2.4 Summarize authentication and authorization design concepts. Flashcards
Authentication is the act of proving a claimed identity using one or more authentication factors.
Authentication Methods
A managed list of network resources. It is effectively a network index or network telephone book of the systems and their shared resources.
Directory Services
Used to allow clients to interact with directory service resources. LDAP is based on x.500 and uses TCP ports 389 and 636. It uses a tree structure with a district root.
Lightweight Directory Access Protocol (LDAP) (Directory Services)
Federation or federated identity is a means of linking a subject’s accounts from several sites, services, or entities in a single account.
Federation
Attestation is proof or evidence of something. In some circumstances, attestation is when something is signed by a witness to prove its origin or veracity.
Attestation
Tokens or synchronous dynamic password tokens that are devices or applications that generate passwords at fixed time intervals.
Time based-one on one - time password (T0TP) (Technologies)
Tokens or asynchronous dynamic password tokens that are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC operation.
HMAC - based one-time passwords
Short message service (SMS) or texting can be used as a mechanism of two-step authentication.
Short message service (SMS)
A form of authentication factor that is something you have. It’s usually a hardware device, but it can be implemented in software as a logical token.
Token (key)
A static code is a value that does not change. It is the same value each time it is used, even when used by multiple subjects.
Static Code
Authentication applications are software products that assist with logons. These can include credential managers as well as TOTP/ HOTP apps.
Authentication applications
Occurs when a website or online service sends the customer/user a message through an installed mobile app that is then automatically displayed to the user.
Push Notifications
An alternate authentication option that involves calling the user/customer either to provide them a code or passphrase or to answer questions.
Phone Call authentication
Credit card–sized IDs, badges, or security passes with embedded integrated circuit chips. They can contain information about the authorized bearer that can be used for identification and/or authentication purposes.
Smart card(s) (authentication)
The collection of physical attributes of the human body that can be used as authentication factors (something you are).
Biometrics
These factors include fingerprints, palm scans, hand geometry, retinal scans, iris scans, facial recognition, voice recognition, vein recognition, gait analysis, signature dynamics, and keyboard dynamics.
Biometric Factors
A scanner used to analyze the visible patterns of skin ridges on the fingers and thumbs of people. This scanner is thought to be unique to an individual and have been used for decades in physical security for identification, and they are now often used as an electronic authentication factor as well.
Fingerprints
These scans focus on the pattern of blood vessels at the back of the eye. They are the most accurate form of biometric authentication and are able to differentiate between identical twins. However, they are the least acceptable biometric scanning method for employees because they can reveal medical conditions, such as high blood pressure and pregnancy. The patterns analyzed in these scans can also change as people age and retinas deteriorate.
Retina
These scanners focus on the colored area around the pupil. They are the second most accurate form of biometric authentication. These scans are often recognized as having a longer useful authentication life span than other biometric factors because the iris remains relatively unchanged throughout a person’s life (barring eye damage or illness). These scans are considered more acceptable by general users than retina scans because they don’t reveal personal medical information.
Iris
These scans are based on the geometric patterns of faces for detecting authorized individuals. These scans are used to identify and authenticate people before accessing secure spaces, such as a secure vault.
Facial
This recognition software is a type of biometric authentication that relies on the characteristics of a person’s speaking voice, known as a voiceprint.
Voice
Vein recognition or vascular biometrics measures the unique vein pattern through the use of near-infrared light to “see” through the skin. Vein recognition can be used on any part of the body, but common focuses are fingertips, back of hand, and cheek.
(Page 176).
Vein
….
Gait analysis
….
Efficacy rates
….
False acceptance
….
False rejectionn
…..
Crossover error rate