authentication

Authentication refers to task- and user-dependent access and/or access authorization. The purpose of authentication is to protect system functions from misuse. Incommunication, authentication ensures that the communication partner is also who he claims to be.

Simple authentication procedures

In authentication, a distinction is made between one-way and two-way authentication. In practice, one-sided authentication is most common. For example, when logging in using single-factor authentication( SFA), the user enters his or her password to prove that he or she really is the specified user. The security service for single-factor authentication is the recipient proof, which is used to prove the user identity and thus also the user authorization to the system. This is mainly done using text-based password procedures with personal identification numbers or Knowledge-Based Authentications( KBA).

Alternatives to text-based methods include graphical user authentication( GUA), cryptographic techniques, and magnetic cards or chip ID cards.

Improved authentication methods

Strict user authentication can be certificate-based with smart cards, security tokens or USB tokens on which the private key is stored.

Contact and contactless smartcard

As an alternative, there is one-time authentication with the assignment of one-time passwords( OTP) and OTP tokens. In this method, a one-time password is generated and compared with the one-time password generated by the authentication server. The authentication server knows the algorithm of the OTP token and can calculate the next expected one-time password.

An effective increase in authentication security is achieved by Two-Factor Authentication( 2FA) and by Multifactor Authentication( MFA). Both methods combine two or more authentication techniques. These authentication systems rely on biometric methods combined with digital certificates or USB tokens. And as a further authentication procedure, there is DNA identification, which can be used in electronic components. A variant of the MFA method is out-of-band authentication, in which the authentication features are transmitted over two independent transmission channels.

More secure than one-way authentication is mutual authentication, in which all communication partners must prove their identity before exchanging confidential data with each other. For example, in the case of ATMs, before the personal identification number( PIN) is entered, the ATM should prove that the POS terminal is a real cash terminal and not a dummy.