"An Investigation of Remote Authentication Schemes: The Key Scan Project"
Adam Anthony 2004
Abstract
The problem area for this project is verification. Verification is the process of ensuring the truthful claims of a person wishing to be recognized by a certain identity. In a non-computerized example, credit card holders are asked to sign receipts so that their signature can be compared to the one on the back of the card. If the signature is not on the card, many stores will ask a person to present a driver's license as verification of identity. In computing, this problem can be very difficult because of remote connections to networks.
Through the convenience of the Internet, any hacker can claim a false identity and gain access to information they have no right to access. Computers do not currently have proper constructs to prevent these false claims. Many established methods exist where a hacker can infiltrate a password protection scheme even by merely guessing possible passwords. Perfect verification in computing would allow a person's identity to be secure in the event of the publication of their personal information.
Three methods to be researched in this study are:
- Public key authentication, where some information is public and other information is never divulged
- Zero-knowledge proofs, where a person proves knowledge about themselves without exposing this knowledge
- Biometric authentication, which is the measurement of variables specific to an individual's physical characteristics
The Key Scan Project implements a biometric scan of the intricacies a person exhibits when typing a familiar word or phrase, such as a first and last name. An analysis of the performance of this software, paired with knowledge gained in researching other methods of verification leads to a potential authentication scheme that would assure an adequate amount of protection from identity thieves.