Which term refers to the matching of a user to an account through previously shared credentials quizlet?

Upgrade to remove ads

Only ₩37,125/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (29)

Authentication Methods

Authentication is the process of verifying an identity previously established in a computer system. There are a variety of methods of performing this function, each with its advantages and disadvantages, as detailed in the following sections.

directory services

A directory is a data storage mechanism similar to a database, but it has several distinct differences designed to provide efficient data-retrieval services compared to standard database mechanisms.

federation

Federation, or identity federation, defines policies, protocols, and practices to manage identities across systems and organizations. Federation's ultimate goal is to allow users to seamlessly access data or systems across domains. Federation is enabled through the use of industry standards such as Security Assertion Markup Language (SAML),

attestation

Attestation is the supplying of proof or evidence of some fact. In the case of authentication, attestation can be done by a service that checks the credentials supplied, and if they are correct and match the required values, the service can attest that the entry is valid or correct. Attestation is used throughout cybersecurity whenever a third party or entity verifies an object as valid or an item as correct in value.

Time-based One-Time Password (TOTP)

The Time-based One-Time Password (TOTP) algorithm is a specific implementation of an HOTP (discussed next) that uses a secret key with a current timestamp to generate a one-time password (OTP).

HMAC-based One-Time Password (HOTP)

HMAC-based One-Time Password (HOTP) is an algorithm that can be used to authenticate a user in a system by using an authentication server.

Short Message Service (SMS)

The use of Short Message Service (SMS) , or text messaging, in a cell phone provides a second authentication factor that is sent to a preidentified number. The message that is sent provides a code that the user enters into the system.

token key

Token keys are physical devices that carry a digital token used to identify the user. This is a "something you have" element in a multifactor authentication scheme. The format of the actual token can vary from a smart card, to a keyboard fob, to a USB device.

Static codes

that—codes that do not change, or are static in nature. There are many use cases where these are essential, such as devices without user intervention.

authentication applications

An authentication application functions by accepting user input, and if the user input is correct, it can pass the appropriate credentials to the system requesting authentication. This can be in the form of either a stored digital value or a one-time code in response to a challenge.

push notification

Push notification authentication supports user authentication by pushing a notification directly to an application on the user's device.

phone call authentication

The authentication phone call is delivered from the authentication system to a specified phone number, which then can verify that the user is in possession of the actual mobile device.

Smart Card Authentication

A smart card (also known as an integrated circuit card [ICC] or chip card ) is a credit card-sized card with embedded integrated circuits that is used to provide identification security authentication.

Biometrics

Biometric factors are measurements of certain biological factors to identify one specific person from others. These factors are based on parts of the human body that are unique.
-fingerprint scan
-retina scan
-iris scan
-facial recognition
-voice
-vein
-gait analysis: pattern expressed by a person as they walk

False Acceptance Rate (FAR)

(FAR) determines what level of false positives is allowed in the system. A false acceptance (or false positive) is demonstrated by the grayed-out area in Figure 12-3 . In this area, the two curves overlap, and the decision has been made that at this threshold

False Rejection Rate (FRR)

The false rejection rate (FRR) determines what level of false negatives, or rejections, are going to be allowed in the system. A false rejection is demonstrated by the grayed-out area in Figure 12-4 . In this section, the curves overlap, and the decision has been made that at this threshold (or lower), a reject signal will be given.

Crossover Error Rate (CER)

The crossover error rate (CER) is where both accept and reject error rates are equal. This is the desired state for the most efficient operation, and it can be managed by manipulating the threshold value used for matching.

Multifactor Authentication (MFA) Factors and Attributes

the combination of two or more types of authentication. Five broad categories of authentication can be used: what you are (for example, biometrics), what you have (for instance, tokens), what you know (passwords and other information), somewhere you are (location), and something you do (physical performance). Two-factor authentication combines any two of these before granting access

factors

are the specific elements that comprise an item of proof. These items can be grouped into three classes: something you know (passwords), something you have (token), and something you are (biometrics).

Something You Know

The most common example of something you know is a password. One of the challenges with using something you know as an authentication factor is that it can be "shared" (or duplicated) without you knowing

Something You Have

Something you have specifically refers to security tokens and other items that a user can possess physically. One of the challenges with using something you have as an authentication factor is that you have to have it with you whenever you wish to be authenticated, and this can cause issues.

Something You Are

Something you are specifically refers to biometrics. One of the challenges with using "something you are" artifacts as authentication factors is that typically they are hard to change; once assigned, they inevitably become immutable, as you can change fingers, but only a limited number of times, and then you run out of changes.

attributes

are collections of artifacts, like the factors previously presented, but rather than focus on the authentication item, they focus on elements associated with the user. Common attributes include the user's location, their ability to perform a task, or something about the user themselves.

Somewhere You Are

One of the more discriminant authentication factors is your location, or somewhere you are . When a mobile device is used, GPS can identify where the device is currently located.

Something You Can Do

Something you can do specifically refers to a physical action that you perform uniquely. An example of this is a signature; the movement of the pen and the two-dimensional output are difficult for others to reproduce.

Something You Exhibit

Something you exhibit is a special case of a biometric. An example would be a brainwave response to seeing a picture. Another example would be the results of a lie detector test.

someone you know

Just as passwords relate to possession of knowledge, someone you know relates to a specific memory, but in this case an individual. This is the classic "having someone vouch for you" attribute.

Authentication, Authorization, and Accounting (AAA)

Authentication is the process of verifying an identity previously established in a computer system. There are a variety of methods for performing this function, each with its advantages and disadvantages.

Authorization is the process of permitting or denying access to a specific resource. Once identity is confirmed via authentication, specific actions can be authorized or denied.

Accounting is the process of ascribing resource usage by account for the purpose of tracking resource utilization. This is a basic accounting function that is still used by some enterprises.

Cloud vs. On-premises Requirements

Authentication to cloud versus on-premises requirements is basically a revisiting of the identity and authentication problem all over again. When establishing either a cloud or on-premises system, you use identity and authentication as the foundation of your security effort.

Students also viewed

Ch 8 Authentication

12 terms

jaradjenkinsPlus

ch.13

20 terms

Victor_Delgadillo8

SOAR

25 terms

sjm091890

Intro to Network Security sixth ed chapter 15

110 terms

Connollykb

Sets found in the same folder

Chapter 16: Cryptographic Concepts

45 terms

ekcurley

Chapter 1: Social Engineering Techniques

30 terms

ekcurley

Chapter 2: Type of Attack Indicators

33 terms

ekcurley

Chapter 3: Application Attack Indicatiors

32 terms

ekcurley

Other sets by this creator

Chapter 15: Physical Security Controls

41 terms

ekcurley

Chapter 14: Embedded and Specialized Systems

44 terms

ekcurley

Chapter 13: Cybersecurity Resilience

49 terms

ekcurley

Chapter 11: Secure Application Development, Deploy…

31 terms

ekcurley

Verified questions

chemistry

Compounds with carbon-carbon double bonds, such as ethylene, $\mathrm{C}_2 \mathrm{H}_4$, add hydrogen in a reaction called hydrogenation. $$ \mathrm{C}_2 \mathrm{H}_4(\mathrm{~g})+\mathrm{H}_2(\mathrm{~g}) \longrightarrow \mathrm{C}_2 \mathrm{H}_8(\mathrm{~g}) $$ Calculate the enthalpy change for this reaction, using the following combustion data: $$ \begin{gathered} \mathrm{C}_2 \mathrm{H}_4(g)+3 \mathrm{O}_2(g) \longrightarrow 2 \mathrm{CO}_2(g)+2 \mathrm{H}_2 \mathrm{O}(l) ; \\ \Delta H=-1411 \mathrm{~kJ} \end{gathered} $$ $$ \begin{aligned} \mathrm{C}_2 \mathrm{H}_6(\mathrm{~g})+{ }_2^2 \mathrm{O}_2(g) & \longrightarrow 2 \mathrm{CO}_2(g)+3 \mathrm{H}_2 \mathrm{O}(l) \\ \Delta H &=-1560 \mathrm{~kJ} \\ \mathrm{H}_2(g)+{ }_2 \mathrm{O}_2(g) & \longrightarrow \mathrm{H}_2 \mathrm{O}(l) ; \Delta H=-286 \mathrm{~kJ} \end{aligned} $$

Verified answer

health

Circle the BEST answer.\ Which contributes to the development of pressure ulcers?\ a Shear and friction\ b Slough\ c Eschar\ d CMS and TJC

Verified answer

engineering

Exhaust (assumed to have the properties of standard air) leaves the 4-ft-diameter chimney and with a speed of 6 ft/s. Because of the wind, after a few diameters downstream the exhaust flows in a horizontal direction with the speed of the wind, 15 ft/s. Determine the horizontal component of the force that the blowing wind exerts on the exhaust gases.

Verified answer

anatomy

Describe the structure of a ureter.

Verified answer

Recommended textbook solutions

Fundamentals of Database Systems

7th EditionRamez Elmasri, Shamkant B. Navathe

687 solutions

Information Technology Project Management: Providing Measurable Organizational Value

5th EditionJack T. Marchewka

346 solutions

Introduction to the Theory of Computation

3rd EditionMichael Sipser

389 solutions

Starting Out with Python

4th EditionTony Gaddis

629 solutions

Other Quizlet sets

Hightower Exam 1 Quotes, Authors, & Centuries

121 terms

Marcelle_Olivier

SCM Final Review

46 terms

lbardin27

ACP Final Exam Study Set (Part 1)

81 terms

leesoxTeacher

hx test

20 terms

brieannranee

Which term refers to the matching of a user to an account through previously shared credentials?

Which term refers to the step between the account having access and the account being removed from the system?

Which term refers to a system or application that acts as a go between for clients requests for network services?

Which term refers to a system or application that acts as a go between for clients requests for network services quizlet?