Electronic commerce depends upon the secure and correct authentication of the end user. The advent of widespread, successful attacks on simple user credentials (user id and password) compromises the ability of users to perform electronic transactions. Attacks expose users to significant risk of financial loss, identity theft and/or other inconvenience. Attacks such as desktop viruses, key loggers, man-in-the-middle environments, phishing, and pharming all conspire to compromise a user's identity, often without the user becoming aware of the problem.
The threat of attacks contributes to an increased service provider cost of doing business. Service providers must expend resources to defend against attacks, to compensate attacked users, and to reassure users that electronic commerce remains safe. Ultimately, the failure to provide mechanisms that allow users to successfully and securely authenticate will erode user confidence in electronic transactions and will threaten the electronic channels as a viable means of commerce.
Authentication via electronic channels frequently involves the presentation of both identity data and shared secret data. The shared secret data, known only to the user and the service provider, establishes the user identity with a degree of confidence. This form of authentication is vulnerable to attack by interception. If the attacker acquires both the identity data and the shared secret, the attacker then becomes indistinguishable from the legitimate party in the view of the service provider. Attackers intercept exchanged data by compromising an endpoint of the electronic channel.
Many service providers enhance this basic data exchange by incorporating a mechanism that changes the secret data over time in an unpredictable fashion. Thus even the capture of the secret only compromises the user until the next change. Unfortunately, mechanisms that change the secret increase service provider costs and potentially inconvenience the user. For instance, the user may forget whatever device provides the changing secret. In this case the service provider must provide not only the time-change augmented authentication, but also an alternative authentication process that allows the user to bypass time-change authentication if the user forgets the device. This may require additional authentication steps by the user or impose restrictions on user access.