Posted by John Patrick on Dec 9, 2003 in
PKI 
On Tuesday morning I will be speaking at Inside ID in Washington, D.C. They are calling this conference a "Mega Show" because there will be dedicated sections of the exhibit hall branded to reflect the major tools used in modern identification solutions. These "shows within the show" include: Inside Identity Management,
Inside Digital Identity,
Inside Card Technology,
Inside Biometrics, and
Inside Document Security. I am extremely interested in the content of the show and will be reporting more on it later. My talk will be called "The Future Of The Internet: A Distributed Web of Trust". The
talk will be based on my views as expressed in a story in Network World where I wrote an 850 word summary, called "The Ultimate Internet".
Tags: identity, PKI, privacy, security
Posted by John Patrick on Dec 7, 2003 in
PKI 
Mention the word trust and many people immediately think of security. We hear so many negative questions about Internet security. Is it strong enough? What will happen to my credit card number? What about hackers? We would like to implement this or that application but we can’t because of ?security?. The list goes on. This is one area where some ?old fashioned? attitudes are actually healthy. Security is critical and needs to be taken very seriously — but not in a restrictive sense. In fact the question that business and government leaders should be asking is about how security on the Internet can become the enabler of global commerce, the enabler for enabling people to control the email they get, the enabler for more secure and efficient processing of healthcare information, and the enabler for trusted transcations. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 4, 2003 in
PKI,
Public Policy
Most websites now have privacy policies and it is a good idea to read them, especially if it is a company you have not done business with before. Some privacy policies amount to "We capture data about you and we sell it or give it to anyone we choose". Other companies have a policy like "We will always tell you if we are capturing your personal data. We will never give it away or sell it. If we want to use it in any way other than to fulfill an order or something you asked of us we will ask your permission first. We guard all data with extremely tight backup and security procedures to insure your data is never compromised". That is a good policy but how does a company insure they are actually complying with their own policy? (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 2, 2003 in
PKI
In a world where every computer is connected to every computer a lot of things are possible. Some of them are not pretty. Trust will become critical. Brands will become more important than ever because they will signal to us what level of trust we can expect. How will we know whether we can really trust a web site? Trust goes hand in hand with good security and privacy. Offering good security and a solid privacy policy will be the bare minimum but we will also follow how an e-business acts over time. What is their commitment? Do they listen to their constituencies? Do they respond to concerns about privacy and make things better? These actions will separate the good guys and the bad guys. (read more)
Posted by John Patrick on Dec 2, 2003 in
PKI From time to time I see an editorial or story suggesting that anonymity should not be allowed on the Internet. The motivation is usually associated with concerns over pedophilia. This is certainly an important concern but so are the concerns of some who feel they need to be anonymous. A battered wife or an alcoholic that are seeking help and finding it in discussion groups on the Internet have a very valid reason to be anonymous. We have to be careful that we don’t react to ?bad things? that happen on the Internet with a cry for regulation of the Internet. There are laws that address many ?bad things? and law enforcement agencies need to use the Internet more effectively as a tool to enforce the laws that already exist. This is happening but more needs to be done. What we do need is authentication and digital ID’s so that we can establish that we are who we say we are. Much more on this to come in the privacy series.
Posted by John Patrick on Dec 1, 2003 in
PKI 
Is it possible to be too secure? This morning I was working on a personal financial matter that required me to send some information to another person. The information was on a paper document and I did not have a machine readable version of it. I scanned the document and sent it via email as an eFax attachment. I first called the person to let them know that I would be sending the email. By making the call I was able to verify that the person was who they said they were and the person would then be able to expect the email and who it was coming from and what it contained. Five minutes later I got a call. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
