By
davebirch posted Jul 31 2006 at 9:43 PM
[Dave Birch] On his excellent blog, Jerry Fishenden (Microsoft's National Technology Officer UK) mentions chip and PIN security and talks about the recent press over Shell service stations not accepting chip and PIN cards (I bought petrol at a Shell garage in Woking today and had to sign for it) after fraudsters installed devices underneath the keypads that cached details of card numbers and PINs. Jerry correctly points out that this was about financial fraud, not identity fraud. But there are clearly ramifications for identity cards and if we're going to be responsible we need to tackle the public's concerns.
Technorati Tags: credit cards, debit cards, fraud, ID cards, payments
Continue reading "Shell game" »
By
davebirch posted Jul 26 2006 at 9:23 AM
There's a serious issue for debate right now. Simon Davies of Privacy International is getting a hard time in various parts of the blogsphere because he told IT Week that “I’ve believed for some months that a ‘white knight’ consortium from industry is needed. Companies that can see the benefits of the ID card idea should approach the government about effectively taking over the project.”
Technorati Tags: ID cards
Continue reading "Will industry rescue the identity card?" »
By
davebirch posted Jul 20 2006 at 6:33 PM
[Dave Birch] I was at a workshop last week with a whole bunch of other people to discuss possible architectures for a public sector sort-of entitlement card (I can't say what for as that would give it away, which I'm not supposed to do). I was really cheered to hear, quite unprompted, someone put forward the idea of pseudonymity as a way to balance some security and privacy issues. To hear the term introduced into a conversation at that level is, frankly, music to my ears.
Technorati Tags: internet, security
Continue reading "Pseudo's corner" »
By
davebirch posted Jul 17 2006 at 8:13 AM
[Dave Birch] A couple of years ago, Steve Pannifer and I wrote a paper about two-factor ("token") authentication pointing out that token authentication wasn't the solution to the general Internet authentication problem but just a first step on one potential roadmap to a solution. One of the reasons we gave was that token authentication is vulnerable to a "man-in-the-middle" (MITM) attack. Now this attack "in the wild" has been reported in the Washington Post.
Technorati Tags: authentication, banking, internet
Continue reading "Two-timing two-factor" »
By
davebirch posted Jul 12 2006 at 6:29 PM
[Dave Birch] According to Europe Information (which I can't link to online), the European Commission has decided to adopt the proposed technical specifications for biometric passports. This means that by June 2009, member states (except, of course, for the UK and Ireland because they have opted out of euro-border control stuff) must be issuing e-passports with an electronic chip embedded in them that contains two of the holders fingerprints as well as the facial image. The "Justice, Freedom and Security" Commissioner Franco Frattini unveiled the specifications on 28th June.
Technorati Tags: biometrics, e-Passports, security
Continue reading "Passport control" »
By
davebirch posted Jul 7 2006 at 4:45 PM
[Dave Birch] A recent global survey by Unisys found that 69% of Europeans supported the use of biometrics for identification purposes. This wasn't out of deep-seated concerns about security and a balanced, but informed, perspective on biometric technology: it was, frankly, because of laziness: 83% of those supporting biometrics cited convenience, not security, as their main reason for wanting the technology. The survey also found that rather than use PIN, ID cards or biometrics, one in 10 Asia-Pacific consumers would prefer to have a chip implanted in their body!
Technorati Tags: biometrics, contactless
Continue reading "Chip ’em all" »
By
Dave Birch posted Jul 6 2006 at 12:12 PM
[Jane Adams] I've been doing a bit of surfing around the topic of user centric identity and frankly I'm confused. I think I understand the benefits of the concept but ultimately it seems rather meaningless to me.
Continue reading "Puzzled" »
By
John Elliott posted Jul 3 2006 at 3:08 PM
I predict that 2007 will be a significant year for smart ID cards. This will be the year in which significant numbers of standardised smart ID cards will be available in interoperable form from a significant number of suppliers.
Continue reading "2007: the year of the smart ID card" »