10. Glossary
Glossary
[ Previous ] [ Next ]
- Activation data
- Normally a password or biometric that is used to authenticate to a hardware or software token or a hardware device before they may be used. Software tokens (in particular any related cryptographic keys or secrets) are normally protected under a key generated using the activation data.
- Application Programming Interface (API)
- Generic code sets used for implementing higher-level software applications.
- Authentication
- Process of establishing, to the required level of confidence, the identity of one or more parties to a transaction. Consists of identity management (establishing who you are) and logon management (confirming who you are). In particular, for this Standard authentication is used in the commonly understood sense of a customer logging onto a service with their username and authentication key. This is consistent with the logon management aspect of the general authentication definition above.
- Authentication key
- Method used by an individual to authenticate his or her identity over the Internet. Examples of authentication keys include passwords, one-time passwords, software tokens, hardware tokens, and biometrics. Authentication keys are also referred to as keys.
- Automatic Teller Machine (ATM)
- These machines accept ATM cards. ATM cards are moving from magnetic strip cards to smartcards, commonly called chipcards.
- Challenge/response
- An authentication protocol where the verifier sends the customer a challenge (usually a random value or a nonce) that the customer combines with a shared secret (often by hashing the challenge and secret together) to generate a response that is sent to the verifier. The verifier knows the shared secret and can independently compute the response and compare it with the response generated by the customer. If the two are the same, the customer is considered to have successfully authenticated. When the shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. When the shared secret is a password, an eavesdropper does not directly intercept the password itself, but may be able to find the password with an off-line password guessing attack.
- Cryptographic hash
- A function that maps a bit string of arbitrary length to a fixed length pseudo-random bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.
- Cryptographic keys
- Protected values (in terms of their confidentiality and integrity) that are used in cryptographic operations.
- Cryptographic operations
- Special algorithms and protocols that may be used in the authentication process.
- Form factor
- Relates to the physical dimensions and technical properties (such as the communications interface) of a hardware device.
- Government Logon Service (GLS)
- An all-of-government shared service that provides ongoing re-confirmation of online identity to participating agencies to the desired level of confidence.
- Identity (ID)
- May be simply an identifier for an authentication key.
- Identity Verification Credential (IVC)
- A unique electronic record maintained by the IVS of a person's verified identity data.
- Identity Verification Service (IVS)
- An all-of-government shared service that provides individuals with the option to verify their identity authoritatively, online, and in real-time with participating agencies to a passport-level of confidence.
- Mutual authentication
- Where both entities authenticate to each other (the authentications are normally based on the same or closely similar methods).
- Nonce
- A value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement from a random challenge, because a nonce is not necessarily unpredictable.
- One-way function
- A function for which it is computationally infeasible to find any input that maps to any pre-specified output.
- Online service
- Service that an agency offers through an interactive online delivery channel.
- Personal Identification Number (PIN)
- A password made for numeric characters only. Commonly four digits are used, as with ATM cards.
- Public keys, private keys, asymmetric key pairs and public key cryptosystems
- Public keys and private keys occur as pairs called asymmetric key pairs. The public key is (usually) the public part and the private key is the secret part of an asymmetric key pair. Public key cryptosystems can be used to encrypt, digitally sign or protect the integrity of data.
- Public Key Infrastructure
- Covers the management, architecture, business processes, technical procedures and protocols relating to the well-organized use of public key cryptosystems (mostly concerning the public keys of asymmetric key pairs).
- Smartcard
- A credit card like form factor with an Integrated Circuit chip. Smartcards may be just memory cards but this Guidance considers smartcards that contain specialised cryptographic processors. Smartcards come in both contact and contactless forms. The contactless cards contain a small antenna for communicating with the reader.
- Service risk category
- Each service risk category is defined based on the identity-related risk of a service and are detailed in the Evidence of Identity Standard.
- Symmetric keys and symmetric cryptosystems
- Symmetric keys are cryptographic keys that are used with symmetric cryptosystems to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt. Symmetric cryptosystems can also provide data integrity: they can be used to create message authentication codes for data and to verify those codes.
- Transport Layer Security (TLS)
- Like the Secure Sockets Layer (SSL) protocol, which it supersedes, TLS provides a cryptographically protected channel for web browser exchanges. TLS is defined by the Internet Engineering Task Force. TLS is similar to the older SSL protocol and is effectively SSL version 3.1.
- Uniform Resource Locator (URL)
- A standardised address format for locating resources on the world wide web.
- Universal Serial Bus (USB)
- A multi-purpose computer software and/or hardware interface for interfacing with communication, storage, and peripheral devices.
- Username
- Construction of alphanumeric characters that is used to identify a customer within the authentication system (the username is used to identify the customer, or rather their authentication key, to the verifier as part of the authentication process).
[ Previous ] [ Next ]
