In some far distant past era, the rights of people over property were protected by a community, which both recognized its individual members and what belonged to them, either individually or collectively, as part of the common knowledge of the community itself. As the world became more complex, more populous, and more impersonal, these ancient forms of property protection became impractical, and forms more appropriate to the needs of changing societies were developed. At some point, the number of individuals in a community, or the number of sheep, goats, or other items of property, multiplied to where it was difficult for the unaided memory to keep track of the various property relations. Man therefore conceived a method of identifying property to aid the memory, and to discourage interlopers: he branded each animal with a mark which was unique to the animal's owner.
From this primitive beginning, a great variety of techniques for protecting property relationships has developed. For example, recording systems, typically maintained by some governmental agency, have been used to record property relationships; serial numbers have been embedded in manufactured goods; special techniques have been used for printing currency, which makes it difficult to counterfeit; and code words or passwords have been used to limit access to physical areas or information. The list is almost endless.
In general, each new development in the art of identification and authentication is responsive to some perceived threat to existing relationships. As those who would infringe the rights of others become increasingly more sophisticated in their techniques, it is necessary to develop improved protection mechanisms. In other words, an “arms race” of sorts exists, in which the stability of the social order depends on continuing improvement in property protection methods and systems.
The complexity of the modern world has gone beyond the need to identify and authenticate items of property. The identity of an individual himself, once the common knowledge of a community, and later established by the memory of a subset of individual members of the community, is now usually established by reference to an identity document, such as a driver's license or passport. But like any other tangible object, an identity document can be stolen, copied, altered, or counterfeited. Thus, the same problems involved in identifying and authenticating a tangible object are now present in the case of identifying individuals as well.
The latter half of the twentieth century has been witness to a phenomenon known as the information revolution. While the information revolution is a historical development broader in scope than any one event or machine, no single device has come to represent the information revolution more than the digital electronic computer. The development of computer systems has surely been a revolution. Each year, the declining prices and expanding capabilities of computers and other digital technology cause them to be used in new and varied applications.
The development of digital computers and related digital data devices has dramatically increased the scope of the aforementioned arms race. The range of property to be protected, tangible and intangible, has greatly increased at the same time that digital technology provides imaginative new capabilities to infringers. On the other hand, digital technology opens up vast potential resources for property protection, which have as yet been tapped to only a small degree.
Property protection has various aspects, among them being identification and authentication. These concepts overlap to a considerable degree, but it is useful to bear in mind the different purposes of identification and authentication. Identification refers to techniques whereby some object is distinguished from other similar objects, often for purposes of establishing ownership of the object in question. Identification is often unique, i.e., an identification associated with an object is unique in the universe of objects of the same type. However, identification need not necessarily be unique. Authentication refers to techniques for establishing that the attributes of an object are real and have not been forged. Both of these concepts may be applied to the identities and attributes of individuals as well as objects. For example, is an individual really who he claims to be (a question of identification), and does he have authority to perform some action (a question of authorization).
Many conventional techniques exist which use digital data devices for purpose of identification and/or authorization. For example, serial numbers can be encoded in read-only memory devices, or device attributes can be stored in on-line servers. The use of so-called smart cards is an outstanding example of digital technology employed as both an identification and authorization device (in this case, usually for an individual). But many gaps or shortcomings exist in protection mechanisms using conventional identification and/or authorization techniques.
One recurring problem with conventional techniques is a design trade-off between security and freedom of action. Naturally, key data should be protected from unauthorized copying or alteration, and sometimes from unauthorized observation as well. Conceptually, such data can be made secure if it is unalterable and unreadable. Unfortunately, such a requirement places impractical restrictions on the use of the data. There is usually a need to read data for various purposes, and often a need to alter it under controlled circumstances. There are many ways in the digital world to alter data, but any capability to alter data opens the door to the possibility that unscrupulous parties will do just that to their own advantage.
A need exists for improved techniques for property protection, and in particular, improved techniques for using digital data technology to identify and authenticate tangible objects (including documents used for the purpose of identifying/authenticating individuals).