Authentication is the process of verifying the identity of users, devices, or other entities in a computer system. This process is conducted to permit access to a user, device, or other entities in a system. The services of the authentication process ensure that the users’ identity, systems producing or transmitting information, and unchanged data are valid (Tellabi et al., 2018). The methods of authentication include the use of passwords. Authentication is the first step to identifying and accessing a system’s management. The objective of authentication is to help the receiver make appropriate security-related decisions involving the user’s authorization to access or use information from the system (Tellabi et al., 2018). This process is essential in the Internet of Things (IoT) because it helps prevent users of a system from accessing unauthorized information or system. Authorization is the process that determines users or information is allowed to have access to a specific resource (Tellabi et al., 2018). This process determines the access privilege of a user according to the system’s policies, and authorization is done after authentication. This process is enforced through an access control mechanism deployed to the control system or network access (Tellabi et al., 2018). The objective of authorization is to ensure control of the system and networks accessed by users. This process is crucial because it defines the users or information that accesses a specific system.
Both authentication and authorization irregularities result in vulnerability in the security systems in digital technologies such as Instrumentation and Control systems. Additionally, the distributed and centralized approach systems manage authentication and authorization (Tellabi et al., 2018). These are some of the similarities between authentication and authorization.
If I were in charge of a retail networking system installation, I would implement a restricted level of authentication and authorization. Specifically, I would implement context-aware security to enhance the user-centric experience while using retail applications and online systems (Sylla et al., 2019). The context-aware security would ensure threat model management to characterize the user’s current activity independently. Further, the delayed message delivery in context-aware privacy would prevent tracking of users and their information, such as financial statements (Sylla et al., 2019). Therefore, this approach would enhance the security of my customers.
References
Sylla, T., Chalouf, M. A., Krief, F., Samaké, K. (2019). Towards a context-aware security and privacy as a service in the Internet of Things. 13th IFIP International Conference on Information Security Theory and Practice (WISTP). Web.
Tellabi, A., Sassmanhausen, J., Bajramovic, E., Ruland, K. C. (2018). Overview of authentication and access controls for I&C systems. 2018 IEEE 16th International Conference on Industrial Informatics (INDIN), 882–889. Web.