Abstract— This paper presents modelling of the basic authentication procedure. The Petri net technique as a tool was chosen in this study. Experiments were made with two groups of models according the quantity of used attributes. One consists of combination of the User name and Password with and/or without repeating. The second group consist of the user name, password and biometrics with and/or without repeating. The goal of this paper is to demonstrate that security increasing with attributes quantity and decreasing with possibility to repeating wrong sequence of symbols. Keywords— Authentication, biometrics, passwords, Petri nets, user name, I. INTRODUCTION ith the rapid growth of network applications, network security has become an important issue, and authentication protocols are the basis of security in networks. Therefore, it is essential to ensure these protocols correctly. Unfortunately, it is difficult to design a robustness and effective security protocol for networks. Not only because of the characteristics of networks, but also because good analysis techniques are lacking. The technical means to achieve information security in an informatics society are provided through cryptography. The cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, access control, and authentication. Confidentiality is a service used to keep the contents of information from all but those authorized to have it. There are numerous approaches to provide confidentiality, e.g. the mathematical algorithms which render data incomprehensible. Access control is the ability to limit the access to authorized users and applications. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be assigned to individuals. Authentication is a service related to identification. It is a fundamental building block for a secure networked environment. If a server knows the identity of a client, it can decide whether to provide the service, whether the user should be given special privileges, and so forth. In other words, authorization and accounting schemes can be built on top of authentication resulting in the required security to the computer network system. Authentication based on some knowledge shared by the system and the user, user name and a password [1], is one of mechanisms used in achieving one’s security goals. Nowadays the user name and passwords are still commonly used for authentication purposes, although recently they are thought as not being secure as some of other forms of authentication mechanisms [2].. The reason behind this is probably because the implementing of passwords is easy and not so expensive [5]. Protocols play a major role in cryptography and are essential in meeting cryptographic goals. We need protocols to apply cryptographic algorithms and techniques among the communicating parties. Encryption schemes, hash functions, and random number generators are among the primitives which may be utilized to build a protocol. A cryptographic protocol is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective. The whole point of using cryptography in a protocol is to detect or prevent attacks. Fig. 1: Factors of User Name and Password Authentication Security (Source: modified on the base of 0) Human factors can be divided to two categories:  Type of user name and password (length, randomness, used characters, etc.)  Mode the user guards a password (how often a user change his password, whether the user writes a password down, and so on) Since users are thought to be the weakest link of every security solution, it is necessary to study their behaviour. We are convinced of the need to study how users choose their passwords, because it evidently infers of security of this kind of authentication. A lot of authors frequently discuss about the factors that influence password security, for example: length, randomness, and the period the password is used. Some authors are trying to make a distinction between a ―weak‖ and a ―strong‖ password, commonly by using an expert’s opinion 0. Other authors are trying to break passwords, and the results of their experiments are present as a proof of the passwords weakness 0, 0. The authors of this paper are convinced about the need for an exact number that represents the security level of some password. The characteristic of password security will serve for various purposes: Basic authentication procedure modelled by Petri nets J. Capek, M. Hub, R. Myskova W INTERNATIONAL JOURNAL OF COMPUTERS AND COMMUNICATIONS Issue 4, Volume 4, 2010 101