Skip to main content

Who Goes There? Authentication Through the Lens of Privacy (2003) / Chapter Skim
Currently Skimming:

2 Authentication in the Abstract
Pages 33-54

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 33...
... In the context of information security, the unqualified term "authentication" is often used as shorthand to mean "verification of a claimed identity," although for the purposes of this report, a slightly more nuanced meaning is assumed. (See Chapter 1 for Another CSTB committee is examining the broad topic of privacy in the information age; the status of this project is available online at .
Read the entire page →
From page 34...
... It is possible to authenticate both human users and entities that are not humans (for example, cellular telephone networks in the United States directly authenticate cell phone handsets rather than handset users2 ) , and it is possible to authenticate claims that do not relate to users' personal names (for example, an individual may claim to be tall enough to enjoy a height-restricted ride at a county fair; this claim can be verified without knowing the individual's name)
Read the entire page →
From page 35...
... Keep a record of individual and action. · Identify and perform individual authentication.
Read the entire page →
From page 36...
... , which issues an important credential, the driver's license.6 The DMV often relies on another credential, such as a birth certificate or a passport, to identify applicants for licenses. This reliance comes with its own risks, in that birth certificates, for example, are not strongly linked to the individuals whom they identify and are so diverse in their format that it is difficult for DMV employees to authenticate them.
Read the entire page →
From page 37...
... Standard 10181-3 defines a standard model and standard terminology for authorization in an information technology and communications context.9 In the ISO model, authorization decisions are based on authorization policy, resource attributes (such as sensitivity of the data) , context attributes (such as time of day)
Read the entire page →
From page 38...
... Therefore, this system works well enough to prevent multiple users from using the same pass in most cases an acceptable level of risk, given what the system is protecting. This system uses a loose form of biometric authentication to protect against fraud (here defined as multiple users)
Read the entire page →
From page 39...
... One can have redress for a harm without holding the perpetrator of the harm accountable. For example, in disputes involving alleged violations of copyright, the Digital Millennium Copyright Act of 1998 provides for redress by providing copyright holders with a method of having material removed from Web sites.
Read the entire page →
From page 40...
... In contrast, credit card transactions are information-rich: A record is created that captures both the identity of each party and the details of the transaction. Credit records support accountability by uniquely mapping to an individual (except perhaps in the case of family members who share a single account and thus share each other's accountability or in situations involving powers of attorney)
Read the entire page →
From page 41...
... When the goal that motivates authentication is to authorize individuals' actions, it is useful to verify some piece of information that will be useful to the policy decision point in making its authorization decision. This information may be a property of the individual (such as the fact that an individual has paid for entrance to an event)
Read the entire page →
From page 42...
... However, multiple weak identifiers can, when combined, uniquely identify a specific individual and therefore serve as the functional equivalent of a single strong (unique) identifier.
Read the entire page →
From page 43...
... An entity issuing or relying on such an identifier may wish to correlate it to a unique individual; individuals using these identifiers may wish to prevent such correlation. Identifiers that are not personal names can be designed to protect individuals' privacy by limiting or preventing correlation of the identifier to a specific individual by limiting access to the look-up table (in a way that personal names cannot)
Read the entire page →
From page 44...
... Then, at some later time, the individual reauthenticates the same unique identifier to the system, and some observer function in the system uses the unique identifier to look up the assigned attributes in the database and to make an access decision. Statements A statement records a belief or claim about an individual by an identifiable party.l7 Authorization decisions may in some cases be based on attestations or assertions of authorities.
Read the entire page →
From page 45...
... In the example above, an information system cannot observe an individual's credit rating it must instead query the credit agency to provide the rating. In order to retrieve accurately an individual's attributes from the authority, the relying party must have an appropriate identifier for the individual, which it can correlate to the individual's identity and corresponding statements in its database.
Read the entire page →
From page 46...
... Some biometrics, on the other hand, can be used to identify individuals without those individuals' active participation and awareness, so care needs to be taken when using biometrics in authentication systems designed to ensure accountability. Some authentication systems also authenticate claims not on the basis of physical or psychological identity but instead on the basis of the possession of an artifact.
Read the entire page →
From page 47...
... Unlike passwords, properly chosen biometrics cannot be readily shared in normal use.20 Authenticating Psychological Identity Authentication systems based on covert knowledge (something you know) authenticate users by requiring the individual to recite a secret (sometimes personal information)
Read the entire page →
From page 48...
... . Private secrets are rarely completely private.23 This leads to another problem: Any item of information that is used as a private secret to authenticate an individual will typically be shared with all the people and organizations that want to authenticate the individual (technical measures exist that could prevent sharing this, but they are not widely used)
Read the entire page →
From page 49...
... A member of the Princeton University admissions office staff discovered this and apparently used Social Security numbers obtained from the records of applicants to Princeton in order to access the Yale admissions Web site and learn about Yale's admissions decisions.24 Authenticating Possession of an Artifact Another traditional approach to authentication is the possession of a unique object. A typical house key is an example of the "something you have" approach.
Read the entire page →
From page 50...
... Some authentication technologies (particularly biometric technologies) are used in both processes.
Read the entire page →
From page 51...
... Even when authorization requires individual authentication, it often does not require the authenticated identifier to be a personal name. The common use of credit cards is an example.
Read the entire page →
From page 52...
... While smaller-scale authentication systems may imply decreased urgency (that is, a system to restrict access to a hotel swimming pool, in which the attribute necessary for authorization is "current hotel guest," may require less rigorous attention to these questions than a system that would track the enrollment status of all foreign students in the United States on the basis of their visas or other IDs) , the principles outlined in IDs Not That Easy still hold, especially with regard to understanding the goals of the system and minimizing unnecessary data collection and re
Read the entire page →
From page 53...
... · What is the purpose of the system? Possible purposes of an identity system include expediting and/or tracking travel; prospectively monitoring individuals' activities in order to detect suspicious acts; retrospectively identifying perpetrators of crimes.
Read the entire page →
From page 54...
... ~4 O GOES ~RE7 ~ What /~' sfr"cf"~ protect the system's 1ntegrhy as gem as the data subjects privacy and due process duty and Which structures determine the 11~1Uty of We government and relying pardes for system misuse or Inure? We next chapter explores the history and meaning of privacy' conduding ~1~ a recommendation for the development of au~ent~abon systems modeled on these ~esUons.
Read the entire page →

Key Terms

  • individual authentication
  • unique identifier
  • credit card
  • policy decision
  • weak identifiers

  • private secrets
  • available online
  • finger geometry
  • authorization decision
  • psychological identity

  • house key
  • disney world
  • authentication technologies
  • multiple weak
  • credit agency

  • authorization based
  • admissions office
  • personal identification
  • multiple users
  • claimed identity

  • third parties
  • specific individual
  • credit rating
  • relying party
  • synthetic secrets

  • identity authentication
  • authorization policies
  • authentication event
  • require individual
  • vitally united


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.