For example a special device known as a biometric

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: use of the system (or some resource of the system) by unauthorized users by verifying the identity of a user making a request. Authentication basically involves identification and verification. Identification is the process of claiming a certain identity by a user, while verification is the process of verifying the user's claimed identity. Thus, the correctness of an authentication process relies heavily on the verification procedure employed. The three basic approaches to user authentication are as follows: 1. Proof by Knowledge. In this approach, authentication involves verifying something that can only be known by an authorized user. Authentication of a user based on the password supplied by him/her is an example of proof by knowledge. Authentication methods based on the concept of proof by knowledge are again of two types - direct demonstration method and challenge-response method. In the direct demonstration method, a user claims his/her identity by supplying information (like typing in a password) that the verifier checks against pre-stored information. On the other hand, in the challenge-response method, a user proves his or her identity by responding correctly to the challenge questions asked by the verifier. For instance, at the time of initially registering in a system as a user, the user picks a function, for example, x + 18. When the user logs in, the system randomly selects and displays a number, say 105, in which case the user must type 123 for authentication to be successful. 2. Proof by Possession. In this approach, a user proves his/her identity by producing some item that can only be possessed by an authorized user. The system is designed to verify the produced item to confirm the claimed identity. For example, a plastic card with a magnetic strip on it that has a user identifier number written on it in invisible, electronic form may be used as the item to be produced by the user. The user inserts the card in a slot meant for this purpose in the system's terminal, which then extracts the user identifier number from the c...
View Full Document

This document was uploaded on 04/07/2014.

Ask a homework question - tutors are online