Re: Authentication of off-line application

Sounds like a job for cryptography. For example, you could have each machine sign it's file using a private key. Then the master server can verify the file by checking it with the appropriate public key. Unless the attacker steals the private key from a terminal he can't alter the data.

A non-public-key crypto approach would be to just encrypt the whole file using a shared-secret like a password entered by the operator or stored on disk.

If you're new to cruptography I suggest you pick up a copy of Applied Cryptography by Bruce Schneier. It's a very gentle introduction to the field and will help you make an informed decision about what approach to use.

-sam

Comment on Re: Authentication of off-line application

Replies are listed 'Best First'.
Re^2: Authentication of off-line application by Fletch (Bishop) on May 18, 2006 at 20:47 UTC
Before even looking at AC you should look at Secrets and Lies: Digital Security in a Networked World (ISBN 0471453803). Whereas AC explains on a technical level what crypto is and how algorithms work, S&L gives an overview (not quite drool-proof paper marketing glossies level, but comprehensible even by CTOs :) over why it's hard to get it right and why "security" isn't just a simple checkbox on a form that you tick once you put some form of crypto in front of / around / beside your application.	[reply]

Replies are listed 'Best First'.

Re^2: Authentication of off-line application
by Fletch (Bishop) on May 18, 2006 at 20:47 UTC

Before even looking at AC you should look at Secrets and Lies: Digital Security in a Networked World (ISBN 0471453803). Whereas AC explains on a technical level what crypto is and how algorithms work, S&L gives an overview (not quite drool-proof paper marketing glossies level, but comprehensible even by CTOs :) over why it's hard to get it right and why "security" isn't just a simple checkbox on a form that you tick once you put some form of crypto in front of / around / beside your application.

[reply]