Perfect ID
There are various ways to identify users, the simplest of which is to enter a username and password.
Of course, in systems that manage your money, more stringent identification methods are required. For example, webmoney uses the ID, password, key file and sending a special code to the e-mail. All this together seems to be quite reliable, but does not exclude the possibility of compromising all levels of protection.
Internet banking is increasingly using tokens, special devices with an onboard processor that hold a private encryption key, which is technically impossible to retrieve from the device. At the time of identification, information from the bank enters the token, where it is encrypted with the private key and sent back to the bank, where it is decrypted with the public key, and then access is granted. The system is considered to be quite reliable, however, it is not perfect either - in the event of the theft of the token itself, an attacker can gain access to your money.
')
Is an identification system that can not be circumvented?
The idea is to integrate the biometric identifier on the retina and token.
Today there is already a technology that allows you to read information from the eye, even with the help of a mobile phone camera, i.e. It is in principle possible to create a relatively inexpensive device of similar biometric identification.
A device for reading information from the eye must be directly connected to the token so that the identification information is not transmitted over open or closed Internet networks where it can be intercepted.
The principle of operation of the token bundle and the identifier is simple - information from the identifier is transmitted to the token, where it is “glued” with information from the bank, encrypted with a private key, and then sent to the bank, where it is decoded by another, but also with a private key (to exclude the possibility of interception and compromising information about an eye on the Internet). Thus, the theft of the token itself and any passwords will not give the attacker access to the money. It is practically impossible to steal (count) information about the eye without the knowledge of the person himself (with the exception of violent methods, which, however, belong to the area of ​​personal security, and not to the field of personal identification). To protect against remote control of a computer that has already been authenticated (radmin, vnc, etc), you can enable reading information from the eye for each payment.
Ps. The idea at first glance is rather banal, but I haven’t yet met any practical implementations.
Pps. why not use fingerprints? one of the mythbusters shows how easy it is to forge fingerprints for electronic readers. It is also easy to fake information about the eye, but initially it is not so easy to get it without the knowledge of the person, and you can easily take a fingerprint from a glass, laptop, etc.
And what are the ideal identification methods that come to your mind?
Of course, in systems that manage your money, more stringent identification methods are required. For example, webmoney uses the ID, password, key file and sending a special code to the e-mail. All this together seems to be quite reliable, but does not exclude the possibility of compromising all levels of protection.
Internet banking is increasingly using tokens, special devices with an onboard processor that hold a private encryption key, which is technically impossible to retrieve from the device. At the time of identification, information from the bank enters the token, where it is encrypted with the private key and sent back to the bank, where it is decrypted with the public key, and then access is granted. The system is considered to be quite reliable, however, it is not perfect either - in the event of the theft of the token itself, an attacker can gain access to your money.
')
Is an identification system that can not be circumvented?
The idea is to integrate the biometric identifier on the retina and token.
Today there is already a technology that allows you to read information from the eye, even with the help of a mobile phone camera, i.e. It is in principle possible to create a relatively inexpensive device of similar biometric identification.
A device for reading information from the eye must be directly connected to the token so that the identification information is not transmitted over open or closed Internet networks where it can be intercepted.
The principle of operation of the token bundle and the identifier is simple - information from the identifier is transmitted to the token, where it is “glued” with information from the bank, encrypted with a private key, and then sent to the bank, where it is decoded by another, but also with a private key (to exclude the possibility of interception and compromising information about an eye on the Internet). Thus, the theft of the token itself and any passwords will not give the attacker access to the money. It is practically impossible to steal (count) information about the eye without the knowledge of the person himself (with the exception of violent methods, which, however, belong to the area of ​​personal security, and not to the field of personal identification). To protect against remote control of a computer that has already been authenticated (radmin, vnc, etc), you can enable reading information from the eye for each payment.
Ps. The idea at first glance is rather banal, but I haven’t yet met any practical implementations.
Pps. why not use fingerprints? one of the mythbusters shows how easy it is to forge fingerprints for electronic readers. It is also easy to fake information about the eye, but initially it is not so easy to get it without the knowledge of the person, and you can easily take a fingerprint from a glass, laptop, etc.
And what are the ideal identification methods that come to your mind?
Source: https://habr.com/ru/post/59779/
All Articles