Mutual authentication

From Wikipedia, the free encyclopedia

Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity.

Typically, this is done for a client process and a server process without user interaction.

Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates. This creates an opening for a man-in-the-middle attack, in particular for online banking.

As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."

Contents 1 See also 2 Examples 3 References 4 External links

[edit] See also

• Computer security
• Secure channel
• Digital signature
• Two-factor authentication
• Pharming

[edit] Examples

Some examples of two-factor authentication include:

• Deepnet Security's Deepnet Unified Authentication Platform product.
• Tricerion Strong Mutual Authentication (SMA) solution is a Zero-Footprint, Strong Mutual Authentication Solution.
• WiKID's mutual authentication system
• Mutual Authentication for Web Services: A Live Example
• How to prevent phishing with mutual authentication - How to stop phishing with mutual authentication.

[edit] References

[edit] External links