Machines Do Not Have Thumbs: Multifactor Authentication for Non-Humans (G13a)
In FIPS 140-3, Level 4 operator authentication requires the implementation of identity-based multifactor authentication. This talk will explore the classic interpretation of authentication factors and consider its application to machines as operators. It will discuss the possibility of machines “possessing” authentication factors and propose reimagining the classic paradigm for machine operators, potentially admitting other classes of authenticators such as location or provenance. Additionally, it will discuss the potential for allowing distinct authentication schemes, such as combining digital signature with encryption, as valid “multiauthentication” schemes for machines.