Authentication is part of a very basic security. With online transaction or e-commerce development, it is now becoming increasingly important, including many giant companies including Microsoft, have begun to focus on the use of authentication, such as ThinkPad notebook is the best application of fingerprint authentication. It can be said to closely combine identity authentication technology business process, to prevent unauthorized access to important resources. Authentication technology can be used to solve the visitor's physical status and consistency of digital identity, to other security technologies to provide a basis for rights management. Therefore, authentication is based on the information security system.
Identity clear who you ask
Authentication is not only the user who defined; it to "who" and "what" directly linked. Users in the organization's role is what the user needs to access what resources and information, Yiji he / she Nenggou right Xin Xi Zuo what action, what action Bu Neng ... ... Authentication is a Zhang map, which Shi Quan Mian and overall strategy and processes consistently applied throughout the enterprise.
By strengthening each user's access and authorization information, identity authentication solutions for network status update. Authentication solution allows new employees to quickly access the network, while former employees have the opportunity to clean out his left before the invasion of unwanted accounts; able to provide audit information to ensure business compliance with laws and regulations on the management; to protect privacy and enhance access control. But most importantly, identity-based network management to security from the data center, in line with the needs of enterprises.
International Finance Corporation of China Liang Jun, director of operations said: "The authentication standards help create a more direct role-based and policy-based security control. Through the accurate definition of the user identity and user in the network and the roles and responsibilities across the network, data can be better protected in order to avoid improper use. "
CITIC Bank Kou Jianzhong, director of Network Management said: "Access Control needs for both internal users and external users based authentication system. Yao Tongguoyunxu customer Fangwengongsi database of the specific part, to the external users to control access. Erce Lue is deployed to strengthen the protection of privacy so that sensitive data is only open to people in need. For those who have already standardized data access areas (such as banking), it is obviously important; in fact any industry today are afraid to Privacy lightly. "
How through technical means to guarantee the physical identity and digital identity corresponding? In the real world, verify the identity of a person, mainly through three ways: First, according to the information you know to prove identity, assuming that some information that only someone such as signal and so on, by asking this information can confirm the identity of the person; 2 is based on items you have to prove identity, assuming that only a person have a certain item, such as seals and so on, through the production of that article can also be recognition of the individual identity; 3 is directly based on your unique physical characteristics to prove identity, such as fingerprint, iris, etc.. The development process from the perspective of information, fingerprints, iris biometric technology such as the future trend.
At present, the password protection is still the mainstream of access authentication. More than 90% of U.S. companies reported that their password is the basic means of access control. While appearing on the market a variety of strong authentication access control products, but this number is not big changes over the years. Although the password is apt to attack, the user a lot of failures and management costs, but still in Yenei Why have such tremendous advantage? Root of 鏍规湰 because the password is rooted in our society and corporate culture into - Qi Yong password-based system requires the social philosophy of our company's infrastructure and make a great change. Since the opening of the password since 1963, with its three major advantages in a wide range of applications: free, easy to use and adequate safety. 40 years later, the password everywhere, it became the most common form of security. However, the three major advantages of the original password, and now can not see the.
Although the password easy to use, but no number was more than three to four combinations will be changed beyond boring. In the company, the user may need to enter 15 to 20 different applications to complete their work in such conditions, the password certification not only become a low-level authentication methods, and also affects employee productivity. In addition, for those who do not frequently used applications, passwords are easily forgotten, resulting in waste of time. Password protection can easily be damaged. The face of so many passwords, many users neglect to plan to facilitate the security. They tend to choose easily guessed passwords, but also in multiple accounts use the same password, even passwords on easily copied or stolen parts. All of these bad habits can result in password theft online.
Kou Jianzhong about: "The current password for the password authentication method is already the most low-end applications can no longer meet the needs of enterprises. Enterprises seeking simpler, more effective forms of identity authentication. At present many of the banking system the way with USB KEY certification, which many do not remember the password, do not forget the password because of fear of the password recorded in the paper, resulting in leaks. "
Single sign-on authentication to strengthen
In order to solve the practical problems associated with the password in the past few years there have been many different access control products, has adopted other, more powerful authentication mechanism to replace the traditional password. Such as dynamic (single use) passwords, digital certificates, validation, and physiological characteristics of cookies. In addition to increased security outside, another goal of these products is to achieve single sign-on solution, according to this solution the user needs during a call only once authentication. However, these single sign-on solutions are not as widely accepted, because these solutions are not yet fully resolved a variety of defects. These defects are still widely used password main.
As a result, people began to consider the use of single sign-on technology (Single Sign-On, SSO) and integrated smart card and USB token technology to provide the broadest range of applications, while reducing password-based access control administrative burden caused by the cost and user annoyance. Provide all these advantages can also increase security and improve user productivity.
Password protection for those who can not provide sufficient value to the application of terms, strong authentication is the only choice. Because strong authentication not only enhance security but also enhance user convenience and reduce cost structure. So, strong authentication and password authentication in the end what is the difference? From the trends in security, the key difference is that the user access to protected resources, you must provide strong enough identifying information. This information is composed of a variety of identification and factors. Factors provide a more secure application of the higher.
Using a single identification to provide access to protected resources, user authentication, strong authentication solutions can be used in multiple applications. When the enterprise to apply strong authentication to a large number of growth when the resources and users, the initial capital investment and ongoing management costs will be spread over a larger resource base, so that a much greater return on investment. Gradually, strong authentication solutions are compared with the combination of Web access management for multiple applications to provide a single point of access (SSO) feature. This allows users to seamlessly browse applications and domains, and to reduce the number of words to remember the secret. Strong authentication solutions that integrate a series of authentication methods, including one-time authentication code, digital certificate, PIN codes, passwords and biometric devices. These different factors can combine to meet a series of safety requirements.
Single sign-on technology in the smart card is now a mature technology, the technology to enhance and simplify security solution provides tremendous new opportunities. Because users are familiar with and accept it, (which can be credit card sized card or a USB token), its processing power and storage capacity and digital certificate security protection, smart card technology is emerging as access to online services and applications to provide secure authentication to protect the preferred method.
Smart card (and with the same USB token) is a personal information for the hardware store. Unless the owner of a smart card or PIN code through the password login to the card, otherwise the information stored in the smart card can not be accessed, which user enter a PIN code to use the ATM card is very similar to the method. Two-factor smart card enabled authentication: something you have (smart card) and something you know (password). Two-factor security encryption for smart card and personal information access control. VPN PKI and smart card systems to provide security for the private key and certificate storage carrier. For those who need secure remote access to corporate networks of enterprises, encrypted smart card is the perfect complement to VPN solutions. In addition, the smart card also has many additional features to provide more powerful and simpler security solutions, while providing more value to customers and revenue.
SSO enabled environment, the definition of each user authentication on the network he can do. Therefore, users simply log in once, you can get on the network all the appropriate applications and data access. Practical applications, although users like SSO without exception the "magic", but some IT administrators worry, once logged on to access multiple applications allow an attacker to damage the network is larger. Is not the case, when the user has to maintain more than one user name and password, they are more inclined to choose some easy to guess passwords, security is vulnerable to threats. If it is specified by the IT department to easily guess the password, the user login information will then write down on unsafe areas, such as stickers stuck to the monitor.
Identity management system tailor-made
For businesses, the important is to find the unique needs of their identity authentication management system, Er Bu Shi's 涓氬姟 change their practice rigidly Tao Yong Fang An a solution. Customers may ask: What should I buy identity management system can be installed on a weekend you? In fact, identity management can not simply install, nor is it plug and play product, but a strategic plan . Before more products in the beginning to identify the current problems can not be properly resolved, and hope to complete what products work pretty well. "
No one solution can be generally applied to any organization, and successful application of the start of authentication to be small. Enterprises can not expect immediate identity authentication from network-based management of returns, and any large-scale IT project, to really for the business services you need running time. This may take several months to build it from the work Jia Gou, also need time to let Tou Ling Wai 鍑犱釜鏈?Jigebufen up and running properly, the system Bushu 2 ~ 3 months before its value may begin Kandao , fully understand its value takes 6 months. Therefore, the whole cycle up to 1 year or more. However, if the company's goal is to make networks more secure and more suitable for future development, then spent time on the application identity is undoubtedly worthwhile.
Shanda has been together the first financial management, the business network, China ticketing center, nuclear new software, Treasure Island, Dangdang six companies together to create a new network authentication platform for life and enhance the security level of online identity authentication. With independent intellectual property rights produced a grand secret treasure, mainly used to enhance network authentication security level to further protect account and transaction security. Grand secret treasure time synchronization using two-factor based dynamic password authentication, not per minute will produce a duplicate, no law, and can not use the 2nd 6 or 8-digit password. Once the user's account bind the "grand secret treasure", that is, to achieve a two-factor authentication. When the user login password required in the original account (also known as static passwords) on the basis of input and then enter secret treasure was displayed dynamic password, its unpredictable characteristics make Daohao those risks increase, thereby increasing account security.
Authentication between the machine data exchange, will contribute to the security of transactions across organizations. But the trust mechanism can really automate it? Whether you had money in there somewhere, anywhere in the world insertion ATM machine bank card, typing the password, can be taken out within minutes of local currency. Apart from fees does not consider that this transaction is seamless and transparent, and you withdraw money at home is no different. This is the alliance system. The authentication by using a simple to join the banks to finance mutual trust, independent of each other's various Yinxing 鍦?affiliate network where you can Gongxiang business processes Jiao Yi flow. Today, IT major suppliers and their customers that the same model can also be used for suppliers, partners and consumers of the integrated network system. With the opening up of the alliance of the maturing status of certification standards, IT industry will be able to successfully deploy complex and secure access control.
Guangdong Telecom is the application single sign of a good example. As the needs of business operations, Guangdong Telecom enterprise users need simultaneous access to multiple business systems, and often visit the related internal network information resources. Before the implementation of enterprise portal system, as users need to access different systems were independent start different applications, so access to information is more fragmented; the same time, users need to frequently switch between various systems, more complicated operation and can not quickly access analyze relevant business information and use; In addition, users conducting business operations, the need to separately log on to different applications, because the system more user account or password forgotten phenomena occur; in security and systems management Guangdong Telecom requires a lot of IT technical management personnel, management and maintenance of different systems, respectively (such as: ERP, statistical analysis, OA, etc.) of user information.
In response to this situation, Guangdong Telecom hopes to establish an enterprise through the implementation of the gateway, providing enterprise users with unified access to information resources entrance, establish a unified, role-based and personalized information access, integration platform; through the implementation of single sign-on function that allows users with a single sign-on under the relevant rules to access different applications, IT systems to improve ease of use; and in this basis to achieve further business users and knowledge management collaboration.
Programs using single sign-on, when the user logs on, through the SSL protocol for authentication.鎻℃墜 communication in the establishment of SSL, the user will be the digital certificate presented to the Menhu Web server, the portal Web server to authenticate the identity of the client by the unified LDAP authentication center in the CA to issue certificates to users. Meanwhile, the portal server certificates the client portal users with the mapping. Guangdong Telecom users think: single sign-on system to provide Web-based role and the inner and outer unified user interface, so that employees anytime, anywhere access to the information they need.
Of course, the most advanced biometric authentication technology but also the number. Engaged in the development of biometric technology products the manufacturers up to 200, but the serious phenomenon of convergence products, more than 40% of the products are used for low attendance, access control on. In terms of technology, most of the hardware business just a few hardware from foreign suppliers. In particular, the refinement in the field of iris recognition, iris recognition technology as difficult, even in a small number who can enter. China is the addition to the United States, the world's second country has the technology.
相关链接:
Runtime Error 339 Tabctl32.ocx Easy Fix
New Converters And Optimizers
QuickTime to MPEG
3DS MAX And Some Basic Materials And Practical Examples Of Parameters
Printer Catalogs
MKV to Xbox 360
Streaming media based on: What is Streaming Media
Cool I am a leading online high quality music box
Special MO CD 230MB, 540MB, 640MB, 1.3GB
Recommend Tools AND Editors
DVR-MS to MPEG
Fast switch input 3 ax
Compact midrange Disk arrays, space S2500
Smooth surface reflection effect oval button making techniques
RAILWAY
Comparison Java And JavaScript
Simple Four-strokes, Cool Music Box My Office You Scouring Millions Of Songs
No comments:
Post a Comment