Jump to content

Two-way authentication

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 65.182.34.66 (talk) at 21:28, 28 November 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Mutual or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity.

Typically, this is done for a client process and a server process without user interaction.

Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client, using digital signatures. However, most web applications do not require client-side certificates due to complexity, cost, logistical and effectiveness issues. This creates an opening for a man-in-the-middle attack, in particular for online banking.

As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Two-way_authentication&oldid=29522317"