 Hi, I am Saurabh Srivastav, I am a PhD scholar at IIT Kanpur. This is a two-part lecture on identity management. Our next lecture will be on location management. The objective of these two lectures is to provide you an idea of how people interact with systems and how systems identify and locate us. So, let's start. We start this lecture with some analogies. In our day-to-day life, we interact with a number of human beings and well, we are somehow able to identify them. So, we'll start with the analogies between human beings and then we'll go on and continue with how systems try to identify entities. So, when we see people, when we meet each other face to face, we are able to recognize them. So, basically, we use the physical appearance of human being to recognize them. So, it could be the face, it could be their height, it could be anything that we can see. Sometimes, we are not able to see people. We are probably calling them over a phone or something like that. So, our voice actually is also a characteristic of how people can recognize us. So, we may call our friends and they'll be able to listen to our voice and they'll be able to recognize us. Now, other than voice and physical appearances, there are some other traits that we have too. For example, our name. So, suppose I went to see a friend and I couldn't find her in her office. I can probably just leave a note with my name out there. So, my friend would be able to recognize me just by the trait of my name. So, basically, we recognize people with the help of some traits. And some traits are more reliable than the other traits. For example, if we can see people that is much more reliable than actually hearing them over a phone. And if probably calling them over a phone is not possible, then just leaving a note may actually be good enough. Now, which trait we use depends on, well, situation, right? So, we may be able to see people. We may be able to listen to them. But sometimes, you know, just leaving a note probably is fine. So, this is what we are going to see now in this lecture that how human beings interact with systems and systems. Till now, we were just talking about two human beings. So, one human being is trying to identify the other one. In this lecture, we'll see how systems will interact with entities and identify human beings. First, before going ahead, we should actually try to define what a system is and what entities are. So, let's take some examples. Your mobile service provider, that's actually a system, right? Because we interact with our mobile service provider on a daily basis. We probably make dozens of calls a day and then, you know, this calls gets connected by some telephone exchange or something. So, the mobile service provider is actually a system here. Then, we also send emails on a daily basis probably. So, the email service provider is a system as well. Okay, and the income tax department. Well, the income tax department is a system too. We interact with them via their website. We probably go to their offices and, you know, they have their own way of interacting with human beings. So, the income tax department is a system as well. Okay, the last example is of railways. We all book tickets via IRCTC's website and we probably go to their counters everywhere and try to book our tickets there. So, the railways themselves are also a system, right? So, these are the systems that we are trying to understand. Okay, so we are trying to understand computers. We are trying to understand systems which may not be machines. They could be, you know, a set of people or an organization. So, these are the systems that we'll be talking about. And what are entities then? So, entities are the ones which actually interact with the system. They could be human beings, they could be devices, they could be anything. But basically, in this whole lecture, we'll be talking about entities which are mostly human beings, right? So, we are not going to go in any other direction. They'll be pretty much restricted to human beings. Okay, now that we know what a system is, we know what an entity is, so how does the systems recognize entities? Well, one thing about an entity is that it needs to have an identity, right? So, what is an identity? We'll have a look in more detail in what identities are. But basically, the thing about an identity should be that it should be unique, right? It is because of this that you are able to recognize somebody. So, for example, if you are seeing their face, if their face is not unique, you won't be able to recognize them, right? So, we'll have a look at what entities are, whether they can be forced or not, how easy or difficult it is to force these entities and all that stuff. And we'll have a look at some examples of how systems identify entities, right? Okay, so we'll start with some identity management examples. We'll actually have two examples with us. The one is, of course, the mobile service provider we just talked about. So, exactly how does your mobile service provider identify you or, for that matter, your SIM card or whatever it is? Well, your mobile number and your SIM number are two identities of you or, say, your SIM card by which your mobile service provider can identify you, okay? So, basically, these are unique within a domain, typically within a country. There's another aspect of your communication with the mobile service provider that can be used as your identity. It is the IMEI number of your mobile device. So, IMEI number is basically a unique identifier that is provided to each and every mobile device globally and these can actually be used by your mobile service provider to track which particular SIM card is being used by which particular mobile device, right? So, in this way, even your IMEI number could also act like a unique identity. Okay, now come to forging the identities. So, what can somebody do? You know, how can somebody hijack your identity on, say, the system of mobile services and all that? So, one way is to clone your phone. So, on CDMA networks, in order to clone a device and access to its embedded file system is required, okay? We are not going to go in details of what embedded file systems are. Let's just assume that anyone who wants to hack your phone would probably need an access to the internals of your phone. So, that's not an easy task to get. The other way is get a SIM card with the same mobile and or SIM card number, okay? So, well, how can that be done? On GSM networks, placing an extra hardware in the mobile device that you are using can actually do it, okay? Again, we are not going to go in the details of how it can be done, but well, there are ways to do it. You can actually go and have a look at this reference. It's actually a Wikipedia link. You can go and have a look at it. You will probably, you know, get some more understanding of how hacking can be done. Okay, we'll see one more example. This is of IRCTC, our favorite example. So, how does IRCTC identify people, okay? Well, simple. You must have a username and a password on IRCTC without which you cannot log in and book any tickets. So, here's actually a practical exercise for you. That will be a part of the homework, as well. So, what you're supposed to do is log into the IRCTC website from two different web browsers and use the same username and password. And then you can actually identify certain aspects of the system, okay? You'll probably be surprised with some of the observations that you'll make. We'll get back to this in the homework. Okay, coming back to forging the identity. So, how can somebody actually forge your identity on the IRCTC website, well? Username and password. So, if somebody knows your username and password, he or she can log in as you and, well, your identity is gone. So, understanding how this can be done is a bit difficult and it is going to be a bit more technical aspect, but there is a term called key logging. So, somebody can actually record all the keys that you type on the keyboard and with the help of that, they can actually know your username and password. Again, we are not going to go in any details of that. There is another reference here. Keystroke logging. You can go and have a look at it, okay? So, these were some examples of how systems and entities interact with each other and how entities are identified by systems. We'll now go a little bit detail in computers and human beings. So, basically, we now have systems which are computers and we now have entities which are people. So, what identification traits do we have as human beings? Well, face is one, voice is one, height, gate. So, gate is actually how we walk. There is an analysis of, you know, what are the amount of distance we are covering in each of our steps and how our legs move and all that stuff is called gate. Other than that, of course, face, voice and height we all know about. We'll actually look at one more quality of these rates. Face is fairly unique, right? I mean, there is a very low chance that you'll actually find someone with exactly the same face as you. Voice, well, it is not that unique, but, yeah, still fairly unique. So, your friends can probably identify your voice, but it is not that common, okay? It could be someone else's voice as well, which is, you know, mighty similar to yours. Height, well, that is too common for practical purposes. You know, for someone, maybe someone in your own peer group will have the same height as you. So, it is not really that uncommon. So, these are some physical traits that human beings have. Other than that, we have another trait called name, right? We all have names. We can be identified by our names. They're not really unique because we all know that you can always find a person with the same name as ours. So, name two is not that unique. So, there are other traits of ours which are legally verified identities. PAN card is an example. So, the income tax department issues you unique number. It is called PAN, Permanent Account Number. Then the Election Commission issues you a voter ID card. So, that voter ID card is a unique identity as well. And then there is a driving license, okay? So, these are some traits that human beings have and human beings can actually be identified using these traits. We'll actually go a little bit more in detail about biometric traits. So, we talked about face and we talked about voice. So, these traits are actually termed under the category of biometric traits. So, let us just assume that a computer wants to use these traits of ours, okay? So, if the computer wants to identify us with the help of our face or voice or anything like that. So, what exactly is a computer required for that, okay? So, basically we need to capture this information somehow. And in order to capture this, we need some devices. We need some sensors. Those sensors can capture these traits of ours, our face or voice or something else. Fingerprint. Fingerprint is actually a trait which is not many people even know about the fact that fingerprints are, you know, something that can probably be used for identification. It's because we as human beings, we never use fingerprints for identifying each other. But for computers, it's a very nice trait, okay? Because it is fairly unique. It is almost impossible to find a person who's got the same fingerprint as you. So, fingerprint is one trait which the computers can use. And we already talked about face. There are other traits like iris. So, iris is actually, you know, the eyeball in your eye and that can be used as a trait too. There are vein patterns, you know. So, every human being is supposedly have a different vein pattern. So, that can be used as well. But out of all these traits, it's only fingerprint which probably makes a little bit of sense for the computers to use. Now, there are some problems with biometric recognition, okay? For example, it requires additional hardware to be attached to the computer. Now, that hardware is not cheap, okay? So, it actually requires you to buy some kind of sensors which can sense your fingerprint or it requires you to buy some kind of high-resolution cameras which can capture your face or your iris. That's not cheap, okay? And what if the system that is trying to identify you is not local, okay? So, maybe you are trying to identify yourself to a server, you know, your server which is sitting maybe thousands of miles away from you. So, what would happen in that case? You know, the sensor will be attached to the local computer but the system is somewhere else. There are a lot of problems using these traits, right? Okay, we'll stop here. In this part, we had a look at the personal traits of human beings and in the next part, we'll have a look at the system-generated identities, right? Okay, bye.