Authentication is the act of confirming the truth of an attribute of a datum or entity. This might involve confirming the identity of a person or assuring that a computer program is a trusted one.
The ways in which someone may be authenticated fall into three categories, based on what are known as the factors of authentication: something you know, something you have, or something you are. Each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority.
The three factors (classes) and some of elements of each factor are:
- the ownership factors: Something the user has (e.g., wrist band, ID card, security token, software token, phone, or cell phone)
- the knowledge factors: Something the user knows (e.g., a password, pass phrase, or personal identification number (PIN), challenge response (the user must answer a question))
- the inherence factors: Something the user is or does (e.g., fingerprint, retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), signature, face, voice, unique bio-electric signals, or other biometric identifier).
SecurIT and Strong Authentication
With the new TrustBuilder release, SecurIT intends to offer a platform that will take care of the complete usage cycle, ranging from validating the user’s identity, registration, activation and ongoing administration of the token, to validating the token at authentication time. Its workflow based policy engine will allow to easily integrate with existing security assets in the organization, lowering the barrier significantly from a cost and time-to-market perspective.
In addition, once a user has been authenticated, TrustBuilder allows to easily extend the user’s identity with context aware information, such as attributes or dynamic role assignment, in order to manage access to applications and resources, effectively addressing the security risks of mobile and online applications.
- Hardware token: little devices that users carry along
- Software token: active plug-ins in browsers (e.g. applet, ActiveX)
- Mobile token: mobile application for Smartphone
- SMS token: SMS sent to mobile phone