-
Authentication
-
An authentication system is how you identify yourself to the computer. The goal behind an authentication system is to verify that the user is actually who they say they are.
There are many ways of authenticating a user. Any combination of the following are good examples.
-
Password based authentication
-
Requires the user to know some predetermined quantity (their password).
- Advantages: Easy to impliemnt, requires no special equipemnt.
- Disadvantages: Easy to forget password. User can tell another user their password. Password can be written down. Password can be reused.
- Advantages: Easy to impliemnt, requires no special equipemnt.
-
Device based authentication
-
Requires the user to posses some item such as a key, mag strip, card, s/key device, etc.
- Advantages: Difficult to copy. Cannot forget password. If used with a PIN is near useless if stolen.
- Disadvantages: Must have device to use service so the user might forget it at home. Easy target for theft. Still doesn't actually actively identify the user.
- Advantages: Difficult to copy. Cannot forget password. If used with a PIN is near useless if stolen.
-
Biometric Authentication
-
- My voice is my passport. Verify me. This is from the movie sneakers and demonstrates one type of biometric authentication device. It identifies some physical charactistic of the user that cannot be seperated from their body.
-
Retina Scanners:
-
- Advantages: Accurately identifies the user when it works.
- Disadvantages: New technology that is still evolving. Not perfect yet.
- Advantages: Accurately identifies the user when it works.
-
Hand Scanners:
-
- Advantages: Difficult to seperate from the user. Accurately identifies the user.
- Disadvantages: Getting your hand stolen to break into a vault sucks a lot more than getting your ID card stolen.
- Advantages: Difficult to seperate from the user. Accurately identifies the user.
-
- My voice is my passport. Verify me. This is from the movie sneakers and demonstrates one type of biometric authentication device. It identifies some physical charactistic of the user that cannot be seperated from their body.
-
Requires the user to know some predetermined quantity (their password).
-
Authorization
-
Once the system knows who the user is through authentication, authorization is how the system decides what the user can do.
A good example of this is using group permissions or the difference between a normal user and the superuser on a unix system.
There are other more compicated ACL (Access Control Lists) available to decide what a user can do and how they can do it. Most unix systems don't impliment this very well (if at all.)
from: http://www.acm.uiuc.edu/workshops/security/auth.html
扫一扫
6466
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
