Electronic authentication


Electronic authentication

Electronic authentication (E-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce.

E-Authentication Model

E-authentication is the process of establishing confidence in user identities electronically presented to an information system. Systems can use the authenticated identity to determine if that individual is authorized to perform an electronic transaction. In most cases, the authentication and transaction take place across an open network such as the Internet, however in some cases access to the network may be limited and access control decisions may take this into account.E-authentication begins with registration. An applicant applies to a Registration Authority (RA) to become a subscriber of a Credential Service Provider (CSP) and, as a subscriber, is issued or registers a secret, called a token, and a credential that binds the token to a name and possibly other attributes that the RA has verified. The token and credential may be used in subsequent authentication events.The subscriber’s name may either be a verified name or a pseudonym. A verified name is associated with the identity of a real person and before an applicant can receive credentials or register a token associated with a verified name, he or she must demonstrate that the identity is a real identity, and that he or she is the person who is entitled to use that identity. This process is called identity proofing, and is performed by an RA that registers subscribers with the CSP.When a claimant successfully demonstrates possession and control of a token in an on-line authentication to a verifier through an authentication protocol, the verifier can verify that the claimant is the subscriber. The verifier passes on an assertion about the identity of the subscriber to the relying party. That assertion includes identity information about a subscriber, such as the subscriber name, an identifier assigned at registration, or other subscriber attributes that were verified in the registration process (subject to the policies of the CSP and the needs of the application). Where the verifier is also the relying party, the assertion may be implicit. In addition, the subscriber’s identifying information may be incorporated in credentials (e.g., public key certificates) made available by the claimant. The relying party can use the authenticated information provided by the verifier/CSP to make access control or authorization decisions.

ubscribers, RAs and CSPs

In the conceptual e-authentication model, a claimant in an authentication protocol is a subscriber to some CSP. At some point, an applicant registers with an RA, which verifies the identity of the applicant, typically through the presentation of paper credentials and by records in databases. This process is called identity proofing. The RA, in turn, vouches for the identity of the applicant (and possibly other verified attributes) to a CSP. The applicant then becomes a subscriber of the CSP.The CSP establishes a mechanism to uniquely identify each subscriber and the associated tokens and credentials issued to that subscriber.There is always a relationship between the RA and CSP. In the simplest and perhaps the most common case, the RA/CSP are separate functions of the same entity. However, an RA might be part of a company or organization that registers subscribers with an independent CSP, or several different CSPs. Therefore a CSP may have an integral RA, or it may have relationships with multiple independent RAs, and an RA may have relationships with different CSPs as well.

Tokens

Tokens generically are something the claimant possesses and controls that may be used to authenticate the claimant’s identity. In e-authentication, the claimant authenticates to a system or application over a network. Therefore, a token used for e-authentication is a secret and the token must be protected. The token may, for example, be a cryptographic key, that is protected by encrypting it under a password. An impostor must steal the encrypted key and learn the password to use the token.Authentication systems are often categorized by the number of factors that they incorporate. The three factors often considered as the cornerstone of authentication are:• Something you know (for example, a password)• Something you have (for example, an ID badge or a cryptographic key)• Something you are (for example, a voice print or other biometric)

Electronic Credentials

Paper credentials are documents that attest to the identity or other attributes of an individual or entity called the subject of the credentials. Some common paper credentials include passports, birth certificates, driver’s licenses, and employee identity cards. The credentials themselves are authenticated in a variety of ways: traditionally perhaps by a signature or a seal, special papers and inks, high quality engraving, and today by more complex mechanisms, such as holograms, that make the credentials recognizable and difficult to copy or forge. In some cases, simple possession of the credentials is sufficient to establish that the physical holder of the credentials is indeed the subject of the credentials. More commonly, the credentials contain biometric information such as the subject’s description, a picture of the subject or the handwritten signature of the subject that can be used to authenticate that the holder of the credentials is indeed the subject of the credentials. When these paper credentials are presented in-person, authentication biometrics contained in those credentials can be checked to confirm that the physical holder of the credential is the subject.Electronic identity credentials bind a name and perhaps other attributes to a token. This recommendation does not prescribe particular kinds of electronic credentials. There are a variety of electronic credential types in use today, and new types of credentials are constantly being created. At a minimum, credentials include identifying information that permits recovery of the records of the registration associated with the credentials and a name that is associated with the subscriber.

Verifiers

In any authenticated on-line transaction, the verifier must verify that the claimant has possession and control of the token that verifies his or her identity. A claimant authenticates his or her identity to a verifier by the use of a token and an authentication protocol. This is called Proof of Possession (PoP). Many PoP protocols are designed so that a verifier, with no knowledge of the token before the authentication protocol run, learns nothing about the token from the run. The verifier and CSP may be the same entity, the verifier and relying party may be the same entity or they may all three be separate entities. It is undesirable for verifiers to learn shared secrets unless they are a part of the same entity as the CSP that registered the tokens. Where the verifier and the relying party are separate entities, the verifier must convey the result of the authentication protocol to the relying party. The object created by the verifier to convey this result is called an assertion.

See also

*Guide to E-payments


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Digital Signature And Electronic Authentication Law — SEAL of 1998 was introduced to the United States Senate, as S.1594, and was followed closely by H.R. 3472 which was introduced to the House of Representatives. This Bill sought to update the Bank Protection Act of 1968 in regards to electronic… …   Wikipedia

  • Digital Signature and Electronic Authentication Law — (SEAL) of 1998 was introduced to the United States Senate, as S.1594, and was followed closely by H.R. 3472 which was introduced to the House of Representatives. This Bill sought to update the Bank Protection Act of 1968 in regards to electronic… …   Wikipedia

  • Electronic signature — The term electronic signature has several meanings. Among the more expansive is that given by US law, influenced by ABA committee white papers and the uniform law promulgated by the National Conference of Commissioners on Uniform State Laws… …   Wikipedia

  • Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… …   Wikipedia

  • Electronic business — Electronic business, commonly referred to as eBusiness or e business , or an internet business, may be defined as the application of information and communication technologies (ICT) in support of all the activities of business. Commerce… …   Wikipedia

  • Electronic funds transfer — or EFT refers to the computer based systems used to perform financial transactions electronically.The term is used for a number of different concepts: * Cardholder initiated transactions, where a cardholder makes use of a payment card * Direct… …   Wikipedia

  • Electronic Serial Number — Electronic Serial Numbers (ESNs) were created by the FCC to uniquely identify mobile devices from the days of AMPS in the United States from the early 1980s. The administrative role was taken over by the Telecommunications Industry Association in …   Wikipedia

  • Electronic lock — A quick demonstration of an electronic door lock An electronic lock (more precisely an electric lock) is a locking device which operates by means of electric current. Electric locks are sometimes stand alone with an electronic control assembly… …   Wikipedia

  • Electronic trading platform — an Electronic Trading Platform being used at the Deutsche Börse In finance, an Electronic trading platform is a computer system that can be used to place orders for financial products over a network with a financial intermediary. This includes… …   Wikipedia

  • Electronic commerce — Part of a series on Electronic commerce Online goods and services Streaming media Electronic books …   Wikipedia