(Part V in a series on Behavioral Biometrics.)
In daily life the term “identification” is often used liberally when in a technical sense we are pointing at “authentication”. The main difference between these two notions is whether a person’s legal identity – linking a person, or more precisely said, his body to a unique legal entity and vice versa – is established (i.e., identification) or only the likelihood that somebody is the somebody he says he is (i.e., authentication). The fact “authentication” only indicates a certain likelihood is lost on most.
When thinking about behavioral biometrics in the new domain of “body-device interaction” – as discussed in this post on behavioral biometrics – we need to redefine the difference between “identification” and “authentication”.
“Behavioral biometrics recognizes unique human behavior, which is 1:1 tight to unique bodies”
Our legal identity is bound to our physical body. They are not one and the same as we can easily see in case a person’s body is missing for a long time and presumed dead but the legal entity is not set to the new status of “deceased” yet. It takes a judge to do so… Or what happens if you loose your passport in a foreign country, how are you to prove who you are? Your body is clearly present but how can you prove it belongs to a certain legal identity?
The crux with identification is to establish the right combination of a given legal identity and the accompanying human body. In the physical world this is not an easy task to do. And mind you even if a passport is used it merely is a process of authentication (i.e. establishing likelihood) as the immigration officer at the airport will have to establish the similarity of you and the photo in the passport and the authenticity of the document itself.
Behavioral biometrics is authenticating a physical body too, but not the legal entity per-se. By monitoring the involuntary behavior of our bodies (as steered by our individual brains and body characteristics) behavioral biometrics can establish which particular body is interacting with the electronic world. As you cannot escape your body a system using behavioral biometrics can establish which particular body is interacting with it. NB This can of coarse be used for authentication purposes.
While behavioral biometrics can establish which body is involved, it cannot identify the physical body outside the boundaries of “body-device interaction”.
In the electronic world it is not easy to link a legal identity (as it is geared for the physical world) to a particular body i.e. person which resides in the physical world. At the same time it is relatively easy – as compared to the physical world – to link behavior characteristics to a given body. But if a particular body/person can be recognized by its behavior often the need for identification in the strict sense will be superfluous. Actually this way of establishing which body is involved can be much more accurate then what we could do by using a passport for instance.
Technically speaking – for arguments sake disregarding a lot of laws involved – a bank does not have to know your legal identity to have an account with which you can pay etc as long as it can link all the actions of that unique person to its “behavioral” identity. The person can’t pretend to be anyone else’s body (in a literal sense) anyway.
The notions and definitions we use today are still geared to the physical, analogue and human centric world as opposed to the virtual, digital and systems centric world.
Behavioral biometrics based authentication starts blurring the line between identification and authentication. This is not a trivial development and will be opening a box of pandora. Behavioral biometrics can be used to allow you into a system and – as a “bonus” – will have the capability to keep you out. (NB I will elaborate on this assertion in a followup posting shortly.)
NB also posted in this series: