Business PME is a gate of free information bound for the companies in the United States of America. This website offers thousands of contents as well as a companies directory.
The group’s other BtoB websites
-- Professional Networking
Friday Janu. 9th 2009
Searcharticles Search
companies
- Strategy
- Marketing
- Advertising
- Trade
- Human Ress.
- Law & Rights
- Economics
- Finance
- Production
- Technologies
Authentication | ||
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program. In a web of trust, "authentication" is a way to ensure users are who they say they are—that the user who attempts to perform functions in a system is in fact the user who is authorized to do so. To distinguish authentication from the closely related term authorization, the short-hand notations A1 (authentication) and A2 (authorization) are occasionally used. The terms AuthN and AuthZ are also used to make this distinction in some communities. The problem of authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own. Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization. Access ControlOne familiar example is access control. A computer system supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some established degree of confidence the identity of the user, thence granting those privileges as may be authorized to that identity. Common examples of access control involving authentication include: * withdrawing cash from an ATM. * controlling a remote computer over the Internet. * using an Internet banking system. However, note that much of the discussion on these topics is misleading because terms are used without precision. Part of this confusion may be due to the 'law enforcement' tone of much of the discussion. No computer, computer program, or computer user can 'confirm the identity' of another party. It is not possible to 'establish' or 'prove' an identity, either. There are tricky issues lurking under what appears to be a straightforward surface. It is only possible to apply one or more tests which, if passed, have been previously declared to be sufficient to proceed. The problem is to determine which tests are sufficient, and many such are inadequate. There have been many instances of such tests having been spoofed successfully; they have by their failure shown themselves, inescapably, to be inadequate. Many people continue to regard the test(s) -- and the decision to regard success in passing them—as acceptable, and blame their failure on 'sloppiness' or 'incompetence' on the part of someone.
The problem is that the test was supposed to work in practice -- not under ideal conditions of no sloppiness or incompetence—and did not. It is the test which has failed in such cases. Consider the very common case of a confirmation email which must be replied to in order to activate an online account of some kind. Since email can easily be arranged to go to or come from bogus and untraceable addresses, this is just about the least robust authentication possible. Success in passing this test means little, without regard to sloppiness or incompetence. Copyright 2008 - France BtoB from Wikipédia
|
• History of data warehousing
• Authentication • Open standards • Utility computing • Social Engineering Techniques/Terms • ADSL in the United States • Electronic data processing | |
