Authentication in Verifying the Identity of a Person/Software

Authentication refers to the task of verifying the identity of a person/software connecting to an application. The simplest form of authentication consists of a secret password that must be presented when a user connects to the application. Unfortunately, passwords are easily compromised, for example, by guessing, or by sniffing of packets on the network if the passwords are not sent encrypted. More robust schemes are needed for critical applications, such as online bank accounts. Encryption is the basis for morerobust authentication schemes. Many applications use two-factor authentication, where two independent factors (that is, pieces of information or processes) are used to identify a user.

The two factors should not share a common vulnerability; for example, if a system merely required two passwords, both could be vulnerable to leakage in the same manner. While biometrics such as fingerprints or iris scanners can be used in situations where a user is physically present at the point of authentication, they are not very meaningful across a network. Passwords are used as the first factor in most such two-factor authentication schemes. Smart cards or other encryption devices connected through the USB interface, which can be used for authentication based on encryption techniques are widely used as second factors.

Encryption refers to the process of transforming data into a form which cannot be readable. unless the reverse process of decryption is applied. Encryption algorithms use an encryption key to perform encryption, and require a decryption key (which could be the same as the encryption key depending on the encryption algorithm used) to perform decryption. Previously it was used for transmitting messages, using a secret key known only to the sender and the intended receiver. Even if the message is intercepted by an enemy, the enemy, not knowing the key, will not be able to decrypt and understand the message which was sent. Encryption is widely used today for protecting data in transit in a variety of applications such as data transfer on the Internet, and on cellular phone networks. Encryption is also used to carry out other tasks, such as authentication

After users are successfully authenticated against the selected data source, they are than authorized for specific data or database or network resources. Authorization is basically what a user can and cannot do on the network after that user is authenticated. Authorization is typically implemented using a AAA server-based solution. Authorization uses a created set of attributes that describes the user’s access to the specific data or database. These attributes are compared to information contained within the AAA database, and determination of restrictions for that user is made and delivered to the local router where the user is connected.