idea: brinworld meets the credit card

Eric Murray ericm at
Tue Jul 8 13:36:10 PDT 2003

On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote:
> Authentication is "Something you have / know / are."


> A picture glued into the card could be forged, but a
> smartcard (with more data area than a magstripe)
> could include a picture of the account holder,
> so a thief has no idea what to look like.  But the vendor can
> check the encrypted smartcard face to the face on the phone
> or webcam.  For high-value remote transactions, where you
> pay someone to check faces, this might be viable in a few years.
> In a few years after that, machines might be able to check faces
> more cheaply, as reliably.
> The live face-check with embedded digital photos is already standard
> practice
> on high-security building-entry cards (and passports?),
> with the guard comparing the card-embedded face to the one before him.
> Ubiquitous cameras will bring that face-check to remote transactions,
> reducing cost due to lower fraud.
> Thoughts?

How does it allow the merchant to view the picture
while preventing the thief from doing so?

Saying "it's encrypted" is, at best, sweeping a very large
problem under a small rug.  Who holds the key?  How
does the card or the user authenticate a real merchant vs.
a thief posing as a merchant?

Those are the hard problems.  No one in biometrics
has yet been able to solve them in a general way.


More information about the cypherpunks-legacy mailing list