Hitoshi Kokumai

5年前 · 1 読書時間 分 · ~10 ·

ブログ
>
ブログ Hitoshi
>
Secret Credential and Computing Power

Secret Credential and Computing Power

he lock authenticates the key. The key authenticates the lock. Does the key authenticate the person who holds it?

When the computing power was very limited, we were only able to use texts, namely, characters and numbers, as the secret credential for identity authentication. Now that the computing power is no longer so limited, we could accept non-text credentials such as visual images, audio sounds and tactile sensations where they contribute to better security and/or better usability.

Humans acquired the ability of reading, writing and remembering texts quite recently - a few hundred years ago for the majority of our ancestors. On the other hand, our ability of seeing, watching, finding, distinguishing and remembering visual objects dates back to 5 hundred million years ago. This ability is solidly inscribed at the deep layer of the brains for all of us.

Separately, we know that cognitive science supports that our episodic memory, much of which is visual, is the core of humans’ internal identity.

Would it be possible to not make use of our episodic image memory for our identity assurance?

----------------------------------

What if secret credentials are taken away from digital identity?

Assume that the password has been removed from digital identity. Then digital identity platforms would have only two authenticators - physical tokens and biometrics.

 Biometrics by its nature requires a fallback measure against false rejection, and only the physical token could be the fallback measure for biometrics in this situation. Here we have only two scenarios.

 (1) authentication by a physical token, with an option of adding another token. Its security effect is plainly illustrated above and below.

226d37ea.png

 (2) authentication by a biometrics deployed in ‘multi-entrance’ method with a physical token as the fallback measure, with an option of adding another token. Its security is even lower than (1) as quantitatively examined at "Quantitative Examination of Multiple Authenticator Deployment"

 We reckon that quite a few professionals of cyber security and identity management are well aware of these facts but something seems to prevent them from speaking out. Possibly, once they had touted those powerless solutions and recommendations to millions of clients, it might be embarrassing to admit the facts.

 But it’s never too late to return. They are expected to speak out.


Click the link for more   https://www.linkedin.com/pulse/removal-passwords-its-security-effect-hitoshi-kokumai/




コメント

Zacharias 🐝 Voulgaris

5年前#1

It's hard enough to change people's minds, let alone their habits! However, it's always worth trying...

Hitoshi Kokumai の記事

ブログを見る
4年前 · 2 読書時間 分

Truly Big Threat

The quantum computer held in a bad guy’s hand is indeed a big threat. So is the artificial intellige ...

4年前 · 2 読書時間 分

Quantum Computing and Identity Assurance

Bad guys, who have a quantum computer at hand, would still have to break the part of user authentica ...

4年前 · 2 読書時間 分

Dystopia Comes with Comfort and Convenience

I take up this report today - “Facebook's metaverse plans labelled as 'dystopian' and 'a bad idea'” ...

関連プロフェッショナル

これらの仕事に興味があるかもしれない