from human minds to effect. Such processes are inherently inexact. Consequently, the more complex the environment, the higher is the chance that security holes have been included.

The primary function of an identification system is to contribute to the trust model of the system by supporting the authentication of the identity of the individual persons or other relevant entities registered in, or recognizable by, the system. The document Special Publication 800-36: Guide to Selecting Information Technology Security Products, issued by the National Institute for Standards and Technology of the United States Department of Commerce, suggests three ways that authentication can be accomplished: through provision by users of something that they have (e.g. a token), through provision by users of something that they alone know (e.g. a password) or through sampling a personal characteristic of the user (e.g. a fingerprint). Each of these approaches essentially calls for the provision of a marker on the part of the supplicant and the assessment of that marker regarding establishing the identity of the supplicant by the sentinel. Each form of authentication is accomplished by slightly different protocols. However, essentially all of these protocols consist of qualitatively similar procedures. We characterize these procedures as five successive stages.

The first stage we term the overture. As with a play, this stage is the prelude to the main action. It entails bringing the supplicant and the sentinel into close proximity such that they both decide that they wish to enter into the authentication protocol proper. The actions that occur during the overture indicate that either side can first take the initiative in the process. The sentinel may first notice the approach of the supplicant and issue a preliminary challenge: “Halt, who goes there?” Alternatively, the supplicant can take the initiative: “Hello the house!” Following this very preliminary exchange, the sentinel can begin the formal authentication procedure; “Advance and be recognized!” The supplicant then responds with an initial assertion; “I’m Jane Doe.”

In essence, we’ve slightly codified an exchange that might occur between two strangers meeting in an isolated location where the intentions of either can range from benign to threatening. In establishing some level of general transaction etiquette, this corresponds to the range of actions from a person’s personal electronic device addressing an apparently dormant system and issuing an invitation for the supplicant to “Type your username” or “Insert your token.” We’ve gone a bit overboard in discussing the overture stage because this is an area where operational models of different systems can diverge rather significantly; so, it is useful to model this well such that the two parties can land on their feet no matter how they got started.

The remaining stages are typically understood in a generic sense, but they can vary a great deal in the details. Once a name of the supplicant is asserted during the overture, then the next stage is marker acquisition from the supplicant and providing it to the sentinel. The only real new wrinkle here, from a conceptualization viewpoint, is recognizing that these successive stages may be pursued recursively, i.e. at multiple levels, in order to achieve an adequate trust level among all the elements of the two systems; i.e. first recognizing trusted equipment and then establishing trust in the identity of the supplicant. This is particularly important during the marker acquisition stage because, for most current identification systems, this will require the supplicant to trust the sensors of the sentinel through which the marker is acquired.

Once the marker is acquired, the next stage is marker verification, a processing step performed by the sentinel to a marker template that was gathered from the supplicant on enrollment into the identification system under whose trust auspices this interaction is taking place.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)