In today's Internet communications, many web sites are designed to authenticate and track a user when communication is first established. In order to accomplish this, users typically identify themselves to the web site by supplying a username and password combination. Thereafter, the web site will generate a credential (e.g. a unique session identifier) to identify the user's session as having been authenticated. Subsequent interaction between the user and the web site is performed by using the credential as proof of the authenticated session. This eliminates the need to pass the confidential user name and password combination back and forth with each transaction, while still enabling the communication between the user and the web site to remain secure.
Credentials may also be used in many other aspects of computer security, such as to provide authentication and authorization, access control lists, encryption and decryption of electronic communications, digital rights management (DRM) and a variety of other contexts. In most instances, the use of credentials follows the paradigm of first issuing a credential to a user or other entity and subsequently allowing that user or entity to utilize the credential to assert their identity or gain permission to perform a particular action.