Authentication
The authentication service is concerned
with assuring that a communication is authentic. In the case of a single
message, such as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the source that it
claims to be from. In the case of an ongoing interaction, such as the connection
of a terminal to a host, two aspects are involved. First, at the time of
connection initiation, the service assures that the two entities are authentic,
that is, that each is the entity that it claims to be. Second, the service must
assure that the connection is not interfered with in such a way that a third
party can masquerade as one of the two legitimate parties for the purposes of
unauthorized transmission or reception.
Two specific authentication services are defined in X.800:
-
Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association. It is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection.
-
Data origin authentication: Provides for the corroboration of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail where there are no prior interactions between the communicating entities.
No comments:
Post a Comment