An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.
Using the terminology of the NIST Digital Identity Guidelines, the party to be authenticated is called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates possession and control of one or more authenticators to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
Authenticators may be characterized in terms of secrets, factors, and physical forms.
Every authenticator is associated with at least one secret that the claimant uses to demonstrate possession and control of the authenticator. Since an attacker could use this secret to impersonate the user, an authenticator secret must be protected from theft or loss.
The type of secret is an important characteristic of the authenticator. There are three basic types of authenticator secret: a memorized secret and two types of cryptographic keys, either a symmetric key or a private key.
A memorized secret is intended to be memorized by the user. A well-known example of a memorized secret is the common password, also called a passcode, a passphrase, or a personal identification number (PIN).
An authenticator secret known to both the claimant and the verifier is called a shared secret. For example, a memorized secret may or may not be shared. A symmetric key is shared by definition. A private key is not shared.
An important type of secret that is both memorized and shared is the password. In the special case of a password, the authenticator is the secret.
A cryptographic authenticator is one that uses a cryptographic key. Depending on the key material, a cryptographic authenticator may use symmetric-key cryptography or public-key cryptography.
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Explores access control policies, authentication methods, and the principles of least privilege, emphasizing the importance of secure and user-friendly authentication protocols.
This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how
This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological characteristics which are related to the shape of the body.
Like many other enterprises, humanitarian organizations are investing in their digital transformation. In this sector, an important effort is put into biometric solutions. The ICRC has been exploring new ways of how they could integrate biometrics into the ...
2021
Due to its convenience, biometric authentication, especial face authentication, has become increasingly mainstream and thus is now a prime target for attackers. Presentation attacks and face morphing are typical types of attack. Previous research has shown ...
IEEE2020
, , ,
This paper introduces protocols for authenticated private information retrieval. These schemes enable a client to fetch a record from a remote database server such that (a) the server does not learn which record the client reads, and (b) the client either ...