Data communications between a sender and a receiver via a network are common. Examples for such data communications include any kind of data exchange between computer devices/systems, electronic devices/systems, end user devices (e.g. telephones, pagers, radio/broadcast devices), etc., via computer networks (e.g. the Internet, local area networks, intranets), radio/broadcast/satellite networks, fixed/mobile telephone networks, etc., and/or combinations thereof.
Since such data communications are required to be secure, for example in data communications related to cellular phones, online banking, online trading, exchange of information in B2B and B2C business, etc., it is desired to verify the identity of data communicating parties. In particular, it is desired to verify, in a secure manner, the identity of a party contacting a different party via a network for data transmission, communication, and/or access purposes.
For an identification of a sender it is known to communicate a password associated to the sender via a network to a receiver. Examples for such passwords include PIN numbers, TAN numbers, code/passwords individually pre-defined for the sender, and the like. The password received by the receiver is verified by the receiver in order to determine the identity of the sender. In case the identity of the sender is successfully verified, data communications between the sender and the verifying receiver and/or a further receiver are permitted. For example, the sender is allowed to access data of a receiver, to transmit confidential/critical information, perform online banking/trading, etc. Also, the verification can be accomplished with a respect to a receiver, to allow for data communications from the receiver to a sender, and bi-directional communications between the sender and the receiver.
It is known that networks for such data communications or at least parts thereof are not secure, i.e. not authorized sender can access data being transmitted. Such an interception by a third party makes it possible to wiretap a process of an authentication (verification of identities) of data communicating parties (sender/receiver), to detect data (e.g. user name, password, etc.) used for a verification of at least one of the data communicating parties, and to re-use the intercepted identification data in order to identify themselves in an unauthorized manner as one of the data communicating parties. As a result, the un-authorized third party is enabled to e.g. access data, perform online banking/trading, etc. which the third party is not allowed to do.