Cryptoshop Help! Cryptoshop Contact! Cryptoshop Memo! Cryptoshop Shopping Cart! Place your order! Change to german site!
+ Products
· · · · · · · · · · · · · · · · · · · · · · ·
+ Solution
· · · · · · · · · · · · · · · · · · · · · · ·
+ Knowledge Base
  Security Targets  
  Security Governance  
  Cryptography  
  Technology  
  Smart Card applications  
  Authentication  
  Passwords vs. OTP vs. PKI  
  Knowing - Passwords  
  Having - Token  
  Being - Biometrics  
  Single Sign On Systems  
  PKI  
  How to  
· · · · · · · · · · · · · · · · · · · · · · ·
+ Service
· · · · · · · · · · · · · · · · · · · · · · ·
     
Management
· · · · · · · · · · · · · · · · · · · · · · ·
Security Officer
· · · · · · · · · · · · · · · · · · · · · · ·
System Engineer
· · · · · · · · · · · · · · · · · · · · · · ·
Purchasing
· · · · · · · · · · · · · · · · · · · · · · ·
Maintenance
· · · · · · · · · · · · · · · · · · · · · · ·
 
 
Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding!

Authentication
 
INFO & KNOWLEGDE
 
Authentication is proving the identity to a certain security level. There are 3 approaches to how to prove an identity:

- something only the user has - only the possession of a certain item proves identity
- something only the user knows - only the knowledge of certain secret proves identity
- someone only the user is - characteristics of body or behaviour prove the identity.

A total stranger can be authenticated only with help of a third party (authority). Binding together certain data to an identity in a secure manner is also easiest done with help of a third party.

Possession of an item
This approach is common and widespread, but can be undermined with theft or forgery. Therefore such items or tokens (e.g. an ID) have additional mechanisms of the other approaches to bind them to the legal owner. Often those items are issued by a (hope so) trustworthy third party to authenticate the owner against other (people, authorities,...)

Notice, authentication over eletronic medium using One-Time-Pass-Systems , usually you have an "authentication token" a certain hardware device computing the one time pass. Its a hardware device, because it is more tamper-proof. But there are also simpler implementations only in software. Those soft token are called sometimes "pseude-something you have".


Knowledge about a secret
Only right presented knowledge proves an identity. The knowledge can be a secret fact, like a password or a secret procedure like certain action or reactions. Second is known primarily from movies, but the principle of Portknockings is the same.

A secret is a shared knowlegde between the one who verifies and the one proves its identity, no other has access to this information. The authentication with a secret happens

- with the secret directly,
- with something derived from the secret,
- or other proofs of possession of the secret.

The main problem area is, that such information can be handed on other, consciously or not. Additionally it is possible to test all possibilites systematically - if there is no detection about it.

Password systems

An entered password, code, passphrase or "PIN" (Personal Identification Number) is proving the identity and based on this proof the user authorised for the wanted informations or functions. For reduction the problems with passwords the frequency of use can be reduced, called one time passwords or TAN (transaction numbers) or failed attempts can be restrain, see also Password protection and quality

Challenge Response

The user must find the correct "Response" to a "Challenge".

Zero Knowledge Verfahren

Using ZKPS (Zero Knowledge Proof System) someone proves the knowledge of a secret, without disclosure of the secret. In principle, the verifier sends a challenge (or problem), which can be solved only with knowledge of the secret. This is based on asymmetric methods resp. their mathematical problems.

Biometric characteristics
This approach is more widespread than it seems at the first sight, because authentication by appearance is very unconscious. This approach is also used with control of passports, all new developments in this can be categorized to additional tamper-proof improvements but fingerprints would be a new biometric data in passports.

Biometric characteristics can be physiological or behavioural. criteria for usable characteristics are

- uniqueness and associatableness to a certain person
- simple recordingt
- hard to spoof
- changes over time of the characteristic must not be to big

At first there must be a measurement of the characteristics, which is a reference for all future matching, when the authentication should be done by biometrics. Consider, that this reference-value or template has to be stored anywhere - the values when authentication has to be done, has to be matched anywhere and often transmitted from the sensor to this places, and a biometric characteristic can not be changed if it is compromised.


"multi-factor authentication"
Mostly this approaches are combined to reach an acceptable level of authentication quality - calling it "two-factor-authentication" or "three-factor-authentication"

"something you have" + "somewhat you know"

bankcard with PIN
signature card with PIN


"something you have" + "someone you are"

ID-card with fotograph
Password-Token with additional personal code
smart card with biometric matching

"someone you are" + "somewhat you know"

Access systems with PIN entry and biometric check


"something you have" + "someone you are" + "something you know"

Access system with PIN and biometric check, whereas the biometric template is on a secure token, which have the one who wants to authenticate himself.

Linktipps
www.portknocking.org


Back to previous page!Top of page!To the startpage of Cryptoshop.com!
  Passwords vs. OTP vs. PKI  
  Knowing - Passwords  
  Having - Token  
  Being - Biometrics  
  Single Sign On Systems  
 
  Special offer of the month!  
  Cryptoshop Bundles!  
 
  Confidentiality and authenticity  
  Meaning of authentication  
  Definition: Identity vs. Authenticity  
  Authentication with PKI  
  Smart Card  
  Challenge Response with PKI  
  User authentication  
  SSL - TLS  
  Secure WLAN  
  EAP, PEAP, 802.1X  
  Remote Access  
  E-Mail Standards  
  Certificates  
  Digital Signature  
  Trust models  
  Password protection and quality  
  Certification  
 
Legal notice Terms and Condtitions Consumer notice Privacy Newsletter Copyright © 2004 CRYPTAS. All rights reserved