TRIIBoy, you still don't get it. It works this way: You get a digital certificate issued to you by a certificate authority (CA), such as Verisign. Presently, these certificates are authenticated via passwords and/or tokens, and this link in the security chain is not any safer than present use of passwords and/or tokens.
The biometrics get substituted for passwords, etc., with the obvious advantage that they are non-repudiable (i.e., I can't say 'someone stole or guessed my password'). So the biometric information (it's not a fingerprint image, by the way, but a mathematically derived representation of elements of the fingerprint itself) is used by the sender to 'sign' the digital certificate that the CA has issued to that user. It's the combination of the digital certificate AND the digital signature that secure the transaction.
Now, if someone 'steals' the biometric, you get alerted by a report of that transaction (like you get alerted when someone uses your credit card). You notify the CA, who revokes the digital certificate -- it is now rendered unusable for all purposes -- and reissues you a different certificate, to which you can affix your same biometric signature. That combination is recognized as valid, and the old combination is recognized as stolen.
We can go on to other elementary lessons later if you want to continue this dialogue. But really, uninformed shorts are a long's best friend . . . so maybe I'll let you continue as you were, trusting in Wexler's three-minute investment decisions. |
