In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.
In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. This is carried out by software at a CA, possibly under human supervision, together with other coordinated software at distributed locations. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made un-forgeable in public key certificates issued by the CA.
A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting.
A Hardware Security Module (often abbreviated to HSM, also often called a Host Security Module) is a plug-in card (PCI) or external device (RS232/SCSI/IP/USB) for a general purpose computer and may even be an embedded system itself.
The job of the HSM is to securely generate and/or store long term secrets for use in cryptography and physically protect the access to and use of those secrets over time. Generally these are private keys used in Public-key cryptography; some HSMs also allow for hardware protection of symmetric keys.
User provisioning refers to the creation, maintenance and deactivation of user objects and user attributes, as they exist in one or more systems, directories or applications, in response to automated or interactive business processes.
In information systems, identity management, sometimes referred to as identity management systems, is the management of the identity life cycle of entities.
Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Sysec News
- Tuesday 8th July 2008
- Friday 9th May 2008
- Friday 25th April 2008
- Wednesday 2nd April 2008
Head Office
Sysec Ltd
St. Mary's Court
The Broadway
Amersham
Buckinghamshire
HP7 0UT
Tel: +44 (0) 870 041 1199
Fax: +44 (0) 870 041 1188
More Information
The foundation of Identity Assurance is proving,
"You are, who you say, you are".
With the reliance on IT systems and computer technology in everyday life, your identity must be proved beyond reasonable doubt. The Internet is fast becoming the medium of choice for business and consumers and is used daily to transmit and access sensitive data, but identity theft and fraud continues to be a major worry for individuals and organisations alike. It is therefore imperative that access to systems, which enable the transition of monies and sensitive information are secured.
Passwords alone are no longer a secure means to proving your identity, they can be easily guessed and social engineering is becoming common place. In addition, the stronger the password the more difficult it becomes for the end user to remember, which results in either the user writing the password down or forgetting it all together.
It is for these reasons that, Two Factor Authentication - the principle based on a physical (a security token) and a logical (a PIN number) entry code is becoming the accepted replacement to passwords. It's common adoption by, High street banks to secure online banking is evident of this. A range of security tokens are available in the market place. Examples include one-time-password tokens, USB keys, mobile phones, software based tokens for PDA's and PC's, smartcards and biometrics.
More and more organisations are beginning to utilise Public Key Infrastructure (PKI) to achieve Identity Assurance. A digital certificate issued by a trusted authority, which is stored on a smartcard is currently one of the strongest and reliable methods of positive digital identification. Due to open standards, most technologies now support certificate based authentication where applicable and a certificate on a smartcard can be used for authentication to Windows, VPN's, firewalls, websites, and pre-boot hard disk encryption amongst others. Because of this, one benefit of PKI is a single point of issuance and revocation to multiple systems and the importance of a device and certificate management system is key, especially if the organisation has a large user population.
