|
|
Post by the light works on Jun 7, 2017 3:53:26 GMT
There was a conversation about why my brother carries what appears to be a thumb drive in his pocket.
his explanation is that there are three elements to a secure ID: Who you are, What you know, and What you have.
to detail, his statement is that if you are doing a miltiple element ID system, you can use three characteristics.
you can use a biometric identifier, which ranges from a photo ID badge to a retinal scan. (who you are)
you can use a password (what you know)
and you can use some form of key (what you have)
so the question is: would Who you know be a fourth element, or would that be just a low tech variant of who you are?
are there any other elements, or is the trio so broad that everything else is a variant of one or more?
|
|
|
|
Post by GTCGreg on Jun 7, 2017 6:04:46 GMT
There was a conversation about why my brother carries what appears to be a thumb drive in his pocket. his explanation is that there are three elements to a secure ID: Who you are, What you know, and What you have. to detail, his statement is that if you are doing a miltiple element ID system, you can use three characteristics. you can use a biometric identifier, which ranges from a photo ID badge to a retinal scan. (who you are) you can use a password (what you know) and you can use some form of key (what you have) so the question is: would Who you know be a fourth element, or would that be just a low tech variant of who you are? are there any other elements, or is the trio so broad that everything else is a variant of one or more? I'd say "who you know" is a fourth, independent element. For example, let's say you want access to a building. You would first be required to identify "who you are" using a finger print or retinal scan. Then you would be required to insert a physical key (what you have) and then enter a password or answer a security question (what you know.). The fourth requirement would be for someone else (who you know) to also enter their access data. |
|
|
|
Post by silverdragon on Jun 7, 2017 6:07:08 GMT
I would state that a spoken password is a verbal key, therefore, the two are the same thing.
However, who you are depends on someone else recognising you, recognising your "pass-Port", also knowing your Pass-Word, or having a lock that accepts the key.
Therefore, all may be summed up in one, in that whatever you have as an identifier, MUST match the set of conditions to be verified.
Therefore, all forms of identification, rely on a pre-set set of conditions to be verified.
In my work, I carry a Badge, the Av-Sec badge, its "enough" identification to allow me access to restricted airspace and buildings on "the tarmac" of airports.
But that relies upon it being recognised as "Valid", and yes it does have an expiry date, and no, it does not mean I am allowed to just any airspace, it is only the stuff 13ft above the ground that my Truck occupies... and I have to stick to approved traffic lanes as well. [..in some circumstances I am controlled by ATC in that I may not cross paths with aircraft?..]
Security depends on how much.
I also carry whilst working at one certain place a "Fob" that opens doors.
This is a passport password and key all in one, in that its a glorified thumb-drive accessed by blueteef that holds a revolving key [the code is changed frequently] to allow me access.
But I must also carry ID... they accept my own Av-Sec, but in some parts, I must also carry their own badge.
There are many more elements to security than you state, but I suppose, as you suggest, they are all sub-divisions of the same basic three subdivisions you outlined, but those are subdivisions of the base "predetermined" single form of ident.
|
|
|
|
Post by mrfatso on Jun 7, 2017 13:59:39 GMT
There was a conversation about why my brother carries what appears to be a thumb drive in his pocket. his explanation is that there are three elements to a secure ID: Who you are, What you know, and What you have. to detail, his statement is that if you are doing a miltiple element ID system, you can use three characteristics. you can use a biometric identifier, which ranges from a photo ID badge to a retinal scan. (who you are) you can use a password (what you know) and you can use some form of key (what you have) so the question is: would Who you know be a fourth element, or would that be just a low tech variant of who you are? are there any other elements, or is the trio so broad that everything else is a variant of one or more? I'd say "who you know" is a fourth, independent element. For example, let's say you want access to a building. You would first be required to identify "who you are" using a finger print or retinal scan. Then you would be required to insert a physical key (what you have) and then enter a password or answer a security question (what you know.). The fourth requirement would be for someone else (who you know) to also enter their access data. To give an example of " Who you Know ", I was trying to get money out of the ATM several years ago when a power cut caused the machine to lock out and swallow the card. I needed cash quickly but was not carrying other forms of ID with me at the time, fortunately the bank in the village had a staff member that had been a class mate of mine and personally vouched for the fact that I was who I said I was. |
|
|
|
Post by the light works on Jun 7, 2017 14:27:29 GMT
There was a conversation about why my brother carries what appears to be a thumb drive in his pocket. his explanation is that there are three elements to a secure ID: Who you are, What you know, and What you have. to detail, his statement is that if you are doing a miltiple element ID system, you can use three characteristics. you can use a biometric identifier, which ranges from a photo ID badge to a retinal scan. (who you are) you can use a password (what you know) and you can use some form of key (what you have) so the question is: would Who you know be a fourth element, or would that be just a low tech variant of who you are? are there any other elements, or is the trio so broad that everything else is a variant of one or more? I'd say "who you know" is a fourth, independent element. For example, let's say you want access to a building. You would first be required to identify "who you are" using a finger print or retinal scan. Then you would be required to insert a physical key (what you have) and then enter a password or answer a security question (what you know.). The fourth requirement would be for someone else (who you know) to also enter their access data. but the question is, is the "who you know, just verifying who you are, or are they a true fourth category? I suppose if access requires that an authorized person grant access - and they grant access to all persons who are otherwise approved, they count as a fourth category. similarly, in a situation where two people are required to complete an action, it would also count as who you know - this can range from a nuclear launch that requires two authorized personnel (who you are) to enter a password (what you know) and turn a key (what you have) simultaneously, to a check that requires two signatures to be valid, that adds a who you know to the list of elements. |
|
|
|
Post by the light works on Jun 7, 2017 14:33:27 GMT
I would state that a spoken password is a verbal key, therefore, the two are the same thing. However, who you are depends on someone else recognising you, recognising your "pass-Port", also knowing your Pass-Word, or having a lock that accepts the key. Therefore, all may be summed up in one, in that whatever you have as an identifier, MUST match the set of conditions to be verified. Therefore, all forms of identification, rely on a pre-set set of conditions to be verified. In my work, I carry a Badge, the Av-Sec badge, its "enough" identification to allow me access to restricted airspace and buildings on "the tarmac" of airports. But that relies upon it being recognised as "Valid", and yes it does have an expiry date, and no, it does not mean I am allowed to just any airspace, it is only the stuff 13ft above the ground that my Truck occupies... and I have to stick to approved traffic lanes as well. [..in some circumstances I am controlled by ATC in that I may not cross paths with aircraft?..] Security depends on how much. I also carry whilst working at one certain place a "Fob" that opens doors. This is a passport password and key all in one, in that its a glorified thumb-drive accessed by blueteef that holds a revolving key [the code is changed frequently] to allow me access. But I must also carry ID... they accept my own Av-Sec, but in some parts, I must also carry their own badge. There are many more elements to security than you state, but I suppose, as you suggest, they are all sub-divisions of the same basic three subdivisions you outlined, but those are subdivisions of the base "predetermined" single form of ident. it all breaks down. the spoken password is what you know - though if there is a voiceprint, it is also who you are. your av-sec badge is a what you have, but if it has your picture, it is also a who you are. and so on. not everything uses all three - my truck only has what you have if you want to drive it - anyone with a key can drive it; but it adds what you know to get into the back - because if you don't know the trick, the door latch doesn't work. |
|
|
|
Post by silverdragon on Jun 8, 2017 8:13:59 GMT
I'd say "who you know" is a fourth, independent element. For example, let's say you want access to a building. You would first be required to identify "who you are" using a finger print or retinal scan. Then you would be required to insert a physical key (what you have) and then enter a password or answer a security question (what you know.). The fourth requirement would be for someone else (who you know) to also enter their access data. To give an example of " Who you Know ", I was trying to get money out of the ATM several years ago when a power cut caused the machine to lock out and swallow the card. I needed cash quickly but was not carrying other forms of ID with me at the time, fortunately the bank in the village had a staff member that had been a class mate of mine and personally vouched for the fact that I was who I said I was. I had a similar experience needing Cash from my bank account which for some reason didnt want to recognise the same PIN number I had been using for YEARS.. [not any more, its changed since then?..] I went inside after the second attempt not wanting the machine to swallow the card. The branch phoned my old branch... [they had asked a few security questions like what was my home branch and did I have any other accounts.] "Can you describe him for me?" the answer came back quickly, 6'3" hair past his belt "Biker shaped" and wearing a Belstaff jacket. Maybe I had worn that jacket a few times when visiting my home branch... "Y...ask him what Jakie's [one of the desk clerks I knew well] favourite band is, if he says "Take that" and adds the words "And shove it", its him for sure...." They reset the pin for me, and had a new card sent out, because they expected the reason would be something like the card wasnt supposed to be banana shaped in the first place?.. I had sat on it, but it wasnt broken.... |
|
|
|
Post by the light works on Jun 8, 2017 13:40:14 GMT
To give an example of " Who you Know ", I was trying to get money out of the ATM several years ago when a power cut caused the machine to lock out and swallow the card. I needed cash quickly but was not carrying other forms of ID with me at the time, fortunately the bank in the village had a staff member that had been a class mate of mine and personally vouched for the fact that I was who I said I was. I had a similar experience needing Cash from my bank account which for some reason didnt want to recognise the same PIN number I had been using for YEARS.. [not any more, its changed since then?..] I went inside after the second attempt not wanting the machine to swallow the card. The branch phoned my old branch... [they had asked a few security questions like what was my home branch and did I have any other accounts.] "Can you describe him for me?" the answer came back quickly, 6'3" hair past his belt "Biker shaped" and wearing a Belstaff jacket. Maybe I had worn that jacket a few times when visiting my home branch... "Y...ask him what Jakie's [one of the desk clerks I knew well] favourite band is, if he says "Take that" and adds the words "And shove it", its him for sure...." They reset the pin for me, and had a new card sent out, because they expected the reason would be something like the card wasnt supposed to be banana shaped in the first place?.. I had sat on it, but it wasnt broken.... way back when I worked at the gas station, we had a kid who didn't have an ID, or a bank account, so he would go to the bank next door to cash his paycheck. one teller called the station to confirm his identity, and the boss told them, "skinny, wet, and dorky looking" (it was raining that day.) |
|
|
|
Post by c64 on May 22, 2018 19:34:29 GMT
The "Who you know" is very important for maximum security. Just play the game "Splinter Cell", biometric systems, pins and keys can be defeated. Someone watching the entire entrance area by CCTV can't be fooled by someone carrying an unconscious body.
Verbal keys and physical keys are not the same. You can copy a verbal key very easily just by listening. A physical key has to be stolen or copied. A good physical key can't be copied at all. The owner of the key must report missing it in time though.
|
|
|
|
Post by the light works on May 22, 2018 23:00:36 GMT
The "Who you know" is very important for maximum security. Just play the game "Splinter Cell", biometric systems, pins and keys can be defeated. Someone watching the entire entrance area by CCTV can't be fooled by someone carrying an unconscious body. Verbal keys and physical keys are not the same. You can copy a verbal key very easily just by listening. A physical key has to be stolen or copied. A good physical key can't be copied at all. The owner of the key must report missing it in time though. but is that (the splinter cell example) not just using a live person to augment your mechanical system? I think we agree that there is a possible element of who you know, but the question is the mechanics that differentiate who you know from merely having a living person confirm who you are. |
|
