(1) Verifying the integrity of a transmitted message. See
message integrity,
email authentication and
MAC.
(2) Verifying the identity of a user logging into a network or computer. Passwords, digital certificates, smart cards and biometrics can be used to prove user identity (see below). Digital certificates can also be used to identify the network to the client. See
digital certificate,
identity management,
identity metasystem,
OpenID,
human authentication,
challenge-response,
IP spoofing and
CAPTCHA.
Four Levels of Proof
The four levels of proof follow in order of least secure to most secure. None of them are entirely foolproof, which is why two methods are widely used (see
two-factor authentication).
1 - What You Know
Passwords only verify that somebody knows the correct combination of characters. The answer to a security question such as "what is the name of your grandmother?" is in the same category. Although more personal, almost any data can be researched on the Web. See
password.
2 - What You Have
A private cryptographic key in the computer is far more secure than a password, and authentication tokens, such as a USB key, verify that there is a physical item in the user's possession. However, computers and USB tokens can be stolen. See
challenge-response,
digital signature,
public key cryptography and
authentication token.
3 - What You Are
Biometrics such as fingerprint and iris recognition are more difficult to forge, but these systems can be fooled. See
biometrics.
4 - What You Do
Dynamic biometrics such as hand writing a signature and speaking a particular phrase are the most secure; however, replay attacks can fool the system.