Verisign Develops Token for Age Verification

FirstTimeCaller writes "A Reuters article is reporting that Verisign in conjunction with an unnamed children's safety group, will release a USB token that can be plugged into a PC to verify the age and gender of a person participating in online chat rooms. According to the article, the token will be available free to students in a handful of schools this fall. School administrators will provide a list of students, with their ages and genders, and VeriSign will encode that information onto the tokens."

Re:Credit card ?

[Paleomacus]

Well when I was 15(in 1996) I was able to get a debit card that could be used for 'adult' verification. Doesn't seem like a very good system to me.

Re:Credit card ?

[acceleriter]

This is about making sure you're a kid, not that you're an adult. The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."

Besides the "problem" of pedophiles in "chat rooms" being completely overblown, this is probably just the precursor of some sort of infrastructure to eliminate anonymous browsing. And who wouldn't like a piece of selling a token for $20/year to anyone who wants to get any information from the Internet in 10 years?

www.isafe.org

[way2trivial]

see their site... they are the makers of the device

Re:Credit card ?

[oolon]

I recon a pedophile would be able to buy a token off a kid of a small ammount of money, if you were 12 and someone offered you 200 bucks for a silly bit of plastic someone gave you... I think there would be many takers.

The problem with all these ID shemes is aways tying the token to the right person until computers have mandated biometic id readers this is never going to work with remote computers.

Personally I think the best solution if for parents to take an interest in what their children are up to rather than seeing the internet as a why to keep them quiet. Someone will aways slip though the net, the best way for children to be kept safe is education, they need to know people lie, cheat, steal, and there are bad people in the world who would not think twice about killing someone else.

James

Re:Credit card ?

[Zeinfeld]

In most countries, credit card authentication was used to ensure one had reached the legal age... In which situations wasn't it enough, besides the goatse ?

The point of the token is to prove that you are a minor and thus should be allowed into kids only chat rooms.

The idea of the experiment is to see if the scheme is effective in keeping pedophiles and stalkers out.

Re:Right...

[Maestro4k]

• Better yet, how many kids will lose their tokens?

Not at the same time of course, but I'd bet at least 50%. I work for a school system and just yesterday we had about 8 kids get on the wrong buses and another 5 or so who were new bus riders and didn't know where they lived exactly. If they can't remember things as important as which bus they ride and house they live in we certainly can't expect them to keep track of a small USB token.

• Not to mention the possibility of the breaching of the privacy of minors.

That's the first thing I thought of myself. I work with the bus routing software and when I need to send copies of my databases to the company who makes it to debug a problem I have to make a copy and go through and change all the names to John Doe. I also can't send the whole file since the addresses can't be masked for debugging purposes. How sending an entire list of your kids with names, age and gender to Verisign can be legal is beyond me. AFAIK that would require signed consent from every single parent/guardian for every kid.

• On paper this sounds like a good way to protect children, but somehow I think the execution of the idea is not going to be as easy as Verisign and Co. think it might be.

Well there's the beauty of it from Verisign's standpoint. They don't have to worry about the execution, they just provide the tokens and authorization servers. The school systems get to sort out the mess from lost/stolen keys and what not. It'll just end up overwhelming the poor staff with more paperwork and problems than they already have to deal with.

Re:Credit card ?

[halowolf]

Doesn't seem like a very good system to me.

As these hapless victims could attest. You sir would be right. [keytlaw.com]

Re:Right...

[Delirium Tremens]

Who's going to run the betting pool on how many minutes it takes someone to crack the keys and modify the information?

Please go ahead. Here is their public key:

30 82 01 0a 02 82 01 01 00 dd 84 d4 b9 b4 f9 a7
d8 f3 04 78 9c de 3d dc 6c 13 16 d9 7a dd 24 51
66 c0 c7 26 59 0d ac 06 08 c2 94 d1 33 1f f0 83
35 1f 6e 1b c8 de aa 6e 15 4e 54 27 ef c4 6d 1a
ec 0b e3 0e f0 44 a5 57 c7 40 58 1e a3 47 1f 71
ec 60 f6 6d 94 c8 18 39 ed fe 42 18 56 df e4 4c
49 10 78 4e 01 76 35 63 12 36 dd 66 bc 01 04 36
a3 55 68 d5 a2 36 09 ac ab 21 26 54 06 ad 3f ca
14 e0 ac ca ad 06 1d 95 e2 f8 9d f1 e0 60 ff c2
7f 75 2b 4c cc da fe 87 99 21 ea ba fe 3e 54 d7
d2 59 78 db 3c 6e cf a0 13 00 1a b8 27 a1 e4 be
67 96 ca a0 c5 b3 9c dd c9 75 9e eb 30 9a 5f a3
cd d9 ae 78 19 3f 23 e9 5c db 29 bd ad 55 c8 1b
54 8c 63 f6 e8 a6 ea c7 37 12 5c a3 29 1e 02 d9
db 1f 3b b4 d7 0f 56 47 81 15 04 4a af 83 27 d1
c5 58 88 c1 dd f6 aa a7 a3 18 da 68 aa 6d 11 51
e1 bf 65 6b 9f 96 76 d1 3d 02 03 01 00 01

Since I am a nice guy, I'll give you the first two hints to get you started. They use RSA. And their key length is 2048.
Now, you can try to brute-force RSA to find their private key...

See you back when Quantum Computers are sold at Wallmart :)

Re:Credit card ?

[Anonymous Coward]

He meant it's not a good system for age verification. That the system works well at barring irresponsible people from having credit is irrelevant to the issue at hand.

Re:Credit card ?

[Lumpy]

The theory is that it'll keep the pedophiles, who won't have the "I'm a kid" token, out of the elementary school "chat rooms."

it will take exactly 3 seconds for these toatart appearing on the black market and sold to those sicko's.

as for the "pedophile problem in chat rooms" being overblown... My daughter hang's on a couple of websites/chatrooms that are pure kid, and LITTLE kid related. while sitting there with her i nthe chat forum a sick-asshat that was asking her age, started asking her if she knew what a blow-job was, and asking other questions that made it obvious he was an adult.

This is on the fricking NeoPets website. a site geared for little kids about a little kids toy.

sorry, it is a big problem and most parents do not monitor their child's net access closely which makes it an even BIGGER problem.

when I have to explain to her that posing a photo of herself on the net for her friends to see is a really bad idea, things are certianly not "overblown".

Re:Credit card ?

[SwissCheese]

A credit card is a short-term interest free loan assuming you pay it off at the end of the month. You get the bill and pay if off if the charges look correct.

A debit card is linked directly to your checking account. As soon as the card is swiped, the funds are already being transferred out of your account.

It's still a debate in my household as to which is the preferred one to use.

FERPA violation?

[awkScooby]

I thought FERPA (Family Educational Rights and Privacy Act) generally prohibited schools from disclosing personal information about students. I guess Verisign is relying on the "Organizations conducting certain studies for or on behalf of the school" exception. How do they propose implementing this if it passes the study? Certainly they should receive no excemption then.

Of course they could provide technology to schools so that schools could program their own tokens, thus eliminating the need to send private, federally protected inforamtion to Verisign. But, that would undermine Verisign's greedy, "let us mint certs which expire more frequently than necessary, so that we can sell you the same thing over and over again" strategy...

Re:Credit vs. Debit

[mikeswi]

"c) Using a credit card improves your credit rating. This is why I pay for everything by credit card, then pay off my bill in full every billing cycle."

Actually, while that is good for your credit, paying it off slower (not in full) looks much better. You're paying the bill (good) but you're also making the lender more money (better), so your credit score goes up further than if you pay the whole thing at once.

Same as a bank loan. It looks better to pay it off according to the schedule than to jump the gun and pay the whole thing off early.

Of course, if your credit is already excellent, there's no need to worry with all that. If you're trying to rebuild bad credit, then slower is better.