Authentication

Warning: mkdir() [function.mkdir]: Permission denied in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: mkdir() [function.mkdir]: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: fopen(/home/templatecore2cache//*cluesnet.com/5a/5aef7c8f404220c2c5d6b59dd7c3ad544a7e4a42.tc2cache) [function.fopen]: failed to open stream: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 130

Warning: fwrite(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 131

Warning: fclose(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 132

Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often consists of verifying their identity. Authentication depends upon one or more authentication factors.

There are many fields where authentication is necessary:

Products Counterfeit products are common: electronics, clothing, pharmaceuticals, etc. Authentication is necessary to help ensure that the product is authentic to protect consumers and for brand protection.Special seals, marks, and labels are often used to aid authentication.

Money Counterfeit banknotes and cheques are a continuing problem. Great efforts are being made to make authentication easier and more reliable.

Packages In packaging and labelling, authentication refers to the use of special seals, labels, or markings which indicate that the package and contents are authentic. Sometimes substitute pharmaceuticals, perfume, fashion clothing, etc. are marketed as authentic when, in fact, they are not.

Credit cards It is often necessary to authenticate a credit card prior to completing a transaction.

Computer security In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated, often referred to as the principal, may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.

In a web of trust, "authentication" is a way to ensure users are who they say they are—that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.

To distinguish authentication from the closely related term authorization, the short-hand notations A1 (authentication) and A2 (authorization) are occasionally used.The terms AuthN / AuthZ or Au / Az are also used to make this distinction in some communities.

The problem of authorization is often thought to be identical to that of authentication; many widely adopted standardization security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.

Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization.

Access control One familiar use of authentication is access control. A computer system supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some established degree of confidence the identity of the user, thence granting those privileges as may be authorized to that identity. Common examples of access control involving authentication include:

withdrawing cash from an Automated Teller Machine.
controlling a remote computer over the Internet.
using an online banking system.

However, note that much of the discussion on these topics is misleading because terms are used without precision. Part of this confusion may be due to the 'law enforcement' tone of much of the discussion. No computer, computer program, or computer user can 'confirm the identity' of another party. It is not possible to 'establish' or 'prove' an identity, either. There are tricky issues lurking under what appears to be a straightforward surface.

It is only possible to apply one or more tests which, if passed, have been previously declared to be sufficient to proceed. The problem is to determine which tests are sufficient, and many such are inadequate. There have been many instances of such tests having been spoofed successfully; they have by their failure shown themselves, inescapably, to be inadequate. Many people continue to regard the test(s) -- and the decision to regard success in passing them—as acceptable, and blame their failure on 'sloppiness' or 'incompetence' on the part of someone. The problem is that the test was supposed to work in practice -- not under ideal conditions of no sloppiness or incompetence—and did not. It is the test which has failed in such cases. Consider the very common case of a confirmation email which must be replied to in order to activate an online account of some kind. Since email can easily be arranged to go to or come from bogus and untraceable addresses, this is an extremely weak authentication method.

Multifactor authentication Human authentication factors are generally classified into three cases:

Something the user has (e.g., ID card, security token, software token, phone, or cell phone)
Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN))
Something the user is or does (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature or voice recognition, unique bio-electric signals, or another biometric identifier)

Often a combination of methods is used, e.g., a bankcard and a PIN, in which case the term 'two-factor authentication' is used. In 2006, several scientists at RSA Laboratories published a paper exploring social networking as a fourth factor of human authentication.

Historically, fingerprints have been used as the most authoritative method of authentication, but recent court cases in the US and elsewhere have raised fundamental doubts about fingerprint reliability. Other biometric methods are promising (retinal and fingerprint scans are an example), but have shown themselves to be easily Forgeryable in practice.

In a computer data context, cryptographic methods have been developed (see digital signature and challenge-response authentication) which are currently not spoofable if and only if the originator's key has not been compromised. That the originator (or anyone other than an Adversary) knows (or doesn't know) about a compromise is irrelevant. It is not known whether these cryptographically based authentication methods are provably secure since unanticipated mathematical developments may make them vulnerable to attack in future. If that were to occur, it may call into question much of the authentication in the past. In particular, a digital signature legal instrument may be questioned when a new attack on the cryptography underlying the signature is discovered.

Strong authentication The United States United States government's National Information Assurance Glossary defines strong authentication as:

Layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information.

See also

Fingerprint Verification Competition
Public key cryptography
Geo-location
Kerberos (protocol)
Secure Shell
Encrypted key exchange (EKE)
Secure remote password protocol (SRP)
Closed-loop authentication
RADIUS
DIAMETER
HMAC
Extensible Authentication Protocol
Two-factor authentication
Authorization
Biometrics
Authentication OSID
CAPTCHA
TCP Wrapper
Secret sharing
Athens access and identity management
OpenID – an authentication method for the web
Point of Access for Providers of Information - the PAPI protocol
Java Authentication and Authorization Service
Chip Authentication Program

External links

Password Management Best Practices.
Password Policy Guidelines.
General Information on Enterprise Authentication.
Guide to CISSP, Information Security Certification.
Fourth-Factor Authentication: Somebody You Know or episode 94,related on it - on SecurityNow
MySecureCyberspace: a resource for home users created by Carnegie Mellon CyLab
[https://passkeeping.com/ PassKeeping: login on public computers without typing your real
ISBN 038726194X - Biometric User Authentication for IT Security: Vielhauer, Claus 2005
ISBN 0980000009 - User Authentication Principles, Theory, and Practice: Apelbaum 2006

authentication from FOLDOC
authentication < security > The verification of the identity of a person or process. In a communication system, authentication verifies that messages really come from their stated ...

Pluggable Authentication Module from FOLDOC
Pluggable Authentication Module < security > (PAM) The new industry standard integrated login framework. PAM is used by system entry components, such as the Common Desktop ...

National Smart-Card Authentication Project
Welcome.... This website has been set up to ensure a standardised approach to authentication is met throughout ...

National Smart-Card Authentication Project
e-Government Framework for Smart Card Authentication.

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is ...

BUBL LINK: Authentication
Titles: Descriptions: ATHENS Authentication Service; ELib Authentication Concertation Day 10th March 1999; Identity Authentication and E-Commerce; Implementing a National Access ...

Local authentication
Access management, identity management, access and identity management, identity, identity provider, service provider, authorisation, authorization, authentication, secure single ...

Access and Identity Management
Access management, identity management, access and identity management, identity, identity provider, service provider, authorisation, authorization, authentication, secure single ...

Signify - Strong Authentication Service
Hosted two factor authentication service, securing remote access and combating identity theft using market leading RSA technology. ... Welcome to Signify. Signify helps ...

Stream Solutions - Professional Internet Media Streaming
www.streamsolutions.co.uk is the top uk provider of shoutcast servers for audio and video streaming media ... Stream Solutions Authentication Servers. With our unique range of ...