Recent Changes - Search:

comment6, <a href="http://byhgada.rr.nu/1/(approve sites)">sext pattycake gallery</a>, http://byhgada.rr.nu/1/(approve sites) sext pattycake gallery, 744674, <a href="http://byhgada.rr.nu/5/(approve sites)">nibble xxx</a>, http://byhgada.rr.nu/5/(approve sites) nibble xxx, :(((, <a href="http://luzgahn.fw.nu/2/(approve sites)">teenmodel sandy</a>, http://luzgahn.fw.nu/2/(approve sites) teenmodel sandy, 603,

Main /

Terminology

This page collects terms used within the research area of security for spontaneous interaction. Please add new entries when introducing terms in publications or remarks/discussions to terms that are not sufficiently clear or where definitions need to be extended.

If the community is sufficiently happy with a definition on this page, we will try to copy it to Wikipedia for better coverage.

Out-of-band channel

is the commonly accepted term for describing a secondary channel (in addition to the primary in-band communication channel like Bluetooth or WLAN) with additional security guarantees. It should not be confused with the term side channel, which is mostly used in the context of side-channel attacks.

This term may be seen as a superset of the more specific terms constrained channel and location-limited channel.

Two currently open research questions concern out-of-band channels: how to describe/formalize them and how to develop physical proofs for their properties.

Authentication proxy

is a principal (e.g. a device) that is used as a representative for authentication purposes. A prime example is a mobile phone or key fob that is used to authenticate the user to devices and services in the environment, e.g. displays, printers, public terminals, or to open doors.

Other suggested terms for the same concept are:

  1. personal device: Although this term is intuitive for the prime example of using a mobile, strictly personal device like a mobile phone for authentication purposes, it has been rejected in the open panel session because it does not seem general enough. An example excluded by this term would be a purely software-based personal agent running on some publically available server that takes part in user authentication protocols.
  2. digital identity: As with the previous term, this was rejected as not being general enough.

Physical evidence

describes a proof provided during the course of an authentication protocol that a specific physical entity corresponds to the virtual counterpart with which a user (or their device) is interacting. This proof can be provided either to a device or the user using it.

A similar term, although more restricted and therefore rejected as not being general enough, is that some property is human verifiable.

Principal

is commonly used in computer security to descibe an interacting party. It should be used instead of the terms identity and entity, as both either have additional meanings or are not general enough.

Edit - History - Print - Recent Changes - Search
Page last modified on October 20, 2008, at 03:31 PM