Internet Identification and Authentication




A brief look at knowing who you are talking to on the Internet

A few years ago, free email service providers such as Hotmail and Yahoo! demonstrated to the world a new form of communication.  Along with the ease of creating an online account, protecting a user’s privacy and concealing one’s identity, a new realm of security and authentication concerns surfaced.

President Clinton signed the Electronic Signatures in Global and National Commerce Act on June 30, 2000, giving electronically signed documents the same legal validity as a traditional pen and ink signature.  This legislation was signed electronically – after first being brought into law the old fashioned way.  The new law is “technology neutral,” leaving the techniques that will serve as a digital signature up in the air.  The validity of digital signatures relies upon the security of the computers on which they are used.  Having such a law in place without an identified method for guaranteeing digital signatures leaves a void that is a valid source of concern.  The ability to create a new online identity leaves too many opportunities to falsify one’s identity.

Current technologies to authenticate and verify a person’s authorized access and identity include passwords, smart cards, and public-key cryptography.  These technologies inherently bring their own faults. Passwords can be compromised; the English language has approximately 80,000 words by most people.  Common words are often used in passwords, which can then cracked by sophisticated programs.  Smart cards provide a secured authentication method; yet, they can be lost or stolen.  Public-key cryptography, a method used to sign a message with a private key and then verified with a public key, is yet another level of authentication.  As computer and email viruses have spread over recent years, these technologies are not as secure as they once were.  Many recent viruses have compromised the security of public-key technologies when they infect a computer and distribute a private key.

To effectively integrate digital signatures into a legal arena, there must be a method to secure and guarantee a signature is valid and to verify the physical identity of the person.  Many new technologies, called biometric devices, are proving to be very effective and offer many promises to the debate of digital signatures.

Five primary technologies exist to measure physical and behavioral characteristics.  Hand geometry, fingerprint recognition, iris recognition, voice verification, and face verification all show significant security improvements over password verification.  Biometric traits cannot be lost, stolen, or easily duplicated. 

Some high-tech implementations of biometric devices have already been used.  At a recent Super Bowl, attendees’ faces were captured on security cameras and compared to a database of known criminals and terrorists.  Walt Disney World uses fingerprints and hand geometry to ensure that yearly passes aren’t shared.  Even movies have explored the use of biometrics.  In the movie The Fifth Element, police attempt to identify Leeloo, yet a face print is not found that matches her features.  Vincent (Ethan Hawke) assumes the identity of his brother Jerome (Jude Law) by falsifying his DNA, his fingerprints, and his genetically assigned fate in Gattaca.

As different biometric technologies are combined, the positive identification of the person is guaranteed.  However, with such personal identifying features being used, privacy is becoming a major concern.  Many people will not understand how the technology works, and the fear of “Big Brother” watching will leave many wondering about the invasion-of-privacy concerns.

Being able to positively identify a person, however, will reduce costs and ensure public safety.  Insurance and public benefit fraud will be reduced.  High profile events such as the Olympics and the Super Bowl will be safer.  International travelers who register will be able to bypass long lines.

In the end, our quality of life will improve.  We will be confident knowing our physical identity is protected.  Online security and privacy will not be compromised; in fact, it will be enhanced by these new technologies.  For example, irises contain over 200 minutiae points that can be used to create encrypted templates, which can be used to encrypt and secure the transmission of sensitive documents.

It will take time for these technologies to be accepted as safe, secure, and reliable.  Once we know that our identity is known for our benefit, and not to intrude on our right to privacy, more people will embrace biometric devices as a necessary means to ensure the feasibility of online transactions and legal documents.  Legally, a document cannot be disputed anymore merely because it is in digital format.  It’s now a matter of trust and understanding.