Skip to main content

What makes ‘what we are’?


It has long been asserted that there are three components for identity authentication – ‘What We Remember’ (Secret Credential), ‘What We Have’ (Tokens) and ‘What We Are ‘(Body Features).

Feeding a correct secret credential is under our control.  So is presenting a correct token to some extent. But our body features are just beyond our control.  Wouldn’t it be more appropriate to call it ‘What Our Body Features Are’?

What we remember’ and ‘What we have’, which are both deterministic, can be used together in a security-enhancing ‘two-layer’ deployment, whereas probabilistic ‘what our body features are’ can actually be used with another factor only in a security-lowering ‘two-entrance’ deployment.

We practically have two factors of ‘what we remember’ and ‘what we have’ as valid authenticators, with ‘what our body features are’ counted in cyberspace as an optional tool to increase convenience at the sacrifice of security.

It might sound a bit outrageous to the old school who have asserted that ‘what we are’ is made of our body features. But we are confident that the public will agree with us at the end of the day.

Click the link for the full text
https://www.linkedin.com/pulse/external-body-features-viewed-what-we-hitoshi-kokumai


Comments

Post a Comment

Popular posts from this blog

‘Authenticators’ and ‘Deployment of Authenticators’

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’. The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’ Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners. There are also some people who wrongly allege that removing an authenticator should increase security.   They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linke...
Post a Comment
Read more

Volition, Practicability & Confidentiality for Digital Identity

Indispensable for Identity Assurance are 1.   Volition of the User 2.   Practicability of the Means 3.   Confidentiality of the Credentials 1.   Identity authentication with no confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. https://youtu.be/UJDBZpX1a0U   (30 seconds) https://www.valuewalk.com/2017/08/nist-password/ 2.   Mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens. https://www.youtube.com/watch?v=Q8kGNeIS2Lc    (100 seconds) https://www.slideshare.net/HitoshiKokumai/password-fatigue-and-expanded-password-system 3.   The credentials for identity authentication must be ‘secret’, not ‘ unique’ https://pentestmag.com/make-sure-not-mix-identification-authentication/ Any one of them missing, it would not qualify as a valid identity authentication means. Claiming otherwise would end up w...
Post a Comment
Read more

Probabilistic Is Human Body, Not Pattern-Matching Algorithm

The probabilistic nature of biometrics comes from the unpredictably variable body features of living animals rather than imperfect algorithms of pattern matching; perfection of pattern matching algorithm would not affect the probabilistic nature of biometrics. Biometrics that measures the probabilistic body features does not escape False Rejection/False Non-Match/False Negative that inevitably comes with False Acceptance/False Match/False Positive.   Since it cannot escape FR/FNM/FN, biometrics cannot escape the dependence on a fallback measure, a default password/pincode in most cases, which brings the security to the level lower than a password/pincode-only authentication. And yet, so many people who need higher security are spending so much money for bringing security down. Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
Post a Comment
Read more