What is Authentication in Information Security?

Information SecuritySafe & SecurityData Structure

Authentication is the procedure of recognizing someone's identity by assuring that the person is the similar as what it is claiming for. It can be used by both server and client.

The server uses authentication when someone needs to access the data, and the server required to understand who is accessing the data. The client uses it when it is need to understand that it is the same server that it claims to be.

The authentication by the server is completed mostly by utilizing the username and password. There are some another method of authentication by the server can also be completed using cards, retina scans, voice identification, and fingerprints.

Authentication does not provide what service under a process one person can do, what document it can view, read, or update. It mainly recognizes who the person or system is absolutely.

User authentication is the main line of defence for mobile and handheld devices such as Personal Digital Assistants (PDAs). Traditional authentication architecture based on providing a centralized database of user identities, creating it complex to authenticate users in a different management domain as depicted.

This structure for providing security in mobile device is a problem for each system providing safe access to precious, private information, and personalized services. The authentication mechanism must be distributed, and the various elements of the authenticator required to connect with each other to authenticate a user.

The authentication service is concerned with assuring that a communication is accurate. In the method of an individual message, including a warning or alarm signal, the function of the authentication service is to satisfy the recipient that the message is from the source that it declare to be from.

In the case of request for interaction, including the connection of a terminal to a host, there are two things are to be taken care of.

First, at the time of connection start, the service satisfy that the two participating entities are accurate, that is, that each is the entity that it claims to be.

Second, the service should persuade that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties and implement unauthorized transmission or reception.

There are two definite authentication services are described in X.800 which are as follows −

  • Peer entity authentication − It supports for the corroboration of the identity of two entities cooperative in communication. Peer entity authentication is supported for use at the formation of, or at times during the data transfer procedure of a connection. It can tries to support confidence that an entity is not implementing such as masquerade or an unapproved replay of a previous connection.

  • Data origin authentication − It supports for the validation of the source of a message (sender). It does not support protection against the duplication or modification of information units. This type of service supports applications such as electronic mail, where there are no previous interactions among the communicating entities.

Updated on 10-Mar-2022 09:57:10