Authentication

Most server software permits client authentication by means of a user ID and password. For example, a server might require a name and password before granting access to the server. The server maintains a list of names and passwords to which it will grant access.

Another form of authentication is a client certificate with a digital signature.

Public key cryptography employs certificates to avoid impersonation. A certificate is a binding between a subject identity and a public key. In other words, a certificate is a document that claims the embedded public key belongs to that subject. Anyone can produce a certificate, so how can we have confidence the claim is true? The answer is to delegate the verification.


iWay Software