Terms and Acronyms

This section lists terms and acronyms used throughout the documentation.

Terms

Access Controller / Network Access Controller (NAS): Dispatches authentication, authorization, and accounting services to the AAA Server using RADIUS or TACACS+ protocols. Access Controllers can be routers, remote access servers, or firewalls.

Access Point: Transmits and receives data between users within the network and also can serve as the connection point between the wireless local area network (WLAN) and a fixed wire network.

Accounting profile: Set of attributes (created using a dictionary) which reside on the AAA Server (in order to keep records concerning connections).

Authentication device: ActivID Gold and ActivClient smart cards (any card supported by the client software), ActivID Token (V1 and V2), ActivID Keychain Token (V1 and V2), ActivID USB Key (ActivKey), ActivID Mini Token, ActivID Desktop Token.

Authorization profile: Set of attribute/value pairs (created using a dictionary) which can be checked or sent back to the Access Controller.

Certificate Authority: The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networked environment. As part of a Public Key Infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA issues a certificate.

Consolidation: Consolidate data from multiple authentication servers to the AAA Server administration database. Consolidation only works with servers that have logged data in the AAA Server database. You must set this when you configure your authentication servers.

Credential Management System: Formerly known as AIMS-Enterprise, CMS is a Web-based, smart card, credential and application lifecycle management system. CMS augments and works in concert with an enterprise's primary identity management infrastructure components, including popular directory, database, and PKI components.

Enroll: To enroll smart cards is to add existing, in-use devices to the AAA Server database. You can update devices without erasing previous static or PKI credentials, or you can retrieve the unlock key for devices so that the AAA Server can centrally manage them.

Export: The transfer of credentials and/or settings from the AAA Server Administration Console to the AAA Authentication server.

Firewall: A set of related programs, located at a network gateway server, that protects the resources of a private network from users on other networks. The term “firewall" describes a combination of hardware, software and security policies that is used with the programs. An enterprise (with an intranet) that allows its workers access to the wider Internet, installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users can access. Firewalls protect in both directions.

Gate: The server listens to authentication, authorization and accounting requests coming from the Access Controllers on the RADIUS and TACACS+ ports. In order to assign Authorization and Accounting profiles to several Access Controllers, you can filter the requests according to the Access Controllers’ IP addresses. This is a gate’s main role. Gates can be RADIUS or TACACS+ type.

Help Desk: The Help Desk function is located in the AAA Server Administration Console. Help Desk users can access Authentication logs to check a user’s state on the authentication server(s), unlock users, resynchronize users, unlock device PINs, lock users, set and assign temporary passwords, assign temporary AAA Server passwords, and enable the use of static LDAP passwords.

One-Time Password: Dynamic password. Used once only.

Profile: A list of parameters that determines user authentication and device policies – including policies on PINs, unlocking PINs, and authenticating. A profile is an externally signed file delivered with the AAA Server product.

Resource: Set of keys enabling generation of dynamic passwords or passwords capable of replying to challenges. We also use "resource" in its traditional meaning as in a protected “resource" a user wishes to access.

Virtual Private Network: A private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The idea of the VPN is to give you the same capabilities as a private or leased line system by using the shared public infrastructure (for example, phone companies provide secure shared resources for voice messages). VPNs enable you to have the same secure sharing of public resources for data. You can use a VPN for both extranets and wide-area intranets.

Wired Equivalent Privacy: A security protocol, specified in the IEEE Wireless Fidelity (WiFi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP encrypts data transmitted over the WLAN, protecting the vulnerable wireless link between clients and access points.

Acronyms

OTP: One-Time Password

VPN: Virtual Private Network

WEP: Wired Equivalent Privacy

HOTP: HMAC-based One-Time Password

TOTP: Time-based One-Time Password