Showing posts with label authentication. Show all posts
Showing posts with label authentication. Show all posts

25 August 2019

🛡️Information Security: Digital Signature (Definitions)

"A form of electronic authentication of a digital document. Digital signatures are created and verified using public key cryptography and serve to tie the document being signed to the signer." (J P Getty Trust, "Introduction to Metadata" 2nd Ed., 2008)

"Data which proves that a document, message, or other piece of data was not modified since being processed and sent from a particular party." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"cryptographic transformations of data that allow a recipient of the data to prove the source (non-repudiation) and integrity of the data." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Data that is appended to a message, made from the message itself and the sender’s private key, to ensure the authenticity of the message" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Ensuring the authenticity and integrity of a message through the use of hashing algorithms and asymmetric algorithms. The message digest is encrypted with the sender’s private key." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A means of authenticating that a message or data came from a particular source with a known system identity." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"An electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

"An encrypted means of identification that cannot be forged and that enables clients to validate servers and vice versa." (Microfocus)

"The combination of the private key, public key, message and hashing generates a digital signature. A digital signature is unique for every transaction and is a way to prove that the originator of the message has access to the private key." (AICPA)

15 July 2019

💻IT: Authentication (Definitions)

"The process by which an entity proves to another entity that it is acting on behalf of a specific identity. The J2EE platform requires three types of authentication: basic, form-based, and mutual, and supports digest authentication." (Kim Haase et al, "The J2EE™ Tutorial", 2002)

"The process by which the identity of a user or process is verified." (Tom Petrocelli, "Data Protection and Information Lifecycle Management", 2005)

"A human or machine process that verifies that an individual, computer, or information object is who or what it purports to be." (J P Getty Trust, "Introduction to Metadata" 2nd Ed., 2008)

"A method of proving someone’s identity, especially if that someone is an authorized user of processes or resources." (Tomasz Ciszkowski & Zbigniew Kotulski, "Secure Routing with Reputation in MANET", 2008)

"Provides capabilities to authenticate users. These services may support multiple authentication mechanisms, such as user name/password, hardware token-based, biometric-based, and others." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"(1) A legal evidentiary standard that, in the case of electronically stored information, ensures that the data and its associated metadata is accurate, complete, and has not been altered. Without authentication, data cannot be used as evidence. (2) A security function that defines the rules and responsibilities of individuals, applications, and devices for creating, reading, updating, and deleting data." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"The process by which the identity of a person or computer process is verified." (Judith Hurwitz et al, "Service Oriented Architecture For Dummies" 2nd Ed., 2009)

"A process designed to verify that an individual or a party are who they claim they are." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"The process of verifying the legitimate users of a resource. Often used synonymously with Identification and Authentication." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"(1) In data security, the process of verifying whether a person or software agent requesting a resource has the authority or permission to access that resource. (2) In data quality, the process of verifying data as complying with what the data represents." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"The process by which the identity of a person or computer process is verified." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"Verification of who a person or information resource claims to be that sufficiently convinces the authenticator that the identity claim is true. This is followed by an evaluation of whether that entity should be granted access to resources." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"the process that a user goes through to prove that he or she is the owner of the identity that is being used." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The process of establishing the validity of a person’s identity." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"The process of providing additional credentials that match the user ID or user name." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"The process of verifying the credentials of a particular user of a computer or software system" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (James R Kalyvas & Michael R Overly, "Big Data: A Businessand Legal Guide", 2015)

"A process by which an entity proves its identity to another party (e.g., authentication required by a user to log in or log on)." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Authentication is about validating the access request. When a user or a process tries to log into an application, system, or a database, it is important to verify its identity. One way to verify identity is through a username and password; a security token is another option. When the authentication takes place, all data exchange is typically encrypted to prevent theft during the authentication process." (Piethein Strengholt, "Data Management at Scale", 2020)

"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data." (NIST SP 800-57 Part 1 Rev. 4)

"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data or that provides assurance of the identity of an entity interacting with a system." (NIST SP 800-57 Part 2 Rev.1)

"A process that establishes the origin of information, or determines an entity’s identity. In a general information security context: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (NIST SP 800-57 Part 2)

"A process that establishes the source of information, provides assurance of an entity’s identity or provides assurance of the integrity of communications sessions, messages, documents or stored data." (NIST SP 800-57 Part 1 Rev. 3)

"An authentication service is a mechanism, analogous to the use of passwords on time-sharing systems, for the secure authentication of the identity of network clients by servers and vice versa, without presuming the operating system integrity of either (e.g., Kerberos)." (Gartner)

"A security measure designed to protect a communications system against acceptance of fraudulent transmission or simulation by establishing the validity of a transmission, message, originator, or a means of verifying an individual's eligibility to receive specific categories of information." (CNSSI 4009-2015)

"Authentication is the process of verifying the claimed identity of a session requestor." (NIST SP 800-13)

"Provides assurance of the authenticity and, therefore, the integrity of data." (NIST SP 800-67 Rev. 2)

"Security measures designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information." (NIST SP 800-59)

"The corroboration that a person is the one claimed." (NIST SP 800-66 Rev. 1)

"The process of establishing confidence in the claimed identity of a user or system." (NISTIR 7682)

"The process of proving the claimed identity of an individual user, machine, software component or any other entity.  Typical authentication mechanisms include conventional password schemes, biometrics devices, cryptographic methods, and onetime passwords (usually implemented with token based cards.)" (NISTIR 5153)

"The process of verifying the authorization of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system." (NIST SP 800-47)

"The process of verifying the integrity of data that has been stored, transmitted, or otherwise exposed to possible unauthorized access." (NISTIR 4734)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (FIPS 200)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system." (NIST SP 800-12 Rev. 1)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources." (NIST SP 1800-17c)

07 May 2009

🛢DBMS: Authentication (Definitions)

"In computer security, the process of determining who the user claims to be and whether that claim is correct." (Bill Pribyl & Steven Feuerstein, "Learning Oracle PL/SQL", 2001)

"The step of determining the identity of the requesting client. Single-factor authentication usually is based on a simple password and is the least secure authentication scheme. Two-factor authentication may involve What-You-Know (a password) with What-You-Possess (a plastic card) and is secure enough for banks’ automated teller machines." (Ralph Kimball & Margy Ross, "The Data Warehouse Toolkit" 2nd Ed., 2002)

"A process that occurs as users attempt to log on to SQL Server 2000. This process verifies that the users are permitted to log on by checking their identity against a database of security accounts. There are two methods of authentication in SQL Server 2000 - Mixed Mode authentication and Windows Authentication. Windows Authentication is recommended for all cases where all SQL Server 2000 users have the ability to log on initially in a Windows environment." (Anthony Sequeira & Brian Alderman, "The SQL Server 2000 Book", 2003)

"A challenge/response mechanism that ensures that a user connecting to SQL Server is authorized to do so." (Marilyn Miller-White et al, "MCITP Administrator: Microsoft® SQL Server™ 2005 Optimization and Maintenance 70-444", 2007)

"Verification of the user identity." (MongoDb, "Glossary", 2008)

"The process of validating that the user attempting to connect to Reporting Server is authorized to do so." (Jim Joseph et al, "Microsoft® SQL Server™ 2008 Reporting Services Unleashed", 2009)

"The process through which a DBMS verifies that only registered users are able to access the database." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed., 2011)

"The process of confirming a user’s or computer’s identity." (Craig S Mullins, "Database Administration", 2012)

"The process of verifying the identity of a user, computer, process, or other entity by validating the credentials provided by the entity. Common forms of credentials are digital signatures, smart cards, biometric data, and a combination of user names and passwords." (Microsoft, "SQL Server 2012 Glossary", 2012)

"The process by which a system verifies a user's identity. User authentication is completed by a security facility outside the DB2 database system, often part of the operating system or a separate product." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)

"The process by which a user presents credentials to the database, which verifies the credentials and allows access to the database." (Oracle)

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.