Fingerprints - the key to Legal Safeguarding
Every file on a computer is stored as a sequence of data ‘bits’. These bits form a chain of numeric data that is easily handled by the computer. These data bits act much like the atoms that build physical matter, individually they are ordinary, but when arranged in a specific order they build complex and unique things. Electronic fingerprinting works by performing a series of complex mathematical operations on the data bits in your file to form a unique profile of the data contained within (i.e. the document fingerprint). Each file is processed by the fingerprinting function (sometimes known as a hash algorithm, or message digest function) to produce a new string of data that contains the results of the mathematical operations on the original file.
Fingerprints are generated using a hash algorithm that produces signatures of a certain complexity (bit depth) which correlates to the number of possible combinations that can be represented by the fingerprint - the higher the complexity, the lower the possibility that a duplicate fingerprint could occur for different files. Two of the common fingerprint functions, MD5 and SHA-1 use 128-bit and 160-bit lengths respectively. This means that MD5 can have over 340,000,000,000,000,000,000,000,000,000,000,000,000 different values without repeating. SHA-1 can hold over 4 billion times as many as MD5. The Legal Safeguarding Agent produces 288-bit fingerprints - by combining a MD5 and SHA-1 fingerprint; yielding 2^288 (or 4.97x10^86) possible combinations. This yields a staggering number of possible combinations; imagine the number 497 followed by 84 zeroes. Using this method, if you were to generate 100 trillion fingerprints every second, it would take 1.57x10^65 years to exhaust the possible supply of fingerprints. (157,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years)
Like their real-world counterparts, electronic fingerprints cannot be used to re-generate the file or person which produced them. Both the MD5 and SHA-1 hash algorithms are considered to be “one way” algorithms, meaning that the mathematical functions to produce the fingerprint work for creating the fingerprint, but cannot be done “in reverse” to re-create the original. This is important, as it means that fingerprints can be transmitted, stored, and viewed by the public without compromising any of your sensitive data.
How are fingerprints used to authenticate files?
Since the fingerprinting function works on each individual bit of the original electronic file, even the slightest change produces a new fingerprint. It is because of this, that fingerprints can be used as a tool of file integrity; by comparing a known fingerprint value for a file to a newly generated fingerprint for that file it is easy to see if the file has remained unchanged. The important component to this process is in having a trusted registry of fingerprint information.
IP.com offers legal safeguarding in all of its products, and specifically created the IP.com Legal Safeguarding Agent to provide this function on a single document basis, or in an integrated way to existing document management solutions. The safeguarding agent ensures the integrity of the document at multiple levels, including the last and important step of publishing the certification record (fingerprint/date-stamp) into the public domain.
The next blog post in this series provides an overview of the IP.com legal safeguarding process and how the IP.com Legal Safeguarding Agent works.
Fingerprints are generated using a hash algorithm that produces signatures of a certain complexity (bit depth) which correlates to the number of possible combinations that can be represented by the fingerprint - the higher the complexity, the lower the possibility that a duplicate fingerprint could occur for different files. Two of the common fingerprint functions, MD5 and SHA-1 use 128-bit and 160-bit lengths respectively. This means that MD5 can have over 340,000,000,000,000,000,000,000,000,000,000,000,000 different values without repeating. SHA-1 can hold over 4 billion times as many as MD5. The Legal Safeguarding Agent produces 288-bit fingerprints - by combining a MD5 and SHA-1 fingerprint; yielding 2^288 (or 4.97x10^86) possible combinations. This yields a staggering number of possible combinations; imagine the number 497 followed by 84 zeroes. Using this method, if you were to generate 100 trillion fingerprints every second, it would take 1.57x10^65 years to exhaust the possible supply of fingerprints. (157,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years)
Like their real-world counterparts, electronic fingerprints cannot be used to re-generate the file or person which produced them. Both the MD5 and SHA-1 hash algorithms are considered to be “one way” algorithms, meaning that the mathematical functions to produce the fingerprint work for creating the fingerprint, but cannot be done “in reverse” to re-create the original. This is important, as it means that fingerprints can be transmitted, stored, and viewed by the public without compromising any of your sensitive data.
How are fingerprints used to authenticate files?
Since the fingerprinting function works on each individual bit of the original electronic file, even the slightest change produces a new fingerprint. It is because of this, that fingerprints can be used as a tool of file integrity; by comparing a known fingerprint value for a file to a newly generated fingerprint for that file it is easy to see if the file has remained unchanged. The important component to this process is in having a trusted registry of fingerprint information.
IP.com offers legal safeguarding in all of its products, and specifically created the IP.com Legal Safeguarding Agent to provide this function on a single document basis, or in an integrated way to existing document management solutions. The safeguarding agent ensures the integrity of the document at multiple levels, including the last and important step of publishing the certification record (fingerprint/date-stamp) into the public domain.
The next blog post in this series provides an overview of the IP.com legal safeguarding process and how the IP.com Legal Safeguarding Agent works.
