Hitoshi Kokumai

2年前 · 2 分の読書時間 · visibility ~10 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Blockchain solutions offered without a reliable user authentication don’t make much sense, do they?

When we say ‘This door is weak’, it could mean ‘The door panel is weak’ and ‘The lock/key system is weak’.  The blockchain technology could indeed help make a strong door panel, but it alone could never make a substitute to a reliable lock/key system.

Blockchain solutions offered without a reliable user authentication don’t make much sense, do they?

Well, for the most reliable lock/key system for cyberspace, i.e., digital identity authentication, there must be three prerequisite

First of all, identity assurance with NO confirmation of the users volition would lead to a world where criminals and tyrants dominate citizens. Democracy would be dead where our volition was not involved in our identity assurance. We must be against any attempts to do without what we remember, recognize and feed to login volitionally.

Secondly, mathematical strength of a security makes sense so long as the means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s edible.

Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be displaced by the likes of ‘User ID’. I mean, we should be very careful when using biometrics for the purpose of identity authentication, although we don’t see so big a problem when using biometrics for the purpose of personal identification.

Identification is to give an answer to the question of “Who are they?”, whereas authentication is to give the answer to the question of “Are they the persons who claim to be?” Authentication and identification belong to totally different domains.

We know that the password is an indispensable factor for multi-factor schemes and that the security of password managers and single-sign-on schemes needs to hinge on the reliability of the master-password. Biometrics, which relies on a backup password, can by no means be an alternative to the password,

The password as memorized secret is absolutely necessary. We must not accept any form of password-less login.

We might also need to look at the situation where we cannot rely on anything but the memorized secrets; emergencies.

What is practicable in a calm indoor environment is not necessarily practicable in the turbulent outdoor environment, although the reverse can be said. The difference would be most striking in the cases of battlefield and disaster recovery.

Can we take it for granted that the people in such panicky situations are holding the cards and tokens for their identity authentication?  

Can we be certain that the biometrics measures, whether static or behavioral, are practicable for the people who are injured or caught in panic?

It is the obligation of the democratic societies to provide the citizens with identity authentication measures that are practicable in emergencies.

Slide “Identity Assurance in Emergencies”.

Blockchain solutions for valuable information assets must come with the most reliable means of identity assurance.

thumb_up 関連性 message コメント
Hitoshi Kokumai

Hitoshi Kokumai

2年前 #2

Your heartening comment is very much appreciated.

Debesh Choudhury

Debesh Choudhury

2年前 #1

I agree - "We must not accept any form of password-less login" which is vulnerable and against our volition. The identity authentication system should also be practicable in case of emergencies .. Hitoshi Kokumai you raised important points.

その他の記事 Hitoshi Kokumai