Tag Archives: obscurity

Totems and Document Authenticity

*minor spoilers about the film Inception*

In the movie Inception, I was introduced to the concept of a totem. Your totem is a device that only you can verify as authentic. Another person who has knowledge of your totem would not be able to fully reproduce your totem. For example, a loaded dice will always fall on a certain side due to the unbalanced weight. Even if another person knew your totem was a dice, they would not know that it was loaded unless 1.) you told them the secret attribute or 2.) they were able to get a hold of it and reverse engineer it. When a totem is properly kept secret, it is useful as another individual cannot properly reproduce it.

What occurred to me randomly was that you could use a totem-like system amongst individuals to verify document authenticity. This may or may not be used in the real world. By definition, I wouldn’t know about another individual’s totem in the real world. For instance, a spy agency could use a totem on classified documents, the kind you see in movies stamped ‘Confidential’ and tucked away in a dossier. Instead of having a generic template with the agency letterhead, a totem such as an image or uncommon pattern could be incorporated onto the template. This way, people who are “in the know” could verify the authenticity of high-level, confidential documents by checking if the unique image serving as the totem was on the document. If the document was forged and put forward as real, the missing totem would help disprove the document’s authenticity.

To an extent, every document already has a distinct profile but not necessarily an explicit defined totem. With a hard copy printout, the type of paper, the ink used, etc. would help narrow down the document authenticity. Company specific letterhead helps to a degree to authenticate documents. With soft copy documents, file names, size, types, etc. could help narrow down the electronic origin. The distinction is that totems would not be used for *all* documents within an organization. A totem would be reserved for high-level, sensitive board minutes or signed agreements in order to maintain a level of security by obscurity (or the effectiveness of the totem).

Another use of totems, beside the purpose of preventing forgery, would be to incorporate version control. A totem could be dynamically generated as part of a electronic document system to provide version control. Besides using an image to designate the totem, text could be used that may seem out of place. Or text that doesn’t seem out of place to the untrained eye. To provide an example, let’s say you have 3 members of management working on a document updated with constant revisions. By placing the text “Tigers500,” a completely arbitrary selection of text, on the document, only the 3 who worked on the document would be able to verify the document as authentic. An individual outside the 3 original members would have no way to include the text “Tigers500” as part of a forged document. The next version of the document could include “Tigers501” and so forth.

Totems bring up many interesting use cases. I’ve talked about totems in a social setting, whereas Inception utilized it as a personal effect. One potential pitfall of a totem is that if your totem is compromised and “found out,” then you may be relying on blind faith when presented with a false totem.