Authentication Confidences

Gregory R. Ganger
ganger@ece.cmu.edu
April 28, 2001

April 2001
CMU-CS-01-123

School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213


Abstract

"Over the Internet, no one knows you're a dog," goes the joke. Yet, in most 
systems, a password submitted over the Internet gives one the same access rights 
as one typed at the physical console. We promote an alternate approach to 
authentication, in which a system fuses observations about a user into a 
probability (an authentication confidence) that the user is who they claim 
to be. Relevant observations include password correctness, physical location, 
activity patterns, and biometric readings. Authentication confidences refine 
current yes-or-no authentication decisions, allowing systems to cleanly provide 
partial access rights to authenticated users whose identities are suspect.