSecure™ prevents product counterfeiting, diversion, overruns, and thefts and thus protects brands and assures integrity of the supply chain. Key features of our solution include:

  • Seamless integration into any supply chain
  • Cell phone or any rugged enterprise level mobile device and a secure database provides secure authentication anytime, anywhere for consumers
  • Secure track-n-trace in supply chain
  • Notification to brand owners and law enforcement agencies

We believe that no other method or system to prevent counterfeiting is capable of providing al of these features. Learn more on our Applications page.

Secure Access to Digital Assets

In the digital economy, securing and allowing access to information only by authorized owners is essential in order to safeguard both physical and digital assets. In a typical setup at most companies, individuals use a username and a password to connect to a server or website. This approach is incredibly vulnerable; if someone gets hold of the password, they can login pretending to be the user of that account. In order to strengthen the security for accessing websites or servers and to reduce the possibility of hacking by unauthorized entities and individuals, multi-factor authentication techniques have grown rapidly with most enterprises and individuals. However, sophisticated attackers are capable of breaking the present multi-factor authentication and the third party ID provider’s services. There is a clear need to come up with a better approach to secure digital assets from cyber-attacks, hacking, and heists while providing authentication and authorization in a secure but user friendly manner, and preferably through a single protocol without sharing a username other than with the authentication site.

In our solution, the user identity and password are all replaced by a physical Unique Identity and Authentication Key (UIAK) that cannot be cloned by anyone. The user will not have to ever enter a username or password again to log into the website or server.

We have built multilevel security locks that are extremely difficult to be breached. The physical possession of the Unique Identity and Authentication Key makes it very difficult for anyone to breach the first lock because this key is extremely hard to clone, if not impossible, and this key is not prone to any virus or other types of attack. In our invention, there is the next level lock that must also be breached. The first key of UIAK can only be used with the device key such as a smartphone that a user has and has been specifically authorized to scan the first key. If a third party such as a hacker tries to scan the first key, his device will not work and he/she will be denied the access. Both the device key and the unique identity and authentication key must be together to access the digital asset.

Most mobile devices these days are further protected either by biometrics such as fingerprints or iris scan, or by multi-digit passcodes. Unless the user uses one of these to open the mobile device, the device cannot be used to scan the first key. Organizations can further limit the time during which the digital asset can be accessed, such as weekdays during 8 AM to 5 PM or any time desirable by the establishment. The access can be further controlled by assigning the geolocation coordinates from where the access is permitted.

The organization and individuals can have peace of mind that their digital assets cannot be accessed by any unauthorized entity.

Multi-level Information Access

Identifying an object and information, authenticating that the information and object are genuine, and authorizing who can access the information about the object is a major organizational and individual challenge in the digital economy. Preventing unauthorized access of information is critical in all business and personal transactions.

However, in certain situations, it is required and advisable that only some users have access to all the information associated with an object, while other users may have authorization to only part of the information.

For example, if a customer has purchased an expensive painting from a fine art auction, the owner alone may like to authenticate the painting after acquisition, in addition to the auction house. If the painting is stolen and then recovered, the owner may claim that the painting indeed belongs to him/her because only his electronic device has the authorization to scan the attached label on the painting.

Another example can be the will or trusts that may be set up by an individual. The writer of the will and trust may limit access to who can authenticate the document to the trustee’s electronic device or electronic devices of the individuals who are the beneficiaries named in the will or trust.

There are a number of other cases where it is essential that the authorization to scan and then access stored information about the document, object, or article of commerce should be limited to an individual, an entity, or a few people. For example, when a patient is discharged from a hospital, various entities may need discharge information about the patient. In the hospital’s EMR portal, the discharge information of the patient is stored and the patient is provided with a discharge document that has a ZorID™ label (or authentication key) with our optical fingerprint on it. The patient has full access to the information associated with authentication key. The patient may also authorize entities like a close relative or a spouse, daughter, or son, individual home care personnel, nursing facilities, hospice, etc., to have secure access to part of the discharge information. EMT, police, or fire may also need to access another part of the information about the patient in case of emergency. Only partial information can be accessed by these entities.

Authenticating Products Online

Distinguishing genuine articles from counterfeit articles is difficult for products bought from online shopping sites. Assuring the authenticity of the products prior to purchase through internet sites is a daunting challenge. Most large online corporations continue to invent new ways to elimiate fraud, however, criminals are constantly responding to these developments with new ways to manipulate the system. If a consumer buys a product believing the product is authentic and then attempts to return a product once finding it to be fake, the brand owner can refuse to accept the product, causing consumer frustration.

Normally fake sites will scrape the brand owner’s website and copy all of the available information about the product making them appear authentic. There is no easy way to distinguish between a site selling fake products and another one selling real branded products.

Our solution provides an easy way for consumers to check the authenticity of the product before they buy them on an online site and also an easy way for a brand owner and law enforcement agencies to track, trace, and authenticate the article of commerce sold at any online site at any time.

In our invention, the website displays a secure seal icon on the website. The first part of the secure seal is a unique product identifier key and the second part is an authentication key. The buyer only sees the product identification key. The authentication keys are hidden from the buyer. By clicking on the secure seal icon, the buyer is assured of the authenticity of the product before buying through an independent authentication site.

Supply Chain Blockchain

Block chain is a ledger where all transactions are securely recorded. All digital documents are securely timestamped in order to convey the order of their creation and existence. This assures that the time stamp cannot be changed after the fact nor can the document be altered. Each document links or point to the previous document. The pointer links to a piece of data instead of a location so that if the data in question changes, the pointer automatically becomes invalid. Thus each document’s certificate ensures the integrity of the contents of all documents up until that point. Instead of linking documents individually, they are grouped into blocks and the blocks are linked together. The blockchain enables secure traceability of certifications and other salient information in a supply chain. Every physical product is associated with a digital ‘passport’ that proves authenticity and its origin, and creates an auditable record of the journey behind all physical products. Products travel through a vast network of suppliers, manufacturers, warehouses, transporters, distributors, retailers, and storage facilities before ending with consumers.

Pioneering companies have long realized the competitive advantage of open, transparent supply chains and sustainable manufacturing. The blockchain is a way for one user to transfer a unique piece of digital property to another user, such that the transfer is guaranteed to be safe and secure, everyone knows that the transfer has taken place, and nobody can challenge the legitimacy of the transfer. While the blockchain assures that the information that is added as products move through the supply chain in a secure manner and that no one can alter the information, the physical products can still be removed and diverted and unauthorized and counterfeit articles can be physically substituted in the physical supply chain without affecting the information in the blockchain. It is obvious that it is very difficult for anyone to tightly manage the complex supply chain on a global basis, because there are numerous sites, locations, and like points where the supply chain can be physically broken by unscrupulous parties. The more complex and lengthy the supply chain is, the more possibilities exist for unauthorized activity to flourish.

Thus it is essential that both the information that is being added on a blockchain as products move through the supply chain, and the physical removal and diversion of products from the supply chain be protected and secured. It is also essential that the system and method used in tracking and authenticating products and adding documents by authorized personnel on the blockchain during movement along the supply chain is user friendly, based on the skill sets of individual workers speed is critical.

Our solution combines the power of the digital security of the blockchain and the physical security of the products during movement in the supply chain.

Secure Access to Cryptocurrencies

As cryptocurrencies are mined, they need to be stored. For example, in order to spend bitcoin, two pieces of information are needed: the public information and the private or secret information. The public information identifies the identity of the coin and its worth and goes on the blockchain. The public key is also the address of the bitcoin or currency where the coin needs to be sent. The secret information is the private key of the owner. The private key must be kept secret and protected.

In order to manage the private key, three considerations must be kept in mind. First, the availability to spend the cryptocurrency when needed; second, the convenience of managing the key; and third, the security of the key. One way to manage the private key is to store it on a file on local storage media, such as a mobile phone or a computer hard disk or any other device under the control of the owner. It is easily available and convenient to manage. However, if the storage media is lost or stolen, or becomes infected with malware, the currency may be lost.

Our technology provides a solution to ensure that the private key indeed belongs to the owner who owns that private key. The private key may be stored in a storage media, such as a local device or a server, or in the cloud, etc. It is the access to the storage media that should not be accessible to a hacker. Our technology prevents access to the storage media for anyone other than the owner of that storage media. The access to the media is restricted through Zortag’s UIAK and the authorized mobile reading device. The storage media requests the owner of the private key to scan their UIAK by the authorized mobile device, e.g. smartphone. The scanned images and the device information, and the geolocation coordinates of the scanning mobile device and the authorized time during which the scanning is allowed are all sent to an authentication server that checks the authenticity of the key and the device ID, the geolocation data, and the time of scan. If all these parameters are confirmed, the owner is provided access to the media storage to access the private key.