Electronic authentication

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication or e-authentication may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence whether data received has been tampered with after being signed by its original sender. In a time where fraud and identity theft has become rampant, electronic authentication can be a more secure method of verifying that a person is who they say they are when performing transactions online. Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication or e-authentication may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence whether data received has been tampered with after being signed by its original sender. In a time where fraud and identity theft has become rampant, electronic authentication can be a more secure method of verifying that a person is who they say they are when performing transactions online. There are various e-authentication methods that can be used to authenticate a user's identify ranging from a password to higher levels of security that utilize multifactor authentication (MFA). Depending on the level of security used, the user might need to prove his or her identity through the use of security tokens, challenge questions or being in possession of a certificate from a third-party certificate authority that attests to their identity. The American National Institute of Standards and Technology (NIST) has developed a generic electronic authentication model that provides a basic framework on how the authentication process is accomplished regardless of jurisdiction or geographic region. According to this model, the enrollment process begins with an individual applying to a Credential Service Provider (CSP). The CSP will need to prove the applicant's identity before proceeding with the transaction. Once the applicant's identity has been confirmed by the CSP, he or she receives the status of 'subscriber', is given an authenticator, such as a token and a credential, which may be in the form of a username. The CSP is responsible for managing the credential along with the subscriber's enrollment data for the life of the credential. The subscriber will be tasked with maintaining the authenticators. An example of this is when a user normally uses a specific computer to do their online banking. If he or she attempts to access their bank account from another computer, the authenticator will not be present. In order to gain access, the subscriber would need to verify their identity to the CSP, which might be in the form of answering a challenge question successfully before being given access. The need for authentication has been prevalent throughout history. In ancient times, people would identify each other through eye contact and physical appearance. The Sumerians in ancient Mesopotamia attested to the authenticity of their writings by using seals embellished with identifying symbols. As time moved on, the most common way to provide authentication would be the handwritten signature.