Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management
Topics in This Chapter
Secure personal identification enhances the confidence, accuracy, and reliability of verifying a human identity and its eligibility for physical or logical access to security-sensitive resources and restricted areas. Secure personal identification and verification technologies enable a high degree of access protection to restricted locations, network infrastructures, IDs, banking, financial transactions, law enforcement, healthcare, and social organizations' services. These resources include computer systems, applications, data, documents, business processes, ATM machines, personal devices, and doors to restricted locations. Traditional identification and verification mechanisms often verify a person's knowledge of information such as passwords and PINs (magnetic stripe cards). These mechanisms are highly susceptible to fraud, because they can be forgotten, stolen, predicted, forged, manipulated, impersonated, and hacked while being used in trusted resources. Historically, it has been proven that passwords and PINs are inefficient and inaccurate when a trusted resource requires physical verification of an identity. Trustworthy personal identification requires verification of an individual beyond username/password and PINs; it requires a strong authentication similar to face-to-face interaction between the person and the verifying agent. In Chapter 1, we discussed the importance of smart cards and biometrics technologies along with their increasing rate of use in the IT industry for the prevention of security issues related to personal identification and authentication. Adopting secure personal identification technologies using smart cards and biometrics facilitates a high degree of logical and physical verification and enables a stronger authentication process. Using secure personal identification technologies helps to identify and thwart identity fraud and impersonation crimes when an individual wrongfully obtains another individual's identity credentials and claims to be that other person. In secure personal identification, smart cards and biometrics provide a means of verifying an identity by verifying the person's proof of possession and proof of the person's physiological and behavioral properties, respectively. This chapter explores the concepts, technologies, architectural strategies, and best practices for implementing secure personal identification and authentication. We discuss using smart cards and biometrics as well as enabling multifactor authentication with a combination of both methods. In particular, we will study how to incorporate smart cards and biometrics-based authentication in J2EE-based enterprise applications UNIX and Windows environments. |
Категории