idea: brinworld meets the credit card
Major Variola (ret)
mv at cdc.gov
Tue Jul 8 12:16:36 PDT 2003
Authentication is "Something you have / know / are."
A simple plastic credit card + PIN provides the first two,
including a photo provides the third "something you are".
A face is more often checked than the readily forgable
signature, in live authentication.
But as cameras become ubiquitous
(e.g., in cell phones) some extra security could be obtained
for *remote* authentication by sending a trusted photo of the
account holder plus a live picture of the card user.
A picture glued into the card could be forged, but a
smartcard (with more data area than a magstripe)
could include a picture of the account holder,
so a thief has no idea what to look like. But the vendor can
check the encrypted smartcard face to the face on the phone
or webcam. For high-value remote transactions, where you
pay someone to check faces, this might be viable in a few years.
In a few years after that, machines might be able to check faces
more cheaply, as reliably.
The live face-check with embedded digital photos is already standard
practice
on high-security building-entry cards (and passports?),
with the guard comparing the card-embedded face to the one before him.
Ubiquitous cameras will bring that face-check to remote transactions,
reducing cost due to lower fraud.
Thoughts?
More information about the cypherpunks-legacy
mailing list