Authentication is the process of verifying your identification. Entering your password into a system is authentication. Showing a cashier your driver’s license when buying alcohol is authentication. Typing in your PIN number at the ATM is authentication.
A traditional method of authentication is two-factor authentication (2FA). Typically, 2FA involves 1) something you know, and 2) something you have. In the example of an ATM, to withdraw money you must have 1) your PIN number (something you know), and 2) your debit card (something you have). You cannot withdraw money if you know only the PIN number, but don’t have the card. Likewise, you also cannot withdraw money if you have just the card but don’t know the PIN number.
There are many different ways you can authenticate someone. It could be some physical object the user has in possession (USB stick with a secret token, a bank card, a key). It could be some secret known to the user (username, password, PIN, TAN). It could be some physical characteristic of the user (fingerprint, eye iris, voice, typing speed, a pattern in key-press intervals).
As an alternative to providing signatures when making credit card payments, cardholders can specify semantic identification instructions to with their credit card information. The cashier sees the semantic identification instructions. Instead of matching signatures, cashiers can then verify the identity of the customer by looking at the customer’s physical features or watching the customer’s actions. Some examples of such instructions may include:
- the customer will place his hand in his left pocket while making the transaction
- The customer will say “Here ya go” when handing the card to the cashier
- The customer will always be wearing a silver watch when making a credit card transaction
- The customer has a distinguishing permanent physical feature
Perhaps the gesture can replace the signature. For routine transactions, few people pay attention to signatures anymore. Maybe signatures should be replaced with gestures so that the credit card machine can detect improperly performed gesture signatures and the customer can be automatically flagged for closer scrutiny. For example, instead of providing a traditional signature, I might be required to give a gesture signature known only to me. The gesture signature would be different for each person. My gesture signature might be to use my finger and gesture a capital “S,” followed by a line, and a circled capital “A.” That is easy for a computer to check. If I perform my gesture signature improperly, the system will flag me for closer scrutiny, which may involve the cashier asking to see photo identification or asking further questions to confirm my identity.