Generally, security systems employ an identity-based authentication scheme to verify the identity of a user before granting access to an access-controlled resource. One goal of such security systems is to accurately determine identity so that an unauthorized party cannot gain access. Security systems can use one or more of several factors, alone or in combination, to authenticate users. For example, identification systems can be based on something that the user knows, something the user is, or something that the user has.
Examples of something a user knows are a code word, password, personal identification number (“PIN”) and the like. One exemplary computer-based authentication method involves the communication of a secret that is specific to a particular user. The user seeking authentication transmits the secret or a value derived from the secret to a verifier, which authenticates the identity of the user. In a typical implementation, a user communicates both identifying information (e.g., a user name) and a secret (e.g., a password) to the verifier. The verifier typically possesses records that associate a secret with each user. If the verifier receives the appropriate secret for the user, the user is successfully authenticated. If the verifier does not receive the correct secret, the authentication fails.
Examples of something the user is include a distinct characteristic or attribute known as a biometric. It will be known by those skilled in the art that a biometric is a unique physical or behavioral characteristic or attribute that can be used to identify a person uniquely. Biometrics encompass a variety of techniques designed to accurately identify a person including fingerprinting, facial recognition, eye retina patterns, DNA sequences, voice and body movement recognition, handwriting and signature recognition. It will appreciated that some physical or behavioral characteristics or attributes are typically not under the control of the person, and are therefore difficult for anyone besides the intended person to present, because, in part, they are difficult to replicate. The verifier typically can observe these physical or behavioral characteristics or attributes and compare these to records that associate the characteristics or attributes with the user. The observation of these characteristics or attributes is referred to generally as biometric measurement.
An example of something a user possesses is a physical or digital object, referred to generally as a token, that is unique, or relatively unique, to the user. It will be appreciated that possession of a token such as a bank card having certain specific physical and electronic characteristics, for example containing a specific identification number that is revealed when the token is accessed in a particular manner, can be this type of factor. A token containing a computing device that performs encryption using an encryption key contained in the device would also be regarded as this type of factor. For example, a token could accept user input, which might include a PIN or a challenge value, and provide as output a result encrypted with a secret encryption key stored in the card. The verifier can then compare the output to an expected value in order to authenticate the user.
A token can also use input information, such as time, or a counter, for example, such that the result changes over time. These systems generally perform some computation using a stored secret as input to generate an authentication code that is used to authenticate the user. Some systems are time-based in that they use a time-based dynamic variable to calculate a non-predictable authentication code that ultimately authenticates the user. It will be appreciated that “non-predictable” used in this context means that the authentication code is not predictable by a party that does not know the associated secret, the algorithm for calculating the code, or both.
Although the dynamic nature of the authentication codes generated by such an approach avoids problems inherent with using fixed authentication codes, an unattended or stolen token remain vulnerable to attack. Would-be attackers who gain access to tokens can subject the tokens to sophisticated analysis intended to determine their methods of operation and/or the secret(s) stored within. Attackers might inspect the token and conduct such analysis in order to determine the associated secret, the algorithm for calculating the authentication code, or both. The attacker might then be able to generate apparently valid authentication codes in order to illegally gain physical or electronic access to secured areas or systems. Many tamper-resistant hardware designs are available, however, new attacks are frequently developed to thwart tamper resistance.
Therefore, there is a need for stronger authentication in view of these types of security threats.