In our modern society, protection of information systems from unauthorized access to the system as a whole as well as to its individual components its applications and devices is getting to be more and more important. In most user authentication systems, a one-step user authentication is implemented in order to gain access to a computer, which would normally let the user to enter his/her login and a password, or a PIN code. However, for more important tasks where safety provided by the one-step authentication may be insufficient, an additional second level of authentication can be used. Such a second level can be a certain physical device owned by the user, which confirms the user's identity, such as a token or smartcard.
These devices are currently widely used in banking, and also as a way of getting remote access to internal resources of a company or an enterprise. If used correctly, such two-level authentication systems can dramatically hinder a criminal's access to a personal computer (PC) or to a company PC of the authorized user. The token should only be connected to a PC while the user is working on it. If the user leaves his workplace, he must take the token with him or at least block it. However, such rules are often neglected by users. Therefore, this technology will always have a human liability factor. For example, if the user left his workplace forgetting to take his token or his smartcard with him, a criminal may gain access to his PC. Sometimes it only takes a minute of absence for the criminal to be able to perform an unauthorized action on the user's PC, such as getting a physical or remote access to the user's PC, or installing harmful software, which would perform forbidden actions on the PC.
Situations frequently arise when multiple tokens with varying access rights to the system and to the applications and devices are connected to one PC. In a situation like that, besides a possible access by a criminal, possible unauthorized actions can be performed by authorized token users as well. For example, two tokens are connected to a PC, with one belonging to a bank accountant and another to the chief accountant. In order to activate the bank-client system components unrelated to money transactions, it is necessary to activate, i.e. to connect and enter the correct password, of the bank accountant's token. However, in order to start the bank communication application to gain permission to internet connection for payment transfers, the bank comptroller's activated token is required also. In the event that the bank comptroller stepped away from the PC forgetting to block his token or to take it with him, the accountant n unintentionally or intentionally start the bank communication application, perform money transfer transactions or perform any other action which he was not authorized to do. Such situations are rather frequent. Hence, the human factor appears to be a critical liability of the use of the two-level authentication. Notably, many kinds of tampering with client-bank systems is done exactly along the above mentioned pattern, where a user will step away from his workplace forgetting to either take his token with him or to block it.
However, one of the major problems with existing systems and methods remains the lack of full control over protected resources. Existing technologies do not avail themselves to a certain number of active tokens or transponders in order to give various access rights to different types of protected resources, such as computer devices, applications and data, as well as to permit such devices and applications to perform various actions and gain access to certain protected resources of an operating system, personal user data, cookie files, user's activity logs, or other types of protected resources. Accordingly, there is a need for a new methodology for performing multi-level authentication of users in order to prevent unauthorized access of a user or a group of users to a protected computer resource.