back to article UK investor throws £14.8m at firm that makes UNFORGEABLE 2-cent labels

UK investment house Invesco has acquired 13 per cent of Norway's ThinFilm, just as the company prepares to launch its first printed product, which it tells us will cost almost two cents. The investment gives Invesco 56 million shares in ThinFilm, which amounts to 13.3 per cent of the company, but this should provide the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Talk about bad timing ..

    Let me get this straight. They are proposing to 'chip' our clothing at exactly the same time we've just been shown unequivocal proof that our govt. wants to know everything we say and to whom ...

    Good luck with that.

    1. Anonymous Coward
      Anonymous Coward

      Re: Talk about bad timing ..

      No, it is a label to guarantee an items authenticity.

      Not snoop....

      1. Anonymous Coward
        Anonymous Coward

        Re: Talk about bad timing ..

        Yes and no. Since a special reader is required, how many will actually be checked? According to the El Reg, using the reader is not an easy task to get the pins lined up. So, how many consumers will own a reader? How many businesses will actually have their employees check products? So, with the look of this tag easy to copy, I expect that the counterfeiters will not care about passing the test with a reader, but pass the visual test with the hope that a reader will not be used. Even the article mentioned more or less that it allowed manufacturers to check for counterfeit products in a store.

        1. Eddy Ito

          Re: Talk about bad timing ..

          " not an easy task to get the pins lined up"

          That's the part I don't get. Instead of pins, why not use a pad contact on each side of the tag so it becomes a simple edge type connector although I grant that gets a bit difficult for something like a wine bottle. Also, what is the useful life of these tags and can they be salvaged by some nefarious garbage picker and sold on the black market?

    2. Nuke
      Facepalm

      @Nicho - Re: Talk about bad timing ..

      Nicho wrote :- "They are proposing to 'chip' our clothing [when] our govt. wants to know everything we say and to whom ..."

      What a rant, way off-topic. Everything we say? You think these labels will have a microphone and radio transmitter, and "Government" is paying Thinfilm to do this? If so, why would they need to put it in a label? Why not conceal it in a hem (as you mention clothing)? Maybe you think they do already.

      BTW sysadmins, the O2 ads on these pages are slowing El Reg to a crawl. Tell O2 to f#@k off will you?

  2. Phil O'Sophical Silver badge

    Impossible to forge?

    No such thing. If ThinFilm can make it, so can someone else. Between that, and "It’s a physical test, not a cryptographic challenge" it sounds like security through obscurity. We can guess how that will end.

    How long until someone buys off a worker in the company to pass on the secret?

    1. bonkers

      Re: Impossible to forge?

      Totally agree Phil, no need even to buy a worker, the authorisation can be simply monitored, decoded and replicated. Without Crypto i don't think there is any chance - even with, it is vulnerable because there is "one big secret" that is buried in every tag and every reader.

      Good luck to 'em, if they're putting their money into technology that mere commentards know will be broken, I hope there's more to it than this.

      BTW, have you all seen how clever holograms are these days - with a "reader film" that you view the hologram through, and see some secret text/image. Keeping this updated with new datestamped reader films is a simpler system.

    2. BlueGreen

      Re: Impossible to forge? @Phil O'Sophical

      The only way I can see this as unforgeable is if the reader has a link[*] back to a central database against which the unique pattern can be verified, as a snapshot of it when it was created. This would hardly be a unique idea though, the use of glitter sirred into transparent resin & allowed to set was mooted for nuclear weapons monitoring iirc.

      If they don't have a verify-against-DB step then I can only agree with you. I think the article's author should have done a bit more work rather than lazily spout back a press release.

      [*] until someone makes fake readers which go back to a bogus db.

      1. jonathanb Silver badge

        Re: Impossible to forge? @Phil O'Sophical

        You can check back to a central database with a bog standard serial number, and people do have things like that, for stuff like memory chips, hard drives, mobile phones, software and so on. There nothing to stop people copying that serial number, except that they need to make sure that people don't end up with two articles with the same serial number on them, and it is no different if you have a more fancy label with a complicated method of reading the serial number.

    3. LarsG

      Re: Impossible to forge?

      So were bank notes, but they are still forged.

      Anything can be forged it just depends on how good it is.

    4. streaky

      Re: Impossible to forge?

      People can forge CPUs so they're going to forge these.

      Actually it's fairly obvious how to get round it without forgery - buy a legit stock (they're apparently hella cheap) and tag them onto your forged product - remember it's not a crypto'd check.

      Dunno how 15 million gets you 13% of a company that doesn't make anything - these people never seen dragon's den?

      1. FartingHippo
        Alert

        Re: Impossible to forge?

        A lot of people here with only a vague understanding of how the product actually works are confidently stating it's crap and unworkable. They might be right, BUT...

        Say what you like about investment bankers, but they hire some very smart people and I find it unbelievable that £15m has been spaffed on a technology that could be as trivially circumvented as has been suggested.

        1. bonkers

          Re: Impossible to forge?

          Thanks for the offer, I will say what I like about the "smartness" of bankers, didn't they just knock on the door asking for 1.4 Trillion?

          We all know how easy it is for investors to buy into a bubble, it can even be good policy if you're out early.

          However, the list of failed products with "amateur crypto" technology is most alarming, look at http://en.wikipedia.org/wiki/Pirate_decryption for starters. Then have a look at MiFare, Megamos, all of the audio and video copyright protection schemes, the entire antivirus/PC security nightmare - then tell me that we're probably wrong to dismiss this latest breakthrough in analogue security.

          ,

        2. streaky

          Re: Impossible to forge?

          "they hire some very smart people and I find it unbelievable that £15m has been spaffed on a technology that could be as trivially circumvented as has been suggested"

          Take a look at the size of Twitter's funding rounds and think again about how smart people are that throw money at projects for the sake of throwing money at projects. Twitter is great - but it's never going to make enough money to cover it's server much less anything else...

  3. Dodgy Geezer Silver badge

    Hmm... little pins and a physical test, eh?

    ...ThinFilm's solution isn't as elegant as a hologram: one needs a special reader which pushes pins against the exposed contacts on the label....

    Now where have I seen this attempt to stop counterfeiting before? .... Ah, yes, on printer cartridges.

    I use a continuous ink supply, so I've looked into the copy protect on these things. The printer manufacturers have tried every permutation of physical and software methods to force people to buy their overpriced propriety brands. And you know what? Cheap replacements come out within a day of any new launch....

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmm... little pins and a physical test, eh?

      Have you ever tried the following experiment?

      Take manufacturers and generic inks. Print the same picture, one with each set of carts.

      Cover half of each picture with a magazine and leave on a windowsill for a few months.

      Check which hasn't faded and lost all colour definition.

      I do agree, they charge way to much for inks, but the proper ones are more expensive for reasons such as this...

      I have printed images from a Epson 440 that still look as good as they did then...

      1. Vociferous

        Re: Hmm... little pins and a physical test, eh?

        > the proper ones are more expensive for reasons such as this

        No, they are more expensive because the printer hardware is sold at a loss, while the ink is what the manufacturer makes money from. The counterfeit ink producers don't need to offset loss-inducing hardware sales, so they can sell more cheaply. Any difference in ink quality is purely incidental.

      2. Dodgy Geezer Silver badge

        Re: Hmm... little pins and a physical test, eh?

        ...Have you ever tried the following experiment? Take manufacturers and generic inks. Print the same picture, one with each set of carts....

        Who TH cares? I'm talking about breaking physical copy protection, not ink capability.

        (and, if you're interested, I use a CIS with OCP inks. If I did your experiment I would see no difference...

        1. Marvin the Martian

          Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

          A few thousands of hours of methodological research plus thousands of pounds of products by independent researchers can tell you whether these permanence claims have any value or not:

          http://www.wilhelm-research.com/

          Read the stuff in the third column: comparisons of specific OEM and third-party manufacturer ink on specific papers, not just "I say so". Specifically aging for specified amounts of time etc. E.g. this 2006 article, giving a permanence rating of 0.1 years to one "replica" of a 73-year-rated HP ink: http://www.wilhelm-research.com/

          And no, they're not shills for HP. They are one of the main companies providing services to museums and collections (e.g. Corbis) on preserving photos, old and modern.

          ---

          But of course I use cheap ink for printing all I print, because I don't print for keeping, I print technical things for reading once or a few times, half the time on the reverse of older printed documents... Thus I save money with replica ink. To print any kind of mementos with it is just stupid (though you have the digital original so can always reprint).

          1. Vociferous

            Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

            FWIW, I have _never_ seen black ink fade, regardless of manufacturer.

            If we're talking color, then the opposite is true: I have _never_ seen any consumer color ink, regardless of manufacturer, including from Epson or HP, which was UV resistant.

            I'm sure there exist professional-quality color inks, but I'm equally sure that the color ink in my HP Photosmart fades in weeks if exposed to sunlight.

            1. Don Jefe
              Happy

              Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

              To be fair colorfastness and color stability has a lot to do with the paper something is printed on as well. Cheap ink (non-OEM != low-quality, necessarily) and cheap paper is guaranteed to fade faster whereas good ink on good paper will hold color better.

              In sustained exposure to direct sunlight everything fades (or tans :), even UV resistant products. The most effective way to inhibit UV is to use UV blocking glass on both the windows letting the sunlight in and covering the printed article itself. The two layers stop the majority of the UV, which is also emitted by lightbulbs. If you want to be extra sure then keep the article in a room with no visible light other than that provided by fiber optic lighting which by default eliminates UV.

              But all that gets away from what makes printing economical. If something fades to an unacceptable level, just print another one. If it came through a computer you aren't exactly talking a handcrafted masterpiece.

              1. TheOtherHobbes

                Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

                Actually there's a small industry of digital art printing with limited edition runs, which is very much about handcrafted masterpieces. The prints are often hand-calibrated before a run - sometimes individually - so they really are distinct.

                If anyone catches you printing off another copy of something supplied with a certificate of authenticity and an edition number, your credibility soon disappears.

                But this is a non-issue for sub-£100 inkjet cheapo blobomatics. No one with a clue uses domestic inks for professional art printing. So there's absolutely no reason not to use cheap generic inks for generic office and personal paperwork.

                Most paperwork sits in piles or filing cabinets anyway, so UV exposure is a non-issue.

              2. Alan Brown Silver badge

                Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

                "The two layers stop the majority of the UV, which is also emitted by lightbulbs"

                Not if they're leds - which is why there's a lot of interest in getting decent whites with good colour rendering out of the things.

          2. Anonymous Coward
            Anonymous Coward

            Re: Printer ink permanence --- blah blah blah. Test and use data, or go away.

            Thank you for pointing out what I said.

            Have a +1

      3. Graham Marsden

        @cornz 1 - Re: Hmm... little pins and a physical test, eh?

        Now try the following experiment: Print a load of pages with OEM black ink. Then print a load with compatible ink. Spot the difference (hint: check your wallet).

        (PS Oh, and yes, now you can get cheap B&W laser printers, but I have an inkjet that's about 6 years old and still works fine, so I have no need to change it)

        1. Anonymous Coward
          Anonymous Coward

          Re: @cornz 1 - Hmm... little pins and a physical test, eh?

          Now try the following experiment: Print a load of pages with OEM black ink. Then print a load with compatible ink. Spot the difference (hint: check your wallet).

          I am in full agreement. However, try that with a photo that you or a client wants printing.

          See how long it takes the customer comes back because their wedding photo or whatever now looks bloody awful after being on a windowsill for 6 months.

          Text, stuff you don't care about, diagrams etc, yeah fill your boots with cheapo inks.

          Stuff you want to keep? Original inks are the only ones guaranteed UV stable.

          Or let me put it another way.

          Back up your entire MP3, photo, docs collection on Verbatim dvd-r, then repeat with Hu-Flung_dung brand DVD-r. See which one has your data intact after 20 years.

          You might save 10 quid or more but loose 50% of your data.

          Buy cheap, buy twice!!!

          1. Alan Brown Silver badge

            Re: @cornz 1 - Hmm... little pins and a physical test, eh?

            > Back up your entire MP3, photo, docs collection on Verbatim dvd-r, then repeat with Hu-Flung_dung brand DVD-r. See which one has your data intact after 20 years.

            Based on my experience with such tests - neither will. CDR is not an archival medium, no matter which of the dyes is used (but Phtalocyanin will last about 5 times longer than older types)

            On the other hand, CDRW is - because it uses heat-induced phase changes in an amorphous media vs bleaching a dye which will fade out regardless of uv exposure.

            DVDs of any type aren't (the sandwich construction makes them disintregrate after 2-10 years) and BDRs might be but the jury's still out (I haven't had long enough for verify aging tests), but they're still uneconomic at present.

            None of that matters overly because in 20 years time you probably won't have a device capable of reading your Archival backups.

            1. KayKay

              Re: @cornz 1 - Hmm... little pins and a physical test, eh?

              MICROFICHE.

              Only device needed is light and a magnifier.

          2. Loyal Commenter Silver badge

            Re: @cornz 1 - Hmm... little pins and a physical test, eh?

            Now try the following experiment: Print a load of pages with OEM black ink. Then print a load with compatible ink. Spot the difference (hint: check your wallet).

            I am in full agreement. However, try that with a photo that you or a client wants printing.

            See how long it takes the customer comes back because their wedding photo or whatever now looks bloody awful after being on a windowsill for 6 months.

            if you were any sort of professional, you'd not be usign an inkjet printer in the first place. For such work, a dye-sublimation, or at the very least colour laser printer would do the job much better. The colour laser printer would also most likely be cheaper to run.

      4. Alan Brown Silver badge

        Re: Hmm... little pins and a physical test, eh?

        For the price difference between the inks it's cheaper to reprint the image.

        None of them are as fade-resistant as the old tektronic phaser (waxjet) systems but those are finicky to maintain at best and don't perform at all well unless you keep 'em in a low-dust enviornment and use them every day (they gunge up surprisingly easily)

  4. frank ly

    Cheap tag and cheap reader ......

    .... means easy to obtain and easy to monitor in detail in a small electronics lab. Then the forger can carefully determine the required charateristics of a genuine tag. The interesting part of the article is where the reader also writes data to the memory of the tag. That part could take some figuring out.

    1. John Brown (no body) Silver badge

      Re: Cheap tag and cheap reader ......

      "means easy to obtain and easy to monitor in detail in a small electronics lab."

      Yes, "forging" the programming/responses of the label will be easy. Creating and printing the tag...not so much.

      Remember folks, we are talking about inkjet printed circuitry here. A new technology. Hologram labels might be relatively easy to forge these days, but think about how long ago they were first used as an anti fraud measure and how long it was before it became cheap enough to be forged economically. By the time they are economically forgable, the tech will have moved on enough to allow for secure crypto keys which can be changed, including the algorithm, on any or all print runs. It's not like they are stuck with a physical circuit and "standard" secure keys that have to survive years of cracking attacks.

  5. Anonymous Coward
    Anonymous Coward

    Hmm...

    Could be that the material has specifically repeatable electrical characteristics, that by some bizarre secret process of manufacture would make it almost impossible to copy..

    You could make an almost identical structure but it will react differently to electrical signals, therefore fall outside specs and fail the authentication challenge...

    1. Charles 9

      Re: Hmm...

      By that reasoning, you're talking about a "snowflake" manufacture process: one that produces (by design) random patterns in the electrical medium. The process as such doesn't allow for duplicates because that part is outside the control of the manufacturer, but that's not to say someone couldn't contrive a different process that allows for control of that step.

      Trying to build a forgeproof ID has been the subject of sci-fi for decades. Even the Lensman series ran its early books on the idea.

      1. unwarranted triumphalism
        Coat

        Re: Hmm...

        Upvote for the Doc Smith reference, it's the 1st thing I thought of when I saw the headline. Incidentally, at the end of the series ('Children of the Lens' I think) Boskone tried forging the Lens, but got it slightly wrong...

        /Coat because I should put mine on and get out more

        1. Will Godfrey Silver badge
          Happy

          Re: Hmm...

          Two upvotes from me then!

        2. Charles 9

          Re: Hmm...

          More like a bad imitation of the Lens. It wasn't meant as much a masquerade as it was a means to replicate some of the other functions of the Lens like telepathy and increased mental ability: a way to combat the L2's. Thing was, they were too late as L3's had already emerged and would become the most advanced thinkers in the universe.

          PS. You're right about Children of the Lens being the coda of the series.

      2. Anonymous Coward
        Anonymous Coward

        Re: Hmm...

        No, i'm talking about the exact opposite. Not random variances but absolute values that can be repeated over and over. Randomness doesn't enter into it at all. If anything that would make it even easier to counterfeit.

        1. Charles 9

          Re: Hmm...

          How does that make sense? If you can repeat the process, you can make it such that two tags return the same signal. As long as you can do that, you can forge the tag, full stop. It has to be a process that doesn't allow for control: like fingerprints, which are made by a chaotic biological process not under the person's control. Otherwise, one could control the process to make a duplicate. Thus the term "snowflake" (snowflakes form by a chaotic process, thus like this tag can't readily produce two identical ones).

  6. Anomalous Cowshed

    Forgive me if I am missing something here

    But this kind of thing, even if really 'impossible to forge', is still vulnerable to a man in the middle attack, no? As in: someone manufactures alternative labels which are made available to product forgers, and fake readers which follow a different principle internally, but which look the same, and which are infiltrated into the supply chain, stores, etc., and the end-users / checkers / customers don't know the difference, since everything appears to be following the right procedure from the outside...

  7. Nuke
    Facepalm

    Readers at $2 ??

    FTFA :- "ThinFilm's CEO Davor Sutija told us it could be manufactured for $2 a time"

    What a joke. Kit aimed at professional users (according to TFA itself) selling at <$100? Pull the other one. Perhaps typo has missed a couple of zeros there.

    Legally, having said this, does this mean that ThinFilm will be obliged to make up the price difference?

    1. Tom 7

      Re: Readers at $2 ??

      I'm not sure even a drunk jury would find 'could be' legally binding.

    2. Steve Knox
      Holmes

      Re: Readers at $2 ??

      "manufactured for $2" does not mean the same as "selling at <$100"

  8. Cliff

    physical implementation of a hash?

    Fairly intrigued to see how this works. I guess I could look up the patents, but apparently I'm not intrigued enough until someone smarter than me does and translates them for me. But if it's the equivalent of a hash, some kind of one-way process which I can use to verify and authenticate a medicine for instance, I'm interested.

  9. Alan Johnson

    No credibility

    All credibility is lost with the statement that it is impossible to forge. A statement that it is hard or expensive to forge I could live with. I suspect any money invested has been thrown away.

  10. Ashton Black

    Yoiks no.

    So many attack vectors.... and claiming an absolute? Impossible is a strong word. Tends to be taken as a challenge, by some.

  11. Will Godfrey Silver badge
    Big Brother

    Just wait till GCHQ and the NSA get to hear about this.

  12. Robert E A Harvey

    Not sure what the point is

    I suppose I don't want toothpaste that contains polonium or sand, and it would be quite nice if my pills contained medicine. I buy both from a chemist who is supposedly reputable (at least they were in the early 20th century. I'm guessing they would be the ones buying a reader and doing spot-checks at point of sale to validate the security of their supply chain. Wouldn't they? It doesn't sound like I can. Will they?

    But for handbags, shoes, and other fashion goods, then why bother? Have you seen the garbage that the big label firms fill the shops with? There is a 50% chance that knock-offs will last longer.

    Passports, driving licences, now there is a thing. But we already have contactless technologies a-plenty for embedding things in them. it doesn't need to be vanishingly thing and need a physical contact. The data - whatever it is - can't be related to the method of connection, surely?

    But what do I know? Quite recently some startup started making mag-swipe credit card readers for iphones, and I thought "Meh. No-one uses mag swipe now we have chip-n-pin" but they seem to be forging a market for dodgy technology just because of advertising and the ill-educated market place. Maybe this will be the same?

  13. Don Jefe

    Upstream Vulnerability

    Like most things, the vulnerability here lies with the user(s). This is all fine and dandy to sell to manufacturers and importers/exporters of controlled products. They can talk it up to their channel partners and raise the final price of the goods a little, but that's about all things like this are ever good for.

    Is the consumer going to validate the code; no. No more than they visit a manufactures site to validate a hologram or contact the manufacturer and request a seal validation control sample (which most places offer for free). Jose User is going to buy the product and use it and (here's the vulnerability) assume that everyone upstream from him has validated the authenticity of the product. Same for the retailer or distributor or importer. The chain of implied trust is always the easiest attack vector, people will abuse the trust of others: That's the only part of this that can be guaranteed.

    I say meh. I just hope it doesn't increase the price of my stuff too much.

  14. Gravis Ultrasound

    Judging from ThinFilm's history, this will be 'vaporware' never to materialise in any quantity to speak of. This company always got a breakthrough in sales 'just about the corner'... playing cards for kids and other printable memory stuff... never sold anything. Their press releases have been about receiving (buy yourself) technology prizes et cetera. The company is something of a running joke on the stock market and so is their stock price.

  15. Anonymous Coward
    Anonymous Coward

    It doesn't matter if they are "unforgeable" if they are $0.02ea.

    I'm sure Mr "Shady goods counterfeiter" can manage a whole 2 cents per unit on his multi million $ operation(s).

This topic is closed for new posts.