AUTHENTICATION

AND PRIVACY
AUTHENTICATION
Authentication is a means of providing or
verifying a previously given identity / a
process of verifying the identity of a user
or system.

We use the term authentication to mean

three different things.We authenticate
Individual,Identity or Attribute

Types of Authentication:

 ID Passwords
 Biometrics (fingerprint, facial
recognition,blood vessel patterns in
the eye’s rectina)
 Two-Factor Authentication (2FA)
WHAT AUTHENTICATION MEANS
Individual

01
 An individual is a unique person.
 Authenticating an individual is what we do when
we allow a person to enter a controlled room.
 We want only that human being to be allowed to
enter.

Identity

02
 An identity is a character string or similar
descripitor,but it does not necessarily
corresponds to a single person,nor does each
person have only one name.
 We authenticate an identity when we
acknowledge that whoever(or whatever) is trying
to log in as admin has presented an
authenticator valid for that account.

Attribute

03
 We authenticate an attribute if we verify that a
person has that attribute.
 An attribute is a characteristic.
 INDIVIDUAL AUTHENTICATION
Individual authentication is a subset
of identity authentication. It focuses
specifically on verifying the identity
of a single person within a larger
group or organization.

The goal is to ensure that the
person accessing a system or
service is indeed the authorized
individual, and not someone else
using their credentials.
Example:
In a company, employees might have
individual authentication to access the
company's internal network. Each
employee has their own username and
password, and the system verifies their
identity when they log in.
IDENTITY AUTHENTICATION
Identity authentication is the process of confirming the identity of
a person or entity. It's about ensuring that the person claiming to
be a particular individual or entity is indeed who they say they
are. This is typically done through various means of verification.
The goal is to establish trust and confidence in the claimed
identity.
Knowledge Based
This involves
something the user Example:
knows, such as a When you log into
password, PIN, or your email account
answers to security and enter your
questions. password, the
system is
Possession-Based:
authenticating your
Involves something
identity based on
the user has, such as.
what you know
a security token,
(your password).
smart card, or mobile
device.
 ATTRIBUTE AUTHENTICATION
Attribute authentication is a bit different from identity and
individual authentication. Instead of focusing on the
person's overall identity, it concentrates on specific
attributes or characteristics associated with that identity.

These attributes could include roles, permissions,

certifications, or other qualities that define what the person
is allowed to do within a system.

Example:
In a healthcare system, attribute authentication might
be used to control access to patient records. A doctor
might have different levels of access compared to a
nurse or administrative staff. Their authentication
verifies their role or attributes within the system,
granting appropriate access levels.

01 Granularity
02 Dynamic Access
Control 03 Role-Based Access
Control (RBAC)
Allows for fine-tuned control over Access can change based on the Assigns permissions based on .
access to resources. attributes associated with the user. predefined roles within an
organization..
 AUTHENTICATION

INDIVIDUAL AUTHENTICATION
Individual Authentication ensures that a specific person within a group is who they claim to be.

IDENTITY AUTHENTICATION
verifies the claimed identity of a person or entity.

ATTRIBUTE AUTHENTICATION
focuses on the specific qualities or roles associated with an identity, determining
access based on these attributes.

Contentsitle
Get a modern PowerPoint Presentation that is beautifully designed.
 ANONYMIZED RECORDS
Anonymized records refer to data that has been altered or stripped of personally identifiable information (PII) to protect the privacy of
individuals. The goal of anonymizing data is to remove any elements that could potentially identify a specific person while still maintaining
the usefulness of the data for analysis, research, or other purposes..

Characteristics of Anonymized Records:

No Personal Identifiers: Any direct identifiers such as names, addresses, social security numbers, or
phone numbers are removed.

Indirect Identifiers Removed: Information that could indirectly identify an individual, such as birthdates,
ZIP codes, or specific job titles, may also be altered or generalized.

Aggregated Data: Data might be aggregated to groups rather than individuals, such as age groups,
regions, or categories of behavior.

Randomization: Some anonymization techniques involve adding noise or randomizing values to make it
difficult to re-identify individuals.
Examples of Anonymized Records:

Healthcare Data:

Removing patient names, addresses, and any other identifiable information from medical
records.
Using patient IDs or codes instead of names to track treatments and outcomes.
Aggregating data on diseases or treatments across a population without revealing individual
identities.

Market Research:

Collecting survey responses without linking them to specific names.

Analyzing shopping habits across regions without identifying individual shoppers.
Studying online behavior without tracking specific user identities.

Financial Transactions:

Removing names and account numbers from banking records.

Analyzing spending patterns across demographics without identifying individual account
holders.
Aggregating credit card transactions to identify trends without revealing individual
purchases.
THANK YOU