Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one.

Authentication methods for objects

Main article: Provenance

In art, antiques, and anthropology, a common problem is verifying that a given artifact was produced by a certain famous period, or was produced in a certain place or period of history. Provenance, from the French provenir, "to come from" means the Origin, or the source, of something or the history of the ownership or location Art refers to a diverse range of Human activities creations and expressions that are appealing to the Senses or Emotions of a human individual An antique ( Latin: antiquus; old is an old Collectible item It is collected or desirable because of its age rarity condition utility or other unique Anthropology (/ˌænθɹəˈpɒlədʒi/ from Greek grc ἄνθρωπος anthrōpos, "human" -λογία -logia) is the study of

There are two types of techniques for doing this.

The first is comparing the attributes of the object itself to what is known about objects of that origin. For example, an art expert might look for similarities in the style of painting, check the location and form of a signature, or compare the object to an old photograph. An archaeologist might use carbon dating to verify the age of an artifact, do a chemical analysis of the materials used, or compare the style of construction or decoration to other artifacts of similar origin. Archaeology, archeology, or archæology (from Greek grc ἀρχαιολογία archaiologia – grc ἀρχαῖος archaīos Radiocarbon dating is a Radiometric dating method that uses the naturally occurring Radioisotope Carbon-14 (14C to determine the age of The physics of sound and light, and comparison with a known physical environment, can be used to examine the authenticity of audio recordings, photographs, or videos.

Attribute comparison may be vulnerable to forgery. Forgery is the process of making adapting or imitating objects statistics or documents (see False document) with the intent to deceive. In general, it relies on the fact that creating a forgery indistinguishable from a genuine artifact requires expert knowledge, that mistakes are easily made, or that the amount of effort required to do so is considerably greater than the amount of money that can be gained by selling the forgery.

Criminal and civil penalties for fraud, forgery, and counterfeiting can reduce the incentive for falsification, depending on the risk of getting caught. In the broadest sense a fraud is a Deception made for personal gain or to damage another individual Forgery is the process of making adapting or imitating objects statistics or documents (see False document) with the intent to deceive. A counterfeit is an imitation that is made usually with the intent to deceptively represent its content or origins

The second type relies on documentation or other external affirmations. For example, the rules of evidence in criminal courts often require establishing the chain of custody of evidence presented. Rules of evidence govern whether when how and for what purpose proof of a case may be placed before a Trier of fact for consideration Chain of custody refers to the chronological documentation and/or Paper trail, showing the seizure custody control transfer analysis and disposition of Evidence This can be accomplished through a written evidence log, or by testimony from the police detectives and forensics staff that handled it. Some antiques are accompanied by certificates attesting to their authenticity. External records have their own problems of forgery and perjury, and are also vulnerable to being separated from the artifact and lost. Perjury, also known as forswearing, is the act of lying or making verifiably false statements on a material matter under Oath or Affirmation in a

Currency and other financial instruments commonly use the first type of authentication method. A currency is a unit of exchange, facilitating the transfer of Goods and/or services It is one form of Money, where money is Bills, coins, and cheques incorporate hard-to-duplicate physical features, such as fine printing or engraving, distinctive feel, watermarks, and holographic imagery, which are easy for receivers to verify. A cheque (spelled check in American English) is a Negotiable instrument instructing a Financial institution to pay a specific amount of Holography (from the Greek, ὅλος - hólos whole + γραφή - grafē writing drawing is a technique that allows the

Consumer goods such as pharmaceuticals, perfume, fashion clothing can use either type of authentication method to prevent counterfeit goods from taking advantage of a popular brand's reputation (damaging the brand owner's sales and reputation). A trademark is a legally protected marking or other identifying feature which aids consumers in the identification of genuine brand-name goods. A trademark or trade mark, represented by the symbols ™ and ®, or mark is a distinctive sign or indicator used by an individual

Information content

The authentication of information can pose special problems, and is often wrapped up with authenticating identity.

Literary forgery can involve imitating the style of a famous author. Literary forgery, also Literary forgeries and mystifications, pertains to some Writing, especially in Literature, such as a Manuscript, presented If an original manuscript, typewritten text, or recording is available, then the medium itself (or its packaging - anything from a box to e-mail headers) can help prove or disprove the authenticity of the document. A manuscript is any Document that is Written by hand as opposed to being printed or reproduced in some other way In Information technology, header refers to supplemental Data placed at the beginning of a block of data being stored or transmitted

However, text, audio, and video can be copied into new media, possibly leaving only the informational content itself to use in authentication.

Various systems have been invented to allow authors to provide a means for readers to reliably authenticate that a given message originated from or was relayed by them. These involve authentication factors like:

• A difficult-to-reproduce physical artifact, such as a seal, signature, watermark, special stationery, or fingerprint. A seal can mean a wax seal bearing an impressed figure or an embossed figure in paper with the purpose of authenticating a document but the term can also mean any device for A signature (from Latin signare, " Sign " is a handwritten (and sometimes stylized depiction of someone's name nickname or even a simple A watermark is a recognizable image or pattern in Paper that shows in various shades of lightness/darkness when viewed by transmitted light (or when viewed by reflected Stationery has historically meant a wide gamut of materials Paper and Office supplies, Writing implements Greeting cards etc A fingerprint is an impression of the friction ridges of all or any part of the finger
• A shared secret, such as a passphrase, in the content of the message. In Cryptography, a shared secret is a piece of data only known to the parties involved in a secure communication
• An electronic signature; public key infrastructure is often used to cryptographically guarantee that a message has been signed by the holder of a particular private key. The term electronic signature has several meanings Among the more expansive is that given by US law influenced by ABA committee white papers and the uniform law promulgated In Cryptography, a public key infrastructure ( PKI) is an arrangement that binds Public keys with respective user identities by means of a Certificate

The opposite problem is detection of plagiarism, where information from a different author is passed of as a person's own work. Plagiarism is the unauthorized use or close imitation of the language and thoughts of another author and the representation of them as one's own original work A common technique for proving plagiarism is the discovery of another copy of the same or very similar text, which has different attribution. In some cases excessively high quality or a style mismatch may raise suspicion of plagiarism.

Factual verification

Determining the truth or factual accuracy of information in a message is generally considered a separate problem from authentication. The meaning of the word truth extends from Honesty, Good faith, and Sincerity in general to agreement with Fact or Reality A wide range of techniques, from detective work to fact checking in journalism, to scientific experiment might be employed. A fact checker is the person who checks factual assertions in Non-fictional text usually intended for publication in a periodical, to determine their veracity In scientific inquiry an experiment ( Latin: Ex- periri, "to try out" is a method of investigating particular types of research questions or

Authentication factors and identity

An authentication factor is a piece of information used to authenticate or verify a person's identity for security purposes.

Human authentication factors are generally classified into three cases:

• Something the user has (e. Human beings, humans or man (Origin 1590–1600 L homō man OL hemō the earthly one (see Humus Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as g. , identity document or card, security token, software token, phone, or cell phone)
• Something the user knows (e. An identity document, also called a piece of identification ( ID) is a document used to verify aspects of a person's Identity. A security token (or sometimes a hardware token, hard token, authentication token, cryptographic token, or key fob) may be a physical A software token is a type of Two-factor authentication security device that may be used to authorize the use of computer services Within Phonetics, a phone is a speech sound or gesture considered a physical event without regard to its place in the Phonology of a Language g. , a password, pass phrase, or personal identification number (PIN))
• Something the user is or does (e. In computing a password is a Word or string of characters that is entered often along with a user name, in modern times usually into a computer system A passphrase is a sequence of words or other text used to control access to a computer system program or data A personal identification number (PIN is a secret numeric Password shared between a user and a system that can be used to authenticate the user to the system g. , fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature or voice recognition, unique bio-electric signals, or another biometric identifier)

Other authentication factors include:

• Social networking^[1] or
• A web of trust forming relationships between authentication credentials
• Location-based authentication, such as that employed by credit card companies to ensure a card is not being used in two places at once. A fingerprint is an impression of the friction ridges of all or any part of the finger The vertebrate retina is a light sensitive part inside the inner layer of the Eye. Deoxyribonucleic acid ( DNA) is a Nucleic acid that contains the genetic instructions used in the development and functioning of all known A signature (from Latin signare, " Sign " is a handwritten (and sometimes stylized depiction of someone's name nickname or even a simple Voice recognition redirects here For software that converts speech to text see Speech recognition. Biometrics ( ancient Greek: bios life metron measure refers to two very different fields of study and application A social network is a Social structure made of nodes (which are generally individuals or organizations that are tied by one or more specific types of interdependency such as
• Time-based authentication, such as only allowing access during normal working hours.

Two-factor authentication

Main article: Two-factor authentication

Often a combination of methods is used, e. An Authentication factor is a piece of Information and Process used to authenticate or verify a person's Identity or other entity requesting access g. , a bankcard and a PIN, in which case the term two-factor authentication is used. An Authentication factor is a piece of Information and Process used to authenticate or verify a person's Identity or other entity requesting access Business networks may require users to provide a password and a random number from a security token. A security token (or sometimes a hardware token, hard token, authentication token, cryptographic token, or key fob) may be a physical

Historically, fingerprints have been used as the most authoritative method of authentication, but recent court cases in the US and elsewhere have raised fundamental doubts about fingerprint reliability. A fingerprint is an impression of the friction ridges of all or any part of the finger Other biometric methods are promising (retinal and fingerprint scans are an example), but have shown themselves to be easily spoofable in practice. Forgery is the process of making adapting or imitating objects statistics or documents (see False document) with the intent to deceive. Hybrid or two-tiered authentication methods offer a compelling solution, such as private keys encrypted by fingerprint inside of a USB device.

In a computer data context, cryptographic methods have been developed (see digital signature and challenge-response authentication) which are currently not spoofable if and only if the originator's key has not been compromised. A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a handwritten Signature In Computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge" and another party must provide That the originator (or anyone other than an attacker) knows (or doesn't know) about a compromise is irrelevant. It is not known whether these cryptographically based authentication methods are provably secure since unanticipated mathematical developments may make them vulnerable to attack in future. If that were to occur, it may call into question much of the authentication in the past. In particular, a digitally signed contract may be questioned when a new attack on the cryptography underlying the signature is discovered. A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a handwritten Signature Legal instrument is a legal Term of art that is used for any written legal document such as a Certificate, a Deed, a will

Strong authentication

The U.S. Government's National Information Assurance Glossary defines strong authentication as

layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information. The United States of America —commonly referred to as the The federal government of the United States is the central United States Governmental body established by the United States Constitution. Committee on National Security Systems Instruction No 4009 National Information Assurance Glossary, published by the United States federal government is an unclassified

Authentication vs. authorization

To distinguish "authentication" from the closely related term "authorization," the short-hand notations A1 (authentication) and A2 (authorization) are occasionally used. The terms AuthN / AuthZ or Au / Az are also used to make this distinction in some communities.

The problem of authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. Standardization (or standardisation) is the process of developing and agreeing upon technical standards. A security protocol ( cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security -related function However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.

Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization.

Access control

One familiar use of authentication and authorization is access control. Access control is the ability to permit or deny the use of a particular resource by a particular entity A computer system supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some established degree of confidence the identity of the user, thence granting those privileges as may be authorized to that identity. Common examples of access control involving authentication include:

• Withdrawing cash from an ATM.
• Logging in to a computer
• Using an Internet banking system. Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual Bank,
• Entering a country with a passport
• Using a confirmation email to verify ownership of an e-mail address
• A computer program using a blind credential to authenticate to another program
• A captcha is a means of proving that a user is a human being and not a computer program. A passport is a document issued by a national government which certifies for the purpose of international travel the identity and nationality of its holder A blind credential is a token asserting that someone qualifies under some criteria or has some status or right without revealing "who" that person is &mdash without including A CAPTCHA (ˈkæptʃə is a type of challenge-response test used in Computing to ensure that the response is not generated by a computer

In some cases, ease of access is balanced against the strictness of access checks. For example, the credit card network does not require a personal identification number, and small transactions usually do not even require a signature. A credit card is part of a system of Payments named after the small Plastic card issued to users of the system A personal identification number (PIN is a secret numeric Password shared between a user and a system that can be used to authenticate the user to the system The security of the system is maintained by limiting distribution of credit card numbers, and by the threat of punishment for fraud.

Security experts argue that it is impossible to prove the identity of a computer user with absolute certainty. It is only possible to apply one or more tests which, if passed, have been previously declared to be sufficient to proceed. The problem is to determine which tests are sufficient, and many such are inadequate. Any given test can be spoofed one way or another, with varying degrees of difficulty.

History

See also

• Fingerprint Verification Competition
• Public key cryptography
• Geo-location
• Kerberos
• Needham-Schroeder protocol
• Secure Shell
• Encrypted key exchange (EKE)
• Secure remote password protocol (SRP)
• Closed-loop authentication
• RADIUS
• Diameter (protocol)
• HMAC
• EAP
• Two-factor / strong authentication
• Authorization
• Biometrics
• Authentication OSID
• CAPTCHA
• TCP Wrapper
• Secret sharing
• Athens access and identity management
• OpenID – an authentication method for the web
• Point of Access for Providers of Information - the PAPI protocol
• Java Authentication and Authorization Service
• Chip Authentication Program
• Recognition of human individuals

External links

• PHP full implementation (LGPL) of a token grid authentication. Fingerprint Verification Competition ( FVC) is an international competition focused on Fingerprint verification software assessment Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key Geolocation refers to identifying the real-world geographic location of an Internet connected computer mobile device website visitor or other Kerberos is a Computer network Authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one The term Needham-Schroeder protocol can refer to one of two communication protocols intended for use over an insecure network both proposed by Roger Needham and Secure Shell or SSH is a Network protocol that allows data to be exchanged using a Secure channel between two networked devices Encrypted Key Exchange (also known as EKE) is a family of Password-authenticated key agreement methods described by Steven M The Secure Remote Password Protocol ( SRP) is a Password-authenticated key agreement protocol Closed-loop Authentication, as applied to Computer network communication refers to a mechanism whereby one party verifies the purported identity of another Remote Authentication Dial In User Service ( RADIUS) is a networking protocol that provides centralized access authorization and accounting management for people or computers Diameter is a computer networking protocol for AAA (Authentication Authorization and Accounting In Cryptography, a keyed-Hash Message Authentication Code ( HMAC or KHMAC) is a type of Message authentication code (MAC calculated using a Extensible Authentication Protocol, or EAP, is a universal Authentication framework frequently used in wireless networks and Point-to-Point connections An Authentication factor is a piece of Information and Process used to authenticate or verify a person's Identity or other entity requesting access Biometrics ( ancient Greek: bios life metron measure refers to two very different fields of study and application The Authentication Open Service Interface Definition ( OSID) is an O A CAPTCHA (ˈkæptʃə is a type of challenge-response test used in Computing to ensure that the response is not generated by a computer TCP Wrapper is a host-based Networking ACL system used to filter network access to Internet Protocol servers on ( Unix-like) Operating systems Secret sharing refers to any method for distributing a secret amongst a group of participants each of which is allocated a share of the secret Athens is an Access and Identity Management service that is supplied by Eduserv to provide Single sign-on to protected resources combined with full user management OpenID is a shared identity service which allows Internet users to log on to many different web sites using a single Digital identity, Single sign-on PAPI ( Point of Access for Providers of Information) is a system for providing access control to restricted information resources across the Internet Java Authentication and Authorization Service, or JAAS, pronounced "Jazz" is a Java security framework for user-centric security to augment the Java code-based The Chip Authentication Program (CAP is a MasterCard and Visa initiative and technical specification for using EMV banking Smartcards for Recognition of human individuals involves physical recognition such as visual auditory or behavior recognition
• Password Management Best Practices.
• Password Policy Guidelines.
• General Information on Enterprise Authentication.
• Advanced Authentication Solutions as an alternative
• Fourth-Factor Authentication: Somebody You Know or episode 94,related on it - on SecurityNow.
• ISBN 038726194X - Biometric User Authentication for IT Security: Vielhauer, Claus 2005