Secure Identification System

Abstract

Present ways to secure use of circuits such as a computer workstation require overt actions on the part of the user, either entering a password, unlocking a machine physically, placing a token (e.g. a card, badge, button, etc.) in a reader connected to the system, or some similar operation. In environments where users frequently walk up to workstations, perform a brief transaction, and leave, any of these modes of operation is a substantial inconvenience. Where password entry is required, other people in the vicinity may be able to see what the user has typed and imitate it later. Password systems themselves are a substantial vulnerability because users are allowed to choose passwords, they typically choose weak (easy to guess) ones, and if they are assigned passwords, they are prone to write them down where they may be seen by others. Systems that avoid this problem by requiring a new password each time generally require users to carry either a special card or a list of passwords from which the user must determine the correct password to enter, another inconvenience. Further, once the act of identification is performed (e.g. the password is entered or token inserted), if the user leaves the workstation for any reason, another overt act is required to disable the workstation again: the user must log out, remove the token from the reader, etc., and, upon returning, repeat the identification process. Consequently, users frequently leave their workstations unattended after they have identified themselves, making the workstation vulnerable to abuse by others with physical access to it. Finally, all of these systems depend to some degree on installing special software and the software's correct functioning, which in turn depends on the software operating correctly and not being tampered with.

Document Details

Document Type

Technical Report

Publication Date

Jun 10, 1997

Accession Number

ADD018633

Entities

Tags