Digital Identification Articles

Identity and access management technologies, implementation requirements and threats are constantly evolving. The articles and papers published below are some of our thoughts and research on the ways this revolution affects our public and private sector clients.


Ph. D. Thesis On Methodologies to Select Systems for Automated Personal Identification

(Dec 2015)
Systems deployed to automatically identify persons operate in diverse application contexts, ranging from border control policing to on-line banking, attract benefits and risks to stakeholder organisations and to their respective user communities. This thesis explores the efficacy of a systematic methodology to select the optimal system for a given application context.

We created a systematic methodology in order to ascertain the extent of a systematic methodology’s efficacy to select the optimal system for a given application context. We also developed criteria in order to assess the efficacy of such selection methodologies.

Ten Reasons Why IRIS Needed 20:20 Foresight: Some Lessons for Introducing Biometric Border Control Systems

(Aug 2012)
Ten Reasons Why IRIS Needed 20:20 Foresight with C. Hurrey. Published Paper in PROCEEDINGS of IEEE INTELLIGENCE & SECURITY INFORMATICS CONFERENCE (EISIC) 2012 22-24th August 2012 Odense, Pages 311-316, IEEE

This paper describes ten lessons that programs should consider when introducing innovations to automatically identify and verify the eligibilities of travellers as part of border control and customs processes. These lessons are drawn from focus group discussions comprising former members of IRIS program. We argue that these and similar lessons should be incorporated into a systematic methodology to stimulate collaboration between designers and stakeholders in order to improve complex decision-making regarding the value of introducing innovations for controlling borders.
My Image

Criteria to evaluate Automated Personal Identification Mechanisms

(Nov/Dec 2008)
Published Paper in COMPUTERS & SECURITY, Vol. 27 (Nov / Dec 2008), pp. 260-284 Elsevier

The consequences of digital identity compromises suggest that selected Automated Personal Identification Mechanisms, which enable computer systems to identify individuals, may be unsuitable in some contexts. Currently, there is no commonly agreed set of factors upon which to base an evaluation, regardless of purpose or requirements.

We establish over 200 evaluation criteria to aid decision on the selection of the most appropriate mechanism for a given context. We consider that the suitability of these mechanisms should be ascertained from a broad approach. Our criteria are designed to expose strategic issues and risk management aspects that influence organisations' objectives and policies for introducing these mechanisms. Additionally, criteria are developed to acquire functional and performance requirements for the intended user community. Our criteria are also formulated to help describe the characteristics of contesting solutions. These qualities range from technological efficiencies to usability effectiveness. Each mechanism may then be assessed for its suitability against the context's risks, issues and operational requirements within an evaluation framework capable of accommodating diverse perspectives and multiple objectives.

PKI Needs Good Standards?

(Nov 2003)
PKI Needs Good Standards? with P. Buck, INFORMATION SECURITY TECHNICAL REPORT, Vol.8 No.3, Elsevier (Nov 2003)

PKI appears to many observers to have been a failure. We suggest that the bad image of PKI has been caused largely by poor implementations coinciding with over-hyped expectations. We further suggest that a root cause of this situation has been the lack of a coherent and consistent set of good standards supporting the development of PKI. We attempt to demonstrate the types of standards that a technology needs for its support while it matures. We look briefly at the standards that PKI has engendered and conclude that they have hindered as much as they have helped. Finally, we determine what standards are needed to enable PKI to rise, phoenix-like, from its own ashes.

Digital Identity Security Consultants
Identity & Access Management | Biometric Authentication & Identification | Data Encryption & Digital Signatures | Public Key Infrastructures & Directories

Stacks Image p87_n61
Stacks Image p87_n58
Stacks Image p87_n64

The contents of this website are copyright © 2017 Symbiotic Consulting Services Limited. All rights reserved.
Symbiotic Consulting Services Limited is a company registered in England and Wales, No: 5368511. Registered office: 22 Birch Grove, Welling, Kent, DA16 2JW, United Kingdom.