Shulou(Shulou.com)11/24 Report--

In life, we can not escape the fate of being authenticated every day, every day we need to scan the health code for authentication, and to enter the company campus, we need to swipe the card to authenticate; to log into the mobile bank App, we need facial scan authentication; to log on to the social network platform, we need account password authentication.

Identity authentication as the first barrier of protection, we need to carry out "identity authentication" both online and offline. We play different roles every day, such as employees, customers, managers, service providers, and so on. What kind of identity authentication do we face every day? how exactly is this achieved?

Identity authentication (that is, "identity authentication" or "identity authentication") is the process of confirming whether our true identity is consistent with our external identity, so as to determine whether our information is reliable, prevent illegal personnel from impersonating other legitimate personnel to obtain a series of relevant permissions, and ensure the security and legitimate interests of our information.

In reality, there are many ways of identity authentication, but most of them are based on three verification methods: information secret, trusted object and biometric.

Information secrets such as static passwords, shared keys, dynamic passwords, etc., based on known information to prove your identity (what you know), set some information only to some people. In the case of a password lock, the identity of the person can be confirmed by entering the password.

Trust objects such as smart cards, bank cards, certificates, keys, seals, etc., to prove your identity according to what you have (what you have). When you become an employee of a company, get a smart card that can identify you, prove that you belong to the company, and record your personal identity information.

Biological features such as face, iris, fingerprint, voice, handwriting, etc., according to your unique physical characteristics to prove your identity (who you are), based on the only constant biological characteristics of the human body, the use of the powerful function of computer and network technology for image processing and pattern recognition, compared with the traditional means of identity confirmation has good security, reliability and effectiveness.

In the information system, the computer only recognizes the user's digital identity, and the authorization to the user is the authorization to the user's digital identity. When we open the web page to connect to the server and enter the user name and password, the system will authenticate the user one-way. When the user name and password have been verified, the user can use the permissions assigned by the system to perform relevant operations. Because the user name and password are static passwords, they are easily intercepted by Trojans residing in computer memory or listening devices in the network.

In real life, each of us also has a lot of physical identities. In order to ensure that operators correspond to digital identities, most scenario applications combine two or more elements to form a secure and reliable identity authentication system. According to different means of identity authentication, identity authentication technology can be divided into:

According to the authentication equipment, identity authentication technology can be divided into software authentication and hardware authentication.

According to the authentication information, identity authentication technology can be divided into static authentication and dynamic authentication.

According to the verification conditions, identity authentication technology can be divided into single-factor authentication and two-factor authentication.

How are so many methods of identity authentication applied in reality? The editor has chosen several authentication technologies that we often encounter in life, and introduce them in detail.

Smart card authentication technology smart card is a kind of card with built-in integrated circuit, which contains data related to the user's identity. The smart card is produced by a specific manufacturer and verified by the combination of hardware and software. The smart card is small and easy to carry. When logging in, the corresponding hardware device needs to identify and read the information in order to verify the identity of the user. Smart card authentication is based on the trust object means, through the hardware + software two modes, double guarantee user identity information. However, because the data read from the smart card is still static, it is easy to intercept the user's authentication information through memory scanning or network monitoring and other technologies. Therefore, smart cards also have certain security risks.

PKI authentication technology PKI (Public Key Infrastructure, Public key Infrastructure) is an infrastructure that uses public key mechanism to provide security services. PKI is mainly used to issue "certificates of identity". Its core content is the mechanism for the production and distribution of certificates. The registry (RA) is only responsible for accepting the registration and application information of users, verifying the identity of users, and deciding whether or not to agree with the certification authority to issue digital certificates to applicants. The authentication authority (CA) is responsible for bundling the principal with the public key by issuing a certificate so that an identity corresponds to a pair of public / private keys. The certificate library is a relational database that centrally distributes certificates and provides public inquiries.

In the PKI mechanism, the public key can be freely distributed, and if the content sent is stolen by others, as long as the recipient's private key is not stolen, others can not crack it. A complete PKI system should also have certificate revocation system, key backup and recovery system, PKI application interface system and so on.

Dynamic password authentication technology uses dynamic password technology to make the user's password change dynamically according to time or number of use, and each password is used only once. At present, most dynamic passwords are applied to mobile clients, and the current password is generated according to the current time or the number of times used through a special password algorithm. The authentication server uses the same algorithm to calculate the current valid password. When using it, the user only needs to enter the current password displayed by the dynamic token into the client computer to confirm the identity. Since the password used each time must be generated by an OTP, when you have an OTP generator, you can authenticate yourself by getting the password. Because users use different passwords each time, even if hackers intercept a password, they will not be able to use it to impersonate the identity of legitimate users, but we must protect our own dynamic password generator.

No matter which kind of authentication, it is not 100% secure, so how should we avoid these insecure threats?

In daily life, because of the tedious authentication methods and frequent authentication process, people are often forced to choose passwords that are reused or easy to remember, which makes the account vulnerable to phishing and violent attacks. Of course, with the development of science and technology, the design of identity authentication system is constantly improving, and many authentication systems will choose multiple servers to perform information password authentication to prevent a large number of phishing attacks and keystroke recording software to intercept and obtain user passwords to ensure that the information is not disclosed. Authentication is difficult to prevent attacks, and then perfect technical solutions, it is better to start with their own, when setting passwords, should limit the repeated use of passwords, and need to be modified regularly, it is best to set letters, numbers, special characters and other combination passwords, especially the need to encrypt the content to set multiple passwords, set a high degree of security password and modify regularly to ensure the security of personal information.

That's all for today's sharing content. I believe you also know something about identity authentication. What other authentication methods do you know? Leave a message and tell the editor.

This article comes from the official account of Wechat: ZTE documents (ID:ztedoc)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.