SlideShare uma empresa Scribd logo

Ict project (1)

Transferir como DOCX, PDF
S
spy007s

ict

TecnologiaNegócios
1 de 5
Symbiosis Law School,NOIDA ICT Project (interim submission) -:TOPIC:- New IC Technologies in Aunthentication System Name:Yougal Mehta BBA-LL.B (division-A) Roll No:58 Introduction- In today’s information technology world, security for systems is becoming more and more important. The number of systems that have been compromised is ever increasing and authentication plays a major role as a first line of defence against intruders. The three main types of authentication are something you know (such as a password), something you have (such as a card or token), and something you are (biometric). Passwords are notorious for being weak and easily crackable due to human nature and our tendency to make passwords easy to remember or writing them down somewhere easily accessible. Cards and tokens can be presented by anyone and although the token or card is recognisable, there is no way of knowing if the person presenting the card is the actual owner. Biometrics, on the other hand, provides a secure method of authentication and identification, as they are difficult to replicate and steal. If biometrics is used in conjunction with something you know, then this achieves what is known as two-factor authentication. Two-factor authentication is much stronger as it requires both components before a user is able to access anything. Biometric identification utilises physiological and behavioural characteristics to authenticate a person’s identity. Some common physical characteristics that may be used for identification include fingerprints, palm prints, hand geometry, retinal patterns and iris patterns. Behavioural characteristics include signature, voice pattern and keystroke dynamics. A biometric system
works by capturing and storing the biometric information and then comparing the scanned biometric with what is stored in the repository. History- In the mid 1980s two ophthalmologists, Drs Leonard Flom and Aran Safir, proposed that no two irises are alike, even in twins, thus making them good biometric. This belief was based on their clinical experience where they observed the distinctive features of irises including the “many collagenous fibres, contraction furrows, coronas, crypts, colour, serpentine vasculature, striations, freckles, rifts and pits” 2. After researching and documenting the potential use of irises as a means of identifying people they were awarded a patent in 1987. They then approached Dr John Daugman, a Harvard mathematician, in 1989 to assist with creating the mathematical algorithms required for digitally encoding an image of an iris to allow comparison with a real time image. By 1994 the algorithms had been developed and patented and are now used as “the basis for all recognition systems and products” currently being developed and sold. Tokens with an Image (Disconnected Tokens)- A number of types of credit card size tokens are available in the market. These tokens will contain an image or collection of images (An array of images). At the time of registration, user has to choose a Pattern using the token. Combining these two user will generate an OTP and submit it to the Two factor authentication product. These tokens are very cheap when compared with the other hardware tokens, since these may not/may involve electronic cost. These tokens are easy to carry as these are exactly of credit card size and weight. They can easily fit into pockets. These tokens are cost effective, as they can be easily manufactured, even if token lost. Smartcards- Smart cards are about the same size as a credit card. Some vendors offer smart cards that perform both the function of a proximity card and network authentication. Users can authenticate into the building via proximity detection and then insert the card into their PC to produce network logon credentials. In fact, they can be multi-purposed to hold several sets of
credentials, as well as electronic purse functionality, for example for use in a staff canteen. They can also serve as ID badges. In some countries, notably in Europe and Asia, banks and financial institutions have implemented Chip Authentication Program technology which pairs a banking smart card with an independent, unconnected card reader. Using the card, reader and ATM PIN as factors, a one-time password is generated that can then be used in place of passwords. The technology offers some support against transaction alteration by facilitating Transaction Data Signing, where information from the transaction is included in the calculation of the one-time password, but it does not prevent man-in-the- middle attacks or man-in-the-browser attacks because a fraudster who is in control of the user's internet or is redirecting the user to the legitimate website via a hostile proxy may alter the transaction data "in-line" before it arrives at the web-server for processing, resulting in an otherwise valid transaction signature being generated for fraudulent data. As has already been indicated, there are two kinds of smartcard: contact smartcards with a pattern of gold plated contacts, and contactless or proximity cards, with an RFID chip embedded within the plastic. The former are more often used in banking and as a 2nd factor, and can be conveniently carried with other credit/debit/loyalty cards in a wallet. They are normally loaded with an X.509 certificate. However, they do need a special reader. Some laptops and thin client terminals have a smartcard reader built in, and PCCard smartcard readers are available which can be kept permanently within the shell of the laptop. Alternatively, USB smartcard readers are available which are no more expensive than many display tokens, in fact, some smartcards have an interface which is electrically (but not mechanically) USB, so that the reader needs no intelligence whatsoever and consequently can be very cheap. Even so, it is less convenient than a built-in or PCCard reader, but is a good option for a desktop computer. Wireless- Contactless smartcards as described above can be used as a second factor. Other forms of RFID token can be used, as well as Bluetooth.
Magnetic Stripe Cards- Magnetic stripe cards (credit cards, debit cards, ATM cards, loyalty cards, gift cards, etc.) are easily cloned and so are being or have been replaced in various regions by smartcards. However, even though the data on the magnetic stripe is easily copied, researchers at Washington University in St. Louis have found that the random and unique disposition of the billions of individual magnetic particles on each magnetic stripe can be used to derive a “magnetic fingerprint” which is virtually impossible to clone. This is an example of a physically unclonable function. Special magnetic card readers have been developed and commercialised under the name “Magneprint”, which can digitise this fingerprint in order to positively identify an individual card. Perfect Paper Passwords (PPP)- PPP is an authentication mechanism devised by Steve Gibson and based on a type of one time pad, unencumbered by patents or licence fees. The user is given a printed card (which can be conveniently formatted into a wallet- friendly credit card size) containing an array of pseudo-random numbers generated from a secret seed. To authenticate him/herself, the user is challenged with a row and column from the current sheet of the pad and has to respond with the corresponding pseudo-random number. The secret seed is protected by a cryptographic process which is used to generate the pseudo-random numbers, but there is nothing to stop a card being stolen or copied. Should this occur, it can be invalidated at the authentication screen and a new (hopefully, uncompromised) card can be used. New cards can be printed out by the user at any time. Mobile phones- There is presently only limited discussion on using wired phones for authentication, most applications focus on use of mobile phones instead. A new category of TFA tools transforms the PC user's mobile phone into a token device using SMS messaging, an interactive telephone call, or via
downloadable application to a smartphone. Since the user now communicates over two channels, the mobile phone becomes a two-factor, two-channel authentication mechanism. Smartphone Push- The push notification services offered by modern mobile platforms, such as iPhone's APNS and Android's C2DM, can be used to provide a real-time challenge/response mechanism on a mobile device. Upon performing a sensitive transaction or login, the user will instantly receive a challenge pushed to their mobile phone, be prompted with the full details of that transaction, and be able to respond to approve or deny that transaction by simply pressing a button on their mobile phone. Smartphone push two-factor authentication has the capability to not only be more user-friendly, but also more secure as a mutually-authentication connection can be established to the phone over the data network. Password security- Another concern is the security of the TFA tools and their systems. Several products store passwords in plain text for either the token or smart card software or its associated management server. There is a further argument that purports that there is nothing to stop a user (or intruder) from manually providing logon credentials that are stored on a token or smart card. For example to show all passwords stored in Internet Explorer, all an intruder has to do is to boot the Microsoft Windows OS into safe mode (with network support) and to scan the hard drive (using certain freely available utilities). However, making it necessary for the physical token to be in place at all times during a session can negate this.

Recomendados

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
28032012 Irma vander Ploeg: e portfolio als digitale identiteit
28032012 Irma vander Ploeg: e portfolio als digitale identiteit28032012 Irma vander Ploeg: e portfolio als digitale identiteit
28032012 Irma vander Ploeg: e portfolio als digitale identiteitStichting ePortfolio Support
 
nonClonableID™ for the Banking Domain
nonClonableID™ for the Banking DomainnonClonableID™ for the Banking Domain
nonClonableID™ for the Banking DomainBilcareltd
 
H029044050
H029044050H029044050
H029044050researchinventy
 
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
Namrata
NamrataNamrata
Namratatatamahadule
 

Recomendados

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
28032012 Irma vander Ploeg: e portfolio als digitale identiteit
28032012 Irma vander Ploeg: e portfolio als digitale identiteit28032012 Irma vander Ploeg: e portfolio als digitale identiteit
28032012 Irma vander Ploeg: e portfolio als digitale identiteitStichting ePortfolio Support
 
nonClonableID™ for the Banking Domain
nonClonableID™ for the Banking DomainnonClonableID™ for the Banking Domain
nonClonableID™ for the Banking DomainBilcareltd
 
H029044050
H029044050H029044050
H029044050researchinventy
 
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
 
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsIOSR Journals
 
Namrata
NamrataNamrata
Namratatatamahadule
 
Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak Choudhary
 
Smart card presentation Subroto das
Smart card presentation Subroto dasSmart card presentation Subroto das
Smart card presentation Subroto dasSubroto Das
 
Smart Card
Smart CardSmart Card
Smart CardDarani Daran
 
Finger print
Finger printFinger print
Finger printsandycracker93
 
Card reader
Card readerCard reader
Card readerManoj Kumar
 
Bio Metrics
Bio MetricsBio Metrics
Bio Metricsnayakslideshare
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDSsalman khan
 
PCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commercePCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commerceAmira Serag
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
Smartcard lecture #5
Smartcard lecture #5Smartcard lecture #5
Smartcard lecture #5vasanthimuniasamy
 
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Networkdbpublications
 
Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Doccccc
DocccccDoccccc
DocccccJagadeeswararaoPasumarthi
 
Enhancing security features
Enhancing security featuresEnhancing security features
Enhancing security featuresNana Kwame(Emeritus) Gyamfi
 
Analysis on need of Smart Card
Analysis on need of Smart CardAnalysis on need of Smart Card
Analysis on need of Smart Cardjournal ijrtem
 
Report on smartcard lalsivaraj
Report on smartcard lalsivarajReport on smartcard lalsivaraj
Report on smartcard lalsivarajLal Sivaraj
 
Smart Verification of Passenger using AI
Smart Verification of Passenger using AISmart Verification of Passenger using AI
Smart Verification of Passenger using AIijtsrd
 
Secure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card TechnologySecure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card Technologyijtsrd
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transactionIJARIIT
 
Smart cards
Smart cardsSmart cards
Smart cardsMir Majid
 
Smart cards
Smart cardsSmart cards
Smart cardsimshubham
 
Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarAnuj Pawar
 

Mais conteúdo relacionado

Mais procurados

Smart card presentation Subroto das
Smart card presentation Subroto dasSmart card presentation Subroto das
Smart card presentation Subroto dasSubroto Das
 
PCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commercePCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commerceAmira Serag
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPijtsrd
 
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Networkdbpublications
 
Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Analysis on need of Smart Card
Analysis on need of Smart CardAnalysis on need of Smart Card
Analysis on need of Smart Cardjournal ijrtem
 
Report on smartcard lalsivaraj
Report on smartcard lalsivarajReport on smartcard lalsivaraj
Report on smartcard lalsivarajLal Sivaraj
 
Smart Verification of Passenger using AI
Smart Verification of Passenger using AISmart Verification of Passenger using AI
Smart Verification of Passenger using AIijtsrd
 
Secure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card TechnologySecure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card Technologyijtsrd
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transactionIJARIIT
 

Mais procurados (20)

Deepak 3 dpassword (2)
Deepak 3 dpassword (2)Deepak 3 dpassword (2)
Deepak 3 dpassword (2)
 
Smart card presentation Subroto das
Smart card presentation Subroto dasSmart card presentation Subroto das
Smart card presentation Subroto das
 
Smart Card
Smart CardSmart Card
Smart Card
 
Finger print
Finger printFinger print
Finger print
 
Card reader
Card readerCard reader
Card reader
 
Bio Metrics
Bio MetricsBio Metrics
Bio Metrics
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDS
 
PCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commercePCI,Smart Card,ATM and E-commerce
PCI,Smart Card,ATM and E-commerce
 
E Authentication System with QR Code and OTP
E Authentication System with QR Code and OTPE Authentication System with QR Code and OTP
E Authentication System with QR Code and OTP
 
Smartcard lecture #5
Smartcard lecture #5Smartcard lecture #5
Smartcard lecture #5
 
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Network
 
Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation
 
Doccccc
DocccccDoccccc
Doccccc
 
Enhancing security features
Enhancing security featuresEnhancing security features
Enhancing security features
 
Analysis on need of Smart Card
Analysis on need of Smart CardAnalysis on need of Smart Card
Analysis on need of Smart Card
 
Report on smartcard lalsivaraj
Report on smartcard lalsivarajReport on smartcard lalsivaraj
Report on smartcard lalsivaraj
 
Smart Verification of Passenger using AI
Smart Verification of Passenger using AISmart Verification of Passenger using AI
Smart Verification of Passenger using AI
 
Secure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card TechnologySecure Verification Process in Smart Card Technology
Secure Verification Process in Smart Card Technology
 
Bio metrics in secure e transaction
Bio metrics in secure e transactionBio metrics in secure e transaction
Bio metrics in secure e transaction
 
Smart cards
Smart cardsSmart cards
Smart cards
 

Semelhante a Ict project (1)

Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarAnuj Pawar
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd Iaetsd
 
Info 01 16_4_banking_application
Info 01 16_4_banking_applicationInfo 01 16_4_banking_application
Info 01 16_4_banking_applicationBilcareltd
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemWarren Smith
 
Smart Card Security; Technology and Adoption
Smart Card Security; Technology and AdoptionSmart Card Security; Technology and Adoption
Smart Card Security; Technology and AdoptionCSCJournals
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsBayalagmaa Davaanyam
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin
 
An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...ijctcm
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - ReportNavin Kumar
 
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONAN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
 
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONAN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokenssaniacorreya
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issuesijtsrd
 

Semelhante a Ict project (1) (19)

Smart cards
Smart cardsSmart cards
Smart cards
 
Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj Pawar
 
Iaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authenticationIaetsd fpga implementation of rf technology and biometric authentication
Iaetsd fpga implementation of rf technology and biometric authentication
 
Info 01 16_4_banking_application
Info 01 16_4_banking_applicationInfo 01 16_4_banking_application
Info 01 16_4_banking_application
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
 
Smart Card Security; Technology and Adoption
Smart Card Security; Technology and AdoptionSmart Card Security; Technology and Adoption
Smart Card Security; Technology and Adoption
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Online applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cardsOnline applications using strong authentication with OTP grid cards
Online applications using strong authentication with OTP grid cards
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdf
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
 
An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...An efficient implementation for key management technique using smart card and...
An efficient implementation for key management technique using smart card and...
 
Biometric Authentication Technology - Report
Biometric Authentication Technology - ReportBiometric Authentication Technology - Report
Biometric Authentication Technology - Report
 
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONAN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
 
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONAN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATION
 
120 i143
120 i143120 i143
120 i143
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokens
 
D0351022026
D0351022026D0351022026
D0351022026
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issues
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Ict project (1)

  • 1. Symbiosis Law School,NOIDA ICT Project (interim submission) -:TOPIC:- New IC Technologies in Aunthentication System Name:Yougal Mehta BBA-LL.B (division-A) Roll No:58 Introduction- In today’s information technology world, security for systems is becoming more and more important. The number of systems that have been compromised is ever increasing and authentication plays a major role as a first line of defence against intruders. The three main types of authentication are something you know (such as a password), something you have (such as a card or token), and something you are (biometric). Passwords are notorious for being weak and easily crackable due to human nature and our tendency to make passwords easy to remember or writing them down somewhere easily accessible. Cards and tokens can be presented by anyone and although the token or card is recognisable, there is no way of knowing if the person presenting the card is the actual owner. Biometrics, on the other hand, provides a secure method of authentication and identification, as they are difficult to replicate and steal. If biometrics is used in conjunction with something you know, then this achieves what is known as two-factor authentication. Two-factor authentication is much stronger as it requires both components before a user is able to access anything. Biometric identification utilises physiological and behavioural characteristics to authenticate a person’s identity. Some common physical characteristics that may be used for identification include fingerprints, palm prints, hand geometry, retinal patterns and iris patterns. Behavioural characteristics include signature, voice pattern and keystroke dynamics. A biometric system
  • 2. works by capturing and storing the biometric information and then comparing the scanned biometric with what is stored in the repository. History- In the mid 1980s two ophthalmologists, Drs Leonard Flom and Aran Safir, proposed that no two irises are alike, even in twins, thus making them good biometric. This belief was based on their clinical experience where they observed the distinctive features of irises including the “many collagenous fibres, contraction furrows, coronas, crypts, colour, serpentine vasculature, striations, freckles, rifts and pits” 2. After researching and documenting the potential use of irises as a means of identifying people they were awarded a patent in 1987. They then approached Dr John Daugman, a Harvard mathematician, in 1989 to assist with creating the mathematical algorithms required for digitally encoding an image of an iris to allow comparison with a real time image. By 1994 the algorithms had been developed and patented and are now used as “the basis for all recognition systems and products” currently being developed and sold. Tokens with an Image (Disconnected Tokens)- A number of types of credit card size tokens are available in the market. These tokens will contain an image or collection of images (An array of images). At the time of registration, user has to choose a Pattern using the token. Combining these two user will generate an OTP and submit it to the Two factor authentication product. These tokens are very cheap when compared with the other hardware tokens, since these may not/may involve electronic cost. These tokens are easy to carry as these are exactly of credit card size and weight. They can easily fit into pockets. These tokens are cost effective, as they can be easily manufactured, even if token lost. Smartcards- Smart cards are about the same size as a credit card. Some vendors offer smart cards that perform both the function of a proximity card and network authentication. Users can authenticate into the building via proximity detection and then insert the card into their PC to produce network logon credentials. In fact, they can be multi-purposed to hold several sets of
  • 3. credentials, as well as electronic purse functionality, for example for use in a staff canteen. They can also serve as ID badges. In some countries, notably in Europe and Asia, banks and financial institutions have implemented Chip Authentication Program technology which pairs a banking smart card with an independent, unconnected card reader. Using the card, reader and ATM PIN as factors, a one-time password is generated that can then be used in place of passwords. The technology offers some support against transaction alteration by facilitating Transaction Data Signing, where information from the transaction is included in the calculation of the one-time password, but it does not prevent man-in-the- middle attacks or man-in-the-browser attacks because a fraudster who is in control of the user's internet or is redirecting the user to the legitimate website via a hostile proxy may alter the transaction data "in-line" before it arrives at the web-server for processing, resulting in an otherwise valid transaction signature being generated for fraudulent data. As has already been indicated, there are two kinds of smartcard: contact smartcards with a pattern of gold plated contacts, and contactless or proximity cards, with an RFID chip embedded within the plastic. The former are more often used in banking and as a 2nd factor, and can be conveniently carried with other credit/debit/loyalty cards in a wallet. They are normally loaded with an X.509 certificate. However, they do need a special reader. Some laptops and thin client terminals have a smartcard reader built in, and PCCard smartcard readers are available which can be kept permanently within the shell of the laptop. Alternatively, USB smartcard readers are available which are no more expensive than many display tokens, in fact, some smartcards have an interface which is electrically (but not mechanically) USB, so that the reader needs no intelligence whatsoever and consequently can be very cheap. Even so, it is less convenient than a built-in or PCCard reader, but is a good option for a desktop computer. Wireless- Contactless smartcards as described above can be used as a second factor. Other forms of RFID token can be used, as well as Bluetooth.
  • 4. Magnetic Stripe Cards- Magnetic stripe cards (credit cards, debit cards, ATM cards, loyalty cards, gift cards, etc.) are easily cloned and so are being or have been replaced in various regions by smartcards. However, even though the data on the magnetic stripe is easily copied, researchers at Washington University in St. Louis have found that the random and unique disposition of the billions of individual magnetic particles on each magnetic stripe can be used to derive a “magnetic fingerprint” which is virtually impossible to clone. This is an example of a physically unclonable function. Special magnetic card readers have been developed and commercialised under the name “Magneprint”, which can digitise this fingerprint in order to positively identify an individual card. Perfect Paper Passwords (PPP)- PPP is an authentication mechanism devised by Steve Gibson and based on a type of one time pad, unencumbered by patents or licence fees. The user is given a printed card (which can be conveniently formatted into a wallet- friendly credit card size) containing an array of pseudo-random numbers generated from a secret seed. To authenticate him/herself, the user is challenged with a row and column from the current sheet of the pad and has to respond with the corresponding pseudo-random number. The secret seed is protected by a cryptographic process which is used to generate the pseudo-random numbers, but there is nothing to stop a card being stolen or copied. Should this occur, it can be invalidated at the authentication screen and a new (hopefully, uncompromised) card can be used. New cards can be printed out by the user at any time. Mobile phones- There is presently only limited discussion on using wired phones for authentication, most applications focus on use of mobile phones instead. A new category of TFA tools transforms the PC user's mobile phone into a token device using SMS messaging, an interactive telephone call, or via
  • 5. downloadable application to a smartphone. Since the user now communicates over two channels, the mobile phone becomes a two-factor, two-channel authentication mechanism. Smartphone Push- The push notification services offered by modern mobile platforms, such as iPhone's APNS and Android's C2DM, can be used to provide a real-time challenge/response mechanism on a mobile device. Upon performing a sensitive transaction or login, the user will instantly receive a challenge pushed to their mobile phone, be prompted with the full details of that transaction, and be able to respond to approve or deny that transaction by simply pressing a button on their mobile phone. Smartphone push two-factor authentication has the capability to not only be more user-friendly, but also more secure as a mutually-authentication connection can be established to the phone over the data network. Password security- Another concern is the security of the TFA tools and their systems. Several products store passwords in plain text for either the token or smart card software or its associated management server. There is a further argument that purports that there is nothing to stop a user (or intruder) from manually providing logon credentials that are stored on a token or smart card. For example to show all passwords stored in Internet Explorer, all an intruder has to do is to boot the Microsoft Windows OS into safe mode (with network support) and to scan the hard drive (using certain freely available utilities). However, making it necessary for the physical token to be in place at all times during a session can negate this.