[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Auth]Re: Auth digest, Vol 1 #35 - 5 msgs
|
From: |
Fernando Ipar |
|
Subject: |
[Auth]Re: Auth digest, Vol 1 #35 - 5 msgs |
|
Date: |
Wed, 01 Aug 2001 09:07:10 -0300 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010701 |
This is my first post to the list, i've been meaning to ask this and now that
the subject has been
brought up i'll take the chance. How hard would it be to implement the auth
system using digital
certificates along with username & password ?. I know pgp signatures can be
used as an
alternative, but i'm interested in using a PKI, giving any provider the ability
to use it's
users certificates for authentication (for it's own services and other dotgnu
services).
I have experience in financial institutions providing some services on the
internet (account operations
such as balances and transfers, credit card balance check, etc) and the use of
digital certificates proved
to be very usefull more than once (if you base your authentication solely on
username/password, an internal leak
could easly lead into a disaster, if you use digital certificates and your CA
has reasonable levels of
security it is much harder for any potential attacker to exploit your system).
I would like to hear other's opinion on this matter, i know this probably isn't
an important issue for the
first release but it could be taken into account in the desing anyway.
best regards,
Fernando Ipar.
> Message: 3
> Date: Tue, 31 Jul 2001 09:05:44 +0700
> To: address@hidden
> From: Mige Harimurti <address@hidden>
> Subject: [Auth]Other than password
>
> --=======6E6F6CB9=======
> Content-Type: text/plain; x-avg-checked=avg-ok-C3C7A67; charset=us-ascii;
format=flowed
>
>
> Hi ...
> I'm working for biometric, focusing with fingerprint.
>
> Just keep open mind for some alternative way to 'login'.
>
> One of our business-partner developing some kind of e-commerce system with
> fingerprint device to authenticate the user.
>
> The end-user still have the option that he/she want to use the password or
> the fingerprint or both.
> There are some ways to get the 'fingerprint' data.
> - the encoded fingerprint, this is called minutiae data (couple hundreds
bytes)
> - The image of the fingerprint, depend on the sensor's resolution. Can be
> devided into some parts.
> These information can be 'a little' different time to time, due to the
> finger/sensor condition.
> The comparison process can be on the server or in the user side.
>
> My 2 cents.
>
> Regards,
> mige
>
> --=======6E6F6CB9=======--
- [Auth]Re: Auth digest, Vol 1 #35 - 5 msgs,
Fernando Ipar <=