Page 200 - DCAP403_Operating System
P. 200
Unit 10: System Protection
Biometric authentication systems employ unique physical characteristics (or attributes) of an Notes
individual person in order to authenticate the person’s identity. Physical attributes employed in
biometric authentication systems include fingerprints, hand geometry, hand -written signatures,
retina patterns and voice patterns. Biometric authentication systems based upon these physical
attributes have been developed for computer login applications.
Biometric authentication systems generally operate in the following manner:
Prior to any authentication attempts, a user is “enrolled” by creating a reference profi le (or
template) based on the desired physical attribute. The reference profile is usually based on the
combination of several measurements. The resulting template is associated with the identity of
the user and stored for later use.
When attempting to authenticate themselves, the user enters his login name or, alternatively,
the user may provide a card/token containing identification information. The user’s physical
attribute is then measured.
The previously stored reference profile of the physical attribute is then compared with the
measured profile of the attribute taken from the user. The result of the comparison is then used
to either accept or reject the user.
Biometric systems can provide an increased level of security for IT systems, but the technology is
still less matures than memory or smart cards. Imperfections in biometric authentication devices
arise from technical difficulties in measuring and profiling physical attributes as well as from the
somewhat variable nature of physical attributes. Many physical attributes change depending on
various conditions.
Example: A person’s speech pattern may change under stressful conditions or when
suffering from a sore throat or cold.
Biometric systems are typically used in conjunction with other authentication means in
environments requiring high security.
10.5.6 Encryption
Encryption is a process of coding information which could either be a file or mail message in
into cipher text a form unreadable without a decoding key in order to prevent anyone except
the intended recipient from reading that data. Decryption is the reverse process of converting
encoded data to its original un-encoded form, plaintext.
A key in cryptography is a long sequence of bits used by encryption/decryption algorithms.
The following represents a hypothetical 40-bit key:
00001010 01101001 10011110 00011100 01010101
A given encryption algorithm takes the original message, and a key, and alters the original
message mathematically based on the key’s bits to create a new encrypted message. Likewise, a
decryption algorithm takes an encrypted message and restores it to its original form using one
or more keys.
When a user encodes a file, another user cannot decode and read the file without the decryption
key. Adding a digital signature, a form of personal authentication, ensures the integrity of the
original message.
To encode plaintext, an encryption key is used to impose an encryption algorithm onto the data.
To decode cipher, a user must possess the appropriate decryption key. A decryption key consists
of a random string of numbers, from 40 through 2,000 bits in length. The key imposes a decryption
algorithm onto the data. This decryption algorithm reverses the encryption algorithm, returning
LOVELY PROFESSIONAL UNIVERSITY 193
