Difference Between Authentication and Authorization

The difference between authentication and authorization will appear as a term when someone talks about securing applications. Although the use of the terms is not synonymous, they already represent different purposes for shielding spectrum applications.

Authentication and authorization are useful and have to do with the security of information on the system automatically. In general, the terminology used is interchangeable and different. In this case, the identity of a person is guaranteed by authentication.

On the other hand, authorization performs an access list check by an authenticated person. In other words, authorization is permission that someone has given to access him/herself.

The difference between authentication and authorization lies in their meaning. However, in electronic information systems, both are a form of the access security system. This is very important because it relates to data security, validity, authenticity, and preventing misuse.

Definition of Authentication

Authentication is a system to ensure anyone who has the right to enter uses an electronic information system. Authentication can be in the form of passwords, login access cards, or biometrics such as fingerprint, retina, palm, and voice.

The authentication mechanism is to determine the identity of user data before disclosing sensitive data because someone’s confidential information is very important to be guarded, both system and interface.

In this authentication process, the user will make a claim that can be proven by the identity of the individual or entity. In this case, the claim can be in the form of name, password, biometrics, and others.

A simple example supposes there is A as a sender of electronic documents to B on the internet. Then, in this case, the system plays a role in how identifying that sender A has sent a message to recipient B.

However, the intruder or the C can intercept the document. For example, stealing, modifying, replaying, and other bad things. This is called fabrication.

In a situation like this, it is important to provide an authentication mechanism to ensure two things. First, the sender and receiver are people known as data origin authentication. Second, it ensures that the connection is secure for the sender and receiver, otherwise known as peer-to-peer authentication.

Definition of Authorization

Next is authorization, known as a guard or security guard in an electronic information system so that users cannot enter unauthorized areas.

Technically, authorization is a limitation to access certain menu sections in electronic information systems; this process occurs after the authentication process. In which the identity of the user will be ensured before the access list of users by searching for entries in tables and databases.

A simple example is user A wants to access certain files on the server. The process is user A will send a request to the server, and then the server will verify user data.

Later the server will find the rights of the authenticated A, whether A gets permission to access certain files or not. Access rights mean being able to view, modify, and perform other operations on the file.

This will ensure that the file will always be safe and protected. And if you also want something to protect you, you may op for using a VPN service. Feel free to try the Smart TV VPN to browse anonymously. This will make you safe when surfing the web. It’s easy to understand, and learn. 

Application of Authentication and Authorization in Electronic Medical Record Systems

Authentication in electronic medical record systems is often in the form of passwords or biometrics so that users can enter the system. At the same time, the authorization is a menu access restriction for each user system.

An example of its application in the medical world is that a nurse cannot open or access all doctors’ medical records. On the other hand, doctors cannot access all nurses’ medical records.

This guarantees that the medical record data is actually filled in by the party who has the authority. That is, the user who has rights to that area of ​​the system gets the permission according to his task.

The difference between authentication and authorization is the application of their meaning. Both functions to perform system and data security. Of course, in this case, not all users have the same authority. Some even have the authority to access all available menus.

Key Differences Authentication and Authorization

Although these two things are related in principle, they are still different. There are several basic differences between authentication and authorization. Well, the following review will discuss the differences between the two.

  • Authentication is useful as a tool to verify user data in granting permissions to the system. But on the other hand, authorization is a determination of who should access what;
  • In the authentication process, the user is verified, while in the authorization process, the user access list is validated; this process differs from one another;
  • The first process is authentication then the next is authorization;
  • In the authentication process, a person’s identity is determined from the data using the help of a user ID and password. Meanwhile, in the authorization system, it is the authorization system that decides the access rights that each user has.