Authentication:
o Authentication is the act
of proving an assertion, such as the identity of a
computer system user. In contrast with identification, the act of
indicating a person or thing's identity, authentication is the process of verifying
that identity. It might involve validating personal identity documents,
verifying the authenticity of a website with a digital
certificate.
o In computer science, verifying a user's
identity is often required to allow access to confidential data or systems.
o Authentication can be considered to be of
three types:
o The first type of authentication is
accepting proof of identity given by a credible person who has first-hand
evidence that the identity is genuine.
o The second type of authentication
is comparing the attributes of the object itself to what is known about objects
of that origin.
o In art and antiques, certificates are of
great importance for authenticating an object of interest and value.
o The third type of authentication
relies on documentation or other external affirmations
o In computer science, a user can be
given access to secure systems based on user credentials that
imply authenticity. A network administrator can give a user a password, or
provide the user with a key card or other access device to allow system access.
In this case, authenticity is implied but not guaranteed.
Authentication factors:
The ways in which someone may be authenticated fall into
three categories:
1. Something
the user knows,
2. Something
the user has, and
3. Something
the user is.
o Each authentication factor covers a
range of elements used to authenticate or verify a person's identity prior to
being granted access, approving a transaction request, signing a document or
other work product, granting authority to others, and establishing a chain of
authority.
o The
three factors (classes) and some of elements of each factor are:
1.
The knowledge factors:
Something the user knows (e.g.,
a password, partial password, pass phrase, or personal
identification number (PIN), challenge response (the user must
answer a question, or pattern), Security question.
2.
The ownership factors:
Something the user has (e.g., wrist
band, ID card, security token, implanted device, cell
phone with built-in hardware token, software token, or cell
phone holding a software token)
1.
The inherence factors:
Something the
user is or does (e.g., fingerprint, retinal pattern, DNA sequence
(there are assorted definitions of what is sufficient), signature, face,
voice, unique bio-electric signals, or other biometric identifier).
o Single-factor
authentication:
As the weakest level of authentication, only a single
component from one of the three categories of factors is used to authenticate
an individual’s identity. This type of authentication is not recommended for
financial or personally relevant transactions that warrant a higher level of
security.
o Multi-factor
authentication:
Multi-factor authentication involves two or more
authentication factors (something you know, something you have,
or something you are). Two-factor authentication is a special case of
multi-factor authentication involving exactly two factors.
For example, using a bankcard (something the
user has) along with a PIN (something the user knows) provides
two-factor authentication.
o Authentication
types:
1. Strong
authentication: it is defines as
layered authentication approach relying on two or more authenticators to
establish the identity of an originator or receiver of information.
2. Continuous
authentication: The authentication
systems that have been built based on these behavioral biometric traits are
known as active or continuous authentication systems.
3. Digital
authentication: The
term digital authentication, also known as electronic authentication,
refers to a group of processes where the confidence for user identities is
established and presented via electronic methods to an information system. It
is also referred to as e-authentication.
Authentication vs. Authorization:
BASIS
FOR COMPARISON |
AUTHENTICATION |
AUTHORIZATION |
Basic |
Checks
the person's identity to grant access to the system. |
Checks
the person's privileges or permissions to access the resources. |
Includes process of |
Verifying
user credentials. |
Validating
the user permissions. |
Order of the process |
Authentication
is performed at the very first step. |
Authorization
is usually performed after authentication. |
Examples |
In
the online banking applications, the identity of the person is first
determined with the help of the user ID and password. |
In
a multi-user system, the administrator decides what privileges or access
rights does each user have. |