That's fine for *describing* the system, and useful for analyzing its usability or acceptability. But it's not the whole story.
3-factor authentication paradigm obviously doesn't take into account whether the authentication material is treated as a secret or a shared-secret i.e. both biometrics and "something you know" can be implemented as either secret or "shared-secret" .... "shared-secret" tends to have copies of the authentication material in the possession of the relying party ... while "secret" tends to be an infrastructure where the relying-party can infer the existance of the "secret" by other characteristics. it is one of the reasons that the x9.84 biometric standard goes to great deal of description when biometrics are implemented as "shared-secrets" ... with the biometric templates stored at a central site.
3-factor authentication paradigm obviously also doesn't cover whether the authentication is direct fact-to-face or that the relying party is infering authentication taking place by the existance of other kinds of evidence. for instance, a relying party validating a digital signature with a public key will infer that the other party is in possession of the corresponding private key. the relying party may not have direct knowledge of the other party being in possession of the corresponding private key ... the relying party just infers it from the validation of a digital signature with the public key.
which then takes us back to your original response: > This is a rather bizarre way of defining things. "Something you have" > is a physical object. On the one hand, any physical object can > be copied to an arbitrary degree of precision; on the other hand, > no two physical objects are *identical*. So a distinction based > on whether a replacement is "identical" to the original gets > you nowhere.
ref: http://www.garlic.com/~lynn/aadsm19.htm#2 Do you Need a Digital ID? or http://www.mail-archive.com/cryptography%40metzdowd.com/msg03734.html
3-factor authentication paradigm obviously also doesn't cover all the sort of business rules that allow a relying party to infer something to be true ... even when they don't have direct evidence that it is true
aka for a public/private key infrastructure where the relying party
normally is inferring that the private key owner has in fact attempted to consistantly and reliably maintained the confidentiality and privacy of the private key and therefor its usefullness as part of any 3-factor authentication paradigm.
3-factor authentication paradigm might also help people designing and/or analysing authentication infrastructures. "something you know" operations may be some what more vulnerable to electronic sniffing, phishing, and/or information harvesting attacks. "something you have" hopefully are more resistant to electronic sniffing, phishing, and/or information harvesting attacks ... although the transmission of static data in non-face-to-face operations that allow the relying party to infer the possession of the "something you have" has been shown to be extremely vulnerable to skimming attacks (that enable the manufactor of counterfeit magstripe plastic cards). Obviously sniffing and skimming exploits involve very similar threat model.
One application would be to choose a multi-factor authentication implementation where the different factors represent countermeasure to different threats. A multi-factor authentication implementation, where the different factors are vulnerable to the same threats, doesn't provide a great deal of additional security. However, there are obviously a lot of variouscharactistics like
* face-to-face or non-face-to-face * direct evidence or inferring based on other evidence * static or non-static data * central store or remote inferrance * treat models * represents what kind of countermeasures * resistance to counterfeiting/impersonation * human factors
a difficult human factors has been the issue of "something you know" shared-secrets. shared-secret pin/passwords have had two kinds of guidelines 1) make it hard to guess (which tends to make it difficult to memorize) 2) different shared-secret for every security domain (where most institutions viewed that they were the only security domain, but in reality many people now are faced with scores of different security domains with scores of extremely difficult to remember shared-secrets).
lots of past posts on threats, vulnerabilities, exploits http://www.garlic.com/~lynn/subpubkey.html#fraud and lots of 3-factor authentication posts: http://www.garlic.com/~lynn/subpubkey.html#3factor and various past posts on general subject of designing high-assurance systems http://www.garlic.com/~lynn/subpubkey.html#assurance
we have somewhat viewed assurance and high-availability as similar ... where a system needs to be resistant to all kinds of failures ... regardless of whether they were failures due to attacks/exploits or just plain simple failures. it is part of building real, industrial strength infrastructures .... misc. posts on our high-availability project/product
http://www.garlic.com/~lynn/subtopic.html#hacmp
i have some ancient archived thread abouts (remote) 2-factor authentication where plastic card is used with biometrics in place of pin/password ... and the counter-argument was that they could show biometrics was easier to counterfeit than pin/password .... ignoring the fact that 30 percent of the audience that biometrics were being offered to, routinely wrote their pin on their plastic card. it wasn't part of the institutional design. Futhermore, the issue of having a 2nd factor
(pin/password or biometric) was supposedly a countermeasure for the lost/stolen card threat. It was fairly trivial to show (regardless of the theoritical strength of the particular biometrics versus an ideal pin/password) that it would be more difficult to counterfeit the biometrics than it would be for an criminal to utilize a pin/password written on a lost/stolen card. ... refs:
http://www.garlic.com/~lynn/99.html#165 checks (was S/390 on PowerPC?)
http://www.garlic.com/~lynn/99.html#172 checks (was S/390 on PowerPC?)
http://www.garlic.com/~lynn/aadsm10.htm#bio2 biometrics
http://www.garlic.com/~lynn/aadsm10.htm#bio3 biometrics (addenda)
http://www.garlic.com/~lynn/aadsm10.htm#bio6 biometrics
http://www.garlic.com/~lynn/aadsm15.htm#36 VS: On-line signature standards
http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security requested
http://www.garlic.com/~lynn/2002g.html#72 Biometrics not yet good enough?
http://www.garlic.com/~lynn/2002h.html#6 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#8 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002h.html#41 Biometric authentication for intranet websites?
http://www.garlic.com/~lynn/2002o.html#62 Certificate Authority: Industry vs. Government
http://www.garlic.com/~lynn/2002o.html#63 Certificate Authority: Industry vs. Government
http://www.garlic.com/~lynn/2002o.html#64 smartcard+fingerprint
http://www.garlic.com/~lynn/2002o.html#65 smartcard+fingerprint
http://www.garlic.com/~lynn/2003o.html#44 Biometrics
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
