Some examples on how to assess the impacts of potential consequences of unauthorised authentication for determining the overall assurance level of respective service / transaction scenarios.
There are three basic authentication factors (i.e. “what the user knows”, “what the user has”, and “what the user is or does”) commonly referred to in an authentication system.
To prevent unauthorised users from gaining access to protected resources, secure authentication systems are required to ensure that users are who they claim to be.
Public Key Infrastructure (PKI) is a widely accepted IT security framework based on 'Public Key Cryptography'. The Hong Kong Government has laid a solid foundation for deployment of PKI through the enactment of the Electronic Transactions Ordinance and the establishment of a public Certification Authority (CA) through the Hongkong Post.
Electronic authentication (e-Authentication) is the process of establishing confidence in user identities presented electronically to an information system. This may involve verifying with “what the user knows”, “what the user has”, and/or “what the user is or does”. The greater the number of factors being verified, the higher the confidence can be established.
