Authentication and access control (From Wikipedia) Authentication is the act of establishing or confirming something(or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system
Authentication and Access Control (From Wikipedia) • Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system Topic 3: User Authentication 62/3/2021
Why Audit? Do not have enough information during decision making time to make a HOSPITAL judgment whether an access request is valid SPEED It is difficult to weigh in all possible LIMIT conditions of a valid access request 65 Specially relevant when legitimacy of access request depends on contextual information
Why Audit? • Do not have enough information during decision making time to make a judgment whether an access request is valid • It is difficult to weigh in all possible conditions of a valid access request • Specially relevant when legitimacy of access request depends on contextual information Topic 3: User Authentication 72/3/2021
Our concentration today is user authentication
Our concentration today is user authentication Topic 3: User Authentication 82/3/2021
Scenarios Requiring User Authentication Logging into a local computer Logging into a remote computer Logging into a network Accessing websites (A)I am John (B)Yeah, Right. (C)I am John, here is my token (D)OKAY 9
Scenarios Requiring User Authentication • Logging into a local computer • Logging into a remote computer • Logging into a network • Accessing websites (A) I am John (B) Yeah, Right. (C) I am John, here is my token (D) OKAY Topic 3: User Authentication 92/3/2021
Authentication token Based on something the user know EXample: Passphrase, password Based on something the user possesses Example: Smart card or token Based on something the user is Example: Biometric
Authentication Token • Based on something the user know • Example: Passphrase, password • Based on something the user possesses • Example: Smart card or token • Based on something the user is • Example: Biometric Topic 3: User Authentication 102/3/2021