Composite security marking and methods and apparatuses for providing and reading same

The invention claimed is: 1. A composite security marking for a physical object, comprising: a physical unclonable function (PUF) implemented as a structure configured to generate a virtual pattern in response to a challenge; and an encrypted representation of a pointer indicating a location to a local or remote database or to a server address or Internet address where a digital signature can be accessed, wherein at least one of said representation of the pointer and said digital signature being accessible at the location is encrypted, such that in order to read said digital signature, the respective representation first needs to be decrypted, before said digital signature can be read; wherein the digital signature digitally signs a hash value resulting from application of a predetermined cryptographic hash function to data representing a response generated by the PUF in reaction to a challenge of a predetermined challenge-response authentication scheme, wherein said data representing the response generated by the PUF in reaction to a challenge of a predetermined challenge-response authentication scheme for said structure configured to generate the virtual pattern represents at least one recognized aspect or portion of said virtual pattern. 2. The composite security marking according to claim 1 , wherein the composite security marking comprises said pointer and said pointer indicates a routing to a data source that is accessible through a communication link and from which the digital signature is retrievable. 3. A physical object, comprising a composite security marking according to claim 1 . 4. A method of reading, with a reader device, a composite security marking according to claim 1 , the method comprising the following steps: a stimulation step, wherein a physical challenge according to a predetermined challenge-response authentication scheme corresponding to the PUF is created and applied to a PUF; a detection step, wherein a response generated by the PUF in accordance with the challenge-response authentication scheme in reaction to the challenge is detected and a digital signal representing the response is generated; a processing step, wherein the digital signal is processed in order to generate a first hash value of the response by application of a predetermined cryptographic hash function to the digital signal; an acquisition step, comprising accessing said first digital signature to recover from it a second hash value signed therewith, by: reading and decrypting the representation of the first digital signature in the marking based on a predetermined decryption scheme, or reading the representation of the pointer in the marking and acquiring and verifying the first digital signature from the location indicated by the pointer, including decrypting the representation of the pointer or the first digital signature according to the decryption scheme, respectively; and an output step, comprising outputting a first reading result comprising at least one of: a representation of the first hash value and a representation of the second hash value, a matching output indicating whether, according to at least one predetermined matching criterion, the first hash value matches said second hash value, or an output indicating a reading failure. 5. The method of claim 4 , wherein in the processing step the digital signal is generated in such a way that it represents at least one PUF-specific distinctive property of the response that is, at least substantially, invariant under variations of the environmental conditions at which the response is detected. 6. The method of claim 4 , wherein the output step comprises digitally signing data containing the generated first hash value and outputting the resulting digital signature as part of the reading result. 7. A method of reading with a reader device a marking, particularly a composite security marking according to claim 1 , that comprises both an encrypted representation of a first digital signature and a representation of a pointer indicating a location where a second digital signature can be accessed, the method comprising: an acquisition step comprising: accessing the first digital signature, including a first hash value signed therewith, by reading and decrypting its representation in the marking based on a predetermined decryption scheme and by verifying it; and accessing the second digital signature by reading the representation of the pointer and acquiring the second digital signature including a second hash value signed therewith from the location indicated by the pointer, including decrypting the representation of the pointer or the acquired encrypted second digital signature based on said predetermined decryption scheme, respectively, and verifying the second digital signature; an output step comprising outputting a first reading result comprising one or more of the following: a representation of the first hash value and a representation of the second hash value; matching output indicating whether, according to at least one predetermined matching criterion, the first hash value matches the second hash value; and an output indicating a reading failure. 8. The method of claim 7 , wherein the acquisition step further comprises: acquiring from the marking a further digital signature or a pointer indicating a source where a particular further digital signature pertaining to the marking can be accessed; and the output step further comprises outputting a representation of the acquired further digital signature as a second reading result. 9. The method of claim 7 , further comprising a storage step, wherein the first reading result is stored into a block of a first blockchain or into one or more node of a first blockless distributed ledger. 10. The method of claim 9 , wherein: the storage step further comprises storing the second reading result into a block of second blockchain being separate from the first blockchain or into one or more nodes of a second blockless distributed ledger being separate from the first blockless distributed ledger, respectively; and storing the first reading result comprises storing data representing the first hash value into a block of the first blockchain or into one or more nodes of the first blockless distributed ledger, respectively. 11. The method of claim 10 wherein: if the storage step relates to blockchains: storing the data representing the first hash value into a block of the first blockchain further comprises storing a cross-blockchain pointer, which logically maps said block of the first blockchain to a corresponding block of the second blockchain, into said block of the first blockchain; and storing the data representing the second hash value in a block of the second blockchain further comprises storing a cross-blockchain pointer, which logically maps said block of the second blockchain to a corresponding block of the first blockchain, into the block of the second blockchain; and if the storage step relates to blockless distributed ledgers: storing said at least one of said hash values into a node of the first blockless distributed ledger comprises storing a cross-ledger pointer, which logically maps the node of the first blockless distributed ledger to a corresponding node of the second blockless distributed ledger, into the node of the first blockless distributed ledger; and storing the supplementary information into a node of the second blockless distributed ledger comprises storing a cross-ledger pointer, which logically maps the node of the second blockless distributed ledger to a corresponding node of the first blockless distributed ledger, into the node of the second blockl