The second level of security, Challenge-Handshake Authentication Protocol (CHAP), periodically verifies the identity of the peer--the other end of the point-to-point link. A challenge message is sent to the peer by the authenticator--the system starting the link or challenge. The response is checked against a "secret" not sent over the link, and if the values match, authentication is acknowledged. Otherwise, the link is terminated. The process of adding PPP security is described in "Editing asppp.cf for PAP/CHAP Security".