The present invention relates to a providing a user access to a computer system comprising a plurality of services and a plurality of authentication levels.
Networked computer systems offering a multitude of services to authorized users are commonplace. Indeed, society is shifting towards an electronic way of life, in which many daily tasks are performed over such networks. An unwanted consequence of this shift in paradigm is that criminal activity is also evolving in the electronic realm. Cybercrime including identity theft is a serious problem, which results in several billions of dollar losses per annum, e.g. because a criminal has assumed the identity of someone else on such a network. This is particularly relevant to financial services, e.g. on-line banking, as well as to on-line shopping services such as Amazon, where user credit card details are stored under a user profile. Other relevant examples will be apparent to the skilled person.
To counteract such malicious behavior, a user of such a computer system typically has to go through an authentication process to gain access to the computer system, e.g., by providing a username and password. Although this reduces the risk of identity fraud, i.e. an imposter gaining access to the account of the user, such authentication may not be sufficient to prevent such identity fraud altogether.
For instance, there is an increasing trend to perform electronic transactions using many different service providers. To access these can require many different user identities and authentication methods to be remembered. Solutions to overcome this requirement to remember many different user identities have been proposed in the form of distributed authentication providers which enable the storage of many identities associated with a single user on an authentication provider apparatus or server.
Furthermore identity fraud can occur after a device is stolen following its owner is using a service that required authentication, the thief has immediate access to this service without it being protected by the authentication process. Even if the user is not yet authenticated, the mobile device may store at least some of the authentication data in auto complete functions, which may aid the criminal in accessing the service of interest. The same problem can occur if a user is forced by a criminal to access the service of interest or when the user accessed the service through a public access device such as a computer in an Internet cafe, and did not properly terminate his session before leaving the computer.
Part of this problem can be addressed by the use of several layers of authentication for critical services, but this can cause further friction with the end user as the end user typically has to memorize several complex passwords associated with the same identity, which often leads to forgotten authentication details, causing frustration for the end user and increasing cost for the service provider in terms of the provision of call centers and help desks that can assist the end user in regaining access to the requested services.