(PLS, WAIS, Fulcrum)
Initial authentication is controlled by the server in the form of a user login ID and a password and further authentication at the level of the database group, restricting users to certain database groups, depending on authorization. Public key encryption can be used to encrypt documents and/or authentications. One of the popular public key encryption mechanism uses the fact that it is difficult to factorize large numbers into prime number factors. If A wants to receive information from B, he sends to B a public key which is the product of two prime numbers. B sends back a message encrypted with an algorithm that uses the key. Only A can decrypt the message because the decryption algorithm requires to know the prime factors of the key. Kerberos is an authentication system designed by MIT for use on the Internet which offers centralized key management for database holdings.
See also ``client / server''.