Protocol

In information technology, a protocol is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities.

Extensible Authentication Protocol (EAP)

Extensible Authentication Protocol (EAP) is an authentication framework, not a specific authentication mechanism, frequently used in wireless networks and point-to-point connections. It provides some common functions and negotiation of authentication methods called EAP methods. The EAP protocol can support multiple authentication mechanisms without having to pre-negotiate a particular one. There are currently about 40 different methods defined. EAP authentication is initiated …

Secure, Quick, Reliable Login (SQRL)

Secure, Quick, Reliable Login, or SQRL (pronounced “squirrel”), is a draft open standard for anonymous and secure user identification and authentication to websites and web applications. It is proposed by its inventor Steve Gibson as an easy-to-use replacement for usernames, passwords and MFA. SQRL was designed to eliminate username and password authentication to remote websites. When using SQRL, users need only …

Open Authorization (OAuth)

OAuth is an open standard that allows users to provide websites or applications with delegated access to their information that is stored on other websites or applications, without giving their credentials (i.e. password) to directly access the account where the information is stored. Instead, a delegated access token is provided which specifies access permissions. For example, companies like Amazon, Google, Facebook, …

Internet Key Exchange (IKE)

Internet Key Exchange (IKE) is the protocol used to set up a secure, authenticated communications channel between two parties. IKE typically uses X.509 PKI certificates for authentication and the Diffie–Hellman key exchange protocol to set up a shared session secret. IKE is part of the Internet Security Protocol (IPSec) which is responsible for negotiating security associations (SAs), which are a set …

NT LAN Manager (NTLM)

Windows NT LAN Manager (NTLM) is a challenge-response authentication protocol used to authenticate a client to a resource on an Active Directory domain. When the client requests access to a service associated with the domain, the service sends a challenge to the client, requiring that the client to perform a mathematical operation using its authentication token, and then return the result …

System for Cross-Domain Identity Management (SCIM)

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems. SCIM is used by companies that make use of applications/systems that are hosted on external domains – i.e. cloud applications like Google Apps, Office365 or Salesforce.com – to programmatically add/delete accounts for users on the external applications/systems. Instead …

Challenge Handshake Authentication Protocol (CHAP)

Challenge-Handshake Authentication Protocol (CHAP) is an identity verification protocol that does not rely on sending a shared secret between the access-requesting party and the identity-verifying party (the authenticator). CHAP is based on a shared secret, but in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function …

Salted Challenge Response Authentication Mechanism (SCRAM)

Salted Challenge Response Authentication Mechanism (SCRAM) is a password-based mutual authentication protocol designed to make an eavesdropping attack (i.e. man-in-the-middle) more difficult. Using cryptographic hashing techniques, a client can prove to a server that the user knows a secret derived from the user’s password without sending the password itself. The server can prove to the client that it knows a secret …

Key Agreement Protocol

Key exchange protocols enable two or more parties to establish a shared encryption key that they can use to encrypt or sign data that they plan to exchange. Key exchange protocols typically employ cryptography to achieve this goal. Different cryptographic techniques can be used to achieve this goal. In order for two parties to communicate confidentially, they must first exchange the …

Trust on First Use (TOFU)

Trust on first use (TOFU) is a security model used to establish trust between a client software and a machine for which no trust was previously established – i.e. a new machine. Upon connection, the client software will try to look up the machine’s identifier, usually some kind of public key, in its local trust database. If it does not find …

Fast Identity Online (FIDO)

Fast Identity Online (FIDO)is a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords. FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords. FIDO defines two key protocols: (i) Universal Authentication Framework (UAF) Protocol, and (ii) …

Key Agreement Protocol

Key exchange protocols enable two or more parties to establish a shared encryption key that they can use to encrypt or sign data that they plan to exchange. Key exchange protocols typically employ cryptography to achieve this goal. Different cryptographic techniques can be used to achieve this goal. In order for two parties to communicate confidentially, they must first exchange the …

Simple Object Access Protocol (SOAP)

Simple Object Access Protocol (SOAP) is a client-server messaging protocol for exchanging structured data between web-services. SOAP uses XML for its message format and relies on standard application layer protocols, most often Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission. SOAP’s relative complexity has led developers to prefer the simpler interaction model offered by …