CODEL: The Key To Digital Certainty

• Home
• News
• People
• Compliance
• Use Cases
  • Financial Services
  • Medical
  • Government
    • Identity
  • Legal
    • Legal Copyright
    • Anti-Counterfeiting Legal Action
    • Codel Bible
    • Codel E-Wills
    • Copyright Protection
  • Software
    • Software Protection
    • Document Protection Software
    • Audit Trail Protection Software
    • Why Isn't Software Better Protected?
  • Music
  • Pharmaceutical
  • Anti-Counterfeiting
  • Document Authenticity
    • Document Origin
    • Document Uniqueness
  • Protecting Images
  • Webform Authentication
  • Codel Email
    • Email Validation - Separation of Keys
    • Email Validation - 2nd Key sent to Codel
    • Key Distribution Problem
  • Anti-Counterfeit Software
    • The Counterfeit Problem
    • Product Tagging - Fibertag
    • Codelmark for Anti-Counterfeitng
• Technical
  • Security
  • Data Storage
  • Glossary A-L
  • Glossary M-Z
  • Hash & Hashing
    • SHA256 - Hashing Algorithm
    • Hash Change
    • Hash Table
    • Master Document Hash
    • Protection of Master Document Hash (MDH)
    • Publication of Master Document Hashes
    • Hash Publication in the Financial Times
    • SHA 256 Hashing Algorithm
    • Effect of change on Hash
    • The Local Hash Table
    • ASCII/ANSI
    • Hex
  • Audit Trail Protection
    • Protected Audit Trials
    • Reducing the Burden of Trust
    • Local Data Audit Policy
    • WORM
    • CDR
    • DVDR
    • How Codel ATP Protects an Audit Trail
    • Codel Storage Objectives - What Codel Stores
    • Local Data Audit Policy
    • Local Master Document Table content
    • Local Storage of Audited Data
    • Item Fails Audit
    • Audit Succeeds
    • Local Document Table content
    • Sample Local Data Audit Policy
    • Storing Local Master Document Hashes
  • One Time Pads and One Time Keys
  • Strong Revocation
  • Strong Authentication
  • Attacks
    • Attack 1 - Naïve
    • Attack 2 - Copy legitimate IDs from existing products
    • Attack 3 - Steal bulk IDs from the database
    • Attacks 4 & 5 - Subverting the Database.
    • Attack 6 - Subverting the Server
    • Attack 7 - The Manufacturer
    • Attack 8 - Distributed Denial of Service
    • Attack 9 - Physical Destruction of the Database
• Contact
• White Papers

Item Fails Audit

Item Fails Audit

If, at any point in the chain, the relevant Hash does not match the hash stored on the relevant document table or, ultimately, the printed journal, then the audit has revealed that something has changed since the hashes were first recorded. The higher up the chain the failure is encountered, the more serious the implications for the audit trail.

The least serious failure - in the sense that it might be innocent and we can recover from it - is that the initial document no longer hashes to the value matching its Local Document Table (LDT).

The "initial" or "original" document in this context is the unprotected copy sitting where it was first created. It may have undergone subtle or even major changes perfectly innocently. The first check will reveal this. A failure at this stage, however, is not, necessarily, the end of the world.

If the document is designated as Requiring Audit by the Local Data Audit Policy, then a copy of it should be stored in the Permanent Secure Audit Location. All the auditor needs to do is to retrieve that version and ensure that one passes the audit checks instead.

That leaves the issue of why the original changed. A comparison of the two documents (the original and the archived version) should reveal the scope of the changes. If the change is trivial (eg an additial blank space, a spelling correction etc) it may safely be recorded but ignored. If the changes clearly point to an attempt to mislead, then the auditor will have to bring the matter to the attention of the appropriate parties.

In contrast, LDTs should NEVER be changed and can only change as the result of a deliberate decision to corrupt the audit trail. That spells trouble for the organisation. If the LDT hash doesn't match its entry in the relevant Local Master Document Table, then the damage is limited to corruption within the organisation.

If the failure ever happens at the level of the printed journal, then Codel itself has major problems. The implication is that an entire audit trail has been corrupted by collaboration between insiders within the Client organisations and insiders within Codel.

The strength of the system lies in the fact that even Codel - the hosts and inventors of the system - could not hide such a failure and thus we can all be sure that any attempt at such corruption can always be detected.