Closed-loop authentication


Closed-loop authentication

Closed-loop authentication, as applied to computer network communication, refers to a mechanism whereby one party verifies the purported identity of another party by requiring them to supply a copy of a token transmitted to the canonical or trusted point of contact for that identity. It is also sometimes used to refer to a system of mutual authentication whereby two parties authenticate one another by signing and passing back and forth a cryptographically signed nonce, each party demonstrating to the other that they control the secret key used to certify their identity.

E-mail Authentication

Closed-loop email authentication is useful for simple situations where one party wants to demonstrate control of an email address to another, as a weak form of identity verification. It is not a strong form of authentication in the face of host- or network-based attacks (where an imposter, Chuck, is able to intercept Bob's email, intercepting the Nonce_(slang) and thus masquerading as Bob.)

A use of closed-loop email authentication is used by parties with a shared secret relationship (for example, a website and someone with a password to an account on that website), where one party has lost or forgotten the secret and needs to be reminded. The party still holding the secret sends it to the other party at a trusted point of contact. The most common instance of this usage is the "lost password" feature of many websites, where an untrusted party may request that a copy of an account's password be sent by email, but only to the email address already associated with that account. A problem associated with this variation is the tendency of a naïve or inexperienced user to click on a URL if an email encourages them to do so. Most website authentication systems mitigate this by permitting unauthenticated password reminders or resets only by email to the account holder, but never allowing a user who does not possess a password to log in or specify a new one.

In some instances in web authentication, closed-loop authentication is employed before any access is granted to an identified user that would not be granted to an anonymous user. This may be because the nature of the relationship between the user and the website is one that holds some long-term value for one or both parties (enough to justify the increased effort and decreased reliability of the registration process.) It is also used in some cases by websites attempting to impede programmatic registration as a prelude to spamming or other abusive activities.

Closed-loop authentication (like other types) is an attempt to establish identity. It is not, however, incompatible with anonymity, if combined with a pseudonymity system in which the authenticated party has adequate confidence.

See also

See Category:Computer security for a list of all computing and information-security related articles.


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… …   Wikipedia

  • Opt in e-mail — For other uses, see Opt (disambiguation). Opt in e mail is a term used when someone is given the option to receive bulk e mail, that is, e mail that is sent to many people at the same time. Typically, this is some sort of mailing list, newsletter …   Wikipedia

  • Bluetooth — This article is about the electronic protocol. For the medieval King of Denmark, see Harald I of Denmark. Bluetooth logo Bluetooth is a proprietary open wireless technology standard for exchanging data over short distances (using short wavelength …   Wikipedia

  • Magnetic stripe card — An example of the reverse side of a typical credit card: Green circle #1 labels the Magnetic stripe A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron based magnetic particles on a band of… …   Wikipedia

  • Context awareness — is defined complementary to location awareness. Whereas location may serve as a determinant for resident processes, context may be applied more flexibly with mobile computing with any moving entities, especially with bearers of smart… …   Wikipedia

  • Packaging and labelling — Packaging is the science, art and technology of enclosing or protecting products for distribution, storage, sale, and use. Packaging also refers to the process of design, evaluation, and production of packages. Package labelling (BrE) or labeling …   Wikipedia

  • Derived unique key per transaction — In cryptography, Derived Unique Key Per Transaction (DUKPT) is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Therefore, if a derived key is compromised, future and past transaction …   Wikipedia

  • Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… …   Wikipedia

  • Windows Vista networking technologies — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features …   Wikipedia

  • List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y …   Wikipedia