We can use many
methods to restrict and protect data without effecting for one who require
Here am mentioning about the Authentication for protecting
Authentication refers to the task of
verifying the identity of a person/software connecting to an application.
Authentication is used for restricting data access to authorized users,
ensuring data modification by authorized users, ensuring availability of data
to authorised persons, and conclusively
tracing an action of an individual. The most primary form of data security is
the user authentication.
Users can be authenticated in many ways
– enabled bank card
Passwords are the most common method of using
confidential knowledge to authenticate users and the most traditional method of
securing a system. They are convenient for most users and easily understood
because of their widespread usage.
However, authenticating users by password alone
can have drawbacks. Users often choose a simple password (for example, a word
from the dictionary) so that they can remember it. Simple passwords limit the
password choices available to users; therefore, they are easier to guess. You
can lessen this problem by implementing advanced rules for passwords in your
organization. For example, you can require that a password be a certain length,
include capital letters, numbers, or characters, and that it be changed on a
regular basis either by the user or automatically. Unfortunately, as passwords
are made more complex, the likelihood that a user will write down a password
increases; thus, making possession of the written password enough to gain
access to the system.
Passwords can be stolen by shoulder sniffing or
network traffic, by tricking users into revealing their passwords, by
guesswork, or even by spying on users as they type (often easily done from
remote locations, such as from a nearby building).
Users may employ a single username or password
combinations, to avoid memorizing multiple user name/password combinations to
long on multiple accounts or systems. However, exposure of the user name and
password on one system can then compromise the security of other systems.
Although passwords can be one of the least expensive
user-authentication methods to deploy, the administrative costs can be high in
the long run, leading system administrators to look into other methods to
reduce total cost of ownership.
The user presents a token that remains in their
possession (something they have), such as a smart card or a key.
A stronger way to authenticate users is to provide
them with hardware tokens that contain the secrets required for authentication.
Smart cards are an emerging authentication technology for large enterprises
that require users to present a physical object (the smart card) that contains
their identities and a PIN, creating two-factor authentication.
A smart card is a credit card-sized hardware token
that must be physically carried by the user. The user inserts the smart card
into a card reader at the client computer, and then enters the required PIN to
access the stored identity and start the authentication process.
Smart cards come in two basic varieties: memory and
microprocessor. Memory cards simply store data and can be viewed as a small
floppy disk with security. During logon, the user provides a PIN to the card
and, if the PIN is correct, the card provides the password required for
authentication to the system. Memory cards are a cost-effective and popular
method of providing two-factor authentication because they prove the physical
presence of the user token and securely store the password required
for authentication during logon.
The chip on a microprocessor card securely stores
the user’s public key certificate and private key for use with public key infrastructure
(PKI), a system of digital certificates, certification authorities, and other
registration authorities that authenticates the user to the network (and the
network to the user) through the use of public key cryptography. The chip also
processes information during authentication so that security-critical
computations for authentication are restricted to the smart card, making
identity interception very difficult and preventing masquerading and data
A microprocessor card can also dedicate additional
processing power to serve applications besides authentication.
The user presents a personal physical attribute
(something they are), such as a fingerprint
Biometric authentication is an automatic method
that identifies a user or verifies their identity based upon the measurement of
his or her unique physiological traits or behavioral characteristics.
Scan: This biometric system’s strengths are its acceptance, convenience,
reliability, and price; however, it is one of the easiest physiologically based
biometrics to defeat.
Recognition: This biometric system is most suitable for identification scenarios in
non-cooperative settings, such as large venues, airports, and so on. The
technology has not developed the accuracy required for authenticating a user.
Scan/Iris Scan; This biometric system is more intrusive than other methods. Health
information about the user can be revealed during the scanning process and
diseases of the eye can alter the results over time.
Hand Geometry: This biometric
system requires fewer data points to yield good authentication results;
therefore, the storage space requirements are smaller than other biometric
authentication procedures, speeding up retrieval time. However, the it became
high False Match Rate (FMR) because hands are not as unique as fingerprints.