must be confident that the results produced by the system accurately describe inspected objects over the full range of possible objects and conditions, and that the system contains no hidden features that could interfere with or bypass the proper analysis or result (e.g., hardware or software changes that produce a green light during every inspection, or that allow the system to respond to remote commands from the inspected party).

Authentication can be facilitated by cooperative design of measurement and information barrier systems; thorough documentation; the use of simple, commercially available hardware; and the documentation of all source code for system software. If these guidelines are followed, the system can be authenticated by thoroughly examining the hardware and software and confirming that they correspond to the documented design. The inspected party could build multiple identical units and allow the inspecting party to choose one for weapon inspections and another for detailed examination, including the removal of selected components for laboratory testing. After a system is authenticated, tamper-revealing seals can be placed in key locations to detect any attempt to alter the system. Proper operation of the system over a range of conditions can be checked using a variety of unclassified test objects, which could be provided by either party.

As noted in Boxes 2-4A and 2-4B, prototype information barrier systems have been developed by the United States for template and attribute measurement systems, and their use was demonstrated to Russian scientists during the Fissile Material Transparency Technology Demonstration.