[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digitally Signing Physical Objects



> 3. The shop or customer wishing to authenticate the part takes the
> number stamped on the part, runs it through the *public* key of the
> manufacturer (widely available, not kept secret, of course) and gets
> back the feature vector, which he can then compare to what he actually
> sees on the object.
> 
> (This clearly requires similar hardware to what was originally used by
> the manufacturer. And some tolerance for variations in intensity
> caused by equipment variations, wear, new scratches, etc., is needed.
...
> 4. A would-be forger cannot generate a "digital object signature" that
> correctly decrypts through the published public key. 
> --Tim May

This seems to have a tricky dependence on the tolerance.  The forger can
get a valid plaintext and signed feature vector.  So, if the tolerance 
for error is too low, you get false positives, but if it's too high, a 
forger could create something starting from the feature vector.  An
interesting CAD/CAM problem.

-fnerd
quote me

- - - - - - - - - - - - - - -
We shall have to evolve
Problem solvers galore
As each problem they solve
Creates ten problems more. --Piet Hein
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----