Study on Mobile Identity Management GLOSSARY

Glossary

1. aMAD – autonomous Mobile Authentication Device 

It describes a token that authenticates its user without additional interactions with any external equipment through on board authentication interfaces (biometrics, keyboard for a secret). The device then delivers digital signals for the identity of the authenticated person over available channels (display with a one time password, RFID, smart card interface etc.) 

1. ATM – Automated Teller Machine 

Automated teller machines (ATMs) allow customers to carry out bank transactions without the assistance of a teller. 

1. CR protocol – Challenge-Response protocol 

A challenge response protocol is used to authenticate ad-hoc a person or a machine. In a CR protocol the authenticating instance generates a random string (challenge) and sends it to the instance that has to be authenticated in a way that only the receiver who possesses the right identity credential can recover and interpret it. The receiver sends information back to the sender (response) that proofs that he was able to receive and correctly interpret the challenge. Typically the a CR-protocol is based on a PKI (FIPS Pub 196), but also other forms like zero-knowledge protocols fall (e.g. Fiat-Shamir protocol) under this category. 

1. Digital Identity 

Digital identity denotes all those subject-related data that can be stored and interlinked by a technology-based application. The subsets of the digital identity are digital partial identities (= partial digital identities) which represent the subject in a specific context. A digital identity is, in a mobile network context, cooperatively provided by the mobile network operator and the mobile subscriber. It is constituted by idem identity and ipse identity aspects. 

1. 1. Idem identity: A concept that links a ”token“ from the digital / syntactical world to an object in the real / semantic world, which is provided by the SIM/GSM-infrastructure.

   2. Ipse identity: A set of properties and attributes describing the situation and context of the mobile subscriber.

2. DDS – Direct Digital Synthesizer 

Direct digital synthesizer (DDS) is a fine resolution digital frequency synthesis technology that uses a numerically controlled oscillator (NCO) to program the output frequency to the chosen value. 

1. DNS – Domain Name System 

The Domain Name System or DNS is a system that stores information about host names and domain names in a kind of distributed database on networks, such as the Internet. Most importantly, it provides an IP address for each host name, and lists the mail exchange servers accepting e-mail for each domain (Wikipedia, 2005).

1. DoS Attack – Denial of Service Attack 

A Denial of Service attack (DoS) is an electronic attack whose purpose is to prohibit an opponent the use of a dedicated part of or the entire system. 

1. D/A converter 

A digital-to-analog converter is a device used to convert digital signals to analog signals. 

1. EAM – Extranet Access Management 

An extranet is an extension of a corporate intranet using World Wide Web (WWW) technology to facilitate communication with the corporation’s suppliers and customers outside the secured company perimeter. An extranet allows customers and suppliers to gain limited but secure access to a company’s intranet in order to enhance the speed and efficiency of their business relationship. The challenge of managing extranets that provide such access increases with the levels and numbers of access granted. In addition to securing sessions over the Web, organizations need a robust authentication and access control mechanism that allows users to gain easy entry to necessary internal resources they need to do their work. The technologies to provide access and authorisation to external users are summarised under the term EAM. 

1. ECM – Electronic Countermeasures / ECCM – Electronic Counter-Countermeasures 

Electronic countermeasures (ECM) are designed to decoy or deceive enemy radar or missile threats. Electronic Counter-Countermeasures (ECCM) are powerful electronics that can ‘burn through’ conventional ECM systems. 

1. FHSS – Frequency-Hopping Spread Spectrum 

Frequency-hopping spread spectrum (FHSS) is a transmission technology, based on spread spectrum radio where the data signal is modulated with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies. The transmission frequencies are determined by a spreading, or hopping, code. The receiver must be set to the same hopping code and must listen to the incoming signal at the right time and correct frequency in order to properly receive the signal.  

1. GPS – Global Positioning System 

GPS, run by the Department of Defence of the United States, is a service to acquire two or three dimensional the absolute positions of a receiver on the earth. For the positioning purpose 50 GPS-satellites are used today. To determine a two dimensional position the identifier of three satellites, their position when sending the signal and the time this signal needed to reach receiver are used. The accuracy of the positioning for civilian users today is about ± 15m. 

1. GPRS – General Packet Radio Service 

GPRS is a standard for mobile packet oriented data transfer basing on the European standard GSM (Global System for Mobile Communications). Theoretically, a bandwidth of 171.2 kBit/s for data transfer is reachable, limited for technical and organisational reasons in Germany to 56 kBit/s. 

1. GSM 

GSM (Global System for Mobile Communications) is the most popular standard for mobile phones in the world. GSM phones are used by over a billion people across more than 200 countries. The ubiquity of the GSM standard makes international roaming very common with "roaming agreements" between mobile phone operators. GSM differs significantly from its predecessors in that both signalling and speech channels are digital, which means that it is seen as a second generation (2G) mobile phone system. This fact has also meant that data communication was built into the system from very early on. GSM is an open standard which is developed by the 3rd Generation Partnership Project (3GPP). 

1. Identity 

An identity is a set of characteristics representing a subject. 

1. IFF – Friend-or-Foe Identification 

Friend-or-Foe Identification (IFF) is a system using electromagnetic transmissions to which equipment carried by friendly forces automatically responds, for distinguishing themselves from enemy forces. 

1. LED – Light Emitting Diode 

A LED is a semiconductor diode that converts applied voltage to light. It is used in digital displays, in for example a mobile phone. 

1. MMS – Multimedia Message Service 

Multimedia Messaging Service is a service for exchanging multimedia content between capable mobile phones and other devices. 

1. Mobile ID 

A mobile ID is the ID of a mobile device. The mobile device is typically bound to an individual. Examples in the GSM network are the IMEI (International Mobile Station Equipment), the IMSI (International Mobile Subscriber Identity) and the SIM card (Subscriber Identity Module). 

1. Mobile Identity 

A mobile identity in the wide sense is a partial identity which is connected to the mobility of the subject itself, including location data. The mobile identity may be addressable by the mobile ID. Typical settings for mobile identities comprise the use of mobile phones, the use of mobile tokens which store identity data, or the use of RFIDs (Radio Frequency IDs). Furthermore the mobility of a subject may be observed by others including the deployment of tracking mechanisms with respect to biometric properties, e.g., by a comprehensive video surveillance. This additionally may be understood as a mobile identity. 

1. Mobile Identity Management 

Mobile identity management is a special case of identity management where location data is taken into account. It comprises both the perspective of the subject whose partial identities are concerned, e.g., offering mechanisms to decide when and what location data is used and transmitted to whom and the perspective of the mobile identity (management) provider who operates the system and may process the subject’s data. 

1. Mobile Identity Management System 

A mobile identity management system is a technology-based application for mobile identity management. 

1. MOC – Match On Card 

It means that for a biometric verification process the reference template, the matching algorithm and the matching score decision are all enclosed in the processor chip of a smart card. Only the measurement of the biometric feature and the feature extraction to obtain a query-template are processed outside the card. To authenticate a person the card has to be connected to the external measurement device, which delivers the pre-processed data into the card. Usually the card works only together with dedicated sensor equipment and has proprietary data exchange formats. 

1. OASIS – Organization for the Advancement of Structured Information Standards 

OASIS is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. The consortium produces Web services standards along with standards for security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries.    

1. OTP – One Time Password 

A one time password is a password that is generated ad-hoc at the moment of an authentication process. There are basically three technologies that use OTP.  

1. Time based OTP generators combine a base secret with a time stamp to generate a unique OTP. Both parties of such an authentication scheme have to share the secret and rely on a common time within a certain temporal window. 

2. Event-based OTP generators combine a base secret with a counter algorithm to generate a unique OTP. Both parties have to share the secret and use the same algorithm in a way that after each authentication process both parties are able to generate the next accepted OTP in the sequence. In general the receiver will accept an OTP within a few event steps ahead of the last successful communication. 

CR based OTP are used in form of random or specific information coding string that is generated by the authenticating instance ad hoc. They are exchanged between sender and receiver through a CR protocol (see CR) 

1. Partial Identity 

Each identity of a subject can comprise many partial identities of which each represents the subject in a specific context or role. Partial identities are subsets of attributes of a complete identity. On a technical level, these attributes are data. 

1. Payment Token 

Specific security token representing payment-related claims. 

1. PDA – Personal Digital Assistant 

A PDA is a small hand-held, usually pen-based, computer. It is often used as a personal organizer. 

1. PET – Privacy Enhancing Technologies 

Privacy Enhancing Technologies (PET) are a related aggregate of “Information and Communications Technology” (ICT) measures protecting personal privacy by eliminating or reducing personal data or by preventing unnecessary or undesired processing of personal data, all without the loss of the functionality of the information system. 

1. PICS – Platform for Internet Content Selection 

PICS is a specification that enables labels (metadata) to be associated with Internet content. Though originally designed to help parents and teachers control what children access on the Internet, it also facilitates other uses for labels, including code signing and privacy.  

1. PKI – Public Key Infrastructure 

PKI (Public Key Infrastructure): The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. The main ability of a PKI is to administer certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. 

1. PRIME – Privacy and Identity Management for Europe 

PRIME is a European RTD Integrated Project under the FP6/IST Programme. It addresses research issues of digital identity management and privacy in the information society.  

1. Peer-to-Peer (P2P) 

A peer-to-peer (P2P) computer network is any network that does not rely on dedicated servers for communication but instead mostly uses direct connections between clients (peers). A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both clients and servers to the other nodes on the network (Wikipedia, 2005). 

1. P3P – Platform for Privacy Preferences Project 

P3P has been developed by the World Wide Web Consortium (W3C) and is an industry standard designed to help users gain more control over the use of their personal information on Internet sites they visit.  

1. RF, RFID, RFID-NIC – Radio Frequency Identification – Near Field Communication 

RF or RFID is a technology that allows a simple communication between a non powered device with a digital processor (tag) and a powered device (reader). The powered reader generates an electromagnetic field in a selected radio frequency band (e.g. 125 kHz or 13.56 MHz). This field activates and powers the tag through induction (LC-resonant circuit) whenever the tag moves near the source of the field. The tag has an antenna optimised for the specific sender frequency and a small chip that can process the reader request and send answers to the reader. The basic standards for the technology are ISO 10536 (Close Coupling), ISO 14443 (Proximity Coupling), ISO 15693 (Vicinity Coupling) und ISO 18092 (Near Field Communication). 

1. SAML – Security Assertion Markup Language 

SAML was developed by the Security Services Technical Committee of OASIS. It is an XML-based framework for communicating user authentication, entitlements and attribute information. SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject to other entities, which may be a partner company, another enterprise application etc. 

SAML is a flexible and extensible protocol designed to be used by other standards. The Liberty Alliance, the Internet2 Shibboleth project, and OASIS Web Services Security (WS-Security) have all adopted SAML as a technological underpinning to varying degrees. Keys to the federation of identities are standardized mechanisms and syntax for the communication of identity information between the domains – the standard provides the insulating buffer. SAML defines just such a standard. 

1. Security Token 

A security token represents a collection (one or more) of claims. A claim is a declaration made by an entity (e.g. name, identity, key, group, privilege, capability, etc. 

1. SIM – Subscriber Identity Module 

A subscriber identity module (SIM) is a smart card securely storing the key identifying a mobile subscriber. SIMs are most widely used in GSM systems, but a compatible module is also used for UMTS UEs (USIM) and IDEN phones. The card also contains storage space for text messages and a phone book. 

1. SOAP – Simple Object Access Protocol 

SOAP is an XML-based lightweight protocol for exchange of information in a decentralized, distributed environment. It uses XML technologies to define an extensible messaging framework providing a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation specific semantics. 

1. SMS – Short Message Service 

Short Message Service is a service for sending messages of up to 160 characters to mobile phones that use GSM communication. 

1. SW-or-HW-Token – Software or Hardware Token 

A SW or HW token in the context of authentication is a carrier for identity credentials. The token may be carried and delivered by a person or a machine to submit a credential for an identity. Examples are digital certificates (SW-token) or digital identity cards (HW-token). 

1. UDDI – Universal Description, Discovery and Integration 

UDDI is a Web-based distributed directory that enables businesses to list themselves on the Internet and discover each other, similar to a traditional phone book’s yellow and white pages. It will benefit businesses of all sizes by creating a global, platform-independent, open architecture for describing businesses and services, discovering those businesses and services, and integrating businesses using the Internet. Any kind of service can be registered in the UDDI Business Registry, such as manual services and electronic services, but the primary intent behind UDDI is to provide a global registry for Web Services. 

1. UMTS – Universal Mobile Telecommunications System 

Universal Mobile Telecommunications System (UMTS) is one of the third-generation (3G) mobile phone technologies. It uses W-CDMA as the underlying standard, is standardized by the 3GPP, and represents the European answer to the ITU IMT-2000 requirements for 3G Cellular radio systems. UMTS is sometimes marketed as 3GSM, emphasizing the combination of the 3G nature of the technology and the GSM standard which it was designed to succeed. 

1. USIM – Universal Subscriber Identity Module 

USIM cards are subscriber identity modules for 3G mobile telephony. They are the same physical size as normal 2G GSM SIM cards.

1. UWB – Ultra-Wide Band 

Ultra-wide band (UWB) is an emerging wireless technology that uses pulsed radio techniques to transmit data. The transmitter sends a low-power broadband signal, with each channel from 10 to 40 million pulses per second. UWB also has applications in radar systems, including systems that can detect people through walls or rubble. 

1. Virtual Identity 

Virtual identity is sometimes used in the same meaning as digital identity or digital partial identity, but because of the connotation with “unreal, non-existent, seeming” the term is mainly applied to characters in a MUD (Multi User Dungeon), MMORPG (Massively Multiplayer Online Role Playing Games) or to avatars. 

1. WAP – Wireless Application Protocol 

Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication, for example Internet access from a mobile phone. WAP was designed to provide services equivalent to a Web browser with some mobile-specific additions, being specifically designed to address the limitations of very small portable devices. However, during its first years of existence WAP suffered from considerable negative media attention and has been criticised heavily for its design choices and limitations. 

1. WLAN – Wireless Local Area Network 

A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier: the last link with the users is wireless, to give a network connection to all users in a building or campus. The backbone network usually uses cables. 

1. WSDL – Web Service Description Language 

WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services). WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate. 

1. WSS – Web Services Security 

WSS is a set of standards and recommendations of the OASIS Web Services Security Technical Committee that delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications. 

1. XML – eXtensible Markup Language
   XML describes a class of data objects called XML documents and partially describes the behaviour of computer programs which process them.