At 11:40 AM 7/8/03 -0600, Anne & Lynn Wheeler wrote:
>A hardware token that requires a PIN/password to operate can be considered 
>two-factor authentication ("something you have" and "something you know"). 

I was going to comment on how a simple plastic debit card
that includes a photo provides the third "something you are".
(More reliably than the signature, which is also "something 
you are", but readily forged/ignored.)  

Then it occurred to me: as cameras become ubiquitous
(e.g., in cell phones) some extra security could be obtained
by sending a trusted photo of the account holder plus a live picture
of the card user.

A picture glued into the card could be forged, but a 
smartcard (with more data area than a magstripe)
could include a picture of the account holder,
so a thief has no idea what to look like.  But the vendor can
check the encrypted smartcard face to the face on the phone
or webcam.  For high-value remote transactions, this might
be viable in a few years.  

This is already standard practice
on high-security building-entry cards (and passports?), 
with the guard comparing the card-embedded face to the one before him.  
Ubiquitous cameras will bring that to remote transactions,
reducing cost due to lower fraud.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to