(function () {
respecConfig.localBiblio = {
// FIDO Alliance Documents
"FIDOAppIDAndFacets":
"D. Balfanz, B. Hill, R. Lindemann, D. Baghdasaryan, FIDO AppID and Facets v1.0. FIDO Alliance Proposed Standard. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-appid-and-facets-v1.2-ps-20170411.pdf",
"FIDOEcdaaAlgorithm":
"R. Lindemann, J. Camenisch, M. Drijvers, A. Edgington, A. Lehmann, R. Urian, FIDO ECDAA Algorithm. FIDO Alliance Implementation Draft. URLs:
HTML: fido-ecdaa-v1.1-id-20170202.html
PDF: fido-ecdaa-v1.1-id-20170202.pdf.",
"FIDOGlossary":
"R. Lindemann, D. Baghdasaryan, B. Hill, J. Hodges, FIDO Technical Glossary. FIDO Alliance Implementation Draft. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-glossary-v1.2-ps-20170411.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-glossary-v1.2-ps-20170411.pdf",
"FIDOSecRef":
"R. Lindemann, D. Baghdasaryan, B. Hill, FIDO Security Reference. FIDO Alliance Implementation Draft. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-security-ref-v1.2-ps-20170411.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-security-ref-v1.2-ps-20170411.pdf",
"FIDORegistry":
"R. Lindemann, D. Baghdasaryan, B. Hill, FIDO Registry of Predefined Values. FIDO Alliance Implementation Draft. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-registry-v1.2-ps-20170411.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-registry-v1.2-ps-20170411.pdf",
"FIDOMetadataService":
"R. Lindemann, B. Hill, D. Baghdasaryan, FIDO Metadata Service v1.0. FIDO Alliance Implementation Draft. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-metadata-service-v1.2-ps-20170411.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-metadata-service-v1.2-ps-20170411.pdf",
"FIDOMetadataStatement":
"B. Hill, D. Baghdasaryan, J. Kemp, FIDO Metadata Statements v1.0. FIDO Alliance Implementation Draft. URLs:
HTML: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-metadata-statements.html
PDF: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-metadata-statements.pdf",
"UAFAPDU":
"N. Bak, V. Galindo, R. Lindemann, U. Martini, C. Edwards, J. Hodges, FIDO UAF APDU. FIDO Alliance Implementation Draft. URLs:
HTML: fido-uaf-apdu-v1.1-id-20170202.html
PDF: fido-uaf-apdu-v1.1-id-20170202.pdf",
"UAFASM":
"D. Baghdasaryan, J. Kemp, R. Lindemann, B. Hill, R. Sasson, FIDO UAF Authenticator-Specific Module API. FIDO Alliance Implementation Draft. URLs:
HTML: fido-uaf-asm-api-v1.1-id-20170202.html
PDF: fido-uaf-asm-api-v1.1-id-20170202.pdf",
"UAFAuthnrCommands":
"D. Baghdasaryan, J. Kemp, R. Lindemann, R. Sasson, B. Hill, FIDO UAF Authenticator Commands v1.0. FIDO Alliance Implementation Draft. URLs:
HTML: fido-uaf-authnr-cmds-v1.1-id-20170202.html
PDF: fido-uaf-authnr-cmds-v1.1-id-20170202.pdf",
"UAFAuthnrMetadata":
"B. Hill, D. Baghdasaryan, J. Kemp, FIDO UAF Authenticator Metadata Statements v1.0. FIDO Alliance Implementation Draft. URLs:
HTML: fido-uaf-authnr-metadata.html
PDF: fido-uaf-authnr-metadata.pdf",
"UAFAppAPIAndTransport":
"B. Hill, D. Baghdasaryan, B. Blanke, FIDO UAF Application API and Transport Binding Specification. FIDO Alliance Implementation Draft. URLs:
HTML: fido-uaf-client-api-transport-v1.1-id-20170202.html
PDF: fido-uaf-client-api-transport-v1.1-id-20170202.pdf",
// Note this is a duplicate. Please always use [[FIDOEcdaaAlgorithm]]
"UAFEcdaaAttestation":
"R. Lindemann, J. Camenisch, M. Drijvers, A. Edgington, A. Lehmann, R. Urian, FIDO ECDAA Algorithm. FIDO Alliance Implementation Draft. URLs:
HTML: fido-ecdaa-v1.1-id-20170202.html
PDF: fido-ecdaa-v1.1-id-20170202.pdf.",
"UAFMetadataService":
"R. Lindemann, B. Hill, D. Baghdasaryan, FIDO UAF Metadata Service v1.0. FIDO Alliance Proposed Standard. URLs:
HTML: fido-uaf-metadata-service.html
PDF: fido-uaf-metadata-service.pdf",
"UAFArchOverview":
"S. Machani, R. Philpott, S. Srinivas, J. Kemp, J. Hodges, FIDO UAF Architectural Overview. FIDO Alliance Proposed Standard. URLs:
HTML: fido-uaf-overview-v1.1-id-20170202.html
PDF: fido-uaf-overview-v1.1-id-20170202.pdf",
"UAFProtocol":
"R. Lindemann, D. Baghdasaryan, E. Tiffany, D. Balfanz, B. Hill, J. Hodges, FIDO UAF Protocol Specification v1.0. FIDO Alliance Proposed Standard. URLs:
HTML: fido-uaf-protocol-v1.1-id-20170202.html
PDF: fido-uaf-protocol-v1.1-id-20170202.pdf",
"UAFRegistry":
"R. Lindemann, D. Baghdasaryan, B. Hill, FIDO UAF Registry of Predefined Values. FIDO Alliance Proposed Standard. URLs:
HTML: fido-uaf-reg-v1.1-id-20170202.html
PDF: fido-uaf-reg-v1.1-id-20170202.pdf",
"U2FJSAPI":
"D. Balfanz, A. Birgisson, J. Lang, FIDO U2F Javascript API v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-javascript-api-v1.2-ps-20170411.pdf",
"U2FRawMsgs":
"D. Balfanz, FIDO U2F Raw Message Formats v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.pdf",
"U2FOverview":
"S. Srinivas, D. Balfanz, E. Tiffany, FIDO U2F Overview v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.pdf",
"U2FAppFacet":
"D. Balfanz, FIDO U2F Application Isolation Through Facet Identification v1.0. FIDO Alliance Review Draft (Work in progress.) URL: http://fidoalliance.org/specs/fido-u2f-application-isolation-through-facet-identification-v1.0-rd-20140209.pdf",
"U2FImplCons":
"D. Balfanz, FIDO U2F Implementation Considerations v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-implementation-considerations-v1.2-ps-20170411.pdf",
"U2FHIDHeader":
"J. Ehrensvard, FIDO U2F HID Header Files v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://github.com/fido-alliance/u2f-specs/blob/master/inc/u2f_hid.h",
"U2FHeader" :
"J. Ehrensvard, FIDO U2F HID Header Files v1.0. FIDO Alliance Review Draft (Work in progress.) URL: https://github.com/fido-alliance/u2f-specs/blob/master/inc/u2f.h",
"FIDOAllowedCrypto": {
authors: [ "Dr. Joshua E. Hill", "Douglas Biggs"],
date: "August 2016",
publisher: "FIDO Alliance",
status: "Draft",
title: "FIDO Authenticator Allowed Cryptography List",
href: "https://github.com/fido-alliance/security-requirements/blob/master/fido-authenticator-allowed-cryptography-list.html"
},
"FIDORestrictedOperatingEnv": {
authors: [ "Laurence Lundblade", "Meagan Karlsson"],
date: "August 2016",
publisher: "FIDO Alliance",
status: "Draft",
title: "FIDO Authenticator Allowed Restricted Operating Environments List",
href: "https://github.com/fido-alliance/security-requirements/blob/master/fido-authenticator-allowed-restricted-operating-environments-list.html"
},
"FIDOAuthenticatorSecurityRequirements": {
authors: [ "Rolf Lindemann", "Dr. Joshua E. Hill", "Douglas Biggs"],
date: "August 2016",
publisher: "FIDO Alliance",
status: "Draft",
title: "FIDO Authenticator Security Requirements",
href: "https://github.com/fido-alliance/security-requirements/blob/master/fido-authenticator-security-requirements.html"
},
"FIDOMetadataRequirements": {
authors: [ "Meagan Karlsson"],
date: "June 2017",
publisher: "FIDO Alliance",
status: "Draft",
title: "FIDO Authenticator Metadata Requirements",
href: "https://github.com/fido-alliance/security-requirements/blob/master/fido-authenticator-metadata-requirements.html"
},
"FIDOBiometricsRequirements": {
authors: [ "Meagan Karlsson"],
date: "June 2017",
publisher: "FIDO Alliance",
status: "Draft",
title: "FIDO Biometrics Requirements",
href: "https://github.com/fido-alliance/biometrics-requirements/blob/gh-pages/index.html"
},
"WebAuthn": {
authors: [ "Vijay Bharadwaj", "Hubert Le Van Gong", "Dirk Balfanz", "Alexis Czeskis", "Arnar Birgisson",
"Jeff Hodges", "Michael B. Jones", "Rolf Lindemann", "J. C. Jones"],
date: "September 2016",
publisher: "W3C",
status: "Draft",
title: "Web Authentication: An API for accessing Scoped Credentials",
href: "https://www.w3.org/TR/webauthn/"
},
"WebAuthn-Registries": {
authors: [ "Jeff Hodges", "G. Mandyam", "Michael B. Jones"],
date: "March 24, 2017",
publisher: "IETF",
status: "Draft",
title: "Registries for Web Authentication (WebAuthn)",
href: "https://tools.ietf.org/html/draft-hodges-webauthn-registries"
},
// External Documents
"ANDROID":
"The Android™ Operating System. Google, Inc., the Open Handset Alliance and the Android Open Source Project (Work in progress) URL: http://developer.android.com/",
"AndroidUnlockPattern":
"Android Unlock Pattern Security Analysis. Sinustrom.info web site. URL: http://www.sinustrom.info/2012/05/21/android-unlock-pattern-security-analysis/",
"AndroidAppManifest":
"Android App Manifest. Google, Inc., the Open Handset Alliance and the Android Open Source Project (Work in progress) URL: http://developer.android.com/guide/topics/manifest/manifest-intro.html",
"Android5Changes":
"Android 5.0 Changes. Google, Inc., the Open Handset Alliance and the Android Open Source Project (Work in progress) URL: http://developer.android.com/about/versions/android-5.0-changes.html",
"AnonTerminology":
"\"Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology\", Version 0.34,. A. Pfitzmann and M. Hansen, August 2010. URL: http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf",
"ANSI-X9-52":
"Triple Data Encryption Algorithm Modes of Operation, July 29, 1998, ANSI X9.52-1998",
"ANZ-2013":
"Tolga Acar, Lan Nguyen and Greg Zaverucha, A TPM Diffie-Hellman Oracle, October 18, 2013., Microsoft Research, Redmond, WA. URL: http://eprint.iacr.org/2013/667.pdf",
"APK-Signing":
"Signing Your Applications.The Android™ Operating System. Google, Inc., the Open Handset Alliance and the Android Open Source Project (Accessed 11-March-2014) URL: http://developer.android.com/tools/publishing/app-signing.html",
"BarNae-2006" :
"Paulo S. L. M. Barreto and Michael Naehrig, Pairing-Friendly Elliptic Curves of Prime Order, 2006, URL: http://research.microsoft.com/pubs/118425/pfcpo.pdf",
"BFGSW-2011" :
"D. Bernhard, G. Fuchsbauer, E. Ghadafi, N. P. Smart and B. Warinschi, Anonymous attestation with user-controlled linkability, 2011, URL: http://eprint.iacr.org/2011/658.pdf",
"BriCheLi2012" :
"E. Brickell, L. Chen, and J. Li, A static diffie-hellman attack on several direct anonymous schemes, InTrust 2012 Talk, URL: http://www.intrust2012.com/Talks/5-3.pdf",
"BriCamChe2004-DAA":
"Ernie Brickell, Intel Corporation; Jan Camenisch, IBM Research; Liqun Chen, HP Laboratories, Direct Anonymous Attestation, 2004, URL: http://eprint.iacr.org/2004/205.pdf",
"BundleID":
"\"Configuring your Xcode Project for Distribution\", section \"About Bundle IDs\",. Apple, Inc. Accessed March 11, 2014. URL: https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/ConfiguringYourApp/ConfiguringYourApp.html",
"Arthur-Challener-2015":
"Will Arthur and David Challener with Kenneth Goldman, A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security, 2014, URL: http://www.apress.com/9781430265832",
"ChannelID":
"D. Balfanz Transport Layer Security (TLS) Channel IDs. (Work In Progress) URL: http://tools.ietf.org/html/draft-balfanz-tls-channelid",
"ChePagSma2009-ECDAA" :
"Liqun Chen, Dan Page and Nigel P. Smart, On the Design and Implementation of an Efficient DAA Scheme, 2009, URL: http://eprint.iacr.org/2009/598.pdf",
"CheLi2013-ECDAA" :
"Liqun Chen, HP Laboratories and Jiangtao Li, Intel Corporation, Flexible and Scalable Digital Signatures in TPM 2.0, 2013. URL: http://dx.doi.org/10.1145/2508859.2516729",
"CLICKJACKING":
"D. Lin-Shung Huang, C. Jackson, A. Moshchuk, H. Wang, S. Schlechter Clickjacking: Attacks and Defenses. USENIX, July 2012, URL: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final39.pdf",
"CTRMode":
"H. Lipmea, P. Rogaway, D. Wagner, Comments to NIST concerning AES Modes of Operation: CTR-Mode Encryption. National Institute of Standards and Technology, accessed March 11, 2014, URL: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ctr/ctr-spec.pdf",
"CommonCriteria":
"CommonCriteria Publications. CCRA Members, Work in progress, accessed March 2014. URL: http://www.commoncriteriaportal.org/cc/",
"Coron99":
"J. Coron and D. Naccache An accurate evaluation of Maurer's universal test. LNCS 1556, February 1999, URL: http://www.jscoron.fr/publications/universal.pdf",
"DevScoDah2007":
"Augusto Jun Devegili, Michael Scott, and Ricardo Dahab Implementing Cryptographic Pairings over Barreto-Naehrig Curves. 2007, URL: https://eprint.iacr.org/2007/390.pdf",
"ECDSA-ANSI":
"Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005. American National Standards Institute, November 2005, URL: http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.62%3A2005",
"FIDO-DAA-Security-Proof":
{
authors: ["Jan Camenisch", "Manu Drijvers", "Anja Lehmann"],
date: "2015",
publisher: "Cryptology ePrint Archive",
title: "Universally Composable Direct Anonymous Attestation",
href: "https://eprint.iacr.org/2015/1246"
},
"FIPS140-2":
"FIPS PUB 140-2: Security Requirements for Cryptographic Modules. National Institute of Standards and Technology, May 2001, URL: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf",
"FIPS180-4":
"FIPS PUB 180-4: Secure Hash Standard (SHS). National Institute of Standards and Technology, March 2012, URL: http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf",
"FIPS186-4":
"FIPS PUB 186-4: Digital Signature Standard (DSS). National Institute of Standards and Technology, July 2013, URL: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"FIPS197":
"FIPS PUB 197: Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology, November 2001, URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"FIPS198-1":
"FIPS PUB 198-1: The Keyed-Hash Message Authentication Code (HMAC). National Institute of Standards and Technology, July 2008, URL: http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"FIPS202":
"FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. National Institute of Standards and Technology, August 2015, URL: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
"HTML5": {
authors: [ "I. Hickson", "R.Berjon", "S. Faulkner", "T. Leithead", "E. D. Navara", "E. O'Connor", "S. Pfeiffer" ],
date: "28 October 2014",
publisher: "W3C",
status: "W3C Recommendation",
id: "HTML5",
title: "HTML5: A vocabulary and associated APIs for HTML and XHTML",
href: "http://www.w3.org/TR/html5/"
},
"iOS":
"iOS Dev Center Apple, Inc. (Accessed March 11, 2014) URL: https://developer.apple.com/devcenter/ios/index.action",
"iPhonePasscodes":
"Most Common iPhone Passcodes, Daniel Amitay (Accessed July 11, 2014) URL: http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes",
"ISO15946-5":
"ISO/IEC 15946-5, Information Technology - Security Techniques - Cryptographic techniques based on elliptic curves - Part 5: Elliptic curve generation, URL: https://webstore.iec.ch/publication/10468",
"ISO19795-1":
"ISO/IEC JTC 1/SC 37, Information Technology - Biometric peformance testing and reporting - Part 1: Principles and framework, URL: http://www.iso.org/iso/catalogue_detail.htm?csnumber=41447",
"ISO30107-1":
"ISO/IEC JTC 1/SC 37, Information Technology - Biometrics - Presentation attack detection - Part 1: Framework, URL: http://www.iso.org/iso/catalogue_detail.htm?csnumber=53227",
"ISOBiometrics":
"Project Editor, Harmonized Biometric Vocabulary. ISO/IEC 2382-37. 15 December 2012, URL: http://standards.iso.org/ittf/PubliclyAvailableStandards/c055194_ISOIEC_2382-37_2012.zip",
"ITU-X690-2008":
"X.690: Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), (T-REC-X.690-200811). International Telecommunications Union, November 2008 URL: http://www.itu.int/rec/T-REC-X.690-200811-I/en",
"JSON":
"The JSON Data Interchange Format, (ECMA-404, ecma International), October 2013, URL: ECMA-404.pdf",
"JWS": {
authors: [ "M. Jones", "J. Bradley", "N. Sakimura" ],
date: "May 2015",
publisher: "IETF",
status: "RFC",
id: "RFC7515",
title: "JSON Web Signature (JWS)",
href: "https://tools.ietf.org/html/rfc7515"
},
"JWE": {
authors: [ "M. Jones", "J. Hildebrand" ],
date: "May 2015",
publisher: "IETF",
status: "RFC",
id: "RFC7516",
title: "JSON Web Encryption (JWE)",
href: "https://tools.ietf.org/html/rfc7516"
},
"JWK": {
authors: [ "M. Jones" ],
date: "May 2015",
publisher: "IETF",
status: "RFC",
id: "RFC7517",
title: "JSON Web Key (JWK)",
href: "https://tools.ietf.org/html/rfc7517"
},
"JWA": {
authors: [ "M. Jones" ],
date: "May 2015",
publisher: "IETF",
status: "RFC",
id: "RFC7518",
title: "JSON Web Algorithms (JWA)",
href: "https://tools.ietf.org/html/rfc7518"
},
"JWT": {
authors: [ "M. Jones", "J. Bradley", "N. Sakimura" ],
date: "May 2015",
publisher: "IETF",
status: "RFC",
id: "RFC7519",
title: "JSON Web Token (JWT)",
href: "https://tools.ietf.org/html/rfc7519"
},
"GeoJSON": {
title: "The GeoJSON Format Specification",
href: "http://geojson.org/geojson-spec.html"
},
"MoreTopWorstPasswords":
"10000 Top Passwords, Mark Burnett (Accessed July 11, 2014) URL: https://xato.net/passwords/more-top-worst-passwords/",
"NSTCBiometrics":
"NSTC Subcommittee on Biometrics, Biometrics Glossary. National Science and Technology Council. 14 September 2006, URL: http://biometrics.gov/Documents/Glossary.pdf",
"OpenIDConnect":
"OpenID Connect. OpenID Foundation (Work in Progress) URL: http://openid.net/connect/",
"OWASP2013":
"OWASP 2013. OWASP Top 10 - 2013. The Ten Most Critical Web Application Security Risks",
"PasswordAuthSchemesKeyIssues":
"Chwei-Shyong Tsai, Cheng-Chi Lee, and Min-Shiang Hwang, Password Authentication Schemes: Current Status and Key Issues, International Journal of Network Security, Vol.3, No.2, PP.101–115, Sept. 2006, URL: http://ijns.femto.com.tw/contents/ijns-v3-n2/ijns-2006-v3-n2-p101-115.pdf",
"QuestToReplacePasswords":
"Joseph Bonneau, Cormac Herley, Paul C. van Oorschot and Frank Stajano, The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, Microsoft Research, Carleton University and University of Cambridge, March 2012, URL: http://research.microsoft.com/pubs/161585/QuestToReplacePasswords.pdf",
"RFC1321":
"R. Rivest, The MD5 Message-Digest Algorithm (RFC 1321), IETF, April 1992, URL: http://www.ietf.org/rfc/rfc1321.txt",
"RFC2049":
"N. Freed, N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples (RFC 2049), IETF, November 1996, URL: http://www.ietf.org/rfc/rfc2049.txt",
"RFC2119": {
authors: [ "S. Bradner" ],
date: "March 1997",
publisher: "IETF",
status: "Best Current Practice",
id: "RFC2119",
title: "Key words for use in RFCs to Indicate Requirement Levels",
href: "https://tools.ietf.org/html/rfc2119"
},
"RFC2246":
"T. Dierks, E. Rescorla, The TLS Protocol Version 1.0, IETF, January 1999, URL: http://www.ietf.org/rfc/rfc2246.txt",
"RFC4086":
"D. Eastlake 3rd, J. Schiller, S. Crocker Randomness Requirements for Security (RFC 4086), IETF, June 2005, URL: http://www.ietf.org/rfc/rfc4086.txt",
"RFC4120":
"C. Neuman, T. Yu, S. Hartman, K. Raeburn, The Kerberos Network Authentication Protocol (V5) (RFC 4120), IETF, July 2005, URL: http://www.ietf.org/rfc/rfc4120.txt",
"RFC4346":
"T. Dierks, E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, IETF, April 2006, URL: http://www.ietf.org/rfc/rfc4346.txt",
"RFC4648":
"S. Josefsson, The Base16, Base32, and Base64 Data Encodings (RFC 4648), IETF, October 2006, URL: http://www.ietf.org/rfc/rfc4648.txt",
"RFC5056":
"N. Williams, On the Use of Channel Bindings to Secure Channels (RFC 5056), IETF, November 2007, URL: http://www.ietf.org/rfc/rfc5056.txt",
"RFC5246":
"T. Dierks, E. Rescorla, The Transport Layer Security (TLS) Protocol, IETF, August 2008, URL: http://www.ietf.org/rfc/rfc5246.txt",
"RFC5280":
"D. Cooper, S. Santesson, s. Farrell, S.Boeyen, R. Housley, W. Polk; Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF, May 2008, URL: http://www.ietf.org/rfc/rfc5280.txt",
"RFC5849":
"E. Hammer-Lahav, The OAuth 1.0 Protocol (RFC 5849), IETF, April 2010, URL: http://www.ietf.org/rfc/rfc5849.txt",
"RFC5929":
"J. Altman, N. Williams, L. Zhu, Channel Bindings for TLS (RFC 5929), IETF, July 2010, URL: http://www.ietf.org/rfc/rfc5929.txt",
"RFC6125":
"P. Saint-Andre, J. Hodges, Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) (RFC 6125), IETF, March 2011, URL: http://www.ietf.org/rfc/rfc6125.txt",
"RFC6234":
"D. Eastlake 3rd, T. Hansen, US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) (RFC 6234), IETF, May 2011, URL: http://www.ietf.org/rfc/rfc6234.txt",
"RFC6287":
"D. M'Raihi, J. Rydell, S. Bajaj, S. Machani, D. Naccache, OCRA: OATH Challenge-Response Algorithm (RFC 6287), IETF, June 2011, URL: http://www.ietf.org/rfc/rfc6287.txt",
"RFC6454":
"A. Barth, The Web Origin Concept (RFC 6454), IETF, June 2011, URL: http://www.ietf.org/rfc/rfc6454.txt",
"RFC6749":
"D. Hardt, Ed., The OAuth 2.0 Authorization Framework (RFC 6749), IETF, October 2012, URL: http://www.ietf.org/rfc/rfc6749.txt",
"RFC6979":
"T. Pornin, Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) (RFC6979), IETF, August 2013, URL: http://www.ietf.org/rfc/rfc6979.txt",
"RFC7515":
"M. Jones, J. Bradley, N. Sakimura, JSON Web Signature (JWS) (RFC7515), IETF, May 2015, URL: http://www.ietf.org/rfc/rfc7515.txt",
"SAML11":
"E. Maler, P. Mishra and R. Philpott, The Security Assertion Markup Language (SAML) v1.1. OASIS, October 2003, URL: https://www.oasis-open.org/standards#samlv1.1",
"SAML2":
"S. Cantor, J. Kemp, R. Philpott, iE. Maler, Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS, March 2005, URL: http://docs.oasis-open.org/security/saml/v2.0/",
"SEC1":
"Standards for Efficient Cryptography Group (SECG), SEC1: Elliptic Curve Cryptography, Version 2.0, September 2000.",
"SecureElement":
"GlobalPlatform Card Specifications GlobalPlatform. Accessed March 2014. URL: https://www.globalplatform.org/specifications.asp",
"SHEFFER-TLS":
"Y. Sheffer, R. Holz, P. Saint-Andre Recommendations for Secure Use of TLS and DTLS. Internet-Draft (Work in progress.) URL: https://tools.ietf.org/html/draft-sheffer-tls-bcp",
"OSCCA-SM2": {
date: "December 2010",
publisher: "Office of the State Commercial Cryptography Administration (China)",
id: "OSCCA-SM2",
title: "SM2: Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves: Part 1: General",
href: "http://www.oscca.gov.cn/UpFile/2010122214822692.pdf"
},
"OSCCA-SM2-curve-param": {
date: "December 2010",
publisher: "Office of the State Commercial Cryptography Administration (China)",
id: "OSCCA-SM2-curve-param",
title: "SM2: Elliptic Curve Public-Key Cryptography Algorithm: Recommended Curve Parameters",
href: "http://www.oscca.gov.cn/UpFile/2010122214836668.pdf"
},
"OSCCA-SM3": {
date: "December 2010",
publisher: "Office of the State Commercial Cryptography Administration (China)",
id: "OSCCA-SM3",
title: "SM3 Cryptographic Hash Algorithm",
href: "http://www.oscca.gov.cn/UpFile/20101222141857786.pdf"
},
"SOP":
"Same Origin Policy for JavaScript. Mozilla Developer Network, January 2014 URL: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript",
"SP800-38B":
"M. Dworkin, NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. National Institute of Standards and Technology, May 2005, URL: http://dx.doi.org/10.6028/NIST.SP.800-38B",
"SP800-38C":
"M. Dworkin, NIST Special Publication 800-38C: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. National Institute of Standards and Technology, July 2007, URL: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf",
"SP800-38F":
"M. Dworkin, NIST Special Publication 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. National Institute of Standards and Technology, December 2012, URL: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"SP800-63":
"W. Burr, D. Dodson, E. Newton, R. Perlner, W.T. Polk, S. Gupta and E. Nabbus, NIST Special Publication 800-63-2: Electronic Authentication Guideline. National Institute of Standards and Technology, August 2013, URL: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf",
"SP800-63-1":
"W. Burr, D. Dodson, E. Newton, R. Perlner, W.T. Polk, S. Gupta and E. Nabbus, NIST Special Publication 800-63-1: Electronic Authentication Guideline. National Institute of Standards and Technology, December 2011, URL: http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf",
"SP800-63-2":
"W. Burr, D. Dodson, E. Newton, R. Perlner, W.T. Polk, S. Gupta and E. Nabbus, NIST Special Publication 800-63-2: Electronic Authentication Guideline. National Institute of Standards and Technology, September 2014, URL: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf",
"SP800-90ar1":
"Elaine Barker and John Kelsey, NIST Special Publication 800-90a: Recommendation for Random Number Generation Using Deterministic Random Bit Generators. National Institute of Standards and Technology, August 2012, URL: http://dx.doi.org/10.6028/NIST.SP.800-90Ar1",
"SP800-90b":
"Elaine Barker and John Kelsey, NIST Special Publication 800-90b: Recommendation for the Entropy Sources Used for Random Bit Generation. National Institute of Standards and Technology, April 2016, URL: http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf",
"SP800-90C":
"Elaine Barker and John Kelsey, NIST Special Publication 800-90C: Recommendation for Random Bit Generator (RBG) Constructions. National Institute of Standards and Technology, August 2012, URL: http://csrc.nist.gov/publications/drafts/800-90/sp800_90c_second_draft.pdf",
"SP800-107r1":
"Quynh Dang, NIST Special Publication 800-107: Recommendation for Applications Using Approved Hash Algorithms. National Institute of Standards and Technology, August 2012, URL: http://csrc.nist.gov/publications/nistpubs/800-107-rev1/sp800-107-rev1.pdf",
"SP800-108":
"Lily Chen, NIST Special Publication 800-107: Recommendation for Key Derivation Using Pseudorandom Functions. National Institute of Standards and Technology, October 2009, URL: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf",
"SP800-131A":
"E. Barker, A. Roginsky, NIST Special Publication 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. National Institute of Standards and Technology, January 2011, URL: http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf",
"SP800-132":
"Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen, NIST Special Publication 800-132: Transitions: Recommendation for Password-Based Key Derivation. National Institute of Standards and Technology, December 2010, URL: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf",
"TEE":
"GlobalPlatform Trusted Execution Environment Specifications GlobalPlatform. Accessed March 2014. URL: https://www.globalplatform.org/specifications.asp",
"TEESecureDisplay":
"GlobalPlatform Trusted User Interface API Specifications GlobalPlatform. Accessed March 2014. URL: https://www.globalplatform.org/specifications.asp",
"TLSAUTH": {
authors: [ "Karthikeyan Bhargavan", "Antoine Delignat-Lavaud", "Cédric Fournet", "Alfredo Pironti", "Pierre-Yves Strub"],
date: "February 2014",
title: "Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS",
href: "https://secure-resumption.com/tlsauth.pdf"
},
"TLS13draft02":
"T. Dierks, E. Rescorla, The Transport Layer Security (TLD) Protocol Version 1.3 (draft 02), IETF, July, 2014, URL: https://tools.ietf.org/html/draft-ietf-tls-tls13-02",
"TPM":
"TPM Main Specification Trusted Computing Group. Accessed March 2014. URL: http://www.trustedcomputinggroup.org/resources/tpm_main_specification",
"TPMv2":
"TPM Library Specification Trusted Computing Group. Accessed February 2017. URL: https://trustedcomputinggroup.org/tpm-library-specification/",
"TR-03116-4":
"Technische Richtlinie TR-03116-4: eCard-Projekte der Bundesregierung: Teil 4 – Vorgaben für Kommunikationsverfahren im eGovernment. Bundesamt für Sicherheit in der Informationstechnik, 2013, URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf",
"TPMv1-2-Part1":
"Trusted Computing Group, TPM 1.2 Part 1: Design Principles, URL: http://www.trustedcomputinggroup.org/files/static_page_files/72C26AB5-1A4B-B294-D002BC0B8C062FF6/TPM%20Main-Part%201%20Design%20Principles_v1.2_rev116_01032011.pdf",
"TPMv1-2-Part2":
"Trusted Computing Group, TPM 1.2 Part 2: Structures, URL: http://www.trustedcomputinggroup.org/files/static_page_files/E55A303C-1A4B-B294-D066E66A82DAE27D/TPM%20Main-Part%202%20TPM%20Structures_v1.2_rev116_01032011.pdf",
"TPMv1-2-Credential-Profiles":
"Trusted Computing Group, TPM 1.2 Credential Profiles, URL: http://www.trustedcomputinggroup.org/files/static_page_files/A55529C5-1A4B-B294-D0A5A400E1EDE13A/Credential_Profiles_V1.2_Level2_Revision8.pdf",
"TPMv2-Part1":
"Trusted Computing Group, Trusted Platform Module Library, Part 1: Architecture, URL: http://www.trustedcomputinggroup.org/files/static_page_files/8C56AE3E-1A4B-B294-D0F43097156A55D8/TPM%20Rev%202.0%20Part%201%20-%20Architecture%2001.16.pdf",
"TPMv2-Part2":
"Trusted Computing Group, Trusted Platform Module Library, Part 2: Structures, URL: http://www.trustedcomputinggroup.org/files/static_page_files/8C583202-1A4B-B294-D0469592DB10A6CD/TPM%20Rev%202.0%20Part%202%20-%20Structures%2001.16.pdf",
"TPMv2-Part3":
"Trusted Computing Group, Trusted Platform Module Library, Part 3: Commands, URL: http://www.trustedcomputinggroup.org/files/static_page_files/8C68ADA8-1A4B-B294-D0FC06D3773F7DAA/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.16-code.pdf",
"TPMv2-Part4":
"Trusted Computing Group, Trusted Platform Module Library, Part 4: Supporting Routines, URL: http://www.trustedcomputinggroup.org/files/static_page_files/8C6CABBC-1A4B-B294-D0DA8CE1B452CAB4/TPM%20Rev%202.0%20Part%204%20-%20Supporting%20Routines%2001.16-code.pdf",
"TPMv2-EK-Profile":
"Trusted Computing Group, TCG EK Credential Profile, URL: http://www.trustedcomputinggroup.org/files/static_page_files/DCD56924-1A4B-B294-D0CEF64E80CEE01E/Credential_Profile_EK_V2.0_R12_PublicReview.pdf",
"TR-03116-4" :
"Technische Richtlinie TR-03116-4: eCard-Projekte der Bundesregierung: Teil 4 – Vorgaben für Kommunikationsverfahren im eGovernment. Bundesamt für Sicherheit in der Informationstechnik, 2013, URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.pdf",
"WebCrypto": {
authors: [ "R. Sleevi", "M. Watson" ],
date: "11 December 2014",
publisher: "W3C",
status: "W3C Candidate Recommendation",
id: "WebCrypto",
title: "Web Cryptography API",
href: "http://www.w3.org/TR/WebCryptoAPI/"
},
"XYZF-2014":
"Li Xi, Kang Yang, Zhenfeng Zhang, and Dengguo Feng, DAA-Related APIs in TPM 2.0 Revisited, 2014, in T. Holz and S. Ioannidis (Eds.): TRUST 2014, LNCS 8564, pp. 1–18, 2014.",
"GlobalPlatform-Card":
"Secure Channel Protocol 03 – GlobalPlatform Card Specification v.2.2 – Amendment D",
"GlobalPlatform-TEE-SE":
"TEE Secure Element API Specification v1.0 | GPD_SPE_024",
"ETSI-Secure-Channel":
"ETSI TS 102 484 Smart Cards; Secure channel between a UICC and an end-point terminal",
"ISOIEC-19794":
"ISO 19794: Information technology - Biometric data interchange formats",
"ISOIEC-7816-4-2013":
"ISO 7816-4: Identification cards – Integrated circuit cards; Part 4 : Organization, security and commands for interchange",
"ISOIEC-7816-5":
"ISO 7816-5: Identification cards - Integrated circuit cards - Part 5: Registration of application providers",
// This is the Editor's Draft including definition of "required" for dictionary members.
// The newest "release" of [[WebIDL]] is included in https://specref.jit.su/bibrefs?refs (is automatically loaded!)
"WebIDL-ED":
"Cameron McCormack, Web IDL, W3C. Editor's Draft 13 November 2014. URL: http://heycam.github.io/webidl/",
"Boilerplate":
"J. Doe Title. Publisher URL: ",
// the below just stuck in here for now, need to be cleaned up and properly added to
// above in proper order. =JeffH 12-Feb-2015
"TPM2LIB": {
title: "Trusted Platform Module Library Specification, Family \"2.0\", Level 00, Revision 01.16 - October 2014"
, href: "http://www.trustedcomputinggroup.org/resources/tpm_library_specification"
},
"SE-API": {
title: "Secure Element API"
, href: "https://opoto.github.io/secure-element/"
},
"CredMgmt": {
title: "Credential Management"
, href: "http://w3c.github.io/webappsec/specs/credentialmanagement/"
},
"U2FWebCryp": {
title: "WebCrypto API extension for U2F"
, href: "https://docs.google.com/a/chromium.org/document/d/1EEFAMIYNqZ7XHCntghD9meJwKgNOX7ZN-jl5LJQxOVQ"
},
"PlatformKeys": {
title: "chrome.enterprise.platformKeys"
, href: "https://developer.chrome.com/extensions/enterprise_platformKeys"
},
"StructuredCloning": {
title: "Safe passing of structured data"
, href: "https://html.spec.whatwg.org/#safe-passing-of-structured-data"
},
"FIDOSignatureFormat": {
title: "FIDO 2.0: Signature format"
, href: "https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-signature-format-v2.0-ps-20150904.html"
},
"FIDOKeyAttestation": {
title: "FIDO 2.0: Key attestation format"
, href: "https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html"
},
"FIDOWebApi": {
title: "FIDO 2.0: Web API for accessing FIDO 2.0 credentials"
, href: "https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-web-api-v2.0-ps-20150904.html"
},
"FIDOCTAP": {
title: "FIDO 2.0: Client To Authenticator Protocol"
, href: "fido-client-to-authenticator-protocol.html"
},
"FIDOPlatformApiReqs": {
title: "FIDO 2.0: Requirements for Native Platforms",
href: "fido-platform-api-reqs.html"
},
"IndexedDB": {
title: "Indexed Database API"
, href: "http://www.w3.org/TR/IndexedDB/"
},
"PUBLICSUFFIXWEB" : {
title: "Public Suffix List",
href: "https://publicsuffix.org/"
}
};
})();