About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IEEE Security and Privacy
Paper
Remote client authentication
Abstract
A remote authentication method's goal is to establish and secure an authenticated information channel by proving a user's identity through an associated security channel. The information channel also serves as the security channel. Most primitive remote authentication method is the use of static password, which change every few months. Remote authentication with one-time codes is based on the idea that both client and server share a secret. A scratch list is the simplest form of a one-time code. The server knows the codes, and clients use them sequentially or in an indexed form. The shared secret is the listed code and clients use it as is, without further derivation. Authentication based on public-key cryptography does not rely on shared secrets. Each client is initially equipped with a private key and a matching public key. The server uses a PKI that issues a digital certificate to bind the client's identity the public key.