Comparison and Analysis of Smart Card Security Certification and Other Certification Systems
From the current point of view, there are already many authentication systems such as password authentication, PIN code authentication, "smart card", biometric identification, CHAP authentication, and two-factor authentication. There are big differences in the authentication methods for different security levels. Security is the most important consideration in the authentication method, but not all. We also need to pay attention to their compatibility, convenience and cost of use.
The modern information security system consists of three main components: certification, authorization, and accountability (audit). Certification is the most basic of these three factors because it occurs before the other two factors.
The term "authentication" or "user authentication" refers to determining the identity of those who require access to a computer, network, or computer resource. If one cannot distinguish one person from the unrestricted person, then the authorization to restrict the person's behavior becomes meaningless. If the credibility of a user's behavior record is questioned, then accountability or audit records cannot prevent user rights from being abused. If the system can decrypt the information at the request of an unidentified user and an unidentified user, then even if the system is encrypted for all the information, there is no value. All of this means that an approved and appropriate certification must be determined before the authorization rules, system encryption, and audit mechanisms work.
When configuring any security system, there is often a conflict between security and convenience. Organizations must strike a balance between the value of protected information and ease of use and the cost of configuring systems that meet their needs. In fact, a system that is "safe enough" and available to many people seems to be much more valuable than a system with a high level of security but few people. Because organizations have different levels of risk, multiple solutions are needed to meet different levels of security.
Memory password authentication
In the past, all computer security systems attempted to authenticate users with a single, in-memory password. In fact, all computers and networks are compatible with the memory password authentication scheme. However, in the past 20 years, the powerful and broad computer development trend has made the memory password authentication method hardly play a role in security at most.
Previously, the conventional remedy was to extend the number of digits of the password and increase its complexity, and constantly remind the user to change and remember their new password. Past experience has very clearly told us that these two methods do not work at all in the current use environment, and can not overcome the weaknesses in the two areas mentioned above.
With the advent of public networks, personal networks based on a wide range of topologies, PCs, and computer workers have to rethink the usual forms of authentication for memory ciphers, as many environments require more powerful authentication methods.
Although the security of a memory password is not very good, it is most convenient to use it in a low-risk environment. For example, a staff member can log in to a security company's network on a trusted basis. Here, this low level of security can meet the needs, and it can save a lot of time for employees. If an individual's physical smart card or port token is lost, the memorized password can also be used as a temporary dependable authentication mechanism.
PIN code authentication
A more advanced variant of a memorized password is a personal identification code or a "PIN" code defined by the American Banker's Association. PIN codes are widely used in conjunction with bank credit cards and ATMs.
Some people think that the PIN code is just a simple memory password that contains numbers. In reality, however, the PIN code is usually encrypted or consists of dynamic variables that are known only to the recipient and sender, which can compensate for the deficiencies. The difference between a PIN code and a password is that the PIN code can be transmitted over the public network without any risk, even if the opponent can monitor, record or reproduce the network route.
Because the mechanism for protecting the PIN code must be complex enough to resist attacks, the PIN code system typically has additional hardware at the user's location, where the computer is located, or both. These additional hardware that is compatible with current equipment must be carefully tailored, sometimes with considerable cost. PINs typically rely on shared devices and are not specific to individual users. When configured in accordance with ABA standards, authentication can be performed wherever a PASS code can be accepted, or in a memory password that cannot satisfy conditions 2 and 5 (on passwords can be stored, reproduced, and exposed on the network) Use it in the environment of passwords).
CHAP certification
The need for a more powerful memory-based password authentication system that can be applied to public networks - Internet Engineering Task Force has published a protocol standard and usage guidance called "CHAP." With this protocol, specially designed applications and network devices can issue password-written challenge/answer dialogs to determine each other's identities.
For users, CHAP authentication is usually automatic and at a glance. In fact, the main role of CHAP is not to authenticate users, but to help the "black box" to spread information. CHAP is common in modern gateway devices, such as routers and general servers, which ask and authenticate CHAP-encrypted memory passwords before allowing network connections.
CHAP authentication is compatible with almost all routers and general server devices, so it can be installed on almost all Internet gateways. It is also compatible with most PPP client software, including some of the mainstream PPP clients offered by Microsoft Windows. However, it is not compatible with most "legacy" applications, including most host devices and microcomputer login systems.
When transmitting over the Internet, CHAP has shown strong enough anti-attack. However, when CHAP is fully automated and transparent, it cannot accurately identify the identity of a human user. Even if it is required to enter a memory password and this password is still encrypted by CHAP, it still has the Achilles heel that is easily peeked by the person behind him. Therefore, generally accepted computer operations allow the use of CHAP authentication where the cryptographic password is recognized, and can also use CHAP authentication when the cryptographic password alone does not satisfy Condition 5 (network exposure). However, even the best CHAP configuration does not address the listed issues of Condition 3 (physical security and accessibility to the environment), as memory passwords are often not accessible from other computer workers around you.
Smart card authentication
A "smart card" is a small, credit card-like card. Thanks to its integrated block, this card can be embedded with real intelligence. Smart cards in certified applications contain confidential authentication information.
Currently smart cards are not yet compatible with many types of PCs and network workstations. When combined with an electronic card reader and power supply, they are simply "smart enough". The card reader is connected to a port, slot or socket and can be connected to a network computer.
A small, well-defined group of users is wise to choose a smart card in a professional, high-value or high-risk application; a regular software application can purchase, install, and configure a smart card reader. Unfortunately, adding a smart card reader will greatly increase the cost of this solution, and configuration in a large number of users is not feasible. No one can figure out a way to make the reader cheap enough to configure one for each computer user. And computer users are reluctant to leave their office chairs several times a day to use a shared card reader, even if it does reduce the cost of the company.
Biometric authentication
In recent years, various types of biometric devices have been developed, which are capable of accurately measuring fingerprints, retina patterns, palms, handwriting when writing legal signatures, or gestures typing on a computer keyboard. The information carried by such devices is often referred to as biological information, and it can often be a stable distinguishing feature that each user can recognize.
If a biometric device or software is used in a particular authentication system to obtain a unique sample of characteristics for all users, then it is generally accepted that security practices are permitted to pass through these biological systems in any area that recognizes the memory code and The memory cryptosystem is certified. These systems are also applicable to areas where the memory cipher cannot be safely used alone because the condition 3 cannot be satisfied.
But biological characteristics are not omnipotent, because authorized users cannot change their biometrics, so biological systems must be carefully designed to prevent users' biological properties from being exposed to unsafe environments.
This makes the biometric system aware that when actually transmitting biological properties, it is absolutely impossible to take a way that may be reproduced, or never to reveal their true value. Methods of protecting biological information vary with their configuration and level of sophistication. In the future, some of the dynamic password authenticators mentioned above may require some biometric information to be entered before the dynamic password is properly issued.
Two-factor authentication
Two-factor authentication adopts a two-level authentication method, which includes a “port tokenâ€. The system will only be confirmed when the password generated dynamically by the port token is the same as the password generated by the system. All of our port tokens are for a higher level of security, using "dynamic password technology" to generate a true one-time password. The advantage of this one-time password is that the dynamic password obtained by any attacker cannot be used for the next network authentication after the user has used it, because it is no longer valid.
To further enhance security, users can type a PIN with the password when they log in to the network. For example, Secure Computing's SafeWord Platinum port token requires the user to enter a PIN into the token to activate it. This type of token provides the highest level of security, and we recommend this type of authentication when security requirements are critical.
There are basically two ways to authenticate a token: event synchronization, time synchronization, and asynchronous. A time-synchronized authenticator can also generate a unique, dynamic password for a fixed period of time—usually one minute. This type of authenticator is also very easy to use because they are always on and generate different passwords without interruption. At the same time, the key and encryption system guarantees that the password generated by the authenticator is unique.
Food packaging
Perfect Packaging Solutions to pack food.
Make food safety and fresh
Avaliable in multiple processes, such as glossy lamination, matt
lamination, PE coating etc.
Water-resistant and oil-resistant are available.
Product diversification can meet different market needs, such as paper box for normal temperature storage, frozen food packging,
alumium foil box, take away packaing.
With more than 20 years of experience,Sunshine packaginghas been accepted by worldwide clients.
Food Packagings,Paper Food Tray,Chocolate Box,Doughnut Box
Weifang Sunshine Packaging Co., Ltd. , https://www.paperboxbagpack.com