For other uses of the terms authentication , authentic and authenticity Authenticity disambiguation Refimprove date September 2010 cleanup reason Discusses only entity authentication and no other aspects of authentication regarding communication security. Authentication methods and History sections need ... Authentication from Lang el real or genuine, from authentes author is the act of establishing ... its packaging and labeling claims to be, or assuring that a computer program is a trusted one. Authentication ..., also be forged and the authentication of these pose a problem. For instance, the son of Han van ... commonly use the first type of authentication method. Bills, coins, and cheque s incorporate ..., perfume, fashion clothing can use either type of authentication method to prevent counterfeit ... in the identification of genuine brand name goods. Authentication factors and identity The ways ... of authentication something you know, something you have, or something you are. Each authentication ... be verified. ref Cite web url http www.ffiec.gov pdf authentication guidance.pdf title Authentication ..., or other biometric identifier . Two factor authentication Main Two factor authentication When elements representing two factors are required for identification, the term two factor authentication ... and a day code knowledge factor elements , but this is still a two factor authentication. Product authentication File GatewayTracingHologramLabel.jpg thumb A Security hologram label on an electronics box for authentication Counterfeit products are often offered to consumers as being authentic. Counterfeit ... and labeling help ensure that authentic products are sold and used. Information content The authentication ... leaving only the informational content itself to use in authentication. Various systems have been ... originated from or was relayed by them. These involve authentication factors like A difficult to reproduce ... in a message is generally considered a separate problem from authentication. A wide range of techniques ... more details
Context date October 2009 Access Authentication in CDMA networks a.k.a. CAVE based Authentication IS 95 1xRTT , A12 Authentication 1xEV DO Authentication of a mobile device by the serving access network. The access authentication mechanism employed depends upon the type of service being used CAVE based Authentication Used for access authentication in CDMA 1xRTT Authentication and Key Agreement AKA 3G successor to CAVE based authentication A12 Authentication Used for access authentication in 1xEV DO Note that 1xEV DO Hybrid MS AT devices may employ both CAVE based and A12 authentication since these devices connect to both the 1xRTT and 1xEV DO networks. Category Code division multiple access ... more details
Unreferenced stub auto yes date December 2009 An authentication protocol is a type of cryptographic protocol with the purpose of authentication authenticating entities wishing to communicate securely. There are many different authentication protocols such as AKA security AKA CAVE based authentication Challenge handshake authentication protocol CHAP CRAM MD5 Diameter protocol Diameter Extensible Authentication Protocol EAP Host Identity Protocol HIP Kerberos protocol Kerberos MS CHAP and MS CHAPv2 variants of CHAP NTLM , also known as NT LAN Manager Password authenticated key agreement protocols Password Authentication Protocol PAP Protected Extensible Authentication Protocol PEAP RADIUS Secure Remote Password protocol SRP TACACS and TACACS RFID Authentication Protocols DEFAULTSORT Authentication Protocol Category Computer access control protocols computer security stub Compu network stub ... more details
Mutual authentication or two way authentication sometimes written as 2WAY authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others identity. When describing online authentication processes, mutual authentication is often referred to as website to user authentication, or site to user authentication. Typically, this is done for a client process and a server process without user interaction. Mutual Secure Sockets Layer SSL provides the same things as SSL, with the addition of authentication and non repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client side certificates. This creates an opening for a man in the middle attack , in particular for online banking. As the Financial Services Technology Consortium put it in its January 2005 report, Better institution to customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers account credentials and better customer to institution authentication would prevent attackers from successfully impersonating customers to financial ... signature Mobile signature Two factor authentication Pharming References references External links ... of Mutual Phone Authentication http developers.sun.com prodtech appserver reference techart mutual auth.html Mutual Authentication for Web Services A Live Example http www.howtoforge.com prevent phishing with mutual authentication How to prevent phishing with mutual authentication How to stop phishing with mutual authentication http www.solidpass.com authentication methods mutual authentication.html Mutual Authentication as a mobile application based security token. Category Authentication ... more details
Mergeto multi factor authentication date November 2009 Strong authentication is a notion with several unofficial definitions is not standardized in the security literature. Often, strong authentication is associated with two factor authentication or more generally multi factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves something you have or something you are , it would not be considered multi factor. The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication. Another commonly found class of definitions relates to a cryptographic process, or more precisely authentication based on a challenge response protocol. This type of definition is found in the Handbook of applied cryptography. ref Handbook of applied cryptography, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press. Available in electronic format at http www.cacr.math.uwaterloo.ca hac ref This type of definition does not necessarily relate to two factor authentication, since the secret key used in a challenge response authentication scheme can be simply derived from a password one factor . A third class of definitions says that strong authentication is any form of authentication in which the verification is accomplished without the transmission of a password . Citation needed date October 2009 This is the case for example with the definition found in the Fermilab documentation. ref Fermi National Accelerator Laboratory, Office of Science U.S. Department of Energy . http www.fnal.gov docs strongauth ref Thus, the term strong authentication ... For Open Authentication References reflist DEFAULTSORT Strong Authentication Category Theory of cryptography ... more details
Unreferenced stub auto yes date December 2009 Authentication servers are Server computing server s that provide authentication services to user computing users or systems other systems via networking. Remotely placed users and other servers authenticate to such a server, and receive cryptographic tickets. These tickets are then exchanged with one another to verify digital identity identity . Authentication is used as the basis for authorization determining whether a privilege will be granted to a particular user or process computing process , privacy keeping information from becoming known to non participants , and non repudiation not being able to deny having done something that was authorized to be done based on the authentication . The major authentication algorithm s utilized are password s, Kerberos protocol Kerberos , and public key encryption . See also TACACS RADIUS Multi factor authentication DEFAULTSORT Authentication Server Category Computer network security Category Servers Compu network stub ... more details
Context date October 2009 A12 Authentication Access Authentication for Evolution Data Optimized 1xEV DO is a Challenge handshake authentication protocol CHAP based mechanism used by a CDMA2000 Access Network AN to authenticate a 1xEV DO Access Terminal AT . A12 authentication occurs when an AT first attempts to access the AN and is repeated after some authentication timeout period. The element in the AN that performs this authentication is the Radio Network Controller RNC using its Access Network AAA protocol AAA AN AAA . In order to support A12 authentication, matching A12 credentials i.e., an A12 Network Address Identifier NAI and A12 CHAP key must be provisioned into the AT and the user s home AAA server. Since these credentials are only shared between the AT and its home AAA, the AN AAA forwards A12 challenge responses received from an AT to its home AAA to determine whether they are correct. A12 authentication is separate from packet data authentication that may occur later when a data session is being established. A12 authentication is important for roaming since all participating operators in the IRT have agreed to support it. If A12 credentials are not provisioned into an AT, that AT will not be able to access any visited network that performs A12 authentication. In addition, the Mobile Node Identifier MN ID is obtained from the AN AAA during successful A12 authentication. This MN ID is used by the AN on the A8 A9 and A10 A11 interfaces to enable handoffs of Packet Data Serving Node PDSN packet data sessions between ANs and between 1xEV DO and CDMA2000 1xRTT systems. If A12 authentication is not performed, the MN ID must be somehow derived and such handoffs may not be possible without establishing a new Point to Point Protocol PPP session. A12 authentication is defined in TIA 878 3GPP2 A.S0008 . For information about A12 authentication in roaming, see CDG Reference Document 136. Category Code division multiple access ... more details
BSD Authentication , otherwise known as BSD Auth, is an authentication software framework framework and software API employed by some Unix like operating system s, specifically OpenBSD and BSD OS , and accompanying System software system and Application software application software such as OpenSSH and Apache HTTP Server Apache . It originated with BSD OS and although the specification and implementation were donated to the FreeBSD project by BSDi , ultimately OpenBSD chose to adopt the framework in release 2.9. Pluggable Authentication Modules PAM serves a similar purpose on other operating systems such as Linux , FreeBSD and NetBSD . BSD Auth performs authentication by executing scripts or programs as separate Process computing process es from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined inter process communication API, a technique inspired by the principle of least privilege and known as privilege separation . This behaviour has significant security benefits, notably improved Fail safe fail safeness of software, and robustness against malicious and accidental software bug s. ref name privsep cite conference author Niels Provos, CITI, University of Michigan Markus Friedl, GeNUA mbH Peter Honeyman, CITI, University of Michigan date 2003 url http www.usenix.org events sec03 tech provos et al.html title Preventing Privilege Escalation booktitle Proceedings of the 12th USENIX Security Symposium pages 231 242 ref PAM uses an alternative system where the modules providing authentication are Library computer science dynamically linked into the requesting process. This method is considered to be more flexible than BSD Auth Fact date February 2007 , but does not provide privilege ... Authentication system man 3 bsd auth OpenBSD interface to the BSD Authentication system Category BSD Category Computer access control frameworks Category Unix authentication related software ... more details
Unreferenced date December 2007 E authentication is a shorthand for electronic authentication . Authentication ... to support e authentication is regarded as an important component in successful e Government. ref http www.agimo.gov.au infrastructure authentication Australian Government Information Management Office . ref Poor coordination and poor technical design might be major barriers to electronic authentication ... there has been established nationwide common e authentication schemes to ease the reuse of digital ... e auth v07.pdf An overview of International Initiatives in the field of Electronic Authentication ... for electronic authentication, in order to establish common levels of trust and possibly interoperability between different authentication schemes. ref http www.finance.gov.au e government security and authentication Australia , http e com.ic.gc.ca epic site ecic ceac.nsf en h gv00090e.html Canada , http www.whitehouse.gov omb memoranda fy04 m04 04.pdf US M04 04 . ref In the US E Authentication ... people to access. The E Authentication service enables you to get access to government services online ... credential issuers such as Web sites and digital certificate issuers , E Authentication is providing ... the Internet. E Authentication is a government wide partnership that is supported by the agencies that comprise ... agency partner. E Authentication works through an association with a trusted credential issuer, making it necessary for the user to login into the issuer s site to obtain the authentication credentials. Those credentials or E Authentication ID are then transferred the supporting government web site causing authentication. E Authentication was created in response of an inter governmental memorandum ... and agencies when implementing E Authentication. See also E democracy E participation E Government Unit Electronic authentication Electronic services delivery eRulemaking Online consultation ... US government E Authentication Web Site http www.whitehouse.gov omb memoranda fy04 ... more details
Cleanup date March 2008 unreferenced date March 2008 Transaction authentication generally refers to the Internet based security method of securely identifying a user through two or three factor authentication Two factor authentication something you know plus something you have and or something you are at a transaction level, rather than at the traditional Session or Logon level. An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re authenticate themselves using the appropriate two or three factor authentication method see Two factor authentication . Authentication, no matter how strong the method s used cannot protect against so called Man in the Middle MitM or Man in the Browser Man in the Browser MitB attacks. This differs from Transaction verification , also an Internet based security method, which is specifically designed to combat so called Man in the Middle MitM and Man in the Browser Man in the Browser MitB attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques. Category Computer access control computer security stub ... more details
Unreferenced date December 2009 Evidence law Authentication , in the law of evidence law evidence , is the process by which documentary evidence and other physical evidence is proven to be genuine, and not a forgery. Generally, authentication can be shown in one of two ways. First, a witness can testify as to the chain of custody through which the evidence passed from the time of the discovery up until the trial. Second, the evidence can be authenticated by the opinion of an expert witness examining the evidence to determine if it has all of the properties that it would be expected to have if it were authentic. For handwriting handwritten documents, any person who has become familiar with the purported author s handwriting prior to the cause of action from which the trial arose can testify that a document is in that handwriting. There are several kinds of documents which have generally been deemed to be self authenticating documents . These include commercial labels, newspapers and other periodicals, and official publications of an arm of the government. A special category of evidence called an ancient document will be deemed authentic if it can be shown to be more than twenty years old, and found in a place and condition that a document of that age would likely be found. DEFAULTSORT Authentication Law Category Evidence law see Classification of Authentication ... more details
Use ymd dates date September 2010 In cryptography , deniable authentication refers to authentication between a set of participants where the participants themselves can be confident in the authenticity of the messages, but it cannot be proved to a third party after the event. In practice, deniable authentication can be achieved through the use of message authentication code s MACs by making sure that if an attacker is able to decrypt the messages, they would also know the MAC key as part of the protocol, and would thus be able to forge authentic looking messages. For example, in the Off the Record Messaging OTR protocol, MAC keys are derived from the asymmetric decryption key through a cryptographic hash function . In addition to that, the OTR protocol also reveals used MAC keys as part of the next message, when they have already been used to previously received messages and will not be re used. ref name otr cite conference author Nikita Borisov , Ian Goldberg , Eric Brewer computer scientist Eric Brewer title Off the Record Communication, or, Why Not To Use PGP booktitle Workshop on Privacy in the Electronic Society date 2004 10 28 url http www.cypherpunks.ca otr otr wpes.pdf format PDF accessdate 2007 02 01 ref See also Deniable encryption Plausible deniability Malleability cryptography Malleability Off the Record Messaging References references crypto stub Category Cryptographic protocols ... more details
Unreferenced date August 2007 Violin authentication is the process of determining the maker and date of a violin . Multiple references may be required to assist in the process of authentication. This is often employed to combat fraudulent practices such as violin forgery and other forms of misrepresentation. Motivation for authentication Much of the price of a fine violin is determined not just by the quality of the instrument, but by the maker. Names like Amati , Guarneri , and Stradivari have become synonymous with excellence in craftsmanship and tone. Relatively unknown makers, capable of producing above average violins, know that they might be able to command tremendous prices simply by affixing the label of one of these early makers to the instruments of their making. The temptation has been, at times, irresistible. In its newest incarnation, however, instrument fraud appears to have shifted away from the production of clever fakes. The practice of merely misrepresenting the quality of the instrument is on the rise. To combat these and other such practices, the buyer may do well to consult an authenticator to confirm the maker, date, quality and price before purchasing an instrument, particularly when there are huge sums of money at stake. Authentication process Authenticating a violin is a multifaceted process that addresses two issues surrounding the authenticity of an instrument the year in which it was manufactured, and the maker essentially the information found on the label . To confirm these two attributes, the authenticator may employ several different techniques. The key to authentication is the idea that there is no single feature of a violin that exists independently of another. This implies that knowing the date narrows the number of makers, just as knowing the maker narrows the field of dates. External links http www.si.edu Encyclopedia SI nmah violappr.htm General Information on Obtaining Authentication and Appraisal of Violins Smithsonian Institution ... more details
Unreferenced date January 2007 Electronic authentication E authentication is the process of establishing confidence in user identities electronically presented to an information system . E authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. E Authentication Model E authentication is the process of establishing confidence in user identities electronically presented ... is authorized to perform an electronic transaction. In most cases, the authentication and transaction ... may be limited and access control decisions may take this into account. E authentication begins ... that the RA has verified. The token and credential may be used in subsequent authentication events ... successfully demonstrates possession and control of a token in an on line authentication to a verifier through an Challenge handshake authentication protocol authentication protocol , the verifier can ... decisions. Subscribers, RAs and CSPs In the conceptual e authentication model, a claimant in an authentication ... that may be used to authenticate the claimant s identity. In e authentication, the claimant authenticates to a system or application over a network. Therefore, a token used for e authentication ... key and learn the password to use the token. Authentication systems are often categorized by the number of factors that they incorporate. The three factors often considered as the cornerstone of authentication ... the subject of the credentials. When these paper credentials are presented in person, authentication ... authenticates his or her identity to a verifier by the use of a token and an authentication ..., with no knowledge of the token before the authentication protocol run, learns nothing about the token ... the verifier and the relying party are separate entities, the verifier must convey the result of the authentication ... is called an assertion. See also Guide to E payments DEFAULTSORT Electronic Authentication ... more details
SMTP Authentication , often abbreviated SMTP AUTH , is an extension of the Simple Mail Transfer Protocol whereby an SMTP client may log in , using an authentication mechanism chosen among those supported by the SMTP server. The authentication extension is mandatory for Mail submission agent submission servers. ref The relevant RFCs for reference are specified in the Standards section ref . History Differently from mail access protocols, the original SMTP specified by Jon Postel in the 70s did not provide ... Extension for Authentication author John Gardiner Myers date April 1995 publisher IETF accessdate 2010 ... protocol, Extended SMTP , and Simple Authentication and Security Layer SASL . Internet Mail ... authentication methods. These methods may change after issuing STARTTLS , typically allowing plain ... S 235 2.7.0 Authentication successful SMTP AUTH can be used also on port 25. Usually, servers reject RCPT TO commands that imply relaying unless authentication credentials have been accepted. The specification recommends that servers issue 530 5.7.0 Authentication required in response to most commands in case the server is configured to require authentication and the client hasn t done it yet. Only ... provides for an AUTH parameter to the MAIL FROM command, so as to allow to distinguish authentication ... session. While the authentication doesn t need to vary, once established, different messages ... Gellens and John Klensin John C. Klensin , April 2006. RFC 4422, Simple Authentication and Security Layer SASL , Alexey Melnikov and Kurt D. Zeilenga, June 2006. RFC 4954, SMTP Service Extension for Authentication , Robert Siemborski and Alexey Melnikov, July 2007. See also E mail authentication Simple Mail Transfer Protocol Mail submission agent Extended SMTP Email client Port numbers Simple Authentication ... authentication Category Internet mail protocols Category Computer access control protocols de SMTP Auth fr Internet message access protocol authentication pl SMTP AUTH ... more details
Unreferenced date December 2009 Key authentication is a problem that arises when using public key cryptography . It is the process of assuring that the public key of person A held by person B does in fact belong to person A . In traditional symmetric key cryptography, this problem wasn t an issue as it was implicitly assumed that some secure method of key distribution guaranteed key authenticity. Of course, this merely moved the issue back a level, to that of security of key distribution. Crypto systems using asymmetric key algorithms do not evade a related problem. That a public key can be known by all without compromising the security of an encryption algorithm for some such algorithms, though not for all is certainly useful, but does not prevent some kinds of attacks. For example, a spoofing attack in which public key A is claimed publicly to be that of user Alice, but is in fact a private key belonging to attacker Mallory, is easily possible. No public key is inherently bound to any particular user, and any user relying on a defective binding including Alice herself when she sends herself protected messages will have trouble. The simplest solution for this problem is for the two users concerned to meet face to face and exchange keys, However, for systems in which there are a large number of users or in which the users do not personally know each other eg, Internet shopping this is not practicable. The most common solution to this problem is the use of Public key certificate key certificate s and certificate authorities for them in a public key infrastructure system, The certificate authority acts as a trusted third party for the communicating users and, using cryptographic ..., or some combination of the two. However, in a significant sense, this merely moves the key authentication .... Accordingly, key authentication methods are being actively researched. See also Access control Certificate authority ID based cryptography Self Certifying Keys DEFAULTSORT Key Authentication Category ... more details
The Data Authentication Algorithm DAA is a former Federal Information Processing Standard U.S. government standard for producing cryptographic message authentication code s. According to the standard, a code produced by the DAA is called a Data Authentication Code DAC . The algorithm is not considered secure by today s standards. The DAA is equivalent to CBC MAC , with Data Encryption Standard DES as the underlying cipher, truncated to between 24 and 56 bits inclusive . Sources http www.itl.nist.gov fipspubs fip113.htm FIPS PUB 113 Computer Data Authentication the Federal Information Processing Standard publication that defines the Data Authentication Algorithm crypto stub Crypto navbox hash Category Message authentication codes ... more details
Merge from two factor authentication date November 2009 Merge from strong authentication date November 2009 Unreferenced date July 2010 Multi factor authentication , sometimes called strong authentication , is an extension of two factor authentication . While two factor authentication only involves exactly two factors, multi factor authentication involves two or more factors. Thus, every two factor authentication is a multi factor authentication, but not vice versa. Regulatory Definition For example, US Federal regulators consistently recognize three authentication factors blockquote Existing authentication ... characteristic, such as a fingerprint . br Authentication methods that depend on more than one factor ... authentication One problem with multi factor authentication generally is the lack of understanding of what constitutes true multi factor authentication. Supplying a user name something the user knows and password something the user knows is single factor authentication, despite the use of multiple pieces ... questions more of something the user knows is still single factor authentication. Adding a visual image more of something the user knows is still single factor authentication. Soliciting 50 or 500 pieces of something the user knows would still constitute single factor authentication. An example of true multi factor authentication is requiring that the user insert a Smart Card into a Smart Card Reader ... Council s FFIEC publication Which? date July 2010 advising the use of multi factor authentication, numerous vendors began offering authentication solutions that are, in fact, single factor authentication ... multifactor authentication , being multiple solutions from the same authentication category the something ..., rejecting such single factor approaches blockquote By definition true multifactor authentication ... solutions from the same category ... would not constitute multifactor authentication. FFIEC blockquote See also AuthenticationAuthentication server Dongle Hardware Security Module Identity management ... more details
notability date October 2010 date October 2010 orphan date May 2010 Location based authentication is a special procedure to prove an individual s identity and authenticity on appearance simply by detecting its presence at a distinct location. To enable location based authentication, a special combination of objects is required. Firsthand, the individual that applies for being identified and authenticated has to present a sign of identity. Secondly, the individual has to carry at least one human authentication factor that may be recognized on the distinct location. Thirdly, the distinct location must be equipped with a resident means that is capable to determine the coincidence of individual at this distinct location. Distinctiveness of locating Basic requirement for safe location based authentication is a well defined separation of locations as well as an equally well defined proximity of the applying individual to this location. Applications Location based authentication is a standard ... access on one ticket only. Location based authentication is a standard procedure to get access to a machine ... www.wipo.int pctdb en wo.jsp?wo 2006103387&IA GB2006000856&DISPLAY DESC LOCATION BASED AUTHENTICATION ref . Location based authentication is a novel procedure to provide additional information about the authenticity ... Approach for Location Based Authentication ref . Challenges As of 2008 , no offered technical solution for simple location based authentication includes a method for limiting the granted access to the presence, hence terminating the granted authentication on leave. This defines a mandate ..., limiting the granted time for access combining the method with another specially suited authentication factor See also Authentication Two factor authentication Time based authentication Real time locating Security token Wireless References Reflist DEFAULTSORT Location Based Authentication Category Authentication methods Location based Category Wireless locating Category Computer access control ... more details
Initiative for Open Authentication OATH is an industry wide collaboration to develop an open reference architecture using open standard s to promote the adoption of strong authentication . It has close to thirty coordinating and contributing members and is proposing standards for a variety of authentication technologies, with the aim of lowering costs and simplifying their use. See also HOTP Time based One time Password Algorithm TOTP OCRA Challenge Response Algorithms Specification External links http www.openauthentication.org Official site http www.openauthentication.org members List of OATH members Category Computer security organizations Category Computer access control computer security stub crypto stub it Initiative For Open Authentication nl Initiative for Open Authentication ... more details
Multiple issues context September 2008 jargon September 2008 unreferenced September 2008 CAVE based Authentication a.k.a. HLR Authentication, 2G Authentication, Access Authentication is an access authentication ... entities involved in CAVE based authentication when roaming Authentication Center AC a.k.a. HLR AC, AuC Located in a roamer s home network, the AC controls the authentication process and either authenticates the Mobile Station Mobile Phone , MS or shares SSD with the serving VLR to allow this authentication to occur locally. The AC must be provisioned with an A key value for each MS. Authentication ... the roamer. Otherwise, the VLR proxies authentication responses from roamers to their home HLR AC for authentication. The authentication controller is the entity that determines whether the response from the MS is correct. Depending upon whether SSD is shared, the authentication controller may be either the AC or VLR. In either case, CAVE based authentication is based on the CAVE algorithm and the following two shared keys Authentication key A key A 64 bit primary secret key known only to the MS ... local authentication in the visited network. Shared Secret Data SSD A 128 bit secondary secret key ... that is used during authentication. SSD may or may not be shared between home and roaming partner networks to enable local authentication. SSD consists of two 64 bit keys SSD A, which is used during authentication to calculate authentication signatures, and SSD B, which is used in the generation of session keys for encryption and voice privacy. CAVE based authentication provides two types of challenges ... an authentication signature response AUTHR using CAVE with inputs of the global challenge value ... and or home network to uniquely challenge a particular MS for any reason. The MS must generate an authentication ... S1, and SSD A. CAVE based authentication is a one way authentication mechanism that always involves ... only during an SSD update . CAVE based authentication procedures are specified in TIA 41 3GPP2 ... more details
refimprove date March 2011 Image Risk basedAuthentication.svg thumb Risk based Authentication process flow. The process highlighted in green is what gets added by the Risk based Authentication systems. Risk based authentication is a non static authentication system which takes into account the profile of the agent requesting access to the system to determine the risk profile associated with that transaction. The risk profile is then used to determine the complexity of the challenge. Higher risk profiles leads to stronger challenges, whereas a static username password may suffice for lower risk profiles. Risk based implementation allows the application to only challenge the user for additional credentials when the risk level is appropriate. Machine authentication is often used in a risk based authentication set up. The machine authentication will run in the background and only ask the customer for additional authentication if the computer is not recognized. In a risk based authentication system, the institution decides if additional authentication is necessary. If the risk is deemed appropriate, enhanced authentication will be triggered, such as a one time password delivered via an out of band communication. Risk based authentication can also be used during the session to prompt for additional authentication when the customer performs a certain high risk transaction, such as a money transfer or an address change. Risk based authentication is very beneficial to the customer because additional steps are only required if something is out of the ordinary, such as the login attempt ... 51D6D996 90F2 F468 AC09C4E8071575AE.pdf Enhanced Authentication In Online Banking Journal of Economic ... authentication Easier subsequent login process, thus reducing the chances of the user leaving ... lead to unauthorized access. References Reflist math stub Category Authentication methods Category ... authentication ... more details
Refimprove date April 2008 Cleanup date April 2008 Pre Boot Authentication PBA or Power On Authentication POA ref name autogenerated2 cite news url http www.networkworld.com news 2010 080210 sophos brings enterprise level encryption to.html?source nww rss title Sophos brings enterprise level encryption to the Mac publisher Network World date August 2, 2010 accessdate 2010 08 03 ref serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed he she has the correct password or other credentials. ref name autogenerated1 cite news url http www.secude.com html ?id 1376 title Pre Boot Authentication publisher SECUDE date February 21, 2008 accessdate 2008 02 22 ref Benefits of Pre Boot Authentication Full disk encryption outside of the operating system level ref name autogenerated1 Encryption of temporary files Data at rest protection How Pre Boot Authentication Works Generic Boot Sequence Basic Input Output System BIOS Master boot record MBR partition table Pre boot authentication ... authentication layer. The PBA prevents Windows or any other operating system from loading until ... or company data. Pre Boot Authentication Technologies Combinations with Full Disk Encryption Pre Boot Authentication is generally provided by a variety of full disk encryption vendors, but can be installed separately. Some FDE solutions can function without Pre Boot Authentication, such as hardware based full disk encryption . However, without some form of authentication, encryption provides little protection. Authentication Methods The standard complement of authentication methods exist for Pre Boot Authentication including Something you know i.e. username password Something you have ... Pre Boot Authentication Category Computer access control Category Computer security de Pre Boot Authentication ... more details
Orphan date September 2010 technical date December 2010 Pluggable Authentication Services PAS allows SAP ERP SAP user to be authenticated outside of SAP. When the user is authenticate by an external service, the PAS will issue an SAP Logon Ticket or x.509 Certificate which will be used for future authentication into SAP systems. The PAS is generally regarded as an opportunity for companies to either use a new external authentication system or an existing external authentication system. In some cases, the PAS is used with an external single sign on system that uses SAP Logon Ticket s or x.509 certificates ref http www.itsecuritystandard.com blog ?p 1612 Single Sign On Technology for SAP Enterprises What does SAP have to say? ref . External Authentication Systems Windows NT LAN Manager Authentication Windows NT domain controller i.e., User ID and password verification Binding LDAP to a directory server Authentication using the Secure Sockets Layer SSL protocol and x.509 certificates HTTP header variables mapping userIDs Authentication mechanism through the AGate Prerequistes One system must be configured as the ticket issuing system. Other SAP systems must be configured to accept logon tickets and therefore preconditions for logon ticket configuration or non logon ticket configuration, such as certificate, must be met prior . Usage of Secure Network Communications because authentication occurs externally. Ticket issuing SAP system must be able to recognize user s ID. ref http help.sap.com saphelp nw04 helpdata en 4f bd2c3a11f3bf31e10000000a11402f content.htm Pluggable Authentication Services for External Authentication ref See Also single sign on Secure Network Communications SAPgui SAP Logon Ticket External links http www.darkreading.com security monitoring security management showArticle.jhtml?articleID 227500483& requestid 100785 comments Pluggable Authentication Services for External Authentication Mechanisms References reflist Category Software ... more details
oneref date December 2009 In computing , the Challenge Handshake Authentication Protocol CHAP authentication authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider . CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. Microsoft has implemented a variant of the Challenge handshake authentication protocol, called MS CHAP , which does not require either peer to know the plaintext. Working Cycle CHAP is an authentication scheme used by Point to Point Protocol Point to Point Protocol PPP servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client computing client by using a Handshaking three way handshake . This happens at the time of establishing the initial data mnbmbmlink link , and may happen again at any time afterwards. The verification is based on a shared secret such as the client user s password . After the completion of the link establishment ... match, the authenticator acknowledges the authentication otherwise it should terminate the connection ... List of authentication protocols Password Authentication Protocol Challenge response test Cryptographic hash function References RFC 1994 Category Internet protocols Category Password authentication Category Computer access control protocols cs Challenge handshake authentication protocol de Challenge Handshake Authentication Protocol el Challenge handshake authentication protocol es CHAP eu CHAP fr Challenge Handshake Authentication Protocol it Challenge Handshake Authentication Protocol nl Challenge handshake authentication protocol ja Challenge Handshake Authentication Protocol pl Challenge Handshake Authentication Protocol ru CHAP zh CHAP ... more details
Encyclopedia
top
