|
Initiative For Open Authentication
Initiative for Open Authentication (OATH) is an industry-wide collaboration to develop an open reference architecture using open standards to promote the adoption of strong authentication. It has close to thirty coordinating and contributing members and is proposing standards for a variety of authentication technologies, with the aim of lowering costs and simplifying their functions. Terminology The name ''OATH'' is an acronym from the phrase "open authentication", and is pronounced as the English word "oath". OATH is not related to OAuth, an open standard for authorization. See also * HOTP: An HMAC-Based One-Time Password Algorithm (RFC 4226) * TOTP: Time-Based One-Time Password Algorithm (RFC 6238) *OCRA: OATH Challenge-Response Algorithm (RFC 6287) *Portable Symmetric Key Container (PSKC) (RFC 6030) *Dynamic Symmetric Key Provisioning Protocol (DSKPP) (RFC 6063) *FIDO Alliance The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in Febr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Reference Architecture
A reference architecture in the field of software architecture or enterprise architecture provides a template solution for an architecture for a particular domain. It also provides a common vocabulary with which to discuss implementations, often with the aim to stress commonality. A software reference architecture is a software architecture where the structures and respective elements and relations provide templates for concrete architectures in a particular domain or in a family of software systems. A reference architecture often consists of a list of functions and some indication of their interfaces (or APIs) and interactions with each other and with functions located outside of the scope of the reference architecture. Reference architectures can be defined at different levels of abstraction. A highly abstract one might show different pieces of equipment on a communications network, each providing different functions. A lower level one might demonstrate the interactions of proce ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Open Standard
An open standard is a standard that is openly accessible and usable by anyone. It is also a prerequisite to use open license, non-discrimination and extensibility. Typically, anybody can participate in the development. There is no single definition, and interpretations vary with usage. The terms ''open'' and ''standard'' have a wide range of meanings associated with their usage. There are a number of definitions of open standards which emphasize different aspects of openness, including the openness of the resulting specification, the openness of the drafting process, and the ownership of rights in the standard. The term "standard" is sometimes restricted to technologies approved by formalized committees that are open to participation by all interested parties and operate on a consensus basis. The definitions of the term ''open standard'' used by academics, the European Union, and some of its member governments or parliaments such as Denmark, France, and Spain preclude open standard ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Strong Authentication
Strong authentication is a notion with several definitions. Strong (customer) authentication definitions Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong authentication is not necessarily multi-factor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor authentication. The FFIEC issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication." Another commonly found class of definitions relates to a cryptographic process, or more precisely, authentication based on a ch ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OAuth
OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit the users to share information about their accounts with third-party applications or websites. Generally, OAuth provides clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without providing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Authorization
Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More formally, "to authorize" is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is often formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer software and other hardware on the computer. Overview Access control in computer systems and networks rely on access policies. The access control process ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
An HMAC-Based One-Time Password Algorithm
An, AN, aN, or an may refer to: Businesses and organizations * Airlinair (IATA airline code AN) * Alleanza Nazionale, a former political party in Italy * AnimeNEXT, an annual anime convention located in New Jersey * Anime North, a Canadian anime convention * Ansett Australia, a major Australian airline group that is now defunct (IATA designator AN) * Apalachicola Northern Railroad (reporting mark AN) 1903–2002 ** AN Railway, a successor company, 2002– * Aryan Nations, a white supremacist religious organization * Australian National Railways Commission, an Australian rail operator from 1975 until 1987 * Antonov, a Ukrainian (formerly Soviet) aircraft manufacturing and services company, as a model prefix Entertainment and media * Antv, an Indonesian television network * ''Astronomische Nachrichten'', or ''Astronomical Notes'', an international astronomy journal * ''Avisa Nordland'', a Norwegian newspaper * ''Sweet Bean'' (あん), a 2015 Japanese film also known as ''An'' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIDO Alliance
The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords. FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC). The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over the wire happens usi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Security Organizations
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These programs enable computers to perform a wide range of tasks. A computer system is a nominally complete computer that includes the hardware, operating system (main software), and peripheral equipment needed and used for full operation. This term may also refer to a group of computers that are linked and function together, such as a computer network or computer cluster. A broad range of industrial and consumer products use computers as control systems. Simple special-purpose devices like microwave ovens and remote controls are included, as are factory devices like industrial robots and computer-aided design, as well as general-purpose devices like personal computers and mobile devices like smartphones. Computers power the Internet, which links bi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
