Access Control Technologies 4.3 Flashcards

1
Q

Proximity Cards

A

Used for smart cards from close range. The card is a powerless device but inducts power from the reader. The card is not a large data storage device. It’s often used as an identifier for things like door access, library cards, payment systems. The identifier is linked to data stored elsewhere.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smart Cards

A

Integrated circuit card, contact or contactless. Common on credit cards but also used for access control cards. Must have a physical card to slide into a reader to provide digital access. It has a digital certificate so you can cryptographically identify who is using the card. It is commonly paired with a PIN or password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Biometric Factors

A

Becoming more common to see fingerprint scanners, retinal scanners, iris scanners, voice recognition, or facial recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Biometric Acceptance Rates

A

Access via biometrics isn’t a perfect science. We measure how well biometrics are working by using a False Acceptance Rate (FAR), False Rejection Rate (FRR), and compare the systems by using a Crossover Error Rate (CER). CER is when FAR and FRR are equal values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Token Generators

A

Uses pseudo-random pin. Its what a WoW authenticator is. Can have an actual physical item or use your phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HMAC Based One Time Password (HOTP)

A

A pre-defined list of passwords. You use a password once, and never again. Each authentication attempt consumes one password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tome Based One Time Password (TOTP)

A

Authenticate via a secret key and the time of day. They key is configured ahead of time and the timestamp is synchronized via network time protocol (NTP). They are usually on 30s timeframes. Common methods used by Google, FB, Microsoft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Certificate Based Authentication

A

Smart card has a private key. Federal government uses a Personal Identity Verification (PIV) card. Has pictures, identification info. Military uses Common Access Card (CAC). Could also put a certificate on a mobile device or laptop. Uses IEEE 802.1x.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly