The invention relates generally to accessing services from a service outlet. More specifically, it relates to authenticated and secure communication between a user and a service outlet associated with a service provider, for accessing services from the service outlet.
Typically, a service outlet facilitates multiple users to access services offered by a service provider. The service outlet acts as an interface between a user and the service provider, enabling the user to access the services without the need to directly communicate with the service provider. Examples of the services include, but are not limited to, online shopping, bank transactions, and online payments. Further, examples of the service outlet include, but are not limited to, Automated Teller Machines (ATM), music kiosks, and credit/debit card readers.
A service outlet allows a user to access the services if the user is registered with the service provider. The user can send his/her personal information to the service provider to seek registration, and in response, the user receives a set of registration information from the service provider. Examples of the personal information include, but are not limited to, name of the user, address of the user, age of the user, and public key of the user. Examples of the registration information include, but are not limited to, digital certificates and public keys of the service provider. Thereafter, the service outlet authenticates the user after ascertaining if the user is registered with the service provider.
After the user is authenticated by the service outlet, a communication channel is established between the service outlet and the user. The communication channel allows the user and the service outlet to exchange messages. The messages exchanged may include personal information of the user and the service outlet. The personal information of the user and the service outlet comprises public information and private information of the user and the service outlet. Examples of the private and public information of a user include, but are not limited to, age of the user, date of birth of the user, bank account number of the user, and name of the user, respectively. Examples of the personal information of the user include, but are not limited to, credit card number, Personal Identification Number (PIN), and account number. Examples of the personal information of the service outlet include, but are not limited to, public keys, digital signatures, and digital certificates. The personal information of the user and the service outlet is protected from intrusion by using a secure communication channel, to avoid misuse of the personal information.
Conventionally, before providing access to services of a service provider to a user, the user can be authenticated by a service outlet based on unique personal identifiers provided by the user. For example, a user, for authentication purpose, can provide his/her name, customer number, credit card number, social security number, and so forth. In some cases, the service outlet also requires a set of secret information for authentication, for example, pass codes or finger prints. Thereafter, a lookup is performed for the personal identifier and the set of secret information on a user registration database, which is stored on a central server. If the lookup is successful, a positive response is received to confirm authentication of the user.
Typically, service outlets that are provided with support system of Integrated Circuit Cards (ICCs) have a slot for inserting or swiping an ICC, which can also be used for authenticating a user. The ICC corresponding to the user contains registration information of the user. When the ICC is inserted or swiped through the slot, the registration information of the user is retrieved, and the user is authenticated based on the set of registration information.
Further, in accordance with another method for providing a user access to the services of a service provider, cryptographic techniques with challenge response procedures are used for secure information exchange between the user and a service outlet. According to this method, a message to be exchanged between a challenger and a respondent may include a challenge, included in the message by the challenger. Further, only the challenger is capable of checking the integrity of the response message received from the respondent.
Further, the challenge response procedures are used by a challenger to establish the authenticity of a respondent. According to the challenge response procedures, the challenger issues a challenge to the respondent. When the respondent receives the challenge, it generates a response using cryptographic techniques, and sends it to the challenger. The response is then verified by the challenger to establish authenticity of the respondent. In an embodiment, the service outlet acts as the challenger and the user acts as the respondent. Further, in some challenge response procedures that involve a service outlet and a user, an additional step is performed with the user as the challenger and the service outlet as the respondent, to establish mutual authentication between the service outlet and the user.
Mobile devices can also be used for authentication of a user before providing him/her access to the services of the service provider. Authentication information pertaining to a user is stored in a mobile device, and the service outlet uses this information to authenticate the user. Further, the user and the service outlet can mutually authenticate each other, based on the information stored in the mobile device and the service outlet.
However, conventional methods and systems such as looking up a user's personal identifiers in a user registration database saved in a central server, inserting an ICC in a slot of a service outlet, using cryptographic techniques, and using mobile devices for providing access to services have one or more of the following disadvantages.
Generally, authenticating a user by checking his/her personal identifiers in a user registration database by the service outlet leads to long transaction times. Further, the communication between the service outlet and the registration database depends on a communication channel between the service outlet and the central server which may create reliability issues in the system.
In addition, typically, service outlets do not enable users to authenticate the service outlets. Therefore, counterfeit service outlets or fake outlets may misguide a user by posing as an authentic service outlet, and obtain private information from the user.
In some methods, authentication by the service outlet is limited only to biometric mechanisms.
While using a mobile device for authentication, the service outlet uses a Personal Identification Entry (PIE) of the user and an identity of the mobile device. Use of the identity of the mobile device makes the authentication device-specific. Also, the mobile device associated with the user may not have any processing power restricting the use of the mobile device in public-key infrastructure-based authentication schemes.
In methods that use the mobile device associated with the user for mutual authentication with the service outlet, there is no provision for accessing services from the service outlet through the mobile device.
In light of the foregoing discussion, there is a need for a method and a system for facilitating a user to access services of a service provider through a service outlet by using a portable device, which allows the service outlet to authenticate the user based on the information stored in the service outlet. Further, there is a need for a method and a system for facilitating a user to access services from a service outlet using a portable device, which allows mutual authentication between the user and the service outlet. Also, there is a need for a method and a system for facilitating a user to access services from a service outlet using a mobile device that allows public-key infrastructure-based authentication. Further, there is a need for a method and a system for facilitating a user to access services from a service outlet by using any mobile device.