Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

At 10:41 PM +0200 10/23/04, Eugen Leitl wrote: >No, that's going to be the mobile phone. Certainly getting to be like Chaum's ideal crypto device. You own it, it has its own I/O, and it never leaves your sight. Cheers, RAH -- - R. A. Hettinga The Internet Bearer Underwriting Co

Re: Are new passports [an] identity-theft risk?

* Dave Emery: > Correct me if I am wrong, but don't most of the passive, cheap > RF or magnetic field powered RFIDs transmit maybe 128 bits of payload, > not thousands and thousands of bits which would be enough to include > addresses, names, useful biometric data and so forth ? Those that

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

At 9:30 AM -0400 10/25/04, Trei, Peter wrote: >If we're going to insist on dedicated, trusted, physical >devices for these bearer bonds, then how is this different >than what Chaum proposed over 15 years ago? I don't think that face to face will be necessary. It just means keeping control of your

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

Alan Barrett wrote: On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader

Re: Printers betray document secrets

Ben Laurie wrote: This only works if the marks are not such that the identity of the printer is linked to the marks (as opposed to being able to test whether a particular document was produced by a particular printer). To be really safe, I'd suggest going somewhere without surveillance cameras

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

On Sun, 2004-10-24 at 09:35 -0400, [EMAIL PROTECTED] wrote: > | [EMAIL PROTECTED] writes: > | > | >I'm pretty sure that you are answering the question > | >"Why did Microsoft buy Connectix?" > | > | The answer to that one is actually "To provide a > | development environment for Windows C

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[EMAIL PROTECTED] writes: >No need to buy a company just to use its product in your development shop. They're not "using it in their development shop", that's their standard development environment that they ship to all Windows CE, Pocket PC, SmartPhone, and XP Embedded developers (and include fr

Re: Are new passports [an] identity-theft risk?

At 06:11 AM 10/24/2004, Ian Grigg wrote: The questions would then be, what frequency do these things operate on, what power is required to power them up, and what power is required to ... power them down. Any radio guys around? There's an excellent RFID reference article at http://www.acmqueue.com

E-Vote Vendors Hand Over Software

Wired News E-Vote Vendors Hand Over Software By Kim Zetter? Story location: http://www.wired.com/news/evote/0,2645,65490,00.html 03:00 PM Oct. 26, 2004 PT In an effort to increase the integrity of next week's presidential election, five v

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

This is what I love about the Internet -- ask a question and get silence but make a false claim and you get all the advice you can possibly eat. OK, I (quite happily) stand corrected about why Microsoft bought Connectix -- it was cheaper given their extensive dependence on the Virtual PC product

Deadline extended to November 5th - Fourth Annual PKI R&D Workshop

--- begin forwarded text From: "Carl Ellison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Deadline extended to November 5th - Fourth Annual PKI R&D Workshop Date: Tue, 26 Oct 2004 21:00:01 -0700 Thread-Index: AcS72W7c3/cyBY4hSTyGnbNT4eKDuQ== Sender: [EMAIL PROTECTED] The deadline for p

US Bancorp teams up with VeriSign on banking security

>The bank will use VeriSign's Unified Authentication service to validate >and secure interactions with commercial banking customers, providing them >with a secure USB token that they must use when accessing services online. >Those tokens will hold a digital certificate that identifies the bearer

New 32-bit SIM Chip from STMicroelectronics

>The core includes dedicated DES (Data Encryption Standard) instructions >for Secret Key cryptography, and a fast Multiply and Accumulate >instruction for Public Key (RSA) and Elliptic Curve cryptography, plus a >CRC (Cyclic Redundency Check) instruction. A firmware cryptographic >subroutine libra

MCI set to offer secure two-way messaging with strong encryption

http://www.gcn.com/vol1_no1/daily-updates/27748-1.html MCI set to offer secure two-way messaging with strong encryption 10/27/04 By William Jackson, GCN Staff MCI Inc. will offer secure two-way messaging through its SkyTel Communications subsidiary next month, encrypting wireless text with the Adva

[Publicity-list] DIMACS Workshop on Mobile and Wireless Security

* DIMACS Workshop on Mobile and Wireless Security November 3 - 4, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under th

Europe opts for biometric passports

CNET News Europe opts for biometric pasports By Lars Pasveer http://news.com.com/Europe+opts+for+biometric+pasports/2100-1012_3-5429679.html Story last modified October 27, 2004, 5:56 PM PDT Ministers for European Union memb

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

-- R.A. Hettinga wrote: > [The mobile phone is] certainly getting to be like Chaum's > ideal crypto device. You own it, it has its own I/O, and it > never leaves your sight. Is there a phone that is programmable enough to store secrets on and sign and decrypt stuff? The ideal crypto device w

Re: MCI set to offer secure two-way messaging with strong encryption

> MCI Inc. will offer secure two-way messaging through its SkyTel > Communications subsidiary next month, encrypting wireless text > with the Advanced Encryption Algorithm. Note that they don't say it's "end to end" encryption: > Messages are encrypted between the device and an encryption server

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

At 03:31 PM 10/25/2004, Ian Grigg wrote: :-) It should be obvious.  But it's not.  A few billions of investment in smart cards says that it is anything but obvious. To be fair, the smart card investments I've been familiar with have been at least very well aware of the problem.  It didn't stop th

Palladiated Handheld Security Spec

EWeek 'Palladium' Echoes in New Handheld Security Spec October 27, 2004 By Mark Hachman Intel, IBM and NTT DoCoMo have released a specification to create a "trusted mobile platform," which appears to take the foundation of Mic