The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
The client-server model is the dominant computer network model for most large-scale computer networks including the World Wide Web and forms the basis for most electronic commerce systems presently in use. Computers in the network are either clients or servers, where a server is selectively shares its resources and a client initiates contact with a server in order to use the resource. Such resources typically include application programs, data, printers, storage devices, input/output devices, and the like. In the Internet environment, clients and servers exchange messages according to a request-response messaging exchange in which the client sends a request, and the server returns a response in accordance with a defined communications protocol that operates in the application layer of the TCP/IP (Transmission Control Protocol/Internet Protocol) model.
Servers can represent a wide class of devices that provide access to a diverse array of resources, such as web portals, hosted applications, data repositories, application servers, electronic commerce sites, search engines, and so on. Servers provide access to these resources in response to requests initiated by clients, and often require some sort of authentication before allowing a client to access or use the requested resource in order to prevent unauthorized or unlimited use of a resource and to protect the security of the resource and the network. Such authorization is typically based on a login or sign-in process that requires the client user to provide credentials or otherwise verify their right to obtain access to the resource or restricted area. The login process thus allows the server to control access to the resource by identifying and authenticating the user through the credentials presented by the user. In general, a credential is an object that is verified when presented to the verifier in an authentication transaction. Credentials may be bound in some way to the individual to whom they were issued, such as for identification, or they may be bearer credentials, which may be acceptable for general authorization.
A common form of credential authentication is the familiar use of passwords to authenticate a user logging in under an established login name. Passwords, however, are vulnerable to several security breaching techniques. Passwords can be hacked, guessed, or obtained through fraudulent means, such as phishing techniques, and the like. Another disadvantage of passwords is that they can be easily forgotten by the user. This is especially the case with the proliferation of web sites, applications, and other network resources that all require password login. The sheer number of different passwords that might be needed by a user during the course of daily transactions can be overwhelming. This often leads to users employing the same or only a couple of different passwords for all of the different applications and sites, or recording the passwords in a way that may expose them to discovery by others, both of which can be dangerous practices.
The vulnerability of password-based protection schemes has led to the rise of multi-factor authentication methods that incorporate or combine alternative proofs of identity, such as biometric methods (e.g., fingerprints) or possession based methods (e.g., security tokens). While effective, such methods can add considerable cost and complexity to applications and are not generally available or utilized for typical consumer-oriented software applications.
What is needed, therefore, is a comprehensive password and identity management system that provides a simple and centralized method of user authentication and login for a wide variety of applications and networks and that utilizes an authentication device that is readily available for most users.