Êtes-vous un étudiant de l'EPFL à la recherche d'un projet de semestre?
Travaillez avec nous sur des projets en science des données et en visualisation, et déployez votre projet sous forme d'application sur Graph Search.
Concept
Authenticator
Résumé
An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.
Using the terminology of the NIST Digital Identity Guidelines, the party to be authenticated is called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates possession and control of one or more authenticators to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
Authenticators may be characterized in terms of secrets, factors, and physical forms.
Every authenticator is associated with at least one secret that the claimant uses to demonstrate possession and control of the authenticator. Since an attacker could use this secret to impersonate the user, an authenticator secret must be protected from theft or loss.
The type of secret is an important characteristic of the authenticator. There are three basic types of authenticator secret: a memorized secret and two types of cryptographic keys, either a symmetric key or a private key.
A memorized secret is intended to be memorized by the user. A well-known example of a memorized secret is the common password, also called a passcode, a passphrase, or a personal identification number (PIN).
An authenticator secret known to both the claimant and the verifier is called a shared secret. For example, a memorized secret may or may not be shared. A symmetric key is shared by definition. A private key is not shared.
An important type of secret that is both memorized and shared is the password. In the special case of a password, the authenticator is the secret.
A cryptographic authenticator is one that uses a cryptographic key. Depending on the key material, a cryptographic authenticator may use symmetric-key cryptography or public-key cryptography.
Source officielle
À propos de ce résultat
Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.