Who are you? Authentication technologies ensure users are who they claim to be.Today, more than ever, protecting your electronic identity is a top priority. In addition to normal security precautions, such as using antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. and keeping system patches up to date, computer users must be on guard against phishing scams and other high-tech methods used by identity thieves, who seek to coax you into surrendering your personal information. So, how can you combat this problem and better protect your vital information? Meet authentication technologies. Authentication technologies are not new. In fact, a number of products and strategies have been around since the early days of computing. However, a heightened awareness and increased affordability of these technologies is pushing them to the forefront. In simplest terms, authentication technologies ensure that individuals are who they claim to be. The technologies fall under three broad categories: something you know, something you have and something you are. Passwords, tokens, public key infrastructure and biometrics are all examples of authentication technologies that can help verify identity and control access to resources--and each falls within one of these three broad classifications. PASSWORDS Passwords are the least expensive and most common type of authentication technology and are based on "something you know." Passwords require users to remember a string of characters and enter this information when prompted to gain access to a desired resource. Unfortunately, passwords also are one of the weakest forms of authentication technology and users themselves are typically at the root of this weakness. Often, users share passwords, making them a poor means of individual identification. Or, passwords are left blank, not changed for long periods of time, re-used across multiple accounts or overly simplistic sim·plism n. The tendency to oversimplify an issue or a problem by ignoring complexities or complications. [French simplisme, from simple, simple, from Old French; see simple , leaving your password vulnerable to hacking via freely available tools. While passwords should continue to play a role in user authentication See authentication. , they should not be overly relied upon because of their inherent limitations. TOKENS Under the "something you have" category, token-based authentication technologies--such as magnetic strips (credit cards), smart cards Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications. , SecurID cards or USB USB in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. keys--hold longer, harder-to-break "secrets" that are more difficult to hack or reproduce. The weakness with authentication technologies is that tokens afford little protection if they are lost or stolen. And similar to passwords, simple possession of these objects often serves as the only means to distinguish the owner. The effectiveness of tokens can be significantly enhanced, however, by combining their use with "something you know." For example, requiring the use of a PIN code or password along with the possession of the physical token. PUBLIC KEY INFRASTRUCTURE PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of refers to a system where digital certificates are used to verify user identity for e-mail messages and e-commerce transactions, and also is an example of "something you have." Digital certificates often are issued by an independent certificate authority that then acts as a third-party reference regarding the owner's identity. These certificates are attached to e-mail messages or referenced by a web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. during an e-commerce transaction as a means of identification. [ILLUSTRATION OMITTED] When applications encounter these certificates, the origin can be verified by inquiring with the issuing certificate authority to ensure the identity of the sender or website owner. Digital certificates also provide a means for users to exchange encrypted information using a combination of a private key (owned by the sender) and public key (freely shared with recipients) to encrypt and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. message text. PKI uses highly secure encryption standards and third-party verification TPV (Third party verification) is a process of getting an independent third party company to confirm that the customer is actually requesting a change or ordering a new service or product. to help ensure information integrity and end-user identity, but as yet, has only seen limited adoption in the marketplace. BIOMETRICS The final category of authentication technology is based on "something you are" and uses biometrics to examine physical characteristics to differentiate individuals. Some of the more common biometric technologies include: Fingerprint Recognition--Fingerprint identification systems take a digital scan of an individual's fingertip fin·ger·tip n. The extreme end or tip of a finger. (s) and record their unique physical characteristics. Data is then either stored as an image or encoded as a character string. To prevent fooling the system, some fingerprint ID systems also measure blood flow to the finger so that "fake" fingers can't be used. Of all the biometric technologies, fingerprint recognition Fingerprint recognition or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify an individual and verify their identity. is becoming the most commonplace and is being incorporated into a number of new devices coming to market, from PDAs and thumb drives to mice and keyboards. These devices actually require users to swipe their finger prior to unlocking these devices. In addition, a number of vendors sell external USB-based devices that can be plugged into any desktop or laptop computer to inexpensively ($50 to $100) add fingertip biometric authentication See biometrics. capabilities. Fingerprints also are being used with a number of other devices including time clocks, cell phones, door locks and safes. Iris Recognition--Iris-scan systems analyze and map numerous points of the iris. Eyeglasses eyeglasses or spectacles, instrument or device for aiding and correcting defective sight. Eyeglasses usually consist of a pair of lenses mounted in a frame to hold them in position before the eyes. , contact lenses and eye surgery do not change the characteristics of the iris, so this method is very reliable, even as a person ages. Iris recognition systems often vary the light during the scanning process to verify that the pupil dilates, so that a fake eye can't be used to fool the system. Retina Recognition--Retinal scanning systems shine a light into the eye and looks at the pattern of blood vessels Blood vessels Tubular channels for blood transport, of which there are three principal types: arteries, capillaries, and veins. Only the larger arteries and veins in the body bear distinct names. on the retina. Retina recognition systems are among the most accurate of all biometric technologies and are virtually impossible to fool. This technology is used routinely in high-risk applications--and also is relatively expensive. Face Recognition--Facial recognition measures and analyzes the physical attributes of a person's face, including its overall structure and shape, and distances between the eyes, nose, mouth and jaw edges. Facial recognition systems can accurately verify the identify of a person standing a few feet away in a matter of seconds. Other biometric technologies include hand recognition, voice recognition, skin surface pattern identification, typing pattern recognition and signature dynamics. Of the three types of authentication technology, biometrics are considered the most secure since physical characteristics are unique to each individual and can't be easily spoofed. Similar to the other types of authentication, the reliability of biometrics can be further strengthened by combining several forms of biometric recognition, known as multiple biometric, or by requiring users to enter a PIN code to uniquely identify a user--combining "something you are" with "something you know." SAFEGUARDING USERS As users increasingly rely on electronic means of conducting business and exchanging information, the need for authenticating user identity and ensuring reliability will grow. Authenticating technologies will continue to evolve and play a greater role in helping safeguard users. BY DAVID David, in the Bible David, d. c.970 B.C., king of ancient Israel (c.1010–970 B.C.), successor of Saul. The Book of First Samuel introduces him as the youngest of eight sons who is anointed king by Samuel to replace Saul, who had been deemed a failure. CIESLAK, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , CITP (Certified Information Technology Professional) A specialty credential awarded by the AICPA to its CPA members who excel in the provision of technology-related business services. David Cieslak, CPA, CITP, GSEC GSEC GIAC Security Essentials Certification (computer security certification designation) GSEC Geophysical Survey and Exploration Contract GSEC Generalized Switch-And-Examine Combining is a principal with Information Technology Group, Inc. in Simi Valley. You can reach him at dcieslask@itguse.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion