1.45 Definition An identification or entity authentication technique assures one party (through acquisition of corroborative evidence) of both the identity of a second party involved, and that the second was active at the time the evidence was created or acquired.

Typically the only data transmitted is that necessary' to identify the communicating parties. The entities are both active in the communication, giving a timeliness guarantee.

1.46 Example (identification) A calls В on the telephone. If A and В know each other then

entity authentication is provided through voice recognition. Although not foolproof, this works effectively in practice. □

1.47 Example (identification) Person A provides to a banking machine a personal identification number (PIN) along with a magnetic stripe card containing information about A. The banking machine uses the information on the card and the PIN to verify the identity of the card holder. If verification succeeds, A is given access to various sendees offered by the machine. □

Example 1.46 is an instance of mutual authentication whereas Example 1.47 only provides unilateral authentication. Numerous mechanisms and protocols devised to provide mutual or unilateral authentication are discussed in Chapter 10.

Data origin authentication

1.48 Definition Data origin authentication or message authentication techniques provide to one party which receives a message assurance (through corroborative evidence) of the identity of the party which originated the message.

Often a message is provided to В along with additional information so that В can determine the identity of the entity who originated the message. This form of authentication typically provides no guarantee of timeliness, but is useful in situations where one of the parties is not active in the communication.

  • 1.49 Example (needfor data origin authentication) A sends to В an electronic mail message
  • (e-mail). The message may travel through various network communications systems and be stored for В to retrieve at some later time. A and В are usually not in direct communication. В would like some means to verify that the message received and purportedly created by A did indeed originate from A.

Data origin authentication implicitly provides data integrity since, if the message was modified during transmission, .4 would no longer be the originator.

< Prev   CONTENTS   Source   Next >