Abstract
The consequences of digital identity compromises suggest that selected Automated Personal Identification Mechanisms, which enable computer systems to identify individuals, may be unsuitable in some contexts. Currently, there are no commonly agreed set of factors upon which to base an evaluation, regardless of purpose or requirements. We establish over 200 evaluation criteria to aid decision on the selection of the most appropriate mechanism for a given context. We consider that the suitability of these mechanisms should be based upon a broad approach. Our criteria are designed to expose strategic issues and risk management aspects that influence organisations' objectives and policies for introducing these mechanisms. Additionally, criteria are developed to acquire functional and performance requirements for the intended user community. Our criteria are also formulated to help describe the characteristics of contesting solutions. These qualities range from technological efficiencies to usability effectiveness. Each mechanism may then be assessed for its suitability against the context's risks, issues and operational requirements within an evaluation framework capable of accommodating diverse perspectives and multiple objectives.
| Original language | English |
|---|---|
| Article number | Palmer:2008:CEA2639520.2639609 |
| Pages (from-to) | 260-284 |
| Number of pages | 25 |
| Journal | Computers and Security |
| Volume | 27 |
| Issue number | 7-8 |
| DOIs | |
| Publication status | Published - 1 Dec 2008 |
Keywords
- Accessibility
- Automated Personal Identification Mechanism
- Biometric Identification
- Biometric Verification
- Privacy
- Reliability
- Risk
- Usability
- User Authentication
- Vulnerabilities