biometrics
P.J. Ponder
ponder at freenet.tlh.fl.us
Sat Jan 26 17:46:18 EST 2002
On 26 Jan 2002, Perry E. Metzger wrote:
>
> "cryptography at summitsecurity.org" <cryptography at summitsecurity.org> writes:
< . . . . >
> > C'mon, depending on "is-ness" is exactly the same cat-and-mouse game
> > as authentication technologies that depend on "have-ness" and
> > "know-ness" attributes.
>
> I have no idea what the heck you're talking about there. Perhaps you
> do, perhaps not.
< . . . . >
I took 'have-ness' to mean a token, smartcard, i-Button, little gizmo that
gens a new number every 60 sec, dongle, whatever; the thread being some
physical matter thing like a key. 'Know-ness' I ascribed to passwords,
passphrases, things that are known or can be divined from one's internal
resources; an epistemological sort of thing.
I have heard people say that security can be based on either a) something
that you know, b) something that you have, or c) something that you are;
usually I have heard this 'security-divided-into-three-parts' idea in the
preamble to a sales pitch for something from either b) or c).
Without think about it some more, I don't know whether to place the entire
notion of security controls based on biometric telemetry in with _pure_
bullshit like copy protection, watermarking, non-repudiation, tamper
proofing, or trusted third parties. Admittedly, there is a lot of
bullshit in the idea, I'm just not sure it is pure.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list