 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Forwarded from: [EMAIL PROTECTED] In a message dated 10/15/01 4:02:54 PM, [EMAIL PROTECTED] writes: << privacy professionals appear unable to put the security and > privacy to-dos in the proper context for people who manage > sensitive information. Why? Security people have never been known > to distinguish Says who? >> It seems to me that the "security experts" have consistently confused identification with authentication. All of the existing authentication technologies can be easily utilized to perpetrate identity frauds. In fact, they all enable identity frauds. There are three distinctly separate functions that are often overlooked. Identification: identifying someone's name (not simply accepting what you are told is someone's name). This is a very difficult process and the simple excuse is that this is a wet brain problem not suitable for the digital world. This is not true. Identifying a device or a thing or a password is not Identifying a person or user. Recognition: Have I seen this person before, whether or not I know his name. Biometrics do this well. Authentication: After being certain of a person's real identity (not necessarily the one he gives me) I can allow him an encryption key, PKI, enroll him with a biometric or password. All three functions must be performed for user security to exist. John Ellingson CEO Edentification, Inc. ||||# |||||| |||||| - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.