Most online services and resources (e.g., Internet sites, network servers, appliances accessible through wireless techniques) use some form of user authentication to provide a secure link between the user and the site and to restrict access by unauthorized users. It is known, however, that there are certain limitations and vulnerabilities associated with the each of the security techniques currently in use.
The most common form of authentication is the entry of a user-chosen password when logging onto a computer, accessing resources on a local area network (LAN), communicating with a controlled appliance or connecting to an online service such as a store or bank via the Internet. This process is known to have security vulnerabilities because users choose easily-guessed passwords, reuse them for multiple accounts, change them infrequently, and are easily tricked into divulging them when prompted. The passwords are visible to others looking over the user's shoulders, and to a password-collecting virus residing on the user's personal computer (PC). Further, the operator of the online site has access to all the users' passwords, and if in fact the same password is employed by the user at multiple sites, which is generally the case, the site operator can access other sites, spoofing the user.
Another common form of authentication is a card with a magnetic stripe, protected by a 4-digit personal identification number (PIN), as commonly used in automatic teller machines (ATM). This security has been defeated by locating a phony ATM in a public place. The unknowing user enters the card and PIN number into an apparently legitimate automatic teller machine, but while dispensing money or appearing to perform the requested instruction, in fact the ATM reads enough information from the card to duplicate it and also captures the PIN associated with the card.
The smart card or smart ring is another authentication device that is gaining popularity. In one computer-based application, while accessing a stock trading service through a Web browser, for example, the user inserts the smart card into a reader mounted on the PC. When the user makes a trade, the smart card communicates with the service to authorize the trade. Unfortunately, this process is no more secure than the PC alone. If the PC is infected with a virus, the virus can change the user's keyboard commands before sending them to the stock trading service, and change the service's replies before displaying them on the screen. In this way, the smart card authorizes the transactions that the virus chooses, rather than the transactions that the user has initiated and secured with the smart card.
A more sophisticated smart card includes a small screen that displays a different pseudorandom number at a given frequency, once every minute, for instance. The user reads the number from the smart card and types it into the device to which access is desired. The number serves as a password, albeit one that is changed frequently, to the device. The password is based on the current date and time, and the device and the smart card are date/time synchronized. Further, both employ the same complex algorithm to calculate the pseudorandom number from the current date and time. The device therefore permits access if the correct number was entered. Other devices and smart cards require biometric matches to gain access, such as by way of a fingerprint or iris reader. If there is not a biometric match, the user cannot gain access to the device or service. However, even when a biometrics or pseudorandom number match is secured, the PC itself can present an insecure environment if an unknown virus resides on the PC. As discussed above with respect to the smart card, the virus can unknowingly alter the transaction.
Further, when a user purchases a smart card and an complementary PC, that alone does not allow the user to access existing online services. The software for each online service must be tailored for the specific smart card purchased. The typical smart card does not require a user-provided password, but the card carries on a conversation with an on-line service or resource according to the process embodied in the smart card by it's manufacturer. Thus a typical smart card cannot be used with any on-line resource. Instead, the operator of the on-line resource must incorporate a complementary process to allow users of the card to gain access to the resource. Today, most on-line resources or websites use passwords for access, but are not equipped to interface with smart cards for access control. By contrast, the teachings of the present invention provide additional access security using the existing infrastructure.
There is a need for an apparatus and method that can securely authenticate a user to existing online services, without requiring modifications to the current access process in use by those services, including especially the process for logging on to the site. Further the user should be able to conduct the transaction in a secure environment to ensure that transaction is in fact executed as desired.