While getting rid of passwords is a laudable goal, they represent the proof of knowledge part of the user authentication problem. Arguably, if you are a web site, you want to know if the sentient, responsible, person is there before you let him in and give him the power to buy, move money, or possibly just search for or provide information. In the last five years I have been researching a platform for deeply exploring the "proof of knowledge" side of the equation. It represents a deep integration of current efforts through NIST NSTIC, Privacy, and Cognitive Testing (going back to Cattell in the 1800s). In this talk I will describe the architecture and show the live system for the purpose of discussion with people interested in human factors, computer security, web services, and the like.
Dr. Robert Thibadeau, PhD, is a Pittsburgh resident with a long history as a faculty member in Robotics starting in 1980, and has taught computer security part-time since 1996 in SCS. In 2002 he joined Seagate Research, and is well recognized with the creation of self-encrypting drive (SED) technology now deployed by all major storage device vendors including Seagate, Micron, Sandisk, HGST, and Samsung, under the industry standards he created while Chief Technologist at Seagate. He is currently SVP and Chief Scientist at Wave (WAVX on NASDAQ) which is the leading supplier of software for SEDs. The current talk, though, has to do with a private project and venture he has had underway since 2008 on a radical new way to think about user authentication for the web.