The Security Authentication Process
Simply put, authentication is the process by which a subject’s (or user’s) identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). An example of authentication most people are familiar with is their e-mail login. For instance, Gmail requires a person’s Gmail address and individual password to access his or her Gmail account. However, there are numerous types of authentication outside the common username and password. Furthermore, authentication is used in numerous areas of a system to re-verify a user’s identity when he or she is accessing a new area of the system, accessing encrypted data types, and securing the preservation of a ...view middle of the document...
A bank ATM does not simply allow a person to retrieve cash by entering a PIN. Customers are required to insert their bank card at the ATM, which prompts for the PIN associated with the customer’s card after insertion. The bank card acts as the second item from the list above and is classified as something a person has. Another example of something a person has is using a Common Access Card (CAC) or smartcard to access a system and the data contained therein. Applebee’s Neighborhood Bar and Grill requires employees to carry a smartcard to gain access to their Point-of-Sale (POS) systems. The card has a magnetic strip with an employee’s information programmed into it. Simply sliding the card through a card reader provides Applebee’s employees with access to the POS system where they can do number of tasks such as clock in and out for shifts and place orders for guests.
The third type of authentication mechanism from the list is something a person is. For example, a system manufacturer may provide consumers with the option to equip their systems with biometric recognition software and hardware to prevent unauthorized access to a system and its data. This hardware may be used to recognize items such as finger, thumb, or palm prints, facial recognition, or retina or iris scans, which help to verify or authenticate a person’s identity. Types of biometric software includes Verisoft Access Manager, DigitalPersona, and HP Protect Tools, and the hardware used to verify biometrics includes cameras for facial recognition of scanners for recognizing items such as a thumb or finger prints.
Something someone produces is the fourth and final type of authentication method from the list above. Examples of things a person produces for authentication are signatures or patterns and speech or audible sounds. Android powered devices such as smartphones and tablets offer a great example of pattern recognition for authenticating a user, which comes in the form of a pattern lock. The user is shown a twelve-dot matrix in which he or she can draw a pattern by connecting the dots. If the person attempting to unlock the device does not draw the approved pattern he or she is denied access to the device. Voice recognition software is another method for verifying a user’s identity through something he or she produces. An example is a person stating their name when prompted by a system to verify his or her identity for the system.
The Authentication Process
The authentication process seems fairly easy to explain using a Personal Computer (PC). When a person sets up a PC for the first time they set up a user profile. A person selects his or her user profile to access their personal profile and data on a system. The user is given the option to set up password protection for his or her profile (something a person knows). To sign on to the PC a user selects his or her profile and enters the password associated with the profile. An invalid password...