Remote client authentication

Abstract

A remote authentication method's goal is to establish and secure an authenticated information channel by proving a user's identity through an associated security channel. The information channel also serves as the security channel. Most primitive remote authentication method is the use of static password, which change every few months. Remote authentication with one-time codes is based on the idea that both client and server share a secret. A scratch list is the simplest form of a one-time code. The server knows the codes, and clients use them sequentially or in an indexed form. The shared secret is the listed code and clients use it as is, without further derivation. Authentication based on public-key cryptography does not rely on shared secrets. Each client is initially equipped with a private key and a matching public key. The server uses a PKI that issues a digital certificate to bind the client's identity the public key.