Fandom

The IT Law Wiki

Mutual authentication

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

Mutual authentication is

a process whereby customer identity is authenticated and the target Web site is authenticated to the customer.[1]

Mutual authentication

Financial institutions Edit

"Mutual authentication is a higher level of authentication. In mutual authentication, both the authentication target and the authentication requestor verify the [[identity][ of the other end of the exchange. As an example, mutual authentication may occur between a user and a bank. The bank requires authentication of the requesting user to prove that the requestor should be granted access to a particular bank account. At the same time, the requesting users want proof that they are connected to the actual bank web presence and not a "spoof" of the bank, to be sure they are not sharing their authentication credentials with a potential bad actor."[4]

"Currently, most financial institutions do not authenticate their Web sites to the customer before collecting sensitive information. One reason phishing attacks are successful is that unsuspecting customers cannot determine they are being directed to spoofed Web sites during the collection stage of an attack. The spoofed sites are so well constructed that casual users cannot tell they are not legitimate. Financial institutions can aid customers in differentiating legitimate sites from spoofed sites by authenticating their Web site to the customer."[5]

References Edit

  1. Authentication in an Internet Banking Environment, App. at 13.
  2. ITU, "Compendium of Approved ITU-T Security Definitizons," at 29 (Feb. 2003 ed.) (full-text).
  3. NIST Special Publication 800-32.
  4. Mobile Security Reference Architecture (document), at 86-87.
  5. Authentication in an Internet Banking Environment, App. at 13.

Also on Fandom

Random Wiki