The present invention relates generally to the access of information. More specifically, the present invention relates to the authentication and verification of a user requesting access to protected information.
Protection of information has become a larger issue as technology continues to expand. More and more individuals are finding ways of accessing corporate, individual or government protected information, which may be vital to their operations. This is particularly true in the case of credit card and computer fraud. Credit card fraud results in the loss of tens of millions of dollars to credit card companies. The losses occur at the hands of individuals who have stolen a cardholder's credit card, or individuals who have access to the cardholder's credit card number, and possibly his/her Personal Identification Number (PIN). With this information identity, thieves are able to purchase goods and services over the Internet, in stores, and over the phone without the threat of being caught.
Most of the credit cards have as a protection against such use by an unauthorized individual, a signature line on the back of the credit card. When the credit card is presented to a merchant, the merchant is supposed to then compare the signature of the purchaser with the signature on the back of the card. Some credit cards also have a small picture of the user on the front of the card to protect against unauthorized use. Some credit cards now include a multi-digit number on the back of the card that is requested when making a purchase; either in person, over the phone or over the Internet. Unfortunately, these methods are not at all fail proof. Merchants frequently fail to compare the signatures on the card with that of the purchaser, thereby allowing unauthorized uses to occur. In some cases, such as airport parking facilities, a signature isn't even required.
With the widespread use of debit cards, merchants have installed systems at the registers, wherein the purchaser no longer has to present a credit/debit card to the store clerk. The transaction is completed by the purchaser alone, either using a PIN for the debit card or simply signing electronically on a touch pad. Accordingly, the protections that were originally implemented to protect against unauthorized use, have now become moot.
Increasingly people, companies, and government agencies are conducting their business and communications on computer networks. Inadequate security and authentication practices expose these entities to anything from harassment and malicious use of private information to an array of criminal actions including theft and fraud. For their own protection, individuals are required to remember multiple log-ins, names, and passwords, and companies spend as much as $300 to $400/user/month administering password systems. In fact, the more security, the more the hassle for all parties, and the more the expense for the enterprise. There is a clear need for a strong, portable, cost-effective, and secure way to authenticate users and protect information.
Although 3-Factor authentication (what the user knows, what the user has, and who the user is) is considered the strongest, or most secure, form of ID authentication, it has not been widely accepted or implemented for many reasons including:                Special biometric readers required at the point-of-transaction and/or inconvenient user devices        Complex and expensive deployments        High maintenance costs        Necessity to create and maintain a database of user biometrics        Concerns regarding individual privacy        
In the absence of reasonable 3-Factor solutions, enterprises and applications requiring strong authentication have mostly employed 2-Factor solutions. However, since these solutions rarely include a biometric as one of the factors, the actual person behind a pass code or smart card can never be actually authenticated. This presents another set of common problems including:                Sharing passwords with unauthorized individuals        Stolen passwords and user devices        Unfamiliar, inconvenient, and application-specific user devices        Identity Theft        Repudiation of transactions        
Accordingly, there exists a need for an improved system and method for authenticating user access to protected information.