About Authentication
Click here to see this page in full context

About Authentication

Authentication is defined as:

 

1. The process of verifying that a message comes from its stated source.

2. The process of verifying the identity or access level of a user, computer, or application.

 

In order to perform secure electronic commerce of any form, it is critical for the parties involved to confidently identify each other. There are many techniques that can be used to authenticate an individual.

Passwords

One of the most common techniques for authentication is the use of a secret password. By defining a password that only you know, a trusted entity with access to the secured password database can be somewhat confident that it is really you. This may be a password that you use to "log-in" to a computer system, or a numeric code that allows you to enter a secured door.

Physical Tokens

Another common technique is to utilize something that you have in your possession. An identity card, ATM card, and a driver's license are all examples of this. ATM cards offer two-factor authentication, since you also must know a secret password in addition to having the card itself.

Biometrics

Biometric authentication systems include devices that can read fingerprints or perform retinal scans. These are both physical attributes that can be used to identify an individual.

 

Each of these techniques has strengths and weaknesses. Passwords can sometimes be easily guessed. Physical ID's can be stolen. Biometrics systems are expensive and prone to digital replay attacks.

Public Key Cryptography - Digital Certificates

Over the past twenty years, the science of public key cryptography has become popular. Although its initial design was for information privacy, the technology has been used to define digital certificates and digital signatures. These technologies are now applied for authentication and non-repudiation in many applications, including EasCorp's Ease-Link and Vertifi's secure customer portal (VCP).

 

NOTE:
  • For Internet Explorer users, when installing a digital certificate, users have the ability to "enable strong private key protection" which enables the option for the digital certificate to be setup with Medium or High security.
     
    • Medium security means that the user will be prompted with a web access confirmation pop-up message when accessing the secure pages of Ease-Link and VCP. This is the default setting for this option. 

    • High security means that the user can secure the certificate with a password. If the password option is selected, once the user is prompted for and validates his/her digital certificate, he/she must then enter this password prior to gaining access to the secure pages of Ease-Link and VCP.

 

See Installing a Personal Certificate - Internet Explorer for more details on this option.

 

  • For Firefox Users, users have the ability to set a "Master Password" within the browser that will be required with every digital certificate installed on the PC. See Installing a Personal Certificate - Firefox for more details on this option.