In general, authentication is used by a server to verify the identity of entities or individuals accessing the server and the information thereon. In an authentication scenario, machines and/or users can prove their identities to a server with, for example, user names, passwords, voice recognition, or other biometric tools. Once a client is authenticated by a server, the server can provide certain authorizations to the client, outlining which resources a client can use, and/or which files a client can access. Authorization can be based on the identity of the client, and what privileges that client may have been given.
During conversations with secure software agents, clients are typically authenticated at the beginning of the conversation, and often need to be re-authenticated as a conversation with a software agent progresses. Depending on, for example, the requirements of the server and/or the security of the information being accessed, such re-authentication may occur multiple times during the course of a conversation with a software agent. This type of secondary, on-demand, re-authentication may rely on one-time credentials, such as, for example, one-time passcodes (OTPs), or other hardware and software authentication tokens, which are generally valid only in the context of an existing, and previously authenticated, session, and only for one re-authentication attempt.
For example, banking transactions, such as obtaining balances, or transferring money between accounts, are generally subject to this kind of enhanced authentication.