Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating Systems), May 2001.

Position Summary: Authentication Confidences
Gregory R. Ganger
Carnegie Mellon University
ganger@ece.cmu.edu

"Over the Internet, no one knows you’re a dog," goes the
joke. Yet, in most systems, a password submitted over the Internet
gives one the same access rights as one typed at the
physical console. We promote an alternate approach to authentication,
in which a system fuses observations about a
user into a probability (an "authentication confidence") that
the user is who they claim to be. Relevant observations include
password correctness, physical location, activity patterns,
and biometric readings. Authentication confidences
refine current yes-or-no authentication decisions, allowing
systems to cleanly provide partial access rights to authenticated
users whose identities are suspect.