when a fraud is a sale, Re: Rubber hose attack

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Mon Nov 5 13:36:09 EST 2001 

but in the financial case ... you don't have to identify them (aka their
DNA) ... you just match them and the account. absolutely no identity
needed. If i deposit a large sum of money and want to be the only person
authorized to transact on the account ... there is no need to present
identity cards at all (fake or otherwise). Supposedly, swiss bank accounts
have worked that way in the past .... totally authenticated transactions,
absolutely no identity. There are misc. other issue related to govs.
wanting valid identities involved ... but they are extraneous to the issue
of authenticating that the entity attempting to transact on the account is
actually the entity authorized to transact on the account. There can be a
extremely high level of confidence in an authentication system as to the
entity attepting a transaction is the entity authorized to do a transaction
and absolutely no identity information need to be involved. Identity
information may come into play with regard to financial accounts .... but
they can be totally extraneous to authenticating valid transactions.

In fact, one of the issues with regard to "relying-party-only" certificates
(mentioned in previous post)  was 1) institutions not wanting to take 3rd
party liability and 2) all identity information was totally eliminated from
the certificate ... leaving just the account number. This was specifically
because it was an invasion of privacy that extraneous parties (like
merchants) that the transaction might pass thru (and its end-to-end route)
might examine the information;  besides the identity information being
totally extraneous and superfulous. That is a separate issue from also
being able to show that just attaching such a credential was unnecessary,
superfulous, redundant and extraneous (futhermore a credential that doesn't
exist is even more private than a credential that has had all the
interesting information removed).




JohnE37179 at aol.com on 11/05/2001 11:15 AM wrote:


The real trick is identifying the person the first time. The person is a
stranger and the person trying to identify them couldn't tell a fake ID
from
a real one.

John







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list