(keitai-l) Re: NTT DoCoMo Discloses Method to Obtain 503i Handset ID from Web Site

From: Renfield Kuroda <Renfield.Kuroda_at_morganstanley.com>
Date: 04/02/01
Message-ID: <3AC855E0.57AFCE67@morganstanley.com>
The bigger issue with this is it's a HANDSET Id -- like the serial
number under the battery -- not a USER id. I don't care about
authenticating the device, for security I want to authenticate the user.
It's a decent first-level filter, but it should not be used as the
end-all user authentication.
Also, when a user switches devices, the id # is different, no?

r e n


Reto Grob wrote:
> 
> http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/news/127130
> 
> The warning function is interesting for keeping some form of privacy [if it
> cannot be bypassed]
> 
> But I do not see it for enabling security:
> - There is no info on how the id is created, so it is possibly insecure.
> - Use your own i-appli micro browser and fake ids to access ...
> 
>   "...groupware or Web sites conducting online transactions, for
> authorization."
>   [text]
> 
>   happy m-trading! :)
> 
> Anyone thinking about the security of the id?
> 
> Reto,
> Hitachi CRL
> 
> [ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]

-- 
ascii:	r	e	n	f	i	e	l	d
octal:	\162	\145	\156	\146	\151	\145	\154	\144
hex:	\x72	\x65	\x6e	\x66	\x69	\x65	\x6c 	\x64

e-business technologies | engineering and strategy

"Connecting people, ideas and capital,
we will be the world's first choice
for achieving financial aspirations"

[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Mon Apr 2 13:26:38 2001