Accession Number : ADD018633

Title :   Secure Identification System

Descriptive Note : Social number 872,316

Corporate Author : OFFICE OF NAVAL RESEARCH ARLINGTON VA

PDF Url : ADD018633

Report Date : 10 Jun 1997

Pagination or Media Count : 20

Abstract : Present ways to secure use of circuits such as a computer workstation require overt actions on the part of the user, either entering a password, unlocking a machine physically, placing a token (e.g. a card, badge, button, etc.) in a reader connected to the system, or some similar operation. In environments where users frequently walk up to workstations, perform a brief transaction, and leave, any of these modes of operation is a substantial inconvenience. Where password entry is required, other people in the vicinity may be able to see what the user has typed and imitate it later. Password systems themselves are a substantial vulnerability because users are allowed to choose passwords, they typically choose weak (easy to guess) ones, and if they are assigned passwords, they are prone to write them down where they may be seen by others. Systems that avoid this problem by requiring a new password each time generally require users to carry either a special card or a list of passwords from which the user must determine the correct password to enter, another inconvenience. Further, once the act of identification is performed (e.g. the password is entered or token inserted), if the user leaves the workstation for any reason, another overt act is required to disable the workstation again: the user must log out, remove the token from the reader, etc., and, upon returning, repeat the identification process. Consequently, users frequently leave their workstations unattended after they have identified themselves, making the workstation vulnerable to abuse by others with physical access to it. Finally, all of these systems depend to some degree on installing special software and the software's correct functioning, which in turn depends on the software operating correctly and not being tampered with.

Descriptors :   *IDENTIFICATION SYSTEMS, *ELECTRONIC SECURITY, COMPUTER PROGRAMS, COMPUTERS, PHYSICAL PROPERTIES, VULNERABILITY, IDENTIFICATION, WORK STATIONS, ACCESS, CIRCUITS, WRITING, AUTOMOTIVE VEHICLES

Subject Categories : Electrical and Electronic Equipment
      Defense Systems

Distribution Statement : APPROVED FOR PUBLIC RELEASE