Internet crime, such as the practice of stealing authentication credentials through phishing, demonstrates the need for more effective and usable Internet authentication technology. Phishing can operate by presenting the user with a web page that appears to be a duplicate of, or associated with, a site to which the user provides its authentication credentials, such as a username and password. When the user provides its credentials to the phishing site, the credentials can be intercepted by the site operators and illicitly used on the real site to steal property, maliciously alter the user's account information, etc.
Although usernames and passwords don't require any special equipment to use, they are prone to being forgotten, written down in an unsecure way, stolen and guessed. While client-based cryptographic protocols such as HTTP Digest Authentication allow a proof of knowledge of the password to be substituted for the password itself, they only provide protection against phishing when used as the exclusive means of communicating the password value and suffer from some of the other disadvantages of passwords.
Some banks have deployed mechanisms that require additional authentication factors from a customer when the customer attempts to access its account from a new machine, i.e., a machine from which the user has not previously (or recently) attempted to access its account. While such systems can reduce fraud, they can impose burdensome requirements on users to log in. Customers who use a site infrequently often find that they are required to re-authenticate using their additional authentication factors almost every time they log in. Further, the additional factors may be easy to forget.
Blogs and other Web sites that provide access to user-generated content need lightweight authentication technologies that allow a reader to be authenticated to post a comment with as little extraneous interaction as possible. In such systems it is frequently sufficient to know that the entity seeking to post a new comment is the same entity that visited the site at an earlier time.
The HTTP ‘cookie’ mechanism can be used to provide a lightweight means of re-authenticating a client. But cookies are not designed for this particular purpose and typically lack the cryptographic security controls needed for reliable authentication. For example, plaintext cookie information is passed to the server rather than a proof of possession of the cookie information. Further, the cookie must be stored on the client as plaintext, which allows a ‘cookie stealing’ attack. Finally, cookies are used for many different purposes and clients are generally unable to distinguish cookies that support an authentication function from other types of cookies. Consequently, it is often impractical for a client to manage the expiry of authentication cookies separately from those used for other purposes. Expired authentication cookies could make it difficult for users to interact with sites that rely on cookie-based authentication.
SSL Client Authentication is a robust protocol that employs Public Key Cryptography (PKI) and X.509v3 client certificates. Despite the name, SSL Client Authentication is actually designed to authenticate the user of the browser rather than the browser (i.e., a client application) itself. Despite the advantages and widespread deployment of this protocol, it has not been widely used. This is because the SSL Client Authentication user interface can be difficult to use, particularly if the user has multiple client certificates. Also, it can be difficult to validate and provision a certificate to each end user.
What is needed is a client application authentication protocol that requires little or no user interaction and is very easy to use, requires the client to maintain little or no state information and that does not burden the server with the need to maintain much state information.