Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Anne & Lynn Wheeler
December 7, 2006, 3:45 pm
Re: Patent buster for a method that increases password security
http://www.garlic.com/~lynn/2006w.html#4 Patent buster for a method that
increases password security
note that the purpose of disabling the account (as a fraudulent
transaction compromise), is paradigm where the account number has
frequently been the primary method of authentication i.e. knowning the
account number as "something you know" authentication ... from
3-factor authentication model
* something you have
* something you know
* something you are
aka you frequently see fraud compromise being dealt with by issuing a
new card which also carries a new account number (the old account
number having been flagged).
in the x9.59 standard, the paradigm is changed to transaction
authentication; and therefor it is no longer necessary to disable the
account number (as a fraud compromise countermeasure) ... it is only
necessary to disable the specific compromised authentication (i.e. say
specific lost/stolen card with its corresponding "something you have"
http://www.garlic.com/~lynn/2006v.html#26 Fighting Fraudulent Transactions
since all valid, authorized x9.59 transactions require the appropriate
incoming transactions are recognized as appropriately authenticated,
by the correct transaction authentication data, not by the account
- » HPSBUX02145 SSRT061202 rev.2 - HP-UX running Apache Remote Execution of Arbitrary Code, De...
- — Next thread in » General Computer Security