Digital Signature or user rights for drawings

We use PDFs for all vendor drawings, and find that to be a sufficient level of security for our purposes.

Yes but PDF's can be changed in photoshop. I still think it is a good idea but sometimes companies request DWG's.

Michael wrote:

unaltered

What you can do is sending PDF's and DWG's. The PDF is the "original" drawing to refer to. The DWG is the one to work with for the manufacturer. The manufacturer has to make the product according to the PDF, but they can use the DWG to do this.

\/\/im

We keep hardcopies and send out dumb files like dxf or parasolid. The drawing has a byte count, date and filename on it to go with the dxf file. I am not a fan of sending out files that can be modified unless we are developing something.

In all cases wouldn't the Last Saved by field be modified to the new user this would only be an issue if it was origionally saved by Administrator or something generic.

Corey

If you have trust issues with your vendors sufficient that you're concerned they're going to alter your drawings in photoshop then it's time to find a new and more trustworthy vendor

At first glance it seems that there are several software publishers on the web that offer encryption programs. Something that generated a key to allow your vendor to decrypt the file would be appropriate.

Upon acceptance of the project by your vendor, have him e-mail back the same encrypted package that you sent them containing project details. If they were to decrypt the files and alter them, any subsequent re-encryption would generate a key that did not coorespond to the original. This should provide a reasonable level of protection.

An observation: If you are that concerned about the integrity of your vendors, then perhaps you should seek different ones.

This is grantmi1 I am using my newsville account.

The party in question is regarding LED's and this industry is very competitive. Everyone is out to get the other as far as the LED markets. We are having custom LED board made and programed by LED manufactures. If the business is good they like to go straight to the customers.

Can you explain more of this encryption. Is this digital signatures you talk of?

"Brian"

They make a software product intended to control distribution of shareware/other programs. It looks like it would package your files and encrypt them. Your vendor would have to enter a passcode of some sort to access the files (provided to you by the packaging software).

Its not exactly a digital signature, but should prevent the vendor from altering the files and being able to hide his actions.

I am sure there are better products for your needs, but thats one I found simply by an internet search for "encryption software". There should be something available to fit your exact needs.

I forgot to mention. You then pack the file into a zip file. In XP this is a compressed folder. Then you go into view and add the column CRC which will give a string of hexadecimal numbers which should be unique not only for the number of bytes but content as well.

Ah--so you're concerned about them stealing your design, rather than not making the parts to print?

If that's the case, I'm not aware of anything you can do other that set up an "eyes only" system--If they can read the info, and they're out of your sight, they can steal it. If nothing else, they could always redraw the print from scratch, which isn't really all that much work.

This sounds like a problem for lawyers, rather than engineers

No, that was a stupid comment I made. The comment I made has nothing to do with my question, I brain farted. No I am simply saying I don't have a lot of trust in some companies and if I can protect at least dimensions from being altered in the sake of not being lible for holding dimensions then that would be beneficial.

I also wanted to see what others are doing for security.

Think simple. give them a drawing that they cannot change. i provide a PDF of the drawing file only and copies of the applicable models ( if you only use annotated models then print out model views to PDF). this way the drawing cannot change in the manufacturing process. this might help. MRW

never look beyond the obvious. the harder we look at an item the more complicated we make it.

grantmi1 wrote:

unaltered

in this situation most companies become so paranoid that they overlook the obvious. who cares if they can't change a drawing. the part has to eventually be made. not providing geometry only hurts the company, as the manufacturer will have to re-create said geometry expanding the door to errors, re-work and ultimately delays. but after the component has been produced the manufacturer has all the information they need to do whatever they want (in theory). legal contracts are the only recourse to protect a company for proprietary information.

this is so simple, don't do business with a company whos' employees don't know what morals or ethics are.

if this is the only vendor available (seems odd), i would take this up with management. go up the chain of command as high as need be to get a reaction. if it goes to the top dog and nothing happens well ... i revert back to my original statement.

NOT simple. If you try practicing your advice you'll find that it's nearly impossible to tell the ethical employees from the non-ethical. You'll also find that for any given company the employees' ethics might cover the entire spectrum from criminal to almost saintly. If one only does business with companies that can prove their saintliness all the way up the chain of command you'll be relegated to doing no business at all with anyone.

'Sporky'