Identity defines the parties in a trust relationship.
The identity is the who of a trust relationship. The identity of a network entity is verified by credentials.
The identity can be individuals, devices, organizations, or all three. Using identities properly enables effective risk mitigation and the ability to apply policy and access control in a granular and accurate manner.
Credentials are elements of information used to verify or authenticate the identity of a network entity. It is important to separate the concept of identification, in which a subject presents its identity, from authentication, in which a subject proves its identity. For example, to log on to a resource, a user might be identified by a username and authenticated by a secret password.
The most common identity credentials are passwords, tokens, and certificates. Passwords and tokens are described in the next sections; certificates are described in the later "Encryption Fundamentals" section.
Authentication, or the proving of identity, is traditionally based on one (or more) of the following three proofs:
■ Something the subject knows: This usually involves knowledge of a unique secret, which the authenticating parties usually share. To a user, this secret appears as a classic password, a personal identification number, or a private cryptographic key.
■ Something the subject has: This usually involves physical possession of an item that is unique to the subject. Examples include password token cards, Smartcards, and hardware keys.
■ Something the subject is: This involves verifying a subject's unique physical characteristic, such as a fingerprint, retina pattern, voice, or face.
Was this article helpful?