Numerous enterprises offer Internet, Intranet and Extranet services which require the user to authenticate him or herself to conduct a transaction, such as accessing a personal bank account, purchasing goods or services or accessing information which may have limited access for any number of reasons. Such transactions are often conducted over the World Wide Web.
Accomplishing transactions of this type using a mobile telephone (as defined below) is difficult. Many suppliers of such information wish to allow access to such World Wide Web access directly or via the Wireless Application Protocol (WAP), but limitations, among other things, of keyboards associated with mobile telephones pose obstacles to the user.
Although user-specific information, such as Caller ID, normally is sent with a call request from a telephone (including from a mobile telephone), no such unique identifier is sent with most standard WAP or web requests from mobile devices. Thus while a person receiving a phone call can typically use caller ID to determine from which telephone the call originates, a WAP or web server typically lacks data identifying specifically the mobile telephone or other device accessing its services.
As a result, existing methods to offer secure web sites normally includes more or less complex processes for the user to identify him or herself, for example by requiring an ID card of the user at a bank, or having the user send a signature as a response to a certified or registered mail letter before a first use, and then requiring use of a combination of a logon name or account number for identification and a password or PIN code for verification. In fact, account numbers or user names and PIN codes have become so frequent that users no longer are able to remember all their different identities and passwords. As a result, users often have to write down their different user names and password in a “secure” location, thus compromising security, or simply do not use the service.
Other methods include voice identification for identification and/or verification, or other types of biometric data readers, such as fingerprint.
Other methods include attaching special devices to the terminals to read credit cards or other user cards, maybe combined with a PIN code.
However, users find such known methods cumbersome and time consuming, particularly in the context of mobile telephones, since the small space allocated to the keyboard makes the entry of long strings difficult, particularly in response to dialogs in which the user is prompted to supply a series of responses that give passwords and user identifications, for example. Furthermore, in a mobile setting, the user may not have access to his or her “secure” storage of user names and password.
It is an object of the invention to provide method for user authentication and a related system in which a user may conduct a transaction whereby a user may conduct a transaction in a less cumbersome and less time consuming manner.
It is a further object of some embodiments of the invention to provide a method which can be used in a system incorporating a mobile setting in which a user may be authenticated in order to allow the user to perform a transaction.