Key terms in secure computing
A cryptographic key used when a computer wants a trusted third party to vouch for it. It can vouch for the computer without revealing its identity.
The action confirming whether or not a user is allowed to access a resource.
A pair of cryptographic keys, one private, one public. The private key is built in to the trusted platform module (TPM) when it is manufactured.
The rules and policies giving access to online resources shared by a group of organizations in a federation. Representatives from the organizations in the federation sign an agreement on how details of users and resources are shared. The organizations trust one another and use a Security Assessment Markup Language. The identity of users is only revealed when an explicit request to do so is made, so they retain a degree of privacy. With federated access management, users are authenticated only once in a “single sign-on” (SSO).
The means whereby a person’s identity is shared between different systems.
The common set of policies, practices, and protocols that organizations use to identify users.
The member of a federation who checks the identity of users and then issues an authentication token to any service that they wish to use.
Platform configuration registers
Registers in the TPM used to store information related to the state of security.
When a computer is checked to see whether any unauthorized changes have been made to the hardware or software. The remote machine making the check is called a “challenger.”
“Shibboleth is standards-based, open source federating software that provides Web Single SignOn (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner” (Internet 2, n.d.).
Single sign-on and web single sign-on
The use of one username and one password to access different applications. There are two main types of SSO – “pseudo-SSO” and “true SSO.” In a true SSO scheme the user is authenticated by a third party, whereas with a pseudo-SSO it is not. Each of these types can be further subdivided into two types depending on where the processing takes place – locally (“local”) or as an external service (“proxy-based”). Overall there are four categories: local pseudo-SSO systems; proxy-based pseudo-SSO systems; local true SSO systems; and proxy-based true SSO systems. The third-party authenticator is called the “identity provider.” Shibboleth is an SSO framework.
A cryptographic protocol that provides communication security over the internet (Wikipedia, n.d.). It is used when a client and a server, which have not previously communicated, wish to authenticate one another.
“Trust is the expectation that a device will behave in a particular manner for a specific purpose” (Trusted Computing Group, 2007). These terms have been explained by Alam et al. (2008): “particular manner” relates to “the question of how a task is expected to be performed”; and “specific purpose” is “a particular task or scenario like usage of an object, web service access, or some computational activity.”
A technology that attempts to make a network more secure. It has an “endorsement key,” “sealed storage,” and “remote attestation.” Sealed storage data on one computer can only be accessed by another computer that has a certain software set-up.
A consortium of manufacturers, which defines the specification of the TPM.
Hardware implementation of a security specification. It handles the generation of keys for cryptography and summarizes the hardware and software configuration for use in remote attestation.
A party trusted by users and organizations that wish to communicate with one another.
Confirming the identity of a user. “Authentication” can be abbreviated to “AuthN.”