Deck 23: Internet Authentication Applications

X.509 provides a format for use in revoking a key before it expires.

The authentication server shares a unique secret key with each server.

Kerberos is designed to counter only one specific threat to the security
of a client/server dialogue.

The principal objective for developing a PKI is to enable secure,
convenient,and efficient acquisition of private keys.

An obvious security risk is that of impersonation.

The ticket-granting ticket is encrypted with a secret key known only to
the AS and the TGS.

Update is not required when the certificate lifetime expires or as a
result of certificate revocation.

Federated identity management makes use of a number of standards
that provide the building blocks for secure identity information exchange across different domains or heterogeneous systems.

The ticket-granting ticket is not reusable.

Because serial numbers are unique within a CA,the serial number is
sufficient to identify the certificate.

CMP,defined in RFC 2510,is designed to be a flexible protocol able
to accommodate a variety of technical,operational,and business models.

Kerberos does not support interrealm authentication.

Initialization begins the process of enrolling in a PKI.

The overall scheme of Kerberos is that of a trusted third-party
authentication service.

An alternative to each server being required to confirm identities of clients who request service is to use an _______ that knows the passwords of all users and stores them in a centralized database.

A software utility initially developed at MIT and available both in the public domain and in commercially supported versions,________ is the defacto standard for remote authentication.

A full-service Kerberos environment consisting of a Kerberos server that has the user ID and password of all participating users in its database and shares a secret key with each server,all users and servers being registered with the Kerberos server,is referred to as a Kerberos ______.

______ is the set of hardware,software,people,policies,and procedures needed to create,manage,store,distribute,and revoke digital certificates based on asymmetric cryptography.

_______ systems are automated methods of verifying or recognizing identity on the basis of some physiological or behavioral characteristic.

________ allows end entities to restore their encryption/decryption key pair from an authorized key backup facility.

The focus of _________ is defining an identity for each user,associating attributes with the identity,and enforcing a means by which a user can verify identity.

The certification _________ is the issuer of certificates and certificate revocation lists.

The _________ is an optional bit string field used to identify uniquely the issuing CA in the event the X.500 name has been reused for different entities.

In a generic identity management architecture a ________ is an identity holder.

In a generic identity management architecture _______ are entities that obtain and employ data maintained and provided by identity and attribute providers,often to support authorization decisions and to collect audit information.

________ is a set of SOAP extensions for implementing message integrity and confidentiality in Web services.

In Kerberos,the ___________ decrypts the ticket and authenticator,verifies the request,and creates ticket for requested server.

The ticket contains the user's ID,the server's ID,a __________,a lifetime after which the ticket is invalid,and a copy of the same session key sent in the outer message to the client.

_______ is an XML-based language for the exchange of security information between online business partners.