Traditionally, users have been authenticated by asking them to provide some form of password. This password has been stored securely in the computer and used to check the identity of the user at various times, such as when they first log on. However such authentication only proves that the challenged user knows the password - it doesn't identify the user. This has often been a security problem in time-shared computer installations, when unauthorised users (the proverbial "hackers") have obtained the passwords of valid users and used these to penetrate the site's security. This has led to much work to identify users uniquely by more secure means, such as fingerprints. Such measures all try to identify a user by checking some attribute of the person. In what follows we will discuss various identification schemes based upon work done at the University of Sydney.
History
Citation
Jones, T, Newberry, M and Seberry, J, User unique identification, in Proceedings of ACSC-12, University of Wollongong, 1989, 163-172.