In Information security, the authentication of a remote user to an authentication system is judged by factors of, “what you know”, what you have” and “what you are”. The “what you know” factor refers to a PIN or a password that a person knows. The “what you have” factor refers to a security card or token in the personal possession of a person and “what you are” factor refers to a biometrics measurement of a person such as a fingerprint or retina print.
According to the information security industry guidelines, using only one of these factors of authentication is considered a weak form of authentication and using any two factors is considered a strong form of authentication.
The most common form of two-factor authentication uses a password and a security token. Many companies make security cards or tokens, such as RSA Data Security and others in different form factors. The use of a biometric factor of “what you are” requires a separate biometric sensor and for reasons related to cost and logistics is rarely used.
The implementation of these three factors of remote user authentication burdens the remote user and the authentication system as these factors are complicated to use for the remote user and costly to use and deploy for the authentication system. In light of the above, it is an objective of the present invention to have better apparatus and methods that enable use of multi-factor remote user authentication.