Encryption Infrastructure
New ideas to secure the transmission and storage of data. Not the algorithms in side the encryption engines but more in the protocol and exchange of keys to pass trust.
Wednesday, March 9, 2011
Banks should replace FAX for authorization documents
I had a need to have my Fidelity broker wire me some money from my USA broker to my Thailand bank. To do this they need me to print a pdf form that they sent me over email that I need to fill out and sign and then FAX this to them to allow me have them tranfer the needed funds from there to here. I can't beleave in this day of age that this is the only method that can be used to verify and authorize a transaction. It seems like it should be so easy to provide the bank with my public encryption key that maybe I would have to FAX a starter form to them that contains the passphrase needed to use with my public key that I would also provide them a link to obtain. The bank should also provide me with the needed keys for me to verify them and they already do with the SSL public keys that all banks use on there web sites. So all that should be needed is for banks to add a port or just an application that would accept the input of customers encrypted package that could contain scanned documents with the needed signatures if needed. At some point soon we should progress to a point that a digital signature would be more trusted than a pen on paper one. with a simple smart card and a good passphrase to lock it should be one easy, cheap and secure method. The smart cards could also be replaced with a cell phone or any electronic computer like device that has the private PGP key and the needed software to create signatures and package encrypted messages and documents. It really seems like the International banking system is far behind. If they need any help I would be glad to show them how it could be done. And I would love to hear what methods you all have on how they could do it and how we can get them to do it sooner.
Tuesday, March 8, 2011
Remote On-line Encryption Keys for LUKS
I have devised a way to setup encrypted partitions that get their key from an on-line Internet source so that if a device was physically stolen such as a laptop, that the on-line key can be turned off and data contained in it would be kept safe. Do any other such documented methods exist using a luks encrypted partitions or other methods? The goal being you don't even need to login or even know the password to access an encrypted object. So a user client would not even notice any change at boot or operation on a moblile or fixed system even with auto login at boot and still have a secure system in the event of loss or stolen device event. Seem most looses are due to a lazy or careless users and admins. With this system after setup the user does nothing until the problem event happens. The files for this project can be found at: here
Subscribe to:
Posts (Atom)