Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: zeugma
Seems to me there is no pratical way to replace the SSN with a private key. It might be good as a password, but people would still need to have a unique user name or id.

Even if we had a chip that had a private key assigned at birth, and the chip malfunctioned, I don't think this would remedy the need for sometimes changing a person's key....it would just make it harder to change unless the chip could get a new key without surgery.

For hackers sooner or later would phish the private key of some wealthy people's chips. They would then have their own chips replaced with one that imitates the wealthy person's chip when they need it to, but reverts back to the one they are supposed to have at other times....which would be easier to do if there were a way to change the chip without surgery...they just need to figure out how the changer works or get their hands on one.

80 posted on 10/04/2017 12:09:44 PM PDT by AndyTheBear
[ Post Reply | Private Reply | To 69 | View Replies ]

To: AndyTheBear
Even if we had a chip that had a private key assigned at birth, and the chip malfunctioned, I don't think this would remedy the need for sometimes changing a person's key....it would just make it harder to change unless the chip could get a new key without surgery.

Yup. The only way that I can think of would be to start with your DNA, and have a token generate time-based session keys that you'd use to authenticate against a central database. Of course, that requires the government having a sample of every single person's DNA in a database. (Big can 'o worms there) What would happen in the case of identical twins?

A perfect solution to this probably doesn't actually exist. I think you're ultimately going to have to go to something token-based. But you'd have to be able to guard against it being effectively a bearer instrument. i.e., if this person has this key, he is that person. You need at least two factor authentication.

Given data the government already has by virtue of the 'real-id' act, you could actually implement something like this. Take a digital hash of your fingerprint and use that as a part of the token. The other would be a passphrase or something similar. You could also tie it to a specific phone number that a temporary pin could be sent to.

The problem would be resetting any of this. Let's say that you burned your fingers so that your fingerprint has changed. How do you prove you are you? Or you lose your token. Now you have to go get a new one, and you need to authenticate to get it. Hopefully the fingerprint would do it, but if both were damaged at the same time somehow, authenticating will become much harder for you.

Needless to say the whole issue is really a big can of worms.

88 posted on 10/04/2017 1:18:26 PM PDT by zeugma (I live in the present due to the constraints of the Space-Time Continuum. —Hank Green)
[ Post Reply | Private Reply | To 80 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson