mutual authentication

With mutual authentication, a connection can occur only when the client trusts the server's digital certificate and the server trusts the client's certificate. The exchange of certificates is carried out by means of the Transport Layer Security (TLS) protocol. If the client's keystore contains more than one certificate, the certificate with the latest timestamp is used to authenticate the client to the server. This process reduces the risk that an unsuspecting network user will inadvertently reveal security information to a malicious or insecure Web site.

Fraudulent e-mail messages may still appear in a user's inbox but even if the user clicks on a dubious link, mechanisms will prevent data input to the resulting Web page. Similarly, an Internet user cannot disclose authentication credentials to untrusted Web sites visited during the course of casual Internet surfing, even if a conscious attempt is made to do so. Some mutual authentication solutions split transmitted and received data into multiple channels, complicating the task of a malicious hacker. Once a site has been identified as hostile, the user's computer can be blocked from visiting it or using its features thereafter.

To illustrate, suppose an unsuspecting online bank customer or retail consumer is directed to a Web site created for the purpose of phishing. In that situation, mechanisms will prevent the input of critical data such as PINs (personal identification numbers), passwords or Social Security numbers unless a trusted connection has been established to the satisfaction of both the user's computer and the network server. A well-designed mutual authentication solution also protects against other forms of online fraud such as man in the middle attacks, shoulder surfing, Trojan horses, keyloggers and pharming.

Mutual authentication should not be confused with two-factor authentication, a security process in which the client provides two means of identification to the server, such as a physical token and a password. For optimum security, mutual authentication can be used in conjunction with this and other countermeasures such as firewalls, antivirus software and anti-spyware programs.

Read more about mutual authentication: - Deepnet Security offers a mutual authentication platform. - Tricerion offers a product called Strong Mutual Authentication (SMA) and describes how it can protect against multiple threats. - HowToForge explains how mutual authentication can be used to prevent phishing. - WiKID Systems has developed an open-source mutual authentication system. - Sun Developer Network explains how mutual authentication can be implemented.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Global authentication policies made easy The challenge of implementing global authentication policies can be alleviated. Joel Dubin lays out best practices for overcoming language, culture... Keystroke recognition aids online authentication at credit union Some banks and financial firms are turning to keystroke recognition as a weapon against online fraud. Survey discovers access control problems at many firms Despite growing data breach dangers as a result of trusted insiders, many firms are failing to implement a strong access governance program, according...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Real ID  (SearchFinancialSecurity.com) Real ID is a driver's license that complies with standards mandated by the United States Real ID Act of 2005. (Continued...)