Note: Descriptions are shown in the official language in which they were submitted.
CA 02336340 2007-08-13
Method forproving the pedigree and/or for the
identification of animals or of biological material
The invention relates to a method for proving the
pedigree and/or for the identification of animals or of
biological material. The biological material may be
from animals or from any organisms carrying nucleic
acid as genetic material.
For the registration, purchase or breeding of animals
it is often important to identify an animal
unambiguously, to prove the pedigree of the animal or
to find the owner. In stockbreeding, so-called
studbooks or breeding registers which are kept by
registered breeder organizations are known for proving
the pedigree and performance of breeding animals_
Moreover, animal passports are known which contain
particular data on one animal in each case. These data
include, for example, physical characteristics, results
of blood tests, pedigree or unusual phenotypic
features. Disadvantages here are the small amount of
information, limited data access and difficult data
checking. In the case of generally accessible registers
in particular, there is always the danger of
manipulation by the users.
With biological material from animals or organisms such
as, for example, cell samples or cultures of
microorganisms there is the disadvantage that it is
often impossible to check the identity thereof, since
no characteristic data are available.
CA 02336340 2000-12-29
- 2 -
The invention may provide for genetic information of a
plurality of animals or of biological material from a
plurality of animals or organisms to be determined and
stored as reference datasets on a storage medium and
for the genetic information or parts of the genetic
information of the animal to be identified or of the
biological material to be identified being compared
with one or more reference datasets.
The invention may also provide for additionally storing
characteristics or properties of the animals or the
biological material in the reference datasets.
The invention may also provide for the characteristics
or properties deducible from the genetic information to
be determined and stored in the reference dataset.
The invention may also provide for storing photographic
pictures of the animals in the reference datasets.
The invention may also provide for the biological
material to be embryos, sperm cells or egg cells from
animals.
The invention may also provide for the biological
material to be blood samples or tissue samples of
animals or cells from cell cultures or microorganisms.
The invention may also provide for storing the
reference datasets at a central location.
The invention may also provide for encrypting the
reference datasets at the central location.
The invention may also provide for using the particular
genetic information as a key. The particular genetic
information may be part of the key. It is also possible
to provide for the particular genetic information to be
CA 02336340 2007-08-13
3 -
part of an electronic certificate which assigns the key
unambiguously to an individual animal unambiguously
specified by said information and which has been issued
by a certification authority. The form of such a
certificate may be based substantially on the form of a
certificate which is issued for authentication of a
public key in accordance with the Digital Signature Act.
It contains at least said genetic information which
allows unambiguous assignment to an individual animal,
the key assigned to said information or said individual
animal, the public key in the case of asymmetric
encryption, and a digital signature of the certification
authority which certifies that the assignment is indeed
authentic.
The invention may also provide for using a smartcard for
retrieving a reference dataset.
The invention may also provide for entering a password or
other information identifying a user for retrieving a
reference dataset.
The invention may also provide for determining mating
suggestions for breedings using the genetic information
and, where appropriate, further information from the
reference datasets.
The invention may also provide for integrating the
storage medium containing the reference data into an
identity tag carried by the animal.
The invention may also provide for an output device
linked to the storage medium to indicate the genetic
information of the reference datasets in the form of a
CA 02336340 2007-08-13
4 -
histogram.
According to another aspect of the invention, said
invention represents a method for proving the pedigree
and/or for the identification of animals or of biological
material from animals and organisms, which comprises the
following steps:
- storing on a data carrier identification data in the
form of an encrypted message which has an
unambiguous and predetermined connection with
genetic information unambiguously identifying an
animal or the biological material,
- verifying the identification data with respect to
whether said data have the predetermined connection
with the genetic information.
According to another aspect of the invention there is
provided a method for proving the pedigree and/or for the
identification of an animal or a biological material from
an animal or an organism, which comprises the following
steps:
storing on a data carrier identification data in the
form of a message which has been encrypted by a symmetric
or asymmetric key and which has an unambiguous and
predetermined connection with genetic information
unambiguously identifying the animal or the biological
material, and
verifying the identification data with respect to
whether said data have the predetermined connection with
the genetic information.
The encrypted message generated by the identification
data may be assigned to the genetic information by
encrypting a message, preferably of particular content,
CA 02336340 2007-08-13
- 4a -
using a code which has been unambiguously assigned to the
genetic information and therefore to the individual
animal, and/or by the encrypted message containing
information, which has an unambiguous and predetermined
connection with said genetic information, and, in the
simplest case, can be said information itself. Both
possibilities may be combined. In the first case, the
predetermined connection may be verified by decrypting
the message using the key individually assigned to the
animal. A successful decryption is proof that the
identification data have indeed been assigned to said
genetic information. In the second case, a key which is
kept at a secure location or which only trustworthy users
can access is used to decrypt the encrypted message and
the contents of the message are used to verify whether
these data or this message belong to a particular animal.
Combining both methods leads to double verification of
the assignment to the genetic information or to the
animal, firstly by successful decryption and secondly by
the contents of the decrypted message.
The method according to the invention may in particular
comprise the following steps:
- storing on a data carrier genetic information
CA 02336340 2000-12-29
- 5 -
unambiguously identifying the animal or the
material, in conjunction with identification data
containing an encrypted message which is
unambiguously connected with the genetic
information,
- retrieving the identification data through an
encrypted message which is unanlbiguously connected
with the genetic information,
- verifying the identification data with respect to
whether the genetic information transmitted by the
message corresponds to the stored genetic
information or whether the stored encrypted
message corresponds to the sent encrypted message,
- outputing the genetic information when a match has
been detected and therefore the animal or the
material has been unambiguously identified.
The invention may also provide for determining the
genetic information of one or more animals or of
biological material from one or more animals or
organisms and for storing said information as reference
datasets on a storage medium.
The reference datasets contain the identification data
and, where appropriate, further data relating to the
particular animal and thus form an electronic register
sheet into which the data relating to the animal have
been entered and which has been unambiguously assigned
to the individual animal through the identification
data.
The invention may also provide for storing on the data
carrier further data which have been assigned to the
identification data and which relate to the animal to
be identified or the biological material to be
identified. In this context it is in particular
possible to provide for the encrypted identification
data to contain an indicator or other information about
the storage location of said further data so that it is
CA 02336340 2000-12-29
- 6 -
impossible without knowing the key to change said
information, i.e. the assignment of a specific storage
area to a particular animal. An attempt to assign a
different dataset to a particular animal would
therefore be noticed when decrypting the identification
data, since either no comprehensible uncoded text is
obtained, or the decrypted information about the
storage location or about the indicator for the stored
data relating to the animal is incorrect.
The invention may also provide for the identification
data to contain an encrypted message which has been
encrypted using a code unambiguously assigned to the
individual animal or material.
The invention may also provide for the encrypted
message to contain the value of a one-way function
(hash), which value is obtained when applying said one-
way function to further data which are stored on the
data carrier and which relate to the animal to be
identified or the biological material to be identified.
The invention may also provide for an encrypted message
to comprise genetic information unambiguously
identifying the animal or the material.
The invention may also provide for the identification
data to comprise encrypted data which relate to the
storage location and/or the contents of further data
which relate to the animal assigned to the
identification data.
The invention may also provide for the identification
data to comprise a message encrypted by a code which
is generated in a predetermined unambiguous manner on
the basis of a sequence of digits which has been
unambiguously assigned to genetic information
unambiguously identifying the animal or the material.
The invention may also provide for the sequence of
CA 02336340 2000-12-29
- 7 -
digits to form at least part of the code.
The invention may also provide for the key to be a
symmetrical key.
The invention may also provide for encrypting the
information based on an asymmetric pair of keys, with
the public key at least in part having a predetermined
connection with the genetic information identifying the
animal or the material.
The invention may also provide for the public key to
comprise a part specific for the animal or the material
and a user-specific part.
The invention may also provide for additionally
encrypting the identification data using a user-
specific key.
The invention may also provide for the data on the data
carrier, which have been assigned to the identification
data, to have at least in part been encrypted by a code
which is different than the code used for encrypting
the identification data.
The invention may also provide for the key for
decrypting the message contained in the identification
data to be stored on a carrier of a chip for
communicating with a data processing system via an
interface, for example a reading device, in particular
on a smartcard.
A chip in accordance with this application is generally
to be understood as meaning any electronic or optical
component which has at least one memory function and,
where appropriate, can also perforin logical functions
and which has an interface for communicating with a
computer system, for example via a. reading device or
via an optical interface. This should also include in
CA 02336340 2000-12-29
- 8 -
particular holographic memory units. Apart from the
identification data and, where appropriate, an
electronic certificate of a certification authority,
the chip can also hold further data relating to the
animal, for example vaccination data, pedigree data,
etc. so that the chip or a carrier on which this chip
is installed, for example a smartcard, functions as an
animal identity card storing all the data relevant to
the animal.
The invention may also provide for the chip to have a
device for decrypting messages.
The invention may also provide for the key encoding the
message of the identification data to be an asymmetric
key, the corresponding private key to be stored on the
chip and the chip to have a device for encoding
messages using the private key.
The invention may also provide for the chip to contain
an interface for entering digitized genetic information
and a device for verifying the assiqnment of the stored
code to entered digitized genetic information.
The invention may also provide for the comparing device
to compare the entered digitized genetic information
with a stored value for this information and to emit an
output signal which indicates whether or not there is a
match.
The invention may also provide for, based on the
entered digitized genetic information and a stored
assignment to the stored key of digitized genetic
information unambiguously identifyirig the animal or the
material, the comparing device to determine a key
assigned to the entered information, to compare the key
determined in this way with the stored key and to emit
an output signal which indicates whether or not the key
determined based on the entered information matches the
CA 02336340 2000-12-29
- 9 -
stored key.
The invention may also provide for_ the chip to hold
information identifying one or more users and the
decrypting device or encrypting device only to be
activated when information stored for identifying a
user is entered via an input device. The relevant
information may be, for example, a password, but also,
for example, a fingerprint, an imaqe of the retina, a
speech sample for speech recognition, and the like.
The invention may also provide for the code for
decrypting coded information c:ontained in the
identification data to be stored on a central computer.
The invention may also provide for the computer to
determine the corresponding key owing to entered or
predetermined genetic information and to apply said key
to the identification data.
In this context, the computer may function as a mere
decrypting server, i.e. the particular data are stored
elsewhere, generally decentralized, the key necessary
for decrypting not being present at the particular
memory locations and decryption only taking place on
said central computer, the central computer receiving
the encrypted data and sending back the decrypted data.
It is also possible to provide for likewise storing the
corresponding animal-related data on the central
computer. In this case, the key decrypting the
identification data substantially serves to prove that
there was no manipulation of the assignment of data on
the computer to a particular animal or, when using a
one-way function or when the complete data have been
encrypted, of the complete data. In contrast,
communication between computer and user in this variant
is not secured against manipulations or is secured by a
standard procedure for establishing a secure connection
between a server and a user.
CA 02336340 2000-12-29
- 10 -
The invention may also provide for the central computer
to verify, after decrypting, whether predetermined
sequences of characters are present in the decrypted
text and emit a corresponding output signal to a user.
~~:~/
The invention may also provide for transferring the
animal-specific information stored on a data carrier,
which is separate from the central computer, and, where
appropriate, predetermined genetic information
unambiguously identifying the animal or the material to
the central computer where they are decrypted.
The invention may also provide for the data carrier
containing the data relating to the animal or the
material to be installed on a central computer.
The invention may also provide for at least part of the
data to be access-protected and for access
authorization to be different for different users of
the central computer.
The invention may also provide for a proportion of
users to be able to access at least part of the stored
data only if a predetermined further user, for example
the animal owner, is logged on to the central computer
at the same time.
The invention may also provide for access to at least
part of the stored data only to be possible, once the
computer has verified access authorization using the
data stored on a chip, in particu:Lar on a smartcard.
This may be in particular relevant also to the second
user who has to be logged on according to the
abovementioned embodiment.
The invention may also provide for setting up the
computer such that users can write to the stored data
relating to the animal or material only together with a
CA 02336340 2007-08-13
- 11 -
digital signature of the user.
The invention may also provide for using an animal-
specific pair of asymmetric keys for exchanging a session
key for communication of a user with the central
computer.
The invention also provides a method for generating data
which are unambiguously and verifiably connected with an
individual animal, which comprises:
- creating identification data in the form of an
encrypted message which has an unambiguous and
predetermined connection with genetic information
which unambiguously identifies an animal or the
biological material.
storing the identification data on a data carrier.
The invention also provides a method for generating data
which are unambiguously and verifiably connected with an
individual animal or a biological material of an animal
or organism, which comprises:
creating identification data in the form of a
message which has been encrypted by a symmetric or
asymmetric key and which has an unambiguous and
predetermined connection with genetic information which
unambiguously identifies the animal or the biological
material; and
- storing the identification data on a data carrier.
The invention may also provide for the identification
data to contain an encrypted message which has been
The invention may also provide for the key to be a
symmetric key.
CA 02336340 2007-08-13
- lla -
encrypted using a key unambiguously assigned to the
individual animal.
The invention may also provide for the encrypted message
to contain the value of a one-way function (hash), which
value is obtained when applying said one-way function to
further data which are stored on the data carrier and
which relate to the animal to be identified or the
biological material to be identified.
The invention may also provide for the identification
data to comprise a message encrypted by a code which is
generated in a predetermined unambiguous manner on the
basis of a sequence of digits which has been
unambiguously assigned to genetic information
unambiguously identifying the animal or the material.
CA 02336340 2000-12-29
- 12 -
The invention may also provide for the information to
have been encrypted on the basis of an asymmetric pair
of keys, with the public key at least in part having a
predetermined connection with the genetic information.
The invention also provides a chip carrier for
identifying animals, which is set up for communication
between a chip on the chip carrier and a computer via
an interface, for example a reading device, in
particular a smartcard, characterized in that the chip
holds a key which has an unambiguous and predetermined
connection with genetic information specific for the
individual animal.
The invention may also provide for the chip to have a
processor for decrypting messages using the stored key.
The invention may also provide for the chip to contain
an interface for entering digitized genetic information
and a comparing device for verifying the assignment of
the stored code to entered digitized genetic
information.
The invention also provides a computer system for
carrying out a method as described hereinbefore, which
has a central computer having a data carrier which
holds identification data which have an unambiguous and
predetermined connection with genetic information
unambiguously identifying an animal or the biological
material.
Advantageously, the method according to the invention
makes use of the genetic information of the animals or
the biological material for identification and for
proving the pedigree. The genetic information is
determined, for example, from a blood sample or tissue
sample of the animals or from their egg cells or sperm
cells using known methods. The root of a hair, for
example, is sufficient as a tissue sample. Carriers of
CA 02336340 2000-12-29
- 13 -
the genetic information are ribonucleic acids (RNA)
which represent the substance material of the genes and
which are capable of identical duplication. The genetic
information may be summarized or else standardized in
various ways. To explain particular properties, it is
possible to use the genes coded [sic] therefor or
genetic markers. In order to ensure access to the
genetic information, said information is stored in the
form of reference datasets on a storage medium. In
order to identify an animal or to prove or verify the
pedigree of animals or of biological material, the
reference datasets are retrieved from the storage
medium and compared with data already available. Before
being able to access the reference dataset, the user
first has to prove his authorization. This can be done,
for example, by entering a password., a name or a PIN.
Moreover, the authorization may also be stored on a
smartcard, for example. The user may only retrieve the
reference dataset for which he can prove authorization.
All other reference datasets on the storage medium are
not accessible to him. An example of this type of user
may be the owner of an animal. He may also pass on his
authorization to a third party. In this way it is
possible, for example, for the buyer of an animal, to
quickly and simply verify whether the data provided by
the seller belong to the animal of'fered for sale. In
this case, a time limit is imposed on the authorization
for the potential buyer. When missing animals are
found, it is possible to verify whether the found
animal is the one which is being looked for. In both
cases, cell samples may be taken from the animal in
order to determine a certain amount of genetic
information therefrom. Comparison between the
determined information and the reference datasets
provides the identity of the animal. In addition, the
pedigree of the animals may be determined with the aid
of genetic information. For breeding, sperm cells or
egg cells are frequently taken from animals and stored
appropriately. The gametes are stored in suitable
CA 02336340 2000-12-29
- 14 -
containers and are available, if needed. When
purchasing such gametes, the buyer can determine the
pedigree of the gametes by taking a sample and
comparing the data determined from the sample with a
reference dataset. In this way it is also possible to
determine suitable mating suggestions for an optimal
breeding result.
There is no danger of manipulation of the reference
data in this method, since only authorized persons can
retrieve the data. In addition, only a central location
may be allowed to modify the reference data so that
even authorized persons cannot modify the data. The
contents of the reference dataset provide a genetic
fingerprint of the relevant animal, organism or
biological material. Said fingerprint permits
unambiguous identification and can be verified by any
laboratory.
Biological material from animals or organisms may be
stored for storage or handling in suitable containers
which are provided with a storage medium for the
genetic information of the bioloqical material. To
verify the contents, the genetic inf:ormation determined
from a sample of the biological material is compared
with the stored data.
According to an advantageous embodiment of the
invention, the reference datasets additionally hold
characteristics or properties of the animals or the
biological material. In this way, a direct link is
created between the general characteristics and
properties of the relevant animal and the genetic
information which is contained in the reference data
and which identifies the animal unanlbiguously ("genetic
fingerprint"). The general characteristics and
properties may be, for example, specific skills of the
animal, the owner, ancestors and descendants, prizes or
awards, value declarations, information about general
CA 02336340 2000-12-29
- 15 -
and specific skills, training, genetic diseases, other
diseases, vaccinations or dates of veterinary visits.
Examining the reference dataset therefore not only
permits the obtaining of knowledge about the abstract
genetic information, but also facili_tates the retri(eval
of characteristic data of the animal or of the
biological material. In this way, it is also possible
to study, evaluate or show the connection between
particular genetic information and characteristic
features of the animal or of the biological material.
According to another advantageous embodiment of the
invention, the characteristics or properties deducible
from the genetic information are determined and stored
in the reference dataset. The characteristics or
properties of the animal may be not only those which
have been determined in a study or through observation
over a relatively long period or which are based on
historical values, but also those which result directly
from the genetic information. If the genetic
information is present in the form of a reference
dataset on a storage medium, it is possible to take
advantage of rules already known or else of the latest
findings in order to present the characteristics
resulting from the genetic information in a quick and
simple manner.
According to another advantageous embodiment of the
invention, the reference datasets hold photographic
pictures. These may be in particular ordinary
photographic pictures showing the overall appearance of
the animal or else results of visualizing diagnostic
methods (e.g. ultrasound examination, X-ray
examination, endoscopy, computed tonlography), which are
used to record the physical state of the animal.
According to another advantageous embodiment of the
invention, the biological material is embryos, sperm
cells or egg cells from animals. These are, after
CA 02336340 2000-12-29
- 16 -
having been taken from the relevant animal, filled into
suitable containers and stored at low temperature. The
containers may carry labeling or electronic data
carriers, for example microchips or so-called smart
labels, which contain the data essential for the
contents of the container. Smart labels are very thin
storage units having an interface for input and output
which works like a transponder. These smart labels can
have the same thickness as a sheet of paper and
therefore may be used as "electron.Lc tags" instead of
paper tags.
Accessing the reference data makes it possible to
verify the data given on the containers, in particular
when a sample is taken from the sperm cells or egg
cells and the genetic informat:ion is determined
therefrom.
According to another advantageous embodiment of the
invention, the biological material is blood samples or
tissue samples from animals, cells from cell cultures
or microorganisms. These may be stored, for example,
for the purpose of testing or studying. In this case,
verification of the sample is possible at any time.
According to another advantageous embodiment of the
invention, the reference datasets are stored at a
central location. This central location manages and
monitors the data so that they cannot be manipulated or
falsified by third parties. Authorized persons can
access the stored data at the ceritral location. The
central location may also issue the relevant
authorizations.
According to another advantageous embodiment of the
invention, the reference datasets are encrypted at the
central location. This makes it more difficult for
unauthorized persons to access the data and prevents
corresponding manipulation of the data. Thus it is
CA 02336340 2000-12-29
- 17 -
possible, for example, to provide a public key and a
private key for encrypting and decrypting the data. By
retrieving the reference data, the user adds his
signature to the dataset contents., comparable to a
digital signature.
According to another advantageous embodiment of the
invention, the key used is the particular genetic
information or the key is based on the particular
genetic information. Thus it is possible, for example,
to compute the base number determined from the sample
of the animal with a control number only known at the
central location and to use said base number as a
private key.
According to another advantageous embodiment of the
invention, the authorization for retrieving a reference
dataset is stored in particular on a smartcard. In
order to retrieve the reference dataset, the smartcard
has to be inserted into a reading device provided for
this purpose. The reference data are released, only
after the authorization has been verified and
recognized. The card user receives suitable software
with the aid of which he is able to access the
reference data on his computer. A data network offers
the possibility of accessing the ref:erence data online.
For this purpose a suitable data corinection between the
central location and the user is required. Instead of a
smartcard it is also possible to provide a different
carrier of an isolated chip having an interface for
communicating with a computer, for example in the form
of a bracelet, a key ring or another object which the
user may wear on his body; the interface need not
necessarily be electronic, but may, where appropriate,
also work optically. The term "chip" in the context of
this application ought to mean not only electronic
semiconductor components having a memory function and a
built-in microprocessor, but also memory chips having
solely memory function or other memory devices of
CA 02336340 2000-12-29
- 18 -
similar size - and/or logic units, for example
holographic memory devices or the like. Accordingly, a
"smartcard" or a "chip carrier" in the context of this
application means also a carrier or card which carries
a chip in accordance with this application. The chip
carrier generally has similar or smaller dimensions
than a smartcard.
According to another advantageous embodiment of the
invention, a password, name or PIN is entered for proof
of authorization when retrieving a reference dataset.
According to another advantageous embodiment of the
invention, the genetic information of the reference
datasets is used to determine mati_ng suggestions for
breedings. For this purpose, it is possible to select
from the reference datasets suitable male and female
animals in order to achieve the desired breeding
result. Data in the form of reference datasets make the
selection from among a relatively large total number of
animals easier.
According to another advantageous embodiment of the
invention, the storage medium containing the reference
data and, where appropriate, access authorizations is
integrated into an identity tag which is worn by the
animal. This makes assigning the animals easier.
According to another advantageous embodiment of the
invention, an output device linked to the storage
medium displays the genetic iriformation of the
reference datasets in the form of a histogram. This
diagram makes it possible to visually register the
genetic information quickly and sinlply and to compare
said information with that of other animals.
In the following, some aspects of the invention are
explained in more detail.
CA 02336340 2000-12-29
- 19 -
A problem occurring frequently in connection with the
identification of animals is the exchange of documents
referring to the animal, and it is not easily possible
to assign unambiguously the contents of the documents
to the animal. Safe assigning of the key to the
particular animal or to authorized persons is a great
problem for protecting identifying information against
falsifications. To this end, the invention provides a
method which integrates safe individualizing
information (e.g. genetic fingerprint) into the
production of the keys, either into the keys per se or
into certificates which assign the keys certified by a
certification authority to parti_cular persons or
animals.
According to a preferred embodiment, the invention
provides as a solution to this problem that the animal-
related data on the data carrier have either themselves
been encrypted using a key unambiguously connected with
genetic information unambiguously identifying the
animal or that verifying information which irreversibly
and unambiguously identifies further information, which
pedigreeally has been stored and need not be encrypted,
is encrypted using such a code. Such verifying
information can be generated by so-called one-way
functions, also called hash functions. If, after
encrypting, said further unencrypted information on the
data carrier is manipulated, this can be detected by
comparing the coded and stored value of the one-way
function with the value which is obtained when applying
the one-way function to the data actually stored on the
data carrier. If the two values do not match, then the
data have been modified or the wrorig key was used for
decrypting.
Genetic information which unambiguously identifies an
animal or an organism can be obtained, for example,
using the so-called microsatellite method. This method
makes use of the fact that in particular regions of the
CA 02336340 2000-12-29
- 20 -
genome a particular sequence of bases, for example CA,
is repeated with an individually clifferent number of
repeats. These regions are flanked by stable genomic
regions which serve as target sequence for the binding
of primers in a polymerase chain reaction (PCR). If the
number of these repeats is determined in a sufficiently
large number of appropriate genomic regions, the total
amount of these repeats is specific for the individual
animal or the individual organism.
If then a particular sequence of the genomic regions,
in which these repeats are determ:ined, is fixed and
numbers corresponding to the number of these repeats
are arranged according to this sequence, then a
sequence of digits is obtained therefrom which is
likewise specific for the specific individual.
Another method for presenting individual genetic
information makes use of polymorphisms at individual
nucleotide positions of the genome. The SNP (single
nucleotide polymorphism) method provides a dataset in
which for each of the studied genome positions the
statement 1 (= result 1, e.g. corresponds to the
population value) or 0 (= result 2, e.g. deviating
value) is obtained. The results of the study in their
entirety produce a binary number
(e.g.011100010100001111101010). For safe
individualization approx. 40 genomic sites have to be
studied. At present there are neither for humans nor
for other organisms any defined standards denoting the
positions to be studied. To obtain SNP information,
various methods are available which are increasingly
automated in the form of DNA chips which facilitates
high sample throughput. Examples of different
approaches are the fixing of oligonucleotides
specifying a specific position on chips. Another
technique provides for distinguish_Lng the polymorphic
PCR products by their molecular weight (Internationales
Technologieforum 99, 23/24 June 1999, ICM
CA 02336340 2000-12-29
- 21 -
Internationales Congress Center, Neue Messe Munich).
Most encryption algorithms start out from a random
number based on which the key is then generated. If
this random number is then replaced by a sequence of
digits which is specific for the individual and which
has been obtained from the genetic information in the
above-described manner an encrypting code specific for
the relevant individual is obtained. Generally it is
possible to use for generating the key any digitized,
preferably genetic information unambiguously
identifying the animal.
According to the invention, it is possible to verify
whether the animal in question corresponds to the
stored data, by taking a sample from the animal,
determining the appropriate genetic information and
verifying whether the key corresponding to this
information is the key for decrypting the coded data.
If it is impossible to decrypt the encrypted
information or if the stored value of a one-way
function is different from the remaining data, as
previously described, due to applying the wrong key,
then manipulation of the data or an exchange of the
animal must be suspected. In this way, it can be
excluded that the animal to which the data refer has
been exchanged.
Another problem is that the stored data can be
falsified on the data carrier or during transport via
the Internet. This risk can be diminished by
restricting and controlling the group of persons who
have access to the key or to the assigning of the key
to genetic information. Another way to proceed is to
send the encrypted part of the data to a trustworthy
central location for decrypting, which location re-
transmits the decrypted result without releasing the
key required for decryption and, where appropriate,
verifies the authenticity of the data and/or the
CA 02336340 2000-12-29
- 22 -
assigning of the animal to the stored data.
This method, however, is complicated and offers no
guarantee that the information exchanged between the
trustworthy location and a user remains unmodified.
Furthermore, it is important in this procedure that, if
possible, the key is not revealed even to the owner of
the animal, since otherwise there is the danger of
falsifying the data using the correct key. It would
also be desirable for an owner to be able to verify
directly, using genetic information, whether the animal
in question corresponds to the stored data.
It is possible to circumvent these problems by using an
asymmetric pair of keys, the public key being
unambiguously connected with the genetic information
which identifies the animal and which may be known to
the owner or may be directly verified by said owner,
while the private key used for encrypting the data is
only known to the person or the location or is only
available to said person or at said location, that has
written the data on the data carrier or is authorized
to do so.
Asymmetric keys are generally known in data technology
and form, i.a. the basis for the digital signature.
Regarding details relevant to the encryption of data
and regarding other aspects of data security, in
particular one-way functions or hash functions,
reference is made to M. Raepple, "Sicherheitskonzepte
fiir das Internet", Heidelberg 1998 or to RSA
Laboratories "Answers to Frequently Asked Questions
About Today's Cryptography", Version 3Ø
The following describes an example of how an asymmetric
RSA code can be generated based on genetic information.
An RSA code can be generated as follows:
- take 2 large prime numbers p and q,
CA 02336340 2000-12-29
- 23 -
- form their product n = p.q,
- choose a number e which is less than n and not
divisible by p-1 and q-1,
- find a number d such that (e.d)-1 is divisible by
(p-1) . (q-1) .
The value pair (n, e) forms the public key and the pair
(n, d) forms the private key. The factors p and q are
deleted or securely stored together with the private
key.
To encode a message m using the public key, the power
of m is modularly raised according to the formula c = me
mod n. To decode, the power of the coded message c is
raised on the basis of the private key and according to
the formula cd mod n. The structure of the RSA key is
precisely such that consequently the original message m
is exactly reproduced. Conversely it is also possible
to encode using the private key according to the same
formulae and then decode using the public key.
To generate an animal-specific pair of keys, it is
possible in the RSA algorithm, for example, to equate
the number determined from the genetic information with
the number e, which, after factorization of e, results
in prime numbers p and q for which p-1 and q-1 are not
divisible by e. According to the RSA algorithm, the
number d is then determined so that the public key
contains as a parameter the number e which corresponds
to the abovementioned genetic iriformation. If the
private key which is only accessible to the owner of
the animal, to a trustworthy authority or the like is
then used to encrypt information within the dataset,
for example the result of a hash furiction, a successful
decryption using the public key may then not only
verify that the stored information is indeed related to
the animal in question (which, in the present example,
is possible by comparing e with genetic information
obtained directly from the animal), but may also verify
CA 02336340 2000-12-29
- 24 -
the person who carried out the encryption, just like a
digital signature.
It should be taken into account in this connection that
the second parameter of the public and private keys, n,
is not unambiguously defined in the abovementioned
example. Accordingly, it is possi_ble to generate a
plurality of keys which are, in the abovementioned
sense, specific for the animal, but belong to different
persons. This makes it possible for different persons,
whose authenticity can be directly verified, to be able
to write animal-related data to the data carrier.
Another possibility to facilitate authentication of the
person who has written data to the data carrier is to
encrypt the message encoded by the "animal-specific
code" again by a code specific for the particular user,
or to have the relevant user in a conventional manner
digitally signing a text, which he has generated, by
him, for example, calculating the value of a hash
function from the generated text and encrypting this
value using his private key out of an asymmetric pair
of keys, this coded value then being added to the
dataset.
In order to further increase verification and security
of the key used, it is possible to provide for
implementing the key required for decryption on a
smartcard. In this context, it is possible to provide
either for a computer used for decryption to access the
key securely stored on the smartcard and to use said
key for decryption, or, preferably, for the smartcard
itself to contain a processor for decrypting messages
so that an encrypted text is entered into the card and
an uncoded text is printed out, while the stored code
itself does not get outside. The smartcard may also be
provided for storing the private key of a user and,
preferably, may have a processer for encrypting
messages using the private key.
CA 02336340 2000-12-29
- 25 -
Assigning the smartcard to a particular animal may be
carried out in various ways.
The simplest possibility is choosing the public key,
for example as previously explained, in such a way that
genetic information specific for the animal is part of
the public key, for example such that this information
forms the parameter e. In this context, the public key
may be printed, in the simplest case, on the smartcard
or may be retrieved from the smartcard memory by a
simple output operation.
If the public key is not to become known to everybody,
then it is also possible to prov_Lde for storing an
assigning instruction between the genetic information
and the public key on the chip of the smartcard and for
the smartcard to be set up in such a way that digitized
genetic information obtained from the actual animal can
be entered. A processor in the smartcard then
calculates the key from the entered digitized
information, according to the ass:igning instruction,
and compares said key with the stored key. If there is
a match, the processor states that the entered
information corresponds to the stored key, and it
states that the smartcard does not correspond to the
relevant animal, if there is no match between the
stored key and the key determined by the processor. The
smartcard preferably contains further information,
retrievable as uncoded text, about which methods have
been used to obtain the genetic iriformation on which
the key stored on the smartcard is based, and about
which method is used to digitize the obtained
information. A user to whom the appropriate genetic
information relevant to the animal in question is
available therefore does not require a certification
authority or the like in order to detect whether a
particular code or a particular smartcard has indeed
been assigned to a particular animal. He may detect
CA 02336340 2000-12-29
- 26 -
this by himself using the genetic i_nformation obtained
from the animal and the information stored on the
smartcard. This also gets rid of all problems which, in
connection with the digital signature, derive from the
communication between a user and a certification
authority. The physical link between keys and animal-
identifying data on the smartcard prevents manipulation
of the communication and of the components required for
secure data transport.
The above-described method can be used for setting up a
system for the certification and verification of
animals on an electronic basis. The data relevant to
the animal, for example date of birth, ownership data,
vaccination data, etc., are stored at a certification
authority on a central computer which is accessible in
the usual way for privileged users and on which, where
appropriate, part of the stored data is publicly
accessible. The appropriate data have either been
encrypted using the private key of an animal-specific
asymmetric pair of keys, i.e. a code which is based on
genetic information about a particular animal in the
manner mentioned above, or the value of a one-way
function which results from this one-way function being
applied to the appropriate dataset has been added to
each dataset, encrypted by said animal-specific private
key. In both cases, it is possible for a user reading
the appropriate data or receiving them via the Internet
to verify that said data are genuine and that they
derive from a particular person.
The owner of the animal receives an animal-specific
smartcard which holds the animal-specific asymmetric
key, i.e. the private as well as the public key. The
smartcard simultaneously serves as an animal identity
card which contains a certificate from the
certification authority. The certificate contains the
name of the animal, a continuous serial number, the
name of the issuing authority, the name of the
CA 02336340 2000-12-29
- 27 -
applicant, the name of the place which has obtained the
genetic information on which the coding is based
("genetic fingerprint"), the method which obtained this
information, the genetic information itself and a
validity period and also, where appropriate,
information about the public key and/or about the
encryption method. This certificate is readable from
the chip as uncoded text or using a public key of the
certification authority. The certificate may also be
printed on the smartcard, if desired.
In order to obtain access to the data stored at the
certification authority, the genetic information and
public key are read out from the smartcard via a
reading device and transmitted to the certification
authority. Using the genetic information, the computer
of the certification authority determines data related
to which animal are to be released.. Using the public
key, the computer verifies whether the user logged on
is authorized to read the data. It is also possible to
transmit other data instead of the genetic information,
for example a serial number which refers to the
relevant animal. Likewise it is possible to provide for
additional or alternative devices for blocking access,
for example passwords.
The owner receives an access authorization for those
parts of the data stored on the central computer which
are owner-related, for example place of rearing,
nutritional data, and the like. For other data, for
example date of birth, place of pedigree, and the like,
the owner only receives a restricted access
authorization, although he possesses the appropriate
private key. Generally, he will be allowed to read
these data but not to modify or to delete them. Access
authorization can be set up in a conventional manner by
issuing read and write privileges on the central
computer and/or by a conventional password. Other
access control mechanisms, for example speech
CA 02336340 2000-12-29
- 28 -
recognition or the use of physical characteristics of
the relevant person (fingerprint, iris scan, etc) may
also be used. Another possibility of access control,
which may be provided for, is to allow data access only
when the user deposits a digital signature, i.e. a
message encoded by a private key which has been
assigned to the user by a certification authority which
can be the certification authority for the animal data
or else a certification authority according to the
digital signature act.
It is also possible to provide for a single smartcard
(master card) facilitating access to data relating to a
plurality of animals, for example for breeders or
organizations, this master card preferably containing
only the particular public keys but not the private
keys so that the owner of this master card can read all
data relating to the various animals but cannot modify
them without the animal-specific card described
hereinbefore.
The persons running the certification authority
likewise possess the private and the public animal-
specific codes and have full access authorization for
all parts of the data.
It is possible for the owner (or the certification
authority) to facilitate third-party access to the data
by allowing said third parties to read the data, either
for a limited time or permanently, for example by
issuing a password and providing said third parties
with the public animal-specific key. It is further
possible to allow particular users, for example
veterinarians, to modify or rewrite particular data,
for example vaccination data, examination data, etc.,
said users then digitally signing, for example by
encrypting the value of an appropriate one-way
function, the data which they modified or rewrote using
a private key specific for them. If these data are
CA 02336340 2000-12-29
- 29 -
modified, the certification authority generates a
second signature in the form of the coded value of a
one-way function using the animal-specific private key,
in order to confirm the authenticity of the assigning
of the written data to the corresponding animal.
It is, however, also possible to provide for a third
party being able to access the data and to read and/or
modify them only when using simultaneously the animal-
specific smartcard of the owner for authorization by
inserting said card into an appropriate reading device.
In this case, he can access the data stored at the
certification authority only if this smartcard has been
handed to him and if the owner has thus authorized him.
The example of a veterinarian who has writing
authorization for data at the certification authority
serves to further illustrate third-party access.
The veterinarian has a private and a public key
available which have been assigned to him by the
certification authority and or [sic] according to the
digital signature act. A file ("register sheet") for
treatment data has been created in the electronic
register created by the certification authority. The
veterinarian receives reading authorization for the
parentage data such as date of birth, pedigree datum,
etc., and an access authorization for writing and
reading vaccination data and for writing treatment
data, the privilege of reading treatment data which are
not connected with his work possibly being restricted.
During a treatment session, the animal owner hands the
animal-specific smartcard assigned to the animal over
to the veterinarian who establishes a link to the
certification authority with the aid of this card.
Reading the information of the certificate and
transmitting data stored on the animal-specific card,
such as the stored and animal-specific public key and a
CA 02336340 2000-12-29
- 30 -
password, to the certification authority, opens access
to the stored data at the certification authority,
which relate to the actual animal. To read or write
data, the veterinarian has to personally identify
himself once more. This can be done by transmitting
data of a smartcard assigned to the veterinarian or by
transmitting data, which are securely stored on the
smartcard reading device or on the computer of the
veterinarian, automatically to the central location.
The usual techniques for a secure link may be used for
communication between the veterinarian and the
certification authority. It is, for example, possible
to exchange with the aid of an asymmetric pair of keys
a symmetric session key which has been specifically
generated for the session and which is used to encrypt
the entire communication between the veterinarian and
the certification authority during the session.
Once both the authorization relevant to the animal and
the authorization of the veterinarian have taken place,
the veterinarian may read or, if permitted, modify the
data accessible to him in the register of the
certification authority. The veterinarian adds a
digital signature to the data modified or rewritten by
him.
A communication is also possible in the reverse
direction, for example for transmitting data about
illnesses. In this context, the appropriate message is
encrypted either using the animal-specific private key
or the private key of the veterinarian or the public
key of the recipient. Alternatively, the message is
sent uncoded and, to verify authenticity, a signature,
for example the value of a one-way function applied to
the message, encrypted using the animal-specific
private key or the private key of the veterinarian, is
generated and attached to the message.
The above-described method may be used, for example,
CA 02336340 2000-12-29
- 31 -
for identifying animals at breeding shows. To register
the animal, the animal owner transmits the genetic
information which identifies the animal and which is
the basis of the public animal-specific key, as
explained hereinbefore, and also the public animal-
specific key given on the sniartcard or other
information assigning the smartcard to the genetic
information. When arriving at the breeding show, the
animal is identified using the transmitted genetic
information. The certificate, stored on the smartcard
or printed, is used as a basis for verifying that the
public key given belongs indeed to the genetic
information given so that the smartcard is
authentically assigned to the animal presented. The
smartcard verified in this way can then be used to
access the data at the certification authority. If the
data at the certification authority can be decrypted
using the key stored on the smartcard, then it has been
established that the animal presented corresponds to
the data stored at the certification authority.
It is possible to proceed in a similar way also for
business transactions relating to the animal, for
example for animal sales. In this case too, the public
key is transmitted together with the genetic
information identifying the animal. Instead of the
public key, it is also possible to transmit other
information which produces unambiguous assigning of a
smartcard to be present [sic] to the transmitted
genetic information. As long as the smartcard verifies
the assigning of the stored data, in particular of the
stored code, to the genetic information automatically,
giving the genetic information alone is sufficient for
authentication of the card.
Various modifications of the above-described procedure
are possible. It is possible, for example, to use other
encryption methods. Access authorizations, in
particular reading or writing privileges, may be
CA 02336340 2000-12-29
- 32 -
organized differently.
Information relevant to obtairiing the genetic
information, the assigning of this information to a
public key, etc. need not be stored on a smartcard, but
may also be communicated in a different manner.
The method may be developed into an Internet
marketplace, for example for electronic animal trade or
electronic animal auctions. In this context, particular
information of the reference datasets or, more
generally, of the data which are stored at the
certification authority and are relevant to the
registered animals and/or materials, is made available
via search functions. The marketplace may be open, it
being possible to protect data transmission by standard
methods. Alternatively, access to the information in
general or else only to particular information may be
restricted to authorized users.
In the context of building up a genetic certification
authority, specific genetic information of the
reference datasets may be issued as electronic or
written certificates for particular animals or
materials, in particular as certificate for other
properties and/or characteristics.
Finally, the method according to the invention may be
used for building up a standardized animal database for
which no longer the genetic information (the "genetic
fingerprint") forms the animal-identifying data, but
rather the key assigned to this information. The
methods which are at present used for producing a
"genetic fingerprint", are different so that one and
the same animal may correspond t.o a plurality of
"genetic fingerprints", depending on the method used.
Accordingly, it is at present difficult, to screen
various databases for data relating to the same animal
by using the genetic information. Within the scope of
CA 02336340 2000-12-29
- 33 -
the invention, the method of obtaining the genetic
fingerprint is unimportant as lonq as only a single
individually assigned key (or other digital
information) is assigned to each ariimal; the principal
search criterion is the animal-specific code or key. A
certificate naming the method, which is used for
determining the genetic fingerprint, and the assigned
key links the key and the specific genetic information,
this certificate always being available together with
the key and either being stored together with said key
or being retrievable from a server at any time.
The characteristics of the invention which are
disclosed in the above description and in the claims
may be important both alone and in any combination for
the realization of the invention in its various
embodiments.