Authentication and Privacy
In Chapter 4 we studied authentication, which we described as a
means of proving or verifying a previously given identity. We also discussed
various authentication technologies, which are subject to false accept (false
positive) and false reject (false negative) limitations. A social problem
occurs when we confuse authentication with identification.
We know that passwords are a
poor discriminator. You would not expect all users of a system to have chosen
different passwords. All we need is for the IDpassword pair to be unique. On
the other end of the spectrum, fingerprints and the blood vessel pattern in the
retina of the eye are unique: given a fingerprint or retina pattern we expect to
get but one identity that corresponds or to find no match in the database. That
assumes we work with a good image. If the fingerprint is blurred or incomplete
(not a complete contact or on a partly unsuitable surface), we might get
several possible matches. If the possible matches are A, B, and C and the
question is whether the print belongs to B, it is probably acceptable to allow
the access on the grounds that the identity was among a small set of probable
matches. Other authenticators are less sophisticated still. Hand geometry or
the appearance of a face does not discriminate so well. Face recognition, in
particular, is highly dependent on the quality of the facial image: Evaluating
a photograph of one person staring directly into a camera is very different
from trying to work with one face in the picture of a crowd.
Two different purposes are at
work here, although the two are sometimes confused. For authentication we have
an identity and some authentication data, and we ask if the authentication data
match the pattern for the given identity. For identification, we have only the
authentication data and we ask which identity corresponds to the authenticator.
The second is a much harder question to answer than the first. For the first,
we can say the pattern matches some percentage of the characteristics of our
stored template, and based on the percentage, we declare a match or no match.
For the second question, we do not know if the subject is even in the database.
So even if we find several potential matches at various percentages, we do not
know if there might be an even better match with a template not in our
database.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.