Skip to main content

Currently Skimming:

1 Introduction and Overview
Pages 16-32

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 16...
... . 2See, generally, Marion Agnew, "CRM Plus Lots of Data Equals More Sales for BordersRetail Convergence Aligns Web-based Marketing and Strategies with Those of Physical Stores," InformationWeek, May 7, 2001 (Borders' plan to merge online and off-line customer data and loyalty programs)
From page 17...
... ; Katherine Shaver, "Armey Protests Cameras Sought on GW Parkway; Speed Deterrent Likened to Big Brother," Washington Post, May 9, 2001, p. B01 (the National Park Service tested a radar camera from August 1999 to February 2000 in two areas of the George Washington Memorial Parkway in the Washington, D.C., area, and House Majority Leader Richard Armey asked Department of the Interior Secretary Gale A
From page 18...
... It introduces four overarching privacy concerns that illustrate how privacy and authentication can interact in ways that negatively affect privacy. It also provides a "day-in-the-life" scenario to motivate a discussion of authentication and privacy.
From page 19...
... . In the information security literature, individual authentication is sometimes referred to as "user authentication." In the biometrics literature, individual authentication of an identifier claimed by the individual is often called "verification." - Identity authentication is the process of establishing an understood level of confidence that an identifier refers to an identity.
From page 20...
... an authentication phase, during which the required level of confidence is established, either by direct observation of the individual for the purpose of verifying the applicability of the attribute or by challenging the individual to produce one or more authenticators supporting the claim that the selected attribute refers to the individual. · An authenticator is evidence that is presented to support the authentication of a claim.
From page 21...
... To illustrate the myriad ways in which instances of identification and authentication arise in everyday life and to highlight some of the important issues associated with new systems, the committee hypothesized scenarios in the life of Joseph K as he goes on a business trip.
From page 22...
... He does so by claiming to be an employee of CompuDigi Corporation, using a name and a smart card that is read by his computer. Successfully completing this authentication procedure authorizes Joseph to access the corporate network.
From page 23...
... When Joseph initially registered on the Web site as a frequent guest of the hotel chain, the site interacted with his browser in order to issue him a public key certificate (an electronic file containing information related to Joseph's interactions with this site; see Chapter 5 for more on public key cryptography, private keys, and certificates)
From page 24...
... When Joseph visits the hotel Web site (having registered and received a certificate earlier) , his browser is queried by the Web site to send Joseph's certificate and to use the associated private key to verify foseph's frequent-guest account identifier.
From page 25...
... Toseph's profile includes credit card data as well as his driver's license data, both of which are required for rental car transactions. En route to the airport, Joseph makes use of an electronic toll tag lane, which allows him to avoid longer lines for drivers paying tolls with cash.
From page 26...
... Since the primary concern of the hotel is that it is compensated for the room rental, the presentation of a valid credit card (including verification that the credit card account is in good standing, not reported lost or stolen) is an acceptable form of authentication in this context.8 The credit card is itself authenticated on the basis of the information contained on the magnetic stripe on the back of the card and on the basis of the appearance of the card (for example, the appearance of a standard hologram as part of the card face)
From page 27...
... Without informed, proactive control on Toseph's part, the various authentication events described in this scenario pose risks in terms of both security and privacy. The rest of this report elaborates on various authentication technologies and their relationship to privacy issues.
From page 28...
... He concludes with an explanation of the role that the privacy tort plays in enabling individuals to receive and express respect, thereby enabling human dignity; in allowing individuals to receive and express intimacy, thereby enabling human autonomy; and in establishing obli
From page 29...
... requires an affirmative act the individual must affirmatively introduce herself or knowingly produce a credential containing identity information. While a third party may at times provide information about an individual's identity (such as an adult verifying the identity of a child)
From page 30...
... FOUR OVERARCHING PRIVACY CONCERNS While authentication systems can be used to preserve or enhance privacy, there are many ways, as described above, in which an authentication system, or even the act of authentication alone, can affect privacy; that is, privacy is involved as a consequence or corollary of authentication. Before discussing the details of authentication technologies and their impact on privacy in later chapters, several categories of privacy risk are described below.
From page 31...
... It examines various authentication technologies and describes their privacy implications. The report does not recommend specific technologies for specific purposes, nor does it provide an explicit cost analysis such as might be provided by a consultant.
From page 32...
... Given the historical association of authentication with security, Chapter 4 describes security concerns that motivate authentication and then discusses how usability issues matter, both for security and privacy. Chapter 5 examines particular authentication technologies and describes some of the technological issues that arise.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.