Exam 23: Internet Authentication Applications

In Kerberos,the ___________ decrypts the ticket and authenticator,verifies the request,and creates ticket for requested server.

_______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository.

A full-service Kerberos environment consisting of a Kerberos server that has the user ID and password of all participating users in its database and shares a secret key with each server,all users and servers being registered with the Kerberos server,is referred to as a Kerberos ______.

_______ certificates are used in most network security applications,including IP security,secure sockets layer,secure electronic transactions,and S/MIME.

The _______ consists of two dates: the first and last on which the certificate is valid.

The ticket contains the user's ID,the server's ID,a __________,a lifetime after which the ticket is invalid,and a copy of the same session key sent in the outer message to the client.

Initialization begins the process of enrolling in a PKI.

_______ systems are automated methods of verifying or recognizing identity on the basis of some physiological or behavioral characteristic.

X.509 provides a format for use in revoking a key before it expires.

An obvious security risk is that of impersonation.

CMP,defined in RFC 2510,is designed to be a flexible protocol able to accommodate a variety of technical,operational,and business models.

Kerberos is designed to counter only one specific threat to the security of a client/server dialogue.

_______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.

Update is not required when the certificate lifetime expires or as a result of certificate revocation.

The ticket-granting ticket is not reusable.

A principal element of an identity management system is _______.

________ is a set of SOAP extensions for implementing message integrity and confidentiality in Web services.

The _________ is an optional bit string field used to identify uniquely the issuing CA in the event the X.500 name has been reused for different entities.

A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

Because serial numbers are unique within a CA,the serial number is sufficient to identify the certificate.