Panic ensued after the two bombs exploded near the finish line of the Boston Marathon. Runners lucky enough to escape without injury were left with the task of locating loved ones and letting others know that they were uninjured. This is a huge problem for a person who just ran 26 miles. Not only are they tired, but they do not have their cell phones (they leave personal items on the bus). Even if they did have a cell phone they would not have worked because the cell networks crashed due to all of the demand.
The city of Boston established a hotline for people to call. The thought being that the person on the other end of the line would have some information about the person you are looking for. With more than 25,000 runners, this is a huge task. Google set up a people-finder which in all intents and purposes functions like a message board or craigslist posting. Neither of these are good solutions.
I wonder why the RFID race chips were not used to solve this problem. The one item each runner did have with them was their race RFID chip. These chips are used to track runners at checkpoints along the course. With the internet, your friends and family can go to a website or receive text messages to know where you last checked in, at what time, how fast you were running, and when they should expect to see you at mile x / the finish line / etc.
Once the bombs went off race organizers or local businesses should have mobilized their people to provide check-in locations for runners. Surely the Boston Athletic Association could have moved some of their checkpoints (their RFID reader and power supply) to hubs within the city (North and South Stations, Boston Common, etc.). All check-ins would appear online as they had during the race. People searching for friends and family members could visit the same website they had been using all day long to know that 1) Their loved one checked-in after 2:50PM (after the blasts) and 2) They checked in at mile marker 22 with a note that could let the reader know that mile marker 22 was moved to North Station -->i.e., My loved one is OK and was at North Station at 3:20PM. That type of information would be incredibly useful to calm people down and to allow them to locate their friends and family.
I hope this becomes standard protocol should future attacks occur.
http://en.wikipedia.org/wiki/Radio-frequency_identification#Sports
Thursday, April 18, 2013
Friday, February 8, 2013
Solution to Identity Theft: Electronic Buried Treasure
Technologies: encryption, online banking, web hosting, password security, cloud computing
Identity theft never used to be a problem. It is the technologies and standard practices that we've employed that has led to this innovation.
We make it far to easy to steal an identity
Before online/remote banking the teller knew you by name and could verify your identity by memory. No such personal interaction is required today. We just have to input the correct information to get access to personal accounts. The main problems are we know exactly what information we need in order to gain access to the account (social security number, mother's maiden name, pin, etc) and we know exactly where to go to enter that information (bankofamerica.com, citi.com, chase.com, etc.). It's like parking a Ferrari in the ghetto and planning that no one will pick the lock.
My solution is to park your Ferrari in an undisclosed location, designing a custom key, and retaining all of the information on your person.
Back in the day people would bury their treasure. In order to steal this money, one would need to 1) know that such a treasure existed 2) know where it was buried (treasure map) and 3) traverse the desert/mountains/traps that stood in between the person and the treasure.
The closest approach employed today is a lock box. You must go to a bank, verify your identity, and enter a secure room to get at your belongings. It's like knowing that a treasure exists, having the map, and simply having to overcome the obstacles to get the reward. The problems with this is that you wouldn't keep currency in a locked box because it would lose value - you want your money working for you, not collecting dust. What we want is a digital lock box in a secret, and changing, location.
Solution: Imagine an infinitely large bank. You hold your money in a lock box in the bank. The beauty is that you get to determine where the lock box is located within this infinitely large bank. Additionally, you determine what type of 'key' is needed to open the box once it is located. Now if someone wants to steal your belongings they must know 1) that the box exists 2) where it is located within this infinitely large bank and 3) what type of key is used, and what that key is, to access the box. Much, much, much, much, much better than the current process.
So how do we do it? Use existing encryption techniques to pass secured web addresses between the user and the web server. After each time the box is accessed a new location is created and once again passed to the user. This special 'key' will exist on the user's phone/computer. In order to steal the money one would have to steal the phone/computer, know that the account existed (secret icon or hand gestures can exist to access it), know the special 'easter egg' password of slides, clicks, etc. and then know the username and password/passwords i.e., you would have to kidnap the victim in order to get at their account. This eliminates all remote thefts, and returns it to a person-on-person crime. BitCoins or other virtual currency can be used to further secure the funds.
Now I can enjoy all of the benefits of online banking with all of the security of old-fashioned banking. Make theft labor intensive and it will go away.
Identity theft never used to be a problem. It is the technologies and standard practices that we've employed that has led to this innovation.
We make it far to easy to steal an identity
Before online/remote banking the teller knew you by name and could verify your identity by memory. No such personal interaction is required today. We just have to input the correct information to get access to personal accounts. The main problems are we know exactly what information we need in order to gain access to the account (social security number, mother's maiden name, pin, etc) and we know exactly where to go to enter that information (bankofamerica.com, citi.com, chase.com, etc.). It's like parking a Ferrari in the ghetto and planning that no one will pick the lock.
My solution is to park your Ferrari in an undisclosed location, designing a custom key, and retaining all of the information on your person.
Back in the day people would bury their treasure. In order to steal this money, one would need to 1) know that such a treasure existed 2) know where it was buried (treasure map) and 3) traverse the desert/mountains/traps that stood in between the person and the treasure.
The closest approach employed today is a lock box. You must go to a bank, verify your identity, and enter a secure room to get at your belongings. It's like knowing that a treasure exists, having the map, and simply having to overcome the obstacles to get the reward. The problems with this is that you wouldn't keep currency in a locked box because it would lose value - you want your money working for you, not collecting dust. What we want is a digital lock box in a secret, and changing, location.
Solution: Imagine an infinitely large bank. You hold your money in a lock box in the bank. The beauty is that you get to determine where the lock box is located within this infinitely large bank. Additionally, you determine what type of 'key' is needed to open the box once it is located. Now if someone wants to steal your belongings they must know 1) that the box exists 2) where it is located within this infinitely large bank and 3) what type of key is used, and what that key is, to access the box. Much, much, much, much, much better than the current process.
So how do we do it? Use existing encryption techniques to pass secured web addresses between the user and the web server. After each time the box is accessed a new location is created and once again passed to the user. This special 'key' will exist on the user's phone/computer. In order to steal the money one would have to steal the phone/computer, know that the account existed (secret icon or hand gestures can exist to access it), know the special 'easter egg' password of slides, clicks, etc. and then know the username and password/passwords i.e., you would have to kidnap the victim in order to get at their account. This eliminates all remote thefts, and returns it to a person-on-person crime. BitCoins or other virtual currency can be used to further secure the funds.
Now I can enjoy all of the benefits of online banking with all of the security of old-fashioned banking. Make theft labor intensive and it will go away.
Subscribe to:
Posts (Atom)