|
Posted by Ari Silversteinn on August 15, 2005, 7:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Is there a way to automatically authenticate a user, not the user's
computer, when he logs in to a website? The reason for this is to validate
that a multiple choice test that is taken was performed by Bob X and not by
Charles Y in a distance learning application.
No additional hardware can be used (such as fingerprint reader); there
would have to be no reconfiguration of Bob's computer since Bob is
incapable of performing any such task.
If this is possible, then can Bob also be identified if using *any*
computer not just his own.
--
Drop the alphabet for email
|
|
Posted by Barry Margolin on August 15, 2005, 8:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Is there a way to automatically authenticate a user, not the user's
> computer, when he logs in to a website? The reason for this is to validate
> that a multiple choice test that is taken was performed by Bob X and not by
> Charles Y in a distance learning application.
>
> No additional hardware can be used (such as fingerprint reader); there
> would have to be no reconfiguration of Bob's computer since Bob is
> incapable of performing any such task.
>
> If this is possible, then can Bob also be identified if using *any*
> computer not just his own.
Isn't this normally done with a username and password prompt? It can be
improved with token-based authentication like SecurID or Defender.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
|
|
Posted by Todd H. on August 15, 2005, 11:07 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Is there a way to automatically authenticate a user, not the user's
> computer, when he logs in to a website? The reason for this is to
> validate that a multiple choice test that is taken was performed by
> Bob X and not by Charles Y in a distance learning application.
This is a notion known as "individual identification" and "individiual
authentication."
It's normally done with a username and password. The username
identifies a unique user. The password set by that person
authenticates that user that hopes to confirm the user is who they say
they are.
If by automatic you mean the user doesn't have to enter anything, the
answer is "no, with your requirements, there's no practical way to do
this."
If you're willing to give up strong authentication, you could email
URL's to specific users, each of them uinque, and containing an
encoded username to uniquely identify them.
However, if someone happens to get hold of that email maliciously or
by a manager forwarding their email to all their subordinates and
saying "take the is test" then you've lost authentication, and
everyone who got the email will be indistinguishable.
Best Regards,
--
Todd H.
http://www.toddh.net/
|
|
Posted by Volker Birk on August 16, 2005, 6:21 am
If you were Registered and logged in, you could reply and use other advanced thread options > Is there a way to automatically authenticate a user, not the user's
> computer, when he logs in to a website?
Can you control the access to the physical terminal?
If so, yes, this access control is good for identifying the users, if the
terminals are secure.
If not, no, you cannot make this secure.
F'up2here.
Yours,
VB.
--
"Almighty Father, who wilt hear the prayer of those that love Thee, we pray
Thee to be with those who brave heights of Thy heaven and who carry the
battle to our enemies. Guard and protect them, we pray Thee, as they fly
the appointed rounds." - Chaplain William Downey, prayer for the Enola Gay.
|
|
Posted by Regis on August 16, 2005, 10:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Is there a way to automatically authenticate a user, not the user's
>computer, when he logs in to a website? The reason for this is to validate
>that a multiple choice test that is taken was performed by Bob X and not by
>Charles Y in a distance learning application.
>
>No additional hardware can be used (such as fingerprint reader); there
>would have to be no reconfiguration of Bob's computer since Bob is
>incapable of performing any such task.
>
>If this is possible, then can Bob also be identified if using *any*
>computer not just his own.
Yes, this can be accomplished through the use of bar code e-mail.
|
| Similar Threads | Posted | | SSL Server authentication, SSL client authentication, SSL connection and SSL session | August 14, 2006, 1:05 pm |
| WEP authentication, why WEP authentication scheme is flawed and how it can be attacked | August 1, 2006, 12:51 pm |
| Single Sign-on API | May 31, 2007, 9:44 pm |
| .NET and J2EE single sign-on | February 15, 2005, 11:46 am |
| Proxy sign messages | July 26, 2005, 12:58 pm |
| J2EE single sign-on | August 31, 2005, 6:42 pm |
| Sign e-mail with server certificate | February 22, 2005, 4:17 pm |
| ? echo cleartext | sign | enc | pkcs#7 | May 30, 2007, 8:03 am |
| digitally sign office and pdf's??? | June 11, 2007, 10:21 am |
| IKE authentication | June 11, 2004, 8:50 am |
|
XML site map