- 606 Downloads
There are generally two methods for identifying a person. If that person is a complete stranger to us, we have to rely on his identity document (ID), such as a driver license, to identify him. If he is our acquaintance, we do not check his ID. Instead, we identify him by familiarity. Familiarity includes our perception of his body figure, his face, his voice, and other biometrics that allow us to recognize him. More importantly, familiarity includes the memories shared between that person and us. Even if we cannot see the person or hear his voice, we still can easily identify him by asking him about the historical information that both that person and we would remember. During wedding ceremonies, there is a popular game called “pick your man”. The bride has her eyes folded. The groom and some volunteer male guests stand in a row. The bride asks yes-no questions. Every participant answers the question by nodding or shaking his head. The guest who has an incorrect answer leaves the game after each round. Quickly the bride can eliminate the guests and leave the groom outstanding. Exceptions do occur when the groom forgets information that the bride believe to be very important and that he should remember. This is the fun part of the wedding but not the point that we want to emphasize in this monograph. Suppose the bride and the groom both have good memories, their shared information from the past will be solid basis for the identification. The more familiar two people are to each other, the more reliably they can recognize each other. If two people have shared a large amount of information in the past, it becomes much more difficult to defeat the identification through their shared history than to fake a driver license, i.e. defeat identification by ID. The same experience does not apply to typical secure communication tasks in the digital world, such as the authentication to login our email accounts. In the past several years, we login to our email accounts multiple times a day from our laptop computers and the email server asks for our usernames and passwords every time. The email server and our laptops refuse to become acquaintances although they have exchanged many gigabytes of data, much more than a human can exchange with another in day to day life. This large amount of information should have formed a stronger proof of our identities than usernames and passwords. From another point of view, if we have had daily conversation with a person for the past several years, We should not expect him to check our IDs every time we talk. He can identify us more reliably by our communication history. There is a mismatch between the typical digital authentication process and the possibly better alternative approach of identification through daily life experiences. This monograph is about methods to establish and make use of “familiarity” between digital communication devices to improve communication security.