Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xerox Creates Printed Labels With Rewritable Memory

Posted by Soulskill on from the mundane-futurism dept.

Lucas123 writes: Xerox has announced a line of printed labels that can store up to 36 bits of data that can be used to track shipped products, determine the authenticity and condition of products, and even identify if a medication refill has been authorized, or if a shipping tax has been paid. The key verification features, which are targeted at thwarting counterfeiters, will work offline, allowing secure validation of an object or process without being bound to the Internet. The memory labels can be encrypted for added security and can store up to 68 billion data points.

29 of 48 comments (clear)

  1. Computerworld explains what a bit is by Kohlrabi82 · · Score: 1, Flamebait

    The memory labels can be encrypted for added security and can store up to 68 billion data points.

    I'm surely glad I finally understand what a bit is.

    1. Re:Computerworld explains what a bit is by michelcolman · · Score: 1

      Very clever article. They write some ridiculous bullshit about 36 bits being able to store 68 billion data points, so all the geeks and nerds start talking about how stupid those journalists are, meanwhile they have all seen the product and will remember it. When you see one of these new labels, you'll go "oh, I remember, that's the one where those idiots claimed it could contain so many data points with cryptography and all". If they would have just said "hey, we invented a new label that can store 36 bits", nobody would talk about it and it would be quickly forgotten. Negative publicity is good publicity.

    2. Re:Computerworld explains what a bit is by U2xhc2hkb3QgU3Vja3M · · Score: 1

      They do clearly explain 2^2, 2^4 ... 2^36, in the article.

  2. In Other News by konohitowa · · Score: 1, Informative

    Xerox confirms that 2^36 ~= 68G.

    So at any point in time, it has the potential to store one point of data from among 68 billion possible points of data. Because. You know. It's 36 bits. To me, that's completely different from being able to store 68 billion data points. I inferred "simultaneously" from that. If it's any consolation, TFA has the same wording as the summary.

  3. You cannot do anything secure with 36 bits by gweihir · · Score: 4, Insightful

    In order to do things like authenticity securely, you need to sign the contained data cryptographically. The very least number of bits needed for a signature that can be called secure in any way is around 80 bits today, and you need the data to that is signed in addition.

    I conclude that this thing offers no actual security whatsoever, besides the mechanism needed to write the bits.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:You cannot do anything secure with 36 bits by stooo · · Score: 1

      So, if it does not need to be secure, we can fake the serial numbers, cool :)

      "allowing secure validation of an object or process" -> seems they want it to be secure, though

      So we can make millions of copies of a valid one, and these will be seen as legit by the "offline validation" ? Cool.

      --
      aaaaaaa
    2. Re:You cannot do anything secure with 36 bits by gweihir · · Score: 1

      You really, really do not understand crypto. At all. You do not even use the right language.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:You cannot do anything secure with 36 bits by gweihir · · Score: 1

      Just my thought. Cloning this is trivial.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:You cannot do anything secure with 36 bits by gweihir · · Score: 1

      Also: Unless they have iterated encryption high enough as to make brute-forcing impractical, simply obtain one of the "verification mechanisms" and one of the QR-Codes and then throw all 2^36 values at it until you find something you like. Voila, immediate "authentic" fake, that will pass offline "validation".

      In practice, this thing is far less secure than a QR-Code label. Instead of reprogramming the 36 bits, just stick a new label to the box, thereby reprogramming all bits, including a new signature.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:You cannot do anything secure with 36 bits by Trailer+Trash · · Score: 1

      In order to do things like authenticity securely, you need to sign the contained data cryptographically. The very least number of bits needed for a signature that can be called secure in any way is around 80 bits today, and you need the data to that is signed in addition.

      I conclude that this thing offers no actual security whatsoever, besides the mechanism needed to write the bits.

      After painfully reading the article they're claiming that the crypto part comes as a separate QR code or something like that - which can store vastly more data. Since the QR code can't change I'm not sure exactly how that helps with the changeable part.

      I'm sure there's some sort of big deal here for Xerox to put out a press release, but I can't find it and the writer of the article likely cannot, either. There are 36 bits of rewritable data that can be read with the human eye. That's not a lot. As they clumsily say in the article that gives you a number between 0 and ~68 billion - not enough to even store a credit card number. The "crypto" crap is just silliness.

      Anyone have any idea what's up here?

      --
      Do you have ESP?
    6. Re:You cannot do anything secure with 36 bits by gweihir · · Score: 1

      You cannot sign the 36 bits with the contents of the QR-Code. Not possible. Hence the data may be obscured, but it will not be authenticated or protected. Basic crypto. Which you do not understand. You may want to look up the "Dunning-Kruger Effect".

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. What is the big deal? by Michael+Woodhams · · Score: 4, Insightful

    From the article (and the announcement it links to), I'm really struggling to figure out what the big deal is.

    A rewritable 36 bit label. Presumably that means you have 36 dots, each of which can be black or white (say) and you can change their state somehow. I could (a little less conveniently) do the same with a sticker with 36 dots on it, each either filled or hollow. Whenever I want to change it, I just print a new sticker with the new bit pattern and stick it over the old one.

    How does this give all the cryptographic goodness they talk about?

    They say you'll be able to cryptographically confirm authenticity off-line. But 36 bits is easily brute-forcible. If you can check the authenticity of the 36 bit pattern, the man in the middle can check all 2^36 bit patterns for authenticity and use whichever authenticated bit patterns give the message they want.

    The engineers at Xerox aren't stupid, so presumably there is something to this. However in going from the minds of the engineers to the mind of the journalist to the article to my mind, somewhere something vital has been lost.

    --
    Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
    1. Re:What is the big deal? by konohitowa · · Score: 3, Insightful

      When the journalist started to explain binary, I sort of lost hope of any technical explanation materializing.

    2. Re:What is the big deal? by peragrin · · Score: 3, Funny

      Instead of dots why don't you use variable width black lines? We can call it barcoding.

      --
      i thought once I was found, but it was only a dream.
    3. Re:What is the big deal? by Dr.Dubious+DDQ · · Score: 1

      "The encryption is in a QR code that's printed on the label, but isn't rewritable."

      That seems to be the key point.

      My guess is that the handful of bits in the label will be used in different ways by each company that adopts it, and it will be something like "the first three bits indicate which facility was the last to handle it, with 000 indicating that it has been sent to the pharmacy, the next five bits indicate which employee in this production line last handled the tagged object", etc., with the barcode specifying which internal-to-the-company algorithm was used to shift the bits around before storing them on the rewritable tag.

      It's not that anyone who had blank tags and the equipment to write to them couldn't exactly copy any particular tag they got their hands on, but that it shouldn't be feasible for anyone to synthesize a valid fake label, so nobody can get a bunch of manufactured-by-flybynightco-in-china fake tablets or even a pile of "legitimate" pills snuck out of the factory in somebody's socks, stick them in a bottle, and label them to look like they've been legitimately packaged and shipped from the company (for example).

      --
      Hacker Public Radio is our Friend
    4. Re:What is the big deal? by U2xhc2hkb3QgU3Vja3M · · Score: 1

      That's exactly the kind of thing the machines wants you to do. I propose a system with something similar to letters, with each letter representing a value.

    5. Re:What is the big deal? by omnichad · · Score: 1

      verify that whatever is stored in those 36 bits was put there by whoever created the product being tracked and hasn't been altered later.

      Which defeats the purpose of those 36 bits being rewritable.

    6. Re:What is the big deal? by omnichad · · Score: 1

      You swipe the empty packet over the reader, and that tells you the drug in question, and the refill details (and the writer re-writes the bits to "refill dispensed")

      And you wouldn't even have to be able to decrypt it if you just set it back to what it was before the refill, assuming you can find a way to flip the bits manually without overly special equipment. Or if the drug is really valuable, you buy the special equipment.

  5. Poor Journalism by labnet · · Score: 1

    Surely the most important thing to mention in the article, is how the reading is performed.

    All I could see in TFA, was 'A smart phone based reader'
    So what is it. Conact, NFC, UHF Backscatter, pixie dust?
    And its read range?
    And if it is RF does it handle multiple tags in the field?

    The TFA is just a rewording of the press release with an explanation that 2^36 > 1 Billion

    --
    46137
  6. 36 bits is kind of a strange size by Anonymous Coward · · Score: 2, Funny

    Maybe whoever headed the project is still bitter about the death of the PDP-10.

    1. Re:36 bits is kind of a strange size by _merlin · · Score: 1

      You know I've literally had a nightmare about having to reboot a PDP-10. I thought the same thing.

  7. 36 by behrooz0az · · Score: 1

    even single DES needs more bits and it's as insecure is it gets.
    and what the fuck does this have with cryptography?
    and what the fuck makes it so special for offline verification?

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  8. SIgh by nospam007 · · Score: 1

    ..." used to track shipped products, determine the authenticity and condition of products, and even identify if a medication refill has been authorized, or if a shipping tax has been paid. "

    Hopefully they will also let me change the price before I go to the cashier's desk.

    The medication thingie bothers me a bit.

    Will there be nerd junkies with pimp-up readers waiting for the people leaving the Chemist and check which goodies they have in their paper bag?

  9. Re:36 bit? 68 billion? by michelcolman · · Score: 1

    I've got a piece of paper right here than can store 1.7 googol datapoints. Really. I put 333 little circles on it, every circle can be either filled or empty. That gives 1,7 googol different combinations.

    I'm off to the patent office...

  10. Lossless by Impy+the+Impiuos+Imp · · Score: 1

    > 36 bits...store up to 68 billion data points

    Man compression has made a ton of headway.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    1. Re:Lossless by U2xhc2hkb3QgU3Vja3M · · Score: 1

      Yeah but it's lossy compression.

    2. Re:Lossless by omnichad · · Score: 1

      Later in the same article, they not only reword it to something more like 68 billion permutations, but they also give a rudimentary explanation of binary number storage. I don't know why they even included that "data points" line.

  11. Label cost by ITRambo · · Score: 1

    So, my $4 Wal-Mart prescriptions will cost $6 because someone has to pay for the label. Just kidding. Wal-Mart would never waste money like that on memory labels. I hope.

  12. Re:QR Code by omnichad · · Score: 1

    QRcode already has a much larger storage space than 36 bytes . They're really limited more by how large you want to print them and how densely.