Digital Identity Guidelines

"Digital Identity" is the unique representation of a subject engaged in an online transaction.

"Identity Proofing" establishes that a subject is actually who they claim to be. 

 "Digital Authentication" is the process of determining the validity of one or more authenticators used to claim a digital identity. 

 Authentication establishes that a subject attempting to access a digital service is in control of the technologies used to authenticate. For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the subject accessing the service today is the same as the one who accessed the service previously. Digital identity presents a technical challenge because it often involves the proofing of individuals over an open network and always involves the authentication of individuals over an open network. This presents multiple opportunities for impersonation and other attacks which can lead to fraudulent claims of a subject’s digital identity.

 This technical guideline applies to digital authentication of subjects to systems over a network. It does not address the authentication of a person for physical access (e.g., to a building), though some credentials used for digital access may also be used for physical access authentication. This technical guideline also requires that federal systems and service providers participating in authentication protocols be authenticated to subscribers.

 The strength of an authentication transaction is characterized by an ordinal measurement known as the "AAL." Stronger authentication (a higher AAL) requires malicious actors to have better capabilities and expend greater resources in order to successfully subvert the authentication process. Authentication at higher AALs can effectively reduce the risk of attacks. A high-level summary of the technical requirements for each of the AALs is provided below:

 Authenticator Assurance Level 1: AAL1 provides some assurance that the claimant controls an authenticator registered to the subscriber. AAL1 requires single-factor authentication using a wide range of available authentication technologies. Successful authentication requires that the claimant prove possession and control of the authenticator through a secure authentication protocol.

 Authenticator Assurance Level 2: AAL2 provides high confidence that the claimant controls an authenticator(s) registered to the subscriber. Proof of possession and control of two different authentication factors is required through secure authentication protocol(s).

 Authenticator Assurance Level 3: AAL3 provides very high confidence that the claimant controls an authenticator(s) registered to the subscriber. Authentication at AAL3 is based on proof of possession of a key through a cryptographic protocol. AAL3 also requires a hardware-based cryptographic authenticator and an authenticator that provides verifier impersonation resistance.

 Source: NIST Special Publication 800-63B Digital Identity Guidelines Authentication and Lifecycle Management.

Comments

Post a Comment

Popular posts from this blog

EOQ Calculations in Excel

Image
Last week in Operations Management we used Excel to calculate the Economic Order Quantity and graph Carrying Costs, Ordering Costs, and Total Costs. The Economic Order Quantity or "EOQ" is the order size that "minimizes" Total Costs. Any more or less and you are spending too much on ordering or too much on keeping inventory. For example, in the Excel spreadsheet below, if you had an Annual Demand of 12000 units, Ordering Costs of $10 per order, and Holding costs of $4 per unit per year, the EOQ would be 245 units and Total Costs would be $980.00: We used the following formula in Excel to calculate EOQ: =SQRT((2*B2*B3)/B4) And the following formula to calculate Total Costs at this point: =$B$6/2*$B$4+$B$2/B6*$B$3 To create the graph, we used the following formulas and simply copied them over a range of 100 to 500 units. Ordering Costs: =$B$2/D2*$B$3 Holding Costs: =D2/2*$B$4 Total Costs: =F2+G2 Looking at this chart, we can clearly see that our order size of 245 is
Read more

Reliability Calculations in Excel

Image
In Operations Management today we used Excel to calculate product reliability. Reliability is defined as "the ability of a product, service, part, or system to perform its intended function under a prescribed set of circumstances" (Stevenson, 2009). In order to calulate reliability over a given length of time we need to use the following formula: P(no failure) = e -t/MTBF where: e = 2.7183 t = Length of service before failure MTBF = Mean Time Between Failures One of the cases we did in class involved an auto detailing company that wanted to calculate the reliability of its vacuum cleaners. Excel provides an "EXP" funtion that we can easily apply here. After entering all data for the problem as shown on the spreadsheet below, we type the formula =EXP(-A5/$B$2) in cell B5 and copy down. Next we plot the distribution for t=0 to the maximum life expectancy of 20 years using a line graph. What we end up with looks like a classic case of "ex
Read more

“How Are We Doing?” Efficiency, Utilization, and Productivity

Image
In business, knowing how we are performing in relation to our competition is vital. Internally we want to know if we are using resources effectively and getting the most out of what we have. Efficiency and Productivity are two calculations that are fundamental to the success of any organization. While the calculations are simple, choosing what measures to use and collecting the necessary data requires a thorough understanding of your industry. To calculate Efficiency you will have to first decide what to use as a base for comparison. Does your company already have a “target” of some kind? Like total units produced? If so then you can compare everything to that. Once you have that, there are a couple of basic formulas that can be used: Efficiency = Actual Output/Effective Capacity X 100% Utilization = Actual Output/Design Capacity X 100% Design Capacity is the maximum output achieved under ideal conditions. Effective Capacity is always less than Design Capacity because of factors
Read more