TABLE OF CONTENTS Authentication methods and fads have come and gone in the efforts to prove a person's identity. We talk about different methods of authentication, keeping in line with the types of authentication we introduced in the software discussions, knowing, having, or being something. As we review several biometric authentication devices in this chapter, we will focus on the major exposures for those devices, the input and storage of information. Of all the threats in the world, authentication bypassing can cause devastation to even the most secure assets. Remember that public and private services based on technology are accessible by all.
All electronic components that receive input have a single point of failure. The failure is from trusting the input. The device cannot actually determine the difference between a person and a thing. Sure, we would hope that the accuracy of a retina scan may require the real person to be present, but we've seen even some fingerprint scanners integrate a heat or even heartbeat sensor to ensure it is a real finger being used to authenticate.
We call these two different entities physical identity and entity identity. The identity that is being asserted through a process of authentication is that of the entity. There is not a process in place that cannot be used to assert a physical entity. Even DNA fails to distinguish, with any accuracy, more information than you are related to an individual, based on specific tests that can be done, either paternally...
