From: “Perry E. Metzger” <perry@imsi.com>
To: Jim Hart <hart@chaos.bsu.edu>
Message Hash: 123ac7dec66b329dba17d976e7a2b1f2bca51d84e820a1ed4099026dbe8ecef4
Message ID: <9409071251.AA22486@snark.imsi.com>
Reply To: <199409070814.DAA23167@chaos.bsu.edu>
UTC Datetime: 1994-09-07 12:52:11 UTC
Raw Date: Wed, 7 Sep 94 05:52:11 PDT
From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 7 Sep 94 05:52:11 PDT
To: Jim Hart <hart@chaos.bsu.edu>
Subject: Re: AIDs testing and privacy
In-Reply-To: <199409070814.DAA23167@chaos.bsu.edu>
Message-ID: <9409071251.AA22486@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain
Jim Hart says:
> Challenge: is a crypto protocol possible with the following
> properties: the doctor writes and signs the prescription,
> and it is not transferable, but the patient doesn't need to
> show ID to the pharmacist to fill the prescription?
> I don't want pharmacists, and whoever else they share the info
> with (insurance companies? investigators? potential blackmailers?),
> keeping track of what drugs I take.
It cannot be done. There is no way to prove that you didn't transfer
some cryptographic credential. The only way to know that you are you
is to check your credentials against unforgeable physical
characteristics. All such characteristics can be used to identify you.
On the other hand, I'll point out that a pharmacist has never asked me
for ID.
Perry
Return to September 1994
Return to “tcmay@netcom.com (Timothy C. May)”