Mutual Authentication

Mutual Authentication, also known as two-way authentication is when two sides of a communications channel verify each other’s identity, instead of only one side verifying the other. Mutual authentication is also known as “two-way authentication” because the process goes in both directions.

In a mutual authentication process, a connection can occur only if the client and the server exchange, verify, and trust each other’s certificates. The certificate exchange occurs by means of the Transport Layer Security (TLS) protocol. The core of this process is to make sure that clients communicate with legitimate servers, and servers cooperate only with clients who attempt access for legitimate purposes.

Mutual authentication is a desired characteristic in verification schemes that transmit sensitive data, in order to ensure data security. Mutual authentication can be accomplished with two types of credentials: usernames and passwords, and public key certificates.

Mutual authentication is often employed in the Internet of Things (IoT). Writing effective security schemes in IoT systems can become challenging, especially when schemes are desired to be lightweight and have low computational costs. Mutual authentication is a crucial security step that can defend against many adversarial attacks, which otherwise can have large consequences if IoT systems (such as e-Healthcare servers) are hacked. In scheme analyses done of past works, a lack of mutual authentication had been considered a weakness in data transmission schemes.

The mutual authentication process involves the following certificates:

Root CA certificate
Used to identify a certificate authority (CA) that signed a client’s certificate. It is a self-signed certificate that meets the X.509 standard, defining the format of public key certificates. In IoT products, clients upload a root CA certificate or a certificate chain to verify that the certificates that client devices send to edge servers can be trusted.
Server SSL certificate
Used to identify edge servers to client devices over TLS and to establish a secure connection during the TLS handshake. It is the enhanced TLS certificate that you provide in your property configuration.
Client SSL certificate
Used to identify client devices to edge servers over TLS. This certificate must meet the X.509 standard, defining the format of public key certificates.

Related Products

ACS To Participate in Securing Federal Identity 2019

Nick Schooler2023-03-13T14:16:24-07:00May 29th, 2019|

HONG KONG, 29 May, 2019 - Advanced Card Systems Ltd. (ACS), Asia Pacific's top supplier and one of the world's top 3 suppliers of PC-linked smart card readers (Source: Frost & Sullivan), exhibits in Securing Federal Identity 2019 from 4

ACS Launches ACOS5-EVO Cryptographic Smart Card

Nick Schooler2023-03-13T14:16:26-07:00May 3rd, 2019|

HONG KONG, 3 May 2019 - Advanced Card Systems Ltd. (ACS), Asia Pacific's top supplier and one of the world's top 3 suppliers of PC-linked smart card readers (Source: Frost & Sullivan), introduces the ACOS5-EVO Cryptographic Smart

South Africa selects Gemalto for its national electronic identity card program

Nick Schooler2023-03-13T14:16:35-07:00March 27th, 2019|

Amsterdam, June 5, 2013 - Gemalto (Euronext NL0000400653 GTO, the world leader in digital security, will supply the Government Printing Works (GPW) of South Africa with Sealys eID cards for their national identity program. GPW will harness Gemalto’s secure embedded software to protect the

Entrust Datacard Raises the Bar for Zero Factor Authentication

Nick Schooler2023-03-13T14:21:44-07:00August 24th, 2018|

MINNEAPOLIS—(August 24, 2018)—Entrust Datacard, a leading provider of trusted identity and secure transaction technology solutions, today announced new, innovative capabilities for the company’s Mobile Smart Credential solution — including Bluetooth functionality which provides automated login and logout support across platforms

Identiv Launches Its First Certificate-Based PKI Credential for Microsoft® Minidriver

Nick Schooler2023-03-13T14:21:45-07:00August 23rd, 2018|

FREMONT, Calif., August 23, 2018 — Identiv, Inc. (Nasdaq: INVE) today announced the latest addition to its high-security credential portfolio, uTrust MD Smart Cards. Providing a comprehensive solution for converged physical and logical access control, Identiv’s uTrust MD Smart Card is the

Two-Factor Authentication Market 2018 Global Industry Size, Share, Top Leaders, Historical Analysis, Business Strategy and Industry Segments Poised For Strong Growth In Future 2023

Nick Schooler2023-03-13T14:21:46-07:00August 16th, 2018|

Thursday, August 16th 2018, 8:41 am EDT “Market Research Future” Market Research Future published a research report on “Global Two-Factor Authentication Market Research Report- Forecast 2023” Market Analysis, Scope, Stake, Progress, Trends and Forecast to 2023. Market Scenario: Two Factor

ACOS3 Microprocessor Smart Card
- Large EEPROM memory –32KB or 72KB
- FIPS 140-2 compliant hardware based RNG
- Five secret codes + Issuer Code
- DES/3DES and AES 192 bits
ACOS6 Multi-application & Purse Smart Card
- 64K EEPROM memory
- CC EAL5+ (chip level)
- FIPS 140-2 compliant hardware based RNG
- Mutual authentication with session key generation
- Supports DES/3DES
ACOS6-SAM Secure Access Module
- Secure Access Module Compatibility
  - ACOS3
  - ACOS6
  - MIFARE Ultralight® C
  - MIFARE® DESFire®
  - MIFARE Plus®
- Cryptographic Features
  - AES: 128/192/256-bits (ECB, CBC)
  - DES/3DES: 56/112/168-bits (ECB, CBC)
  - Random Number Generation: FIPS 140-2 compliant hardware based RNG
Atmel AT88SC0104C CryptoMemory® Smart Card
- Advanced built-in security and cryptographic
- High performance
- Stream Encryption Ensures Data Privacy
- Anti-tearing (Power Loss Protection)
- Can Be Used in Virtually Any Reader
- Low cost, and ease of implementation
Atmel AT88SC0104CA CryptoMemory® Smart Card
- Advanced built-in security and cryptographic
- High performance
- Stream Encryption Ensures Data Privacy
- Anti-tearing (Power Loss Protection)
- Can Be Used in Virtually Any Reader
- Low cost, and ease of implementation
Atmel AT88SC1616C CryptoMemory® Smart Card
- Advanced built-in security and cryptographic
- High performance
- Stream Encryption Ensures Data Privacy
- Anti-tearing (Power Loss Protection)
- Can Be Used in Virtually Any Reader
- Low cost, and ease of implementation
CardLogix Adds On-Board Smart Card Encryption Utility to M.O.S.T. OS Development Platform
Infineon CIPURSE™SAM Card (Secure Access Module) – SLF 9630
- Secured transaction (< 100 ms)
- Ready-to-use for personalization
- Future proven cost effective solution for security application
- CIPURSE™ certified
- CC EAL 6+ (high) for hardware
M.O.S.T. Card® C Series Microprocessor Smart Cards

Categories: Authentication, Cryptography, Identity, Logical Access, PKI, Security

Tags: Authentication, Certificate Authority, IoT, Mutual Authentication, SSL, X.509

« Back to Glossary Index

Related Products

Taglio PIVKey™ C910 Certificate Based PKI Smart Card for Authentication and Identification

GIDS Card (Generic Identity Device Specification) Multi-Factor Authentication Login PKI Smart Card

CardLogix Credentsys™ PIV II Card

FIPSlink TWIC® Card Enrollment and TWIC® Device Management Software Platform

Related Articles