1. Field of the Invention
The present invention is related to authentication, and more particularly to providing variable levels of trust in an authentication scheme.
2. Description of the Background Art
Authentication can be defined as the process of determining, to some desired degree of certainty, whether a person, document, or item is authentic; that is, determining whether a person is who he or she purports to be, or that a document or other item is what it purports to be. The desired degree of certainty generally varies according to the context of the authentication, the reason for the authentication, the feasibility of performing more rigorous authentication, and other factors. It is generally known in the art to perform authentication in the context of various actions, and different levels of authentication are employed depending on the nature of the action and on the other factors listed above. For example, in some contexts, an individual signs his or her name to authenticate his identity, whereas in other contexts the person is requested to present a piece of identification such as a driver's license.
One particular context for authentication is electronic commerce, as may be implemented in a client/server environment over a network such as the Internet. In such an application, the identity of an individual seeking to conduct business over the network is verified using some authentication scheme. Examples of authentication schemes applicable in a network-based e-commerce environment include: password entry, detection of Internet Protocol (IP) address, “smartcard” readers, and the like.
Objects, documents, and other items may also be authenticated. For example, the validity of a signed document, or the genuineness of a dollar bill, or the authenticity of a piece of sports memorabilia, may be verified, to some desired degree of certainty, by authentication. Different types of authentication apply to each of these examples, and, depending on the nature of the action involving the item, different levels of certainty are appropriate and feasible.
In the context of an automated authentication scheme, authentication takes place without the involvement of a human being. For example, an automated teller machine (ATM) authenticates a person's identity by verifying that the person has entered a valid and correct personal identification number (PIN) prior to completing a transaction or allowing the person access to the bank account. In addition, the person's possession of a valid ATM card is required (in conjunction with entry of the PIN). As another example, a dollar bill reader authenticates a dollar bill by scanning certain visual characteristics of the bill.
In any such automated authentication scheme, a given degree of confidence, or trust, in the authentication is implicit. This implicit degree of confidence results from a recognition that, while the particular authentication method chosen may not be infallible, it is sufficiently reliable for the application at hand. Generally, more important actions demand more rigorous authentication methods, since the consequences of incorrect authentication are more severe.
In most environments where authentication is performed, a particular authentication method is specified. For example, if a bank customer seeks access to an account via an ATM, an ATM card and PIN are required; if an employee attempts to enter a secured building, a key card and/or thumbprint scan may be required. Whichever authentication method is specified, if authentication according to the specified method is not performed, the action (such as a transaction or interaction) does not go forward. However, such environments typically do not specify a quantified trust level for the authentication method, nor do they specify alternative authentication methods (or combinations thereof) that yield a sufficient trust level to permit the action to go forward. Conventional authentication schemes are, therefore, relatively inflexible, since they typically specify particular authentication methods, rather than specifying trust levels that can be attained in a variety of ways.
For example, in the ATM example discussed above, two separate authentication methods (entry of a PIN and possession of a physical card) are required, and the person is denied access to the account if he or she fails to present those two particular elements. Even if the person is able to present more reliable indicia of his or her identity (such as a thumbprint scan or retinal scan, or answers to secret questions), access will be denied. The ATM is not able to accept alternative authentication methods based on a quantifiable trust level, nor is it able to determine the sufficiency of a particular authentication method or combination of methods based on a quantifiable trust level.
Some authentication schemes do provide alternative authentication methods. For example, a website may prompt a user for his or her password, but may also allow for the fact that the user may have forgotten the password. A “password hint” question may be asked, and the user may be provided with the password information only if the question is correctly answered. Thus, an alternative authentication method is effectively made available to a user. However, such schemes are generally limited in their flexibility, do not allow for a quantifiable trust level, and do not provide for several alternative methods for attaining a specified, desired level of authentication in a truly flexible manner.
What is needed is an authentication scheme that provides greater flexibility than do prior art schemes, without sacrificing security or confidence in the scheme.
What is further needed is an authentication scheme that facilitates specification of a quantified trust level for a given action.
What is further needed is a scheme for quantifying trust levels for various authentication methods.
What is further needed is a mechanism for providing two or more alternative options for authentication methods, or combinations thereof, based on quantifiable trust levels.
What is further needed is an authentication scheme that is capable of operating in many different environments and contexts, based on variable trust levels.