An updated version is available from 30/Aug/2022 at https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022
..................................................
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
<Reference URL>
- Video
90-second introductory video; Fend Off Cybercrime by Episodic Memory (4/Feb/2022) https://youtu.be/T1nrAlmytWE
90-second demonstration video: Mnemonic Gateways (10/Feb/2022)
https://youtu.be/0nNIU4uYl94
- Blog collections
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Biometrics Unravelled | password-dependent password-killer
https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
- Hitoshi Kokumai's profile
https://www.linkedin.com/in/hitoshikokumai/
Outcomes vs Outputs: How Outcome Driven Development Planning Changes EverythingChris Reynolds
As freelancers, developers and project managers working on a project, it’s easy to get blinded by outcomes. Tasks on a project are often defined by the specific thing that we expect to build or present to the client or customer. But what if our assumptions are wrong? Or the scope changes along the way? What if there was an easier way to produce a desirable, user-friendly end-product without specifically defining what that end-product is? (Spoiler: There is!) This talk will discuss how to shift your focus from outputs to outcomes and how that little mental shift, changes everything. Really!
Processing 3D images has many use cases. For example, to improve autonomous car driving, to enable digital conversions of old factory buildings, to enable augmented reality solutions for medical surgeries, etc. Also 3D images help in 3D modeling and safety evaluation of products.
3D image processing brings enormous benefits but also amplifies computing cost. The size of the point cloud, the number of points, sparse and irregular point cloud, and the adverse impact of the light reflections, (partial) occlusions, etc., make it difficult for engineers to process point clouds.
Moving from using hand crafted features to using deep learning techniques to semantically segment the images, to classify objects, to detect objects, to detect actions in 3D videos, etc., we have come a long way in 3D image processing.
3D Point Cloud image processing is increasingly used to solve Industry 4.0 use cases to help architects, builders and product managers. I will share some of the innovations that are helping the progress of 3D point cloud processing. I will share the practical implementation issues we faced while developing deep learning models to make sense of 3D Point Clouds.
Attendees: Beginners and Intermediate skilled in Image Processing and 3D Point Clouds
Profile of the speaker:
SK Reddy is the Chief Product Officer AI in Hexagon (www.hexagon.com). He is an AI and ML expert and a successful twice startup entrepreneur. He is an AI startup advisor too. Also he is a frequent speaker in conferences and is an AI blogger.
기술은 곁에 있다. 시험관 아기들이 많다 보니 쌍둥이들이 많이 늘어났다. 디지털 트윈은 현실과 똑같은 디지털 쌍둥이를 만들어 더 나은 현실의 결과를 만들어 낸다. 수집한 다양한 정보를 가상에서 분석하고 최적화하는 방안을 도출하는 지능형 융합기술이다. NASA, GE가 먼저 제품 설계부터 공장 운영 감시, 작업량 예측, 생산 손실 예측, 고장 진단/예측 등에 활용했다. 제조업뿐 아니라 다양한 분야에 적용할 수 있다. 핵심기술은 모사, 관제, 모의, 연합, 자율의 단계로 진행된다. 보건의료 분야에도 인구 집단 모델링으로 헬스케어 서비스를 개선하고 의료진의 치료에 관련된 의사결정을 개선한다. 환자를 컴퓨터 모델링으로 치료법을 사전 테스트하여 최적화 후 실제 적용한다. 막대한 시간과 돈이 투자되는 신약 개발 임상 실험에도 적용하여 합병증과 위험 부담 줄일 수 있는 대안을 만들어 낸다. 국내외 사례도 담았다.
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in United Kingdom for global operations, is a Start-Up as a corporation but it’s more than a Start-Up as a business entity. We set it up in order to globally expand what its predecessor named Mnemonic Security, Inc. started in Japan in late 2001.
We have a 20 years long pre-history of technology development, product making and commercial implementations with some US$1 million sales. Our champion use case is Japanese Army deploying our product on field vehicles since 2013 and still using it.
At MIS we are now going to help global citizens fend off cybercrime by their non-volatile episodic memory, with the values of democracy.
< Video Link >
Fend Off Cybercrime by Episodic Memory (90 seconds) https://youtu.be/T1nrAlmytWE
MnemonicGateways (90 seconds)
https://youtu.be/0nNIU4uYl94
High-Security Operation on PC for managers (4m28s)
https://www.youtube.com/watch?v=UO_1fEp2jFo
< Document Link >
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
This is a slide with script presented at Conference On Cyber Security In Financial Institutions by Banking Association of Central and East Europe on 24th February 2023 - https://baceeconference.com/cyber-security-conference/
The issues mentioned on P19 are discussed here - "More Issues on Digital Identity"
https://www.slideshare.net/HitoshiKokumai/more-issues-on-digital-identity-24feb2023
Outcomes vs Outputs: How Outcome Driven Development Planning Changes EverythingChris Reynolds
As freelancers, developers and project managers working on a project, it’s easy to get blinded by outcomes. Tasks on a project are often defined by the specific thing that we expect to build or present to the client or customer. But what if our assumptions are wrong? Or the scope changes along the way? What if there was an easier way to produce a desirable, user-friendly end-product without specifically defining what that end-product is? (Spoiler: There is!) This talk will discuss how to shift your focus from outputs to outcomes and how that little mental shift, changes everything. Really!
Processing 3D images has many use cases. For example, to improve autonomous car driving, to enable digital conversions of old factory buildings, to enable augmented reality solutions for medical surgeries, etc. Also 3D images help in 3D modeling and safety evaluation of products.
3D image processing brings enormous benefits but also amplifies computing cost. The size of the point cloud, the number of points, sparse and irregular point cloud, and the adverse impact of the light reflections, (partial) occlusions, etc., make it difficult for engineers to process point clouds.
Moving from using hand crafted features to using deep learning techniques to semantically segment the images, to classify objects, to detect objects, to detect actions in 3D videos, etc., we have come a long way in 3D image processing.
3D Point Cloud image processing is increasingly used to solve Industry 4.0 use cases to help architects, builders and product managers. I will share some of the innovations that are helping the progress of 3D point cloud processing. I will share the practical implementation issues we faced while developing deep learning models to make sense of 3D Point Clouds.
Attendees: Beginners and Intermediate skilled in Image Processing and 3D Point Clouds
Profile of the speaker:
SK Reddy is the Chief Product Officer AI in Hexagon (www.hexagon.com). He is an AI and ML expert and a successful twice startup entrepreneur. He is an AI startup advisor too. Also he is a frequent speaker in conferences and is an AI blogger.
기술은 곁에 있다. 시험관 아기들이 많다 보니 쌍둥이들이 많이 늘어났다. 디지털 트윈은 현실과 똑같은 디지털 쌍둥이를 만들어 더 나은 현실의 결과를 만들어 낸다. 수집한 다양한 정보를 가상에서 분석하고 최적화하는 방안을 도출하는 지능형 융합기술이다. NASA, GE가 먼저 제품 설계부터 공장 운영 감시, 작업량 예측, 생산 손실 예측, 고장 진단/예측 등에 활용했다. 제조업뿐 아니라 다양한 분야에 적용할 수 있다. 핵심기술은 모사, 관제, 모의, 연합, 자율의 단계로 진행된다. 보건의료 분야에도 인구 집단 모델링으로 헬스케어 서비스를 개선하고 의료진의 치료에 관련된 의사결정을 개선한다. 환자를 컴퓨터 모델링으로 치료법을 사전 테스트하여 최적화 후 실제 적용한다. 막대한 시간과 돈이 투자되는 신약 개발 임상 실험에도 적용하여 합병증과 위험 부담 줄일 수 있는 대안을 만들어 낸다. 국내외 사례도 담았다.
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in United Kingdom for global operations, is a Start-Up as a corporation but it’s more than a Start-Up as a business entity. We set it up in order to globally expand what its predecessor named Mnemonic Security, Inc. started in Japan in late 2001.
We have a 20 years long pre-history of technology development, product making and commercial implementations with some US$1 million sales. Our champion use case is Japanese Army deploying our product on field vehicles since 2013 and still using it.
At MIS we are now going to help global citizens fend off cybercrime by their non-volatile episodic memory, with the values of democracy.
< Video Link >
Fend Off Cybercrime by Episodic Memory (90 seconds) https://youtu.be/T1nrAlmytWE
MnemonicGateways (90 seconds)
https://youtu.be/0nNIU4uYl94
High-Security Operation on PC for managers (4m28s)
https://www.youtube.com/watch?v=UO_1fEp2jFo
< Document Link >
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
This is a slide with script presented at Conference On Cyber Security In Financial Institutions by Banking Association of Central and East Europe on 24th February 2023 - https://baceeconference.com/cyber-security-conference/
The issues mentioned on P19 are discussed here - "More Issues on Digital Identity"
https://www.slideshare.net/HitoshiKokumai/more-issues-on-digital-identity-24feb2023
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees.
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added.
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Bring healthy second life to legacy password systemHitoshi Kokumai
Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are.
More information at https://www.mnemonicidentitysolutions.com/
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This slide was used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password.
Business Dimension of Expanded Password SystemHitoshi Kokumai
We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
With billions of people suffering the same big headache, the problem to be addressed by our solution is huge, Substantial revenues will be expected for the business of providing the most practicable solution.
Please join us and support us for this nice exciting enterprise.
Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory"
https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...Hitoshi Kokumai
So long as the biometrics is backed up by a fallback password, irrespective of which are more accurate than the others, its security is lower than that of a password-only authentication. Then, we have to wonder why and how the biometrics has been touted as a security-enhancing tool for so long, with so many security professionals being silent about the fact.
It appears that we may have got some clues to this conundrum.
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password
System that accepts images as well as texts/characters.
This is the slide I used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
The current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters. But we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet.
Steps to Write an Essay about Yourself Pro Essay Help. Introduction About Yourself Essay Examples Sitedoct.org. 26 Example Of Essay Writing About Myself most complete - Writing. 009 Essay About Myself Example Img 1042 Thatsnotus. Myself Writer Essay : How to Write an Essay about Yourself to Hit the .... 006 Essay Example How To Write Narrative About Myself Poemview Co Me .... how to write an introduction about yourself for a college class .... 003 Examples Of Essay About Myself Sample Thatsnotus. 002 Self Introduction Sample Essay Example College Essays Application .... How to Write an Essay About Myself Pediaa.Com. 003 Essay About Myself Sample Introduction Thatsnotus. Essay Introduction Myself. 015 How To Write Ann Letter About Yourself Essay Myself Of Example .... how to write an interesting autobiography about yourself Archives .... About Myself Essay 500 Words - PHDessay.com. 500 Words Excellent Essay On Myself For Students. 007 Introduce
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Pushing the limits of ePRTC: 100ns holdover for 100 days
Fend Off Cybercrime with Episodic Memory
1. Fend Off Cybercrime by Citizens’
Non-Volatile Episodic Memory
with the values of democracy
29th July, 2022
Mnemonic Identity Solutions Limited
90-second introductory video
Hello,
Digital Transformation would be a pipe dream if it’s not supported by a practicable
means of identity authentication that is secure and yet stress-free, desirably giving us
joy and fun
I am Hitoshi Kokumai, advocate of ‘Identity Assurance by Our Own Volition and
Memory’. I’ve been promoting this principle for 21 years now.
Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in
United Kingdom for global operations, is a Start-Up as a corporation but it’s more than
a Start-Up as a business entity. We set it up in order to globally expand what its
predecessor named Mnemonic Security, Inc. started in Japan in late 2001.
We have a 20 years long pre-history of technology development, product making and
commercial implementations with some US$1 million sales. Our champion use case is
Japanese Army deploying our product on field vehicles since 2013 and still using it.
At MIS we are now going to help global citizens fend off cybercrime by their non-
volatile episodic memory, with the values of democracy.
Let me present a 90-second introductory video
2. Problem to Solve
Passwords are
Hard to manage
And yet, absolutely
necessary
Identity theft and
security breaches
are proliferating Critical problem
requiring valid and
practical solutions
2
1. We have a big headache. Passwords are hard to manage, and yet, the passwords
are absolutely necessary.
2. Democracy would be lost where the password was lost and we were deprived of
the chances and means of getting our own volition confirmed in having our identity
authenticated.
When authentication happens without our knowledge or against our will, it is a 1984-
like Dystopia.
3. Identity theft and security breaches are proliferating.
4. This critical problem requires solid and practical solutions.
3. Basics of Authentication Factors
‘Yes or No’ on feeding correct passwords and ‘Yes or No’ on presenting correct tokens
are deterministic, whereas biometrics which measures unpredictably variable body
features of living animals in changing environments is probabilistic.
It is practically impossible to compare the security of a strong or silly password with
that of a poorly or wisely deployed physical token even though both passwords and
tokens are deterministic,
Deterministic authenticators can be used on its own, whereas a probabilistic
authenticator would lose its availability when used on its own. Direct comparison of
something deterministic and something probabilistic would absolutely bring us
nowhere.
Deterministic authenticators can be used together in a security-enhancing ‘multi-layer’
deployment, whereas probabilistic authenticators can be used with another
authenticator only in a security-lowering ‘multi-entrance’ deployment unless we can
forget the availability as illustrated here.
Password, token and biometrics are ‘authenticators’, while two/multi-factor schemes,
decentralized/distributed digital identity, single-sign-on schemes and password
management tools are all ‘deployment of authentication factors’; We would obtain
nothing by comparing the former with the latter.
Well, removal of the password brings a catastrophic loss of security. It also makes a
grave threat to democracy. We will separately talk this issue later.
4. Volition and Memory
(1) Volition of the User
– with Self-Determination
(2) Practicability of the Means
– for Use by Homo sapiens
(3) Confidentiality of the Credentials
– by ‘Secret’ as against ‘Unique’
We are of the belief that there must be three prerequisites for identity assurance.
1. First of all, identity assurance with NO confirmation of the user’s volition would
lead to a world where criminals and tyrants dominate citizens.
Democracy would be dead where our volition was not involved in our identity
assurance. We must be against any attempts to do without what we remember, recall ,
recognize and feed to login volitionally.
2. Secondly, mathematical strength of a security means makes sense so long as the
means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s
edible.
3. Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be
displaced by the likes of ‘User ID’. I mean, we should be very careful when using
biometrics for the purpose of identity authentication, although we don’t see so big a
problem when using biometrics for the purpose of individual identification.
Identification is to give an answer to the question of “Who are they?”, whereas
authentication is to give the answer to the question of “Are they the persons who
claim to be?” Authentication and identification belong to totally different categories.
The answer for the former can only be given somewhere in between very probable and
very improbable, whereas the answer for the latter should given definitively ‘Yes,
accept’ or ‘No, reject’. Mixing the two up and we will see a very bad confusion.
5. What’s New?
The idea of using pictures has been around for two
decades.
New is encouraging people to make use of citizens’
non-volatile episodic image memories.
1, The idea of using pictures for passwords is not new. It’s been around for well more
than two decades, but the simple forms of pictorial passwords were not as useful as
had been expected. UNKNOWN pictures we manage to remember afresh are still easy
to forget or get confused.
Expanded Password System is new in that it offers a choice to make use of KNOWN
images that are associated with our autobiographic/ episodic memories, as you saw
earlier in the introductory video.
2. Since the images of episodic memory are not only Non-Volatile but also are the least
subject to INTERFERENCE of MEMORY,
3. it enables us to manage dozens of unique strong passwords without reusing the
same password across many accounts or carrying around a memo or storage with
passwords on it.
Furthermore, watching memorable images makes us feel comfortable, relaxed and
even healed.
6. Broader Choice
If only text and # are OK It’s a steep climb …
to memorize
text/number passwords
to lighten the load of
text passwords
to make use of
memorized images
3UVB9KUW
【Text Mode】 【Graphics Mode】 【Original Picture Mode】
Recall the remembered
password
Recognize the pictures
remembered in stories
Recognize the unforgettable
pictures of episodic memories
Think of all those ladders you have to climb in Donkey Kong ;-)
Low memory ceiling Very high memory ceiling
High memory ceiling
+ +
6
Shall we have a bit closer look at what it offers?
So far, only texts have been accepted for password systems. It was, as it were, we
have no choice but to walk up a long steep staircase.
With Expanded Password System, we could imagine a situation that escalators and
elevators are provided along with the staircase.
Where we want to continue to use text passwords, we could opt to recall the
remembered passwords, although the memory ceiling is very low,. Most of us can
manage only up to several of them.
We could opt to recognize the pictures remembered in stories where we want to
reduce the burden of text passwords. The memory ceiling is high, say, we would be
able to manage more and more of them.
Where we choose to make use of episodic image memory, we would only need to
recognize the unforgettable images, say, UNFORGETTABLE images. There is
virtually no memory ceiling, that is, we would be able to manage as many passwords
as we like, without any extra efforts.
7. Relation of Accounts & Passwords
Account A Account B Account C Account D
Account E,
F, G, H, I, J,
K, L-----------
Unique matrices of images allocated to different accounts.
At a glance you will immediately realize what images you
should pick up as your passwords for this or that account.
7
Being able to recall strong passwords is one thing. Being able to recall the relation
between accounts and the corresponding passwords is another.
When unique matrices of images are allocated to different accounts, those unique
image matrices will be telling you what images you should pick up as your password
for this or that account.
When using images of our episodic memories, the Expanded Password System will thus
free us from the burden of managing the relation between accounts and the
corresponding passwords.
8. Isn’t Episodic Memory Malleable?
We know that
episodic
memories can
change easily.
… But that doesn’t
matter for
authentication. It
could even help.
8
It’s known that episodic memories are easily changeable.
What we remember as our experience may have been transformed and not objectively
factual. But it would not matter for identity authentication.
What we subjectively remember as our episodic memory could suffice.
From confidentiality’s point of view, it could be even better than objectively factual
memories since no clues are given to attackers.
9. What
about
Entropy
‘CBA123’ IS
ABSURDLY WEAK.
WHAT IF ‘C’ AS AN
IMAGE GETS PRESENTED
BY SOMETHING LIKE
‘X4S&EI0W’ ?
WHAT IF ‘X4S&EIWDOEX7RVB%9UB3MJVK’
INSTEAD OF ‘CBA123’ GETS HASHED?
9
Generally speaking, hard-to-break passwords are hard-to-remember. But it’s not the
fate of what we remember.
It would be easily possible to safely manage many of high-entropy passwords with
Expanded Password System that handles characters as images.
Each image or character is represented by the image identifier data which can be of
any length.
1. Assume that your password is “CBA123”
2. and that the image ‘C’ is identified as X4s& eI0w, and so on.
3. When you input CBA123, the authentication data that the server receives is not
the easy-to-break “CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk”,
which could be automatically altered periodically or at each access where desired.
By the way, threats of 'visual-manual attacks on display’ are very different to
'automated brute force attacks’.
A figure of ’20-bit’, for instance, would be just a bad joke against automated attacks,
whereas it would make a pretty tall wall against visual-manual attacks on display.
10. A
Huge Improvement
• Password fatigue alleviated for all
• Better security for password-managers and SSO services
• Even better security for two/multi-factor authentications
• Less vulnerable security for biometric products
Backward-Compatible
• Nothing lost for users who wish to keep using text passwords
Enjoyable Login
• Get the images in your matrix registered. It’s easy and joyful.
10
What to Gain
Passwords are now both secure and stress-free.
People who enjoy handling images will gain both better security and better
convenience. The only extra effort required is to get these images registered; but
people already do that across social media platforms and seem to love it.
Then, huge improvement.
1 .Password fatigue would be alleviated for all.
2. Better security for password mangers and single-sign-on services.
3. Even better security for multi-factor authentications.
4. Less vulnerable security for biometrics.
5. And, It’s backward-compatible. Nothing would be lost for the people who wish to
keep using text passwords.
6. On top of all these gains, enhancing your passwords itself is now fun.
11. Typical Use Case
Japan’s Army adopted our
product for accepting ‘Panic-
Proof’ and yet ‘Hard-to-
Break’ credentials.
Japan Ground Self-Defense Force, aka, Army is using Expanded Password System for
authentication of the personnel who handle the encrypted data exchange between
commanders and field communications vehicles since 2013.
Some 460 licenses were offered to each field communications vehicle. With each
vehicle shared by multiple soldiers, the number of people who use our solution are
now supposed to be in many thousands.
The number of licenses increased more than 10-fold over the 9-year period of use from
2013. We humbly assume that they are well satisfied with us.
12. Client Software
for
Device Login
Applications Login
Image-to-Code Conversion
Server Software
for
Online-Access
2-Factor Scheme
Open ID Compatible
Data Encryption Software
with on-the-fly key generation
Single & Distributed Authority
Unlimited Use Cases
12
Applications of Expanded Password System will be found
Wherever people have been dependent on text passwords and numerical PINS,
Wherever people need some means of identity authentication, even if we still do not
know what it will be.
13. How We Position Our Proposition
The underpinning principle of Expanded Password System
will not go away so long as people want their own volition
and memory to remain involved in identity authentication.
13
It’s Legitimate Successor to Seals and Autographs
More on the Power of Citizens’ Non-Volatile Episodic Memory
Starting with the perception that our continuous identity as human being is made of
our autobiographic memory, we are making identity authentication schemes better by
leveraging the time-honored tradition of seals and autographs
The underpinning principle of Expanded Password System shall not go away so long
as people want our own volition and memory to remain involved in identity
assurance.
14. Competition or Opportunity
Password-managers, single-sign-on service?
Passwords required as the master-password: Opportunity.
Two/multi-factor authentication?
Passwords required as one of the factors: Opportunity.
Pattern-on-grid, emoji, conventional picture passwords?
Deployable on our platform: Opportunity.
Biometrics?
Passwords required as a backup means: Opportunity.
What can be thought of as competition to Expanded Password System?
1. Password-managers and single-sign-on services require passwords as the master-
password.
2. Two/Multi-factor authentications require passwords as one of the factors.
3. Pattern-on-grid, conventional picture passwords and emoji-passwords can all be
deployed on our platform.
4. Biometrics requires passwords as a fallback means.
As such, competition could be thinkable only among the different products of the
family of Expanded Password System.
By the way, some people claim that PIN can eliminate passwords, but logic dictates that
it can never happen since PIN is no more than a weak form of numbers-only password.
Neither can Passphrase, which is no more than a long password.
There are also some people who talk about the likes of PKI and onetime passwords as
an alternative to passwords. But it is like talking about a weak door and proposing to
enhance the door panel as an alternative to enhancing the lock and key.
15. Exciting Scenery of Digital Identity
What about “Passwordless” Authentication
“LOSS of Security Taken for GAIN of Security” -
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
We look tiny and sound feeble. They look massive and sound mighty. We are made of
logical fact-based non-flammable graphene. They are made of illogical fallacy-based
inflammable paper.
‘We’ mean the forces who advocate the digital identity for which citizens’ volition and
memory play a critical role, supporting the solid identity security and the values of
democracy.
‘They’ mean the forces who advocate the digital identity from which citizens’ volition
and memory are removed, damaging the identity security and the values of
democracy. Big names like GAFAM are found as part of the paper elephant, which
make them look really massive and sound extremely loud.
Whether looking tiny or massive, whether sounding feeble or mighty, it does not
matter. It’s fact and logic that decides the endgame. We will prevail in due course.
16. Launching Global Operation
Following experimental successes in Japan, we set up our global
headquarters as Mnemonic Identity Solutions Limited (MIS)
in United Kingdom in August 2020 -
https://www.mnemonicidentitysolutions.com/
With the sales of some US$1 million and a successful adoption by Japan’s military in
2013 at our Japanese entity named Mnemonic Security, Inc., we came to realise that it
will not be in Japan but the global market that decides the future of our endeavour.
We set up Mnemonic Identity Solutions Limited with British colleagues in UK in 2020
for launching the global operations.
17. First Global Project
“Mnemonic Gateways”
Leak-proof Password Manager
powered by citizens’
non-volatile episodic
image memory
90-second demonstration video
What if we come up with a password manager powered by citizens’ non-volatile
episodic memory?
It is ‘leak-proof’; the passwords, which are generated and re-generated on-the-fly by
our image-to-code converter from users' hard-to-forget episodic image memory, will be
deleted from the software along with the intermediate data when it is shut down.
The merits of episodic image memory enable us to easily handle multiple password
managing modules with multiple unique sets of images; it helps us avoid creating a
single point of failure.
Login to the software by picking up your registered images. When logged-in, a seed
data is generated/re-generated from the image data on the fly.
Select the account requiring a password from the account list and the software will
generate/re-generate a unique password for the target account and send out the user
ID and password to the login page.
Please watch a quick 90-second demonstration video. This makes the first product for
our global operations.
We will expect the revenue from the sales of high-security versions for tens of millions
of professional users, while offering a standard version to billions of global consumers
at no cost.
18. Goal
Make Expanded Password System solutions readily available
to all the global citizens –
rich and poor, young and old, healthy and disabled, literate and illiterate,
in peace and in disaster –
over many generations until humans discover something other than
'digital identity' for safe and orderly societal life.
Our mission is
1. to make Expanded Password System solutions readily available to all the global
citizens –
2. rich and poor, young and old, healthy and disabled, literate and illiterate, in peace
and in disaster –
3. over many generations until humans discover something other than 'digital identity'
for safe and orderly societal life.
19. There exists a secure and yet stress- free means of
democracy-compatible identity authentication.
That is Expanded Password System
Thank You for Your Time
Hitoshi Kokumai
Founder & Chief Architect
Mnemonic Identity Solutions Limited
Profile https://www.linkedin.com/in/hitoshikokumai/
hitoshi.kokumai@mnemonicidentitysolutions.com
kokumai@mneme.co.jp 19
As such, there exists a secure and yet stress free means of democracy-compatible
identity authentication. That is Expanded Password System
2. Thank you very much for your time.
20.
21. Some More Topics on Digital Identity
1
Cryptography for Digital Identity
Impact of AI and Quantum-Computing
2-Channel Expanded Password System
Secure Brain-Machine-Interface
Hybrid Text Password
More on “Passwordless” Authentication
More on “Biometrics” Authentication
Transparency and Integrity
25th July, 2022
Mnemonic Identity Solutions Limited
Let me discuss some more topics on digital identity. It may well tell much more about
the very broad scope of our business operations.
They are
Cryptography for Digital Identity
Impact of AI and Quantum-Computing
2-Channel Expanded Password System
Secure Brain-Machine-Interface
Hybrid Text Password
More on “Passwordless” Authentication
More on “Biometrics” Authentication
Transparency and Integrity
22. Cryptography and Digital Identity
Protection by cryptography can’t be above protection by login credential
Shall we consider a very typical case that a message is encrypted by a cryptographic
module that can stand the fiercest brute forces attacks for trillions of years, while the
digital identity of the recipient who is to decrypt the encrypted message is protected
by a password that a PC can break in a matter of hours or even minutes?
Protection by cryptography can’t be above protection by login credential, passwords in
most cases. The lower of the two decides the overall protection level.
This observation urges us to make the secret credentials the most solid and reliable
where the data to protect is classified. Here we propose that we can make use of
operators’ episodic memory that is firmly inscribed deep in their brains for their secret
credentials.
23. Impact of AI and Quantum Computing
https://aitechtrend.com/quantum-computing-and-password-authentication/
In its publication in autumn 2021 USA’s NSA said “We ‘don’t know when or even if’ a
quantum computer will ever be able to break today’s public-key encryption”
In view of that observation, in an article “Quantum Computing and Password
Authentication” I wrote
“Let us assume, however, that quantum computing has suddenly made a quantum leap
and becomes able to break today’s public key schemes. Would we have to despair?
We do not need to panic. Bad guys, who have a quantum computer at hand, would
still have to break the part of user authentication, that is NOT dependent on the public-
key scheme, prior to accessing the target data, in the normal environment where
secret credentials, that is, remembered passwords, play a big role.”
My article , published in early October 2021, became the ‘most trending’ at NY-based
aiTech Trend in February 2022 and still retains that status.
This phenomenon probably tells much on how concerned artificial intelligence people
are about the issue of passwords and identity assurance with respect to the
uncontrolled progress of AI and Quantum Computing.
24. 4
2-Channel Expanded Password System
Using physical onetime tokens is said to be more secure than using phones for
receiving onetime code via Short Message Service as one of the two authentication
factors. However, the use of physical tokens brings its own headache. What shall we
do if we have dozens of accounts that require two factor schemes?
Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens
across dozens of accounts? The former would be too cumbersome and too easily
attract attention of bad guys, physically creating a single point of failure, while the
latter would be very convenient but brings the similar single point of failure in another
way.
Well, what if random onetime numbers or characters are allocated to each image on
the matrix shown on a user’s second device. Recognizing the registered images, the
user will feed these numbers or characters on a main device. From those onetime
data, the authentication server will tell the images that user is supposed to have
registered as the credential.
All that is needed at the users’ end is just a web browser on a second device. With all
different sets of images for all different accounts, a single phone can readily cope with
dozens of accounts without creating a single point of failure.
This is not a hypothesis. We actually have a use case of commercial implementation.
25. Secure Brain-Machine-Interface
Ask the users to focus their attention
on the numbers or characters given to
the registered images.
A simple brain-monitoring is vulnerable to wiretapping.
The monitoring system will then collect the brain-generated onetime signal
corresponding to these numbers or characters.
5
Random numbers or characters allocated to the images.
Neuro signals are monitored via a separate channel.
A simple brain-monitoring has a security problem. The data, if wiretapped by
criminals, can be replayed for impersonation straight away. The monitored brain
data should be a onetime disposable code.
An idea is that the authentication system allocates random numbers or characters to
the images shown to the user. The user focuses their attention on the numbers or
characters given to the images they had registered.
The monitoring system will collect the brain-generated onetime signals corresponding
to the registered images. Incidentally, the channel for showing the pictures is
supposed to be separated from the channel for brain-monitoring.
Even if intercepting successfully, criminals would be unable to impersonate the user
because the intercepted data was onetime and disposed upon use.
26. Hybrid Text Password
Factor 1 – Password Remembered
(what we know/remember)
Factor 2 – Password Written Down or Physically Stored
(what we have/possess)
6
Effect - A ‘boring legacy password system’ turning into a no-cost
hybrid password system made of ‘what we know’ and ‘what we
have’.
The problems that are caused by ‘hard-to-manage’ passwords will be drastically
mitigated when we come up with “Mnemonic Gateways” password manager driven by
Expanded Password System (EPS) and other EPS-based solutions with which the secret
credentials for login can be generated and re-generated from non-volatile citizens
episodic image memory.
While we have to wait for it to happen, we are suggesting a stopgap measure of
combining two kinds of passwords - one that we can easily remember and recall , with
the other that is truly random and complex for electronical storage on a device. When
in use, we recall and type the former and copy&paste the latter.
We call it ‘Hybrid Text Password’. It is not as safe and simple as remembering the
whole of it but much safer than storing the whole of it. But, would you be interested
to talk about the size of a cake that we know is not edible?
The hybrid password is what I myself have long been practicing for high-security
accounts that accept only text-passwords.
27. More on ‘Passwordless’ Authentication
Where removing the password increase security of digital identity, we would find such
picture at every ATM .
We would also hear “Remove the army and we will have a stronger national defense”
We could accept “Passwordless” authentication without losing sanity if it comes with a
transparent statement that it brings ‘better availability’ at the cost of losing security,
helping people where availability and convenience, not security, matters most.
The problem is that the “passwordless” promoters are adamantly alleging that the
passwordless schemes are to increase security, thus spreading a false sense of security.
The false sense of security is not only weakening the defence of democratic nations
from within when we have to cope with the yet increasing cybersecurity threats from
aggressive anti-democracy regimes, but also preventing global citizens from being
better prepared against the threats by making good use of the defence surface of the
password and its expanded developments.
28. More on ‘Passwordless’ Authentication
(1) Password-less + nothing else; the least secure
(2) Password-less + something else; securer than (1)
(3) Password + something else: point of arguments
(1) Token-less + nothing else; the least secure
(2) Token-less + something else; securer than (1)
(3) Token + something else: point of arguments
Let me try a breakdown of the passwordless concept.
(1) Password-less + nothing else; the least secure
(2) Password-less + something else; securer than (1)
(3) Password + something else: here is the point of arguments
By our criteria, the security increases from 1 to 3. However, by the “passwordless”
folks’ criteria, the security of (2) is viewed as higher than (3), presumably because an
attack surface of the password is removed in (2) whereas there is an attack surface on
the password in (3).
Well, let me try the same for “token-less” login.
(1) Token-less + nothing else; the least secure
(2) Token-less + something else; securer than (1)
(3) Token + something else: here is the point of arguments
By our criteria, the security increases from 1 to 3. However, by the “passwordless”
folks’ criteria, the security of (2) should be viewed as higher than (3) because an attack
surface of the token is removed in (2) whereas there is an attack surface on the token
in (3).
Did you find it fun or very worrying?
29. More on ‘Passwordless’ Authentication
The ‘passwordless’ promoters might have been trapped in a cognitive pitfall. From my
experience of debating with them, We suspect that there are three possible scenarios -
(1) They may have taken 'what is not good and helpful enough' for 'what is ‘bad and
harmful’.
(2) They may have failed to notice that a token, whether PKI-based or otherwise, also
carries the attack surface of being stolen or otherwise compromised.
(3) They may have assumed that a defense surface is a part of an attack surface in the
case of password.
We wish that the ‘passwordless’ folks had listened to our advice.
30. More on ‘Biometrics’ Authentication
10
30-second Video YouTube
Surprisingly many people are promoting, selling and adopting biometrics as a tool of
identity authentication without the basic knowledge of the very technology.
Get graphs to talk the nature of biometrics
- By nature, whether static or behavioural, all the biometrics technologies are
'probabilistic' since it measures unpredictably variable body features of living animals
in ever changing environments.
- False Acceptance and False Rejection are not the variables that are independent
from each other, but are dependent on each other.
- The lower a False Acceptance Rate is, the higher the corresponding False Rejection
Rate is. The lower a False Rejection Rate, the higher the corresponding False
Acceptance Rate.
- When a False Acceptance Rate is close to Zero, the corresponding False Rejection
Rate is close to One. When an False Rejection Rate is close to Zero, the corresponding
False Acceptance Rate is close to One.
- The presence of False Rejection, however close to Zero, would require a fallback
means against the False Rejection unless the user can forget the availability.
31. More on ‘Biometrics’ Authentication
This house has added a new door with biometrics with near-zero false acceptance
besides an old door with a weak password that the biometrics vendor ridiculed harshly.
The client asks “The new door looks very impressive. But why does the old door stay?”
The vendor replies “The new door rejects criminals so effectively that you might also
be rejected occasionally” Shortly thereafter, a burglar is delighted to utter “Very
convenient! I can attack both of the two”
As such, biometrics used with a fallback password brings down the security that the
password has provided. However powerful and influential the biometrics vendor may
be, like Apple, Google and Microsoft are, they cannot change this fact.
Incidentally, there would be nothing wrong in deploying biometrics with a
default/fallback password if vendors state transparently that the benefit of biometrics
used for authentication in cyberspace is ‘better availability’ obtained by sacrificing the
security that the password on its own somehow provides.
What is wrong is that they mislead the public to believe that it contributes to ‘better
security’, thus spreading a false sense of security and thereby weakening the defence
line of democratic nations from within when we have to face fierce cyberattacks from
adversaries of democracy.
32. Transparency and Integrity
Let me talk about the moral responsibility of those of us who have awoken
Firstly, It would not be very wise to get the defence line weakened from within when
facing formidable adversaries who are known to be making every effort to destroy the
values of democracy.
What I mean is the lack of transparency and integrity over the “passwordless” and
“biometrics” authentication schemes that quite a few security professionals and big IT
players are touting, as discussed earlier.
We have been trying to stay tenacious since we awoke to this consequential problem,
probably as one of the first few to have awoken to it.
We do not want to be among those who knowingly turn a blind eye to the ongoing
erosion of the democratic values due to a wrong design of digital transformation when
facing the dreadful democracy-destroyers.
Secondly, once we are awake to what role the power and merits of citizens’ non-
volatile episodic memory can play for solid digital identity, it cannot be an option for us
to be hesitant to press ahead proactively and energetically, especially in the current
perilous circumstances.
We would like to believe that our endeavour viewed as well the support of all the good
citizens.