Closed-loop authentication

Closed-loop authentication, as applied to computer network communication, refers to a mechanism whereby one party verifies the purported identity of another party by requiring them to supply a copy of a token transmitted to the canonical or trusted point of contact for that identity. It is also sometimes used to refer to a system of mutual authentication whereby two parties authenticate one another by signing and passing back and forth a cryptographically signed nonce, each party demonstrating to the other that they control the secret key used to certify their identity.

When applied applied specifically to email, closed loop authentication refers to a technique for validating that a person claiming to possess a particular email address actually does so. This is normally done by sending an email containing a nonce to the address, and requiring that the party being authenticated supply that nonce before the authentication proceeds. The email containing the nonce is usually worded so as to explain the situation to the recipient and discourage them from supplying the nonce (often via visiting a URL) unless they in fact were attempting to authenticate.

For example, suppose that one party, Alice, operates a website on which visitors can make accounts to participate or gain access to content. Another party, Bob, comes to that website and makes an account. Bob supplies an email address at which he can be contacted, but Alice does not yet know that Bob is being truthful (consciously or not) about the address. Alice sends a nonce to Bob's email address an authentication request, asking Bob to click on a particular URL if and only if the recipient of the mail was making an account on Alice's website. Bob receives the mail and clicks the URL, demonstrating to Alice that he controls the email address he claimed to have. If instead a hostile party, Chuck, were to visit Alice's website attempting to masquerade as Bob, he would be unable to register for an account because the confirmation would be sent to Bob's email address, which Chuck does not control.

Closed-loop email authentication is useful for simple situations where one party wants to demonstrate control of an email address to another, as a weak form of identity verification. It is not a strong form of authentication in the face of host- or network-based attacks (where an imposter, Chuck, is able to intercept Bob's email, intercepting the nonce and thus masquerading as Bob.)

This degree of email authentication is considered by many anti-spam advocates to be the minimum degree necessary for any opt-in email advertising or other ongoing email communication.

An alternate use of closed-loop email authentication is used by parties with a shared-secret relationship (for example, a website and someone with a password to an account on that website), where one party has lost or forgotten the secret and needs to be reminded. The party still holding the secret sends it to the other party at a trusted point of contact. The most common instance of this usage is the "lost password" feature of many websites, where an untrusted party may request that a copy of an account's password be sent by email, but only to the email address already associated with that account. A problem associated with this variation is the tendency of a naïve or inexperienced user to click on a URL if an email encourages them to do so. Most website authentication systems mitigate this by permitting unauthenticated password reminders or resets only by email to the account holder, but never allowing a user who does not possess a password to log in or specify a new one.

See Category:Computer security for a list of all computing and information-security related articles.

• Information Security
• Authentication
• Cryptography