Authentication: Ensure that the actual

process because very often identifiable by a certificate or identity. Authentication This process is often done unconsciously all the time. When the label tells a piece of the beam in the mall. We always check first if the products we are buying it directly on the product label or not. Or when we talk to someone over the phone. When we hear the voice of the people we talk to, we can ensure that people on the other side of the line are those that we intend to talk to you. When we had a letter of one, we check to see if the signatures or not. Traces and signatures are forged or not

as we do things. To ensure that disclosure, document, or thing is what we intend to discuss, read, or use those things actually. For computer These processes need to be clearly defined processes in advance

identity certification process in general. Certification generally classified into three categories:

    We know what

  1. To some secret knowledge, we can guarantee that the person we’re talking with are the ones we intend to discuss it. We may also ask to see the plays in the background in early childhood. In computers, we use a secret password always
  2. What we

  3. Thailand confirms the age-old drama separating the left butt cheek was red birthmarks using this process
  4. What we are

  5. What we are able to confirm our identity, such as fingerprint, DNA

these processes typically only a single process is sufficient for the identity certificate. But we have to believe that the process is actually effective, as no one can fake id card and have no one to steal people cards to use. We must not forget the password or tell anyone to know

in the real world These errors always happen. We may trust in the technology. Convinced that RFID cards are easy to fake, it can not be forged. We may be reckless password set as a birthday or write in notebook and leave it on the desk

process requiring high reliability, such as financial processes in the U.S.. It is recommended to certify the identity of financial institutions requires a certified check during the two categories above. Call this process multi-factor authentication

secret message The beginning of the certification

process of what we “know” is the most basic processes that we’ve done. When we need to access a web site. Those events tend to require a password to log on as usual

concept of passwords is that we are the only ones to know what the secret message. If someone is wearing the same secret message with us. Web and Services I believe that we are using the fact that access to services

secret message may be active as a group in such cases. Soldiers in the past may have been agreed in advance that if I do not know for the soldiers shouted a secret message. If you answer correctly, the same team. In the case of World War II. Are set to be yelling, “flash” if you do not know the parties and the military have to shout to hear that the “thunder”

password storage processes in computer systems today have been developed dramatically new systems often prevent anyone know the root password of the user, even the administrator themselves (see Chapter hash )

secret message is not intended to recognize users only. Get paid today as MasterCard SecureCode service began when the first application we need to configure a secret message to the MasterCard them (in the picture is a Personal Greeting) after that, every time we spend money. Web to get paid to bring us to the pages of MasterCard that page will display a secret message to verify that a web of MasterCard reality while also sending an SMS to us for us to send text messages from SMS back to you. the Web This process is certified identity either. What is the secret message is a message that something. Show that the actual web As we have cell phones that sign up to receive SMS sent out to show that we are indeed the card holder

CHAP user code, but no code

the password it works well only when the communication channel is intercepted easily. Communication early Telephone lines or other connections. There are not many people understand the technology. Vulnerable to being intercepted is not very high. But when technology is increasingly accessible. Eavesdropping of these processes, it is very easy. Eavesdropping code is going to be able to make the intercepted passwords to log in to the service in the future

concerns the eavesdropper is concerned first. Your internet connection Solutions designed and is still widely used today is so high that the CAHP (Challenge-Handshake Authentication Protocol) standards in RFC1994 This process random server messages do not repeat each time. Sent to the user When users enter a password, the computer will not send the password to the server directly. But put that password to connect to the server to randomly called up the challenge with MD5 hash, and then returns the server. This process makes the identity certificate. No need to send a secret message to honestly and if the server works correctly, it should be a challenge every time. Make the text used to certify the identity of all times as well

disadvantage of this process is that the server must store the password in a return to a password which is no disadvantage in many cases, the administrator can view passwords

SIM ensures confidentiality between

When CHAP is used to authenticate the user with a password. Mobile phone also has a certification process to “SIM card” similar SIM card so the secret is the size of 128 bits, called Ki numbers, no channel read out normally
certification process

SIM card to authenticate to the server called. authentication center (AuC) to store the IMSI number, used to identify the SIM card, all cards in the world, with Ki values ​​as well

AuC sends a random number (nonce) to SIM Card on a mobile phone SIM card is inserted. Put the SIM card to the SIM with the Ki hash out with COMP128 function then returns the hash back to the server. Server will hash functions with the same respect that match. If the SIM is to ensure that the correct physical connection to the phone

in fact the first version back COMP128 designed lax and confidential information can not be sure from the outside. But when the GSM network has been popular in no time. The researchers were able to reverse function successfully COMP128 results can roll with the Ki values ​​must improve as a possible solution so COMP128v2

process of GSM is still the major problem is the SIM can not verify that they were talking to a post that was true or not. Makes an attack with a pole fake (rogue tower) for GSM antenna may be a fake, these poles are not connected to any network, but with the AuC false certification through a SIM. Or it may be a trap up the middle to the GSM network connection icon it again one of these fake poles can eavesdrop a conversation

processes in the system that has been developed from GSM UMTS has been updated to the SIM card itself must certify the identity of the antenna as well. By the pillars sends the AUTN with random numbers. Sim card will be calculated for AUTN of random numbers provided. If the value does not match The SIM will not let the hash out and disconnect

process similar to the process of UMTS may be compared by MasterCard SecureCode both sides to recognize each other’s identity. Before embarking on any of the following

token accredited because they have a certification

certification process in case we did not know before. In everyday life We always guarantee identity with “a certified” or token (token) by what these certifications must be able to guarantee that those who hold it as their claims come true. In the case of Thailand, we continue to use the card as normal,

We believe

card because the card is generally assumed to be difficult enough. Clear film that is coated with a special plastic card that is reflective print out. These patterns are difficult to fake But lax monitoring Many times certain transactions did not check very well. And I believe the only copy of the ID card was made ambiguous identity certificate error passive

many products ensure that the product is genuine with similar processes with reflective stickers on counterfeit can be difficult. The number of products that match the product offered for sale. Make customers aware that the product you are buying is genuine

server system in a large organization. Or even an online multiplayer games typically have a “key” that holds the secret inside the chip that are difficult to read out. We call these keys the hard token (hard token) by calculating the internal clock. While Google uses software called Google Authenticator. Then get the confidential through reading QR-code when first registered it. The software is called a software token (soft token), it will make the cell phone. (Or other device) is becoming a certified our identity. When we logged in Instead of just asking a password. I would question the value received from these additional tokens. If we put the value of the token is valid, it suggests that we “have” to assure identity with the

PKCS certification because the secret to us

identity certification process has been very popular in the enterprise one is certified identity through a public key infrastructure (public-key infrastructure – PKI)

Normally when we talk about the certification process in the standard SSL / TLS, we use the web, we often used to ensure that we address it on a real web traffic. After that, the web, so we are guaranteed that by asking a password from us again, but TLS process that identifies the user authentication process instead. The user must hold the secret key and the certificate out

holding secret key and the certificate, the certificate must be signed digital signatures. (Which is encrypted hash value of the file with the secret key) with certification authorities. (Certification authority – CA) trusted. For general corporate The agency may also create your own CA for use. Or may use an outside agency, if building up the CA itself. The agency is also responsible for the distribution of CA certificates to all computers. They must be aware that this certificate is not forged in the way

secret keys and certificates for users. There are two options, is distributed as a. Standard known as PKCS # 12 file is a file, including certificates, digital identity, and a secret key. Once the server to certify the identity of the user connecting to. Server can request a certificate that contains a public key attached. Then a series of coded numbers and returns it to the user. User with secret key can decrypt the encrypted and then sent back to the server

server knows that the user is true because the “a” secret key of the certificate certified by certification bodies

many agencies do not favor the issuance of certificates and secret key to a file. I can copy easily. The choices we see as often is the use of smart cards. Instead the case file of the secret key and the key to open up the reading. Certification bodies to provide users with smart cards to one card. The smart card is a secret key inside, but can not be read out, but it has an API for the smart card to encrypt and decrypt data sent instead

API of running smart identity cards to guarantee the current standard known as PKCS # 11 hardware variants. Sometimes the smart card with the same card we see. But sometimes it can be plugged into a USB flash drive shaped like a non-reader, smart card immediately

secrets in the process of PKCS # 11 is unusual in that it is a secret is a secret key per user, that holds the secret key itself. Certification process more tangible and therefore more reliable because the user typically does not copy the token to be. This process guarantees that there will be a single token

credit Safety begins with the “look”

certification process of paying another form of payment is accepted via credit card





  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s