From Clinfowiki
Jump to: navigation, search

Authentication is the confirmation that a user or computer program is who it claims to be. This act implies to have the security that the person is really who he or she is, that means confirming the identity of a person by the system. [1]


The authentication process usually involves a username and a password, but can include any other method of demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints.

In the specific context of the Future Digital System, the assurance that an object is as the author or issuer intended it.

Authorization is finding out if the person, once identified, is permitted to have the resource. This is usually determined by finding out if that person is a part of a particular group, if that person has paid admission, or has a particular level of security clearance. Authorization is equivalent to checking the guest list at an exclusive party, or checking for your ticket when you go to the opera.

Finally, access control is a much more general way of talking about controlling access to a web resource. Access can be granted or denied based on a wide variety of criteria, such as the network address of the client, the time of day, the phase of the moon, or the browser which the visitor is using. Access control is analogous to locking the gate at closing time, or only letting people onto the ride who are more than 48 inches tall - it's controlling entrance by some arbitrary condition which may or may not have anything to do with the attributes of the particular visitor.

As the name implies, basic authentication is the simplest method of authentication, and for a long time was the most common authentication method used, but there are some other methods for authentication. Go to the web links below for a detailed information. [2]

Two factor authentication (T-FA) or (2FA)

A security process in which the user provides two means of identification in conjunction, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. Two-factor authentication typically is a signing-on process where a person proves his or her identity with two of three methods: "something you know" (ex.: password or PIN), "something you have" (ex.: smartcard or token), or "something you are" (ex.: fingerprint or voiceprint analysis).Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. [3]

Fingerprint Authentication

Fingerprint authentication is one of the methods of biometric authentication currently used in some organizations. Fingerprint id has been used for centuries and is quite reliable. There are two technologies used to capture the image of a fingerprint one is optical using light refracted from a prism and the other is capacitive based that is to say that it detects voltage changes in the skin between ridges and valleys. There are also several sensors that detect fake fingerprints, for example latent print residue will be ignored also some technologies make it impossible to use a cutoff finger because they are dependent on temperature, pulse and blood flow. [4]

Everyone has a unique fingerprint even twins. Scanner technology has become more sophisticated and user friendly. Disadvantages are that some prints are difficult to obtain especially in those that sweat excessively. Also it requires clean hands so cuts and bruises may affect the results.

There have been significant advances in fingerprint authentication. For example, there is a sensor called FPC1011F1 that purports superior image quality, with 256 gray scale values in every single pixel. The reflective measurement method sends an electrical signal via the frame directly into the finger. This technique enables the use of an unbeatably hard and thick protective surface coating. The sensor with its 3D pixel sensing technology can read virtually any finger; dry or wet.

Also, fingerprint authentication can be used in concert with other technologies like retina scanning or facial recognition in an attempt to provide more security.

Iris Authentication

Two opthamologists, Leonard Flom and Aran Safir, were the first propose that the uniqueness of irises could serve as an important tool to distinguish between individuals. In fact, the chance of two individuals having the same iris pattern is estimated to be 1 in 10. [5] [6]

This discovery led to an awarded patent in 1987. [7] Development of analysis algorithms was done in collaboration with Dr. John Daugman of Harvard University. Unlike fingerprints, irises are protected behind the eyelid and cornea and rarely suffer from damage that could alter the ability of an iris scanner to successfully acquire an identification. Furthermore, the iris pattern is permanently established during the first year of life and remains intact until death.

To perform iris analysis, a simple grayscale image is acquired with a digital camera using either visible or infrared light. Most often, infrared or near-infrared light is used due to enhanced contrast of features in individuals with brown eyes. The image is segmented to identify the boundaries of the iris followed by an algorithmic pattern recognition step.

Although rarely used in the current clinical space, reports of the use of iris-based authentication for participant identification in research studies has been documented. The uniqueness of the iris pattern has been shown to be useful in discriminating between twins enrolled in the same study. [8] One significant advantage over fingerprint authentication is the fact that iris recognition does not require direct patient contact. This significantly lessens the risk of transmitting disease between individuals. [9]


  1. Wikipedia: Authentication
  2. Authentication, Authorization, and Access Control. Apache Documentation.
  3. Sheuh, Calvin “Biometrics: Fingerprint Technology” ppt presentation for CS265
  4. Roger S. Pressman. Ingenieria de Software. Cuarta Edición. McGraw-Hill. 1997
  5. Biometric Authentication - Iris
  6. U.S. Government Printing Office. Office of Information Dissemination Program Development Service. Authentication
  7. US Patent Number 4,641,349
  8. Corby PM, Schleyer T, Spallek H, Hart TC, Weyant RJ, Corby AL, Bretz WAS, "Using biometrics for participant identification in a research study: a case report"
  9. Iris Technology Overview