Service Provider Authentication Assurance

The concept of authentication assurance traditionally refers to the robustness of methods and mechanisms for user authentication, including the robustness of initial registration and provisioning of user credentials, as well as the robustness of mechanisms that enforce user authentication during operation. However, the user is not the only party that needs to be authenticated to ensure security of online transactions. In fact, online service provision always involves two parties, typically the user on the client side and the service provider on the server side, so that mutual authentication between the two sides is required. In contrast to the unilateral focus on user authentication by industry and academia, it is in fact equally important for the user to correctly authenticate the service provider.