Digital Signature or user rights for drawings

I am looking at getting a digital signature for signing drawings or
emails and am wondering if anyone else uses a digital signature. If not
what are you are your companies procedures for file protection of
drawings? I am not very familiar with digital signatures so I am not
sure if the questions is even viable.

My concern is when sending a part with tolerance call outs for a
manufacture to make parts for us. The parts need to fit the parts we
are manufacturing at our company. What if their is an issue with fit
and fuction down the road and we need to reference the drawings,
couldn't the manufacture in question alter their drawing and say it was
the original. Then it would become a question of who has the unaltered
drawing, basically we would probably have to bear the loss and move on.

Are you guys using other means of file protection like sending the
drawings with read only rules? That way if the customer wants to change
something they would have to change the file name right? Anyway share
your info with me on these subjects please.

 

We use PDFs for all vendor drawings, and find that to be a sufficient level
of security for our purposes.

 

Yes but PDF's can be changed in photoshop. I still think it is a good
idea but sometimes companies request DWG's.

 

What you can do is sending PDF's and DWG's.
The PDF is the "original" drawing to refer to.
The DWG is the one to work with for the manufacturer. The manufacturer has
to make the product according to the PDF, but they can use the DWG to do
this.

\/\/im


"grantmi1" ...wrote in message

 

We keep hardcopies and send out dumb files like dxf or parasolid. The
drawing has a byte count, date and filename on it to go with the dxf
file. I am not a fan of sending out files that can be modified unless
we are developing something.

 

Those can easily be modified as well.
And still have the same byte count, date and filename.

 

In all cases wouldn't the Last Saved by field be modified to the new user
this would only be an issue if it was origionally saved by Administrator or
something generic.

Corey

 

Anyone with access to the file headers can modify such, usually
with an easy program to do such.
About 5 lines of BASIC code to do IIRC.

As far as the byte count, some CAD programs leave empty space
(deleted entities or those marked so) in the part files and byte
size is counted in 512 byte blocks (or multiples thereof) AFAIK.
That means that unless a changed part falls into another range
of 512 byte blocks (actually, INT (actual bytes/512) (+1 if any
fraction)) the count would be unaltered.
Edits that created no entities, only moved or otherwise altered
them (NOT adding control points to surfaces but they can be moved)
would also show as the same byte count.

Too bad you don't use UNIX or VMS with a trusted admin on the
other side ..... both have actual file protections <G>.

A binary bit for bit or byte for byte compare would probably work
though.

HTH

 

If you have trust issues with your vendors sufficient that you're concerned
they're going to alter your drawings in photoshop then it's time to find a
new and more trustworthy vendor

 

At first glance it seems that there are several software publishers on
the web that offer encryption programs. Something that generated a key to
allow your vendor to decrypt the file would be appropriate.

Upon acceptance of the project by your vendor, have him e-mail back the
same encrypted package that you sent them containing project details. If
they were to decrypt the files and alter them, any subsequent re-encryption
would generate a key that did not coorespond to the original. This should
provide a reasonable level of protection.

An observation: If you are that concerned about the integrity of your
vendors, then perhaps you should seek different ones.

 

http://www.zappersoftware.com

They make a software product intended to control distribution of
shareware/other programs. It looks like it would package your files and
encrypt them. Your vendor would have to enter a passcode of some sort to
access the files (provided to you by the packaging software).

Its not exactly a digital signature, but should prevent the vendor from
altering the files and being able to hide his actions.

I am sure there are better products for your needs, but thats one I
found simply by an internet search for "encryption software". There should
be something available to fit your exact needs.

 

I forgot to mention. You then pack the file into a zip file. In XP this
is a compressed folder. Then you go into view and add the column CRC
which will give a string of hexadecimal numbers which should be unique
not only for the number of bytes but content as well.

 

Ah--so you're concerned about them stealing your design, rather than not
making the parts to print?

If that's the case, I'm not aware of anything you can do other that set up
an "eyes only" system--If they can read the info, and they're out of your
sight, they can steal it. If nothing else, they could always redraw the
print from scratch, which isn't really all that much work.

This sounds like a problem for lawyers, rather than engineers

 

Think simple. give them a drawing that they cannot change. i provide
a PDF of the drawing file only and copies of the applicable models ( if
you only use annotated models then print out model views to PDF). this
way the drawing cannot change in the manufacturing process. this might
help. MRW

never look beyond the obvious. the harder we look at an item the more
complicated we make it.

 

You product would seem to be bits of paper.
That makes it hard for people to make things as they must
recreate their own models from your paper.

Locking down models may not be a good idea, even if it
were readily possible.
Added content is usually needed to actually make anything,
depending on how it is made.
After all, that's the expertise you (or someone) would be
paying others for.

Who wants to buy expensive bits of paper at Walmart?

 

in this situation most companies become so paranoid that they overlook the
obvious. who cares if they can't change a drawing. the part has to
eventually be made. not providing geometry only hurts the company, as the
manufacturer will have to re-create said geometry expanding the door to
errors, re-work and ultimately delays. but after the component has been
produced the manufacturer has all the information they need to do whatever
they want (in theory). legal contracts are the only recourse to protect a
company for proprietary information.

 

this is so simple, don't do business with a company whos' employees don't
know what morals or ethics are.

if this is the only vendor available (seems odd), i would take this up with
management. go up the chain of command as high as need be to get a
reaction. if it goes to the top dog and nothing happens well ... i revert
back to my original statement.

 

NOT simple. If you try practicing your advice you'll find that it's
nearly impossible to tell the ethical employees from the non-ethical.
You'll also find that for any given company the employees' ethics might
cover the entire spectrum from criminal to almost saintly. If one only
does business with companies that can prove their saintliness all the
way up the chain of command you'll be relegated to doing no business at
all with anyone.

'Sporky'