Transactions such as electronic funds transfer, online banking, e-procurement of goods and services and transactions providing access to sensitive data through privileged accounts are considered to be sensitive in nature. Such transactions are considered sensitive because they constitute utilization of sensitive data such as the account number, personal identification number (PIN) in case of electronic funds transfer and username and confidential password in case of electronic data access. Similarly, service providers who provide the implementation of aforementioned transaction and manage the transaction via at least their application servers are referred to as providers of sensitive services.
Banking and financial institutions (BFIs) are one of the examples of providers of sensitive services. BFIs provide clients with several financial services including money transfer, online banking, e-commerce and the like. Typically, the transactions performed by the clients with the applications servers associated with the BFIs involve exchange of sensitive client related information including but not restricted to client's bank account number, password and personal identification number. Therefore, it becomes necessary for service providers to confirm the identity of the users prior to enabling them access the relevant services.
In today's scenario, it is quite common for a particular user/client to use, for example, online banking to conduct banking transactions. The online banking facility provides the user with a quick and easy method of conducting monetary transactions without visiting the bank. However since these transactions are to be conducted through client's device, typically a personal computer or mobile phone, there is a need to ensure that such transactions remain secured and hacker resistant.
Some of the available authentication mechanisms include:                magnetic card readers which read the details corresponding to a card and subsequently authenticate the user based on the details associated with the card;        verifying Personal Identification Number (PIN)—a secret PIN is provided to the user which is required to be keyed in by the user every time a transaction is performed;        challenge questions & response—challenge questions which typically relate to personal information of a user are provided to the user. The user is authenticated and his/her identity is established based on the answers (responses) provided by the user; and        biometric authentication—the user is authenticated based on unique physical traits, including but not restricted to image of iris, fingerprints and image of retina.        
The aforementioned authentication mechanisms succeed in determining whether the user has the necessary credentials and whether the user is indeed a human being or a computer machine impersonating a human user. But, the aforementioned mechanisms fail to identify whether the user is indeed the genuine user and the location of the user.
It is necessary for BFIs to collect non-refutable information and incorporate an authentication system which is secure, foolproof and difficult to manipulate. Thus there was a need for an authentication system, which is secure and foolproof and difficult to manipulate or in other words hack resistant. Also, the system needs to offer secured Authorization based on the clients Authentication credentials.