GIST v0.7 ― F
“face monitoring” to “fusion”
F
-
- face monitoring n.
-
iAfB-ICSA 1999
-
A biometric application of face recognition technology where the biometric system monitors the attendance of an end user. This may be over or covert.
-
- face recognition n.
-
iAfB-ICSA 1999
-
A physical biometric that analyses facial features.
-
- facial thermogram n.
-
iAfB-ICSA 1999
-
A specialised face recognition technique that senses heat in the face caused by the flow of blood under the skin.
-
- fail safe n.
-
ISO/IEC 2382-8:1998
-
failsafe
-
Pertaining to avoidance of compromise in the event of a failure.
-
RFC 2828 (2000)
-
(I) A mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system.
-
- fail soft n.
-
RFC 2828 (2000)
-
(I) Selective termination of affected non-essential system functions and processes when a failure occurs or is detected in the system.
-
- failure access n.
-
ISO/IEC 2382-8:1998
-
An unauthorized and usually inadvertent access to data in a data processing system, resulting from a failure of hardware or software.
-
- failure control n.
-
RFC 2828 (2000)
-
(I) A methodology used to provide fail-safe or fail-soft termination and recovery of functions and processes when failures are detected or occur in a system. [FP039]
-
- failure to acquire n.
-
iAfB-ICSA 1999
-
Failure of a biometric system to capture a sample and extract biometric data.
-
JTC 1/SC 37 (2008)
-
Failure of the probe acquisition process.
-
Note: Possible causes of failure to acquire include poor biometric sample quality, algorithmic deficiencies and biometric characteristics outside the range of the system.
-
JTC 1/SC 37 doesn’t define probe acquisition process; see: biometric probe, acquisition.
-
- failure to acquire rate n.
-
iAfB-ICSA 1999
-
The frequency of a failure to acquire.
-
BEM 2002 – (FTA)
-
The failure to acquire rate is the proportion of attempts for which a biometric system is unable to capture an image of sufficient quality. When a biometric system allows multiple attempts, FTA measures failure to capture over these multiple attempts.
-
JTC 1/SC 37 (2008) – 3.6.9
-
Proportion of a specified set of probe acquisitions that failed to create a biometric probe.
-
Note 1: The experimenter specifies which probe acquisitions are in the set as well as the criteria for deeming an acquisition to be a failure.
-
Note 2: Acquisition is a process, so the proportion is the number of processes that failed over the total number of processes.
-
JTC 1/SC 37 doesn’t define probe acquisition; see: biometric probe, acquisition.
-
- failure to capture n.
-
JTC 1/SC 37 (2008) – 3.6.10
-
Failure of the biometric capture process to produce a captured biometric sample that is acceptable for use.
-
Note: Acceptability will be dependent on policy.
-
- failure to enrol, - failure to enroll n.
-
iAfB-ICSA 1999
-
Failure of a biometric system to form a proper enrolment template for an end-user. The failure may be due to failure to capture the biometric sample or failure to extract template data (of sufficient quality).
-
JTC 1/SC 37 (2008) – 3.6.11
-
Failure to create and store an enrolment data record for an eligible biometric capture subject, in accordance with an enrolment policy.
-
Note: Not enrolling someone ineligible to enrol is not a failure to enrol.
-
- failure to enrol rate, - failure to enroll rate n.
-
iAfB-ICSA 1999
-
The proportion of the population of end-users failing to complete enrolment.
-
BEM 2002 – (FTE)
-
The failure to enrol rate is the proportion of the user population for whom the biometric system is unable to generate reference templates of sufficient quality. It is the equivalent of FTA for the enrolment process, and depends on the procedures used in enrolment (which may differ from the procedures for later identification). It includes those who, for physical or behavioural reasons, are unable to present the required biometric feature.
-
JTC 1/SC 37 (2008) – 3.6.12
-
Proportion of biometric enrolment transactions (that did not fail for non-biometric reasons), that resulted in a failure to enrol.
-
Note 1: Basing the denominator on the number of biometric enrolment transactions may result in a higher value than basing it on the number of biometric capture subjects.
-
Note 1: The proportion denominator is the number of biometric enrolment transactions, excluding those transactions that failed to complete for non-biometric reasons.
-
- Fair Information Practices n.
-
SCA ISCTAG (2007)
-
The basis for privacy best practices, both online and offline. The Practices originated in the U.S. Privacy Act of 1974, the legislation that protects personal information collected and maintained by the U.S. government. The Fair Information Practices include notice, choice, access, onward transfer, security, data integrity, and remedy.
-
- fake sector n.
-
ISO/IEC 2382-8:1998
-
A sector consisting of a header but no data, used in large numbers on a disk to cause an unauthorized copying program to fail to copy the disk.
-
- false acceptance n.
-
iAfB-ICSA 1999
-
When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity. (Also known as a type II error.)
-
BEM 2002
-
An incorrect identification of an individual, or an incorrect verification of an impostor.
-
NIST IR 7298 (2006)
-
FIPS 201
-
When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity
-
- false acceptance rate (FAR) n.
-
iAfB-ICSA 1999
-
The probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. (Also known as [a] type II error rate.) The rate given normally assumes passive impostor attempts. The FAR may be estimated as:
or
where
-
FAR is the false acceptance rate
-
NFA is the number of false acceptances
-
NIIA is the number of impostor identification attempts
-
NIVA is the number of impostor verification attempts
-
BEM 2002
-
false accept rate
-
The probability that a biometric system will incorrectly identify an individual, or will fail to reject an impostor. For a positive (verification) system, it can be estimated from:
(the number of false acceptances)/(the number of impostor verification attempts).
-
NIST IR 7298 (2006)
-
FIPS 201
-
The probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. The rate given normally assumes passive impostor attempts.
-
- false match n.
-
JTC 1/SC 37 (2006⇒2008)
-
Comparison decision of “match” for a reference probe biometric sample and a biometric reference that are not from the same source from different biometric capture subjects.
-
Note: It is recognized that this definition considers only the false match at the subject level and not at the characteristic level. Sometimes a comparison decision of “match” for a recognition probe biometric sample and a biometric reference from different biometric characteristics of the same biometric data subject is also considered to be a false match. For example, a “match” decision when comparing Galton ridges of different fingers of the same biometric data subject might be considered a false match, while a “match” decision for a mispronounced pass-phrase in text-dependent speaker recognition might be considered a correct match.
-
- false match rate (FMR) n.
-
iAfB-ICSA 1999
-
Alternative to false acceptance rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrolee. In such applications, the concepts of acceptance and rejection are reversed, thus reversing the meaning of false acceptance and false rejection. See also false non-match rate.
-
BEM 2002
-
The rate for incorrect positive matches by the matching algorithm for single template comparison attempts. For a biometric system that uses just one attempt to decide acceptance, FMR is the same as FAR. When multiple attempts are combined in some manner to decide acceptance, FAR is more meaningful at the system level than FMR.
-
NIST IR 7298 (2006)
-
FIPS 201
-
Alternative to false acceptance rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an applicant.
-
JTC 1/SC 37 (2008)
-
Proportion of the completed biometric non-match comparison trials that result in a false match.
-
Note 1: The value computed for the false match rate will depend on thresholds, and other parameters of the comparison process, and the protocol defining the biometric non-match comparison trials. In particular, treatment of comparisons between:
-
identical twins;
-
completely different biometric characteristics of different individuals, such as face topography and Galton ridges;
-
different, but related biometric characteristics from the same individual, such as left and right hand topography;
will need proper consideration. See ISO 19795-1.
-
Note 2: “Completed” refers to the computational processes required to make a comparison decision, i.e. failures to decide are excluded.
-
- false non-match n.
-
JTC 1/SC 37 (2006⇒2008)
-
Comparison decision of “non-match” for a recognition probe biometric sample and a biometric reference that are from the same source biometric capture subject and of the same biometric characteristic.
-
Note: There may need to be consideration on how much mis-action on the part of the biometric capture subject is tolerated before the recognition probe biometric sample and the biometric reference are deemed to be of different biometric characteristics.
-
- false non-match rate (FNMR) n.
-
iAfB-ICSA 1999
-
Alternative to false rejection rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrolee. In such applications, the concepts of acceptance and rejection are reversed, thus reversing the meaning of false acceptance and false rejection. See also false match rate.
-
BEM 2002
-
The rate for incorrect negative matches by the matching algorithm for single template comparison attempts. For a biometric system that uses just one attempt to decide acceptance, FNMR is the same as FRR. When multiple attempts are combined in some manner to decide acceptance, FRR is more meaningful at the system level than FNMR.
-
NIST IR 7298 (2006)
-
FIPS 201
-
Alternative to false rejection rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an applicant.
-
JTC 1/SC 37 (2008)
-
Proportion of the completed biometric match comparison trials that result in a false non-match.
-
Note 1: The value computed for the false non-match rate will depend on thresholds, and other parameters of the comparison process, and the protocol defining the biometric match comparison trials.
-
Note 2: “Completed” refers to the computational processes required to make a comparison decision, i.e. failures to decide are excluded.
-
- false positive n.
-
NIST IR 7298 (2006)
-
SP 800-61
-
An alert that incorrectly indicates that malicious activity is occurring.
-
- false rejection n.
-
iAfB-ICSA 1999
-
When a biometric system fails to identify an enrolee or fails to verify the legitimate claimed identity of an enrolee. (Also known as a type I error.)
-
BEM 2002
-
A failure to identify or verify a genuine enrolee.
-
NIST IR 7298 (2006)
-
FIPS 201
-
When a biometric system fails to identify an applicant or fails to verify the legitimate claimed identity of an applicant.
-
- false rejection rate (FRR) n.
-
iAfB-ICSA 1999
-
The probability that a biometric system will fail to identify an enrolee, or verify the legitimate claimed identity of an enrolee. (Also known as a type I error rate.)
or
where
-
FRR is the false rejection rate
-
NFR is the number of false rejections
-
NEIA is the number of enrolee identification attempts
-
NEVA is the number of enrolee verification attempts
-
BEM 2002
-
false reject rate
-
The probability that a biometric system will fail to identify a genuine enrolee. For a positive (verification) system, it can be estimated from:
(the number of false rejects)/(the number of enrolee verification attempts).
-
NIST IR 7298 (2006)
-
FIPS 201
-
The probability that a biometric system will fail to identify an applicant, or verify the legitimate claimed identity of an applicant.
-
- family n.
-
SC 27 SD 6 (2002)
-
ISO/IEC 15408-1: 1999
-
A grouping of components that share security objectives but may differ in emphasis or rigour.
-
- Faraday cage n.
-
SCA ISCTAG (2007)
-
An enclosure formed by conducting material, or by a mesh of such material, that blocks out external static electrical fields. Any electric field will cause the charges to rearrange so as to completely cancel the field’s (RF signal) effects in the cage’s interior.
-
- FASC-N n.
-
See: Federal Agency Smart Credential Number.
-
- FB n.
-
See: feedback buffer
-
See: biometric feature extraction process.
-
- federal agency n.
-
See: agency.
-
- Federal Agency Smart Credential Number (FASC-N) n.
-
SCA ISCTAG (2007)
-
The data element that is the main identifier on the PIV card and that is used by a physical access control system.
-
- Federal Bridge Certification Authority (FBCA) n.
-
NIST IR 7298 (2006)
-
SP 800-32
-
The Federal Bridge Certification Authority consists of a collection of public key infrastructure components (certificate authorities, directories, certificate policies and certificate practice statements) that are used to provide peer-to-peer interoperability among Agency Principal Certification Authorities.
-
- Federal Bridge Certification Authority Membrane n.
-
NIST IR 7298 (2006)
-
SP 800-32
-
The Federal Bridge Certification Authority Membrane consists of a collection of public key infrastructure components including a variety of certification authority PKI products, databases, CA-specific directories, border directory, firewalls, routers, randomizers, etc.
-
- Federal Bridge Certification Authority Operational Authority n.
-
NIST IR 7298 (2006)
-
SP 800-32
-
The Federal Bridge Certification Authority Operational Authority is the organization selected by the Federal Public Key Infrastructure Policy Authority to be responsible for operating the Federal Bridge Certification Authority.
-
- Federal Information Processing Standards (FIPS) n.
-
RFC 2828 (2000)
-
(N) The Federal Information Processing Standards Publication (FIPS PUB) series issued by the U.S. National Institute of Standards and Technology as technical guidelines for U.S. Government procurements of information processing system equipment and services. [FP031, FP039, FP046, FP081, FP102, FP113, FP140, FP151, FP180, FP185, FP186, FP188]
-
(C) Issued under the provisions of section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235.
-
NIST IR 7298 (2006)
-
FIPS 201
-
A standard for adoption and use by Federal agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.
-
SCA ISCTAG (2007)
-
A standard for adoption and use by Federal departments and agencies that has been developed within the Information Technology Laboratory and published by NIST, a part of the U.S. Department of Commerce. A FIPS publication covers some topic in information technology to achieve a minimum level of quality or interoperability.
-
IAEG LIAF (2008)
-
Standards and guidelines issued by the National Institute of Standards and Technology (NIST) for use government- wide in the United States. NIST develops FIPS when the U.S. Federal government has compelling requirements, such as for security and interoperability, for which no industry standards or solutions are acceptable.
-
- Federal Information Security Management Act (FISMA) n.
-
NIST IR 7298 (2006)
-
SP 800-65
-
FISMA requires agencies to integrate IT security into their capital planning and enterprise architecture processes at the agency, conduct annual IT security reviews of all programs and systems, and report the results of those reviews to the Office of Management and Budget (OMB).
-
- federal information system n.
-
NIST IR 7298 (2006)
-
SP 800-53; FIPS 200; FIPS 199; 40 U.S.C., Sec. 11331
-
An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.
-
- Federal Information Systems Security Educators’ Association (FISSEA) n.
-
NIST IR 7298 (2006)
-
SP 800-16
-
An organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce.
-
- Federal Public-Key Infrastructure (FPKI)
-
RFC 2828 (2000)
-
(N) A PKI being planned to establish facilities, specifications, and policies needed by the U.S. Federal Government to use public-key certificates for INFOSEC, COMSEC, and electronic commerce involving unclassified but sensitive applications and interactions between Federal agencies as well as with entities of other branches of the Federal Government, state, and local governments, business, and the public. [FPKI]
-
- Federal Public Key Infrastructure Policy Authority (FPKI PA) n.
-
NIST IR 7298 (2006)
-
SP 800-32
-
The Federal PKI Policy Authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency PKI interoperability that uses the FBCA.
-
- Federal Standard 1027 n.
-
RFC 2828 (2000)
-
(N) An U.S. Government document defining emanation, anti-tamper, security fault analysis, and manual key management criteria for DES encryption devices, primary for OSI layer 2. Was renamed FIPS PUB 140 when responsibility for protecting unclassified, sensitive information was transferred from NSA to NIST, and then was superseded by FIPS PUB 140-1.
-
- federate v.
-
OASIS SAML 2.0 (2005)
-
To link or bind two or more entities together [Merriam].
-
- federated identity n.
-
OASIS SAML 2.0 (2005)
-
A principal’s identity is said to be federated between a set of providers when there is an agreement between the providers on a set of identifiers and/or attributes to use to refer to the principal.
-
modonisIDM (2005)
-
Definition: A federated identity is a credential of an entity that links an entity’s partial identity from one context to a partial identity from another context.
-
SCA ISCTAG (2007)
-
In information technology (IT), federated identity has two general meanings:
-
-
The virtual reunion, or assembled identity, of a person’s user information (or principal), stored across multiple distinct identity management systems. Data is joined together by use of the common token, usually the user name.
-
The process of a user’s authentication across multiple IT systems or even organizations.
-
- federated identity management n.
-
IAEG LIAF (2008)
-
A system that allows individuals to use the same user name, password, or other personal identification to sign on to the networks of more than one enterprise in order to conduct transactions.
-
- federation n.
-
OASIS SAML 2.0 (2005)
-
This term is used in two senses in SAML:
-
- federation operator n.
-
IAEG LIAF (2008)
-
An individual or group that defines standards for its respective federation, or trust community and evaluates participation in the community or network to ensure compliance with policy, including the ability to request audits of participants for verification.
-
- feedback buffer (FB) n.
-
SC 27 SD 6 (2002)
-
ISO/IEC CD 10116 (12/2001)
-
Variable used to store input data for the encipherment process. At the starting point FB has the value of SV.
-
- field test n., - field trial n.
-
iAfB-ICSA 1999
-
A trial of a biometric application in “real world” as opposed to laboratory conditions.
-
- file access permissions n.
-
UNIX2:1997
-
The standard file access control mechanism uses the file permission bits, as described below. These bits are set at the time of file creation by functions such as open(), creat(), mkdir() and mkfifo() and are changed by chmod(). These bits are read by stat() or fstat().
-
Implementations may provide additional or alternate file access control mechanisms, or both. [more]
-
- file infector virus n.
-
NIST IR 7298 (2006)
-
SP 800-61
-
A virus that attaches itself to a program file, such as a word processor, spreadsheet application, or game.
-
- file integrity checker n.
-
NIST IR 7298 (2006)
-
SP 800-61
-
Software that generates, stores, and compares message digests for files to detect changes to the files.
-
- file mode n.
-
UNIX2:1997
-
An object containing the file mode bits and file type of a file, as described in <sys/stat.h>.
-
sys/stat.h - data returned by the stat() function
-
The <sys/stat.h> header defines the structure of the data returned by the functions fstat(), lstat(), and stat(). The structure stat contains at least the following members:
-
|
dev_t
|
st_dev
|
ID of device containing file
|
|
ino_t
|
st_ino
|
file serial number
|
|
mode_t
|
st_mode
|
mode of file (see below)
|
|
nlink_t
|
st_nlink
|
number of links to the file
|
|
uid_t
|
st_uid
|
user ID of file
|
|
gid_t
|
st_gid
|
group ID of file
|
|
dev_t
|
st_rdev
|
device ID (if file is character or block special)
|
|
off_t
|
st_size
|
file size in bytes (if file is a regular file)
|
|
time_t
|
st_atime
|
time of last access
|
|
time_t
|
st_mtime
|
time of last data modification
|
|
time_t
|
st_ctime
|
time of last status change
|
|
blksize_t
|
st_blksize
|
a filesystem-specific preferred I/O block size for this object. In some filesystem types, this may vary from file to file
|
|
blkcnt_t
|
st_blocks
|
number of blocks allocated for this object
|
-
File serial number and device ID taken together uniquely identify the file within the system. […]
-
The following symbolic names for the values of st_mode are also defined:
-
|
File type
|
|
S_IFMT
|
type of file
|
|
S_IFBLK
|
block special
|
|
S_IFCHR
|
character special
|
|
S_IFIFO
|
FIFO special
|
|
S_IFREG
|
regular
|
|
S_IFDIR
|
directory
|
|
S_IFLNK
|
symbolic link
|
|
File mode bits
|
|
S_IRWXU
|
read, write, execute/search by owner
|
S_IRWXU is the bitwise OR of S_IRUSR, S_IWUSR and S_IXUSR
|
the file permission bits are defined to be those corresponding to the bitwise inclusive OR of S_IRWXU, S_IRWXG and S_IRWXO
|
|
S_IRUSR
|
read permission, owner
|
|
S_IWUSR
|
write permission, owner
|
|
S_IXUSR
|
execute/search permission, owner
|
|
S_IRWXG
|
read, write, execute/search by group
|
S_IRWXG is the bitwise OR of S_IRGRP, S_IWGRP and S_IXGRP
|
|
S_IRGRP
|
read permission, group
|
|
S_IWGRP
|
write permission, group
|
|
S_IXGRP
|
execute/search permission, group
|
|
S_IRWXO
|
read, write, execute/search by others
|
S_IRWXO is the bitwise OR of S_IROTH, S_IWOTH and S_IXOTH
|
|
S_IROTH
|
read permission, others
|
|
S_IWOTH
|
write permission, others
|
|
S_IXOTH
|
execute/search permission, others
|
|
S_ISUID
|
set-user-ID on execution
|
|
S_ISGID
|
set-group-ID on execution
|
|
S_ISVTX
|
on directories, restricted deletion flag
|
-
[more]
-
- file name anomaly n.
-
NIST IR 7298 (2006)
-
SP 800-72
-
-
A mismatch between the internal file header and its external extension;
-
A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension.
-
- file permission bits n.
-
UNIX2:1997
-
Information about a file that is used, along with other information, to determine if a process has read, write or execute/search permission to a file. The bits are divided into three parts: owner, group and other. Each part is used with the corresponding file class of processes. These bits are contained in the file mode, as described in <sys/stat.h>. The detailed usage of the file permission bits in access decisions is described in file access permissions.
-
- file protection n.
-
ISO/IEC 2382-8:1998
-
The implementation of appropriate administrative, technical, or physical means to guard against the unauthorized access to, modification of, or deletion of a file.
-
- File Transfer Protocol (FTP) n.
-
RFC 2828 (2000)
-
(I) A TCP-based, application-layer, Internet Standard protocol [R0959] for moving data files from one computer to another.
-
- filtering n.
-
iAfB-ICSA 1999
-
1. The process of classifying biometric data according to information that is unrelated to the biometric data itself. This may involve filtering by sex, age, hair colour or other distinguishing factors, and including this information in an end user’s database record. This term is particularly used in conjunction with Automated Fingerprint Identification Systems.
-
2. A specialised technique used by some AFIS vendors. Filtering is the process of classifying finger images according to data which is unrelated to the finger image itself. This may involve filtering by sex, age, hair colour or other distinguishing factors.
-
The process of classifying the biometric data from fingerprintsaccording to information that is unrelated to the biometric data itself – e.g., an end user’s sex, age, hair colour or other distinguishing factors – and including this information in an end user’s database record. This is a specialised technique used by some AFIS vendors and (hence) the term is particularly used in conjunction with these systems. Compare: binning.
-
- filtering router n.
-
RFC 2828 (2000)
-
(I) An internetwork router that selectively prevents the passage of data packets according to a security policy.
-
(C) A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router. The rules mostly involve values of data packet control fields (especially IP source and destination addresses and TCP port numbers). [R2179]
-
- financial institution n.
-
RFC 2828 (2000)
-
(N) “An establishment responsible for facilitating customer-initiated transactions or transmission of funds for the extension of credit or the custody, loan, exchange, or issuance of money.” [SET2]
-
- finger geometry n.
-
iAfB-ICSA 1999
-
A physical biometric that analyses the shape and dimensions of one or more fingers.
-
- finger image n.
-
See: biometric characteristic, fingerprint.
-
- fingerprint n.
-
iAfB-ICSA 1999
-
finger image
-
A physical biometric which looks at the patterns found in the tip of the finger.
-
RFC 2828 (2000)
-
(I) A pattern of curves formed by the ridges on a fingertip. (See: biometric authentication, thumbprint.)
-
(D) ISDs SHOULD NOT use this term as a synonym for hash result because it mixes concepts in a potentially misleading way.
-
(D) ISDs SHOULD NOT use this term with the following PGP definition, because the term and definition mix concepts in a potentially misleading way and duplicate the meaning of hash result
-
(O) PGP usage: A hash result used to authenticate a public key (key fingerprint) or other data. [PGP]
-
Strictly a fingerprint is the impression left by a fingertip on any surface (compare: footprint) or an ink impression of the friction ridges on the fingertip taken for the purpose of identification. The image or pattern used within biometrics is known more formally as a (Galton) ridge structure.
-
- fingerprinting n.
-
iAfB-ICSA 1999
-
A synonym for fingerscanning.
-
- fingerscanning n.
-
iAfB-ICSA 1999
-
The process of finger image capture.
-
- finite commutative group n.
-
SC 27 SD 6 (2002)
-
ISO/IEC 14888-3: 1998
-
A finite set J with the binary operation * such that:
-
For all a, b, c ∈ J, (a*b)*c = a*(b*c).
-
There exists e ∈ J with e*a = a for all a ∈ J.
-
For all a ∈ J there exists b ∈ J with b*a = e.
-
For all a, b ∈ J, a*b = b*a.
-
- FIPS n.
-
See: Federal Information Processing Standards.
-
- FIPS-Approved Security Method n.
-
NIST IR 7298 (2006)
-
FIPS 196
-
A security method (e.g., cryptographic algorithm, cryptographic key generation algorithm or key distribution technique, random number generator, authentication technique, or evaluation criteria) that is either (a) specified in a FIPS, or (b) adopted in a FIPS.
-
- FIPS PUB n.
-
NIST IR 7298 (2006)
-
SP 800-64
-
An acronym for Federal Information Processing Standards Publication. FIPS publications (PUB) are issued by NIST after approval by the Secretary of Commerce.
-
- FIPS PUB 140-1 n.
-
RFC 2828 (2000)
-
(N) The U.S. Government standard [FP140] for security requirements to be met by a cryptographic module used to protect unclassified information in computer and communication systems. (See: Common Criteria, FIPS, Federal Standard 1027.)
-
(C) The standard specifies four increasing levels (from Level 1 to Level 4) of requirements to cover a wide range of potential applications and environments. The requirements address basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference and electromagnetic compatibility (EMI/EMC), and self-testing. NIST and the Canadian Communication Security Establishment jointly certify modules.
-
- FIPS PUB 201, - FIPS 201 n.
-
SCA ISCTAG (2007)
-
FIPS 201
-
Federal Information Processing Standard Publication 201, Personal Identity Verification (PIV) of Federal Employees and Contractors.
-
- firewall n.
-
RFC 2828 (2000)
-
(I) An internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be inside the firewall) and thus protects that network’s system resources against threats from the other network (the one that is said to be outside the firewall). (See: guard, security gateway.)
-
(C) A firewall typically protects a smaller, secure network (such as a corporate LAN, or even just one host) from a larger network (such as the Internet). The firewall is installed at the point where the networks connect, and the firewall applies security policy rules to control traffic that flows in and out of the protected network.
-
(C) A firewall is not always a single computer. For example, a firewall may consist of a pair of filtering routers and one or more proxy servers running on one or more bastion hosts, all connected to a small, dedicated LAN between the two routers. The external router blocks attacks that use IP to break security (IP address spoofing, source routing, packet fragments), while proxy servers block attacks that would exploit a vulnerability in a higher layer protocol or service. The internal router blocks traffic from leaving the protected network except through the proxy servers. The difficult part is defining criteria by which packets are denied passage through the firewall, because a firewall not only needs to keep intruders out, but usually also needs to let authorized users in and out.
-
NIST IR 7298 (2006)
-
SP 800-32
-
A gateway that limits access between networks in accordance with local security policy.
-
- firewall control proxy n.
-
NIST IR 7298 (2006)
-
SP 800-58
-
The component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.
-
- firewall environment n.
-
NIST IR 7298 (2006)
-
SP 800-41
-
A firewall environment is a collection of systems at a point on a network that together constitute a firewall implementation. A firewall environment could consist of one device or many devices such as several firewalls, intrusion detection systems, and proxy servers.
-
- firewall platform n.
-
NIST IR 7298 (2006)
-
SP 800-41
-
A firewall platform is the system device upon which a firewall is implemented. An example of a firewall platform is a commercial operating system running on a personal computer.
-
- firewall ruleset n.
-
NIST IR 7298 (2006)
-
SP 800-41
-
A firewall ruleset is a table of instructions that the firewall uses for determining how packets should be routed between its interfaces. In routers, the ruleset can be a file that the router examines from top to bottom when making routing decisions.
-
- firmware n.
-
RFC 2828 (2000)
-
(I) Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. (See: hardware, software.)
-
NIST IR 7298 (2006)
-
FIPS 140-2
-
The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.
-
- FIRST n.
-
See: Forum of Incident Response and Security Teams.
-
- FISMA n.
-
See: Federal Information Security Management Act.
-
- fixed-text system n.
-
See: text-dependent system.
-
- flaw n.
-
ISO/IEC 2382-8:1998
-
flaw, loophole
-
An error of commission, an omission, or an oversight that allows protection mechanisms to be bypassed or disabled.
-
- flaw hypothesis methodology n.
-
RFC 2828 (2000)
-
(I) An evaluation or attack technique in which specifications and documentation for a system are analyzed to hypothesize flaws in the system. The list of hypothetical flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming it does, on the ease of exploiting it and the extent of control or compromise it would provide. The prioritized list is used to direct a penetration test or attack against the system. [NCS04]
-
- flooding n.
-
ISO/IEC 2382-8:1998
-
Accidental or intentional insertion of a large volume of data resulting in denial of service.
-
RFC 2828 (2000)
-
(I) An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly. (See: denial of service.)
-
- flow analysis n.
-
RFC 2828 (2000)
-
(I) An analysis performed on a nonprocedural formal system specification that locates potential flows of information between system variables. By assigning security levels to the variables, the analysis can find some types of covert channels.
-
- flow control n.
-
RFC 2828 (2000)
-
(I) A procedure or technique to ensure that information transfers within a system are not made from one security level to another security level, and especially not from a higher level to a lower level. (See: covert channel, simple security property, confinement property.)
-
- forensic copy n.
-
NIST IR 7298 (2006)
-
SP 800-72
-
An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
-
- forensic specialist n.
-
NIST IR 7298 (2006)
-
SP 800-72
-
A professional who locates, identifies, collects, analyzes and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.
-
- forensics, computer n.
-
See: computer forensics.
-
- form factor n.
-
SCA ISCTAG (2007)
-
The physical device that contains the smart card chip. Smart chip-based devices can come in a variety of form factors, including plastic cards, key fobs, wristbands, wristwatches, PDAs, and mobile phones.
-
- formal n.
-
SC 27 SD 6 (2002)
-
ISO/IEC 15408-1: 1999
-
Expressed in a restricted syntax language with defined semantics based on well-established mathematical concepts.
-
- formal specification n.
-
RFC 2828 (2000)
-
(I) A specification of hardware or software functionality in a computer-readable language; usually a precise mathematical description of the behavior of the system with the aim of providing a correctness proof.
-
- formatting function n.
-
NIST IR 7298 (2006)
-
SP 800-38C
-
The function that transforms the payload, associated data, and nonce into a sequence of complete blocks.
-
- formulary n.
-
RFC 2828 (2000)
-
(I) A technique for enabling a decision to grant or deny access to be made dynamically at the time the access is attempted, rather than earlier when an access control list or ticket is created.
-
- FORTEZZA™ n.
-
RFC 2828 (2000)
-
(N) A registered trademark of NSA, used for a family of interoperable security products that implement a NIST/NSA-approved suite of cryptographic algorithms for digital signature, hash, encryption, and key exchange. The products include a PC card that contains a CAPSTONE chip, serial port modems, server boards, smart cards, and software implementations.
-
- Forum of Incident Response and Security Teams (FIRST) n.
-
RFC 2828 (2000)
-
(N) An international consortium of CSIRTs that work together to handle computer security incidents and promote preventive activities. (See: CSIRT, security incident.)
-
(C) FIRST was founded in 1990 and, as of September 1999, had nearly 70 members spanning the globe. Its mission includes:
-
Provide members with technical information, tools, methods, assistance, and guidance.
-
Coordinate proactive liaison activities and analytical support.
-
Encourage development of quality products and services.
-
Improve national and international information security for government, private industry, academia, and the individual.
-
Enhance the image and status of the CSIRT community.
-
- forward cipher n.
-
NIST IR 7298 (2006)
-
SP 800-67
-
One of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.
-
- forward recovery n.
-
ISO/IEC 2382-8:1998
-
The data reconstitution of a later version of data by using an earlier version and data recorded in a journal.
-
- forward secrecy n.
-
See: public-key forward secrecy.
-
- forward secrecy with respect to A, - forward secrecy with respect to both A and B individually n.
-
See: public-key forward secrecy.
-
- FPKI n.
-
See: Federal Public-Key Infrastructure.
-
- free-text system n.
-
See: text-independent system.
-
- front channel n.
-
OASIS SAML 2.0 (2005)
-
Front channel refers to the “communications channel” that can be effected between two HTTP-speaking servers by employing “HTTP redirect” messages and thus passing messages to each other via a user agent, e.g. a web browser, or any other HTTP client [RFC2616]. See also back channel.
-
- FTP n.
-
See: File Transfer Protocol.
-
- fusion n.
-
ISO/IEC 2382-8:1998
-
A synonym for linkage.
