Abstract: Identity authentication technology is used to determine the legal identity of a user. There are password-based identity authentication technology, two-factor identity authentication, identity authentication based on x509 certificate, identity authentication based on USB key, identity authentication based on biometrics, and various identity authentication protocols, such as Kerberos, PAP for PPP protocol And CHAP etc.
table of Contents
1. Password-based authentication
3. Identity authentication based on X509 certificate
4. Security authentication protocol
6. Identity authentication based on biometrics
Identity authentication technology
User identity authentication mechanism can be divided into two components: identity identification and identity authentication
Identity: the process of establishing information for users to confirm their identity
Identity authentication: the process by which the system determines the legal identity of the user
1. Password-based authentication
The password-based authentication method is that the user enters his own password, the computer verifies and gives the user the corresponding authority. In order to avoid transmitting passwords on the Internet, a challenge-response mechanism is adopted
Challenge-response mechanism
A wants to log in to B , and B needs to verify A ’s identity
1. A tells B his name, if B finds A 's record, then the next step
2. B proposes a random number (challenge) to A as a query
3. A encrypts the random number with its own private key (which can prove identity), and the result is returned to B
4. B uses A 's public key to decrypt the result, if it is correct, the verification is passed
2. Two-factor authentication
Proving a person's identity by combining two different conditions is called two-factor authentication. The two-factor authentication mechanism usually adds a physical factor to the static password to form a secure password that others cannot copy and see through.
3. Identity authentication based on X509 certificate
The X.509 certificate-based authentication technology relies on a jointly-reliant third party to achieve authentication. The third party that can be relied on here
refers to the CA's certification body. The certification based on X.509 certificate actually transforms the trust between individuals into the trust of the individual to the organization.
4. Security authentication protocol
Kerberos
Kerberos is an authentication protocol for access by ticket. If you compare the passenger to the client and the train to the server, then the authentication process will involve two tickets.
The first step: the user buys a train ticket and goes to the window to verify
Step 2: The window verifies whether the identity information of the purchased ticket is consistent with your own identity information. If the verification is passed, you will be given another ticket
The third step: the user takes the second ticket and walks to the gate of the train, and checks whether the seat information of the train is consistent with the security inspector
Step 4: Pass the verification and get on the train successfully
NSSK
Using symmetric encryption algorithm, control through the key distribution center KDC
PAP
(PassWord Authentication Protocol, PAP) password authentication protocol, mainly for PPP protocol
CHAP
(Challenge-Handshake Authentication Protocol) The challenge-handshake authentication protocol is mainly for PPP. In addition to being used at the beginning of dial-up, it can also be used at any time after the connection is established.
RADIUS
(Remote Authentication Dial In UserService,RADIUS)
5.USB Key authentication
It uses a combination of software and hardware, a strong two-factor authentication mode with one password at a time, which solves the contradiction between security and ease of use. USB Key is a hardware device with USB interface . It has a built-in single-chip microcomputer or smart card chip, which can store the user's key or digital certificate , and use Usbkey's built-in password algorithm to realize the authentication of the user's identity
6. Identity authentication based on biometrics
For example: fingerprint recognition technology, face recognition technology, iris recognition technology, palmprint recognition technology, voice recognition technology, handwriting recognition technology