Title :
Authentication confidences
Author :
Ganger, Gregory R.
Author_Institution :
Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
"Over the Internet, no one knows you\´re a dog," goes the joke. Yet, in most systems, a password submitted over the Internet gives one the same access rights as one typed at the physical console. We promote an alternate approach to authentication, in which a system fuses observations about a user into a probability (an authentication confidence) that the user is who they claim to be. Relevant observations include password correctness, physical location, activity patterns, and biometric readings. Authentication confidences refine current yes-or-no authentication decisions, allowing systems to cleanly provide partial access rights to authenticated users whose identities are suspect.
Keywords :
Internet; authorisation; message authentication; Internet; access rights; activity patterns; authenticated users; authentication confidence; biometric readings; partial access rights; password correctness; password submission; physical location; probability; yes-or-no authentication decisions; Access control; Authentication; Authorization; Biometrics; Electronic mail; Fuses; Humans; Internet; Permission; Workstations;
Conference_Titel :
Hot Topics in Operating Systems, 2001. Proceedings of the Eighth Workshop on
Print_ISBN :
0-7695-1040-X
DOI :
10.1109/HOTOS.2001.990085
