Attack 2 - copy legitimate IDs from existing products
Attack 3 - Steal bulk IDs from the database
Attack 4 - Subverting the Channel
Attack 5- Subverting the Database
Attack 6 - Subverting the Server
First, we take security seriously. We assume we will be attacked. We design our systems with the assumption that we may have corrupt insiders within the organisation. We assume that mistakes will be made and that systems will fail.
Second, we employ the services of the experts and follow their advice on how to implement and protect the system under those initial working assumptions.
Third, we open ourselves to inspection and peer review. This web site is part of that exercise, but physical examination by our customers or other interested parties is welcome and regular professional security audit is part of our routine.
Fourth, we remain open to criticism and suggestions.
Meanwhile, we have anticipated a number of specific attacks. They are listed on the menu alongside this text. If you follow the links, you can read about our countermeasures. Most of these attacks are those we anticipate against the most serious target - the Anti-Counterfeiting Protocol. Of course, the logic and defences against such attacks carry over into the other areas, albeit on a smaller scale.
