Many types of interactions on computer systems, such as authenticated log-ins and other transaction-based processes, are insecure. For example, when attempting to log in to a website on a computer, the website may request a username and password. Anyone with that set of information—be it an authorized user or a nefarious one—may use the website for any purpose. To combat this insecurity, some transactions require multi-factor authentication—often referred to as “what you know and what you have.” For example, when logging into a website, the website may request a username/password combination (“what you know”) along with a six-digit number displayed on an electronic device (“what you have”). The six-digit number, also known as a time-based one-time password (TOTP), may change every 30 seconds so as to avoid reuse by an unauthorized user. As another example, a credit card may have information stored on it that can enable a credit card processor to know whether the card is physically present in the user's hands. For example, while the card may have a card number printed on the obverse (“what you know”) some information may only be present as part of an EMV chip (“what you have”). Certain devices may read information from the EMV chip for contactless authentication of the user. Some devices allow multi-factor authentication using a “what you know” factor and a “what you are,” e.g., a biometric such as face recognition, fingerprint verification, and/or iris scan.
Currently EMV protocol relies on two-way communication between the EMV chip of the transaction card and a payment terminal, for example, at a point-of-sale (POS). To complete a transaction, transaction information is sent to the transaction card from the payment terminal. The EMV chip receives the transaction information, digitally signs the information, and transmits the signed information back to the payment terminal for verification. However, many devices and/or operating systems do not support two-way communication and therefore cannot complete transactions with EMV-enabled transaction cards.
Due to these and other drawbacks associated with authentication using a two-way communication protocol, there exists a need for technology allowing secure, read-only authentication.