TCB is required to perform [[TCB - Trusted Computing Base#Complete mediation|complete mediation]] whenever an application accesses physical memory. [[Reference Monitor]] checks access to protected resource R. In this context, authentication basically answers the question, "Who is making this request?". It is a user convincing the TCB that they are who they claims to be during the login process. - Alice **makes a claim**, **provides evidence**, which is **verified by system** - All processes have a **user ID (UID)**, on behalf of which the requests are made - How do we know that we are actually talking to the trusted computing base, and not somebody else's trojan asking for our login information? There is something called the **trusted path** that makes sure we are actually talking to the TCB.