I have seen many authentication schemes, whose title is "Anonymous authentication scheme". What is the actual meaning of anonymous in terms of security?
Thanks, but I am unable to understand what do you want to say. Could you give more clarification? What do you mean by the personalized content of the user?
The abstract of the article at http://www.earticle.net/Article.aspx?sn=215902 provides a good definition with "an anonymous authentication scheme which ensures user unlinkability. It is impossible for attackers to know particular sessions, that have already occurred several times, are originated from one same user.".
Thanks Pal sir, but the above suggested link is not working
https://security.stackexchange.com/.../is-the-concept-of-authenticated-anonymity-poss...Jan.
You can use the URI https://pdfs.semanticscholar.org/eb4a/97d3b7de8b0660cd5c1977b0d017730aa20c.pdf rather than http://www.earticle.net/Article.aspx?sn=215902
Anonymous authentication means that users are authenticated without being identified. For instance, if access to a resource requires that you have to be of age, one can authenticate by only proving that one is of age without providing name or address. Likewise, entering a museum, one can show that one has purchased a ticket without revealing any identity-related information.
Outside academia (and engineers/architects with deep knowledge of information security), the word 'authentication' is commonly used to be a synonym of 'identification'. However identification is quite a different concept from authentication.
Identification is concerned with verifying the level of confidence in the claimed identity of a person (or electronic object) in the real world. Higher levels of identity can only be achieved through face-to-face verification processes. Use of cryptography is not essential for reliable identification. A useful summary of identity verification processes (including cross-references to ISO standards etc) is available at:
https://www.ncsc.gov.uk/content/files/guidance_files/GPG 45 - validating and Verifying the identity of an individual - issue 2.4 - NCSC Web.pdf
Authentication is concerned with re-confirming the integrity of evidence which has already been obtained. Unlike identification, which depends on verification of real-world evidence, authentication can be reliably performed electronically (without further real-world evidence checks) provided a robust cryptographic protocol is used and if any 'credentials' (e.g. passwords, physical tokens) used are adequately protected.
If an identity has been established, authentication can re-confirm the identity. However if an identity has not been established, then authentication can be used to re-confirm the integrity of an operation other than an identification operation.
For example the operation which could be the subject of authentication could be 'first electronic association between a particular web browser and a particular web server'.
This is what the Secure Quick Reliable Logon (SQRL) protocol achieves:
https://www.grc.com/sqrl/sqrl.htm
Trusting that this explains how authentication can be performed without identification.
Finally note that while it is possible to perform authentication with identification, it is very difficult to achieve true 'anonymity' (even when performing authentication without identification). This is because it is so easy to obtain information which can track and identify users. Some useful resources for understanding more about the difficulties of achieving anonymity on the internet are:
https://panopticlick.eff.org/
https://en.wikipedia.org/wiki/Device_fingerprint
https://inteltechniques.com/podcast.html
https://epic.org/privacy/reidentification/
https://gdpr-info.eu/recitals/no-26/
There are 3 terms, identification, identity verification and authentication. Identification means performing Many to One kind of matching. If match is found, object is said to be identified or otherwise object doesn't belong to the known set of objects. Another term is identity verification that means performing One to One kind of matching. If match is found, claimed identity is said to be verified or otherwise the claim will be rejected. Now Authentication is something that is related to access control. It means checking whether one is authorized to perform a particular task or not. It may or may not be anonymous. Like using biometrics it is not anonymous however using a secret phrase is completely anonymous.