Identity Authentication is the basis of the entire information security system (1)

I believe everyone remembers a classic cartoon. A dog typed in front of a computer and said to another dog, "no one knows whether you are a dog or not on the Internet!" This cartoon shows that it is difficult to identify on the Internet.

Identity Authentication refers to the process in which the computer and network system confirm the identity of the operator. Computer systems and networks are a virtual digital world. In this digital world, all information, including user identity information, is represented by a specific set of data. Computers can only identify users' digital identities, all user authorization is also for the user's digital identity.

The real world we live in is a real physical world. Everyone has a unique physical identity. How to ensure that the operator performing operations with a digital identity is the legal owner of the digital identity, that is to say, to ensure that the operator's physical identity corresponds to the digital identity, has become a very important issue. The birth of identity authentication technology is to solve this problem.

How can we use technical means to ensure that users' physical identities correspond to digital identities? In the real world, there are three ways to verify a person's identity:

First, prove your identity based on the information you know.) assume that some information is only known to someone, such as a dark sign, by asking this information, you can confirm the identity of the person;

The second is to prove your identity based on what you own. Assume that only one person has one thing, such as a seal, by presenting this item, you can also identify a real person;

Third, you can prove your identity (who you are) based on your unique physical characteristics, such as fingerprints and appearances.

The so-called "No impervious wall" means that the information you know may be leaked, or other people may know that Yang Zirong has mastered "the king of kings, the ground of tigers, the secret code of the Baota Zhenghe demon joint successfully forged his identity.

The determination of an item owned by a person alone is unreliable. This item may be lost or stolen, thus forging the identity of the person. Only human physical characteristics are unique and cannot be forged. However, this requires reliable identification of this feature.

In information systems, user identity authentication methods can also be divided into three types. Only one condition is used to prove that a person's identity is called single factor authentication, because only one condition is used to determine whether a user's identity is vulnerable to counterfeiting, two different conditions can be combined to prove a person's identity, which is called two-factor authentication.

Identity Authentication Technology can be divided into software authentication and hardware authentication based on whether the hardware is used. From the authentication requirements, it can be divided into single-factor authentication and two-factor authentication. From the authentication information, it can be divided into static authentication and dynamic authentication. The development of identity authentication technology has gone through the process from software authentication to hardware authentication, from single-factor authentication to two-factor authentication, from static authentication to dynamic authentication. Identity Authentication Methods Commonly Used in computer and network systems are as follows:

Username/password method

User name/password is the simplest and most commonly used identity authentication method. It is based on the "what you know" authentication method. The password of each user is set by the user. Only the user can know the password. Therefore, as long as the user can enter the password correctly, the computer will think that the user is the user.

However, many users often use meaningful strings, such as their birthdays and phone numbers, which are easily guessed by others, to prevent password loss, or copy the password in a place that you think is safe, which has many security risks and can easily cause password leakage.

Even if the user password is not leaked, the password must be transmitted in the computer memory and network during verification because the password is static data, the verification information used during each verification process is the same, so it is easy to intercept Trojans residing in the computer memory or network listening devices. Therefore, the user name/password authentication method is extremely insecure. It can be said that there is basically no security.

IC card authentication

An IC card is a card with a built-in integrated circuit. The card contains data related to the user's identity. The IC card is produced by a dedicated manufacturer and can be considered as a hardware that cannot be copied. The IC card is carried by a valid user. When Logging On, you must insert the IC card into a dedicated card reader to read the information to verify the identity of the user.

IC card authentication is based on "what you have". The IC card hardware cannot be copied to ensure that user identities are not counterfeited. However, because the data read from the IC card is still static each time, it is easy to intercept user authentication information through technologies such as memory scanning or network listening. Therefore, the static verification method still has a fundamental security risk.