Electronic authentication

When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender.

Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

According to this model, the enrollment process begins with an individual applying to a Credential Service Provider (CSP).

[6] Once the applicant's identity has been confirmed by the CSP, he or she receives the status of "subscriber", is given an authenticator, such as a token and a credential, which may be in the form of a username.

[4] Well-maintained health records can help doctors and hospitals know the targeted patient's important medical conditions before conducting any therapy.

The Sumerians in ancient Mesopotamia attested to the authenticity of their writings by using seals embellished with identifying symbols.

Short Message Service (SMS) is very effective when cell phones are commonly adopted.

[11] Biometric authentication is the use of unique physical attributes and body measurements as the intermediate for better identification and access control.

A new technological innovation which provides a wide variety of either behavioral or physical characteristics which are defining the proper concept of biometric authentication.

For example, recent work have explored how to exploit browser fingerprinting as part of a multi-factor authentication scheme.

Some common paper credentials include passports, birth certificates, driver's licenses, and employee identity cards.

The credentials themselves are authenticated in a variety of ways: traditionally perhaps by a signature or a seal, special papers and inks, high quality engraving, and today by more complex mechanisms, such as holograms, that make the credentials recognizable and difficult to copy or forge.

It is undesirable for verifiers to learn shared secrets unless they are a part of the same entity as the CSP that registered the tokens.

When using a local authentication scheme, the application retains the data that pertains to the user's credentials.

The onus is on the user to maintain and remember the types and number of credentials that are associated with the service in which they need to access.

Each application is different and must be designed with interfaces and the ability to interact with a central system to successfully provide authentication for the user.

It uses a single authentication mechanism involving a minimum of two factors to allow access to required services and the ability to sign documents.

[15] When developing electronic systems, there are some industry standards requiring United States agencies to ensure the transactions provide an appropriate level of assurance.

Generally, servers adopt the US' Office of Management and Budget's (OMB's) E-Authentication Guidance for Federal Agencies (M-04-04) as a guideline, which is published to help federal agencies provide secure electronic services that protect individual privacy.

It asks agencies to check whether their transactions require e-authentication, and determine a proper level of assurance.

The OMB proposes a five-step process to determine the appropriate assurance level for their applications: The required level of authentication assurance are assessed through the factors below: National Institute of Standards and Technology (NIST) guidance defines technical requirements for each of the four levels of assurance in the following areas:[19] Triggered by the growth of new cloud solutions and online transactions, person-to-machine and machine-to-machine identities play a significant role in identifying individuals and accessing information.

Services ranging from applying for visas to renewing driver's licenses can all be achieved in a more efficient and flexible way.

[22] In several countries there has been established nationwide common e-authentication schemes to ease the reuse of digital identities in different electronic services.

E-authentication is a government-wide partnership that is supported by the agencies that comprise the Federal CIO Council.

Those credentials or e-authentication ID are then transferred the supporting government web site causing authentication.

Article 8 of eIDAS allows for the authentication mechanism that is used by a natural or legal person to use electronic identification methods in confirming their identity to a relying party.

These new applications combine the features of authorizing identities in traditional database and new technology to provide a more secure and diverse use of e-authentication.

Since only the user has the access to a PIN code and can send information through their mobile devices, there is a low risk of attacks.

The difference is E-commerce authentication is a more narrow field that focuses on the transactions between customers and suppliers.

A simple example of E-commerce authentication includes a client communicating with a merchant server via the Internet.

Digital enrollment and authentication reference process by the American National Institute of Standards and Technology (NIST)
A sample of token
Biometric authentication
Example of mobile authentication with one-time password