Digital Certificate Operation in a Complex Environment
homebackgroundprojectdocumentsdesignglossary
navigation search
search query:

PKI Primer and Project Background

5. What is authentication?

5.1. Avoiding the question for a moment...

You may assume that 'identification' of users (or servers) is what we should be worried about. However, let's say that identification is really associating an identity with a subject (or a network ID with a request). This most basic level of 'security' is good enough for a lot of transactions. For example, the owners of some text on a web page that is in the public domain do not have to worry that the text is going to a verified individual - all that the server has to do is to ensure that the text is delivered to the individual that requested it. Therefore, basic identification is 'associating an identity with a subject', and can be (relatively) anonymous. Over a public network such as the Internet, this is a very basic process (handled by TCP/IP - transmission control protocol/Internet protocol - very well).

'Authentication', on the other hand, comes in when a little more 'security' is necessary. Authentication is 'establishing the validity of something, such as an identity'. Over a public network, this may be difficult. In the real world you may be happy that someone has authenticated her identity by showing you her driving licence or national passport. You may even be fairly happy with a less important document that she holds, such as her gym membership card.

*For easy readability, we have avoided writing "he or she" etc. and have tried to use examples of either sex. In this primer, we attempt to use male and female examples in equal measure.

Between computers over networks it is possible (and often quite easy) for someone else to copy a set of data that you have used to identify yourself before. Therefore, the danger exists that your server - or your correspondent - cannot be sure that you are who you appear to be or that your apparent identity has been validated (authenticated).

The process of validating people or entities is termed 'authentication' and is a huge subject in itself and so we are not going to enter into the subject too much in this brief introduction.

Thankfully, authentication via digital certificates can overcome those problems but they are not without their own challenges.

Up: Contents Previous: 4. What are digital certificates? Next: 6. Authentication via digital certificates

Oxford University Computing Services Mimas Athens access management services Oxfore e-Science Centre Systems and Electronic Resources Service Joint Information Systems Committee