Mutual authentication
Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS).
By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-to-server authentication using client-side X.509 authentication.[1] As it requires provisioning of the certificates to the clients and involves less user-friendly experience, it's rarely used in end-user applications.
Mutual TLS authentication (mTLS) is much more wide-spread in business-to-business (B2B) applications, where limited number of programmatic and homogeneous clients is connecting to specific web services, the operational burden is limited and security requirements are usually much higher as compared to consumer environments.
Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud— Financial Services Technology Consortium, 2005
See also
- Computer security
- Secure channel
- Digital signature
- Mobile signature
- Two-factor authentication
- Pharming
References
- ↑ <tim@dierks.org>, Tim Dierks. "The Transport Layer Security (TLS) Protocol Version 1.2". tools.ietf.org. Retrieved 2016-04-22.
External links
- How to prevent phishing with mutual authentication - How to stop phishing with mutual authentication
- Mutual Authentication as a mobile application-based security token.