Before we start talking about how Codentify system works, I would like to address how it should work and what it’s supposed to do. The major four tobacco companies proclaim Codentify is a technological solution for three main tasks:
1. Product Authentication – Is supposed to enable tobacco consumers, shop-owners, customs and anyone else who holds a cigarette pack in his hands should be able to authenticate that he holds a valid product, which was legally produced, distributed and sold.
2. Track & Trace – Should allow authorized personnel to follow a product throughout the supply chain. So if illicit product is discovered – it would be possible to pinpoint the supply chain’s “weakest links”, in order to fix them as soon as possible.
3. Tax Verification – This might be the trickiest part. The system is supposed to ensure government authorities oversight over tobacco production volume and to prevent tax avoidance issues (i.e. replacing government issued tax-stamps).
So how’s Codentify planning on achieving those three goals? Let’s dive into how this technological solution works, based on my understanding of all of the public info I’ve read about it online as well as through chats with experts.
The Codentify code is a visible 12-digit alpha-numeric code, printed directly to a cigarette pack, and is being generated through the following technical process:
• Tobacco industry’s server called Central Information System (CIS) produces a manufacturer’s security digital key, which is used as a license for a certain local manufacturer to produce millions of packs.
• Sending it to a manufacturer’s server called Manufacturing Central Gateway (MCG), which distributes these keys between code-generators assigned to each production line.
• The code generators perform a patented mathematical formula mixing this key with some production information properties (such as production date, time, place, etc.) into the previously mentioned 12-digit Codentify code printed on the pack.
• Later the manufacturer reports back to Industry/Government the amount of produced packs (while declaring the amount of packs that got wasted in the production process).
Later when a consumer or customs personnel check the printed code he sends the 12-digit code to a server that holds a database of all manufacturer e-keys, and after performing the opposite version of the previously mentioned mathematical formula, it derives the e-key and checks its validity. A consumer is alerted that there’s something fishy about his pack in one of the two following scenarios:
1) The pack’s code was made-up, not authentic Codentify code.
2) The pack’s code was already checked in the system (this is the way to identify a single code that was copied thousands of times by a counterfeiter).
That’s basically it. In one of the Codentify brochures I saw this diagram, describing the main problem of this solution for me:
Before Codentify, the process was way more complicated. But what was the reason for these complications? In two words – Government oversight. The production of tobacco products needed to be verified and regulated not only by the tobacco company, but also by tax regulation authorities. Sure, that complicated things for the major tobacco manufacturers. But as EU tax payers, do we really want to allow any private companies, specifically companies that already use massive lobbying to promote business strategies that contradict the interest of public health, to regulate themselves?
Because in the bottom line, even before digging into technical details of the system, and exposing its flaws – this is the REAL main purpose of this technological solution – allowing the tobacco industry to self-regulate it’s supply chain end-to-end.
In my coming blog posts I will explore the various flaws that I am discovering that thoroughly permeate the codentify system. Through personal connections and hours of research I have gained access to some potentially explosive insider information, so stay tuned!