Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Counterfeit-Resistant Optical Fiber Technical Overview

Counterfeit-Resistant Optical Fiber
Technical overview
Overview
Providers of sensitive digital content use digital signatures to faithfully identify themselves as the
providers of that content to consumers. However, digital signatures currently work only for content
created on a computer and consumed on a computer. They cannot work on content contained on
some form of physical media, such as a cashier’s check or a drug container label. For this reason
attackers may create replicas of a content provider’s physical media with fraudulent content and
consumers have no means to identify the provider of the media or the content.
Microsoft Research has invented a method for digitally signing and authenticating paper or other
physical media that contains embedded optical fibers. This technology has very high rates of
accuracy and precision, and works with off the shelf scanning hardware. Manufacturing technology
for embedding fibers in paper already exists for current security measures.
Consumers of content provided on this media may verify the identity of the media provider using a
low resolution optical scanner or camera device. The media may also contain information allowing
consumers to verify the integrity of the content provided on the media.
Components
The media manufacturing, media signing, and content signing components of the tamper proof label
technology can be handled separately, potentially by distinct providers. The media and the content
on the media can also be authenticated separately using the cryptographic algorithms most
appropriate for each.
Media Creation
The requirements on the physical media are only that it contain embedded optical fibers, and that the
fibers be exposed to external light sources. Thus, this technology will work with paper, plastic, cloth,
or other base media. A media manufacturer may provide the physical media without any
involvement in the signing or authentication process.
As an example, consider a paper manufacturer that provides paper with embedded optical fibers in a
variety of sizes. Some sizes of paper may be appropriate for drug labels, some sizes for financial
instruments, some sizes for legal contracts, etc. This paper has no inherent security, but customers
can choose the size of paper that fits their purpose and apply the flavor of tamper resistance
appropriate for the specific application.
Media Signing
With a supply of stock material containing embedded fibers, a tamper resistant media provider
would apply its signature to the media. Once this is done the tamper resistant media can be
authenticated as valid media from the media provider.
As an example, consider that a paper manufacturer provides paper with embedded fibers in 4x8
stock, a size used by many banks for tamper resistant cashier’s checks:
© 2005 Microsoft Corporation. All rights reserved.
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
8"
4"
This manufacturer supplies a tamper resistant paper provider (SecurePaper) which signs the paper
(SPKPr = SecurePaper’s private key):
Paper
stock
Fiber
scanner
Fiber
data
Image
compression
Compressed
data
Encryption
+ SPKPr
Signature
data
Barcode
Barcode
generator
Secure Paper, Inc.
The image compression component can use any available compression algorithm, or be left out
completely. It serves the purpose of decreasing the amount of data encrypted into the signature, thus
reducing the size of the signature and the space on the media required to print the signature. MSR
has developed two efficient and performant compression algorithms that may be used here (see
related documents for description of image compression algorithms developed by MSR).
The encryption component may use any asymmetric key encryption algorithm. The most common
example in current use is RSA.
The barcode generator component may use any available algorithm, or be left out entirely. The
signer may trivially choose to print the signature data on the media as raw hexadecimal numbers.
However, barcodes provide significant advantages in data density and ease of scanning. MSR has
developed a very data dense and performant barcode generator that uses scanning hardware similar
to the hardware required for the optical fiber scanner (see related documents for description of 2D
barcode technology developed by MSR).
© 2005 Microsoft Corporation. All rights reserved.
2
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
All of these components might be combined into a single device, perhaps with form factor similar to a
fax machine. The device would contain an optical fiber scanner, a barcode printer, and the signature
generation algorithms as embedded software.
No matter which algorithms a provider chooses to use to sign the media, anyone who wishes to
authenticate the media must use the same algorithms. Both parties can agree on the algorithms as
part of a contract, or the provider may indicate the algorithms used by including the information on
the media in clear text (unencrypted). This can be printed in human readable form, or included as
part of the barcode. Providing information on the algorithms used to potential attackers does not
appreciably decrease the security of the media.
Similarly, a consumer wishing to authenticate the provider of the media must know who the provider
is. For some contracts a consumer may expect media from only one provider. If a consumer must
authenticate media from multiple providers each provider can print clear text identification on the
media as text or as part of the barcode. This will not decrease the security of the media.
Content Signing
The security of signed tamper resistant media does not affect the security of the content on that
media. The security in the media only allows a consumer to authenticate the provider of the media.
The content provider must secure the content separately. (In the case where the media provider and
the content provider are the same the information may be combined, for instance into a single
barcode.)
As an example, consider a bank (FooBank) which purchases the tamper resistant paper signed by
SecurePaper described in the previous section. FooBank prints checks on the tamper resistant paper,
securing the details of the content using whatever means it chooses (FBKPr = FooBanks’s private
key):
Bank check
content
+ FBKPr
Secure Hash
+
Encryption
Signature
data
FooBank 789042 724032 8432 5658906 76076908606
$ $$$$ $
Secure Paper, Inc.
As in the media signing, any encryption algorithms may be used. The content provider may also
choose to optionally encode the signature as a barcode printed on the media. In this example
FooBank has printed the content signature as a number on the media along with the content itself.
Media Authentication
A consumer who wishes to authenticate an item of tamper resistant media must know who the
expected provider is and have access to that provider’s public key. Public keys are available from
© 2005 Microsoft Corporation. All rights reserved.
3
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
trusted Certificate Authorities (CAs). The authenticator must also know what algorithms the signer
used when signing the media. Finally, the consumer must have access to an optical fiber scanner
appropriate for the media, and a device able to match the scanned fiber data against the data
retrieved from the signature.
Continuing the previous example, consider a consumer who wishes to authenticate the tamper
resistant media provided by SecurePaper. This could either be FooBank authenticating the media
before writing a bank check, or another bank authentication the media on which a FooBank bank
check is written (SPKPu = SecurePaper’s public key):
Tamper
resistant
media
Fiber
scanner
Fiber
data
Statistical matching algorithm
Match?
Yes or No
Original fiber
data
Barcode
scanner
Signature
data
Decryption
Compressed
data
+ SPKPu
Image
decompression
The barcode scanning algorithm, decryption algorithm, and image decompression algorithm must
match the barcode creation algorithm, encryption algorithm, and image compression algorithm used
to create the signature. The statistical matching algorithm is an integral part of the tamper resistant
technology developed by MSR.
All of these components might be combined into a single device, perhaps with form factor similar to a
bill reader (such as on vending machines). The device would contain an optical fiber scanner, a
barcode scanner (potentially the same physical device), and the signature authentication algorithms
as embedded software.
Content Authentication
The protocol for authenticating the content on the tamper proof media would not differ from the
protocol for authenticating content on normal, unsecured media. However, digital signatures are not
commonly used for content on physical media.
Content on physical media that was signed using the standard approach of encrypting a secure hash
of the data would have to be read onto digital media for authentication. MSR has developed an
optical character recognition (OCR) algorithm for this process (see related documents for description
of OCR technology developed by MSR). Once read, the content can be authenticated using a standard
signature authentication protocol (FBKPu = FooBank’s public key):
© 2005 Microsoft Corporation. All rights reserved.
4
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
Signed
content
Signature
scanner
Signature
(encrypted
hash)
Decryption
Hash
+ FBKPu
Binary compare
OCR
scanner
Content
data
Match?
Yes or No
Secure Hash
Hash
Alternately, the content on the physical media could be signed by encrypting the data itself. This
would lead to a much larger signature, requiring that the content signature be printed using similar
barcode technology to the media signature. In this case an authentication device could decrypt the
data and display it to a human operator to manually compare to the printed content:
Signed
content
Barcode
scanner
Signature
(encrypted
data)
Decryption
Data
+ FBKPu
Human operator
Content
data
Match?
Yes or No
Media Tracking and Repudiation
Tracking consumption of tamper proof media would require that the tamper proof media provider
maintain a database of valid media and expose this database to customers. Authentication devices
would need a network connection to the media database to check each scanned signature against the
list of valid media signatures, and to report consumption of media.
Many different enterprise systems already provide this type of service for secure data. This
technology would require no unusual components for this service.
Core Scenarios
This technology targets any scenario in which a content provider would like to give consumers the
ability to verify the authenticity of the physical media on which they provide content. For instance,
bank checks or currency, prescriptions, labels for drugs or limited edition items, certificates of
authenticity, or legal documents.
© 2005 Microsoft Corporation. All rights reserved.
5
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
Caveats




The current implementation of this technology is at the prototype stage.
Current prototypes use visible light for scanning optical fibers, which may cause problems
for opaque content.
Tamper resistant media remains vulnerable to theft and other forms of social engineering.
The blank media is itself nearly as valuable as items created with it, and must be protected
accordingly.
A provider of tamper resistant media must also provide scanning devices for authentication,
or ensure standard media sizes and layouts so other companies can manufacture
authorization devices.
Demo/Prototype
Media Creation
This technology will work with any material that can contain embedded optical fibers in such a way
that the fibers are exposed to light. A number of paper manufacturers already provide paper that
contains embedded fibers composed of different types of material. The optical fibers used by this
technology have similar size and flexibility characteristics with fibers used in current manufacturing.
The cost of the optical fibers is trivial.
The technology places no upper or lower bound on the number of embedded fibers, although a
reasonable range is 50-200 fibers per scannable area (e.g. a single label). As the number of fibers
decreases, the security of the authentication decreases. As the number of fibers increases, the
amount of data required for the digital signature increases, increasing the physical space required to
print the signature information.
Media Scanning
MSR has developed two approaches for scanning the embedded optical fibers. One determines the
position of the fibers using a static snapshot of the media, the other reads the positions of the fibers
as a camera makes a slow pass over the media. MSR built prototype scanners for both types of
technology using off the shelf technology, and estimated the cost of construction for each at
approximately twice the cost of a standard webcam.
Static Shot Scanning
A static shot scan works by shining a light source on the scannable area of the media. This
illuminates the endpoints of each fiber, exposing the constellation of points unique to that media.
The scan takes no more time than taking a photograph.
Swipe Scanning
The swipe scan works by shining a light source on the scannable area of the media in a narrow band.
The light source traverses across the entire scannable area to complete a full scan. As the light
source illuminates one end of an optical fiber the light travels to the opposite end of the fiber, causing
it to light up. The scanner can then record the coordinates of both ends of the fiber. This allows the
scan to determine not only the locations of the endpoints of each fiber, but also the relationship of the
points to one another and the orientation of the fibers. This extra data makes the data collected by
the swipe scan even more difficult to counterfeit. This method can scan at approximately 1cm/s.
The Effect of Printed Content on Scanning
The current prototypes of this technology scan the embedded optical fibers using light from the
visible spectrum. This means that content providers must place any opaque content on the media in
an area distinct from the scannable area, or ensure that the content is printed in such a way that it is
© 2005 Microsoft Corporation. All rights reserved.
6
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
transparent to light. However, MSR has experimented with using IR or UV light to scan the
embedded fibers. Many more types of ink are transparent to these frequencies of light, compared to
the number of types transparent to visible light.
Media Signing
A provider creates a digital signature by encrypting some unique content with the provider’s private
key and attaching the results of the encryption (the signature) to the content.
In this case the unique content is the data obtained by scanning the embedded optical fibers. The
results of the encryption are printed on the media, commonly in a data-dense format such as a two
dimensional barcode (see related documents for description of 2D barcode technology developed by
MSR).
The fiber data can be compressed before encryption, decreasing the amount of space required to
print the digital signature (see related documents for description of image compression algorithms
developed by MSR).
Media Authentication
When a consumer of a digitally signed artifact wishes to authenticate the provider of that artifact the
consumer begins by reading the encrypted signature and the original unique content. The consumer
decrypts the signature using the provider’s public key and compares the result of the decryption to
the original data. Only the provider’s private key will encrypt data in such a way that it will decrypt
correctly with the provider’s public key.
In this case the consumer scans the embedded fibers using the same technique used to create the
signature, and scans the signature using an appropriate barcode scanner. Decrypting the signature
should result in the same data scanned from the optical fibers.
Realistically, the data collected by scanning the optical fibers may differ from one scan to the next,
due to changes in the position of the scanner, wrinkles in the media, damage to or obstruction of the
fibers, etc. For this reason the authentication uses a statistical matching algorithm to compare the
decrypted signature to the data from the fiber scan. Tests of this algorithm by MSR have shown that
different scans of the same media produce data that matches at a mean rate of 90%, while scans of
different media produce data that matches at a mean rate of 12%. In both cases the standard
deviations are small. MSR has found that setting the lower bound for a successful match at 50%
allows the data comparison to account for variations in scans and for damaged or obscured fibers,
while making the possibility of false positive or false negative results vanishingly small.
Media Tracking and Repudiation
Digital signed media is still potentially susceptible to duplication attacks, in which a sophisticated
attacker carefully constructs media with the same pattern of optical fibers as an original, and then
simply copies the signature. A less sophisticated attacker could simply steal a shipment of valid
media. To combat these and other attacks, all media signed in this way can be tracked in a database
controlled by the media provider. As the content on the signed media is consumed, for instance
when a check is cashed or a product with a certificate of authenticity is sold, the scanner used to
authenticate the signed media reports to the database the signature of the consumed media. Any
further attempts to use media with that signature will expose fraud. Similarly, media providers can
invalidate the signatures of any media reported stolen.
Technical Specifications


Implemented in C/C++.
Core library has no software dependencies. GUI layer depends on DirectX.
© 2005 Microsoft Corporation. All rights reserved.
7
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.


All code currently at the prototype stage.
Requires scanner with 300dpi resolution (e.g. standard webcam).
© 2005 Microsoft Corporation. All rights reserved.
8
The information contained in this document relates to Microsoft Research pre-release/prototype products
and technologies, which may be substantially modified before their final commercial release by third party
IP venture companies. Accordingly, the information may not accurately describe or reflect the products
and technologies when first commercially released. This document is provided for informational purposes
only and Microsoft makes no warranties, express or implied, with respect to this document or the
information contained in it. Reproduction and redistribution of this document requires the express
permission of Microsoft Corporation.
Related documents
Clinical Agency Specific Orientation
Clinical Agency Specific Orientation
Application for Research Funding - The University of Tennessee at
Application for Research Funding - The University of Tennessee at
Online applicants - Heart is Found Photography
Online applicants - Heart is Found Photography
Application
Application
The Military Order of the World Wars
The Military Order of the World Wars
evaluation form for general employment traits
evaluation form for general employment traits
Registration form - University of Johannesburg
Registration form - University of Johannesburg
Patient Forms
Patient Forms
request to elect a concentration
request to elect a concentration
Download