Introduction to Personal Authentication

Personal authentication is a process whereby a person first registers as that person and thereafter provides evidence as and when required to confirm that he or she is that person. The act of registration that has just been referred to is carried out with a particular purpose in mind. The act of personal authentication is similarly carried out with a particular purpose in mind (generally the same purpose as the act of the registration). There is no such thing as personal authentication carried out for some vague, generalized purpose.

In the case of a service (the term "service" is used here in a fairly broad sense) the provision of which is to be confined to a limited audience or clientele, personal authentication will be used as a means of confirming-before providing the service-that the potential recipient of the service is in fact entitled to receive it.

1 Situations in which personal authentication might be used

The following examples of situations in which personal authentication might be used hopefully will help readers to understand the concept more clearly.

1.1 Personal authentication in banks

Let us look first at the bank-account system. One obvious situation in which personal authentication might be used is when a potential customer requests a bank to open an account for him or her. In this case, the customer first registers-as evidence for personal-authentication purposes-something that can itself be used again another day. A person's registered seal impression can be used in this way. The personal identification number (PIN) that a person inputs when he or she wants to deposit or withdraw money through the medium of an automatic teller machine (ATM) serves exactly the same purpose. When a person asks to withdraw money, it is important to confirm that he or she is the person to whom the account belongs. This is what registered seal impressions and PINs are used for.

1.2 Personal authentication with respect to credit cards

When a person uses a credit card to make a purchase, the person must demonstrate to the store that he or she is a cardholder of the credit card group of which the store is also a member. This is what the person is doing when presenting the credit card. (The procedure by means of which the cardholder subscribes to the system is a form of advance registration.) Personal authentication is thus achieved by presenting a token in the form of the credit card itself; to guard against theft or loss of the card, the bearer is also required to sign the credit card transaction-charge form to demonstrate that he or she is the registered cardholder. The signature on the reverse of the card is used for this purpose. The store employee then compares the signature on the transaction form with the signature on the back of the card to confirm that the person presenting the card actually is the cardholder.

1.3 Personal authentication as a means of access control

In the case of computer access, the normal situation is one in which access control is exercised to ensure that the user gains access only to data that he or she is entitled to access. Access control focuses on who is permitted to access which files, and for this reason it is essential for the system operation side to confirm who the user is. Confirmation of the user's identity is achieved by comparing a password entered by the user during log-in with a password previously registered by the user.

1.4 Personal authentication to gain entry

Personal authentication to gain entry into a physical facility such as a building or a room is based on exactly the same principles as in the case of a computer system. Only persons who have registered in advance with the facility manager are allowed to enter the facility. When a person wishes to enter the facility, he or she must confirm that he or she is already registered. Various methods are used to confirm registration. These include the presentation of visual evidence of identity (a pass of some sort), fingerprinting systems, and passwords.

2 The principle of personal authentication

As explained above, personal authentication refers to an act by which a person confirms that he or she is someone who has already registered. To this end, the person claiming to be a certain person must participate in a prescribed process that will prove that he or she is that person. There are various methods of establishing this sort of proof; these are discussed in more detail in Section 1.3 below. Basically, however, the would-be user is required to present some sort of data or token that only he or she possesses. This is known as authentication information. In other words, the general principle is that a person registers some sort of identification information as part of the registration process. This data can then be compared with the authentication information provided to confirm identity at the point of claim. In the case of tokens, these must be issued by the registering body as part of the registration process, with subsequent confirmation consisting of demonstrating that you are the person to whom the subject token was originally issued.

The present working group started by abstracting common principles from a number of different methods of personal authentication and using them as the basis for creating a reference model. As also was the case in other areas such as Open Systems Interconnection (OSI), the working group that devised the reference model was made up of members with a variety of backgrounds. Under the circumstances, it was believed that it would make sense to prepare a common basis for discussion; we found, in fact, that the very process of preparation itself helped to create a common awareness. It is hoped, therefore, that the resulting reference model will prove useful as a personal-authentication framework in future work. (see Reference Model)

The reference model utilizes a number of basic concepts to define the players in a personal-authentication situation and the information that they use.

Basic concept No. 1-Claimant: A person who asserts that he or she is definitely a registered person.

Basic concept No. 2-Verifier: A person (or system) that confirms what a claimant says by referring to the evidence presented.

Basic concept No. 3-Authenticator: A person (in this case, the person who must accept whatever gains or losses that result) who finally evaluates the results of the comparison and determines whether the claimant is in fact the person whom he or she claims to be.

Basic concept No. 4-Verification-authentication information: Information registered as evidence and used by the verifier to verify the claimant's identity.

Basic concept No. 5-Exchange-authentication information: Information presented by a claimant in support of his or her claim (this is what the verifier compares with registered information for verification purposes).

With the help of these basic concepts, the basic principles of personal authentication can be expressed in the following terms. First, the authentication information supplied by a person for personal-authentication purposes at the time of registration is registered. (This is referred to as verification-authentication information.) The fact that a claimant is indeed the registered person in question is confirmed by the authenticator (or the verifier) when the claimant requests authentication, by comparing the exchange-authentication information presented by the claimant with the initially registered verification-authentication information.

The following supplementary concepts have also been defined.

Supplementary concept No. 1-Point of claim: The point at which the claimant presents his or her exchange-authentication information.

Supplementary concept No. 2-Point of authentication: The point at which the authenticator confirms that the claimant is the person he or she claims to be.

Supplementary concept No. 3-Point of verification: The point at which the verifier compares the verification-authentication information with the exchange-authentication information.

Supplementary concept No. 4-Authentication path: A generalized description of the logical transmission path between the point of claim and the point of authentication, by way of which exchange-authentication information and any other information necessary for personal-authentication purposes is transmitted.

In principle, exchange-authentication information can only be held by the person in question (i.e., the claimant). However, verification-authentication information can be kept in various places. The reference model incorporates the following topological variants for the storage and flow of verification-authentication information.

1) Basic model: A model that constitutes an expression of the basic principles.

2) Token with verification-authentication information model: A token-based authentication model in which verification-authentication information is held in the token to enable holder authentication.

3) Authentication based on certificate attached on exchange-authentication information model: A model designed primarily to make use of digital signatures.

4) Authentication based on certificate obtained by a verifier model: variation on 3).

5) Authentication server model: A model in which the authentication function is carried out by a server.

3 Methods of personal authentication

Methods of personal authentication can be divided into a number of different types, depending on what is used as information to confirm the identity of the person in question (this is referred to as "authentication information").

3.1 Biometrics type I

These are methods of measuring the physical characteristics of human beings that cannot be easily altered. Typical examples are fingerprints, the blood-vessel pattern in the retina of the eye, and the pattern of the iris of the eye.

(1) Facial appearance

Each person's face is unique and different. Probably it would be no exaggeration to say that the ability to distinguish one person from another in this way forms the basis of human social behavior. Authentication techniques based on the use of facial features are probably the oldest method of personal authentication known to people; and once the computer is introduced into the process, the obvious approach is to use it to compare facial images (i.e., photographs). The facial image registered in a computer and the facial image taken at the time of authentication for use as exchange-authentication information might well differ in terms of the conditions under which they are taken and as such will not be best suited for simple matching. The matching process must, therefore, be based on the extraction of a variety of characteristic features.

With regard to facial features to be used for this purpose, various research reports refer to characteristics such as the shape of the face (contour), the shape of the eyes, the shape of the nose, the shape of the mouth, and facial irregularities. Although identification based on the face, including the development of a suitable algorithm, is still at the research stage, there have been some announcements of commercial products that can be used for this purpose.

(2) Retina

The only human blood vessels that can be viewed directly are those on the retina at the back of the eye. This is the approach used in creating an image of the fundus of the eye for the purpose of diagnosing certain adult diseases. The blood-vessel pattern that forms on the retina is said to be different in each person and consequently is utilizable for identification purposes. In order to view the blood-vessel pattern on the retina, it is necessary to place in close proximity to the eye a special device of the sort used for imaging the fundus of the eye, and then to shine a light into the eye. The technology for personal authentication based on retinal imaging can thus be said to have been developed to a reasonable degree already, and a company in the United States called Eyedentify Inc. already has marketed products that have sold well to date. On the other hand, given the special nature of the equipment used, systems of this sort are currently limited to applications such as access control to facilities.

(3) Iris

Each human beings is also said to have a different pattern on his or her iris, which, like the retina, is a part of the eye. However, by contrast with the retina, which is located at the back of the eye and which therefore can be imaged only by positioning special equipment in close proximity to the eye and then shining a light into the eye, the iris has the advantage of being generally visible from a distance. Thus, unlike the retina, which requires the use of special equipment, the iris can normally be imaged using a commonly available piece of equipment, such as a video camera or a digital camera, which is thus easy to install. Oki Electric Industry Co., Ltd. is in the process of developing a prototype device with an iris-based personal-authentication function.

(4) Ears

Research reports published in Europe, the United States, and Japan indicate that all of us differ in terms both of the morphological and the anatomical characteristics of our ears. Ears stabilize in terms of their overall dimensions when a person is about 16 or 17 years old, and although they do grow slightly thereafter, for all intents and purposes the amount of such growth over the rest of one's life can be regarded as negligible. More research still needs to be done, however, on the hereditary profiles of parents and children, brothers, sisters, twins, and so on, in order to establish proof that there is a universal difference between individuals' ears.

On the assumption that each person's ears are different from those of all other people, however, both anatomical and morphological experiments have been carried out to test the possibility of identifying people by reference to their ears; and research is also currently in progress to establish a suitable identification algorithm. From the above, we can conclude that personal authentication by reference to the shape of a person's ears could well be feasible; but this is not yet definitely known to be the case, and investigations are still at only the research stage.

(5) Fingerprints

Each person's fingerprints are said to differ from those of everyone else. What is interesting about this branch of identification biometrics is that it is the one that commands the highest level of general acceptance. The use of fingerprinting as a means of identifying an individual has long been common practice in the legal field, and the only problem has been with regard to the computerization of this approach to identification. But computer-based authentication techniques have been the subject of research for many years, and suitable techniques are already fairly well established. Various manufacturers have marketed fingerprint-identification products, and many of these are in common use today. There are two main approaches to computerized fingerprint matching: minutia matching and image matching, with the former being the one most commonly used in commercial systems.

Japanese companies that have marketed products of this type include Fujitsu Ltd.; Mitsubishi Electric Corp.; NEC Corp.; Sony Corp.; Nissho Iwai Corp.; Nippon LSI Card Co., Ltd.; Hamamatsu Photonics K.K.; Matsumura Electronics Co., Ltd.; Yamatake-Honeywell Co., Ltd.; Tsubasa System Co., Ltd.; and Secom Co., Ltd.

(6) Palm prints

Palm-print analysis makes use of the characteristic pattern created by the lines on the palm of a person's hand. However, because there are not as many distinctive features in a palm print as there are in a fingerprint, the technique is not as widely used for identification purposes as fingerprinting is. Furthermore, because palm prints are not as widely accepted as fingerprints as means of identifying individual people, their use for personal-authentication purposes is accordingly more limited. However, a number of palm-print identification products are either already on the market or at the development stage; most of these have been designed for use in access-control to facilities and similar systems for which the basic requirements are not so restrictive.

Companies with products of this type already on the market or at the development stage include KFKI Computer Systems Corporation, Biometrics Inc., PIDEAC, and Talos Technology Inc.

(7) Palm shapes

In contrast to palm-print-based techniques, which make use of the pattern of lines in the palm of the hand, palm-shape-based techniques rely on the characteristics of a person's palm as a whole, such as its overall size, length, and width, and the length of the fingers. As with palm-print analysis, this technique is thought not to have the same identification potential as fingerprinting, but the ease of installation of systems based on this technique suggests that it might find limited application in areas such as access control to facilities. A number of companies both in Japan and overseas have products of this type on the market, and palm-shape access-control systems were actually used at the Atlanta Olympics.

Companies with such products on the market include Recognition System, BioMet Partners, Bio-metric Security Sys., and Mitsubishi Electric.

(8) Finger shapes

This technique is based on the differences that exist between individuals in the lengths of the parts of their fingers between the joints. A similar technique called kakushi was used in Japan in the Heian period as a legal alternative to providing a signature for those people who were unable to write. As in the case of palm prints and palm shapes, the ability of this technique to definitively distinguish between individuals has not been proven, and the areas in which it might usefully be applied for personal-authentication purposes are consequently limited. At present, only Toshiba Corp. markets a finger-shape-based product for use in an access-control system.

(9) Pattern of blood vessels on the back of the hand

This technique focuses on the pattern of blood vessels visible on the back of the hand. This technique has not been proved to be any more reliable than those that focus on palm prints, palm shapes, or finger shapes, and although a number of British companies apparently are now developing this technology, it seems not to offer much to distinguish it from the palm-print, palm-shape, and finger-shape techniques.

Companies currently engaged in the development of such products include the British Technology Group, Edith Cowan University, and Veincheck systems.

3.2 Biometrics type II

These types of biometrics take account of human biological features in a broader sense. This category includes features that can be easily changed, which means features that in theory could be used to enable one person to assume the identity of another. Features such as a person's signature (or overall handwriting) and his or her voice spectrum are included in this category.

(1) Voice spectrums

The act of speaking contains a number of optional elements and cannot necessarily be reproduced. It is important, therefore, to find ways to reduce the differences between the voice spectrum provided for registration and that provided for authentication. Voice signals are sound-pressure time-series data. When these are broken down into their frequency elements, the resultant frequency-spectrum time-series data are known as voice-spectrum graphs. Voice-spectrum matching involves matching voice-spectrum data relating to a particular word or words with registered data relating to that word or words. As explained above, perfect reproduction is not possible, and therefore simple matching by superimposition cannot be used. The process of matching is instead based on the identification and extraction of the characteristic features of the speaker's voice spectrum.

The degree of reproducibility also varies depending on the type of word that is registered. In this regard, it is suggested that registration of a word that the registered person is accustomed to using leads to a higher level of reproducibility. For this reason, users have in practice been asked to register familiar words, such as their own names.

One example of a voice-recognition system in use today is the Voice Phone Card, a telephone credit card system offered by the Sprint Communication Company of the United States. The system is based on a technique developed by Texas Instruments Inc. The technique requires the user to respond to a guide message by verbally inputting his or her 10-digit social security number. A similar system has recently been launched in Japan by Fujitsu, under the name of Telephone Banking. Although voice research oriented towards voice recognition has a long history, there still is plenty of room for further research into identity confirmation for personal-authentication purposes, including work on suitable algorithms for such techniques.

(2) Signatures

Signature-based personal-authentication techniques make use of those author-recognition techniques that involve the identification of the author. Author-recognition techniques can be divided into two main types: discrimination of author and identification of author. Discrimination of author is a technique that select the author from a specified group of people based on an examination of samples of their handwriting. Identification of author, on the other hand, is a technique that confirms that a given handwriting sample is that of the person in question. To identify an author in this way, the author must first have registered a sample of his or her handwriting (in this case, his or her signature). The presented signature and the registered signature are then compared, and the degree of likeness is determined.

Signature-recognition techniques can also be subdivided according to whether they rely on static signature data--the shape of the signature only--or whether they also make use of additional, dynamic signature data, such as the order, weight, and speed of strokes. A determination based on the latter factors obviously makes use of a larger volume of information. In such a case, it is necessary for the claimant to write on special-purpose equipment, such as a special tablet. The bulk of the systems of this type in use today make use of dynamic signature data.

One example of this type of product in use today is the Cyber-SIGN system offered by CADIX International Inc.

(3) Special features of the Biometrics type II group

Characteristics included in the Biometrics type I category cannot be changed easily by the person in question, whereas characteristic features included under the Biometrics type II heading can be varied easily. In other words, although it is impossible to copy someone else's fingerprints, it is possible to copy features such as their handwriting or their voice.

Thus, personal-authentication techniques based on the use of Biometrics type II must be able to reject exchange-authentication information that consists of imitations of the signature or voice of the person in question. It should be noted that the test methods used to verify Biometrics type II are in this respect very different from those used to verify Biometrics type I.

3.3 Tokens

Token-based authentication was much used as a personal-authentication technique in the days before computerization. Commonly used tokens include passports, identification papers, driver's licenses, membership cards, credit cards, and so on. In the case of token-based authentication, an organization issues a token that identifies a certain person, and the bearer of that token is subsequently treated as being the person in question. The risk that another person might take advantage of a lost or stolen token to assume the identity of the registered person is implicit in straight token-based authentication; thus, in order to reduce this risk, it is common for some sort of holder-authentication system to be used in conjunction with the token-based system. For example, the portrait photograph that is incorporated in a passport, identification paper, or driver's license, constitutes registered information for the purpose of authenticating the holder. In the case of credit cards, a signature is used to authenticate the holder. Bank cash cards also fall under the heading of token-based authentication devices, but where such is used the bearer identifies himself or herself as the holder by use of a PIN.

In the computer world, magnetic cards or smart cards are frequently used to store a password or a cryptic key. Although from the operational point of view, these belong to the category of straightforward token-based authentication systems that do not require additional holder authentication, such cards are used only as auxiliary storage media to hold data that a human being cannot be expected to carry in his or her memory. From the point of view of personal-authentication techniques, therefore, the use of these cards is better categorized as a secret-information-based technique.

Moreover, in the case of personal authentication through the medium of a network, the notion of simple token-based authentication is meaningless. The point here is that only electronic data can be submitted to a counterparty over a network. And as is rather obvious, electronic data can be easily copied, with the result that token-based authentication cannot in principle be established. Consequently, token-based authentication over a network always has to be carried out in conjunction with a holder-based authentication technique, thereby indirectly enabling the bearer of the token to be identified as the holder. Approaches of this sort are consequently categorized in terms of the method of holder authentication that is used.

In light of the above, it would have been reasonable to omit token-based authentication techniques from our report altogether and to confine our research to techniques other than those (in other words, to limit our report to only biometrics- and secret-information-based techniques) for use as personal-authentication techniques in the field of electronic commerce. However, given the possibility that product appearances can in practice be deceptive, and given that we were more concerned about avoiding omissions than about duplications, we also conducted research into token-based authentication techniques. As explained above, individual techniques tend frequently to overlap with techniques included in other categories.

3.4 Secret Information type I

Like token-based authentication, secret-information-based methods of personal authentication have been in use for many years. "Passwords" have been used in this way for centuries and indeed are still used, along with PINs, in our modern world of computers. The use of secret information such as passwords as a means of personal authentication is thus a well-established technique, and as such does not warrant further investigation in the present context. Something that can generate exchange-authentication information from verification-authentication information is categorized as "Secret Information type I."

As more and more open network systems are used in place of older closed-type networks, a simple password can easily be hijacked by a wiretap-and-replay technique and used to assume the user's identity. More-sophisticated techniques that require more than just the transmission of an unencrypted password are thus being developed and applied.

The first of these new techniques to be proposed was what is referred to as the "one-time password" technique. A number of other techniques, each of which are in practical use in the form of commercial products, are discussed below.

(1) The "challenge-response" method

With this method, the authentication side presents the claimant with a random number sequence known as the "challenge," which he or she then modifies by some predetermined means to generate and provide what is referred to as the "response." The predetermined modification procedure, which is different for each user, is registered with the authentication side. In other words, the predetermined modification procedure is the quite simply the user's verification-authentication information.

The random number sequence is also different on each claim occasion, which means that even if the sequence is obtained by wiretapping, it nonetheless cannot be used again. The predetermined modification procedure is complicated, however, and requires the storage of large amounts of data in memory. The need for manual input by the user on each occasion also tends to slow the operation of the system. As a result, the tendency has been to incorporate into hand-held devices similar to electronic calculators a function to convert challenges into responses.

This is not a new technique, and it has already been adopted in the time-sharing system ETSS, a pilot system developed in Japan in the late 1950s.

An encryption function can also be used as the predetermined modification procedure. With this method, the verification-authentication information is used as the algorithm and the encryption key.

(2) The synchronous-clock method

This method makes use of a hand-held device similar to the one used in the challenge-response method, but with the synchronous-clock method there is no challenge. Instead, an internal clock on the authentication side and a clock in the hand-held device are synchronized and a momentary password generated by the two sides as a function of the time is used. In other words, the user inputs as the password (exchange-authentication information) whatever is shown on the hand-held device at that point in time. At the same time, the authentication side generates a password (verification-authentication information)--based on the time and the user's identity--which is then used to match and to confirm the information received.

3.5 Secret Information type II

With regard to Secret Information type I, once the verification-authentication information is known, it can be used to create exchange-authentication information. This is fine in a 1:1 situation or in a 1:n situation, but it is not always safe in the sort of n:n situations that commonly arise in the context of electronic commerce. The Secret Information type II approach, on the other hand, involves techniques of the sort in which information held in storage for verification purposes cannot be linked with exchange-authentication information, even if the stored data leaks out in some way.

Essentially, Secret Information type II is the same as Secret Information type I, except that the exchange authentication information cannot be inferred from the registered verification authentication information. In the case of a digital-signature-based system, for example, only the public key is registered. The user, for his or her part, submits information signed with a private key that complements the stored public key. Thus, even if the public key falls into the wrong hands, it is still not possible to use it to create acceptable exchange-authentication information. For this reason, we have recategorized this type of information as Secret Information II. Another technique that belongs in this category is the zero-knowledge technique.

Another system, which has been developed to get around both the complexity of client-server systems in which every server has its own password and the risks inherent in transmitting bare passwords across networks, is Kerberos, which has been developed by MIT in the United States. Basically, the Kerberos approach is to set up an authentication server separate from the other individual-function servers. The authentication server then supplies clients with electronic tickets for the target function server or servers, and the client submits the ticket to the target function server as required. This is also categorized as a third-party-authentication technique.

A ticket can also be thought of as a type of token-based authentication used in conjunction with conventional cryptosystem-based holder authentication. With such a system, a ticket is valid only for a limited period of time. This system is a functioning UNIX-based client-server system, but it is not commonly used in the context of electronic commerce.

4 Personal authentication and certification authorities

In Japan, it is sometimes mistakenly believed that personal authentication is carried out by certification authorities because both "authentication" and "certification" are translated into same Japanese word "ninsho". We therefore should look a little more closely at the relationship between these two activities. Authentication, as used in the term "personal authentication," refers to the act of confirming a person's authenticity. Certification, on the other hand, refers to the issuance of a certificate by a certification authority. Of course, these two functions are not entirely unrelated, as we shall explain in more detail below.

In public key infrastructure (PKI), a certification authority is the body that issues certificates conforming to ITU-T X.509 specification. This certificate confirms that the certified person is a public key holder, and as such the certificate fulfills a function similar to that of certification of a person's seal impression. In the case of personal authentication based on the use of a digital signature, the verification-authentication information is the public key of the registered person, while the exchange-authentication information is the registered person's signature made with the help of his or her private key. The authenticator (verifier) verifies the signature and confirms that the claimant is the person whom he or she claims to be. But if the claimant cannot be confirmed as a holder of the public key, personal authentication cannot be completed. In other words, it is fair to say that, in the case of digital-signature-based personal authentication, the certainty of authentication depends both on the certificate that corroborates the status of the public-key holder and also on the certification authority that issues the certificate. The certification authority thus has an important part to play in the business of personal authentication, and under these circumstances it is understandable that some people might mistakenly think that the certification authority is the authenticator.

The certification authority emerges in cases in which the organization carrying out the registration that constitutes the prerequisite for personal authentication is not the authenticator. The certification authority is simply the organization that provides registration for personal-authentication purposes. (This is not required when the registration organization and the authenticator are one and the same.) The means by which a legitimate (registered) person assures a different authenticator that he or she is genuine is by means of his or her certificate. This can be thought of as a kind of electronic version of the identification papers that are so commonly used throughout the world.

Thus, to the extent that the certification authority is the registration organization, the authenticity of certificates registered with that authority depends on the rigor with which the personal-authentication procedures were carried out at the time of registration. The certification authority must therefore use other means to confirm the identity of a user, with the result that the reliability of the certificate issued to that user will depend on the accuracy of the authentication-information used. To put it another way, the rigor with which a person's identity is checked at the time of registration will be determined in accordance with the purpose for which personal authentication is required.

The certification authority is sometimes referred to as a "trusted third party" (TTP), and consequently there is a fairly widespread view that a certification authority must be a third party. In this case, however, it should be noted that the term TTP refers to a third party other than the parties concerned (i.e., in the case of personal authentication, the claimant and the authenticator), and as such the term differs somewhat from the normal understanding of what a third party is. Because the certification authority is the organization that carries out registration, it clearly cannot be a straightforward third party in the usual sense. Only an organization or group to which the person in question belongs can issue certificates of identification for that person. This should be self-evident if one considers that in the case of a credit card system, for example, only card issuer(i.e. bank or credit card company) can issue certificates to prove that he or she is the card holder of the system. Again, it probably goes without saying that if an organization other than the one carrying out the registration were to be the certification authority, individually issued certificates would be usable only in applications with respect to which reliability is not a major issue.

The present working group deals with a range of personal-authentication systems, including those based on the use of authentication information other than digital signatures. The term "certification authority" is thus used in its broadest sense rather than in the sense in which it is used in PKI.

###