Terms and Definitions

    A
  • ActivID Credential Management System (CMS)
    Formally known as ActivID Card Management System, ActivID CMS is a web-based, smart card, credential and application lifecycle management system. ActivID CMS augments and works in concert with an enterprise’s primary identity management infrastructure components, including popular directory, database, and PKI components.
    • C
  • Certificate Authority (CA)
    The CA issues and manages security credentials and public keys for message encryption in a networked environment. As part of a Public Key Infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA issues a certificate.
  • Challenge
    Random number generated by the server API for authentication of a user in the asynchronous (challenge/response) mode.
  • Cryptographic Service Provider (CSP)
    An independent software module that performs cryptography algorithms for authentication, encoding, and encryption.
    • D
  • Discovery mode
    Discovery mode enables a calling application to find out the size of the data that will be returned to by making a preliminary discovery call and then making a second call after it allocates a buffer large enough to accommodate the data that will be returned.
    • E
  • End-point card
    The PIV standard defines two interfaces for communicating with PIV cards: • The PIV transitional interface. • The PIV end-point interface. A PIV end-point card is a card that implements the second of these interfaces. Note: The PIV transitional interface is not supported by the PIV API.
    • F
  • Federal Information Processing Standard (FIPS 140-2)
    FIPS 140-2 is the standard for crypto-module security. FIPS 140-2 level 3 adds additional requirements to FIPS 140-2 level 2. These requirements concern physical security and a trusted path for entering a Cryptographic Service Provider, such as a PIN. FIPS 140-2 level 3 uses local ports and the key pad to enforce such security.
  • Federal Information Processing Standard 201 (FIPS 201)
    FIPS 201 is the standard for Personal Identity Verification (PIV) cards defined for US Government employees and contractors.
  • Force change PIN flag
    Flag which indicates whether the user must change the PIN on first use of the card.
    • I
  • Integrated circuit chip (ICC)
    The chip on the smart card.
    • M
  • Mini Driver
    Smart card middleware for the Microsoft platform that works with the Microsoft Base Smart Card CSP (Cryptographic Service Provider). The ActivClient Mini Driver replaces the ActivClient CSP available in previous versions. The Mini Driver architecture provides stronger cryptographic services.
    • O
  • One-Time Password (OTP)
    A one-time password is a password used only once to authenticate to remote applications. One-Time Passwords are only present on smart cards issued with SKI credentials.
    • P
  • Personal Identification Number (PIN)
    The Personal Identification Number (PIN) code used to access an HID Global device’s services such as Windows PKI logon, remote access and email signature. HID Global devices can only be used after a correct PIN is entered.
  • Public Key Infrastructure (PKI)
    PKI describes the laws, policies, standards, and software that regulate or manipulate certificates and public and private keys.
    • R
  • Registration Authority (RA)
    RA is an authority in a network that verifies user requests for a digital certificate and instructs the CA to issue it. An RA is part of a PKI, a networked system that enables companies and users to exchange information safely and securely.
    • S
  • Standalone smart card
    Smart card with pre-loaded applets issued by the manufacturer.
  • Symmetric Key Infrastructure (SKI)
    SKI keys are used to perform strong authentication on remote applications. SKI keys encrypt passwords in: • Synchronous mode (generates 1 password without any challenge. The server uses the same method to create a password than the smart card) • Asynchronous: encrypts a challenge
    • U
  • Unlock code
    Value that the card holder needs to provide in order to unlock a locked smart card. Depending upon the smart card unlock mechanism, the unlock code may or may not be different from the unlock key.
  • User Portal
    The CMS User Portal is a component of ActivID CMS that allows end users to access the self-service CMS functions.
    • V
  • Verification
    Process in which a signature that was produced by the signing operation is verified.
    • W
  • Weak PIN
    A weak PIN is a PIN in which: • The length is less than three characters or digits, or • The difference between each character or digit, and the following one is a constant. For example, a PIN that is a sequence of the same number (1111) or an increasing/decreasing sequence of numbers (1234, 4321) is a weak PIN.