copyright and data integrity protection
GenuineFile - digital integrity protection
 Home 
 download 
 about us 
 signup 
 login 
 query file 
 witness 
 help & faq 
 contact 
GENUINE

How GenuineFile works

GenuineFile associates a unique fingerprint with each file.

Technically speaking, this fingerprint is a SHA1 hash of file contents. The fingeprint has two important properties:

  1. the fingerprint is a one-way function, i.e. it is impossible to recover the original file from its fingerprint;
  2. it is extremely unlikely that two files have the same fingerprint by accident, moreover, it is computationally infeasable (in simple words, impossibe) to intentionally create two different files with identical fingerprint.

Both of the above are properties of the cryptograpic hashing algorithm that we use, this is just a matter of math.

The GenuineFile database stores such fingerprints, not the whole files. Along with each fingerprint, which serves as a key of the database, the following information is stored:

  • date and time when the fingerprint was added to the GenuineFile database
  • author's name
  • original filename, title, and description provided by the author of the fingerprint; this information is stored only for the purpose of describing the file in some way, it is not verified, nor guaranteed to be true
  • optional author's digital signature on the fingerprint

When you query a file on your computer (i.e. right click and select "File info.."), the fingerpint is calculated and sent to GenuineFile (note again, only a short fingerprint is sent over the internet, not the whole file). GenuineFile tries to find this fingerprint in its database and if it exists it returns back the information stored with the fingerprint.

When you notarize a file, you enter the information you want to associate with the file, then a fingerprint of the selected file is calculated and sent to GenuineFile (again, the file itself never leaves your computer), along with the descriptions you entered. If such fingerpint doesn't exist yet in the database, it is added, and anybody who queries this same file later, will see your name, date and time of notarization, and title and description you entered.

How do we guarantee that the date and time of each fingerprint is correct? In addition to regular synchronization of our server clock with known good sources, we also add an integrity check to each record in the fingerprints database, plus the records in the database are regularly signed by GenuineFile admin and the signatures are timestamped, so it becomes impossible to edit or backdate any records even by GenuineFile staff.

All records in the GenuineFile database are available for free and unlimited copying, distribution, and replication, which makes it impossible even for GenuineFile to edit or backdate any records. So you do not need to treat GenuineFile as a trusted third party because every notarization is widely witnessed.

Back to help index
FILE    
 help & faq 
 how to verify 
 how to notarize 
 integrity of downloads 
 copyright protection 
 virus protection 
 how it works 
 witnessing 
 compare 
  home | signup | login | help | privacy      © 2004 GenuineFile.com