Concepts include ideas, abstractions of topics, and units of thought or knowledge. These topics contain mainly non-proprietary information that is relevant to MobileTrust.
Scope: Endpoint Security, Malware
- Authentication is the process of identifying a user during login.
- Authorization verifies what the user is authorized to do after logging into a website, network, or cloud service.
- Encryption is the transformation of data, so that a key is required to decrypt and restore the original data.
- An Encryption Key is a random set of keyboard characters generated specifically to encrypt and un-encrypt data.
- End-to-End Encryption ensures that data that travels over a network or the internet is securely encrypted from the point of data entry to the point of destination.
- A Keylogger is hidden software that records all keystrokes including passwords.
There are two main types of keyloggers:
The topic/theme is software-based keyloggers and their typology.
- Keystroke Encryption uses a custom keyboard driver to pass keystrokes directly to the browser in an encrypted format.
- Out-Of-Band Authentication involves using a second channel for communication of passwords or codes, that is not linked to the original communication channel used to access a website, network, or cloud service.
- Single Sign-On Authentication.
- Password strength can be measured by the effectiveness of a password in resisting guessing and brute-force attacks.
- Token-Based Authentication users log into to a website, network, or cloud service, using a security token provided by the server.
- Two-Factor Authentication requires the use of two of three authentication factors. These factors are identified in the Standards and Regulations for access to U.S. Federal Government systems.