Client authentication is the term used to describe how you (the client) prove your identity to somone else or to a computer. For example, online banks need to make sure you are the correct customer for a given bank account. To prove your identity in person at the bank, you usually present your driver's license or passport. When online, your software application presents your Digital ID to prove your identity. Some Web sites might request that you present your ID before letting you view Web pages that are hidden from others. For example, while you have access to your online stock account information, that information is hidden from others who also use the service.

Client authentication is accomplished with these steps:

1. Internet Explorer requests a connection with a Web site. Basically, you browse a Web site that needs your Digital ID before it can send you information.
2. The Web site requests your Digital ID.
3. Internet Explorer automatically signs but does not encrypt your Digital ID and then sends it to the Web site. This signing process creates a unique message digest. See the Understanding IDs section of the online help for more information on message digests.
4. The Web site uses your public key, which is included in the Digital ID, to verify that it matches the key used to sign the Digital ID. It does this by comparing the message digest that was sent with your Digital ID to one it creates using your Digital ID. This process simply verifies that your Digital ID was not changed from the time you sent it to the time the Web stie received it.
5. Next, the Web site attempts to match the certificate authority (CA) to a trusted certificate authority. If your CA is not trusted by the Web site, the site sends you a message, such as "The server cannot verify your certificate." If your CA is trusted, then you receive the information from the Web site.
   When the Web site looks at your Digital ID, the acceptance can be based on the CA who issued the ID. For example, a CA verifies your identity before issuing you a Digital ID. Then, any other organizations that trust your CA will accept your Digital ID as valid. A good example of this is trusting a driver's license instead of a student ID. People trust the government to issue driver's licenses to people, so they will accept that form of ID. However, they might not trust the school that issues an ID card. In a similar fashion, a business might trust one CA but not another.