Identification and authentication
Identification and authentication belong to the category of technological methods of protection against unauthorized access.
By the security (durability) of the identification and authentication system, we will understand the guarantee that an attacker is not able to authenticate on behalf of another user. In this sense, the higher the durability of the authentication system, the more difficult it is for an attacker to solve this task. The identification and authentication system is one of the key elements of the infrastructure for protection against unauthorized access of any information system. There are three groups of authentication methods based on the presence of users:
an individual object of a given type;
individual biometric characteristics;
knowledge of some information known only to the user and the verifying party.
The first group includes authentication methods involving the use of ids, passes, magnetic cards and other wearable devices that are widely used to control access to premises, and are also part of software and hardware protection systems against unauthorized access to computer equipment.
The second group includes authentication methods based on the use of equipment for measuring and comparing the specified individual characteristics of the user with a standard: voice timbre, fingerprints, iris structure, etc. Such tools make it possible to authenticate the owner of a specific biometric feature with high accuracy, and it is almost impossible to "fake" biometric parameters.
The last group consists of authentication methods that use passwords. For economic reasons, they are included as basic means of protection in many hardware and software systems for information protection. All modern operating systems and many applications have built-in password protection mechanisms.
If the authentication procedure involves only two parties authenticating each other, this procedure is called direct authentication. If not only these parties are involved in the authentication process, but also other auxiliary ones, they talk about authentication with the participation of a trusted party. The third party is called an authentication server or an arbitrator.
When choosing one or another authentication protocol, it is necessary to determine which authentication is required - unilateral or mutual, whether a trusted third party should be used, and if so, which of the parties - the applicant or the verifier - will interact with it. Dialogless authentication protocols often also provide data integrity control.