Handbook of Information Security Management:Physical Security
Profit and
Value from Information Technology
Ecommerce & Extranets :
Client Systems :
Enterprise Applications :
Application Development
Search the site:
ITLibrary
ITKnowledge
EXPERT SEARCH
Programming Languages
Databases
Security
Web Services
Network Services
Middleware
Components
Operating Systems
User Interfaces
Groupware & Collaboration
Content Management
Productivity Applications
Hardware
Fun & Games
EarthWeb sites
Crossnodes
Datamation
Developer.com
DICE
EarthWeb.com
EarthWeb Direct
ERP Hub
Gamelan
GoCertify.com
HTMLGoodies
Intranet Journal
IT Knowledge
IT Library
JavaGoodies
JARS
JavaScripts.com
open source IT
RoadCoders
Y2K Info
Previous
Table of Contents
Next
TOKENS
As human security forces shrink, there is more need to ensure that only authorized personnel can get into the computer room. A token is an object the user carries to authenticate his or her identity. These devices can be token cards, card readers, or biometric devices. They have the same purpose: to validate the user to the system. The most prevalent form is the card, an electric device that normally contains encoded information about the individual who is authorized to carry it. Tokens are typically used with another type of authentication. Many cipher locks have been replaced with token card access systems.
Challenge-Response Tokens
Challenge-response tokens supply passcodes that are generated using a challenge from the process requesting authentication (such as the Security Dynamics SecurID). Users enter their assigned user IDs and passwords plus a password supplied by the token card. This process requires that the user supply something they possess (the token) and something that they know (the challenge/response process). This process makes passcode sniffing and brute force attacks futile.
Challenge-response is an asynchronous process. An alternative to challenge-response is the synchronous token that generates the password without the input of a challenge from the system. It is synchronized with the authenticating computer when the user and token combination is registered on the system.
Dumb Cards
For many years, photo identification badges have sufficed as a credential for most people. With drivers licenses, passports, and employee ID badges, the picture along with the individuals statistics supplies enough information for the authentication process to be completed. Most people flash the badge to the security guard or give a license to a bank teller. Someone visually matches the ID holders face to the information on the card.
Smart Cards
The automatic teller machine (ATM) card is an improvement on the dumb card; these smart cards require the user to enter a personal ID number (PIN) along with the card to gain access. The ATM compares the information encoded on the magnetic stripe with the information entered at the ATM machine.
The smart card contains microchips that consist of a processor, memory used to store programs and data, and some kind of user interface. Sensitive information is kept in a secret read-only area in its memory, which is encoded during manufacturing and is inaccessible to the cards owner. Typically, these cards use some form of cryptography that protects the information. Not all smart cards work with card readers. A user inserts the card into the reader, the system displays a message, and if there is a match, then the user is granted access.
Types of Access Cards
Access cards employ different types of technology to ensure authenticity:
Photo ID cards contain a photograph of the users face and are checked visually.
Optical-coded cards contain tiny, photographically etched or laser-burned dots representing binary zeros and ones that contain the individuals encoded ID number. The cards protective lamination cannot be removed without destroying the data and invalidating the card.
Electric circuit cards contain a printed circuit pattern. When inserted into a reader, the card closes certain electrical circuits.
Magnetic cards, the most common form of access control card, contain magnetic particles that contain, in encoded form, the users permanent ID number. Data can be encoded on the card, but the tape itself cannot be altered or copied.
Metallic stripe cards contain rows of copper strips. The presence or absence of strips determines the code.
BIOMETRIC DEVICES
Every person has unique physiological, behavioral, and morphological characteristics that can be examined and quantified. Biometrics is the use of these characteristics to provide positive personal identification. Fingerprints and signatures have been used for years to prove an individuals identity, but individuals can be identified in many other ways. Computerized biometrics identification systems examine a particular trait and use that information to decide whether the user may enter a building, unlock a computer, or access system information.
Biometric devices use some type of data input device, such as a video camera, retinal scanner, or microphone, to collect information that is unique to the individual. A digitized representation of a users biometric characteristic (fingerprint, voice, etc.) is used in the authentication process. This type of authentication is virtually spoof-proof and is never misplaced. The data are relatively static but not necessarily secret. The advantage of this authentication process is that it provides the correct data to the input devices.
Fingerprint Scan
The individual places a finger in or on a reader that scans the finger, digitizes the fingerprint, and compares it against a stored fingerprint image in the file. This method can be used to verify the identity of individuals or compare information against a data base covering many individuals for recognition. Performance:
False rejection rate = 9.4%
False acceptance rate = 0
Average processing time = 7 seconds
Retinal Scan
This device requires that the user look into an eyepiece that laser-scans the pattern of the blood vessels. The patterns are compared to provide positive identification. It costs about $2,650. Performance:
False rejection rate = 1.5%
False acceptance rate = 1.5%
Average processing time = 7 seconds
Previous
Table of Contents
Next
Use of this site is subject certain Terms & Conditions.
Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited.
Please read our privacy policy for details.
Wyszukiwarka
Podobne podstrony:
200204 magiczne mikromacierzeid!685381 685index (683)683,21,artykulwww mediweb pl sex wyswietl vad php id=683685 Cassidy Carla Morskie opowieści 01 Zatopiona wyspa685 686683 (2)Nuestro Circulo 683 LUCES Y SOMBRAS, 26 de septiembre de 2015683 Ewidencja kosztów zakupu towarówNuestro Circulo 685 CTO ABSOLUTO ARGENTINO FINALES 2015 10 de octubre de 2015Kto w stajence ŚP 683więcej podobnych podstron