Thanks to world wide network (Internet), today a common user has access to a great number of providers suggesting different services such as e-banking, e-commerce, e-booking, or any other electronic services. Service providers can be merchants, organizations or any other entities. Depending on the nature and the importance of certain data exchanged between a service provider and a user (also called subscriber), the latter has to identify himself to the provider by providing a specific so-called “user login” (or “user ID”) and the related password.
As the number of login and passwords to remember is so lame, most users either use the same password everywhere or they write them on a paper in order to be sure to retrieve them later. These ways of doing do not allow meeting the initial security goals sought by such authentication which can then be compromised. Moreover, to reach a good security level, passwords should be changed, each according to different periods of time or other rules, for preventing users to use the same passwords during a long time period or for several applications.
As example, within the field of e-banking, it is known that the user has to login to his account by means of an access card and a card reader which is independent to the personal computer through which the data can be exchanged between the user and the service provider. To this end, the user has to insert the access card into the card reader and enter his PIN code using the keypad on the card reader. Then, he enters his user ID (user login) in the login window on his computer screen. He receives a number, from the service provider, which be entered on the card reader. In reply, a one-time password appears on the screen of the card reader. The user has to enter this password in the password field on his computer, if all data entered both in the card reader and in the computer are correct, then the user is successfully authenticated and he gets access to the service of the provider, for instance for performing banking transactions or for consulting his bank accounts.
However, such a system provides access to one service only. Each service provider needs its own access card which requires a specific card reader. Moreover, card readers cannot be shared with the access cards of other service providers. Thus, the user wanting to have access to services provided by several providers must have, for each service provider, an access card and the related access card reader. This way is on the one hand not convenient for the user and on the other hand not rational from both an economical and ecological point of view.
Therefore, there is a need for improving the management of user identifiers and passwords required for authentication processes, between a user and a plurality of service providers to which this user is registered, by means of an authentication device such as an access card.