Centrelink
Smart Card Technical Issues Starter Kit
Chapter 3

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 8 April 1998

© Xamax Consultancy Pty Ltd, 1998

This document was prepared for Centrelink. Its purpose was to support the consultation process between Centrelink and privacy advocates, during a project that was intended to lay the foundations for a variety of projects for Centrelink's client agencies that it was anticipated would involve smart cards

This is chapter 3 of an 8-part document whose contents-page is at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html


3. Human Identification and Identity Authentication
3.1 Human Identification

By human identification is meant the association of data with a particular human being.

An identifier is a means of distinguishing one human being from others.

A variety of identification bases is available. These include:

The term 'biometrics' is used to refer to any and all of a variety of identification techniques which are based on some physical and difficult-to-alienate characteristic. They are sometimes referred to as 'positive identification', because they are claimed to provide greater confidence that the identification is accurate. They include:

Further details on human identification of people are available in Clarke (1994).


3.2 Identity Authentication

Evidence of identity (sometimes misleadingly referred to as 'proof of identity' or POI) is means whereby a person's identity can be established with some degree of confidence.

Identity authentication is the process whereby evidence of identity is assessed in order to establish a sufficient degree of confidence that data is being associated with the correct human being. The degree of confidence needs to be commensurate with the risks involved in the identity being incorrect or falsified, and must be balanced against the costs, time, convenience and intrusiveness involved.

An equivalent but narrower term that is in common usage is 'user authentication'. Identity authentication needs to be distinguished from other kinds of authentication, in particular:

A wide variety of identity authentication mechanisms are in use in different contexts, including:

Hand-written signatures are a low quality basis for authentication, because they are very easily 'spoofed' (i.e. a false signature used in order to create the impression of a valid one) and very easily 'repudiated' (i.e. the validity of a signature denied).

The generic concept of an 'electronic signature' may be capable of delivering far greater quality than hand-written signatures (although it also is likely to be imperfect). The strongest such contender at present is a so-called 'digital signature', based on public key cryptographic techniques, which combines a token and knowledge.


References

Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Information Technology & People 7,4 (December 1994) 6-37


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 14 July 1998

Last Amended: 14 July 1998


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916