Information Security News mailing list archives
Re: Info Security 'Teachers' Need More Learning
From: InfoSec News <isn () c4i org>
Date: Wed, 17 Oct 2001 03:08:20 -0500 (CDT)
Forwarded from: JohnE37179 () aol com In a message dated 10/15/01 4:02:54 PM, isn () c4i org writes: << privacy professionals appear unable to put the security and
privacy to-dos in the proper context for people who manage sensitive information. Why? Security people have never been known to distinguish
Says who? >> It seems to me that the "security experts" have consistently confused identification with authentication. All of the existing authentication technologies can be easily utilized to perpetrate identity frauds. In fact, they all enable identity frauds. There are three distinctly separate functions that are often overlooked. Identification: identifying someone's name (not simply accepting what you are told is someone's name). This is a very difficult process and the simple excuse is that this is a wet brain problem not suitable for the digital world. This is not true. Identifying a device or a thing or a password is not Identifying a person or user. Recognition: Have I seen this person before, whether or not I know his name. Biometrics do this well. Authentication: After being certain of a person's real identity (not necessarily the one he gives me) I can allow him an encryption key, PKI, enroll him with a biometric or password. All three functions must be performed for user security to exist. John Ellingson CEO Edentification, Inc. ||||# |||||| |||||| - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Info Security 'Teachers' Need More Learning InfoSec News (Oct 02)
- <Possible follow-ups>
- Re: Info Security 'Teachers' Need More Learning InfoSec News (Oct 15)
- Re: Info Security 'Teachers' Need More Learning InfoSec News (Oct 17)