Dinesh Shah wrote:
Someone raised the public disclose of birthday stating that
birthday/date is used for various verifications. But this is due to an
assumption that birthday/date is a Private info. However, this info is
already in public (you sure have friends with whom you share your
birthday/date? :-) ). People give their birthday/date info on-line at
many places. It is not really difficult to get some one's
birthday/date.
Hi Dinesh, may I add some thoughts, that user information is not what
the user is `willing' to disclose but what the user can be identified
with in case of an identity verification. This identity and its
attributes has to remain unchangable or indestructible over a lifetime.
Unless he goes in for plastic surgery like the tv serials.
To gather other unique info like digital photo, finger print,
retina/iris pattern, DNA will be very expensive. However, they can be
collected as and when required.
More than expense, if we are to use an attribute of an identity for
electronic verification, it has to be immediately verifiable. DNA?
We could otherwise classify it into 2 parts. One that is an
electronically verifiable one and will be entered into the secure id
card and the Other will be a medical record like DNA, that exists on a
secure central server as an additional data for more detailed
investigation. The first part would be used for day to day transactions
and the second part for criminal or other background investigations.
I agree. How about every individual carrying a simple plastic card
with basic info printed in human and machine readable format like
either bar code or RFID?
This card will be very easy to manufacture and replace. The card can
be manufactured in such a way to make it very difficult to make
duplicates/fakes.
Thats where you will need the `Something I have' and `something I can
prove' formula. If an ID card is stolen/duplicated, the thief still
cannot authenticate himself as he is not `him'. The only way is to
kidnap the card holder and make him authenticate, like some cases where
the thieves forced their victims to come to the unmanned ATM and
withdraw cash. So if we have the authenticating mechanism in a secure (
Govt.) location, then this possibility is also ruled out. Access to
important public buildings like railways, airports and other offices can
use this dual authentication where the card owner has to swipe his card
to verify it is original and electronically prove he is the guy in the
card. This can eliminate the possibility of staff members hand in glove
with criminals. A fake id will have no record on the system.
Regards,
Rony.
____________________________________________________
Yahoo! Photos is now offering a quality print service from just 7p a photo.
http://uk.photos.yahoo.com
--
http://mm.glug-bom.org/mailman/listinfo/linuxers
