Crítica Portuguesa


Memória futura

Artigo apontado no meu comentário original (em inglês), para bem da discussão e para memória futura:

Below is my comment to Bruce Schneier''s article in April''s CRYPTO-GRAM:

I, for one, support the idea of a National ID card, provided it _only_ aims at authenticating individuals, not in providing generic information on them.

I live in Portugal. The European (minus the UK) trend is to allow and to accept as natural the existence of National IDs. Even with biometric information. The problem, particularly in my country, is that several other documents are required for particular functions, like driving licenses, social security cards and IRS identification cards, some of them even asserting identity in some scenarios. Some actions even require multiple documents. This absence of information cross-reference creates several problems. For example, an address change has to be notified to several card issuing services.

I believe in a single ID replacing all the aforementioned ones, cross-referenced with context restricted information databases.

The sole function of that identity card would be to state that I am an unique person, with a particular address and a particular identifying number or code. No more, no less. All other information should reside in dedicated context restricted databases, allowing easier setting of information access privileges (ex: the IRS should only know my tax data, not my criminal record). The (for example, Smartcard enabled) ID would have my (State) digitally signed photo and digitally signed fingerprint and/or iris-print, allowing card-present, in-place, identity verification. The ID should also provide a State Certificate Authority signed digital certificate that would assert my identity if required to do so digitally. Naturally this CA would have to be created, and would only be has "strong" as the cryptographic algorithms behind it (to say the most)... But this, I believe, is still stronger than the existing scenarios.

This would, I believe, benefit the assertion of identity, with a several level impact, on for example, web transaction security, credit card fraud and ID forgery. Also, it would be an important step to reduce the "impedance mismatch" that exists between "social", and "digital" and/or "on-line" authentication and identity.
colocado por JLP, 13:04

0 Comentários:

Adicionar um comentário