Tag Archives: authentication

Forgotten History – Tally Sticks

Tally sticks were once  essential for recording government and commercial transactions. Kings used them to help collect taxes. Individuals and businesses used them provide a tangible record of debts and  investments.

Tally sticks were usually made of wood, but could also be made of bone, ivory or stone. The Ishango Bone tally was made from the thigh bone of a baboon and dates from around 18000-20000 BC.

Tally sticks were introduced into England in about 1100 and continued to be used by Exchequer until 1827. In 1834 someone decided to dispose of the remaining sticks and succeeded in setting fire to the Houses of Parliament link.


Single tallies were usually used as a memory aid. Split tallies had a much wider range of applications. They were used to acknowledge receipt of goods, payment of taxes or a fine. Or, like the example below, provide proof of a debt. They formed part of a primitive but essential accounting system in medieval times.

Few tally sticks have survived [they made good firewood], so I made the one below to illustrate their features.

The stick is just under 12 inches long [about 30cm] and made of a wood with a clear grain. It records that AB owes CD five British pounds [£5], six shillings [6s] and three pence [3d]. Before decimalisation a pound was divided into twenty shillings and each shilling was divided into twelve pence. AB is the debtor [who owes the money] and CD is the creditor [who is owed]. It also shows when the debt is due. In the example repayment is due when CD demands it.

NN means non negotiable. CD cannot sell or give the debt to anyone else. AB will only repay CD.  You can see the point of that. If CD sold the debt to an enemy of AB the enemy could bide their time and then present the tally when they knew AB was overstretched.


The notches in the top edge indicate value. There were different notches for pounds [and thousands of pounds], shillings and pence.

Sticks were made of woods that split easily so the one part of the split tally could be kept by the creditor and the other part taken by the debtor.


The creditor’s [CD] part was called the ‘stock’ and was longer than the ‘foil’ which was taken by AB.  This is why we refer to someone getting the ‘short end of the stick’ when they have the worst part of a deal.

If someone lent money to the recently established Bank of England they would get a stock [from which we get the ‘stock’ in ‘stocks and shares’] recording the transaction. The Bank would keep the foil.

When we pay someone by cheque we send the cheque to our creditor but we keep a record of the payment on a ‘counterfoil’ in our cheque book.

Tally sticks had a number of anti-forgery features.

  1.  The notches on a stock and a foil had to match exactly when payment was demanded.
  2.  The grain had to match. If you look at the first photograph you can see that the grain clearly continues from the foil to the stock.
  3.  Details of the debt was written on both the stock and the foil.

The two photographs below show another tally stick. I made this to resemble one that was used in Switzerland until the end of the 19th century and is now in a museum.  The same anti-forgery features are present.  The holes in each part were presumably drilled so that the tallies could be strung on a string and not mislaid or used as firewood by a housemaid. Thoughtless housemaids were a real danger. A maid burned Thomas Carlyle’s only copy of his book, the ‘The French Revolution: A History’,  after mistaking it for waste paper and using it to kindle a fire.



Leave a comment

Filed under History, Misc

Business Applications of Encryption – Part 1

This posting is the first in a series about the commercial applications of encryption. The postings will explain how encryption works, how it can be used in business, and its legal status.

It was once only of concern to diplomats, spies and the military. They used codes and ciphers to try and make their messages unreadable. Encryption was only widely used by commercial organisations during the telegraph era, when some companies encrypted their messages to prevent them being read by telegraph operators in the pay of competitors.

All that changed when the internet was opened to commercial use and e-commerce sites began to appear. Encryption is now an indispensable part of electronic commerce. It is hard to imagine any significant online commercial activity being possible without the involvement of encryption.

Some of the business applications of encryption are obvious. Companies need to be able to communicate securely, and email is not secure unless messages are encrypted. Digital data needs to be stored securely. Experience has shown that there is no way of guaranteeing that data cannot be lost or stolen. No matter what procedures are followed, eventually somebody will make a mistake and data will be leaked over the internet, or a laptop will be stolen. Encryption offers a solution to this problem. Even if encrypted data is stolen it should be unreadable by the thief.

Encryption is also used to secure online banking and e-commerce transactions. How many people would be willing to bank or buy online if their transactions were not secured by being encoded?

Other business applications of encryption are less obvious. How can you ensure that somebody you are dealing with over the internet is actually who they claim to be? How do you authenticate them? If you exchange legally binding documents in digital form how can you prevent them being altered to your disadvantage? How do you prevent someone from repudiating their agreement to a digital contract? Encryption is the answer to all these questions.

Continue reading

Leave a comment

Filed under IT

Methods of Online Authentication

If you want to pass through a locked door you must have a key for the lock. Possession of that key is a form of authentication. It identifies you as a person who is authorised to open that door. If you want to withdraw money from an ATM your right to do so is authenticated by your knowledge of a PIN, and your possession of a bank card. When you log on to a website you authenticate yourself by entering a user name and password.

Authentication is obviously an important issue in online transactions. You may need to establish that you are someone authorised to log on to a server and access the data stored there. Websites need to prove that they are who they claim, and that it is safe for you to enter your credit card details. If digital documents are to replace posted paper documents there needs to be some reliable method of authenticating senders and signatories.

Though authentication is essential to online dealings it is much more difficult to authenticate someone online than in a customer is present transaction.

It is often stated that there are three only forms of authentication. In fact there are four, and the fourth is particularly important online. You can be authenticated by something you know, something you have, some personal attribute, and by someone vouching for you. Only the first and fourth of these methods are effective online.

Authentication methods

1. You can be authenticated by something you know, such as a password or PIN. Passwords are a very weak form of authentication because most are easily cracked.

Continue reading

Leave a comment

Filed under IT