Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Authentication:
1. Introduction:
For other uses of the terms authentication, authentic, and authenticity, see
Authenticity.
Authentication (from Greek: authentikos, real, genuine, from
authentes, author) is the act of confirming the truth of an attribute of a single
piece of data (datum) or entity. In contrast with identification which refers to the act of stating or
otherwise indicating a claim purportedly attesting to a person or things identity, authentication is
the process of actually confirming that identity. It might involve confirming the identity of a
person by validating their identity documents, verifying the validity of a Website with a digital
certificate, tracing the age of an artifact by carbon dating, or ensuring that a product is what its
packaging and
labeling claim to be. In other words, authentication often involves verifying the validity of at
least one form of identification.
Types of Authentication:
The first type of authentication is accepting proof of
identity given by a credible person who has first-hand evidence
that the identity is genuine. When authentication is
required of art or physical objects, this proof could be a
friend, family member or colleague attesting to the items
provenance, perhaps by having witnessed the item in its
creators possession. With autographed sports memorabilia,
this could involve someone attesting that they witnessed
the object being signed. A vendor selling branded
items implies authenticity, while he or she may not have
evidence that every step in the supply chain was authenticated.
This hear-say authentication has no use case example
in the context of computer security.
The second type of authentication is comparing the attributes
of the object itself to what is known about objects
of that origin. For example, an art expert might look
for similarities in the style of painting, check the location and form of a signature, or compare the
object to an old photograph. An archaeologist might use carbon dating to
verify the age of an artifact, do a chemical analysis of the materials used, or compare the style of
construction or decoration to other artifacts of similar origin. The physics of sound and light, and
comparison with a known physical environment, can be used to examine the authenticity of
audio recordings, photographs, or videos.Documents can be verified as being created on ink or
paper readily available at the time of the items impliedcreation.
Product authentication
Authorization:
The process of authorization is distinct from that of authentication. Whereas authentication is the
process of
verifying that you are who you say you are, authorization
is the process of verifying that you are permitted to
do what you are trying to do. Authorization thus presupposes
authentication.
For example, a client showing proper identification credentials
to a bank teller is asking to be authenticated that
Access control
One familiar use of authentication and authorization is
access control. A computer system that is supposed to be
used only by those authorized must attempt to detect and
exclude the unauthorized. Access to it is therefore usually
controlled by insisting on an authentication procedure to
establish with some degree of confidence the identity of
the user, granting privileges established for that identity.
Common examples of access control involving authentication
include:
_ Asking for photoID when a contractor first arrives
at a house to perform work.
_ Using captcha as a means of asserting that a user is
a human being and not a computer program.
_ By using One Time Password (OTP), received on a
tele-network enabled device like mobile phone, as
an authentication password/PIN
_ A computer program using a blind credential to authenticate
to another program
_ Entering a country with a passport
_ Logging in to a computer
_ Using a confirmation E-mail to verify ownership of
an e-mail address
_ Using an Internet banking system
_ Withdrawing cash from an ATM
In some cases, ease of access is balanced against the
strictness of access checks. For example, the credit card
network does not require a personal identification number
for authentication of the claimed identity; and a small
transaction usually does not even require a signature of
the authenticated person for proof of authorization of the
transaction. The security of the system is maintained by
limiting distribution of credit card numbers, and by the
threat of punishment for fraud.
Security experts argue that it is impossible to prove the
identity of a computer user with absolute certainty. It is
only possible to apply one or more tests which, if passed,
have been previously declared to be sufficient to proceed.
The problem is to determine which tests are sufficient, and
many such are inadequate. Any given test can be spoofed
Physical Security:
Geographical access control may be enforced by person-
1.2 Credential
A credential is a physical/tangible object, a piece of
knowledge, or a facet of a persons physical being, that
enables an individual access to a given physical facility
or computer-based information system. Typically, credentials
can be something a person knows (such as a
number or PIN), something they have (such as an access
badge), something they are (such as a biometric feature)
or some combination of these items. This is known as
multi-factor authentication. The typical credential is an
access card or key-fob, and newer software can also turn
users smartphones into access devices.[3] There are many
card technologies including magnetic stripe, bar code,
Wiegand, 125 kHz proximity, 26-bit card-swipe, contact
smart cards, and contactless smart cards. Also available attach to a key ring. Biometric
technologies include fingerprint,
facial recognition, iris recognition, retinal scan,
voice, and hand geometry.[4] The built-in biometric technologies
found on newer smartphones can also be used
as credentials in conjunction with access software running
on mobile devices.[5] In addition to older more traditional
card access technologies, newer technologies such
as Near field communication (NFC) and Bluetooth low
energy also have potential to communicate user credentials
to readers for system or building access.
Types of readers:
Access control readers may be classified by the functions
they are able to perform:
_ Basic (non-intelligent) readers: simply read card
number or PIN, and forward it to a control panel. In
case of biometric identification, such readers output
the ID number of a user. Typically, Wiegand
protocol is used for transmitting data to the control
panel, but other options such as RS-232, RS-485
and Clock/Data are not uncommon. This is the most
CPP/PSP/CSC Author
_ Government Open Source Access ControlNext
Generation (GOSAC-N)
_ NIST.gov - Computer Security Division - Computer
Security Resource Center - ATTRIBUTE BASED
ACCESS CONTROL (ABAC) - OVERVIEW