The means used to confirm the identity of a user, processor, or device (e.g., user password or token).
See NIST SP 800-53 Rev. 4 under Authenticator for more information.
A portable, user-controlled, physical device (e.g., smart card or memory stick) used to store cryptographic information and possibly also perform cryptographic functions.
See NIST SP 800-57 Part 2 Rev.1 under Token for more information.
Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. In previous editions of SP 800-63, this was referred to as a token.
See NISTIR 7711 under Token for more information.