Authentication
many-to-one mapping,
a certificate maps to many user accounts (a group of users share the same certificate).
Circumvention
allows for acceptable substitutes for the attribute in case the original attribute is missing or can't be read.
crossover error rate
also called the equal error rate, is the point at which the number of false positives matches the number of false negatives in a biometric system. Select the system with the lowest crossover error rate within your budget.
Time-based One-Time Passwords (TOTP)
are based on time-synchronization between the client providing the password and the authentication server.
Photo IDs
are very useful when combined with other forms of authentication, but are high risk if they are the only form of required authentication.
Smart cards
contain a memory chip with encrypted authentication information
one-to-one mapping
each certificate maps to an individual user account (each user has a unique certificate).
Collectability
ensures that the attribute can be measured easily.
challenge-response password
generates a random challenge string. The challenge text is entered into the token, along with the PIN. The token then uses both to generate a response used for authentication
synchronous dynamic password
generates new passwords at specific intervals on the hardware token. Users must read the generated password and enter it along with the PIN to gain access
asynchronous dynamic password
generates new passwords based on an event, such as pressing a key.
Acceptability
identifies the degree to which the technology is accepted by users and management.
Biometric systems
include multiple scans of the biological attribute. Scans are then translated into a numeric constellation map of critical points. That mathematical representation is bound to a digital certificate that links to the subject's user account in the user database
Identification
is the initial process of confirming the identity of a user requesting credentials and occurs when a user types in a user ID to log on
Authentication
is the verification of the issued identification credentials. It is usually the second step in the identification process, and establishes the user's identity, ensuring that users are who they say they are.
• Universality
means that all individuals possess the attribute.
Permanence
means that the attribute always exists and will not change over time.
Uniqueness
means that the attribute is different for each individual.
A false negative (or Type I error)
occurs when a person who should be allowed access is denied access
false positive (or Type II error)
occurs when a person who should be denied access is allowed access.
processing rate,
or system throughput, identifies the number of subjects or authentication attempts that can be validated. An acceptable rate is 10 subjects per minute or more.
static password
the password is saved on the token device. Swiping the token supplies the password for authentication.
HMAC-based One-Time Passwords (HOTP)
use a mathematical algorithm to generate a new password based on the previous password that was generated.
Swipe cards
(similar to credit cards) with authentication information stored on the magnetic strip.