Basic Concepts of Authentication

Authentication is a process for verifying the identity of something or someone. When you authenticate an object, the goal is to verify that you have the genuine article. When you authenticate a person, the goal is to verify that you are not dealing with an imposter.

Both kinds of authentication occur when you cross an international border. A guard asks for credentials; you present a passport. The guard authenticates the passport by verifying that it was issued by a security authority the local government trusts — trusts, at least, to issue passports. The guard authenticates you by verifying that your face matches the face of the person pictured on the passport. If the passport proves to be valid and you prove to be its owner, you are allowed to proceed. Otherwise, you are denied access to the country/region you want to enter.

The kind of authentication that takes place at an international border is based on trust. The local government does not know you, but it trusts that your government does. When your government issued your passport, it did not know you either. It trusted the agency that issued your birth certificate. The agency that issued your birth certificate in turn trusted the physician who signed the certificate. The physician witnessed your birth and stamped the certificate with your footprint, direct proof of your identity. Trust transferred in this way, through trusted intermediaries, is transitive . Transitive trust between security authorities is the foundation for network security in Windows 2000.