Who Are You, and Why Are You Here?

While emerging security technologies may appear exotic and inscrutable — fingerprint and hand scans, eye scans, smart cards, facial geometry — the underlying security objective, unchanged since people first started having things to protect, is uncomplicated and familiar to all of us: getting a reliable answer to the question "Who are you, and why are you here?"

The first question — "Who are you?" — causes most of the trouble in designing automated security systems. Current technologies all attempt to assess identity one way or another, with varying levels of certainty — at correspondingly varying cost. For example, a swipe card is inexpensive and provides uncertain identity (you can't be sure who's using the card); an iris scanner is very expensive and provides very certain identity. Finding an acceptable compromise between certainty and expense lies at the heart of security system design.

The answer to the second question, "Why are you here?" — in other words, what is your business at this access point — might be implicit once identity has been established (“It’s Alice Wilson, our cabling specialist, she works on the cables — let her in”), or it can be implemented in a variety of ways: A person's "who" and "why" can be combined — in the information on a swipe-card’s magnetic strip, for example; a person's identity could call up information in a computer file listing allowable access; or there could be different access methods for various parts of the facility, designed to allow access for different purposes. Sometimes "Why are you here?" is the only question, and "Who are you?" doesn't really matter — as for repair or cleaning personnel.