3-factor authentication paradigm obviously also doesn't cover whether the authentication is direct fact-to-face or that the relying party is infering authentication taking place by the existance of other kinds of evidence. for instance, a relying party validating a digital signature with a public key will infer that the other party is in possession of the corresponding private key. the relying party may not have direct
i.e. http://www.garlic.com/~lynn/aadsm19.htm#5 Do You Need a Digital ID?
one of the possible side-effects of applying 3-factor authentication paradigm ... and observing that
1) the verification of a digital signature is just a method of inferring the possession of a specific private key
2) the possession of a private key obviously (theoritically possible, but i know of not instances of people memorizing private keys) isn't "something you know" authentication and a private key isn't "something you are" authentication ... leaving it to be "something you have" authentication (aka in your possession)
3) private keys in their simplest form are just electronic bits that are relatively easy to copy
then in order for a private key to be useful in a "something you have" authentication, it follows fairly staight-forwardly that significant security procedures and countermeasures are required to prevent such copying (in order to provide some level of assurance that the assumed entity is consistantly and uniquely in possession of the specific private key).
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
