Page 71 - DCAP516_COMPUTER_SECURITY
P. 71
Unit 6: User Authentication
Kerberos V5 is used for authentication if a password is used to log on to a domain account. Notes
Kerberos V5 authentication with certificates is used if a smart card is used instead.
2. With a local computer account, a user logs on to a local computer by using credentials
stored in the Security Accounts Manager (SAM), which is the local security account database.
Any workstation or member server can store local user accounts.
6.4.2 Network Authentication Process
Network authentication confirms the user’s identification to any network service that the user is
attempting to access. To provide this type of authentication, many mechanisms are supported,
including Kerberos V5, Secure Socket Layer/Transport Layer Security (SSL/TLS), and, for
compatibility with Windows NT 4.0, LAN Manager.
Users who use a domain account do not see network authentication. Users who use a local
computer account must provide credentials (such as a user name and password) every time they
access a network resource. By using the domain account, the user has credentials that are
automatically used for single sign-on.
6.5 Authentication in E-commerce
The consumer need for authentication relates to building trust, that is, the need to build a
transacting trust environment equivalent to that of the physical marketplace, where the shop
location, the appearance of goods and personnel, and the possibility to touch and feel the goods,
etc., inspire trust. The consumer need for authentication also includes the need to identify the
entity towards which to address an eventual complaint.
In the virtual market place, merchant authentication is a building block for this trust building
process. However, additional tools are also required such as: a contractual framework, trust
marks, codes of conduct, data privacy statements, dispute resolution procedures, clear
information on terms and conditions, clear pricing offer, customer service, graphical design
of the website, etc.
The merchant need for authentication derives from the need for a payment guarantee. The exact
authentication methods and authorization processes used to obtain this guarantee depend on
the payment instrument used, which in turn is defined by the issuer in relation to the business
risks associated to this instrument.
The authentication can be carried out through different complementary steps: the authentication
or validation of the payment instrument and its rights to be used for payment in the transaction
environment and the authentication of the consumer as the entitled owner of the payment
instrument.
Additional steps may be required by the payment instrument in order to obtain payment
guarantee such as the request for an online authorization to the issuer. For example, an e-purse
would only require authentication of payment instrument and verification of its balance, while
the use of a debit card could require cardholder authentication with a PIN, and an online
authorization request to the issuer to authenticate the card and verify the funds’ availability.
6.6 Economics of Strong user Authentication
Strong user authentication is costly and off-putting because no user authentication method is
secure when employed alone. Experts agree that real information security requires a combination
of tests (multi-factor user authentication) to verify who the user is, what the user knows, what
LOVELY PROFESSIONAL UNIVERSITY 65
