Entity Authentication

Entity authentication in today’s IT security industry is used as one part of a security system to verify that an entity actually is who or what they claim to be prior to allowing them access to secured information or into a secured area. The simplest example of this is when somebody fills out a username and password to log into their account on a website. Their username is a claim to an identity and their password, presumably known only to them, serves to verify their claim. While this appears simple to the user, there is quite a lot going on behind the scenes.

One approach to entity authentication, drawing from the field of cryptography, utilizes complicated algorithms and secret keys (passwords). As the need for entity authentication is present in a wide range of situations, cryptographic solutions exist with differing sets of features, varying, for example, in ease of use and security. Accommodating this variety within the IT security industry, different IT security standards have been published to address different implementations of cryptographic entity authentication.

A second approach, biometric entity authentication, relies on relatively unique physical traits such as a person’s iris or their fingerprints to ascertain their identity. The most widely known example of this is the fingerprinting process. When used as part of a more modern system, IT security standards and protocols, such as the Biometric Application Programming Interface (BioAPI), are utilized extensively for their positive effect on interoperability in addition to serving as guidelines for the design and implementation of new systems.

One major difference between cryptographic and biometric entity authentication is that while cryptographic methods rely on keys provided by individuals, biometric systems rely on information about individuals themselves, raising concerns about privacy and legality. Additionally, as some biometric systems require physical interaction, health, safety, and cultural concerns arise as well. These concerns, among others, must be addressed during the development and deployment of any entity authentication system including biometric components and thus are guided by their own IT security standards.

Entity authentication, whether cryptographic, biometric or otherwise, is a major part of today’s IT security industry. As a result, there is much development in the field, leading simultaneously to both rapid advances and a pronounced need for IT security standards focusing on interoperability and the latest secure mechanisms.



Some packages of IT security standards regarding Entity Authentication, as well as individual ones:

• BIOMETRIC DATA INTERCHANGE FORMATS PACKAGE
• Biometric Entity Authentication
  • Authentication context for biometrics
  • Tenprint capture using biometric application programming interface (BioAPI)
  • BioAPI interworking protocol
  • Embedded BioAPI
  • Multimodal and other multibiometric fusion
  • Security evaluation of biometrics
  • Jurisdictional and societal considerations for commercial applications
  • Biometric profiles for interoperability and data exchange
    • Part 1: Overview of biometric systems and biometric profiles
    • Part 2: Physical access control for employees at airports
    • Part 3: Biometrics-based verification and identification of seafarers
• Cryptographic Entity Authentication
  • Part 1: General
  • Part 2: Mechanisms using symmetric encipherment algorithms 
  • Part 3: Mechanisms using digital signature techniques 
  • Part 4: Mechanisms using a cryptographic check function 
  • Part 5: Mechanisms using zero-knowledge techniques
  • Part 6: Mechanisms using manual data transfer