A principal feature of network security is user authentication, which ensures that only authorized people can access protected data. For
example, how does your credit card company know it is you trying to access your online credit card statement? In turn, how can you verify
you've reached the credit card company's actual Web site and not a fraud's? User authentication is a system that meets that challenge by
typically involving a check of the user ID and password.
Because of changes in individuals' access needs (as a result of hiring and resignations, for example), a user authentication system must be
continually maintained in order to:
- Set up access for new users
- Delete former users
At the same time, a user wants to be sure that sensitive data sent to a server, such as a credit card number, goes to the intended destination.
The process that ensures sensitive data goes only to the intended receiver is called server authentication.
The certificate authority creates keys by assigning each user or server a certificate that can be exchanged at the authority's certificate
server for a public key. The figure below illustrates user authentication by means of this key creation process.