Technology Exploration Project – M591

Identity and verification, what is to be done

Identity is a common issue that plagued differing communities since philosophy and understanding came about. Identity can be a fluid concept, as any number of people can claim to have the same identity and depending on the field being authenticated, their claim may well be valid although unexpected. When trying to verify a cheese sandwich if only the attribute of a name 'Sandwich' is used in verification it may be possible for a human with that surname to be verified as a foodstuff! So is identity important and how can the issue of identity be conveyed? Once the issue of identity is conveyed and authenticated, how is the data used and what is the effect of this? These aspects, as well as various others relating to two different identification purposes shall be explored. This report should outline the reason for the identification method, along with outlining any benefits, disadvantages, improvements or possible conflicts of interest. Relevant data will be gathered and analysed in order to determine the effectiveness of the current identification, as well as to analyse any other key issues.



One method used for identification purposes that will be explored by this paper is a straightforward comparison between data presented by a claimant and any stored data that can be used comparatively. This shall be explored further using the example of patient registration at a hospital, where According to Staff Nurse F. Lambert (personal communication, October 22, 2007) the information a patient provides is compared against the records stored on a Patients Administration System (PAS) database (Gagen, 2001, Verification Is Key to Improving Patient Registration). The other method used for identification purposes that shall be explored by this paper is the possession of a token being a possession that a claimant has that can be presented by a claimant in order to authenticate their identification. This shall be explored further using the example of a bank note being used as a token by a customer to buy items at a shop, the bank note identifies the customer as having sufficient funds to purchase an item and the bank note is a token as it is a promise that ‘ I PROMISE TO PAY THE BEARER ON DEMAND THE SUM OF XX Pounds’. Using the bank note in this way brings up issues of ownership and property rights that should be explored. Although a bank note itself is used as a token for identification, there are various attributes of the bank note that are used for the authentication and verification of the identity of the bank note itself. Due to this the methods used for authenticating the bank note itself should also be looked into and compared, so as to ascertain why such attributes and authentication methods are used.

Comparison is a method of improving service by disclosing small amounts of personal information as attributes for authentication. The method of using a token protects personal information in order to exchange goods or services, however this shifts the focus from authenticating the claimant to authenticate the token itself, with the possession of the token being a weak form ownership. With the increase of attributes, the authentication should be made more accurate, with using multiple methods of authentication, such as comparison and measurement the accuracy that a claimant’s identity can be authenticated is increased further. The methods used for authentication are linked to the value of the asset that is being protected, as is the technology. The histories of both methods are similar in that they have evolved more attributes in order to protect the asset; however it seems that the benefits are for both sides when using the comparison method, whereas for the token method the main benefits are for the claimant. The best method of improving security is to increase the attributes, which usually means increasing the amount of personal data disclosed. Although this improves the authentication of the claimant and can lead to an improvement in services in some cases, releasing too much information can have a detrimental affect on the individual and society, so it truly is a question of balance as to how much personal information is released into the public sector, along with the gain to accuracy of the authentication process.

My attribute’s John Smith, this hospital is not as secure as the bank of England

For anything to be authenticated it must have attributes that make it uniquely identifiable, thus allowing the claimant to have their claimed identification authenticated. This gives rise to the issues and beliefs that arise around security, and how ‘safe’ something is perceived to be. Security is built upon the attributes being used to identify the claimant, as certain attributes are perceived to have a strong level of ownership by the claimant. Other important factors include the ‘importance’ of the result of authentication, as to the ‘cost’ of incorrect verification. The more personal information used as an attribute, the more ‘secure’ it is believed that the authentication will be. This gives rise to other issues, such as how the attribute can be used to authenticate the identity of the claimant, as well as for comparison, the security of data of personal information held for the use of authentication is an important issue. This section will explore the attributes used for both situations, along with the level of personal information disclosed and the possible implications for data security of the personal information.

When a patient enters accident and emergency in a hospital looking for treatment, According to Staff Nurse F. Lambert (personal communication, October 22, 2007) the most common course of events is that they are asked for their name, address, injury, general practitioner’s (GP) name and any relevant medical history. The patient's name, address and the name of their GP are used to authenticate the patient as well as to start searching for their medical history. According to Staff Nurse F. Lambert (personal communication, October 22, 2007) the injury is used to prioritise in which order the patient needs to be seen with the relevant medical history being used to improve the service once the patient has been taken for treatment. The entrance of a patient may vary on occasion, as the patient may already have an appointment, where they may go directly to a specific department of the hospital relevant to their ailment but would still provide the same identifiers. It may be that the patient arrives unconscious or without any identifiers, in which case the patient may be searched for identifiers such as bank cards or driving licence. In the case that the patient has no identifiers at all then they will still be admitted and will be given a general identifier, such as a number or a name ‘John/Jane Doe’. In the case of a newborn child the child will initially receive the identifier of its sex, MI for Male Infant or FI for Female Infant, along with its parent’s surname, unless named at birth.

It is possible to see that there are many different ways of entering a hospital, and various methods of authentication that can be used to verify a patient’s identity. All known information about the patient that is already stored on the hospitals computer system can be used to authenticate the authenticity of the identifiers that the patient is providing. In the United Kingdom where the National Health Service (NHS) is used thus providing a ‘free standardised healthcare for all’ attitude, there is little reason to lie about one’s identifiers, so basic personal information can be used to authenticate the identity of a patient. In other countries such as the USA, healthcare can be very expensive, causing people to be far more likely to attempt to fraudulently claim healthcare using the personal details of another person who has healthcare benefits. This has lead to more sophisticated methods of authentication in American hospitals such as biometrics (Messmer, 2004, Healthcare looks to biometrics), which uses measurement to identify the patient, as well as the standard comparison methods.




Although a patient must be authenticated for their own safety whilst treating them, sometimes it may not be necessary and intrusive verification may cause more problems than it would solve. The main point is that it is a question of balance, when it comes to a patient being able to receive birth control anonymously as the NHS is free to all there is no need for any authentication, as patients do not have to book an appointment or even use their real name. When transfusing blood it is essential that the patient has been authenticated correctly, as if the authentication method has been carried out incorrectly this could result in a patients death. The same can be said for any prevalent allergies or medical conditions such as insulin dependency.

The main attributes used in the UK for authenticating a patient are their name, GP’s name, date of birth and place of residence. According to Staff Nurse F. Lambert (personal communication, October 22, 2007) once a patient has been authenticated, for example a patient that has been moved on to a ward after completing the check-in process, a plastic tag around their wrist becomes the patient’s main identifier. As a secondary method of authentication, when a nurse or doctor comes into contact with a patient they do not recognize they use the wristband to search for the patients notes and then ask the patient for their date of birth, which is then matched to the record in the notes. The wristband should not be removed for the duration of the time that the patient remains in the hospital.

The attributes used for patient authentication in the UK are varied, however there is a uniform concept that the information is reasonably personal and can be compared with readily available information stored on an accessible database system in order to authenticate the existence of the patient given the attributes presented by the claimant. Every person born in the UK will be stored on the database, as the details are registered at birth. This means that the store of all this personal information should be protected under the data protection act and as such should not be disclosed to third parties without the express permission of the patient. The reason for this is the implications that may arise from other persons gaining access to the personal attributes of other claimants. In the healthcare industry in the UK the implications of other claimants gaining personal attributes are generally not serious as discussed later in the section about authentication, with the rare exception. The implications become more serious when considering other ways that the information can be used if another person gains access to the personal attributes, as the information could be used to take out loans, steal potential assets or rights belonging to the original claimant in other fields.

In the case of a bank note, the note itself is a token that is sometimes taken as being the main attribute, although there are many other attributes afforded to the bank note that most people who use it every day are totally unaware of. For starters there is the value, which is used to check how much the note is worth. Then there are other identifying marks that are used mainly for authentication. These include watermarks, metallic strips, serial numbers, pictures, colours, holograms and even the type of paper used.

When a bank note is presented by a claimant to pay for goods or services, the claimant does not state that they own the token, merely that it is sufficient to be taken in exchange for the goods or services that they require. The person accepting the token authenticates it by checking the watermark and other security features, before taking possession of the token. Money is an unusual token in this way, as it passes from claimant to claimant but has no attributes to identify the claimant, the only attributes of the token aim to authenticate the token itself. This lack of proof of ownership helps to protect the identity and personal information of the claimant; however other security risks appear in the form of the fact that the token itself may have been stolen (Wikipedia, 2007, Token Money). As no personal attributes are disclosed by the claimant while using the token, except possible unknown transfer of fingerprints or Deoxyribonucleic Acid (DNA), it is almost impossible to steal personal information from the claimant, thus making this a very secure method of data security for the claimant. Of the other issues that arise from this inherent data security come the problems of ownership, as the claimant may have stolen the token or even have produced a fraudulent token. In the case of fraudulent tokens this can be checked by using the attributes present on the token, which shall be discussed later in the authentication section. In the case of the claimant not owning the token it is much more difficult to prove, as the token can pass from person to person, leaving no ‘paper trail’, although stolen tokens can sometimes be located, this shall be discussed later in the section on authentication.

The differences between the attributes used in these two methods of used for identification purposes are that the attributes provided in the comparison method are of a personal nature and relate directly to the claimant, allowing potentially personal information into the public domain. For the token method no personal attributes are disclosed into the public domain, apart from the fact that the claimant currently possesses the token. The attributes are used only for identifying the token, although the claimant might accidentally leave personal information on the token, such as fingerprints or Deoxyribonucleic Acid (DNA). The similarities are that that both methods can use some method of comparison for authentication, in the case of patient identification this is against stored personal information, whereas for the token it can be compared against other tokens, or a known standard of a token. This comparison of the token against other tokens only authenticates the token itself and the claimant’s right to use the authentic token, not the right of ownership of the claimant who possesses the token. The comparison method uses personal identifiers disclosed by the claimant and compares that via an external store of personal identifiers, where the token is instantly recognised as affording the claimant rights to purchase a certain amount of items without disclosing any personal information. Comparisons between known attributes and the attributes on the token can then be used to authenticate the token itself, which is a secondary level of authentication. Measurements can also be used to verify the token, in the form of the physical dimensions of the note and various ultra-violet light properties of the note. The ownership properties of the token are less secure in that it is sufficient to possess the token in order to use it, this aspect will be discussed further in the authentication section.

The methods that are used for authenticating identity

This section looks into the methods that are used for authenticating identity, along with the consequences of incorrect identification. The reliability of authentication, technology used in the authentication process and potential consequences for personal information shall also be considered in this section.

The first issue when authenticating a patient is what is being authenticated, and what are the consequences of an incorrect authentication. When a patient is being identified it is important to note that every patient is unique, even although their medical notes may be identical to many other patients. Although many patients may have a completely ‘clean bill of health’ if two healthy patient became ill the outcome may be totally different even if they both contracted the same illness. Even identical twins may have different medical records based on events through their lives. It is also important to note that incorrect identification of a patient in the worst case scenario, According to Staff Nurse F. Lambert (personal communication, October 22, 2007) could lead to death. This shows that it is very important to get the authentication method correct and if a patient is not authenticated using the provided attributes, although this is only likely to happen in exceptional circumstances, great caution must be taken when treating an unauthenticated patient.

In the NHS scenarios the method used for authentication is comparison, thus there must be an attribute offered by the claimant that is already known in order that the known information can be compared for authentication. In this scenario the claimants name or other personal attributes are compared against those stored in the Patients Administration System (PAS) database (Gagen, 2001, Verification Is Key to Improving Patient Registration), every person born in the UK should have been entered onto the PAS at birth, however if the patient is not registered they can potentially be added at any time. This is due to the fact that no treatment at all would be potentially more dangerous to the claimant than treatment without authentication, thus it is possible that the claimant would offer an unknown attribute and the claimant could be registered under this provided attribute. It seems that although the attributes used may be of a personal nature it would be possible for them to be fabricated also, with this having little to no effect on the authentication process.

The only time issues could potentially arise is if the claimant gives the attributes of another patient, where it may be believed that they posses conditions that are not their own. This is very unlikely to occur as the claimant would have to correctly present another claimants personal attributes, however would not be impossible if the false claimant was able to extract the attributes unknowingly from another claimant. This aside it is unlikely to occur as the false claimant would be endangering them self. If a claimant were incorrectly authenticated it is possible at any stage that if they had claimed to be another claimant with an existing medical condition they could be tested, which would show that they were not actually the patient they claimed to be. If a patient were discovered to have been incorrectly authenticated, they would instantly be reverted back to a general state of having an unknown medical history, with the methods of treatment used up until the incorrect authentication being discovered being put under review as to the safety of such treatment.

The potential issues with incorrect identification of the token that is money would be, for small shops, a potential loss of money, effectively due to theft. The issues on a larger scale such as large amounts of fraudulent tokens being introduced undetected into banks could result in instabilities in marketplaces, as well as fluctuations in exchange-rates. In essence a widespread increase in undetected fraudulent notes would diminish the effective value of all the other notes, thus making it imperative that all fraudulent notes are detected for the economic stability of the financial market.

Money used as a token does not establish the identity of the claimant who is using the token as a method of identifying that they have the appropriate funds depicted by the token. This produces a great method of securing the integrity of personal information that the claimant has, as they need never disclose any personal information throughout the entire transaction, as they are simply claiming to have possession of the token. This claim produces the problem of issues to do with ownership, as there is no way that it can be authenticated that the claimant actually has ownership rights to the token. It is taken as sufficient ownership rights that the claimant currently possesses the token, thus the authentication is shifted from the claimant to the token, thus verifying that the token is indeed authentic, due to the issues arising from incorrect authentication of the token as described in the previous paragraph.

In identifying the token itself there are many attributes that can be either measured or compared. Attributes that identify the token may be both measured or compared depending on who is doing the authentication process, this is not jus due to different technologies being available to different authenticators, but can also be linked to the issues arising from incorrect authentication of the token as described in previous paragraphs. This can also be linked to the probability of fraudulent tokens being presented by a claimant, along with the amount of fraudulent tokens being presented. For example in a small shop the amount of counter fit notes presented to a cashier are likely to be low, this coupled with the probability that the quality of the counter fit notes is likely to be poor, then using simple comparison methods between the standard attributes such as the watermark, metallic strip and hologram are likely to provide sufficient protection. Although this will not guarantee that the shop will be fully protected against all fraudulent tokens, the probability of fraudulent tokens being accepted should be sufficiently reduced to a level that may be deemed as ’acceptable losses’ that can be calculated into the expenditures of the shop. It might be necessary for a shop to upgrade the amount of attributes compared and technology used depending on area and the probability of receiving sophisticated or highly realistic fraudulent tokens. This can be done by training staff to recognize and check all the attributes compared to a token that is known to be authentic. Increasing the effectiveness of authentication and thus security can be done by purchasing technology such as ultraviolet lights or pens that can be used to authenticate hidden marks that are not only invisible without the technology, but are also more difficult to replicate when producing fraudulent tokens.

In the case of Banks and occasionally post offices where large amounts of money can be brought in by a claimant that all would need verification, it would prove too time consuming to individually authenticate each token using humans comparing each token. In this case it is far more likely that sophisticated technology will be used to not only compare, but potentially measure various attributes of the tokens automatically. The reasons for using the more sophisticated technology are that these types of institutes are more likely to become targets of organised crime, thus it is more probable that they shall face larger amounts of highly sophisticatedly produced, extremely realistic fraudulent tokens that would probably be passed for authentic notes if compared by a human. The high level technology machines that are used to compare and measure the notes are able to concurrently authenticate many attributes with a great degree of accuracy. As an example the serial numbers are compared against serial numbers currently known to be in circulation, the elements that make up the bank note can also be measured, thus showing all the elements used in construction of the bank note, which can then be compared against a known standard. The serial numbers may also be used in order to verify ownership of the token, as if the note with a specific serial number is know to be stolen, it can be ‘flagged up’ if it appears in any bank and the claimant will be asked where they obtained the note and may be detained until a reasonable explanation can be ascertained if the note is stolen. Although the specifics of all the attributes that are compared or measured are not disclosed, in the interests of maintaining security, thus maintaining the integrity of any authentication. Very few people with specalised jobs necessary for the authentication of the token or production of the identifier are provided with specialist details about a specific attribute, thus improving security and maintaining the reliability of any authentications.

Although measurements are used by this type of verifier, a measurement is just a method of determining a specific characteristic by comparing it with a standard unit with the same specific characteristic (Hawkins, 1994, The Oxford School Dictionary). Although measurement does use an element of comparison, measurement is different due to the fact that the exact characteristic can be compared, thus allowing a more precise comparison and allowing for a higher probability of correct authentication.

The main differences between the two different methods of authentication are that the comparison of a patient’s personal information tends to transfer more personal information into the public domain than compared to the token, where little if any personal information is transferred. Comparison is used both in authenticating a patient as well as authentication of the token, although measurement can also be used to authenticate the token with greater accuracy. The act of possession of the token is enough to authenticate the claimant as having ownership of the token, although in a bank ownership could be verified to a small extent using the serial number of the token, although this would not prove that the claimant did not legitimately come by the token, simply that the token itself had at some point been stolen. The authentication of the token can be very strong as it has a large number of attributes, some of which are not widely known, so as to protect the authenticity of the attributes of the token. This is important not only for the economic stability of a country, but it is widely known that an economic instability can alter the politics of a country, this is due to people being concerned about how much the token is worth compared to other countries tokens. In some countries the value of the token can be altered by different political parties providing different resources, trading with different countries or even choosing to produce different amounts of tokens. Before the Second World War the excessive printing of the German Deutch Mark along with substantial outgoings to other countries lead to instability in the German financial market, thus opening the door to different political parties. Although the comparison method is not strong for the NHS, it proves sufficient as it is used for retrieving medical notes that benefit the claimant, which will be discussed further in the section on which group benefits from the current identification method.

The historical context leading to the current identification methods

The NHS has not been around for as long as money and up until recently the understanding of medicine and concepts of patient welfare were poor (Solovy, 2003, HUMBLE BEGINNINGS). With the advent of the NHS it became necessary to keep records about not only the treatments of medical problems but also the treatments undergone by patients. This could be used to ensure that patients were not given the same injection more than once. In recent medicine medical records have been used to keep track of treatments that patients have received, along with x-ray results and any allergies. This has proved a constant challenge where patients travel between multiple hospitals, as paper records need to either to be couriered between hospitals or copied. In order to cope with the problem of large amounts of paper records needing to be stored and transferred, records along with other medical information has been digitised, so that it can be stored in a database and accessed via computer terminals (Health Management Technology, 2006, A Final Farewell to Paper). The attributes for authentication had always been the patients’ name, but now with the advent of super-hospitals where many patients may have the same name and GP’s, addresses and birth dates are now also used. Due to the advancement in technology in regards to the internet it has become possible to access patients notes online with the information secured in a database, with such ease of accessing important notes quickly it is possible to see that a database is where all patients details could eventually be stored (Hospitals & Health Networks, 2007, HEALTH CARE'S MOST WIRED online).

Money has been around in some form or another since records began, initially it was just the trading of goods or services that were believed to be equal in value. This idea soon evolved to produce the complex makeup of money that is experienced today. In 1780 B.C. the first recorded payments are described where other goods were measured in value by weighted amounts of silver. In 650 A.D. are the first records of paper money in China, called ‘Flying Money’ due to the fact that it could be blown away by a strong breeze, which did occasionally occur. Thus it is possible to see that coins replaced barter, checks and paper money replaced coins, and now electronic commerce is starting to overtake paper transactions (Taylor, 2004, Making Change). Below is Figure 1, The History Of Money (Taylor, 2004, Making Change) that depicts how money has evolved.



Initially coins and paper tokens had little in the way of high level security, although this was probably not necessary due to the difficulty of replicating the coins due to insufficient resources. The main distinctive features on most of the earlier coins were that of figureheads, but as time has moved on, the number of attributes has increased, along with the complexity of those attributes.

With the increase in forgeries of the token money (Strategic Finance, 2007, Ben Meets the 21st Century: Securing the C-Note) it has been necessary to increase the number of authentication methods, as well as the type of authentication methods used. As well a comparison, measurements are also now used, however the attention is drawn away from the ownership of the token as banks appear more concerned that the token itself is authentic. Authenticating ownership of the money is almost a separate issue, which is almost impossible to do due to the fact that no personal information is disclosed. It is partly due to these issues of ownership that tokens transactions such as paper money have been over-taken by electronic transactions, using bank cards. Tokens are not likely to end any time soon though, due to the fact that they provide a strong method of securing personal information.

Comparison of patients’ details has slightly evolved in the UK to include more attributes, similarly to that of the authentication of money, due to similar driving factors of improved accuracy in authentication. Tokens have also included measurement in recent years to enhance the accuracy of authentication, although using measurements is unusual for the UK, it has become more commonplace in the US (Messmer, 2004, Healthcare looks to biometrics) where the biometrics are used for patient identification, which is a measurement of biological characteristics. It is possible to see that both methods have evolved in a similar way, with tokens using more sophisticated attributes and authentication methods, due in part to the financial implications, as discussed in the previous section.

The person or group who benefits the most from the use of the current identification methods

In comparison it can be argued that the claimant has the benefit of more rigid authentication, thus protecting the assets they are wishing to access. In the NHS example the patient could benefit from better treatment, thus standard of care. This is due to old notes and conditions being made available for treatment, with the information stored on the database it would also be possible for the patient to visit different hospitals and for them to still receive the same quality of treatment (Health Management Technology, 2006, A Final Farewell to Paper). This is done at the expense of disclosure of personal information, which it can be argued that such information can be used by hospitals with access to the database to create profiles, such as area’s which are likely to experience high volumes of specific medical emergencies, or the amount of certain types of illnesses or diseases that a hospital was able to treat. Such an example of the hospitals collaborating patients data is shown below in Figure 2, Cancer 2005 Statistics from (Washington Adventist Hospital, 2006, 2005 Cancer Statistics). This shows the distribution of primary diagnoses of different types of cancer for 2005. It should be pointed out that this information was taken with the permission of the patients’, however it would be a concern that it could be possible for the hospital to obtain such information from data it has stored about claimants, as well as having the ability to link such data with the identity of the claimants. It is this concern that drives the government to continually review the laws regarding data protection (Data Protection Act, 2006, Guidance for HEFCW Staff), as too little access of this type of information could stunt the progress and quality of service afforded to the claimant, however too much access could put delicate personal information into the public domain, destroying the individuals right to privacy this shall be discussed further in the section about known and potential effects on collection of personal data.



The main way that a patient can benefit from the discloser of information is in the fact that the disclosed information could be used to improve services for them, whereas the hospital has to potential to benefit from a store of information that can be used to improve the service they provide. This shows that under the current authentication system both the claimant and the authenticator benefit from the current identification method, although currently the claimant appears to benefit most, there is still the potential for the hospital to benefit with the claimants permission. The authenticator does have the responsibility for securing the personal information of the claimant, which is an important responsibility and gives the authenticator a position of responsibility that has the potential to be abused. This will be discussed further in the next section.

Currently it appears that the main benefactor of the token system is the claimant due to the fact that they need never disclose their identity nor provide proof of ownership over the token, yet can still exchange the token for goods or services. The authenticator of the token does benefit from taking possession of the token, however they must be sure to authenticate the token correctly otherwise the token is worthless if it is a fraudulent token. It is the attributes of the token that make it possible to authenticate the token to a higher degree of accuracy, which is important for the authenticator. In this way the authenticator benefits from a correctly authenticated token from the claimant, however this does not address the issues of ownership, as even although the token may be authentic, it may not belong to the claimant. For a small retail outlet it may be sufficient to assume that the possession lies with the claimant; however in banks it is essential that the serial numbers are checked to prevent money laundering. This is because banks are more likely to handle larger amounts of cash in fewer transactions. Also once the money enters a bank it is converted into electronic money that the bank holds, which is not linked to the paper token paid in. In this way the attributes of the token can benefit the bank and small retail business, however most of the benefits lay with the security of personal data of the claimant. There are other aspects though, in the case that someone wanted to trace where they had spent all their money, if the money had been spent as cash they would need to track down all their receipts, however if they had paid on a bank card, they need merely look at their bank statement (Community Banker, 2007, Understanding Consumer Preferences for Authentication Methods).

It is possible to see that both the claimant and the authenticator benefit from the comparison method in a hospital, the claimant from an improvement in service and the authenticator from information not only about the claimant but the service they provide. This is unlike the token method, as in the case of the token no personal information is ever disclosed, providing the claimant with the advantage of anonymity. Although the token does have this advantage which can make it a popular method for carrying out transactions, there are issues to do with rights of ownership over the token, traceability and other issues to do with the authenticity of the token, although these issues are partially addressed with authentication of the token itself using the attributes of the token. It appears that the main benefit of the comparison method is an improved service as well as authentication from the personal data collected and stored, with the main benefit of the token method being that of the protection of personal information of the claimant, which is the main disadvantage to the claimant of the hospital example. The advantage of collection of personal data to the authenticator of the hospital example is not afforded to the authenticator of the token, who’s only benefit is that of gaining possession of the token. It seems that the main benefactor in both examples is the claimant, provided that in the hospital example the authenticator takes various measures to protect the personal information stored, as well as the provision that the authenticator does not abuse its position of trust.

Known and potential effects on collection of personal data, every coin has two sides

In the hospital scenario comparing personal data has potential benefits and disadvantages for both the claimant and authenticator, whereas for the token method there is no collection of personal data. The potential for the collection of personal data is that it may be transferred to third parties without the knowledge of the claimant, or compiled in some manner with other personal information (Janoff, 2000, Private practice). One of the main concerns would be that personal information could be leaked into the public domain, with detrimental effects to the claimant. Such information could cause prejudice against them, as potential employers may discriminate potential employees based on their medical records if their full medical records ever became available. This is balanced by the fact that freedom of access to medical records could allow employers to make allowances for employees with medical conditions, as for the data as a whole it could be more accurately modelled in order to show the areas of improvement necessary for the hospital, as well as for predictive forecasts showing the amounts and types of conditions that may arise, allowing the hospital to better prepare for the future. It is widely known that people can be uncomfortable about disclosing personal information as the potential for identity theft and various misuse of personal details are a constant threat. There is also a potential for good to come out of sharing personal information such as staff protection and a better service for the patient (Rossenfeld, 2006, Who Watches the Watchers), however individual's rights to privacy should always come first.

One of the main concerns on lack of protection of personal information is that a ‘big brother state’ could end up controlling everything than an individual thinks or does. In such a state freedom of speech, movement and even thought could be restricted at an individual level, which in turn could cause monumental effects on parliaments and governments, as it brings up the issue of weather there is any point in having a parliament that has all its decisions made for it? This could cause problems in the fact that one person or set of authenticators could gain so much control over the claimant that the individual would effectively loose their human rights. It could also stunt the development of the human race, as new and revolutionary ideas may be suppressed by the authenticator, as they may be in the general publics’ best interest but not benefit the authenticator. Such an example is the idea of global warming, as some governments initially tried to suppress the views of the scientists, due to fears of the effects on economy, but in the end freedom of speech and continued warnings have forced the governments of the world to start addressing the issue of global warming. With the increase in technology it is becoming easier than ever to monitor individuals, from their spending habits (Janoff, 2000, Private practice) to where they currently are and what they are doing there. It is important to have some measure of control, but this must not be allowed to obstruct an individual's right to privacy.

Although the token method does not initially appear to have this issue of collection of personal data, it is still possible for personal data to be transferred in the form of DNA and fingerprints. It does however seem unlikely that this would become an issue due to the fact that this is a high level technology that few posses, as well as the fact that this information is not currently used in many security applications, but as the technology becomes easier to come by and the attributes become more widely used there is the possibility that the use of the token may become one way of easily gaining personal information. Currently the token appears to be a good way of protecting personal information and preventing the collection of personal data however large amounts of the populous would prefer to carry a bank card around (Community Banker, 2007, Understanding Consumer Preferences for Authentication Methods), as found by handing out a questionnaire to 50 randomly selected people, due to the fact that the poor ownership qualities of the token make it a target to be stolen with no hope of the token being returned to them. The information was entered into a table shown by Table 1 and then converted into relevant graphs. It is possible to see from the Graphs 1 below that having cash stolen was not the only concern of the sample taken, as many believed that card transactions were the more secure method of asset transfer over cash. It is also possible to see that the sample selected were concerned about personal details being disclosed when using their card, whereas there was almost no concern about personal details being disclosed when using cash. This might explain why although a claimant feels that the bank card is the more secure way of asset transfer, there are still a sizable number that prefer to use cash, albeit not as many as prefer to use a bank card. This shows that the general populous is concerned about how and when their personal details are used, however many do opt for security of assets over security of personal information.

Reduce problems by making it free! No, but why won’t that work?

It appears that where the comparison method protects a free asset, the amount of attributes used need only be increased when the population using the resource increases to maintain individuality, however when the asset protected is not free, then instantly more attributes and sophisticated authentication must be used in order to protect the asset from any form of abuse. It seems that one solution to the problem could be to make all assets free, however this would not work due to economics and the stability of the economy. It would also produce other issues such as the fact that people may consume resources just for the fact of using the resources, not because they actually need them. It also does not solve the problem of collection and misuse of personal data.

All in all, it seems that comparison is a method of improving service by disclosing small amounts of personal information as attributes for authentication. The method of using a token protects personal information in order to exchange goods or services, however this shifts the focus from authenticating the claimant to authenticate the token itself, with the possession of the token being a weak form ownership. With the increase of attributes, the authentication should be made more accurate, with using multiple methods of authentication, such as comparison and measurement the accuracy that a claimant’s identity can be verified is increased further. The methods used for authentication are linked to the value of the asset that is being protected, as is the technology. If there are large amounts of an asset to be authenticated, technology can be used to help the process. The histories of both methods are similar in that they have evolved more attributes in order to protect the asset; however it seems that the benefits are for both sides when using the comparison method, whereas for the token method the main benefits are for the claimant.

It seems that the best method of improving security is to increase the attributes, which usually means increasing the amount of personal data disclosed. Although this improves the authentication of the claimant and can lead to an improvement in services in some cases, releasing too much information can have a detrimental affect on the individual and society, so it truly is a question of balance as to how much personal information is released into the public sector, along with the gain to accuracy of the authentication process.

---

Reference list

Information has been sourced from the sites below. Some of the sites have been used to check information obtained from other sites, and all the information has been read and referenced when used in the text.

• Community Banker. (2007). Understanding Consumer Preferences for Authentication Methods [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26467388&site=ehost-live

• Data Protection Act. (2006). Guidance for HEFCW Staff. Retrieved October 21st, 2007, from http://194.81.48.132/FinanceAssurance_Docs/Data_Protection_Act_Guidance_for_staff_May_2006(1).pdf

• Gagen, Kevin. (2001). Verification Is Key to Improving Patient Registration [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=6763532&site=ehost-live

• Hawkins, Joyce. (1994). The Oxford School Dictionary (2nd ed). London: Oxford University Press.

• Health Management Technology. (2006). A Final Farewell to Paper [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=21865076&site=ehost-live

• Hospitals & Health Networks. (2007). HEALTH CARE'S MOST WIRED online [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=25188519&site=ehost-live

• Janoff, Barry. (2000). Private practice [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=2692899&site=ehost-live

• Messmer, Ellen. (2004). Healthcare looks to biometrics [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=15350925&site=ehost-live

• Rossenfeld, Carrie. (2006). Who Watches the Watchers [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=19744009&site=ehost-live

• Solovy, Alden. (2003). HUMBLE BEGINNINGS [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=9811144&site=ehost-live

• Strategic Finance. (2007). Ben Meets the 21st Century: Securing the C-Note [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26854721&site=ehost-live

• Taylor, Bryan. (2004). Making Change [Electronic version]. Business Source Premier. Retrieved October 21st, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=13670957&site=ehost-live

• Washington Adventist Hospital. (2006). 2005 Cancer Statistics. Retrieved October 21st, 2007, from http://www.adventisthealthcare.com/WAH/services/oncology/cancer-registry.aspx

• Wikipedia. (2007). Token Money. Retrieved October 21st, 2007, from http://en.wikipedia.org/wiki/Token_money