Published: May 3, 2006 - 11:05am
I read that a remake of Miami Vice is coming this summer. South Beach is one of my favorite places but I was never a big fan of the TV series (or at least it seems cheesy in retrospect). In my opinion, To Live and Die in LA was a much better cops on a coast movie from the 80s. It dealt with Secret Service agents hunting down a counterfeiter. Of course they had lots of tricks to determine if a particular bill was real or not, although they seem a bit primitive compared to that ultra-violet scanner they have down at the local 7-11 now.
One thing that also strikes me is the challenge of how the authenticity of foreign currency can be confirmed. I often end up with an assortment of exotic bills after traveling and take them to one of those airport exchange places (what’s the word for usury in the foreign exchange world?). Unlike those movie secret service agents, I have no idea how the folks in the exchange kiosks can tell what is legitimate currency versus counterfeit. I assume they at least have books with pictures of what bill look like but it must be challenging.
The same challenge occurs in the electronic world. Its one thing to authenticate the identity of an individual in my own organization – I can easily access local revocation information to see if the user is still valid and I can look at the credential to ensure it reflects my own policies. However, checking a credentials issued by someone else is more tricky. Do I trust the credential issuer or, in more complicated scenarios, do I trust the party trusted by a party I trust? More simply, if A trusts B and B trusts C, does A trust C? Often that will depend on policies and an ability to verify the trust relationships between these parties.
Sounds complicated? It is. However, the idea is that people developing applications can rely on security products that do all the hard work for them. The application just needs to ask – do I trust this credential in this context – and the security technology figures it out. But it is complicated, and many products don’t get it right.
For this reason, the U.S. Federal Government (who has amongst the most complex security infrastructure) has implemented defined standards about how this should be done and sponsors the testing of products to certified compliance. Results are posted so that government agencies and other organizations can be confident in the products they choose. Its relatively new so more and more products will be appearing over time. Not everyone needs all the capabilities being specified, but it is reassuring to know that there are products that get it all right.
Bookmark/Search this post with:
| | | | | | | |
Aberdeen Group: The Insider Threat Benchmark Report & Strategies for Data Protection Learn key findings from 88 companies surveyed to determine the degree by which best-in-class organizations are utilizing a security solution to address the risk of the insider threat, also referred to as "data leakage" or "data loss prevention". Download the report now!
Top 10 Security Checklist for SOHO Wireless LANs Discover the ten simple steps SOHO users can take to secure their wireless networks.
Data Disaster Recovery For Small to Medium Businesses Discover the growing awareness within SMB community that business data is at risk and how online backup and recovery can protect your valuable server data from disaster.