Читаем CISSP Practice полностью

Features and characteristics that allow verification of the adequacy of procedures and controls and of the accuracy of processing transactions and results in either a manual or automated system.

Authenticate

To confirm the identity of an entity when that identity is presented.

Authentication

(1) Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. (2) A process that establishes the origin of information or determines an entity’s identity. (3) The process of establishing confidence of authenticity and, therefore, the integrity of data. (4) The process of establishing confidence in the identity of users or information system. (5) It is designed to protect against fraudulent activity, authentication verifies the user’s identity and eligibility to access computerized information. It is proving that users are who they claim to be and is normally paired with the term identification. Typically, identification is performed by entering a name or a user ID, and authentication is performed by entering a password, although many organizations are moving to stronger authentication methods such as smart cards and biometrics. Although the ability to sign onto a computer system (enter a correct user ID and password) is often called “accessing the system,” this is actually the identification and authentication function. After a user has entered a system, access controls determine which data the user can read or modify and what programs the user can execute. In other words, identification and authentication come first, followed by access control. Continuous authentication is most effective. When two types of identification are used to authenticate a user, it is called a two-factor authentication process.

Authentication code

A cryptographic checksum based on an approved security function (also known as a message authentication code, MAC).

Authentication, electronic

The process of establishing confidence in user identities electronically presented to an information system.

Authentication header (AH)

An Internet Protocol (IP) device used to provide connectionless integrity and data origin authentication for IP datagrams.

Authentication-header (AH) protocol

IPsec security protocol that can provide integrity protection for packet headers and data through authentication.

Authentication key (WMAN/WiMAX)

An authentication key (AK) is a key exchanged between the BS and SS/MS to authenticate one another prior to the traffic encryption key (TEK) exchange.

Authentication mechanism

A hardware- or software-based mechanism that forces users to prove their identity before accessing data on a device.

Authentication mode

A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data.

Authentication period

The maximum acceptable period between any initial authentication process and subsequent re-authentication process during a single terminal session or during the period data are accessed.

Authentication process

The actions involving (1) obtaining an identifier and a personal password from a system user; (2) comparing the entered password with the stored, valid password that is issued to, or selected by, the person associated with that identifier; and (3) authenticating the identity if the entered password and the stored password are the same. Note: If the enciphered password is stored, the entered password must be enciphered and compared with the stored ciphertext, or the ciphertext must be deciphered and compared with the entered password. This is a technical and preventive control.

Authentication protocol

(1) A defined sequence of messages between a claimant and a verifier that demonstrates that the claimant has control of a valid token to establish his identity, and optionally, demonstrates to the claimant that he is communicating with the intended verifier. (2) A well-specified message exchange process that verifies possession of a token to remotely authenticate a claimant. (3) Some authentication protocols also generate cryptographic keys that are used to protect an entire session so that the data transferred in the session is cryptographically protected.

Authentication tag

A pair of bit strings associated to data to provide assurance of its authenticity.

Authentication token

Authentication information conveyed during an authentication exchange.

Authenticator

The means used to confirm the identity of a user, processor, or device (e.g., user password or token).

Authenticity