2.4 Summarize authentication and authorization design concepts. Flashcards
Attestation
Prove the hardware is really yours.
FAR
False acceptance rate - Likelihood that an unauthorized user will be accepted
Not sensitive enough
FRR
False rejection rate - likelihood that an authorized user will be rejected
Too sensitive
CER
Crossover Error Rate - Defines the overal accuracy of a biometrix system
The rate at which FAR and FRR equal
Adjust sensitivity to equalize both values
retinal scans
are more intrusive and accurate than iris scans. Retinal scans use an IR light to identify blood vessel patterns, which remain largely unchanged throughout a person’s lifespan. The equipment needed to perform retinal scans is expensive and the process is complex and intrusive.
Iris Scans
match patterns on the surface of the eye using near-IR imaging, making the less intrusive and quicker than retinal scanning. Equipment is less expensive and easier to deploy, but iris scans might be spoofed with a high-resolution photo of a person’s eye.
Surface of eye imaging is performed by iris scans which is faster than retinal scans.
ROR
A rate of return (RoR) is considered the net gain or loss of an investment over a specified period of time and generally expressed as a percentage of the initial cost.
Directory Services
Directory services are the principal means of providing privilege management and authorization on an enterprise network. A key will be generated for the user, which contains the group members of the authenticated user.
Authentication Credentials
Authentication credentials are provided by each user at logon to gain access to a system-defined account. While this is utilized in the scenario, directory services take the authentication credentials to have a key generated, for the user to access resources..
distinguished name
A distinguished name is a unique identifier for any given resource within an X.500-like directory and is made up of attributes.
