Skip to content
SynAc
Term

Authentication

Authentication is the process of verifying the identity of a user, device, or system before granting access.

Senses

Identity verification

Authentication verifies who or what is requesting access. It is typically performed using one or more factors (something you know, have, or are), and is distinct from authorization (what you are allowed to do).

References
  • NIST CSRC GlossaryJan 03, 2026
    NIST CSRC Glossary — Authentication
    https://csrc.nist.gov/glossary/term/authentication
    NIST states most site information is public information and may be distributed or copied, except material marked as copyrighted; attribution requested. Verify per-document markings before quoting.
    Source: NIST CSRC Glossary (csrc.nist.gov).
Sense 2

The process of verifying the identity or other attributes of an entity (user, process, or device).

Also the process of verifying the source and integrity of data.

References
  • NICCS (CISA) Cybersecurity VocabularyJan 06, 2026
    NICCS glossary export (CSV)
    https://niccs.cisa.gov/rest/vocab/export-csv
    NICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.
    Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).
(I)

The process of verifying a claim that a system entity or system resource has a certain attribute value. (See: attribute, authenticate, authentication exchange, authentication information, credential, data origin authentication, peer entity authentication, "relationship between data integrity service and authentication services" under "data integrity service", simple authentication, strong authentication, verification, X.509.)

Tutorial: Security services frequently depend on authentication of the identity of users, but authentication may involve any type of attribute that is recognized by a system. A claim may be made by a subject about itself (e.g., at login, a user typically asserts its identity) or a claim may be made on behalf of a subject or object by some other system entity (e.g., a user may claim that a data object originates from a specific source, or that a data object is classified at a specific security level).

An authentication process consists of two basic steps:

  • Identification step: Presenting the claimed attribute value (e.g., a user identifier) to the authentication subsystem.
  • Verification step: Presenting or generating authentication information (e.g., a value signed with a private key) that acts as evidence to prove the binding between the attribute and that for which it is claimed. (See: verification.)
References
  • IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
    RFC 4949 — Internet Security Glossary (Version 2)
    https://www.rfc-editor.org/rfc/rfc4949.txt
    RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
    Source: IETF RFC 4949 (rfc-editor.org).