 Fundamentally, this is an architecture that I've been involved in creating with some colleagues for a number of years as an attempt to re-conceptualize the internet around the idea of managing information as opposed to just moving bits from one place to another. When we did the original work on the internet protocols, the whole idea was to make it easy to get information from one place to another without the user having to know about what intervening networks to use, where the gateways, routers, what the protocols were. But it was nothing about finding the information and storing it or maintaining it for long periods of time and all the things that one cares about if you're managing information. So if the idea here would be to trust your information to network-based resources or internet-based resources, how would you do that? How would you ensure that if you came back in a period of time in the future, which could be 10 years or even longer, or even if this was permanently archived, that you could always access the information no matter where it was in the internet environment and that you could do it with full security in case the information was protected and be able to share it with others on the terms of your own choosing. So it was a fundamental foray into that arena. The architecture itself consists of a number of pieces, one of which are inertia repositories that can store information. Now that might sound like it's a whole new idea, but in fact the real important idea there is that what is being stored are digital objects which are based on a data model that's machine independent and every digital object must have a unique persistent identifier. So that means you can access these things by asking a repository for the information that's got this particular identifier. Then all repositories then become interoperable because the protocol is only based on identifiers. Identifiers for the actions, identifiers for the targets, all of which need to then be mapped into the appropriate objects or actions. People can have identifiers too in terms of their information as represented in the network, in the internet. And finally, every one of these identifiers needs to be resolvable into state information about these objects, like where it might be located or what are public keys that are associated with these pieces of information or the ability to authenticate the information, things like that. So the components are repositories to store these digital objects, a resolution system to resolve identifiers for digital objects, this data model that lets you represent information in a machine independent structured way, and finally registries that allow you to search for material that you're looking for and have it return the identifiers for the material that you want. So that's basically what the digital object architecture is about. It's got some other details like type registries and integration of components, but in a nutshell that's what it is. Well, historically what people have done, if they detect something as counterfeit, they put the information in a database or some sort. And then if people care too, they can go look in that database if they know where it is. But what's more important is for the users, the people who are accessing the material to know, and for it to be obvious at every point along the supply chain that you're dealing with some either components or end devices that may not be the way they originally designed to be. And so being able to do that dynamically is really where the challenge is. If an end user gets a product off the shelf, can that user tell dynamically right on the spot that this is likely to be counterfeit device for whatever reason? A variety of things that you can do, but mainly if these devices are identified and you can resolve the identifiers to the relevant information, it could tell you a lot about, one, what the components are, what the device should look like, and maybe even most importantly where it's being sold. So if somebody did produce a knockoff and it was being sold somewhere else, you could tell right off the spot that this should not be here. It doesn't mean it is counterfeit, but it at least gives you a clue that something's not quite right. Now a lot of that depends upon all of the people that are involved at every step along the way doing their part. So it's very easy for a device to be affected at any step in the original chips that are not done right. They're assembled improperly. Things are put in that shouldn't be put in, or they're eventually sold from the wrong places. So every part of that chain needs to be tightly managed and controlled to be able to protect it. Well it's really important to have good control over these devices because some of them can be life threatening if they're misused or they are changed in any fundamental way. I tend to think of a device as kind of an information source that may be just an information system in its own right or maybe interacting with other ones around the globe. And if any one of those parts can be corrupted in a way that makes the device perform inappropriately, it's a challenge. So there need to be laws against that. Now there are laws against counterfeiting in many areas, but I think they could potentially be strengthened. I think that there could be requirements placed all along the supply chain to make sure that people understand what they're supposed to be doing at their appropriate tests. And then ultimately when the end user is able to access these devices, there need to be ways that that end user can do a good job of at least doing a top level cursory examination of that device by virtue of the identifier's device to understand what it is that they're likely to be getting. I think governments can enforce that. What about the corporate sector? Well, they're a critical part of the whole thing. I mean, the government isn't manufacturing any of these devices. So it is the corporate sector that's doing that. So their plans need to be well accessible by the people who need to know. Now much of the information may very well be private, proprietary information, and they should keep it that way. But the people who need to know what it is to look for need to have that information. It may be interface information. It may be tests that they can produce on these devices. There could be sample testing mechanisms that are mandated, not for government to produce, but for the private sector to supply with the devices. So you can tell whether it's a valid device or not. And there perhaps need to be scenarios where not only the device can be tested standalone, but after you buy it or it's in the hands of the consumer, they can check it in the larger world in which that device is interacting to make sure that it's functioning properly. So to try and get into the details would be impossible without knowing what the device was and what it was supposed to do. But I think in general there can be multiple things that companies can do to make the visibility into counterfeiting more transparent. Well, it's hard to know exactly what's going to be presented, so I can't tell you in detail. But generally if there's an increased awareness of this problem and what both governments and private sector can do to deal with it, I think this will be a significant step forward. I think this has not been a topic that's been terribly highlighted in the past. So I think the ITU effort to try and bring some light to this general topic and perhaps even see what some organizations and even governments are doing to try and deal with this issue is going to help enormously. So I'm very pleased to see this conference. I'm happy to participate in it and look forward to seeing progress made in this very important area.