Ver:
· Autenticidad del origen de la información
· Autenticación de una entidad
· Autenticación de la otra parte
· Intercambio de autenticación
· Método asimétrico de autenticación
· Método simétrico de autenticación
· Certificado de autenticación
· AAA - Autenticación, Autorización y Registro
Acción y efecto
de autenticar.
Autenticar. Acreditar. Dar fe de la verdad de un hecho
o documento con autoridad legal.
DRAE.
Diccionario de la Lengua Española.
Proceso para
verificar la identidad de un individuo, dispositivo o proceso. Por lo general,
la autenticación ocurre a través del uso de uno o más factores de
autenticación, tales como:
· Algo que el usuario sepa, como una contraseña o frase de seguridad
· Algo que el usuario tenga, como un dispositivo token o una tarjeta inteligente
· Algo que el usuario sea, como un rasgo biométrico
http://es.pcisecuritystandards.org
Aportación de
garantías de que son correctas las características que para sí reivindica una
entidad ]UNE-ISO/IEC 27000:2014]
«autenticación»,
un proceso electrónico que posibilita la identificación electrónica de una
persona física o jurídica, o del origen y la integridad de datos en formato
electrónico; [PE-CONS 60/14]
Servicio de
seguridad que permite verificar la identidad. [CCN-STIC-405:2006]
El acto de
verificar la identidad de un usuario y su elegibilidad para acceder a la
información computarizada. La autenticación está diseñada para proteger contra
conexiones de acceso fraudulentas. [COBIT:2006]
Proceso
utilizado en los mecanismos de control de acceso con el objetivo de verificar
la identidad de un usuario, dispositivo o sistema mediante la comprobación de
credenciales de acceso. [CCN-STIC-400:2006]
Procedimiento
de comprobación de la identidad de un usuario.
Real Decreto
994/1999, de 11 de junio, por el que se aprueba el Reglamento de medidas de
seguridad de los ficheros automatizados que contengan datos de carácter
personal.
1. Proceso
ejecutado entre un emisor y un receptor de un canal de transmisión para garantizar la integridad de los datos y
la autenticidad del origen de los mismos (ISO-8732).
Es importante
notar que esta definición, en la actualidad, es poco usada por equívoca, pues
en el presente el término autenticación se refiere, exclusivamente, a entidades
y sujetos (en su acepción de comprobación por encontrarse en textos no
actualizados.
2. Servicio
de seguridad que se puede referir al origen de datos o a una entidad homóloga
(ISO-7498-2)
Garantiza que
el origen de datos, o la entidad homóloga, son quienes afirman ser.
[Ribagorda:1997]
Autenticación
mediante contraseñas (ISO/IEC 9594-8, ITU-T X.509) [Ribagorda:1997]
Sinónimo de
Autenticación, siendo esta última la preferida por la Real Academia de la
Lengua Española. [Ribagorda:1997]
Servicio de
seguridad que previene contra transmisiones fraudulentas. Puede determinar la
validez de la pareja de corresponsales (peer-entity) o del origen del mensaje
recibido.
Como
mecanismo de seguridad, es el procedimiento que presta dicho servicio, para
conseguir la autenticidad de la información (técnicas criptográficas, empleo de
características o propiedades del corresponsal, contraseñas certificadas,
sincronización de relojes y referencias horarias, etc.).
[CESID:1997]
Véanse
«autenticación de origen de los datos» y «autenticación de entidad par». [ISO-7498-2:1989]
Información
de seguridad (entre otra, códigos o valores de validación de tarjetas, datos
completos de la pista [de la banda magnética o su equivalente en un chip], PIN
y bloqueos de PIN) utilizada en la autenticación de titulares de tarjetas o en
la autorización de transacciones realizadas con tarjeta de pago.
http://es.pcisecuritystandards.org
'authentication'
means an electronic process that enables the electronic identification of a
natural or legal person, or the origin and integrity of data in electronic form
to be confirmed; [PE-CONS 60/14]
To prove that
something is genuine, real or true.
Oxford
Advanced Learner's Dictionary.
provision of
assurance that a claimed characteristic of an entity is correct [ISO/IEC
27000:2014]
The process of
establishing confidence in the identity of users or information systems.[NIST-SP800-63:2013]
A defined sequence of messages between a Claimant
and a Verifier that demonstrates that the Claimant has possession and control
of a valid token to establish his/her identity, and optionally, demonstrates to
the Claimant that he or she is communicating with the intended Verifier. [NIST-SP800-63:2013]
To verify the identity of a user, user device, or
other entity. [CNSSI_4009:2010]
The process of
verifying the identity or other attributes claimed by or assumed of an entity
(user, process, or device), or to verify the source and integrity of data.
NIST SP 800-53:
Verifying the identity of a user, process, or device, often as a prerequisite
to allowing access to resources in an information system.
[CNSSI_4009:2010]
Hardware or
software-based algorithm that forces users, devices, or processes to prove
their identity before accessing data on an information system. [CNSSI_4009:2010]
A well specified
message exchange process between a claimant and a verifier that enables the
verifier to confirm the claimants identity. [CNSSI_4009:2010]
(I) The process
of verifying a claim that a system entity or system resource has a certain
attribute value. (See: attribute, authenticate, authentication exchange,
authentication information, credential, data origin authentication, peer entity
authentication, "relationship between data integrity service and
authentication services" under "data integrity service", simple
authentication, strong authentication, verification, X.509.)
Tutorial:
Security services frequently depend on authentication of the identity of users,
but authentication may involve any type of attribute that is recognized by a
system. A claim may be made by a subject about itself (e.g., at login, a user
typically asserts its identity) or a claim may be made on behalf of a subject
or object by some other system entity (e.g., a user may claim that a data
object originates from a specific source, or that a data object is classified
at a specific security level).
An authentication
process consists of two basic steps:
·
Identification
step: Presenting the claimed attribute value (e.g., a user identifier) to the authentication
subsystem.
· Verification step: Presenting or generating authentication information (e.g., a value signed with a private key) that acts as evidence to prove the binding between the attribute and that for which it is claimed. (See: verification.)
[RFC4949:2007]
Process of
verifying identity of an individual, device, or process. Authentication
typically occurs through the use of one or more authentication factors such as:
·
Something
you know, such as a password or passphrase
·
Something
you have, such as a token device or smart card
·
Something
you are, such as a biometric
https://www.pcisecuritystandards.org/security_standards/glossary.php
A process that
establishes the origin of information, or determines an entitys identity. [NIST-SP800-57:2007]
Verifying the
identity of a user, process, or device, often as a prerequisite to allowing
access to resources in an information system. [FIPS-200:2006]
The act of
verifying the identity of a user and the user's elegibility to access
computarised information. Authentication is designed to protect against fraudulent logon. [COBIT:2006]
provision of
assurance of the claimed identity of an entity.
In case of user
authentication, users are identified either by knowledge (e.g., password), by
possession (e.g., token) or by a personal characteristic (biometrics). Strong
authentication is either based on strong mechanisms (e.g., biometrics) or makes
use of at least two of these factors (so-called multi-factor authentication). [ISO-18028-4:2005]
Authentication by
means of simple password arrangements. [X.509:2005]
Verifying the
identity of a user, process, or device, often as a prerequisite to allowing
access to resources in a system. [NIST-SP800-27:2004]
Security control
designed to establish the validity of a transmission, message, or originator,
or a means of verifying an individual's authorization to receive specific
categories of information. [NIST-SP800-60V2:2004]
The
Authentication Security Dimension serves to confirm the identities of
communicating entities. Authentication ensures the validity of the claimed
identities of the entities participating in communication (e.g. person, device,
service or application) and provides assurance that an entity is not attempting
a masquerade or unauthorized replay of a previous communication. [X.805:2003]
Verifying the
identity of a user, process, or device, often as a prerequisite to allowing
access to resources in a system. [NIST-SP800-33:2001]
Entity
authentication which provides both entities with assurance of each other's
identity. [ISO-11770-3:2008]
A distinguishing
identifier of a principal that has been assured through authentication. [ISO-10181-2:1996]
the verification
of a claimed identity. [ITSEM:1993]
the provision of
assurance of the claimed identity of an entity. [ISO-10181-2:1996]
See data origin
authentication, and peer entity authentication. [ISO-7498-2:1989]
Security-related
information (including but not limited to card validation codes/values, full
magnetic-stripe data, PINs, and PIN blocks) used to authenticate cardholders
and/or authorize payment card transactions.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Authentication is
the process of determining whether someone or something is, in fact, who or
what it is declared to be. In private and public computer networks (including
the Internet), authentication is commonly done through the use of logon
passwords. Knowledge of the password is assumed to guarantee that the user is
authentic. Each user registers initially (or is registered by someone else),
using an assigned or self-declared password. On each subsequent use, the user
must know and use the previously declared password. The weakness in this system
for transactions that are significant (such as the exchange of money) is that
passwords can often be stolen, accidentally revealed, or forgotten.
http://searchsecurity.techtarget.com/
The process for
verifying that someone or something is who or what it claims to be.
http://www.getsafeonline.org/
The assurance
that a party to some computerized transaction is not an impostor.
Authentication typically involves using a password, certificate, PIN, or other
information that can be used to validate the identity over a computer network.
http://www.symantec.com/avcenter/refa.html
Authentication is
the process of confirming the correctness of the claimed identity.
http://www.sans.org/security-resources/glossary-of-terms/
Authentication is
the process of verifying an identity. Electronic authentication
(e-authentication) is the process of establishing confidence in identities
electronically presented to an information system.
Authentication
precedes authorization. Authorization is the defining of privileges on a
system. Authorization can be tied to identities or to roles and can control the
actions of a user, executable code, or a data element, but authorization only
succeeds if paired with authentication to validate which privileges should be
assigned based on validating the identity being granted the privileges.
Mutual
authentication is a higher level of authentication. In mutual authentication,
both the authentication target and the authentication requestor verify the
identity of the other end of the exchange. As an example, mutual authentication
may occur between a user and a bank. The bank requires authentication of the
requesting user to prove that the requestor should be granted access to a
particular bank account. At the same time, the requesting userswant proof that
they are connected to the actual bank web presence and not a spoof of the
bank, to be sure they are not sharing their authentication credentials with a
potential bad actor.
Mobile Security
Reference Architecture, May 23, 2013
"authentification",
un processus électronique qui permet de confirmer l'identification électronique
d'une personne physique ou morale, ou l'origine et l'intégrité d'une donnée
sous forme électronique; [PE-CONS 60/14]
Processus de
vérification de lidentité dune personne, dun dispositif ou dun processus.
Lauthentification se fait généralement par lutilisation dun ou plusieurs
facteurs dauthentification, tels que:
·
Quelque
chose de connu du seul utilisateur, comme un mot de passe ou une locution de
passage;
·
Quelque
chose de détenu par lutilisateur, comme un dispositif de jeton ou une carte à
puce;
·
Quelque
chose concernant lutilisateur, comme une mesure biométrique.
http://fr.pcisecuritystandards.org/
Authentification
d'entités qui garantie que chacun des entités a l'assurance de l'identité de
chacune des autres entités. [ISO-9798-1:1997]
Voir «authentification de
l'origine des données» et «authentification de l'entité homologue»
[ISO-7498-2:1989]
Service de sécurité
dont l'objectif est de valider l'identité d'une entité (utilisateur ou
équipement). Il existe classiquement trois méthodes d'authentification
permettant de prouver l'identité d'une entité:
·
Authentification
basée sur la connaissance d'un secret (ex.: mot de passe).
·
Authentification
basée sur la possession d'un objet (ex.: carte à puce, jeton).
·
Authentification
basée sur la biométrie.
http://securit.free.fr/glossaire.htm
Temas relacionados