Ver:
·
Autenticidad
del origen de la información
·
Autenticación
de una entidad
·
Autenticación
de la otra parte
·
Intercambio
de autenticación
·
Método
asimétrico de autenticación
·
Método
simétrico de autenticación
·
Certificado
de autenticación
Acción y efecto
de autenticar.
Autenticar. Acreditar. Dar fe de la verdad de un hecho
o documento con autoridad legal.
DRAE.
Diccionario de la Lengua Española.
Proceso para
verificar la identidad de un individuo, dispositivo o proceso. Por lo general,
la autenticación ocurre a través del uso de uno o más factores de
autenticación, tales como:
·
Algo que el usuario sepa, como una
contraseña o frase de seguridad
·
Algo que el usuario tenga, como un
dispositivo token o una tarjeta inteligente
·
Algo que el usuario sea, como un
rasgo biométrico
http://es.pcisecuritystandards.org
Aportación de
garantías de que son correctas las características que para sí reivindica una
entidad ]UNE-ISO/IEC 27000:2014]
«autenticación»,
un proceso electrónico que posibilita la identificación electrónica de una
persona física o jurídica, o del origen y la integridad de datos en formato
electrónico; [PE-CONS 60/14]
Servicio de
seguridad que permite verificar la identidad. [CCN-STIC-405:2006]
El acto de
verificar la identidad de un usuario y su elegibilidad para acceder a la
información computarizada. La autenticación está diseñada para proteger contra
conexiones de acceso fraudulentas. [COBIT:2006]
Proceso
utilizado en los mecanismos de control de acceso con el objetivo de verificar
la identidad de un usuario, dispositivo o sistema mediante la comprobación de
credenciales de acceso. [CCN-STIC-400:2006]
Procedimiento
de comprobación de la identidad de un usuario.
Real Decreto
994/1999, de 11 de junio, por el que se aprueba el Reglamento de medidas de
seguridad de los ficheros automatizados que contengan datos de carácter
personal.
1. Proceso
ejecutado entre un emisor y un receptor de un canal de transmisión para garantizar la integridad de los datos y
la autenticidad del origen de los mismos (ISO-8732).
Es importante
notar que esta definición, en la actualidad, es poco usada por equívoca, pues
en el presente el término autenticación se refiere, exclusivamente, a entidades
y sujetos (en su acepción de comprobación por encontrarse en textos no
actualizados.
2. Servicio
de seguridad que se puede referir al origen de datos o a una entidad homóloga
(ISO-7498-2)
Garantiza que
el origen de datos, o la entidad homóloga, son quienes afirman ser.
[Ribagorda:1997]
Autenticación
mediante contraseñas (ISO/IEC 9594-8, ITU-T X.509) [Ribagorda:1997]
Sinónimo de
Autenticación, siendo esta última la preferida por la Real Academia de la
Lengua Española. [Ribagorda:1997]
Servicio de
seguridad que previene contra transmisiones fraudulentas. Puede determinar la
validez de la pareja de corresponsales (peer-entity) o del origen del mensaje
recibido.
Como
mecanismo de seguridad, es el procedimiento que presta dicho servicio, para
conseguir la autenticidad de la información (técnicas criptográficas, empleo de
características o propiedades del corresponsal, contraseñas certificadas,
sincronización de relojes y referencias horarias, etc.).
[CESID:1997]
Véanse
«autenticación de origen de los datos» y «autenticación de entidad par». [ISO-7498-2:1989]
Información
de seguridad (entre otra, códigos o valores de validación de tarjetas, datos
completos de la pista [de la banda magnética o su equivalente en un chip], PIN
y bloqueos de PIN) utilizada en la autenticación de titulares de tarjetas o en
la autorización de transacciones realizadas con tarjeta de pago.
http://es.pcisecuritystandards.org
'authentication' means an
electronic process that enables the electronic identification of a natural or
legal person, or the origin and integrity of data in electronic form to be
confirmed; [PE-CONS 60/14]
To prove that something is
genuine, real or true.
Oxford
Advanced Learner's Dictionary.
provision of assurance that
a claimed characteristic of an entity is correct [ISO/IEC 27000:2014]
The process of establishing
confidence in the identity of users or information systems.[NIST-SP800-63:2013]
A defined sequence of messages between a Claimant and a Verifier that
demonstrates that the Claimant has possession and control of a valid token to
establish his/her identity, and optionally, demonstrates to the Claimant that
he or she is communicating with the intended Verifier. [NIST-SP800-63:2013]
To verify the identity of a user, user device, or other entity.
[CNSSI_4009:2010]
The process of verifying the
identity or other attributes claimed by or assumed of an entity (user, process,
or device), or to verify the source and integrity of data.
NIST SP 800-53: Verifying
the identity of a user, process, or device, often as a prerequisite to allowing
access to resources in an information system.
[CNSSI_4009:2010]
Hardware or software-based
algorithm that forces users, devices, or processes to prove their identity
before accessing data on an information system. [CNSSI_4009:2010]
A well specified message
exchange process between a claimant and a verifier that enables the verifier to
confirm the claimant’s identity. [CNSSI_4009:2010]
(I) The process of verifying
a claim that a system entity or system resource has a certain attribute value.
(See: attribute, authenticate, authentication exchange, authentication
information, credential, data origin authentication, peer entity
authentication, "relationship between data integrity service and
authentication services" under "data integrity service", simple
authentication, strong authentication, verification, X.509.)
Tutorial: Security services
frequently depend on authentication of the identity of users, but
authentication may involve any type of attribute that is recognized by a
system. A claim may be made by a subject about itself (e.g., at login, a user
typically asserts its identity) or a claim may be made on behalf of a subject
or object by some other system entity (e.g., a user may claim that a data
object originates from a specific source, or that a data object is classified
at a specific security level).
An authentication process
consists of two basic steps:
·
Identification
step: Presenting the claimed attribute value (e.g., a user identifier) to the authentication
subsystem.
·
Verification
step: Presenting or generating authentication information (e.g., a value signed
with a private key) that acts as evidence to prove the binding between the
attribute and that for which it is claimed. (See:
verification.)
[RFC4949:2007]
Process of verifying
identity of an individual, device, or process. Authentication typically occurs
through the use of one or more authentication factors such as:
·
Something
you know, such as a password or passphrase
·
Something
you have, such as a token device or smart card
·
Something
you are, such as a biometric
https://www.pcisecuritystandards.org/security_standards/glossary.php
A process that establishes
the origin of information, or determines an entitys identity. [NIST-SP800-57:2007]
Verifying the identity of a
user, process, or device, often as a prerequisite to allowing access to
resources in an information system. [FIPS-200:2006]
The act of verifying the
identity of a user and the user's elegibility to access computarised
information. Authentication
is designed to protect against fraudulent logon. [COBIT:2006]
provision of assurance of
the claimed identity of an entity.
In case of user
authentication, users are identified either by knowledge (e.g., password), by
possession (e.g., token) or by a personal characteristic (biometrics). Strong
authentication is either based on strong mechanisms (e.g., biometrics) or makes
use of at least two of these factors (so-called multi-factor authentication). [ISO-18028-4:2005]
Authentication by means of
simple password arrangements. [X.509:2005]
Verifying the identity of a
user, process, or device, often as a prerequisite to allowing access to
resources in a system. [NIST-SP800-27:2004]
Security control designed to
establish the validity of a transmission, message, or originator, or a means of
verifying an individual's authorization to receive specific categories of
information. [NIST-SP800-60V2:2004]
The Authentication Security
Dimension serves to confirm the identities of communicating entities.
Authentication ensures the validity of the claimed identities of the entities
participating in communication (e.g. person, device, service or application)
and provides assurance that an entity is not attempting a masquerade or
unauthorized replay of a previous communication. [X.805:2003]
Verifying the identity of a
user, process, or device, often as a prerequisite to allowing access to
resources in a system. [NIST-SP800-33:2001]
Entity authentication which
provides both entities with assurance of each other's identity. [ISO-11770-3:2008]
A distinguishing identifier
of a principal that has been assured through authentication. [ISO-10181-2:1996]
the verification of a
claimed identity. [ITSEM:1993]
the provision of assurance
of the claimed identity of an entity. [ISO-10181-2:1996]
See data origin
authentication, and peer entity authentication. [ISO-7498-2:1989]
Security-related information
(including but not limited to card validation codes/values, full
magnetic-stripe data, PINs, and PIN blocks) used to authenticate cardholders
and/or authorize payment card transactions.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Authentication is the
process of determining whether someone or something is, in fact, who or what it
is declared to be. In private and public computer networks (including the
Internet), authentication is commonly done through the use of logon passwords.
Knowledge of the password is assumed to guarantee that the user is authentic.
Each user registers initially (or is registered by someone else), using an
assigned or self-declared password. On each subsequent use, the user must know
and use the previously declared password. The weakness in this system for
transactions that are significant (such as the exchange of money) is that
passwords can often be stolen, accidentally revealed, or forgotten.
http://searchsecurity.techtarget.com/
The process for verifying
that someone or something is who or what it claims to be.
http://www.getsafeonline.org/
The assurance that a party
to some computerized transaction is not an impostor. Authentication typically
involves using a password, certificate, PIN, or other information that can be
used to validate the identity over a computer network.
http://www.symantec.com/avcenter/refa.html
Authentication is the
process of confirming the correctness of the claimed identity.
http://www.sans.org/security-resources/glossary-of-terms/
Authentication is the
process of verifying an identity. Electronic authentication (e-authentication)
is the process of establishing confidence in identities electronically
presented to an information system.
Authentication precedes authorization.
Authorization is the defining of privileges on a system. Authorization can be
tied to identities or to roles and can control the actions of a user,
executable code, or a data element, but authorization only succeeds if paired
with authentication to validate which privileges should be assigned based on
validating the identity being granted the privileges.
Mutual authentication is a
higher level of authentication. In mutual authentication, both the
authentication target and the authentication requestor verify the identity of
the other end of the exchange. As an example, mutual authentication may occur
between a user and a bank. The bank requires authentication of the requesting
user to prove that the requestor should be granted access to a particular bank
account. At the same time, the requesting userswant proof that they are
connected to the actual bank web presence and not a “spoof” of the bank, to be
sure they are not sharing their authentication credentials with a potential bad
actor.
Mobile Security Reference
Architecture, May 23, 2013
"authentification",
un processus électronique qui permet de confirmer l'identification électronique
d'une personne physique ou morale, ou l'origine et l'intégrité d'une donnée
sous forme électronique; [PE-CONS 60/14]
Processus de
vérification de l’identité d’une personne, d’un dispositif ou d’un processus.
L’authentification se fait généralement par l’utilisation d’un ou plusieurs
facteurs d’authentification, tels que:
·
Quelque
chose de connu du seul utilisateur, comme un mot de passe ou une locution de
passage;
·
Quelque
chose de détenu par l’utilisateur, comme un dispositif de jeton ou une carte à
puce;
·
Quelque
chose concernant l’utilisateur, comme une mesure biométrique.
http://fr.pcisecuritystandards.org/
Authentification
d'entités qui garantie que chacun des entités a l'assurance de l'identité de
chacune des autres entités. [ISO-9798-1:1997]
Voir «authentification de
l'origine des données» et «authentification de l'entité homologue»
[ISO-7498-2:1989]
Service de sécurité
dont l'objectif est de valider l'identité d'une entité (utilisateur ou
équipement). Il existe classiquement trois méthodes d'authentification
permettant de prouver l'identité d'une entité:
·
Authentification
basée sur la connaissance d'un secret (ex.: mot de passe).
·
Authentification
basée sur la possession d'un objet (ex.: carte à puce, jeton).
·
Authentification
basée sur la biométrie.
http://securit.free.fr/glossaire.htm