W.R.T. using "fake" inventors. It's illegal to file a patent application without the true original inventor's name on it. If it can be proven that a company did this, it is liable for treble damages and the lawyer who filed the application can be disbarred.
It's not the inventors who are faked, according to the article -- it's the companies for whom they work. I forget the examples now (mag is at home), but these people have turned up corporations which file their patents under no end of front companies (tentacles? :-) so as to make it hard for their competitors to see what they are up to. It's by using the inventors' names that all this information is being pulled back together. Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet@stout.atd.ucar.edu they are - and I haven't tried checking their articles to know what to look for to check whether an email request claiming to be from one of them looks unforged. If I remember right, none of these people puts a PGP Key ID or fingerprint in their posting signatures, so I don't have that clue available - that would increase my confidence a lot. But I still couldn't be sure. [This is the hitch in digital signatures isn't it? At least as far as those not issued from an authority are concerned. You are really signing for a location rather than anything else. You have no idea who has access to the secret key on the other side of the public or if the "who" is a "him" a "her" or "they." A signature is webbed in with the trust you give it. Tim May's signature means nothing if everyone knows that Tim and his close friends all use it even if the key only has the words "Tim May" on it. ++ Tim, I used your name because I want someone else to be the example today :) ++ Technically (for you grassy knoll types) the holder of a secret key could be quite dead and anyone might have taken up use. The dead key holder, or even the duress key holder, creates all sorts of problems if you are dealing with nym's or anonymous keys. Same problem with so-called "password" or "bearer" accounts. The money is only as secure as the protocol is secret. Subjectively different for each and every user. People like LD have to break past the barrier in concept and accept that a public key system with an open trust web just cannot be used to establish IDENTITY. With a properly structured web it approaches zero probability of "identity fraud," but never quite gets there. I'm not lying if I sign some key that I know to belong to a person who actively uses the name "564FR" All my signature says is that "at one time 564FR held this key and I trust him to send a revocation if there is a problem." NOT "This key is held by 564FR and 564FR alone, so help me (insert deity of choice)" Frankly I think this system is a lot MORE honest than a centralized system (which stinks to me of big government anyhow) because multiple signatures from several individuals represent different perspectives on identity. Chances are that if you have 6 nice signatures you managed to convince 6 very different people that the key is "yours" I trust this much more than some "trusted authority" which is likely to be neither trusted, nor an authority.] +++ On the other hand, if I really cared about preserving the anonymity of the nym-user, and it was somebody I knew in person, or myself, I probably wouldn't sign it with my real key - it may be relatively obvious that "Bill The Dragon-Basher" whose key was signed by "Bill Stewart" was me, but I'd rather not have to deal with a court subpoena or Mafia equivalent trying to find the users of the keys for "Crypto International, Ltd." or "Coalition Against the U.S. Invasion of Cuba" or "Some Unapproved Religion" or "Bear's Custom Chemicals" or an anonymous Panamanian bank account that's mine. But if the keys are only signed by other nyms, how trustable are they? [So how do you know what's a nym and what's not?] If I ran a digibank, I'd be real hesitant about accepting changes of address or public-key unless I had some physical verification or other securely shared secret to avoid eavesdropper and interloper attacks, but one of the goals of digital banking is that you're not supposed to need physical transactions. I suppose an initial account set up by sending the bank a message with a Secret and a public key and a bunch of digibucks might do the job, with some cut&choose protocols to decrypt the digibucks if the account is approved? [If I ran a digibank with open accounts, I'd shift the security burden to the account holder. Especially when dealing with accounts from sketchy identities. Provide the means for security in protocol, the rest is up to the user.] Bill The Dragon-Basher (oops! ^X^C:wq!/exit~.\b\b\b\b\b\b) # Bill Stewart Old address: wcs@anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ # After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart@pleasantonca.ncr. com - -uni- (Dark) [who will begin to attach key fingerprints to mail and not just usenet and finger] :) 073BB885A786F666 6E6D4506F6EDBC17 -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP0XEBibHbaiMfO5AQHeKQQAhN6RXRQ8fZ1hz+jvFbuw6N6fvByG2Euq BYISCdcLgcWa1V/Jpq7GjjIwLTEYjxFQBqg2txyu4QKpmg1HR3ox/MAyUPcqQqQy K9WxvwVMW/3ydGKRwLyatthHZsa47JGVumwzQJ2/cDzhNZhfiM/SqXgH3jdHBSAO 9r744wKJsoc= =Qi4O -----END PGP SIGNATURE-----