Access is the flow of information between a subject and an object.A subject is an active entity; an
object is passive entity. Access controls require identification, authentication,
and authorization of subjects requesting to access objects. Authentication is verifying the identity of a subject. Possible authentication mechanisms are biometrics (verifies the identity by a unique personal attribute), passwords(the weakest form of authentication), token devices (create one-time passwords),
passphrases, cognitive passwords, memory, and smart cards. Each authentication mechanism has one of the following characteristics: something that you know, something that you have, or something that you are.
No comments:
Post a Comment