RSA Laboratories

2.2.5 What is identification?

Identification is a process through which one ascertains the identity of another person or entity. In our daily lives, we identify our family members, friends, and coworkers by their physical properties, such as voice, face or other characteristics. These characteristics, called biometrics (see Question 7.20), can only be used on computer networks with special hardware. Entities on a network may also identify one another using cryptographic methods.

An identification scheme allows Alice to identify herself to Bob in such a way that someone listening in cannot pose as Alice later. One example of an identification scheme is a zero-knowledge proof (see Question 2.1.8). Zero knowledge proofs allow a person (or a server, web site, etc.) to demonstrate they have a certain piece information without giving it away to the person (or entity) they are convincing. Suppose Alice knows how to solve the Rubik's cube and wants to convince Bob she can without giving away the solution. They could proceed as follows. Alice gives Bob a Rubik's cube which he thoroughly messes up and then gives back to Alice. Alice turns away from Bob, solves the puzzle and hands it back to Bob. This works because Bob saw that Alice solved the puzzle, but he did not see the solution.

This idea may be adapted to an identification scheme if each person involved is given a "puzzle" and its answer. The security of the system relies on the difficulty of solving the puzzles. In the case above, if Alice were the only person who could solve a Rubik's cube, then that could be her puzzle. In this scenario Bob is the verifier and is identifying Alice, the prover.

The idea is to associate with each person something unique; something only that person can reproduce. This in effect takes the place of a face or a voice, which are unique factors allowing people to identify one another in the physical world.

Authentication and identification are different. Identification requires that the verifier check the information presented against all the entities it knows about, while authentication requires that the information be checked for a single, previously identified, entity. In addition, while identification must, by definition, uniquely identify a given entity, authentication does not necessarily require uniqueness. For instance, someone logging into a shared account is not uniquely identified, but by knowing the shared password, they are authenticated as one of the users of the account. Furthermore, identification does not necessarily authenticate the user for a particular purpose.

Top of the page