[13774] in cryptography@c2.net mail archive
Re: basic question: semantics of "map", "tie", etc in PKI
daemon@ATHENA.MIT.EDU (David Honig)
Tue Jul 8 15:52:33 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 08 Jul 2003 12:07:51 -0700
To: Anne & Lynn Wheeler <lynn@garlic.com>,
Fritz Schneider <fritz@google.com>
From: David Honig <dahonig@cox.net>
Cc: cryptography@metzdowd.com
In-Reply-To: <4.2.2.20030708105335.02d39350@mail.earthlink.net>
At 11:40 AM 7/8/03 -0600, Anne & Lynn Wheeler wrote:
>A hardware token that requires a PIN/password to operate can be considered
>two-factor authentication ("something you have" and "something you know").
I was going to comment on how a simple plastic debit card
that includes a photo provides the third "something you are".
(More reliably than the signature, which is also "something
you are", but readily forged/ignored.)
Then it occurred to me: as cameras become ubiquitous
(e.g., in cell phones) some extra security could be obtained
by sending a trusted photo of the account holder plus a live picture
of the card user.
A picture glued into the card could be forged, but a
smartcard (with more data area than a magstripe)
could include a picture of the account holder,
so a thief has no idea what to look like. But the vendor can
check the encrypted smartcard face to the face on the phone
or webcam. For high-value remote transactions, this might
be viable in a few years.
This is already standard practice
on high-security building-entry cards (and passports?),
with the guard comparing the card-embedded face to the one before him.
Ubiquitous cameras will bring that to remote transactions,
reducing cost due to lower fraud.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
