Glossary
Not everyone is directly familiar with the terms relating to authentication. Here we have summarized the most common expressions and briefly explained them.
If you have any further questions, please do not hesitate to contact us!
A - F
Authenticators through FIDO
The means used to confirm the identity of a user, process, or device (e.g., user password or token).
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system.
The right or a permission that is granted to a system entity to access a system resource.
A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.
The FIDO protocols are open and license-free authentication protocols developed by the FIDO (Fast Identity Online) Alliance for secure authentication on the World Wide Web. A large number of security tokens and authentication solutions and applications already use or support FIDO protocols. These offer a particularly high level of security through the use of asymmetric key pairs. A single token/authenticator can secure 1-n applications. The FIDO protocols are W3C standard and therefore enjoy high prominence and increasing distribution.
G - M
Home office security through Multi-Factor Authentication
Currently, the term home office is mainly used to describe when employees work outside their company. There are other terms that describe working from home or away from the employer's property. It should be noted that the legal framework applies to the respective form of home work. A distinction is made between telework, mobile working and home office.
In general, identity theft is the misuse of personal information about a natural person by a third party. The aim of identity theft is to derive financial benefits from it or to harm the stolen person by discrediting it. When a person navigates the internet, they use digital identities. These are linked to personal data and activities of this person in the various services used. If these digital identities are used by third parties without permission for their own purposes, this is identity misuse.
An Identity Provider (IdP) is a central access system for Service Provider (SP) services to which users can log on. Identity provider systems provide important cyber security services for service providers, such as authenticating a user for single sign-on (SSO) and authorizing access to the identity's resources via special APIs.
With the help of IT security, existing risks that affect IT systems through threats should be reduced to an appropriate level. IT security therefore deals with IT security measures that protect information on IT systems from loss of confidentiality, authentication, authenticity, integrity, liability, availability and anonymization/pseudonymization. IT security also includes the aspects of software security and reliability of IT systems. IT security protects IT systems to prevent damage to companies, authorities, organizations and people.
Critical infrastructures are organizations of great importance for the state community, whose failure or impairment would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences. Therefore, cyber attacks on critical infrastructures represent a fundamentally higher vulnerability of society and form a new level of existential threat.
Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).
N - Z
Password through Smartphone
The password is the most common authentication method and ideally consists of a random sequence of numbers, letters and special characters.
A passphrase consists of a longer string of characters (up to 100 characters) compared to a password, which ensures greater security. This method is often used for encryption or signatures.
The personal identification number (PIN) usually consists of a 4 or 6-digit sequence with which the user can identify himself on a device. Both methods are commonly used in conjunction with a username.
The one-time password (OTP) is for one-time use for authentication and cannot be used a second time. Each login requires a new one-time password. This proven method is based on symmetric key pairs and is quick and easy to implement in a cloud application. Furthermore, this method is understandable for the user and easy to use. The generated one-time passwords can be generated both on the server side and on the user side. OTPs generated on the server side are usually sent to the user by email, SMS or voice call. A user can also have OTP generated via a smartphone app (e.g. Google Authenticator, Microsoft Authenticator) or on a hardware token and enter it in each case. OTP procedures are considered to be secure, but due to the symmetrical key pairs and the respective 1:1 relationship as a somewhat "outdated" procedure.
Security tokens are usually used to provide additional protection for user accounts as a second factor, often in the form of a USB stick. They can be clearly assigned to a user and thus personalized. Security tokens generate a one-time password (OTP) and react to touch or also use a biometric feature.
A smart card or intelligent chip card is a hardware security module in the standardized size of the debit card (86 × 54 × 0.76 mm) that provides people with IT security services. A smart card contains a security chip with CPU, RAM and ROM memory, a "lean" and secure operating system in ROM, an I/O interface through which all communication takes place (contact surfaces or contactless interface) and an EEPROM on which the secret keys, such as a secret RSA key or other symmetric keys, as well as personal data (passwords, etc.) are stored securely.
The smartphone can be used to generate an OTP via an app or receive an SMS as well as act as an out of band authenticator. Here, the user is sent a request to confirm or reject a login to an app. This procedure is quite comfortable for the user and enjoys a high level of acceptance.