5/5/2002 10:25:19 AM, "Steven T. Cramer" <[EMAIL PROTECTED]> wrote:
>With a Biometric Point of Sale system one could easily accept e-gold and >the end user would not feel as concerned about the theft of his or her >password. Given the current system one would have to enter their account >number and password and a spying eye, from say a security camera, could >monitor the keystrokes and steal such a password. > >A finger print is much more difficult to steal. And with the cost of a >Biometric system nearing $50 one could easily justify the cost based on >the savings from normal CC transaction fees. > >Any ideas on this? Interesting idea, but you'll get lots of resistance from people who distrust the government, and also from Christians, who have a good point when they say at some point you will not be able to buy or sell without "the mark". Just imagine what the government could do to you by simply "turning off" your ability to buy groceries. We need something that identifies your ACCOUNT without identifying YOU. I think we need to migrate toward something like the Cryptocard technology. This is basically the "one-time pad" cipher method, in which no permanent passwords are involved. Imagine that you have a piece of plastic called an "e-gold card" (or 1mdc, goldmoney, e-bullion, whatever). You swipe this card through the point-of- sale terminal and enter the card's 4-digit pin number. Perhaps your e-gold account number is stored on the card; perhaps not. If not, then you enter your e-gold account number, too. The POS terminal then sends your e-gold account number, the purchase amount, and the store's e-gold account number to the e-gold "Point-of-Sale Server". The e-gold server makes up a random number and issues it as a "challenge" to the card. The card runs the challenge number through some strenous mathematical formulas unique to that card, producing a "response" number. The POS terminal then resends the purchase details, along with the challenge- response pair, to the e-gold server. If everything looks kosher, the e-gold server makes the spend. With this technology, even someone watching the whole event on a surveillance camera does not have enough information to make fraudulent charges to your account. He might know your pin and even your account number, but without the physical card to map a challenge into a response, he is sunk. Even if the POS terminal had fraudulent SOFTWARE (i.e. a virus) installed on it, it would not help a digital thief get your money. The e-gold server would issue a new challenge each time, and without the card there is no way to come up with the correct response. I think this is much better than fingerprints. Who knows? Eventually someone might come up with a way to counterfeit your fingerprint. They could simply lift a print off your car door handle and transmit the print to some nifty thin-film printer. Then they wrap this film around their index finger and help themselves to your funds. In fact, I almost wish some black hat would invent this technology just so we could nail down the coffin lid on this fingerprint idea once and for all. ;) I suppose the biometrics people would then counter with GSR (galvanic skin response) detection, and the black hats would counter back with a new "sweaty oily film", etc. etc. like "Spy vs. Spy". But I really can't think of anything that could counter the one-time pad technology. Then again, I'm no expert on security. Any ideas? Regards, Patrick Chkoreff --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.