Abstract or Summary:
In the real world we authenticate hundreds of times a day with little effort and strong confidence. We believe that we should do so in the digital world as well. We consider authentication for critical systems, and the results developed are broadly applicable. Specifically, we suggest principles that enable a system to measure the assurance that someone is who they say they are. We present a “gold standard” for authentication that builds from what we naturally do every day in face-to-face meetings. We propose a “Authentication Processing Unit” that provides continuous authentication for critical systems. This work differs from other work in authentication by positing principles as a basis for integrating multiple authentication factors without adding burdensome overhead to the users.

PasswordResearch.com Note: The authors say "This abstract is derived largely from our paper at New Security Paradigms Workshop 2013, Principles of Authentication AKA Laws of Authentication: These Aren't The Passwords You're Looking For."