« S(1) 7 Validation information | Main | S(1) 9 Records of provision of information »
December 12, 2004
S(1) 8 Security information
Security information
8 The following may be recorded in the entry in the Register for an individual
(a) a personal identification number to be used for facilitating the
making of applications for information recorded in his entry, and for facilitating the provision of the information;
(b) a password or other code to be used for that purpose or particulars of a method of generating such a password or code;
(c) questions and answers to be used for identifying a person seeking to make such an application or to apply for or to make a modification of that entry.
Posted by wtwu at December 12, 2004 01:26 PM
Trackback Pings
TrackBack URL for this entry:
http://www.spy.org.uk/cgi-bin/mt316/mt-tb.cgi/796
Comments
What is the point of having a "strong" Biometric based ID Card if there is going to be a "traditional" and therefore easily forged Personal Identity Number, password and challenge/response questions ?
Unlike Biometrics, these authentication methods could be used over the phone or via an internet web form, but then there is no assurance about the "Identity" of there person or computer program which is supplying the PIN or Password or Challenge/Response questions/answers.
What is the point of relying on Biometrics if you provide a weaker backdoor mechanism which can be used to get around the strong Biometric authentication ?
Posted by: wtwu at December 17, 2004 08:18 PM