8. Identity, Credentials and Access Control

CA

Certificate Authority: Entity issuing digital certificates

CAPTCHA

Completely Automated Public Turing Test to Tell Computers and Humans Apart: Challenge-response test determining if user is human

CRL

Certificate Revocation List: List of certificates revoked before their expiration date

CSR

Certificate Signing Request: Message sent from applicant to certificate authority

FRR

False Rejection Rate: Authentication system incorrectly rejecting legitimate users

HOTP

HMAC-based One-time Password: Algorithm generating one-time passwords

IdP

Identity Provider: System that creates, maintains, and manages identity information

NTLM

New Technology LAN Manager: Microsoft authentication protocol suite

OCSP

Online Certificate Status Protocol: Protocol for obtaining certificate revocation status

OID

Object Identifier: Unique identifier for object or concept

PHI

Personal Health Information: Health data that can identify individuals

PII

Personally Identifiable Information: Data that could identify a specific individual

PIV

Personal Identity Verification: US standard for identification cards

RA

Registration Authority: Entity that verifies requesting party information before certificate issuance

SAN

Subject Alternative Name: Certificate extension allowing multiple hostnames

SCEP

Simple Certificate Enrollment Protocol: Protocol for certificate issuance

TGT

Ticket Granting Ticket: Authentication credential in Kerberos

TOTP

Time-based One-time Password: One-time password algorithm based on current time

TPM

Trusted Platform Module: Secure cryptoprocessor that secures hardware through integrated cryptographic keys