Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am reading The Basics of Information Security, 2nd. Ed., Andress, Jason. He sa

ID: 659380 • Letter: I

Question

I am reading The Basics of Information Security, 2nd. Ed., Andress, Jason.

He says on p.25, "Identity verification is a step beyond identification, but it is still a step short of authentication, which we will discuss in the next section." He then goes on to mention that even if documents proving who one are presented that that is only "verification" and not "authentication." Okay, but he never discusses "verification" again in detail.

On p.26 he says that, "Authentication is, in an information security sense, the set of methods we use to establish a claim of identity that has been made is correct." Okay great.

On p.31, he says, "When we complete an authentication transaction with a biometric identifier, we are essentially asking the user to provide evidence that he or she is who he or she claims to be; this by definition, verification, and not authentication." Now I am lost.

I have researched more on the difference between "verification" and "authentication," but just don't know where the crucial, and I assume subtle, difference is.

I know that there are two types of biometric authentication, verification that the data matches the data of the person that the presenter says he is, and identification, where an attempted match is tried against all entries in the biometric database.

How can presenting per-enrolled biometric info be anything other than authentication?

Explanation / Answer

Verification is the act of proving your identity. Authentication is the act of proving you are the same person as before, without necessarily knowing who that person is.

re: Biometrics, I think the confusion comes down to the nature of biometrics. A username/password (something you know) says nothing about who you are. The same is true of a hardware token (something you have).

The author of the book you are reading is of the opinion that since biometrics are something you are, they are indistinguishable from a verification event.

This is not always the case for at least two reasons: 1. Presenting your biometric will be compared to the pre-enrolled biometric. This says nothing about who you are, only that you are the same person as was present at enrollment. 2. The data stored for a biometric may be less than that required for a verification event. If the system fails to identify you it can't just go and get extra samples, which you could if you were performing a verification.

Consider the use of biometrics to protect the privacy of data. A system might take a biometric to protect data that you have entered so it is only shown to you when you return. If this system does not tie the biometric to an identity through a verification process, the biometric is just as much an authentication factor as a password issued for the same process.

Related Questions

I am planning to utilize a new system in our lab, in which I will co-culture can
Question #32274
I am playing a game of Dungeon and Dragons with my family. My son’s character mu
Question #3353319
I am playing in a tennis tournament, and I am up against a player I have watched
Question #2902411
I am playing with dependency injection, but i am not sure I am doing it right. E
Question #655546
I am posting a multipart question, it has 6 parts that need to answered (A throu
Question #3420154
I am posting my question in two parts. Can a Geology expert answer these questio
Question #235313
I am posting my question in two parts. Can a geologist Expert answer these quest
Question #235316
I am posting my question in two parts. can some one answer for me please. Maps a
Question #235322

Navigate

Previous
I am reading Algorithms 4th Edition by Robert Sedgewick and in chapter 1.2 it di
Next
I am reading a paper which discusses a complex (MSL-DCC) involved in dosage comp

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.