Practical Solutions, Inc. - Your source for Technology, Solutions, and Services
PSI - Your source for Document Management, Workflow, and Information Security

United States of America

 

 Practical Biometrics & Security Solutions

 Home

 Search PS4B Contact Us  

Home

About PS4B

Solutions 4

Products

Services

Support

Careers

News
Home > Support > Technical Bulletins > Security Concepts
Online Support

Technical Bulletins

 Security Concepts
  Authentication 101
  PKI
  Terms & Acronyms

Product Registration
Knowledge Base

Download
 
 
 

Technical Bulletins - Security Concepts
Introduction
To ensure proper access and logical security a product needs to be well-balanced and cover at a minimum the following aspects:
  • Authentication - Verification of users' claimed identities by using one or more of the following: secrets (what you know), tokens (what you have) and biometrics (what you are).
  • Authorization - Determination that a user is authorized to carry out a particular action, such as logging on to an application, accessing a database, or decrypting files.
  • Audit - Detailed logging of authentication and authorization actions, with the ability to review and analyze logs to uncover suspicious activities, failures, etc.
  • Administration - System administrators can centrally enroll users and define policies that control authentication and authorization for particular users, user groups, or applications.

When selecting software and technologies one must also take account:

  • Integrity - Authentication data (such as biometric templates), device/terminal/workstation communications as well as policy and system settings are secure and protected from tampering and forgery by other applications, hackers, etc.
  • Confidentiality - Secret application data as well as authentication and authorization information is encrypted at all times to protect it from access by unauthorized users, hackers, etc.
  • Non-Repudiation - Tools and logging mechanisms ensure that users cannot claim that an action occurred without their knowledge.
A well designed product will also provide such benefits as:
  • Convenience - Properly implemented security functionality makes a system easier to use, so that users will not attempt to bypass it or be inconvenienced by it.
  • Flexibility - Different applications call for different security measures, so security layers are flexible in order to provide the right amount of protection to the problem being addressed.
  • Modularity - System can be customized to fit a customers needs, using only the components necessary for a particular application, while being easily upgradeable.
  • Centralization - Administrators are able to manage the whole system in a consolidated and integrated manner, from a central or multiple locations.
  • Return on Investment - Organization save time and money by eliminating the 50% or more of help desk calls related to lost, stolen, and forgotten passwords.
Practical Solutions, Inc.  partnership with I/O Software  products represents a true end-to-end solution that cover all aspects of secure authentication; from providing multiple device support, centralized account management tools, to supplying a range of applications and services. Supporting various devices allows developers and integrators to focus their attention on their specific security challenge at hand and selecting the most flexible device for their problem.

Related Information
  Online catalog
 

Contact Sales
  Information Request
   
 

Last modified: October 24, 2003

Home Contact - Copyright © Practical Solutions, Inc.