5Authentication

Access security system is proposed with a requirement to allow access only to authorized users whose identity can be verified before. There are essentially three distinct steps, namely the identification, authentication and authorization [6].

Identification – user is identified by token or identification string (phone number or email address)

Authentication – after identification string or token is accepted, user has to prove his identity.

Authorization – Allow or deny user access to the requested content or to a set of actions under based on his access rights.

System can authenticate users based on the assumption the users know something (memometrics), recognize something (cognometrics), own something or has what is characteristic for each person (biometrics). In all three forms the system and user share a secrets (i.e. authentication key).

image
Fig. 4.1 – User authentication options