For starters you would never be able to authenticate "the purchase"
with biometrics, unless "the purchase" has a fingerprint or other
measurable biological feature. Thus you are authenticating the user,
not the transaction. You can identify users using biometrics, however
this is even harder than authenticating users using the technology.
My main issues with your proposed scheme are, as far as I can imagine
it given your vague description, that if you use it for low value
transactions it's overkill, if you use it for high value it's
insufficiently secure for a variety of reasons. Result is that there is
no real need for it. So possibly you are just working on a marketing
exercise...
The truth is that physical possession of an object (phone, credit
card...) combined with proven knowledge of a secret value (like a PIN)
solves most problems today. But that may not be glamorous enough for
some.
Dirk
PS: Please quote properly
On Tuesday, Dec 3, 2002, at 12:00 Asia/Tokyo, Kenneth G. Mages wrote:
> I said what I meant. We are using biometrics to help identify users to
> cross reference other security measures for authenticating a purchase.
> Call it belts with suspenders.
Received on Wed Dec 4 03:52:36 2002