06-04-2013, 04:02 PM
Two Factor Authentication
Two Factor Authentication.docx (Size: 1.9 MB / Downloads: 103)
INTRODUCTION
Authentication:
Authentication is the act of establishing or confirming something (or someone) as authentic, that is that claims made by or about the thing are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often consists of verifying their identity. Authentication depends upon one or more authentication factors.
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.
In a web of trust, authentication is a way to ensure users are who they say they are that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Difference between Authentication and Authorization:
Authorization is often thought to be identical to that of authentication, many widely adopted standard of protocols, obligatory regulations, and even statutes are based on this assumption.
However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization.
For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.
e-Authentications:
It is defined as the Web Based service that provides authentication to end users accessing (logging into) an Internet service.
The e-Authentication is similar to Credit Card verification for eCommerce web sites. The verification is done by a dedicated service that receives the input and returns success or fails indication.
For example, an end user wishes to enter his e-Buy or e-Trade web site. He gets the Login web page and is required to enter his user ID and a Password or in the more secured sites – his One Time Password.
The information is transmitted to the e-Authentication service as a query. If the service returns success–the end user is permitted into the e-Trade service with his privileges as a user.
Need for Strong Authentication:
Single-factor authentication usually consists of "something you know". However, generally, these could be susceptible to attacks that could compromise the security of the application. Some of the more common attacks can occur at little or no cost to the perpetrator and without detection.
Programs are readily available over the internet. If undetected, the perpetrator could access the information without alerting the legitimate user. This is the reason of using a strong user authentication process to protect the data and systems. The need for strong user authentication has many benefits.
First, effective authentication provides the basis for validation of parties to the transaction and their agreement to its terms.
Second, it is a necessary element to establish authenticity of the records evidencing the electronic transaction should there ever be a dispute.
Background of Authentication:
Financial institutions engaging in any form of Internet banking should have effective and reliable methods to authenticate customers. An effective authentication system is necessary for compliance with requirements to safeguard customer information, to prevent money laundering and terrorist financing, to reduce fraud, to inhibit identity theft, and to promote the legal enforceability of their electronic agreements and transactions. The risks of doing business with unauthorized or incorrectly identified persons in an Internet banking environment can result in financial loss and reputation damage through fraud, disclosure of customer information, corruption of data, or unenforceable agreements.
Customer Verification:
With the growth in electronic banking and commerce, financial institutions should use reliable methods of originating new customer accounts online. Moreover, customer identity verification during account origination is required and is important in reducing the risk of identity theft, fraudulent account applications, and unenforceable account agreements or transactions.
Potentially significant risks arise when a financial institution accepts new customers through the Internet or other electronic channels because of the absence of the physical cues that financial institutions traditionally use to identify persons.
Smart Card:
A smart card is a small, tamperproof computer. The smart card itself contains a CPU and some non-volatile storage. In most cards, some of the storage is tamperproof while the rest is accessible to any application that can talk to the card. This capability makes it possible for the card to keep some secrets, such as the private keys associated with any certificates it holds. The card itself actually performs its own cryptographic operations.
Fingerprint Recognition:
Fingerprint recognition technologies analyze global pattern schemata on the fingerprint, along with small unique marks known as minutiae, which are the ridge endings and bifurcations or branches in the fingerprint ridges. The data extracted from fingerprints are extremely dense and the density explains why fingerprints are a very reliable means of identification.
Fingerprint recognition systems store only data describing the exact fingerprint minutiae; images of actual fingerprints are not retained. Fingerprint scanners may be built into computer keyboards or pointing devices (mice), or may be stand-alone scanning devices attached to a computer.
Fingerprints are unique and complex enough to provide a robust template for authentication as shown in the fig.1.3. Using multiple fingerprints from the same individual affords a greater degree of accuracy. Fingerprint identification technologies are among the most mature and accurate of the various biometric methods of identification.
Although end users should have little trouble using a fingerprint-scanning device, special hardware and software must be installed on the user’s computer. Fingerprint recognition implementation will vary according to the vendor and the degree of sophistication required. This technology is not portable since a scanning device needs to be installed on each participating user’s computer.