http://www.afr.com.au/content/990312/inform/inform5.html
Placating the public's misconceptions
By John Davidson
The only thing really lacking about internet security is public
comprehension. Why is so much of the public so insecure about e-commerce,
when it's perfectly willing to do far more reckless things like turn their
TVs into answering machines for aliens? Maybe the fear is brought on by
the IBM TV ads, saying the net isn't safe (unless you buy IBM software).
Whatever's causing it, Eye Site believes web dread is largely misplaced.
Even with only the most basic level of security - the weak encryption
commonly used to secure the link between consumer and online merchant -
the internet is still just about the safest place to hand over credit card
details. But for some reason, people who gladly read their credit card
details out loud over the phone eschew the internet. It doesn't make
sense, as IBM says.
Still, we must pander to cyber-sissies, and so Eye Site has been looking
at new PC-based fingerprint authentication technology from the Lucent
spin-off, Veridicom.
Veridicom has produced a silicon chip that can tell who you are just by
pressing on the back of it. The idea is that users lock up their digital
certificates inside their PC or on their smartcard, so that they can only
be accessed by someone with their fingerprints.
Thus, any transaction done on the internet using the certificate must have
been done by the certificate owner, or at least by someone with the
owner's fingers. (Eye Site's suggestion: if someone steals your fingers,
cancel your cards.)
The interesting thing about this technology is not that it works - there's
been electronic finger print security technology on the market for years -
but that it works and it's expected to only add around $5 to the cost of a
PC.
At $5, there's no reason why it couldn't be incorporated on every PC or
every modem connected to the internet.There are of course privacy concerns
about standardising a biometric technology, but it is possible to roll out
a system where no-one except the PC's owner keeps a copy of the prints,
short circuiting any temptation the banks may have to pass those prints
onto Athena the Starwoman for analysis.
Will biometric technology make the internet a safer place? It hardly
matters. All we need is something that relieves public anxiety. If someone
could convince internet users that every PC had a secret number in it that
revealed their identity over the internet, that could work too. Only,
that's too ridiculous to contemplate.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Wed Mar 17 09:16:03 1999