The need for secure electronic transactions and access to remote services involving a user and a transaction system such as an Internet based shopping site, Internet banking or an automatic teller machine (ATM) at a bank, has increased dramatically during recent years. A major question relating to secure transactions is that of authentication of the user to the system. That is, how to identify a user as being the owner of, e.g., a bank account from which the user is to withdraw money from when using an ATM or Internet banking services.
A well-established method of authenticating users in such systems is that of providing the user with an electronically readable device containing information about the user and his account. Such cards are common and contain magnetically stored information. In order to allow the user to use his card in an ATM, the issuer (e.g. the bank) has provided the user with a secret code to be supplied to the ATM when using the card. The code is used to “unlock” the card for use by the user every time the user makes use of his card.
However, a drawback of such a method is that one and the same code is used every time a user authenticates with a system. This increases the risk of unauthorized use of the card if the user loses the card.
To this end, solutions have been developed using different codes from occasion to occasion, so called one time codes (OTCs). Such OTCs could be provided to the user by means of a sequence of codes to be used one time each, and perhaps in a pre-determined order. Alternatively, the OTCs could be generated by means of portable code-generating devices, in which a new code is generated each time it is used, based on personalizing information provided by the user, such as a personal PIN-code. Such devices are generally of two types. A first type is specifically developed gadgets with entering means such as a keyboard, a display, a processor for generating the code, etc. A second type relates to so called smart cards or integrated circuit card (ICC), i.e. cards provided with a chip. For example, the document WO 02/01325 of the same applicant discloses such an authentication system using OTCs.
However, a problem in using OTCs is the problem of synchronizing the code generation/selection process at the user side and in the authentication manager, respectively. In case the processes are unsynchronized, the user will not be authenticated and authorized to access the required services or the like, even though a correct OTC was entered. Synchronization could be achieved by keeping and updating synchronization data, such as a sequence number, a time value or the like, in the same way at both user side and the authentication manager side. However, the synchronization data could easily become unsynchronized, for example due to manual errors, failed authentication attempts, different clock rates, etc.
Attempts have been made in the past to alleviate this problem. For example, several acceptable OTC could be generated or selected at the authentication manager, e.g. corresponding to a sequence of synchronization data. However, hereby the security level decreases, and the problem is only partly solved, since the sequence, or window, of acceptable OTCs may still not be enough to handle the occurred unsynchronization.
Another known solutions attempts to restore the synchronization. However, these known solutions are generally very cumbersome and tedious for the user, and may also imply a security hazard.