Monday, 28 April 2008

Identity issues and modern exam techniques

The most important facet of a service that is offered by a examination body is to the general public, not the students themselves but those of us who will in time use the qualified professionals. For example If you use an accountant you don't just trust them with your finical data you also trust them with your livelihood. We need to know that when we extend our trust to an accountant, that they are adequately skilled and have been examined by a professional body to an adequate standard.

The modern examination process has come a long way from rows of desks with an invigilator sitting at the front. Examinations and the examination process itself have been upgraded.

The learner can use an on-line system to schedule when and where they would like to take an exam, the student then arrives at a comfortable examination center and sits down in front of a computer, the exam starts when they click and is controlled by a remote computer system that provides the student with a monitored and balanced set of questions. The adjudicator’s role is to provide drinks and to make sure that the students are not using their mobile to call friends who are googling the answers. Results are often provided immediately at the end of the test along with a breakdown of the student’s performance.

However this examination process has introduced a number of new problems, the most significant of which are associated with identity, and can be summed up by these three questions
  • "who is going to take the exam?"
  • "who took the exam?"
  • "who does this exam result belong to?"
Imagine Geoff decides to become an accountant this is a possible journey that Geoff could take to achieve his qualification.

We start to answer the question "who is going to take this exam" when Geoff shows his interest on the web site, and we also encounter our first identity problem. How do you know that people who have signed up with us and are real, unique people? Has this problem been solved before? Back in the early 1990's it was technology companies such as Microsoft who developed the tools to make examinations a more enjoyable experience. They also introduced the new way of examinations for their accreditation programmes and so naturally it was they who first started to tackle these identity problems. Their solution was simply to create a database of people, all having user names and passwords; an identity silo. Independent from any governmental or quasi-governmental organisation, this solution is called by some Identity 1.0. To prove that Geoff is really a unique person, and that he really exists the web site needs to link the identity it has with an identity that is offered by trusted identity authority such as the passport or driving licence office. This is called Identity 2.0.

The next identity question "Who took the exam" comes when he is at the examination centre and needs to relate his exam result and his physical identity to the identity that he previously registered on the website when he booked the exam. A modern solution is to use a biometric measure to relate Geoff person to information that has been previously stored against him. Lets say we use his retina scan.

This basic biometric process is used no matter which biometric measure you choose to use. Biometric measure come in one of two categories physiological or behavioural.

The physiological measures are
  • Face - Everyone has a face, but they are not as unique as you would think.
  • Finger print - These are very unique but are very, easy to get round (search for fingerprint on youtube)
  • Hand Geometry - Good all round measure to use
  • Hand Veins - Are easy to circumvent
  • Iris - Difficult to collect works very well
  • Retinal scan - Very very difficult to collect but works really well.
  • Face Thermiograph - Very unique, but change as people get older
  • Odour - Difficult to collect but a good measure to use
The behavioural measures are
  • Key strokes - Very very easy to collect
  • Signature - Not a good measure at all, forgers have been working on this for centuries
  • Voice - Not very unique
  • Gait - Easy to collect, but also easy to imitate
If a biometric is used then it must also be noted that the patterns stored against a person need to be in a database, against a user name and password. Most off the shelf biometrioc solutions actually reinforce the Identity silo problems that existed before the biometric solution was put in, and often incur massive costs in the process.

Our third question "who does this exam result belong to?" is a tricky question, we may be able to relate the result to a set of finger prints or to a user name and password, but who really owns the exam result? Are they Alive? Have they been incarcerated for fraud? Have they been awarded the Nobel prize for science? Again an Identity silo exasperates the problem. organisations such as OpenID and OASIS are trying to solve this issue from a technical perspective.

Things have moved on since the Microsoft Certified Engineer days and nearly everyone is a member of hundreds of identity silos. Identity silos do work well for storing your shopping list or a set of favourites, but as a solution for things that are really important - they really don't work. The century has already seen the rise of identity theft, organised large scale credit fraud and global terrorism. You also have to ask another question,
"Is owning, managing and maintaining an Identity Silo core to my function?"
The answer can only be no. If you want to remove barriers to membership then every thing that detracts from this is just a cost, that will included in the exam fee.

There are many ways to authenticate a student, either via a shared secret such as a user name and password, via a token such as a smart card or a biometric device, but if these authentication solutions are used to populate Identity Silos then you will be left with dealing with all the associated problems.

The Identity 2.0 solution to this technical issue is to delegate the task of authorising users and consequently the owning and managing of a particular identity silo to a specialised provider. Specialist services such as on-line exam papers or multiple choice questions could be held on servers that sit behind the identity asserting authority. The exchange and interchange of identity information can be facilitated using the SAML (Security Assertion Mark-up Language) standard.

This architecture is about trust. The user trusts the asserting authority with their personal information, who will be a vendor selected for their trustworthy characteristics such as Veritas or Microsoft. This trust is again repeated by service provider who will have a number of services on the right hand side of the diagram. The biometric vendor has a common standard to deliver to and importantly this can be changed if their solution is compromised without a redesign of any of the services. In-fact examination body will be able to extend trust to its students in different manners according to the student’s status, role or geographical region. In countries that prohibit the storage of finger prints, smart cards can be used. Students who have graduated can login using their user name and password, but students who have not finished all their exams would need to use a finger print identification. As new features come into the public domain such as OpenId and cardSpace the solution can be extended in a single place the Credential Authority (CA).

In conclusion an Independent Asserting authority allows you to change your services and how your services are accessed without effecting your customer base, which will allow you to deliver faster as you don't have to maintain your identity silo and deal with the technical complexity associated with running one.

Most important of all is that your students only have to trust you enough to provide the services that you want to offer, i.e. they don’t also have to trust you with their identity, finger prints, retina scan, voice patterns ....

If an independent assertion authority is used, then the core service that you wish to offer can be developed against it with a well known and simple user name password or token style solution. If fraud, identity theft or impersonation then turn out to be a quantifiable problem then a biometric solution can be used without change to the previously deployed solution.

The one question not yet answered is probably the most important question and that is
"Is this person who says that they are certified really certified".
I.e. Can I trust Geoff with my finical data and my livelihood because the certificate on the wall in his office says so? and Is that certificate a forgery?What I need is the ability to check with the examination body that Geoff really is who he says he is and to do that the examination body must explore exchanging Geoff's profile information that it has stored against his member identity with an unidentified member of the public. A simple suggestion that may work without either Identity 2.0 or a biometric device can be achieved by the exam invigilator taking the student’s photograph during the exam and publishing the photographs on the website against the name that the student gave at the exam and the name on the qualification document.


Identity 2.0 Dick Hardt
CCCB How to hack a finger print reader
Biometrics wikipedia
OASIS technical council on SAML

No comments:

Elliott - a little more

London, United Kingdom
I am an architect with shed loads of familiarity in providing high profile consumer media, products and services. I conceive ideas, design and lead projects to create new consumer products. I love brainstorming ideas with marketing counterparts and creating future facing and innovative solutions. I have been responsible for high volume mass consumer market features where scale, reliability and the ability to quickly respond are of crucial importance.