For other uses of the terms authentication , authentic and authenticity Authenticity disambiguation Authenticity Refimprove date September 2010 cleanup reason Discusses only entity authentication and no other aspects of authentication regarding communication security. Authentication methods and History ... 2010 Authentication from Lang el real or genuine, from authentes author ... is what its packaging and labeling claims to be. Authentication methods Main Provenance In art ... of history. There are three types of techniques for doing this. The first type authentication is accepting ... and the object under assessment as his artifact respectively. The second type authentication .... Certificates can, however, also be forged and the authentication of these pose a problem. For instance ..., depending on the risk of getting caught. The third type authentication relies on documentation or other .... Currency and other financial instruments commonly use the first type of authentication method .... Consumer goods such as pharmaceuticals, perfume, fashion clothing can use either type of authentication ... identifying feature which aids consumers in the identification of genuine brand name goods. Authentication ..., based on what are known as the factors of authentication something you know, something you have, or something you are. Each authentication factor covers a range of elements used to authenticate ... two, and preferably all three, factors be verified. ref Cite web url http www.ffiec.gov pdf authentication guidance.pdf title Authentication in an Internet Banking Environment author Federal Financial ... , face, voice, unique bio electric signals, or other biometric identifier . Two factor authentication Main Two factor authentication When elements representing two factors are required for identification, the term two factor authentication is applied. . e.g. a bankcard something the user has and a PIN ... a two factor authentication. Product authentication File GatewayTracingHologramLabel.jpg thumb A Security ... more details
Context date October 2009 Access Authentication in CDMA networks a.k.a. CAVE based Authentication IS 95 1xRTT , A12 Authentication 1xEV DO Authentication of a mobile device by the serving access network. The access authentication mechanism employed depends upon the type of service being used CAVE based Authentication Used for access authentication in CDMA 1xRTT Authentication and Key Agreement AKA 3G successor to CAVE based authentication A12 Authentication Used for access authentication in 1xEV DO Note that 1xEV DO Hybrid MS AT devices may employ both CAVE based and A12 authentication since these devices connect to both the 1xRTT and 1xEV DO networks. Category Code division multiple access ... more details
ref improve date November 2011 Mutual authentication or two way authentication sometimes written as 2WAY authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others identity. When describing online authentication processes, mutual authentication is often referred to as website to user authentication, or site to user authentication. Typically, this is done for a client process and a server process without user interaction. Mutual Secure Sockets Layer SSL provides the same things as SSL, with the addition of authentication and non repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client side certificates. As the Financial Services Technology Consortium put it in its January 2005 report, Better institution to customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers account credentials and better customer to institution authentication would prevent attackers from successfully ... Computer security Secure channel Digital signature Mobile signature Two factor authentication Pharming ... authentication.html more New Generation of Mutual Phone Authentication http developers.sun.com appserver reference techart mutual auth.html Mutual Authentication for Web Services A Live Example http www.howtoforge.com prevent phishing with mutual authentication How to prevent phishing with mutual authentication How to stop phishing with mutual authentication http www.solidpass.com authentication methods mutual authentication.html Mutual Authentication as a mobile application based security token. Category Authentication methods Category Computer access control computer security stub ... more details
Unreferenced stub auto yes date December 2009 An authentication protocol is a type of cryptographic protocol with the purpose of authentication authenticating entities wishing to communicate securely. There are many different authentication protocols such as AKA security AKA CAVE based authentication Challenge handshake authentication protocol CHAP CRAM MD5 Diameter protocol Diameter Extensible Authentication Protocol EAP Host Identity Protocol HIP Kerberos protocol Kerberos MS CHAP and MS CHAPv2 variants of CHAP LAN Manager NTLM , also known as NT LAN Manager Password authenticated key agreement protocols Password Authentication Protocol PAP Protected Extensible Authentication Protocol PEAP RADIUS Secure Remote Password protocol SRP TACACS and TACACS RFID Authentication Protocols Woo Lam 92 protocol DEFAULTSORT Authentication Protocol Category Computer access control protocols computer security stub Compu network stub ... more details
Mergeto multi factor authentication date November 2009 Strong authentication is a notion with several unofficial definitions is not standardized in the security literature. Often, strong authentication is associated with two factor authentication or more generally multi factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves something you have or something you are , it would not be considered multi factor. The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication. Another commonly found class of definitions relates to a cryptographic process, or more precisely authentication based on a challenge response protocol. This type of definition is found in the Handbook of applied cryptography. ref Handbook of applied cryptography, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press. Available in electronic format at http www.cacr.math.uwaterloo.ca hac ref This type of definition does not necessarily relate to two factor authentication, since the secret key used in a challenge response authentication scheme can be simply derived from a password one factor . A third class of definitions says that strong authentication is any form of authentication in which the verification is accomplished without the transmission of a password . Citation needed date October 2009 This is the case for example with the definition found in the Fermilab documentation. ref Fermi National Accelerator Laboratory, Office of Science U.S. Department of Energy . http www.fnal.gov docs strongauth ref Thus, the term strong authentication ... For Open Authentication References reflist DEFAULTSORT Strong Authentication Category Theory of cryptography ... more details
Context date October 2009 A12 Authentication Access Authentication for Evolution Data Optimized 1xEV DO is a Challenge handshake authentication protocol CHAP based mechanism used by a CDMA2000 Access Network AN to authenticate a 1xEV DO Access Terminal AT . A12 authentication occurs when an AT first attempts to access the AN and is repeated after some authentication timeout period. The element in the AN that performs this authentication is the Radio Network Controller RNC using its Access Network AAA protocol AAA AN AAA . In order to support A12 authentication, matching A12 credentials i.e., an A12 Network Address Identifier NAI and A12 CHAP key must be provisioned into the AT and the user s home AAA server. Since these credentials are only shared between the AT and its home AAA, the AN AAA forwards A12 challenge responses received from an AT to its home AAA to determine whether they are correct. A12 authentication is separate from packet data authentication that may occur later when a data session is being established. A12 authentication is important for roaming since all participating operators in the IRT have agreed to support it. If A12 credentials are not provisioned into an AT, that AT will not be able to access any visited network that performs A12 authentication. In addition, the Mobile Node Identifier MN ID is obtained from the AN AAA during successful A12 authentication. This MN ID is used by the AN on the A8 A9 and A10 A11 interfaces to enable handoffs of Packet Data Serving Node PDSN packet data sessions between ANs and between 1xEV DO and CDMA2000 1xRTT systems. If A12 authentication is not performed, the MN ID must be somehow derived and such handoffs may not be possible without establishing a new Point to Point Protocol PPP session. A12 authentication is defined in TIA 878 3GPP2 A.S0008 . For information about A12 authentication in roaming, see CDG Reference Document 136. Category Code division multiple access ... more details
Unreferenced stub auto yes date December 2009 Authentication servers are Server computing server s that provide authentication services to user computing users or systems other systems via networking. Remotely placed users and other servers authenticate to such a server, and receive cryptographic tickets. These tickets are then exchanged with one another to verify digital identity identity . Authentication is used as the basis for authorization determining whether a privilege will be granted to a particular user or process computing process , privacy keeping information from becoming known to non participants , and non repudiation not being able to deny having done something that was authorized to be done based on the authentication . The major authentication algorithm s utilized are password s, Kerberos protocol Kerberos , and public key encryption . See also TACACS RADIUS Multi factor authentication DEFAULTSORT Authentication Server Category Computer network security Category Servers computing Compu network stub ... more details
Refimprove date December 2007 E authentication is a shorthand for electronic authentication . Authentication ... to support e authentication is regarded as an important component in successful e Government. ref http www.agimo.gov.au infrastructure authentication Australian Government Information Management Office . ref Poor coordination and poor technical design might be major barriers to electronic authentication ... there has been established nationwide common e authentication schemes to ease the reuse of digital ... e auth v07.pdf An overview of International Initiatives in the field of Electronic Authentication ... for electronic authentication, in order to establish common levels of trust and possibly interoperability between different authentication schemes. ref http www.finance.gov.au e government security and authentication Australia , http e com.ic.gc.ca epic site ecic ceac.nsf en h gv00090e.html Canada , http www.whitehouse.gov omb memoranda fy04 m04 04.pdf US M04 04 . ref In the US E Authentication ... people to access. The E Authentication service enables you to get access to government services online ... credential issuers such as Web sites and digital certificate issuers , E Authentication is providing .... E Authentication is a government wide partnership that is supported by the agencies that comprise ... agency partner. E Authentication works through an association with a trusted credential issuer, making it necessary for the user to login into the issuer s site to obtain the authentication credentials. Those credentials or E Authentication ID are then transferred the supporting government web site causing authentication. E Authentication was created in response of an inter governmental memorandum ... and agencies when implementing E Authentication. See also E democracy E participation E Government Unit Electronic authentication Electronic services delivery eRulemaking Online consultation Online ... US government E Authentication Web Site http www.whitehouse.gov omb memoranda fy04 m04 ... more details
BSD Authentication , otherwise known as BSD Auth, is an authentication software framework framework and software API employed by some Unix like operating system s, specifically OpenBSD and BSD OS , and accompanying System software system and Application software application software such as OpenSSH and Apache HTTP Server Apache . It originated with BSD OS and although the specification and implementation were donated to the FreeBSD project by BSDi , ultimately OpenBSD chose to adopt the framework in release 2.9. Pluggable Authentication Modules PAM serves a similar purpose on other operating systems such as Linux , FreeBSD and NetBSD . BSD Auth performs authentication by executing scripts or programs as separate Process computing process es from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined inter process communication API, a technique inspired by the principle of least privilege and known as privilege separation . This behaviour has significant security benefits, notably improved Fail safe fail safeness of software, and robustness against malicious and accidental software bug s. ref name privsep cite conference author Niels Provos , CITI, University of Michigan Markus Friedl, GeNUA mbH Peter Honeyman, CITI, University of Michigan date 2003 url http www.usenix.org events sec03 tech provos et al.html title Preventing Privilege Escalation booktitle Proceedings of the 12th USENIX Security Symposium pages 231 242 ref PAM uses an alternative system where the modules providing authentication are Library computer science dynamically linked into the requesting process. This method is considered to be more flexible than BSD Auth Fact date February 2007 , but does not provide privilege ... Authentication system man 3 bsd auth OpenBSD interface to the BSD Authentication system Category Berkeley Software Distribution Category Computer access control frameworks Category Unix authentication ... more details
Cleanup date March 2008 unreferenced date March 2008 Transaction authentication generally refers to the Internet based security method of securely identifying a user through two or three factor authentication Two factor authentication something you know plus something you have and or something you are at a transaction level, rather than at the traditional Session or Logon level. An internet banking application may allow a customer to perform numerous transactions within the single session and hence each, or selected transactions, will require the user to re authenticate themselves using the appropriate two or three factor authentication method see Two factor authentication . Authentication, no matter how strong the method s used cannot protect against so called Man in the Middle MitM or Man in the Browser Man in the Browser MitB attacks. This differs from Transaction verification , also an Internet based security method, which is specifically designed to combat so called Man in the Middle MitM and Man in the Browser Man in the Browser MitB attacks through not only authenticating the identity of the user, but also verifying the integrity of the actual content of the transaction, i.e. ensuring it has not been altered by one of these fraudulent techniques. Category Computer access control computer security stub ... more details
Unreferenced date January 2007 Electronic authentication E authentication is the process of establishing confidence in user identities electronically presented to an information system . E authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. E Authentication Model E authentication is the process of establishing confidence in user identities electronically presented ... is authorized to perform an electronic transaction. In most cases, the authentication and transaction ... may be limited and access control decisions may take this into account. E authentication begins ... that the RA has verified. The token and credential may be used in subsequent authentication events ... successfully demonstrates possession and control of a token in an on line authentication to a verifier through an Challenge handshake authentication protocol authentication protocol , the verifier can ... decisions. Subscribers, RAs and CSPs In the conceptual e authentication model, a claimant in an authentication ... that may be used to authenticate the claimant s identity. In e authentication, the claimant authenticates to a system or application over a network. Therefore, a token used for e authentication ... key and learn the password to use the token. Authentication systems are often categorized by the number of factors that they incorporate. The three factors often considered as the cornerstone of authentication ... the subject of the credentials. When these paper credentials are presented in person, authentication ... authenticates his or her identity to a verifier by the use of a token and an authentication ..., with no knowledge of the token before the authentication protocol run, learns nothing about the token ... the verifier and the relying party are separate entities, the verifier must convey the result of the authentication ... is called an assertion. See also Guide to E payments DEFAULTSORT Electronic Authentication ... more details
Geospatial Authentication A software package that has been designed to allow authentication for determining if the rover s is are within a set of boundaries or a specific area to access critical geospatial information by using GPS signal structures as a means to authenticate mobile devices into a network wirelessly and in real time has been developed. The advantage lies in that the system only allows those with designated geospatial boundaries or areas into the server. The Geospatial Authentication software has two parts Server and Client. The server software is a virtual private network VPN developed in Linux operating system using Perl programming language. The server can be a stand alone VPN server or can be combined with other applications and services. The client software is a GUI Windows CE software, or Mobile Graphical Software, that allows users to authenticate into a network. The purpose of the client software is to pass the needed satellite information to the server for authentication. This work was done by Stacey D. Lyle of Geospatial Research Innovation Design for John C. Stennis Space Center NASA s Stennis Space Center . External links Wiktionary http www.techbriefs.com component content article 5170 NASA Tech Briefs Source of Research Category Authentication methods ... more details
Unreferenced date August 2007 Violin authentication is the process of determining the maker and date of a violin . Multiple references may be required to assist in the process of authentication. This is often employed to combat fraudulent practices such as violin forgery and other forms of misrepresentation. Motivation for authentication Much of the price of a fine violin is determined not just by the quality of the instrument, but by the maker. Names like Amati , Guarneri , and Stradivari have become synonymous with excellence in craftsmanship and tone. Relatively unknown makers, capable of producing above average violins, know that they might be able to command tremendous prices simply by affixing the label of one of these early makers to the instruments of their making. The temptation has been, at times, irresistible. In its newest incarnation, however, instrument fraud appears to have shifted away from the production of clever fakes. The practice of merely misrepresenting the quality of the instrument is on the rise. To combat these and other such practices, the buyer may do well to consult an authenticator to confirm the maker, date, quality and price before purchasing an instrument, particularly when there are huge sums of money at stake. Authentication process Authenticating a violin is a multifaceted process that addresses two issues surrounding the authenticity of an instrument the year in which it was manufactured, and the maker essentially the information found on the label . To confirm these two attributes, the authenticator may employ several different techniques. The key to authentication is the idea that there is no single feature of a violin that exists independently of another. This implies that knowing the date narrows the number of makers, just as knowing the maker narrows the field of dates. External links http www.si.edu Encyclopedia SI nmah violappr.htm General Information on Obtaining Authentication and Appraisal of Violins Smithsonian Institution ... more details
Unreferenced date December 2009 Evidence law Authentication , in the law of evidence law evidence , is the process by which documentary evidence and other physical evidence is proven to be genuine, and not a forgery. Generally, authentication can be shown in one of two ways. First, a witness can testify as to the chain of custody through which the evidence passed from the time of the discovery up until the trial. Second, the evidence can be authenticated by the opinion of an expert witness examining the evidence to determine if it has all of the properties that it would be expected to have if it were authentic. For handwriting handwritten documents, any person who has become familiar with the purported author s handwriting prior to the cause of action from which the trial arose can testify that a document is in that handwriting. There are several kinds of documents which have generally been deemed to be self authenticating documents . These include commercial labels, newspapers and other periodicals, and official publications of an arm of the government. A special category of evidence called an ancient document will be deemed authentic if it can be shown to be more than twenty years old, and found in a place and condition that a document of that age would likely be found. DEFAULTSORT Authentication Law Category Evidence law see Classification of Authentication ... more details
In cryptography , deniable authentication refers to authentication between a set of participants where the participants themselves can be confident in the authenticity of the messages, but it cannot be proved to a third party after the event. In practice, deniable authentication can be achieved through the use of message authentication code s MACs by making sure that if an attacker is able to decrypt the messages, they would also know the MAC key as part of the protocol, and would thus be able to forge authentic looking messages. For example, in the Off the Record Messaging OTR protocol, MAC keys are derived from the asymmetric decryption key through a cryptographic hash function . In addition to that, the OTR protocol also reveals used MAC keys as part of the next message, when they have already been used to previously received messages and will not be re used. ref name otr cite conference author Nikita Borisov , Ian Goldberg , Eric Brewer computer scientist Eric Brewer title Off the Record Communication, or, Why Not To Use PGP booktitle Workshop on Privacy in the Electronic Society date 2004 10 28 url http www.cypherpunks.ca otr otr wpes.pdf format PDF accessdate 2007 02 01 ref See also Deniable encryption Plausible deniability Malleability cryptography Malleability Off the Record Messaging References Reflist Category Cryptographic protocols crypto stub ... more details
SMTP Authentication , often abbreviated SMTP AUTH , is an extension of the Simple Mail Transfer Protocol whereby an SMTP client may log in , using an authentication mechanism chosen among those supported by the SMTP server. The authentication extension is mandatory for Mail submission agent submission ... for Authentication author John Gardiner Myers date April 1995 publisher IETF accessdate 2010 05 ... protocol, Extended SMTP ESMTP , and Simple Authentication and Security Layer SASL . An older SASL mechanism for ESMTP authentication ESMTPA is CRAM MD5 , and uses of the MD5 algorithm in HMAC s hash based message authentication codes are still considered sound. ref cite web url http tools.ietf.org ... extensions, SMTP AUTH is advertised in the EHLO response, along with a list of supported authentication ... S 250 AUTH GSSAPI DIGEST MD5 PLAIN C AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ S 235 2.7.0 Authentication ... that imply relaying unless authentication credentials have been accepted. The specification recommends that servers issue 530 5.7.0 Authentication required in response to most commands in case the server is configured to require authentication and the client hasn t done it yet. Only servers listening ... parameter to the MAIL FROM command, so as to allow to distinguish authentication from authorization .... While the authentication doesn t need to vary, once established, different messages may be sent according ... Klensin John C. Klensin , April 2006. RFC 4422, Simple Authentication and Security Layer SASL , Alexey Melnikov and Kurt D. Zeilenga, June 2006. RFC 4954, SMTP Service Extension for Authentication , Robert Siemborski and Alexey Melnikov, July 2007. See also E mail authentication Simple Mail Transfer Protocol Mail submission agent Extended SMTP Email client Port numbers Simple Authentication and Security Layer Open mail relay POP before SMTP References reflist 2 Category Email authentication ... message access protocol authentication pl SMTP AUTH ... more details
Unreferenced date December 2009 Key authentication is a problem that arises when using public key cryptography . It is the process of assuring that the public key of person A held by person B does in fact belong to person A . In traditional symmetric key cryptography, this problem wasn t an issue as it was implicitly assumed that some secure method of key distribution guaranteed key authenticity. Of course, this merely moved the issue back a level, to that of security of key distribution. Crypto systems using asymmetric key algorithms do not evade a related problem. That a public key can be known by all without compromising the security of an encryption algorithm for some such algorithms, though not for all is certainly useful, but does not prevent some kinds of attacks. For example, a spoofing attack in which public key A is claimed publicly to be that of user Alice, but is in fact a private key belonging to attacker Mallory, is easily possible. No public key is inherently bound to any particular user, and any user relying on a defective binding including Alice herself when she sends herself protected messages will have trouble. The simplest solution for this problem is for the two users concerned to meet face to face and exchange keys, However, for systems in which there are a large number of users or in which the users do not personally know each other e.g., Internet shopping this is not practicable. The most common solution to this problem is the use of Public key certificate key certificate s and certificate authorities for them in a public key infrastructure system, The certificate authority acts as a trusted third party for the communicating users and, using cryptographic ... authentication problem back one level for any CA may make a good faith certification of some key .... Accordingly, key authentication methods are being actively researched. See also div style moz column ... Honest Achmed asks for trust DEFAULTSORT Key Authentication Category Key management ... more details
Inappropriate tone date December 2007 Email authentication is the effort to equip messages of the email transport system with enough verifiable information, so that recipients can recognize the nature of each incoming message automatically. It differs from content filtering . Rationale Ensuring a valid identity on an email has become a vital step in stopping spam electronic spam as email can be filtered ... publisher openspf.org http www.openspf.org mailflows l.png PNG ref Image Email Authentication 01a.png ... 587 that should always require authentication, the number of existing Received Email Header headers ... authentication greatly simplifies and automates the process of identifying senders. After identifying ... safe to expect that the MTA, being authorized, represents a form of authentication. None exclude ... to become commonplace. ref The simplest and by far most widely deployed authentication scheme begins ... Email Authentication 02a.png The procedure to authenticate is basically simple. When a request to deliver .... Use of the DNS database to register authentication information for a domain is relatively new. The new ... way as any other DNS query. Publishing authentication records in DNS is voluntary, and many domains ... authentication method like DKIM, as long as the signed message is not modified some lists do this . SPF ... modifications of the mail in addition to the mandatory tt Received tt timestamp line. Image Email Authentication ... do their own authentication. The situation gets complicated when there is more than one forwarder. A sender ... is that the regulating agencies have no authority, and the ISP s have no incentive. Authentication ... be no spam to need authentication to stop spam and so need for a CA playing cop ... willing to play cop. Authentication involving TLS, SMTP AUTH, or S MIME cannot stop backscatter ... Secure Messaging DMARC References Cite web title Email Authentication first David last MacQuigg ... 11 18 references spamming DEFAULTSORT E Mail Authentication Category Email authentication Category ... more details
monasteries and five Premonstratensian monasteries functioned as places of authentication with authority ... titles of ownership was the most frequent task carried out by places of authentication . ref name ... First documents from the 14th century attest that places of authentication were frequently involved ... of authentication to a higher officer of the realm who then required the relevant religious institution ... any objections made at this time. ref name Rady 71 The representatives of places of authentication ... more details
A password authentication protocol PAP is an authentication protocol that uses a password . PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system remote servers support PAP. PAP transmits unencrypted ASCII passwords ... server does not support a stronger authentication protocol, like Challenge handshake authentication protocol CHAP or Extensible Authentication Protocol EAP while the last is actually a framework . Password based authentication is the protocol that two entities share a password in advance and use the password as the basis of authentication. Existing password authentication schemes can be categorized into two types weak password authentication schemes and strong password authentication schemes. In general, strong password authentication protocols have the advantages over the weak password authentication ... cycle Client sends username and password Server sends authentication ack if credentials are OK or authentication ... 1 byte Variable Authentication request Code 1 ID Length Username length Username Password length Password Authentication ack Code 2 ID Length Message length Message Authentication nak Code 3 ID ... also CHAP Challenge Handshake Authentication Protocol EAP Extensible Authentication Protocol RFC 1334 PPP Authentication Protocols Password authenticated key agreement protocols SAP Service Access Point DEFAULTSORT Password Authentication Protocol Category Password authentication Category Internet protocols Category Computer access control protocols Compu network stub cs Password authentication protocol de Password Authentication Protocol el Password Authentication Protocol es Password Authentication Protocol fa fr Password Authentication Protocol it Password authentication protocol nl Password Authentication Protocol ja Password Authentication Protocol pl Password Authentication Protocol pt Password authentication protocol ru Password Authentication Protocol sr ... more details
notability date October 2010 date October 2010 orphan date May 2010 Location based authentication is a special procedure to prove an individual s identity and authenticity on appearance simply by detecting its presence at a distinct location. To enable location based authentication, a special combination of objects is required. Firsthand, the individual that applies for being identified and authenticated has to present a sign of identity. Secondly, the individual has to carry at least one human authentication factor that may be recognized on the distinct location. Thirdly, the distinct location must be equipped with a resident means that is capable to determine the coincidence of individual at this distinct location. Distinctiveness of locating Basic requirement for safe location based authentication is a well defined separation of locations as well as an equally well defined proximity of the applying individual to this location. Applications Location based authentication is a standard ... access on one ticket only. Location based authentication is a standard procedure to get access to a machine ... www.wipo.int pctdb en wo.jsp?wo 2006103387&IA GB2006000856&DISPLAY DESC LOCATION BASED AUTHENTICATION ref . Location based authentication is a novel procedure to provide additional information about the authenticity ... Approach for Location Based Authentication ref . Challenges As of 2008 , no offered technical solution for simple location based authentication includes a method for limiting the granted access to the presence, hence terminating the granted authentication on leave. This defines a mandate ..., limiting the granted time for access combining the method with another specially suited authentication factor See also Authentication Two factor authentication Time based authentication Real time locating Security token Wireless References Reflist DEFAULTSORT Location Based Authentication Category Authentication methods Location based Category Wireless locating Category Computer access control ... more details
The Data Authentication Algorithm DAA is a former Federal Information Processing Standard U.S. government standard for producing cryptographic message authentication code s. According to the standard, a code produced by the DAA is called a Data Authentication Code DAC . The algorithm is not considered secure by today s standards. The algorithm Block cipher modes of operation Cipher block chaining CBC chain encrypts the data, with the last cipher block truncated and used as the DAC. The DAA is equivalent to ISO IEC 9797 1 MAC algorithm 1, or CBC MAC , with Data Encryption Standard DES as the underlying cipher, truncated to between 24 and 56 bits inclusive . Sources http www.itl.nist.gov fipspubs fip113.htm FIPS PUB 113 Computer Data Authentication the Federal Information Processing Standard publication that defines the Data Authentication Algorithm Cryptography navbox hash Category Message authentication codes crypto stub ... more details
Multiple issues context September 2008 jargon September 2008 unreferenced September 2008 CAVE based Authentication a.k.a. Home Location Register HLR Authentication, 2G Authentication, Access Authentication is an access authentication used in CDMA2000 CDMA 1x CDMA2000 1xRTT RTT computer network network systems. CAVE Cellular Authentication and Voice Encryption There are two network entities involved in CAVE based authentication when roaming Authentication Center AC a.k.a. HLR AC, AuC Located in a roamer s home network, the AC controls the authentication process and either authenticates the Mobile Station Mobile Phone , MS or shares SSD with the serving VLR to allow this authentication to occur locally. The AC must be provisioned with an A key value for each MS. Authentication is predicated on the assumption ..., the VLR proxies authentication responses from roamers to their home HLR AC for authentication. The authentication controller is the entity that determines whether the response from the MS is correct. Depending upon whether SSD is shared, the authentication controller may be either the AC or VLR. In either case, CAVE based authentication is based on the CAVE algorithm and the following two shared keys Authentication key A key A 64 bit primary secret key known only to the MS and AC. In the case ... a secondary key known as SSD that may be shared with a roaming partner to enable local authentication ... authentication. SSD may or may not be shared between home and roaming partner networks to enable local authentication. SSD consists of two 64 bit keys SSD A, which is used during authentication to calculate authentication signatures, and SSD B, which is used in the generation of session keys for encryption and voice privacy. CAVE based authentication provides two types of challenges Global challenge ... challenge value being broadcast in the overhead message train. The MS must generate an authentication ... to uniquely challenge a particular MS for any reason. The MS must generate an authentication signature ... more details
expert subject date January 2009 Integrated Windows Authentication IWA is a term associated with Microsoft products that refers to the SPNEGO , Kerberos protocol Kerberos , and NTLMSSP authentication protocols ... names like HTTP Negotiate authentication , NT Authentication , NTLM Authentication , Domain authentication , Windows Integrated Authentication , Windows NT Challenge Response authentication , ref http msdn.microsoft.com en us library aa292114 VS.71 .aspx IIS Authentication MSDN article ref or simply Windows Authentication . ref http support.microsoft.com kb 258063 Microsoft Q258063 ref Overview Integrated Windows Authentication uses the security features of Windows clients and servers. Unlike Basic or Digest authentication, initially, it does not prompt users for a user name and password. The current ... exchange involving hashing with the Web server. If the authentication exchange initially .... Integrated Windows Authentication itself is not a standard or an authentication protocol ... title Integrated Windows Authentication IIS 6.0 work IIS 6.0 Documentation author Microsoft accessdate ... Kerberos ticket can be obtained for the target, and any associated settings permit Kerberos authentication .... Otherwise NTLMSSP authentication is attempted. Similarly, if Kerberos authentication is attempted ... Authentication paradigm to UNIX, Linux and Mac systems. For technical information regarding the protocols ... GSSAPI . Supported browsers Integrated Windows Authentication works with most modern browsers, ref http confluence.slac.stanford.edu display Gino Integrated Windows Authentication ref but does not work ... authentication. In Mozilla Firefox on Windows operating systems, the names of the domains websites to which the authentication is to be passed can be entered comma delimited for multiple domains ... Opera 9.01 and later versions can use NTLM Negotiate, but will use Basic or Digest authentication ... 1495040&df 100&forumid 268629&exp 0 Case study on ASP.NET and Integrated Windows Authentication ... more details
Orphan date September 2010 technical date December 2010 Pluggable Authentication Services PAS allows SAP ERP SAP user to be authenticated outside of SAP. When the user is authenticate by an external service, the PAS will issue an SAP Logon Ticket or x.509 Certificate which will be used for future authentication into SAP systems. The PAS is generally regarded as an opportunity for companies to either use a new external authentication system or an existing external authentication system. In some cases, the PAS is used with an external single sign on system that uses SAP Logon Ticket s or x.509 certificates ref http www.itsecuritystandard.com blog ?p 1612 Single Sign On Technology for SAP Enterprises What does SAP have to say? ref . External Authentication Systems Windows NT LAN Manager Authentication Windows NT domain controller i.e., User ID and password verification Binding LDAP to a directory server Authentication using the Secure Sockets Layer SSL protocol and x.509 certificates HTTP header variables mapping userIDs Authentication mechanism through the AGate Prerequistes One system must be configured as the ticket issuing system. Other SAP systems must be configured to accept logon tickets and therefore preconditions for logon ticket configuration or non logon ticket configuration, such as certificate, must be met prior . Usage of Secure Network Communications because authentication occurs externally. Ticket issuing SAP system must be able to recognize user s ID. ref http help.sap.com saphelp nw04 helpdata en 4f bd2c3a11f3bf31e10000000a11402f content.htm Pluggable Authentication Services for External Authentication ref See Also single sign on Secure Network Communications SAPgui SAP Logon Ticket External links http www.darkreading.com security monitoring security management showArticle.jhtml?articleID 227500483& requestid 100785 comments Pluggable Authentication Services for External Authentication Mechanisms References reflist Category Software ... more details
Encyclopedia
top
