Definitions[]
Mutual authentication is
“ | a process whereby customer identity is authenticated and the target Web site is authenticated to the customer.[1] | ” |
Mutual authentication
- "[is] [t]he assurance of the identities of both principals."[2]
- "[o]ccurs when parties at both ends of a communication activity authenticate each other.[3]
- "[t]he process of both entities involved in a transaction verifying each other."[4]
Financial institutions[]
"Mutual authentication is a higher level of authentication. In mutual authentication, both the authentication target and the authentication requestor verify the [[identity][ of the other end of the exchange. As an example, mutual authentication may occur between a user and a bank. The bank requires authentication of the requesting user to prove that the requestor should be granted access to a particular bank account. At the same time, the requesting users want proof that they are connected to the actual bank web presence and not a "spoof" of the bank, to be sure they are not sharing their authentication credentials with a potential bad actor."[5]
"Currently, most financial institutions do not authenticate their Web sites to the customer before collecting sensitive information. One reason phishing attacks are successful is that unsuspecting customers cannot determine they are being directed to spoofed Web sites during the collection stage of an attack. The spoofed sites are so well constructed that casual users cannot tell they are not legitimate. Financial institutions can aid customers in differentiating legitimate sites from spoofed sites by authenticating their Web site to the customer."[6]
References[]
- ↑ Authentication in an Internet Banking Environment, App. at 13.
- ↑ ITU, "Compendium of Approved ITU-T Security Definitizons," at 29 (Feb. 2003 ed.) (full-text).
- ↑ NIST Special Publication 800-32.
- ↑ NIST Special Publication 800-171B, App. B, at 48.
- ↑ Mobile Security Reference Architecture (document), at 86-87.
- ↑ Authentication in an Internet Banking Environment, App. at 13.