Methods of the above type are known in the art, in particular the Rivest, Shamir, Adleman (RSA) public key signature authentication method (see for example the paper by R. RIVEST, A. SHAMIR and L. ADLEMAN “A method for obtaining digital signatures and public key cryptosystems”, CACM, Vol. 21, No. 2, pp. 120-126, February 1978) and methods using the digital signature algorithm (DSA).
When such methods are used, the authenticator entity does not need to know the secrets contained in the identity module of the entity to be authenticated, only non-confidential data (the public key), which it uses to perform a fixed quantity of verification computations, after which the authenticator entity produces a binary response, i.e. “entity authenticated” or “entity not authenticated”. The level of security and the costs of the computations used by these methods depend on the length of the keys employed, which can vary from 512 to 1024 bits. Thus if the authenticator entity requires the highest possible certainty as to the authenticity of the entity to be authenticated, the size of the keys used in the authentication method could be 1024 bits, for example. But, if the authenticator entity relaxes its certainty constraints, then the authentication method can be executed with a smaller key, for example 512 bits or 768 bits.
The above methods have the drawback of obliging the entity to be authenticated to modify the size of its key as a function of the degree of certainty required by the authenticator entity.
There are also cryptographic authentication methods known as zero knowledge methods, such as the Fiat-Shamir method (see, for example, the paper by A. FIAT and A. SHAMIR “How to prove yourself: practical solutions to identification and signature problems”, CRYPTO'86, pp. 186-194, Springer Verlag, Berlin, 1987) and the Guillou-Quisquater method (see, for example, the paper by L. GUILLOU and J-J. QUISQUATER “A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory”, EUROCRYPT'88, pp. 123-128, Springer Verlag, Berlin, 1988). These methods repeat the following triplet one or more times:                the entity to be authenticated generates a random value and sends the authenticator entity an initial engagement depending on it,        the authenticator entity sends the entity to be authenticated a question Q which is generally a random value,        the entity to be authenticated uses its secret identification key to compute a response R to the question Q as a function of the initial engagement previously sent, and sends that response to the authenticator entity.        
The authenticator entity verifies the consistency of the initial engagement, the question Q and the response R, using the public key disclosed by the entity to be authenticated.
During this process, the authenticator entity fixes a number t of iterations of the above triplet. By repeating the triplet t times, the authenticator entity acquires the conviction that the entity to be authenticated is not an impostor with a probability that increases with t and tends towards 1. The authenticator entity can then modulate the quantity of verification computations as a function of the degree of certainty that it will accept for the authentication by choosing the number t of times the above triplet is iterated. This kind of modulation has the drawback of being visible to the entity to be authenticated, which can readily deduce the risk that the authenticator entity will accept from the number t of times that the authenticator entity sends it the question Q.
In other cryptographic authentication methods known in the art only some of the information on the entity to be authenticated is revealed to the authenticator entity. An example of this kind of method is described in the paper by F. BOUDOT “Preuves d'égalité, d'appartenance á un intervalle et leurs applications” [“Proofs of equality, of belonging to a range, and applications thereof”], Ph.D. thesis, Caen University, 25 Sep. 2000. The drawback of this method is that the authenticator entity is bound by the information that the entity to be authenticated wishes to reveal to it. This also makes this kind of method less secure.
Also known in the art are cryptographic authentication methods in which the verification computations performed by the authenticator entity are minimized. This is the case with the secure sockets layer (SSL) protocol, for example (see for example the Netscape Communications Corp. document “The SSL Protocol Version 3.0, Internet Draft”, March 1996, which can be consulted at the following URL: home.netscape.com/eng/ssl3. The SSL protocol is designed to assure confidentiality between an entity to be authenticated, usually a web client, and an authenticator entity, usually a web server. A first step of this protocol, at the time of opening a SSL session, consists of validating data transfer during which the client and the server:                choose a public key cryptographic algorithm and the length of the key used, and        negotiate session keys.        
During a second step, once transmission of application data begins, all the data is authenticated using a secret key algorithm and the session keys negotiated during the validation phase, the aim of this encryption being to authenticate exchanges between the client and the server.
The drawback of the SSL protocol is that it requires two very different encryption algorithms, which makes the computations lengthy and costly. Also, the server cannot vary the verification computation steps.
There are also methods known as biometric methods which identify a person on the basis of physiological characteristics (fingerprints, shape of the hand, lines of the face, pattern of the network of veins in the eye, the voice, etc.) or behavioral traits (speed and acceleration of pen movements, pressure applied, slant, etc.) which can be recognized and verified automatically.
The drawback of methods of this type is that they are not suitable for authenticating an entity such as a computer, for example, or for authenticating messages. Moreover, although thresholds are routinely used to adjust the authentication error risk, complete elimination of the risks of imposture leads to a non-zero risk of rejecting a legitimate entity to be authenticated.