Authentication refers to the task of verifying the identity of aperson/software connecting to an application. The simplest form ofauthentication consists of a secret password that must be presented when a userconnects to the application. Unfortunately, passwords are easily compromised,for example, by guessing, or by sniffing of packets on the network if thepasswords are not sent encrypted. More robust schemes are needed for criticalapplications, such as online bank accounts. Encryption is the basis for morerobust authentication schemes.
Many applications use two-factor authentication, where two independentfactors (that is, pieces of information or processes) are used to identifya user. The two factors should not share acommon vulnerability; for example, if a system merely required two passwords,both could be vulnerable to leakage in the same manner. While biometrics suchas fingerprints or iris scanners can be used in situations where a user isphysically present at the point of authentication, theyarenot very meaningful across a network. Passwords are used as the first factor inmost such two-factor authentication schemes. Smart cards or other encryptiondevices connected through the USBinterface,which can be used for authentication based on encryption techniques are widelyused as second factors. Encryption refers to the process oftransforming data into a form that is unreadable,unless the reverse process ofdecryption is applied.
Encryption algorithmsuse an encryption key to performencryption, and require a decryption key (whichcould be the same as the encryptionkey depending on the encryption algorithmused) to perform decryption.Previously encryption was used for transmittingmessages, encryptedusing a secret key known only tothe sender and the intended receiver. Even ifthe message is intercepted by anenemy, the enemy, not knowing the key, will notbe able to decrypt and understandthe message. Encryption is widely used todayfor protecting data in transit in avariety of applications such as data transfer onthe Internet, and on cellular phonenetworks. Encryption is also used to carry outother tasks, such as authentication