National Academies Press: OpenBook

Who Goes There?: Authentication Through the Lens of Privacy (2003)

Chapter: Appendix C: Some Key Concepts

« Previous: Appendix B: Briefers to the Study Committee
Suggested Citation:"Appendix C: Some Key Concepts." National Research Council. 2003. Who Goes There?: Authentication Through the Lens of Privacy. Washington, DC: The National Academies Press. doi: 10.17226/10656.
×
Page 209
Suggested Citation:"Appendix C: Some Key Concepts." National Research Council. 2003. Who Goes There?: Authentication Through the Lens of Privacy. Washington, DC: The National Academies Press. doi: 10.17226/10656.
×
Page 210
Suggested Citation:"Appendix C: Some Key Concepts." National Research Council. 2003. Who Goes There?: Authentication Through the Lens of Privacy. Washington, DC: The National Academies Press. doi: 10.17226/10656.
×
Page 211
Suggested Citation:"Appendix C: Some Key Concepts." National Research Council. 2003. Who Goes There?: Authentication Through the Lens of Privacy. Washington, DC: The National Academies Press. doi: 10.17226/10656.
×
Page 212

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Appendix C Some Key Concepts Attribute. An attribute describes a property associated with an individual. Attribute Authentication. Attribute authentication is the process of estab- lishing an understood level of confidence that an attribute applies to a specific individual. Authentication. Authentication is the process of establishing confidence in the truth of some claim. Authenticator. An authenticator is evidence that is presented to support the authentication of a claim. It increases confidence in the truth of the claim. Authorization. Authorization is the process of deciding what an ought to be allowed to do. individual Biometrics. Biometrics is the automatic identification or identity verification of individuals on the basis of behavioral or physiological characteristics. Bodily Integrity. Bodily integrity in the context of privacy refers to those issues involving intrusive or invasive searches and seizures. 209

210 APPENDIX C Certification Authority. A certification authority is the entity that issues a digital certificate in a public key cryptosystem. Communications Privacy. Communications privacy is a subset of informa- tion privacy that protects the confidentiality of individuals' communica- tions. Credential. Credentials are objects that are verified when presented to the verifier in an authentication transaction. Credentials may be bound in some way to the individual to whom they were issued, or they may be bearer credentials. The former are necessary for identification, while the latter may be acceptable for some forms of authorization. Decisional Privacy. Decisional privacy protects the individual from inter- ference with decisions about self and family. Identification. Identification is the process of using claimed or observed attributes of an individual to infer who the individual is. Identifier. An identifier points to an individual. An identifier can be a name, a serial number, or some other pointer to the entity being identi- fied. Identity. The identity of X is the set of information about individual X that is associated with that individual in a particular identity system Y. How- ever, Y is not always named explicitly. Identity Authentication. Identity authentication is the process of establish- ing an understood level of confidence that an identifier refers to an iden- tity. It may or may not be possible to link the authenticated identity to an individual. Individual Authentication. Individual authentication is the process of estab- lishing an understood level of confidence that an identifier refers to a specific individual. Information Privacy. Information privacy protects the individual's interest in controlling the flow of information about the self to others. Password. A sequence of characters, presumed to be secret, that is di- vulged in order to gain access to a system or resource.

APPENDIX C 2 Privacy. Privacy is a multifaceted term, with many contextually depen- dent meanings. One aspect of the right to privacy is the right of an individual to decide for himself or herself when and on what terms his or her attributes should be revealed. Private Key. In public key cryptography systems, a private key is a value (key), presumed to be secret, and typically known only to one party. The party uses the private key to digitally sign data or to decrypt data (or keys) encrypted for that party using the party's public key. Public Key. In public key cryptography systems, a public key is a value used to verify a digital signature generated using a corresponding private key, or used to encrypt data that can be decrypted using the correspond- ing private key. Public Key Certificate. Sometimes called a digital certificate, a public key certificate contains attributes, typically including an identifier, that are bound to a public key via the use of a digital signature. Public Key Infrastructure. A public key infrastructure (PKI) consists of a set of technical and procedural measures used to manage public keys embed- ded in digital certificates. The keys in such certificates may be used to enable secure communication and data exchange over potentially inse- cure networks. Registration Authority. A registration authority is the entity in a PKI that establishes a correspondence between an identifier that will appear in a certificate and an individual. Security. Security refers to a collection of safeguards that ensure the confi- dentiality of information, protect the integrity of information, ensure the availability of information, account for use of the system, and protect the systems and/or networks used to process the information. Threat. A threat is a motivated, capable adversary. The adversary is moti- vated to violate the security of a target (system) and has the capability to mount attacks that will exploit vulnerabilities of the target.

Next: What is CSTB? »
Who Goes There?: Authentication Through the Lens of Privacy Get This Book
×
Buy Paperback | $48.00 Buy Ebook | $38.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Who Goes There?: Authentication Through the Lens of Privacy explores authentication technologies (passwords, PKI, biometrics, etc.) and their implications for the privacy of the individuals being authenticated. As authentication becomes ever more ubiquitous, understanding its interplay with privacy is vital. The report examines numerous concepts, including authentication, authorization, identification, privacy, and security. It provides a framework to guide thinking about these issues when deciding whether and how to use authentication in a particular context. The book explains how privacy is affected by system design decisions. It also describes government’s unique role in authentication and what this means for how government can use authentication with minimal invasions of privacy. In addition, Who Goes There? outlines usability and security considerations and provides a primer on privacy law and policy.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!