Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Mutual authentication is a security process in which both client and server authenticate each other's identities before actual communication occurs.
This authentication process is common in web-based and online applications. This is to ensure that clients are communicating exclusively with legitimate entities or servers and so the servers can be certain that the client attempting access has a legitimate purpose.
Mutual authentication is also known as website-to-user authentication and two-way authentication.
Mutual authentication requires that both the server and the client prove their respective identities to each other before performing any communication-related functions.
The identities can be proven using trusted third parties and by using shared secrets or through cryptographic methods like a public key infrastructure.
So in a web-based mutual authentication process, communication can occur only if the client and the server trust each other’s digital certificates. The certificate exchange is done through Transport Layer Security (TLS) protocol.
The core essence of this process is that neither party trusts the other until identities are proven. This simply means that the server must be sure of who the client is and the client must be sure of the server.
This prevents security from being compromised through simple attacks like impersonation.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What is Differential Privacy? Differential privacy is a mathematical framework for determining a quantifiable and adjustable level of privacy protection....
Margaret RouseTechnology Expert
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
What is a Security Posture? Security posture definition refers to the ability an organization has to protect its information technology...
Trending NewsLatest GuidesReviewsTerm of the Day