Today's users have daily interaction with a plethora of information systems. One example is where users interact with personal information systems such as their personal social network accounts. Another example is where users interact with commercial information systems, such as a store's point of sale system by making a purchase, or with a cellular provider's billing system by placing a mobile call. Yet another example is where users interact with government information systems, such as in maintaining Social Security and tax records.
In many cases, the user greatly depends on the data in those information systems. When a user pays for an item, either online via an electronic marketplace, or offline in a bricks and mortar store in a point of sale system, the transaction should ensure that the credit/debit card used for payment corresponds to the user. Similarly, when a user registers with a government site and enters personal information the transaction should also should ensure that the identity of the person is authenticated. Specifically, authentication is the performing of tests to guarantee within a known degree of confidence that a user corresponds to a user identity when interacting with an information system.
Presently, authentication is performed by several common methods. Authentication is typically performed by verifying a user's indicia for that user's identity. The user's indicia are called credentials. A user's credentials may come in the form of a user proffering a known value, such as a password or personal identification number (“PIN”). A user's credentials may come in the form by a user proffering a token such as a proximity card, or a fingerprint or retina scan.
In general, authentication presently relies on credentials in the form of a user possessing a known value, or of a user physically holding a token. However identity theft can occur when known values based on memorization are hacked, or tokens are stolen or otherwise misappropriated. Furthermore, many information systems only authenticate users upon logging onto a system, and subsequently limit system requests to verify identity as not to constantly interrupt the user. Accordingly, there is an opportunity to improve security and prevent identity theft via identifying additional means of authentication.