Other Identity Technologies

A number of mechanisms apart from PKI may be used to authenticate people and entities online.


Biometrics is often refered to as "three factor" authentication, referring to the objective of establishing not only what you know and what you have, but also (or instead) what you are.

Biometric technologies at a glance




Iris scan

Hand scan

Voice print


Retina Scan

Signature Dynamics




Hybrid / Fusion methods



Relationship with other trust technologies

Biometrics PKI Note

"Authentication can be performed with three approaches: knowledge factor (something
the individual knows), possession factor (something the individual has), or
biometric factor (something physiologically unique about the individual). Biometric
technology uses a measurable biological or behavioral characteristic to reliably
distinguish one person from another. Biometrics can enhance PKI technology, and,
symbiotically, PKI technology can secure biometric technology. These PKI Notes
discuss the basics of biometric technology and its synergistic combination with PKI

Will Biometrics Obsolete PKI? A Special Report June 2001 American Bar Association, Bulletin of Law/Science & Technology.

This short paper discusses unique properties of PKI not provided by biometrics, including the ability to revoke when compromised, persistent signatures, and the ability to build open authentication systems.


Symmetric Cryptography Authentication

While not as popular as public key methods, there are strong mechanisms for establishing authenticity through symmetric cryptography. If Alice and Bob know they have a reliable and unique shared secret (symmetric) key, then the ability for either of them to sensibly decrypt a message with that key provides strong evidence that the encrypted message came from the other party. Defence methods like the Fortezza card uses symmetric authentication in this way.


Two Factor Authentication

Setting aside the fact that smartcards and other cryptographic devices constitute "two factor" authentication, the term is often used to refer to a large class of personal authentication devices that generate a pass phrase or other login code, used to access online resources. There are three important sub-classes:

Time Syncronised One Time Password: every thirty seconds or so, the device generates a fresh pseudo random one time password. The pseudo random number generator is seeded uniquely for each specific device.

Event Based One Time Password: Again, a pseduo RNG generates one time passcodes in sequence, but instead of doing so autmatically and periodicially, the event based OTP requires a button to be pressed. It is therefore an electornic version of the "Tranbsaction Authentication Number" (TAN) card. An attempt to standardise the interoperability of this important class of devices has been organised by the OATH initiative.

Challenge Responce device: usually resembe a small hand-held calculator, into which a challenge code is typed, which is cryptogrqphically transformed into a unique response code, using keys unique to each specific device.