Relying on an IP
An IP can opt to
provide tokens to
anonymous RPs
316 Identity Consumers
Bene?¬?ts of Using an IP
As mentioned in the sidebar ???What About the Attacks in the
Information-Storing Phase???? in Chapter 2, an organization can
lower its potential liability by not storing data that it doesn??™t
need to store. A particularly compelling case for this is the use of
credit history data. In some areas of the United States, potential
renters of a house or apartment give their prospective landlord
their Social Security Number, which the landlord uses to conduct
a credit check on the individual. The landlord makes the
decision to rent, in part, based on the contents of the credit report.
However, the landlord often doesn??™t securely dispose of
the Social Security Number; instead, it sits in a ?¬?le in the possession
of the landlord. If the landlord loses the ?¬?le physically due
to theft, carelessness, or neglect, or electronically because of
poor security measures, the result is the same??”the attacker has
secured one of the most fundamentally powerful identi?¬?ers that
exists in the United States. Potentially, all the rest of the data in
the ?¬?le could be of telephone-book-quality data, but with the
leak of just nine little digits, a nightmare begins for the renter,
and possibly for the landlord, too.
Pages:
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455