Telephonic Credentials

Thread view:

Roedy Green - 25 Oct 2007 19:57 GMT

I think it would be nice if I could prove to someone on the other end
of the phone I am me, and demand they prove they are who they claim to
be.

It could be done by letting a modem kick in for a second to exchange
challenge phrases to be encrypted by identification certificate that
might include name, address, phone number, expiry date, company.

Then if some charity I donate to phone me, I can be sure it is them.

There are so many scams out there.

It might also be done by each of us contacting an Internet server.

Has anyone heard of such projects?

Signature

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

Reply to this Message

Daniel Pitts - 25 Oct 2007 22:34 GMT

> I think it would be nice if I could prove to someone on the other end
> of the phone I am me, and demand they prove they are who they claim to
[quoted text clipped - 11 lines]
>
> Has anyone heard of such projects?

I don't know about phone based security, but I know that the concept is
used in PGP and GPG.

Basically, you can ask the person to cryptographically sign something.
For instance, if they have a private key, and you have a public key
(which you know is theirs), ask them to encrypt a simple,
random-each-time value. Then verify that the trusted public key can
decrypt that value. This verifies that the caller has access to the
private key that matches the public key you tested.

Of course, you still have to be sure that the public key is the public
key of the entity you believe it is.

Actually, you can do the other way around too. Encrypt something with
the public key, ask them to decrypt it and tell you want it was.

Signature

Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>

Reply to this Message

Greg R. Broderick - 26 Oct 2007 00:49 GMT

> I think it would be nice if I could prove to someone on the other end
> of the phone I am me, and demand they prove they are who they claim to
> be.

http://en.wikipedia.org/wiki/Automatic_number_identification

Already there.

Signature

---------------------------------------------------------------------
Greg R. Broderick usenet200710@blackholio.dyndns.org

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------

Reply to this Message

Lew - 26 Oct 2007 06:09 GMT

>> I think it would be nice if I could prove to someone on the other end
>> of the phone I am me, and demand they prove they are who they claim to
[quoted text clipped - 3 lines]
>
> Already there.

That doesn't speak to identifying the participant, at least not until phone
numbers represent the unique subcutaneous transponder for each individual.

Signature

Lew

Reply to this Message

Roedy Green - 26 Oct 2007 13:06 GMT

>That doesn't speak to identifying the participant, at least not until phone
>numbers represent the unique subcutaneous transponder for each individual.

I elaborate on the project and how you might implement it at
http://mindprod.com/project/telid.html

Signature

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

Reply to this Message

Telephonic Credentials

Free Magazines