Printer Friendly

Who are you? Authentication technologies ensure users are who they claim to be.

Today, more than ever, protecting your electronic identity is a top priority. In addition to normal security precautions, such as using antivirus software and keeping system patches up to date, computer users must be on guard against phishing scams and other high-tech methods used by identity thieves, who seek to coax you into surrendering your personal information.

So, how can you combat this problem and better protect your vital information?

Meet authentication technologies.

Authentication technologies are not new. In fact, a number of products and strategies have been around since the early days of computing.

However, a heightened awareness and increased affordability of these technologies is pushing them to the forefront.

In simplest terms, authentication technologies ensure that individuals are who they claim to be. The technologies fall under three broad categories: something you know, something you have and something you are.

Passwords, tokens, public key infrastructure and biometrics are all examples of authentication technologies that can help verify identity and control access to resources--and each falls within one of these three broad classifications.

PASSWORDS

Passwords are the least expensive and most common type of authentication technology and are based on "something you know."

Passwords require users to remember a string of characters and enter this information when prompted to gain access to a desired resource. Unfortunately, passwords also are one of the weakest forms of authentication technology and users themselves are typically at the root of this weakness.

Often, users share passwords, making them a poor means of individual identification. Or, passwords are left blank, not changed for long periods of time, re-used across multiple accounts or overly simplistic, leaving your password vulnerable to hacking via freely available tools.

While passwords should continue to play a role in user authentication, they should not be overly relied upon because of their inherent limitations.

TOKENS

Under the "something you have" category, token-based authentication technologies--such as magnetic strips (credit cards), smart cards, SecurID cards or USB keys--hold longer, harder-to-break "secrets" that are more difficult to hack or reproduce.

The weakness with authentication technologies is that tokens afford little protection if they are lost or stolen.

And similar to passwords, simple possession of these objects often serves as the only means to distinguish the owner.

The effectiveness of tokens can be significantly enhanced, however, by combining their use with "something you know." For example, requiring the use of a PIN code or password along with the possession of the physical token.

PUBLIC KEY INFRASTRUCTURE

PKI refers to a system where digital certificates are used to verify user identity for e-mail messages and e-commerce transactions, and also is an example of "something you have."

Digital certificates often are issued by an independent certificate authority that then acts as a third-party reference regarding the owner's identity. These certificates are attached to e-mail messages or referenced by a web browser during an e-commerce transaction as a means of identification.

[ILLUSTRATION OMITTED]

When applications encounter these certificates, the origin can be verified by inquiring with the issuing certificate authority to ensure the identity of the sender or website owner.

Digital certificates also provide a means for users to exchange encrypted information using a combination of a private key (owned by the sender) and public key (freely shared with recipients) to encrypt and decrypt message text.

PKI uses highly secure encryption standards and third-party verification to help ensure information integrity and end-user identity, but as yet, has only seen limited adoption in the marketplace.

BIOMETRICS

The final category of authentication technology is based on "something you are" and uses biometrics to examine physical characteristics to differentiate individuals.

Some of the more common biometric technologies include:

Fingerprint Recognition--Fingerprint identification systems take a digital scan of an individual's fingertip(s) and record their unique physical characteristics. Data is then either stored as an image or encoded as a character string.

To prevent fooling the system, some fingerprint ID systems also measure blood flow to the finger so that "fake" fingers can't be used.

Of all the biometric technologies, fingerprint recognition is becoming the most commonplace and is being incorporated into a number of new devices coming to market, from PDAs and thumb drives to mice and keyboards. These devices actually require users to swipe their finger prior to unlocking these devices.

In addition, a number of vendors sell external USB-based devices that can be plugged into any desktop or laptop computer to inexpensively ($50 to $100) add fingertip biometric authentication capabilities.

Fingerprints also are being used with a number of other devices including time clocks, cell phones, door locks and safes.

Iris Recognition--Iris-scan systems analyze and map numerous points of the iris. Eyeglasses, contact lenses and eye surgery do not change the characteristics of the iris, so this method is very reliable, even as a person ages.

Iris recognition systems often vary the light during the scanning process to verify that the pupil dilates, so that a fake eye can't be used to fool the system.

Retina Recognition--Retinal scanning systems shine a light into the eye and looks at the pattern of blood vessels on the retina. Retina recognition systems are among the most accurate of all biometric technologies and are virtually impossible to fool. This technology is used routinely in high-risk applications--and also is relatively expensive.

Face Recognition--Facial recognition measures and analyzes the physical attributes of a person's face, including its overall structure and shape, and distances between the eyes, nose, mouth and jaw edges. Facial recognition systems can accurately verify the identify of a person standing a few feet away in a matter of seconds.

Other biometric technologies include hand recognition, voice recognition, skin surface pattern identification, typing pattern recognition and signature dynamics.

Of the three types of authentication technology, biometrics are considered the most secure since physical characteristics are unique to each individual and can't be easily spoofed. Similar to the other types of authentication, the reliability of biometrics can be further strengthened by combining several forms of biometric recognition, known as multiple biometric, or by requiring users to enter a PIN code to uniquely identify a user--combining "something you are" with "something you know."

SAFEGUARDING USERS

As users increasingly rely on electronic means of conducting business and exchanging information, the need for authenticating user identity and ensuring reliability will grow. Authenticating technologies will continue to evolve and play a greater role in helping safeguard users.

BY DAVID CIESLAK, CPA, CITP

David Cieslak, CPA, CITP, GSEC is a principal with Information Technology Group, Inc. in Simi Valley. You can reach him at dcieslask@itguse.com.
COPYRIGHT 2005 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:USER IDENTIFICATION
Author:Cieslak, David
Publication:California CPA
Geographic Code:1USA
Date:May 1, 2005
Words:1088
Previous Article:At your service: FTB ruling looks at "personal services," time-spread method.
Next Article:You talkin' to me? Voice recognition software quickly making a name for itself.
Topics:


Related Articles
AUTHENEX ASAS TO SUPPORT MICROSOFT ISA SERVER.
E- business data exchange-security essentials. (Security).
Positive identification in a wireless world. (Software Intelligence).
Securing network infrastructures: meshed topographies simultaneously preserve security and accessibility. (Storage Networking).
DataDirect Connect for JDBC 3.3.
Hitachi Develops New Finger Vein Authentication System for Use in Door Handles.
It security.
HitachiSoft to Launch New Johmon Finger Vein Authentication System; Collaboration with Hitachi Ltd. Produces More Compact, Lower-priced Finger Vein...

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters