Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Appendix C Some Key Concepts Attribute. An attribute describes a property associated with an individual. Attribute Authentication. Attribute authentication is the process of estab- lishing an understood level of confidence that an attribute applies to a specific individual. Authentication. Authentication is the process of establishing confidence in the truth of some claim. Authenticator. An authenticator is evidence that is presented to support the authentication of a claim. It increases confidence in the truth of the claim. Authorization. Authorization is the process of deciding what an ought to be allowed to do. individual Biometrics. Biometrics is the automatic identification or identity verification of individuals on the basis of behavioral or physiological characteristics. Bodily Integrity. Bodily integrity in the context of privacy refers to those issues involving intrusive or invasive searches and seizures. 209
210 APPENDIX C Certification Authority. A certification authority is the entity that issues a digital certificate in a public key cryptosystem. Communications Privacy. Communications privacy is a subset of informa- tion privacy that protects the confidentiality of individuals' communica- tions. Credential. Credentials are objects that are verified when presented to the verifier in an authentication transaction. Credentials may be bound in some way to the individual to whom they were issued, or they may be bearer credentials. The former are necessary for identification, while the latter may be acceptable for some forms of authorization. Decisional Privacy. Decisional privacy protects the individual from inter- ference with decisions about self and family. Identification. Identification is the process of using claimed or observed attributes of an individual to infer who the individual is. Identifier. An identifier points to an individual. An identifier can be a name, a serial number, or some other pointer to the entity being identi- fied. Identity. The identity of X is the set of information about individual X that is associated with that individual in a particular identity system Y. How- ever, Y is not always named explicitly. Identity Authentication. Identity authentication is the process of establish- ing an understood level of confidence that an identifier refers to an iden- tity. It may or may not be possible to link the authenticated identity to an individual. Individual Authentication. Individual authentication is the process of estab- lishing an understood level of confidence that an identifier refers to a specific individual. Information Privacy. Information privacy protects the individual's interest in controlling the flow of information about the self to others. Password. A sequence of characters, presumed to be secret, that is di- vulged in order to gain access to a system or resource.
APPENDIX C 2 Privacy. Privacy is a multifaceted term, with many contextually depen- dent meanings. One aspect of the right to privacy is the right of an individual to decide for himself or herself when and on what terms his or her attributes should be revealed. Private Key. In public key cryptography systems, a private key is a value (key), presumed to be secret, and typically known only to one party. The party uses the private key to digitally sign data or to decrypt data (or keys) encrypted for that party using the party's public key. Public Key. In public key cryptography systems, a public key is a value used to verify a digital signature generated using a corresponding private key, or used to encrypt data that can be decrypted using the correspond- ing private key. Public Key Certificate. Sometimes called a digital certificate, a public key certificate contains attributes, typically including an identifier, that are bound to a public key via the use of a digital signature. Public Key Infrastructure. A public key infrastructure (PKI) consists of a set of technical and procedural measures used to manage public keys embed- ded in digital certificates. The keys in such certificates may be used to enable secure communication and data exchange over potentially inse- cure networks. Registration Authority. A registration authority is the entity in a PKI that establishes a correspondence between an identifier that will appear in a certificate and an individual. Security. Security refers to a collection of safeguards that ensure the confi- dentiality of information, protect the integrity of information, ensure the availability of information, account for use of the system, and protect the systems and/or networks used to process the information. Threat. A threat is a motivated, capable adversary. The adversary is moti- vated to violate the security of a target (system) and has the capability to mount attacks that will exploit vulnerabilities of the target.