Authentication Glossary of Terms


Access Control – Access control is the process of allowing or denying the use of a particular resource to any unauthorized persons. This could range from a lock on a car door to a PIN on an ATM system at a bank. The possession of access control is of great importance when persons seek to secure important, confidential, or sensitive information and equipment.

Authentication – Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be and is genuine. Typical electronic authentication methods involve a user presenting a username and a password. Authentication technologies include other methods of demonstrating identity, such as a using a smart card, presenting a picture ID, and biometrics technologies (e.g. retina scan, voice recognition, or fingerprints.)

Authorization – Authorization is the process of finding out if the person, once identified, is allowed to have the resource requested. This is usually determined by finding out if that person has a particular level of security clearance.

Biometric Authentication – Biometric authentication refers to any method of verifying the identity of a person by measuring an individual biological characteristic. This could include, fingerprinting, retinal scanning, iris scanning, and voice recognition.

Call Center – The call center is considered a consumer not present situation since agents are unable to review a picture ID. Agents can identify callers by verbally authenticating different pieces of information including presenting a Knowledge Based Authentication (KBA) multiple-choice quiz..

Dynamic KBA – Dynamic KBA is a higher level of verification in which questions are generated on the fly using information found on someone during an ID verification search. Basic identification factors, such as name, address and date of birth must be provided by the consumer in order to begin the verification process. Questions are then generated in real-time from data records corresponding to the individual identity provided.

Identity and Access Management (IAM) – Identity and access management deals with identifying individuals in a system such as a country, a network or an organization and controlling the access to the resources in that system by placing restrictions on the established identities.

Identity Assurance – Identity assurance is the ability for an organization to determine, with some level of certainty, that an electronic credential representing an entity, whether a human or a machine, with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

Identity Authentication – By using advanced tools and techniques, identity authentication companies are able to verify the identities of users at online retailers and web-based businesses like insurance companies, healthcare companies, and financial institutions, among others. Identity authentication is at the heart of online security. If you do not know who is buying from you or using your services; then what do you know? Read more about Identity Authentication here.

Intelligent Questioning – Intelligent questioning is a process that occurs during a KBA session. During this process, actual consumer data, which can be either internal or public, is used to develop correct and incorrect answers.

Internal Data – Internal data refers to any information useful to the KBA process found within a company. Information is focused strictly around the consumer, making it almost impossible for a fraudster to know the answer to the question and helping to solve the problem of familiar fraud.

Knowledge Based Authentication (KBA) – Knowledge based authentication, also known as KBA, is a type of authentication which looks to prove that the person providing identity information truly is that exact person. As its name suggests, KBA is based on some sort of knowledge the individual has. There are two different forms of KBA, dynamic KBA and static KBA. IDology uses dynamic KBA.

Layered Authentication – Layered authentication refers to the different levels of verification used when dealing with identity and access management that help enhance security and prevent phishing.

Return to Top


NIST Level 3 – One of the four levels of assurance for identity proofing as defined in the electronic authentication guideline issued by NIST. Level 3 is the highest level of assurance for remote identity proofing and requires that an identity be matched with a financial account number (e.g. credit card or bank account)

OpenID – An web identity system that lets people use a single username and password to log in and authenticate themselves to any OpenID-compliant Web sites. OpenID is a free system that is distributed across the Internet and maintained by numerous organizations, including major sites such as AOL and Yahoo!.

Out of Wallet Questions – Out of wallet questions refer to the data businesses use to dynamically formulate questions intended to verify customers are who they say they are. The content of these questions is generated from information within a person’s credit history or public records data. The term “out-of-wallet” refers to information that cannot be found in a wallet or a purse, making it difficult for anyone other than the actual person to know the answer. These questions are typically based on places someone has lived, cars they have owned or people that they know.

Password – A password is a word or other collection of characters used for authentication. It serves as a security device to gain access to a resource.

ProofingIdentity proofing is a common term used to describe the act of verifying a person’s identity, as in verifying the “proof of an ID”. Other terms to describe this process include identity verfication and identity vetting.

PKI – Public Key Infrastructure (PKI) is the basis for the digital signature which verifies and authenticates the validity of the signer involved in an internet transaction.

Return to Top


Relying Party – A Web site or other entity on the Internet that uses an identity provider to authenticate a user who wants to log in. Known as a “relying party,” because the website relies on the provider for authentication.

Risk-Based Authentication – Risk-based authentication uses multiple factors to determine whether or not a person is who they claim to be online. Typically, this technique includes the traditional username and password in addition to who the user is, from where they are logging in, and what kind of device they are using. Information such as historical data is also used, which includes attributes provided from the session as well as user behavior and transaction patterns.

Security Token – A security token is a physical device that the owner carries to authorize access to a network service. They are used to prove one’s identity electronically and provide an extra level of assurance through a method known as two-factor authentication.

Shared Secrets – Shared secrets are a set of security questions used to authenticate someone’s identity when you have previously vetted their ID and know who they are. Many people are familiar with this method because it is commonly deployed in banks when someone forgets their password. Shared secrets technology requires the consumer to supply the answers to the questions in advance. These answers are then stored in a database and referenced in the future to verify it is that customer. Examples of shared secrets are “What is your mother’s maiden name?” and “What is the name of your favorite pet?”

Static KBA – Static KBA is commonly referred to as shared secrets. These questions rely on information collected after you have established a relationship with a consumer, such as “What is your Mother’s maiden name?” or “What was your high school mascot?” The consumer picks a question and shares the answer with the business which is then stored in a database to use later.

Two-Way Authentication –Two-way authentication refers to a process in which both entities, the user and server, authenticate each other in such a way that both are assured of the others’ identity. This allows network users to be sure that they are doing business exclusively with legitimate entities and servers can be certain that all network users are attempting to gain access for legitimate purposes.

Verification –Verification is the process used to confirm an identity in instances where the customer is not standing before you to show some sort of picture ID. This process requires specific information from the consuemr to be gathered such as name, address, social security number, driver’s license and date of birth.

Vetting – Identity vetting is used to describe the process of validating an ID. Identity vetting is another way of describing identity proofing and identity verification

Return to Top

All Glossaries