Electronic communications have become ingrained with the way companies and individuals transact, communicate, and otherwise handle much of their day-to-day activities and functions. For example, cell phones have become integral to the way by which people communicate. Furthermore, with the proliferation of networks and the Internet, all types of digital data is being transmitted electronically. Much of the data being transmitted either wirelessly, over a network, or via the Internet contains sensitive information. For example, an e-commerce transaction virtually always entails the transmission of confidential personal data. It is now commonplace to conduct banking, brokerage, as well as other types of financial transactions electronically between individuals and those businesses offering such services. And with the proliferation of mobile communications devices, such as notebook computers, laptops, personal digital assistants, specialized hand-held communications tools, tablets, terminals, and all sorts of Internet-enabled appliances, the amount data containing information of a confidential, personal, or otherwise sensitive nature that is being transmitted electronically is rapidly increasing.
Due to the sensitive and highly confidential nature of many electronic transactions, these transmissions need to be safeguarded. One way of protecting the data is to encrypt the data being sent. However, encrypting sensitive data merely serves to protect the data from being intercepted and compromised. Encryption does not address the problem of authenticating the user or sender. For instance, if an individual wishes to purchase stocks, the on-line brokerage must verify that the person placing the order is actually an authorized client. There must be some mechanism to verify and ensure that the sender is actually whom they are purportedly representing themselves to be. Otherwise, unauthorized third parties can masquerade as the true user and cause great harm. These unauthorized parties can gain access to restricted data (e.g., bank account numbers, credit card numbers, personal logs, proprietary documents, e-mail accounts, etc.).
One way to verify the identity of an individual entails the use of passwords. In theory, a password is assigned to an individual or selected by that individual. This password is unique and known only by that person. The person must enter his or her password in order to prove that they are indeed the person whom is purportedly being represented. The service or business verifies the password to authenticate that the received electronic transmission is indeed legitimate.
Unfortunately, passwords suffer from several major problems. First, a person may forget his or her password. Often, a person must remember several different passwords, one for each different service or subscription. This makes it even harder for people to remember the correct passwords. In order to more easily remember their passwords, individuals frequently choose passwords which may have some relevance (e.g., names, birthdays, commonly used words, etc.). Consequently, many passwords are easily broken, which defeats the purpose of implementing passwords in the first place. Furthermore, people may share their passwords with colleagues, friends, spouses, associates, etc. In turn, these individuals might innocently or maliciously disclose the password to others. In any case, a password can rapidly lose its efficacy.
Furthermore, individuals are often required to enter their passwords in order for them to be granted access. This can be inconvenient, especially if the user is prompted to enter their password quite frequently. Otherwise, if a user is only required to log in once, they may subsequently forget to log out or may temporarily step away. The open session then becomes highly susceptible to being misused.
In light of the shortcomings associated with passwords, some manufacturers have resorted to encoding their products with unique ID's or other identification mechanisms. A specific product has an identifier which is hardwired or permanently assigned to that particular product. Basically, the product automatically authenticates itself with the ID when prompted. This removes the responsibility of the user from having to remember and enter in a password. As such, it eliminates some of the problems associated with passwords. Unfortunately, products may be lost, stolen, hijacked, or temporarily misappropriated. In which case, anyone in possession of the product can masquerade as the legitimate owner, and the data or service becomes severely compromised, sometimes without the true owner even becoming aware of the security breach.
Therefore, there are numerous disadvantages and risks associated with prior art mechanisms and methods for authenticating electronic transmissions used to access remote services.