Security with bite: 15 technologies tested

Summary:In this special review, we round up the various authentication devices on the market. From fingerprint scanners, to single sign-on software and biometric technology -- we have the authentication market covered.

Authentication vs authorisation
Passwords and token devices
Single sign-on
Smartcards/Proximity Cards
Smartcards (cont.)
Biometrics (cont.)
Digital Certificates/Signatures
Notebook with fingerprint scanner
About RMIT

Authentication vs authorisation

The definition for authentication as found in the Webopedia is: "The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorisation, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual."

Authorisation, according to Webopedia, is: "The process of granting or denying access to a network resource. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorisation, which allows the user access to various resources based on the user's identity." For the purpose of this review on data authentication, a "subject" is the identity attempting to access a device, and an "object" is the device.

Factors of Authentication
There are several types of authentication, one of the most commonly used is a password or personal identification number (PIN). This is known as single factor authentication -- something the subject knows. One of the most secure authentication processes would use a combination of factors such as something the subject knows (password, passphrase, or PIN), something they have (smartcard, token, or tag) and something they are (fingerprint, handwriting, iris, or retina scan, and so on).

Other behind-the-scenes authentication techniques used are digital certificates and digital signatures. Pretty Good Privacy (PGP) uses keys and digital signatures to enable authentication of e-mail messages to ensure that they came from whom they said they did. Likewise, secure Web sites use digital certificates to let the subject know that they are whom they say they are and that they can be trusted.

Topics: Security, Enterprise Software, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.