party' for the communicating users and, using cryptographic binding methods

rules for the management of passwords, easily memorable words (and therefore 
easily cracked) will be preferred. Such practice tends to encourage re-use of easily 
memorized words for repeated uses. To get around the problem of too simple 
passwords or of identical passwords for access to diverse sites, we now have a 
single sign-on solution from Microsoft (Passport). Accordingly, a single access 
code will unlock a central password "vault" that will then automate authentication 
processes. Though the concept of a single access master password solves many of 
the problems noted above, it saddles the authentication process with the risk that if 
access to the Microsoft operated "vault" is compromised, all privacy becomes 
compromised[7]. 
The problems with smartcards 
Every time a person uses a smartcard, the implicit assumption is that the 
computer has not been compromised. The possibility always exists that the 
computer (or any other device implanted on the Net along the way) has been 
infected by a hidden software routine that exploits the user's identity after 
authentication has been accomplished. Because users authenticate themselves to a 
potentially compromised computer, they can never be secure in their subsequent 
computer transactions. Perhaps the greatest inhibition to the use of smartcards in 
electronic commerce is their variety. The chances of adoption of smartcards as the 
universal means for authentication of individuals in electronic commerce are nil. 
Access security requirements vary depending on the severity of risks and local 
circumstances. Therefore, a wide range of smartcard solutions is almost certain to 
persist. Technology obsolescence and proliferation will continue to inhibit the 
adoption of smartcards and reduce the applicability of this means for solving 
personal privacy issues. 
The problems with biometrics 
Certainly a fingerprint or iris scan can identify an individual. Unfortunately, 
the means for acquiring biometric records are neither convenient nor inexpensive. 
Even then, biometrical records will not result in a completely secure system. 

Obtaining a copy of an individual's biometrics can be trivial. I have seen two 
movies where a waitress lifted a fingerprint from a glass in a restaurant for 
nefarious uses. There are also devices that can capture iris images of a person 
walking within a few feet of a video camera (often behind a one-way mirror) so 
that it can be duplicated and used for illegitimate purposes. The real problem with 
biometrics is that once an individual's biometrics has been compromised, they are 
compromised for life and can never be trusted again. However, my most severe 
objection to biometrics as an authentication method is their reliance on a central 
database that contains the identifying graphic templates. If such database is 
compromised, then the biometrics of ALL users in the database are compromised 
for life. Voice recognition must be also considered as a potential authentication 
biometric. Unfortunately, the technology is as yet not sufficiently reliable, is 
expensive and difficult to implement. It also suffers from all of the disadvantages 
of having to rely on a central database for storing voiceprint templates. 

Download 0,5 Mb.

Do'stlaringiz bilan baham: