idea: brinworld meets the credit card
ericm at lne.com
Tue Jul 8 13:36:10 PDT 2003
On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote:
> Authentication is "Something you have / know / are."
> A picture glued into the card could be forged, but a
> smartcard (with more data area than a magstripe)
> could include a picture of the account holder,
> so a thief has no idea what to look like. But the vendor can
> check the encrypted smartcard face to the face on the phone
> or webcam. For high-value remote transactions, where you
> pay someone to check faces, this might be viable in a few years.
> In a few years after that, machines might be able to check faces
> more cheaply, as reliably.
> The live face-check with embedded digital photos is already standard
> on high-security building-entry cards (and passports?),
> with the guard comparing the card-embedded face to the one before him.
> Ubiquitous cameras will bring that face-check to remote transactions,
> reducing cost due to lower fraud.
How does it allow the merchant to view the picture
while preventing the thief from doing so?
Saying "it's encrypted" is, at best, sweeping a very large
problem under a small rug. Who holds the key? How
does the card or the user authenticate a real merchant vs.
a thief posing as a merchant?
Those are the hard problems. No one in biometrics
has yet been able to solve them in a general way.
More information about the cypherpunks-legacy