Interview: Andrew Fitz Gibbon
Discussion
Key: Keep the users' data on their sides.
Scenario 1: Direct verification of SSN
- A customer reserves a room in a hotel.
- The hotel requests for the their SSN.
- The hotel sends the SSN to the government for verification.
Problem: Risky to give out SSN
Untrusted |
Trusted |
Untrusted |
Hacker |
Customers <-> government |
Merchant |
- Sensative data stored by the merchants may be abused or hacked.
- Since customers do not trust merchants, the real SSN should be directly verified rather than handed over by the merchants.
Analogy: Credit card / mobile pay
-
Key Generate tokens
-
Problem: The merchants hold the credit card information, which is risky (similar to the aforementioned reasons for user data)
-
Solution: Mobile payment e.g. Apple Pay: Somehow trusted
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Solution applied on the SSN case
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Conclusion
Keep all data and purchase history on users' sides.
Third-party recommendation system (or run it locally) to process those.
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Questions raised
No motivation for the merchants (pay for service; can't hold the data as they do now) & customers (satisfied with current services; prefer convenience over security)
Resources
- No expert's export :(
- Password management company /open sources projects
- Data security
- RSA (company)
- Journal/conference: InfoSec, DevCon