Lock & Key

Welcome to the I Can't Sleep podcast,

Where I read random articles from across the web to bore you to sleep with my soothing voice.

I'm your host,

Benjamin Boster.

Today's episode is from a Wikipedia article titled,

Lock and Key.

A lock is a mechanical or electronic fasting device that is released by a physical object such as a key,

Key card,

Fingerprint,

F or I D card,

Security token,

Or coin by supplying secret information such as a number or letter permutation or password by a combination thereof,

Or it may only be able to be opened from one side such as a door chain.

A key is a device that is used to operate a lock,

To lock or unlock it.

A typical key is a small piece of metal consisting of two parts,

The bit or blade,

Which slides into the key way of the lock and distinguishes between different keys and the bow,

Which is left protruding so that torque can be applied by the user.

In its simplest implementation,

A key operates one lock or set of locks that are keyed alike,

A lock key system where each similarly key lock requires the same unique key.

The key serves as a security token for access to the locked area.

Locks are meant to only allow persons having the correct key to open it and gain access.

In more complex mechanical lock key systems,

Two different keys,

One of which is known as the master key,

Serve to open the lock.

Common metals include brass,

Plated brass,

Nickel,

Silver,

And steel.

History,

Pre-modern history.

Locks have been in use for over 6,

000 years.

Was one early example discovered in the ruins of Nineveh,

The capital of ancient Assyria.

Locks such as this were developed into the Egyptian wooden pinlock,

Which consisted of a bolt,

Door fixture or attachment and key.

When the key was inserted,

Pins within the fixture were lifted out of drilled holes within the bolt,

Allowing it to move.

When the key was removed,

The pins fell partway into the bolt,

Preventing movement.

The warded lock was also present from antiquity and remains the most recognizable lock and key design in the Western world.

The first all-metal locks appeared between the years 870 and 900 and are attributed to English craftsmen.

It is also said that the key was invented by Theodorus of Samos in the 6th century BC.

The Romans invented metal locks and keys in the system of security provided by wards.

Affluent Romans often kept their valuables in secure locked boxes within their households and wore the keys as rings on their fingers.

The practice had two benefits.

It kept the key handy at all times while signaling that the wearer was wealthy and important enough to have money and jewelry worth securing.

A special type of lock dating back to the 17th and 18th century,

Although potentially older as similar locks date back to the 14th century,

Can be found in the beginnage of the Belgian city lyre.

These locks are most likely Gothic locks that were decorated with foliage,

Often in a V-shape surrounding the keyhole.

They are often called drunk man's lock,

However the reference to being drunk may be erroneous,

As these locks were,

According to certain sources,

Designed in such a way a person can still find the keyhole in the dark,

Although this might not be the case as the ornaments might have been purely aesthetic.

In more recent times,

Similar locks have been designed,

Modern locks.

With the onset of the industrial revolution in the late 18th century and the concomitant development of precision engineering and component standardization,

Locks and keys were manufactured with increasing complexity and sophistication.

The lever tumbler lock,

Which uses a set of levers to prevent the bolt from moving in the lock,

Was invented by Robert Barron in 1778.

His double acting lever lock required the lever to be lifted to a certain height by having a slot cut in the lever,

So lifting the lever too far was as bad as not lifting the lever far enough.

This type of lock is still used today.

The lever tumbler lock was greatly improved by Jeremiah Chubb in 1818.

A burglary in Portsmouth's dockyard prompted the British government to announce a competition to produce a lock that can be opened only with its own key.

Chubb developed the Chubb detector lock,

Which incorporated an integral security feature that could frustrate unauthorized access attempts and would indicate to the lock's owner if it had been interfered with.

Chubb was awarded 100 pounds after a trained lock picker failed to break the lock after three months.

In 1820,

Jeremiah joined his brother Charles in starting their own lock company,

Chubb.

Chubb made various improvements to his lock.

His 1824 improved design didn't require a special regulator key to reset the lock.

By 1847,

His keys used six levers rather than four,

And he later introduced a disc that allowed the key to pass but narrowed the field of view,

Hiding the levers from anybody attempting to pick the lock.

The Chubb brothers also received a patent for the first burglar resisting safe and began production in 1835.

The designs of Barron and Chubb were based on the use of movable levers,

But Joseph Brahma,

A prolific inventor,

Developed an alternative method in 1784.

His lock used a cylindrical key with precise notches along the surface.

These moved the metal slides that impeded the turning of the bolt into an exact alignment,

Allowing the lock to open.

The first was at the limits of the precision manufacturing capabilities of the time and was said by its inventor to be unpickable.

In the same year,

Brahma started the Brahma Locks company at 124 Piccadilly and displayed the challenge lock in the window of his shop from 1790,

Challenging the artist who can make an instrument that will pick or open this lock for the reward of 200 pounds.

The challenge stood for over 67 years until at the great exhibition of 1851,

The American locksmith Alfred Charles Hobbes was able to open the lock and following some argument about the circumstances under which he had opened it,

Was awarded the prize.

Hobbes' attempt required some 51 hours,

Spread over 16 days.

The earliest patent for a double-acting pin tumbler lock was granted to American physician Abraham O.

Stansbury in England in 1805,

But the modern version,

Still in use today,

Was invented by American Linus Yale Sr.

In 1848.

This lock design used pins of varying lengths to prevent the locks from opening without the correct key.

In 1861,

Linus Yale Jr.

Was inspired by the original 1840s pin tumbler lock,

Designed by his father,

Thus inventing and patenting a smaller flat key with serrated edges,

As well as pins of varying lengths within the lock itself.

The same design of the pin tumbler lock,

Which still remains in use today.

The modern Yale lock is essentially a more developed version of the Egyptian lock.

Despite some improvement in key design since,

The majority of locks today are still variants of the designs invented by Brahma,

Chubb,

And Yale.

Types of lock.

Bicycle lock.

Cam lock.

Chamber lock.

Child safety lock.

Chubb detector lock.

Combination lock.

Cylinder lock.

Deadbolt.

Disc tumbler lock.

Electric strike.

Electromagnetic lock.

Electronic lock.

Lever tumbler lock.

Lock screen.

Luggage lock.

Magnetic key lock.

Mortise lock.

Padlock.

Pin tumbler lock.

Police lock.

Protector lock.

Rim lock.

Time lock.

Warded lock.

With physical keys.

Pin tumbler lock.

Without a key in the lock,

The driver pins are pushed downwards preventing the plug from rotating.

Wafer tumbler lock.

Without a key in the lock,

The wafers are pushed down by springs.

The wafers nestle into a groove in the lower part of the outer cylinder,

Preventing the plug from rotating.

Tubular lock.

The key pins and driver pins are pushed towards the front of the lock,

Preventing the plug from rotating.

The tubular key has several half cylinder indentations which align with the pins.

A warded lock uses a set of obstructions or wards to prevent the lock from opening unless the correct key is inserted.

The key has notches or slots that correspond to the obstructions in the lock,

Allowing it to rotate freely inside the lock.

Warded locks are typically reserved for low security applications,

As a well designed skeleton key can successfully open a wide variety of warded locks.

The pin tumbler lock uses a set of pins to prevent the lock from opening unless the correct key is inserted.

The key has a series of grooves on either side of the key's blade that limit the type of lock the key can slide into.

As the key slides into the lock,

The horizontal grooves on the blade align with the wards in the keyway,

Allowing or denying entry to the cylinder.

A series of pointed teeth and notches in the blade called bittings then allow pins to move up and down until they are in line with the shear line of the inner and outer cylinder.

The lock is a bit like a lock,

But it has a bit of a more rigid,

More rigid,

And more rigid outer cylinder,

Allowing the cylinder or cam to rotate freely and the lock to open.

An additional pin called the master pin is present between the key and driver pins in locks that accept master keys to allow the plug to rotate at multiple pin tumbler locks.

The pin tumbler lock is a similar lock to the pin tumbler lock and works on a similar principle.

However,

Unlike the pin lock where each pin consists of two or more pieces,

Each wafer is a single piece.

The wafer tumbler lock is often incorrectly referred to as a disc tumbler lock,

Which uses an entirely different mechanism.

The wafer lock is relatively inexpensive to produce and is not a very popular tool.

The pin tumbler lock or abloy lock is composed of slotted rotating detainer discs.

The lever tumbler lock uses a set of levers to prevent the bolt from moving in the lock.

In its simplest form,

Lifting the tumbler above a certain height will allow the bolt to slide past.

Lever locks are commonly recessed inside wooden doors or on some older forms of a magnetic key lock is a lock mechanism whereby the key utilizes magnets as part of the locking and unlocking mechanism.

A magnetic key would use from one to many small magnets oriented so that the north and south poles would equate to a combination to push or pull the lock's internal tumblers,

Thus releasing the lock.

With electronic keys,

An electronic lock works by means of an electronic current and is usually connected to an access control system.

In addition to the pin and tumbler used in standard locks,

Electronic locks connect the bolt or cylinder to a motor within the door using a part called an actuator.

Types of electronic locks include the following.

A key card lock operates with a flat card of similar dimensions as a credit card.

In order to open the door,

One needs to successfully match the signature within the key card.

The lock in a typical remote keyless system operates with a smart key radio transmitter.

The lock typically accepts a particular valid code only once and the smart key transmits a different rolling code every time the button is pressed.

Generally,

The car door can be opened with either a valid code by radio transmission or with a non-electronic pin tumbler key.

The ignition switch may require a transponder car key to both open a pin tumbler lock and also transmit a valid code by radio transmission.

A smart lock is an electromechanics lock that gets instructions to lock and unlock the door from an authorized device using a cryptographic key and wireless protocol.

Smart locks have begun to be used more commonly in residential areas,

Often controlled with smartphones.

Smart locks are used in co-working spaces and offices to enable keyless office entry.

In addition,

Electronic locks cannot be picked with conventional tools.

Locksmithing.

Locksmithing is a traditional trade and in most countries requires completion of an apprenticeship.

The level of formal education required varies from country to country,

From no qualifications required at all in the UK,

To a simple training certificate awarded by an employer,

To a full diploma from an engineering college.

Locksmiths may be commercial,

Working out of a storefront,

Mobile,

Working out of a vehicle,

Institutional,

Or investigational forensic locksmiths.

They may specialize in one aspect of the skill such as an automotive lock specialist,

A master key system specialist,

Or a safe technician.

Many also act as security consultants,

But not all security consultants have the skills and knowledge of a locksmith.

Historically locksmiths constructed or repaired an entire lock,

Including its constituent parts.

The rise of cheap mass production has made this less common.

The vast majority of locks are repaired through like-for-like replacements,

High security safes and strong boxes being the most common exception.

Many locksmiths also work on any existing door hardware,

Including door closers,

Hinges,

Electric strikes,

And frame repairs,

Or service electronic locks by making keys for transponder equipped vehicles and implementing access control systems.

Although the fitting and replacement of keys remains an important part of locksmithing,

Modern locksmiths are primarily involved in the installation of high quality lock sets and the design,

Implementation,

And management of keying and key control systems.

Locksmiths are frequently required to determine the level of risk to an individual or institution,

And then recommend and implement appropriate combinations of equipment and policies to create a security layer that exceeds the reasonable gain of an intruder.

Key duplication.

Traditional key cutting is the primary method of key duplication.

It is a subtractive process named after the metalworking process of cutting,

Where a flat blank key is ground down to form the same shape as the template original key.

The process roughly follows these stages.

One,

The original key is fitted into a vice in a machine with a blank attached to a parallel vice which is mechanically linked.

Two,

The original key is moved along a guide in a movement which follows the key shape,

While the blank is moved in the same pattern against a cutting wheel by the mechanical linkage between the vices.

Three,

After cutting,

The new key is deburred by scrubbing it with a metal brush to remove particles of metal,

Which could be dangerously sharp and foul locks.

Modern key cutting replaces the mechanical key following aspect of a process in which the original key is scanned electronically,

Processed by software,

Stored,

Then used to guide a cutting wheel when a key is produced.

The capability to store electronic copies of the key's shape allows for key shapes to be stored by key cutting by any party that has access to the key image.

Different key cutting machines are more or less automated,

Using different milling or grinding equipment,

And follow the design of early 20th century key duplicators.

Key duplication is available in many retail hardware stores and as a service of the specialized locksmith,

Though the correct key blank may not be available.

More recently,

Online services for duplicating keys have become available.

Keyhole.

A keyhole or keyway is a hole or aperture,

As in a door or lock,

For receiving a key.

Lock keyway shapes vary widely with lock manufacturer,

And many manufacturers have a number of unique profiles requiring a specially milled key blank to engage the lock's tumblers.

Symbolism.

Heraldry.

Keys appear in various symbols and coats of arms,

The best known being that of the Holy Sea,

Derived from the phrase in Matthew 16,

Verse 19,

Which promises Saint Peter in Roman Catholic tradition,

The first pope,

The keys of heaven.

But this is by no means the only case.

Many examples are given on commons.

Coat of arms of the Holy Sea.

A key pictured in the coat of arms of Suntio.

Artwork.

Some works of art associate keys with the Greek goddess of witchcraft known as Hecate.

Palestinian key.

The Palestinian key is the Palestinian collective symbol of their homes lost in the Nakba,

When more than half of the population of Mandatory Palestine was expelled or fled violence in 1948 and subsequently refused the right to return.

Since 2016,

A Palestinian restaurant in Doha,

Qatar,

Holds the Guinness World Record for the world's largest key,

2.

7 tons and 7.

8 by 3 meters.

Security token.

A security token is a peripheral device used to gain access to an electronically restricted resource.

A token is used in addition to or in place of a password.

It acts like an electronic key to access something.

Examples of security tokens include wireless key cards used to open locked doors,

Or a banking token used as a digital authenticator for signing into online banking or signing a transaction such as a wire transfer.

Security tokens can be used to store information such as passwords,

Cryptographic keys used to generate digital signatures,

Or biometric data such as fingerprints.

Some designs incorporate tamper-resistant packaging,

While others may include small keypads to allow entry of a pin or a simple button to start a generating routine with some display capability to show a generated key number.

Connected tokens utilize a variety of interfaces including USB,

Near-field communication,

NFC,

Radio frequency identification,

RFID,

Or Bluetooth.

Some tokens have audio capabilities designed for those who are vision impaired.

Password types.

All tokens contain some secret information that is used to provide identity.

There are four different ways in which this information can be used.

Static password token.

The device contains a password which is physically hidden,

But which is transmitted for each authentication.

This type is vulnerable to replay attacks.

Synchronous dynamic password token.

A timer is used to rotate through various combinations produced by a cryptographic algorithm.

The token and the authentication server must have synchronized clocks.

Asynchronous password token.

A one-time password is generated without the use of a clock,

Either from a one-time pad or a cryptographic algorithm.

Challenge response token.

Using public key cryptography,

It is possible to prove possession of a private key without revealing that key.

The authentication server encrypts a challenge,

Typically a random number,

Or at least data with some random parts,

With a public key.

The device proves it possesses a copy of the matching private key by providing the decrypted challenge.

Time-synchronized,

One-time passwords change constantly at a set time interval,

E.

G.

Once per minute.

To do this,

Some sort of synchronization must exist between the client's token and the authentication server.

For disconnected tokens,

This time synchronization is done before the token is distributed to the client.

Other token types do the synchronization when the token is inserted into an input device.

The main problem with time-synchronized tokens is that they can,

Over time,

Become unsynchronized.

However,

Some such systems,

Such as RSA's security ID,

Allow the user to resynchronize the server with the token,

Sometimes by entering several consecutive passcodes.

Most also cannot have replaceable batteries and only last up to five years before having to be replaced,

So there's an additional cost.

Another type of one-time password uses a complex mathematical algorithm,

Such as a hash chain,

To generate a series of one-time passwords from a secret shared key.

Each password is unique,

Even when previous passwords are known.

The open-source OAuth algorithm is standardized.

Other algorithms are covered by US patents.

Each password is observably unpredictable and independent of previous ones,

Whereby an adversary would be unable to guess what the next password may be,

Even with knowledge of all previous passwords.

Physical types.

Tokens can contain chips with functions varying from very simple to very complex,

Including multiple authentication methods.

The simplest security tokens do not need any connection to a computer.

The tokens have a physical display.

The authenticating user simply enters the displayed number to log in.

Other tokens connect to the computer using wireless techniques such as Bluetooth.

These tokens transfer a key sequence to the local client or to a nearby access point.

Alternatively,

Another form of token that has been widely available for many years is a mobile device which communicates using an out-of-band channel like voice,

SMS,

Or USSD.

Still,

Other tokens plug into the computer and may require a pin.

Depending on the type of the token,

The computer operating system will then either read the key from the token and perform a cryptographic operation on it,

Or ask the token's firmware to perform this operation.

A related application is the hardware dongle required by some computer programs to prove ownership of the software.

The dongle is placed in an input device,

And the software accesses the I-O device in question to authorize the use of the software in question.

Commercial solutions are provided by a variety of vendors,

Each with their own proprietary and often patented implementation of variously used security features.

Token designs meeting certain security standards are certified in the United States as compliant with FIPS 140,

A federal security standard.

Tokens without any kind of certification are sometimes viewed as suspect,

As they often do not meet accepted government or industry security standards,

Have not been put through rigorous testing,

And likely cannot provide the same level of cryptographic security as token solutions,

Which have had their designs independently audited by the third-party agencies.

Disconnected tokens.

Disconnected tokens have neither a physical nor logical connection to the client computer.

They typically do not require a special input device,

And instead use a built-in screen to display the generated authentication data,

Which the user enters manually themselves via a keyboard or keypad.

Disconnected tokens are the most common type of security token used,

Usually in combination with a password,

And two-factor authentication for online identification.

Connected tokens.

Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating.

Tokens in this category automatically transmit the authentication information to the client computer once a physical connection is made,

Eliminating the need for the user to manually enter the authentication information.

However,

In order to use a connection token,

The appropriate input device must be installed.

The most common types of physical tokens are smart cards and USB tokens,

Also called security keys,

Which require a smart card reader and a USB port respectively.

Increasingly,

FIDO2 tokens,

Supported by the open specification group FIDO Alliance,

Have become popular for consumers with mainstream browser support beginning in 2015,

And supported by popular websites and social media sites.

Older PC card tokens are made to work primarily with laptops.

Type 2 PC cards are preferred as a token as they are half as thick as type 3.

The audio jack port is a relatively practical method to establish connection between mobile devices such as iPhone,

IPad,

And Android,

And other accessories.

The most well-known device is called Square,

A credit card reader for iOS and Android devices.

Some use a special purpose interface,

E.

G.

The crypto ignition key deployed by the United States National Security Agency.

Tokens can also be used as a photo ID card.

Cell phones and PDAs can also serve as security tokens with proper programming.

Smart cards.

Many connected tokens use smart card technology.

Smart cards can be very cheap,

Around 10 cents,

And contain proven security mechanisms as used by financial institutions like cash cards.

However,

Computational performance of smart cards is often rather limited because of extreme low power consumption and ultra-thin form factor requirements.

Smart card based USB tokens which contain a smart card chip inside provide the functionality of both USB tokens and smart cards.

They enable a broad range of security solutions and provide the abilities and security of a traditional smart card without requiring a unique input device.

From the computer operating system's point of view,

Such a token is a USB connected smart card reader with one non-removable smart card present.

Contactless tokens.

Unlike connected tokens,

Contactless tokens form a logical connection to the client computer but do not require a physical connection.

The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens.

As a result,

Contactless tokens are a popular choice for keyless entry systems and electronic payment solutions such as mobile speedpass,

Which uses RFID to transmit authentication info from a keychain token.

However,

There have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA laboratories discovered that RFID tags could be easily cracked and cloned.

Another downside is that contactless tokens have relatively short battery lives,

Usually only 5-6 years,

Which is low compared to USB tokens which may last more than 10 years.

Some tokens,

However,

Do allow the batteries to be changed,

Thus reducing costs.

Bluetooth tokens.

The Bluetooth low energy protocols provide long-lasting battery lifecycle of wireless transmission.

The transmission of inherent Bluetooth identity data is the lowest quality for supporting authentication.

A bidirectional connection for transactional data interchange serves for the most sophisticated authentication procedures.

Although the automatic transmission power control attempts for radial distance estimates,

The escape is available apart from the standardized Bluetooth power control algorithm to provide a calibration on minimally required transmission power.

Bluetooth tokens are often combined with a USB token,

Thus working in both a connected and a disconnected state.

Bluetooth authentication works when closer than 32 feet.

When the Bluetooth link is not properly operable,

The token may be inserted into a USB input device to function.

Another combination is with a smart card to store locally larger amounts of identity data and process information as well.

Another is a contactless BLE token that combines secure storage and tokenized release of fingerprint credentials.

In the USB mode of operation,

Sign-off requires care for the token while mechanically coupled to the USB plug.

The advantage with the Bluetooth mode of operation is the option of combining sign-off with distance metrics.

Respective products are in preparation following the concepts of electronic leash.

NFC tokens.

Near-field communication NFC tokens combined with a Bluetooth token may operate in several modes,

Thus working in both a connected and a disconnected state.

NFC authentication works when closer than one foot.

The NFC protocol bridges short distances to the reader while the Bluetooth connection serves for data provisions with the token to enable authentication.

Also,

When the Bluetooth link is not connected,

The token may serve the locally stored authentication information in coarse positioning to the NFC reader and relieves from exact positioning to a connector.

Single sign-on software tokens.

Some types of single sign-on SSO solutions,

Like enterprise single sign-on,

Use the token to store software that allows for seamless authentication and password filling.

As the passwords are stored on the token,

Users need not remember their passwords and therefore can select more secure passwords or have more secure passwords assigned.

Usually,

Most tokens store a cryptographic hash of the password so that if the token is compromised,

The password is still protected.

Programmable tokens.

Programmable tokens are marketed as drop-in replacement of mobile applications such as Google Authenticator,

MiniOTP.

They can be used as mobile app replacements as well as in parallel as a backup.

Vulnerabilities,

Loss,

And theft.

The simplest vulnerability with any password container is theft or loss of the device.

The chances of this happening or happening unaware can be reduced with physical security measures such as locks,

Electronic leash,

Or body sensor and alarm.

Stolen tokens can be made useless by using two-factor authentication.

Commonly,

In order to authenticate,

A personal identification number,

PIN,

Must be entered along with the information provided by the token the same time as the output of the token.

Attacking.

Any system which allows users to authenticate via an untrusted network,

Such as the internet,

Is vulnerable to man-in-the-middle attacks.

In this type of attack,

An attacker acts as the go-between of the user and the legitimate system,

Soliciting the token output from the legitimate user and then supplying it to the authentication system themselves.

Since the token value is mathematically correct,

The authentication succeeds and the fraudster is granted access.

In 2006,

Citibank was a victim of an attack when its hardware token-equipped business users became the victims of a large Ukrainian-based man-in-the-middle phishing operation.

Breach of codes.

In 2012,

The Prosecco Research Team at INRIA Paris-Roquencourt developed an efficient method of extracting the secret key from several PKCS No.

11 cryptographic devices.

These findings were documented in INRIA Technical Report RR-7944,

ID HAL-00691958 and published at Crypto 2012.

Digital signature.

Trusted as a regular handwritten signature,

The digital signature must be made with a private key known only to the person authorized to make the signature.

Tokens that allow secure onboard generation and storage of private keys enable secure digital signatures and can also be used for user authentication as the private key also serves as a proof of the user's identity.

For tokens to identify the user,

All tokens must have some kind of number that is unique.

Not all approaches fully qualify as digital signatures according to some national laws.

Tokens with no onboard keyboard or another user interface cannot be used in some signing scenarios such as confirming a bank transaction based on the bank account number that the funds are to be transferred to.

Authentication is the act of proving an assertion such as the identity of a computer system user.

In contrast with identification,

The act of indicating a person or thing's identity,

Authentication is the process of verifying that identity.

It might involve validating personal identity documents,

Verifying the authenticity of a website with a digital certificate,

Determining the age of an artifact by carbon dating,

Or ensuring that a product or document is not counterfeit.

Authentication is relevant to multiple fields.

In art,

Antiques,

And anthropology,

A common problem is verifying that a given artifact was produced by a certain person or in a certain place or period of history.

In computer science,

Verifying a user's identity is often required to allow access to confidential data or systems.

Authentication can be considered to be part of three types.

The first type of authentication is accepting proof of identity given by a credible person who has firsthand evidence that the identity is genuine.

When authentication is required of art or physical objects,

This proof could be a friend,

Family member,

Or colleague attesting to the item's provenance,

Perhaps by having witnessed the item in its creator's possession.

With autographed sports memorabilia,

This could involve some attesting that they witnessed the object being signed.

A vendor selling branded items implies authenticity,

While they may not have evidence that every step in the supply chain was authenticated.

Centralized authority-based trust relationships back most secure internet communication through known public certificate authorities.

Decentralized peer-based trust,

Also known as a web of trust,

Is used for personal services such as email or files,

And trust is established by known individuals signing each other's cryptographic key,

For instance.

The second type of authentication is comparing the attributes of the object itself to what is known about objects of that origin.

For example,

An art expert might look for similarities in the style of painting,

Check the location and form of a signature,

Or compare the object to an old photograph.

An archaeologist,

On the other hand,

Might use carbon dating to verify the age of an artifact,

Do a chemical and spectroscopic analysis of the materials used,

Or compare the style of construction or decoration to other artifacts of similar origin.

The physics of sound and light and comparison with a known physical environment can be used to examine the authenticity of audio recordings,

Photographs,

Or videos.

Documents can be verified as being created on ink or paper,

Readily available at the time of the item's implied creation.

Attribute comparison may be vulnerable to forgery.

In general,

It relies on the fact that creating a forgery indistinguishable from a genuine artifact requires expert knowledge,

That mistakes are easily made,

And that the amount of effort required to do so is considerably greater than the amount of profit that can be gained from the forgery.

In art and antiques,

Certificates are of great importance for authenticating an object of interest and value.

Certificates can,

However,

Also be forged,

And the authentication of these poses a problem.

For instance,

The son of Han Fan Meijuan,

The well-known art forger,

Forged the work of his father and provided a certificate for its provenance as well.

Criminal and civil penalties for fraud,

Forgery,

And counterfeiting can reduce the incentive for falsification depending on the risk of getting caught.

Currency and other financial instruments commonly use this second type of authentication method.

Bills,

Coins,

And checks incorporate hard-to-duplicate physical features such as fine printing or engraving,

Distinctive feel,

Watermarks,

And holographic imagery,

Which are easy for trained receivers to verify.

The third type of authentication relies on documentation or other external affirmations.

In criminal courts,

The rules of evidence often require establishing the chain of custody of evidence presented.

This can be accomplished through a written evidence log or by testimony from the police detectives and forensic staff that handled it.

Some antiques are accompanied by certificates attesting to their authenticity.

Signed sports memorabilia is usually accompanied by a certificate of authenticity.

These external records have their own problems of forgery and perjury and are also vulnerable to being separated from the artifact and lost.

In computer science,

A user can be given access to secure systems based on user credentials that imply authenticity.

A network administrator can give a user a password or provide the user with a key card or other access devices to allow system access.

In this case,

Authenticity is implied but not guaranteed.

Consumer goods such as pharmaceuticals,

Perfume,

And clothing can use all forms of authentication to prevent counterfeit goods from taking advantage of a popular brand's reputation.

Having an item for sale in a reputable store implicitly attests to its being genuine,

The first type of authentication.

The second type of authentication might involve comparing the quality and craftsmanship of an item,

Such as an expensive handbag,

To genuine articles.

The third type of authentication could be the presence of a trademark on the item,

Which is a legally protected marking or any other identifying features which aids consumers in the identification of genuine brand name goods.

With software,

Companies have taken great steps to protect from counterfeiters,

Including adding holograms,

Security rings,

Security threads,

And color-shifting ink.