Authentication is the process of identifying a user during login. It verifies that the user is who he says he is.
The owner of the login page determines what factors are needed to gain access. The most common form is Single-Factor Authentication involving a password to authenticate a user. Having the correct login information is not enough. It can be stolen.
Scope: Endpoint Security
Authentication typically involves the exchange of Security Tokens, which grant access to a specific set of resources for a specific amount of time. For more information, see Related Reference: Security Token
An Android or IOS mobile device can be used to provide ProtectID and OATH Authentication for login to a web site, network, or cloud service.
Example: Out-Of-Band Authentication using a mobile device as a second channel of communication.
1. Phone rings.
2. Enter # to continue.
3. Enter 6 digit password displayed on the computer, into the phone, to authenticate a computer online application.
For more information about ProtectID, OATH, and Out-Of-Band Authentication, view the Summary Descriptions below.
Note: It is the owner of the login page that determines which factors are used for authentication, not the owner of the mobile device.
Authentication Systems, Standards, and Protocols
Data Origin Authentication
Data Origin Authentication verifies that the source of data received is as claimed.
Single-Factor Authentication is the most common form of authentication, and is the one that most people are familiar with. An example of a Single-Factor is a password for a user name for logging into an email service.
Two-Factor Authentication verifies that you are who you say you are, when logging into a website, network, or cloud service. Having the correct login information is not enough. It can be stolen.
Two-Factor Authentication requires the use of two of the three authentication factors identified in the Standards and Regulations for access to U.S. Federal Government systems. For more information, see Related Concepts: Two-Factor Authentication.
Multi-Factor Authentication involves the use of two or more of the three authentication factors identified in the Standards and Regulations for access to U.S. Federal Government systems.
OATH (Open Authentication) is a non-proprietary set of standards for Two-Factor authentication.
OAuth Authentication is a server-to-server protocol for applications to authenticate each other. Three parties are typically involved: one authorization server and two servers and their applications that need to communicate with one another.
OpenID Authentication is an open standard for Single Sign-On (SSO) authentication for affiliated but separate web sites. It does not rely on a central authority to authenticate user identity.
Out-Of-Band Authentication (OOBA)
Out-Of-Band Authentication is a type of Multi-Factor Authentication involving more than one channel for communication of verification factors, that are not linked to the original communication channel used to access a website, network, or cloud service.
Out-Of-Band Authentication guards against intruders that may have access to the original communication channel used for logins and transactions.
ProtectID Authentication is a Two-Factor Authentication system developed by Strikeforce Technologies.
SAML (Security Assertion Markup Language) Authentication is a Single Sign-on protocol that completely eliminates the need for passwords. SAML allows the user to log on once for affiliated but separate web sites. It relies on Centralized Identity Management.
SSO (Single Sign-On) is an authentication process for entering a single user name and password to access multiple applications.
Authentication vs Authorization
Authentication verifies who you are, whereas authorization verifies what you are authorized to do after successful authentication.
Problem & Solution