| if a re-issued a new token/card (to replace a lost/stolen token/card) is | identical to the lost/stolen token/card ... then it is likely that there is no | "something you have" authentication involved (even tho a token/card is | involved in the process) ... and therefor the infrastructure is just single | factor authentication. | | at the basics, a digital signature is an indirect indication of "something you | have" authentication .... aka the existance of a digital signature implies | that the originator accessed and utilized a private key in the generation of | the digital signature. a digital signature by itself says nothing about the | integrity of that "something you have" authentication ... since the digital | signature doesn't carry any indication of the integrity measures used to | secure and access the associated private key. This is a rather bizarre way of defining things. "Something you have" is a physical object. On the one hand, any physical object can be copied to an arbitrary degree of precision; on the other hand, no two physical objects are *identical*. So a distinction based on whether a replacement is "identical" to the original gets you nowhere.
A digital signature is just a big number. In principal, it can be memorized, thus becoming "something you know". As a *number*, I don't see how it can, in and of itself, *ever* be something you *have*. >From a purely information point of view, there is not, and cannot be, any difference among the different authentication modalities. A house key can be represented as a fairly short number (the key blank number and the pinning). Even a very fancy and elaborate key - or any physical object - can, in principle, be represented as a CAD file. While "something I am" is difficult to represent completely this way (at least today!), it doesn't matter: A "something I am" *authentication element* has to ultimately be testable for veracity on the basis of information the tester has access to. The meaningful distinction here has to do with possible modes of attack, constrained by the *physical* characteristics of the system. An authentication element is "something you have" if an attacker must gain physical possession of it to be able to authenticate as you. The "closeness" and length of time the attacker must possess the element form the fundamental "measures of quality" of such an element. A house key is a prototypical "something you have". Duplicating it requires the ability to physically hold it. (One can, of course, imagine taking very detailed photographs from a distance, or using some other kind of remote sensing technology. While possible in principle, this would be a very expensive and difficult attack in practice, and we generally ignore the possibility.) Keys with restricted blanks are relatively difficult to duplicate even if you have physical possession. We generally assume that you can take a key back, thus revoking access. This is also a general property of any "something you have" authentication element - and is truely present only to some degree. Still, one can meaningfully ask of such an element "How many copies are in existence? Who has access to them?" Conversely, "something you know" can, in principle, only be learned by you revealing it. Once revealed, a "something you know" element cannot be revoked. It can be copied easily, and determining who might know it is usually impractical once there is any suspicion of compromise. A key card by itself is like a blank house key. It becomes "something you have" when it's encoded with a password, a digital signature private key, or some other secret that's, say, part of an interactive zero-knowledge proof system. The quality of the key card depends on how easy it is to extract the information and produce another key card that can be used in its place. Of course, quality is a *system* property. A house key "reveals its secret" when placed in a lock - any lock. While I could easily enough build a lock that would read off the pinning of any key inserted into it and send it to me on the Internet, this doesn't at present appear to be a threat that needs to be defended against. We generally assume that locks are simple physical devices that don't leak any information. On the other hand, a key card by its very nature sends information into a digital system, and protecting information once it is in digital form is challenging. If I could know to a sufficient degree of certainty that my keycard would only be used in "secure" readers which would send the information no further, there would be relatively little difference between a key card with a simple password encoded on a magnetic strip, and a house hey. Both would provide a "something you have" element. A "digital signature" isn't an authentication element at all! We incorrectly analogize it to a traditional signature, because inherent in the notion of the latter is a whole system embodying assumptions like (a) a signature instance is physically created by the party being authenticated; (b) we can effectively distinguish an instance thus created from a duplicate. I can photocopy a signature perfectly. If it were impossible to distinguish a photocopy from an original - based on pen pressure on the paper, ink vs. toner, etc. - signatures would be completely worthless as authentication elements. To decide whether a "digital signature" is "something you have", "something you know", or perhaps even "something you are" - a signature based somehow on biometrics; or not a reaonable authentication element at all; requires knowing how the abstract bits that define that signature are actually used in the total physical system. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]