Methods for identification of one party to another party that are communicating via electronic media are widely used. Examples of applications where identification of the user is needed are withdrawing from an ATM, controlling a remote computer over the internet, using an internet banking system, performing a payment transaction when webshopping, etc. Several well known principles exist within this field of technology.
Conventionally authentication has been performed via user name and password, offering a relatively low security. For a higher security the so called two factor authentication has been used, meaning that a combination of for example something the user knows and something the user has, such as a PIN and a bank card, are needed for authentication. An example of such an authentication is described in WO2006075917 where a security code represents both the user and the user device.
Although providing a method with a higher security than conventional methods, a problem with the method disclosed in WO2006075917 is that the entire code is created in the user device, by means of an algorithm which is based upon a user personal code, a user device ID and if necessary a service provider code, to be compared to a corresponding code at the service provider, meaning that the entire code exists in its complete form, and is stored in both the user device and the service provider, which reduces the security. Another problem with the method disclosed in WO2006075917 is that the code can be associated to a certain user.
Further, several of the conventional methods for identification are only adapted for remote communication between two parties, such as the method disclosed in WO0235487, which limits the range of use considerably.
Common problems of conventional methods for authentication are that they are often complicated to use and/or do not provide a high enough security level. Further, it is often possible to eavesdrop a communication within such a method to get information about for example codes and transactions. Yet another problem with the methods used today is that the predictability often is high.
There is therefore a need for more secure methods for authentication of a first party, e.g. a service user, to a second party, e.g. a service provider, communicating via electronic media. Further, there is a need for secure methods for authentication which are less complicated to use.