Lecture 10: Identity Management

Date: October 18, 2013
Homework due: Oct. 18 at 5:00pm

  1. Challenge-response
    1. Computer issues challenge, user presents response to verify secret information known or item possessed
    2. Example operations: f(x) = x+1, x random; string (for users without computers); something based on time of day; computer sends E(x), you answer E(D(E(x))+1)
    3. Note: password never sent on wire or network
  2. Biometrics
    1. Depend on physical characteristics
    2. Examples: pattern of typing (remarkably effective), retinal scans, etc.
  3. Location
    1. Bind user to some location detection device (human, GPS)
    2. Authenticate by location of the device
  4. Multi-factor authentication
  5. Identity on the computer
    1. Real identity
    2. Effective identity
    3. Audit identity
  6. Host identity
    1. MAC address
    2. IP address (static, dynamic)
    3. Binding MAC address to IP address
    4. Host name
    5. Domain name service
  7. Web identity
    1. Cryptographic Key Infrastructure
    2. Certificates (X.509, PGP)
    3. State and cookies
  8. Anonymity

You can also obtain a PDF version of this. Version of October 17, 2013 at 8:35PM