word authenticators. However, administrators of multigigabyte or terabyte databases have password authenticators that are necessarily 20 or 30 characters long. The authenticator, whether weak or strong, needs to be verified.1 This is where we tend to run into trouble. The process of verifying the authenticator requires a trusted source. In the example of a driver’s license, we trust the Department of Motor Vehicles (DMV). The picture on your driver’s license is the authenticator. To identify a person you look at the picture on the license, you look at the person presenting it, and say, “Yes, I have authenticated that this is your license and I now believe your identity.” The reason this works is that I trust the license because I trust the DMV. If we did not trust the DMV licensing process, then we would not use a license for identification.

If you sign something to authenticate yourself, I have to verify that signature against a trusted copy of your signature. The trusted copy I use to verify it against gives me the confidence that you are who you say you are. For example, a bank’s trust is based on properly issued signature cards.

A token typically is not a sufficient authenticator by itself because it can be passed around—it is too mobile. But if implanted permanently in someone’s head, that token probably would have some validity. If I have a microchip embedded in my skull at birth by a National Security Agency (NSA) surgeon, and the NSA verifies the chip when I walk through magnetic readers, then I would trust it. But I cannot think of anything less draconian that would suffice to make a token a valid independent authenticator (we tend to use them in conjunction with other authenticators such as PINs).

In summary, the ability to identify a person depends on confidence. You have to have confidence in the authenticator, the issuer and issuing process of the authenticator, the source of the information used to verify the authenticator, and the process used to verify the authenticator. A system that identifies millions of people must have very high confidence. For example, in the case of automated teller machine transactions, a very small error rate in identification would make them unacceptable. If you do not have enormous confidence in the identification process, it is not


David Forsyth gave the following example: He has a piece of paper given to him by someone trusted that says, “David Forsyth knows the factors of this very long number.” He gives someone else that piece of paper and tells the person these factors. In the authentication, that person says, “Well, if you cannot trust the person who gave you the piece of paper, then the whole thing will not work.” Eddie Zeitler added that verification means that he knows that the piece of paper actually came from the person from whom Forsyth said it came. He has verified the “signature.”

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement