Part VIII Part VIII Glossary This part contains the glossary. Glossary-1 Glossary Access Authentication In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request. Action Rule result which can impact users such forcing them to register a security profile, KBA-challenging them, blocking access, asking them for PIN or password, and so on. Adaptive Risk Manager A category of Oracle Adaptive Access Manager features. Business and risk analytics, fraud investigation and customer service tools fall under the Adaptive Risk Manager category. Adaptive Strong Authenticator A category of Oracle Adaptive Access Manager features. All the end-user facing interfaces, flows, and authentication methods fall under the Adaptive Strong Authenticator category. Alert Rule results containing messages targeted to specific types of Oracle Adaptive Access Manager users. API An Application Programming Interface defines how to access a software-based service. Oracle Adaptive Access Manager provides APIs to fingerprint devices, collect authentication and transaction logs, run security rules, challenge the user to answer pre-registered questions correctly, and generate virtual authentication devices such as KeyPad, TextPad, or QuestionPad. Attribute Attributes are the particular pieces of information associated with the activity being tracked. An example is the time of day for a login. Patterns collect data about members. If the member type is User, the pattern will collect data about users. Authentication The process of verifying a persons, devices, applications identity. Authentication deals with the question Who is trying to access my services? Glossary-2 Authentication Status Authentication Status is the status of the session each logintransaction attempt creates a new session. Examples are listed below: ■ If a user logs in for the first time and he goes through the registration process, but decides not to complete the registration process and logs out, the authentication status for this user session is set as Pending Activation. ■ If a user logs in from a different devicelocation, he is challenged. He answers the challenge questions incorrectly in all the three attempts, the authentication status for this session is set as Wrong Password. ■ If a user logs in and is taken to the final transaction page or success page, the authentication status for the particular session is set as Success. ■ If the user is a fraud and is blocked, the status for the session is set as Block. Authorization Authorization regards the question Who can access what resources offered by which components? Autolearning Autolearning is a set of features in Oracle Adaptive Access Manager that dynamically profile behavior in real-time. The behavior of users, devices and locations are recorded and used to evaluate the risk of current behavior. Black List A given list of users, devices, IP addresses, networks, countries, and so on that are blocked. An attack from a given member can show up on a report and be manually added to a blacklist at the administrators discretion. Blocked If a user is Blocked, it is because a policy has found certain conditions to be true and is set up to respond to these conditions with a Block Action. If those conditions change, the user may no longer be Blocked. The Blocked status is not necessarily permanent and therefore may or may not require an administrator action to resolve. For example, if the user was blocked because he was logging in from a blocked country, but he is no longer in that country, he may no longer be Blocked. Bots Software applications that run automated or orchestrated tasks on compromised PCs over the internet. An organization of bots is known as a bot net or zombie network. Browser Fingerprinting When the user accesses the system, OAAM collects information about the computer. By combining all that data, the site creates a fingerprint of the users browser. This fingerprint could potentially uniquely identify the user. Information gathered that makes up the browser fingerprint include the browser type used, plug-ins installed, system fonts, and the configuration and version information from the operating system, and whether or not the computer accepts cookies. The browser and flash fingerprints are tracked separately. The fingerprints are available in the session listing and details pages and you can get further details about the fingerprint by opening the respective details pages. Hence, you can have both