Posted by John Patrick on Dec 26, 2003 in
PKI 
Another dimension of Trust has to do with standards. Because of standards, the Internet is the only thing I know of that works the same everywhere. Most things work differently in different parts of the world. The side of the road we drive on, the side of the car we drive from, the width of the railroad tracks, the plugs that we put in the wall; all work differently around the world. But not the Internet; it works exactly the same in every corner of the world. There are a lot of debates during the process while Internet standards are being developed but once published as a standard every vendor has an obligation to implement the standard. Most do. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 24, 2003 in
PKI
In “Too Secure?”, I described how a financial services company insisted that I use the fax machine to send them a document. Let’s contrast that process with how it might have worked using a public key infrastructure approach with the five security functions described in the last part of the Privacy And Trust series. We’ll look at each of the five elements. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 23, 2003 in
PKI
The most important benefit of a digital ID is authentication. Once digital IDs are more commonplace, you will no longer have to send your login ID and password over the Internet. Your password, passphrase, or biometric will go no further than your smart card, token, or your PC. Once you are authenticated, you will be able to authorize an encrypted exchange of digital data between your PC (or phone or other information appliance) and the other party. The result of the exchange is that both parties will be able to confirm that the other party is indeed who they say they are. If you provided biometric data the person will know not only that it was your ID but that it was actually you and not someone who may have ?borrowed? your login/password. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 22, 2003 in
PKI
In the near future most people will have a digital ID along with an accompanying biometric link such as a fingerprint, face print, voiceprint, iris or retina scan. The combination of digital ID and biometric will enable you to establish yourself as a completely unique person. At last you have the ability in the digital world to establish that you are who you say you are just as you can in the physical world! Step one is to get a digital ID from someone that knows for sure who you are and who is trusted by others as a reliable source for authenticating you. And who would this someone be? (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 20, 2003 in
PKI,
Public Policy
There was a cartoon by Peter Steiner in the July 5, 1993 issue of The New Yorker showing a dog at a PC speaking to another dog watching from the floor. The caption was, ?On the Internet nobody knows you’re a dog.? Very true and in fact nobody really knows for sure just who you are. Nor do you know who is at the other end of a chat session or e-commerce transaction either. Assuming success of the numerous technologies at the Inside ID conference in Washington, D.C. this week, we will soon have Digital IDs that will change this. There are many issues but has become urgent that we get digital ID’s in place for all of us (and for our servers and eventually for everything. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 16, 2003 in
PKI 
A number of readers were surprised to learn about phishing, and more than one suggested that I send the example to eBay. Actually, I am quite confident that eBay is on top of this issue. I suspect they scan continuously to find eBay fraud of all kinds — including phishing emails. eBay is an incredibly large and successful community for buyers and sellers and they have thought through all the aspects of the buying and selling processes. Any inhibitor to the growth of the community is something they are responsive too. Unfortunately, it is a constant battle to stay ahead of the fraudsters. Bob Safier shared with me an amazing fraudulent email that he received. (read more)
Tags: fraud, phishing, security, spam
Posted by John Patrick on Dec 14, 2003 in
PKI 
In the Inside ID Conference report (part 4) I mentioned "phishing" as one of the types of fraudulent activity that is happening on the Internet. Today I received an example personally. This is such a blatant example of fraud I hope and suspect that the Federal Trade Commission is taking swift action. I also hope sharing this here will make more people aware of this kind of sham, and I urge all to let their friends and families know. According to people at the conference I just attended, the positive response rate — people who actually provide their personal information to the phishers — is 30%. That is extraordinarily high compared to spam or legitimate advertising. (read more)
Tags: fraud, fraudulent, phishing, security, spam
Posted by John Patrick on Dec 9, 2003 in
PKI 
On Tuesday morning I will be speaking at Inside ID in Washington, D.C. They are calling this conference a "Mega Show" because there will be dedicated sections of the exhibit hall branded to reflect the major tools used in modern identification solutions. These "shows within the show" include: Inside Identity Management,
Inside Digital Identity,
Inside Card Technology,
Inside Biometrics, and
Inside Document Security. I am extremely interested in the content of the show and will be reporting more on it later. My talk will be called "The Future Of The Internet: A Distributed Web of Trust". The
talk will be based on my views as expressed in a story in Network World where I wrote an 850 word summary, called "The Ultimate Internet".
Tags: identity, PKI, privacy, security
Posted by John Patrick on Dec 7, 2003 in
PKI
Mention the word trust and many people immediately think of security. We hear so many negative questions about Internet security. Is it strong enough? What will happen to my credit card number? What about hackers? We would like to implement this or that application but we can’t because of ?security?. The list goes on. This is one area where some ?old fashioned? attitudes are actually healthy. Security is critical and needs to be taken very seriously — but not in a restrictive sense. In fact the question that business and government leaders should be asking is about how security on the Internet can become the enabler of global commerce, the enabler for enabling people to control the email they get, the enabler for more secure and efficient processing of healthcare information, and the enabler for trusted transcations. (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
Posted by John Patrick on Dec 4, 2003 in
PKI,
Public Policy
Most websites now have privacy policies and it is a good idea to read them, especially if it is a company you have not done business with before. Some privacy policies amount to "We capture data about you and we sell it or give it to anyone we choose". Other companies have a policy like "We will always tell you if we are capturing your personal data. We will never give it away or sell it. If we want to use it in any way other than to fulfill an order or something you asked of us we will ask your permission first. We guard all data with extremely tight backup and security procedures to insure your data is never compromised". That is a good policy but how does a company insure they are actually complying with their own policy? (read more)
Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb
