1. Field of the Invention
This invention relates to user authentication and more particularly relates to authenticating a user based on authentication credentials and location information.
2. Description of the Related Art
An individual interacts with many computer systems for various purposes on a daily basis. Such purposes may relate to employment, finances, entertainment, and communication to name a few. Due to the sensitive and personal nature of much of this information, many computer systems typically perform some method of authentication, or verification of the identity of the person attempting to access the system.
Typically, an authentication system will receive as input a user's “credentials.” These credentials may consist of a username and password, Personal Identification Number (PIN) number, social security number, and a bank account or debit card number. For a username and password system, the system will first verify that the username is represented in a database or other storage device and second, that the received password matches the password associated with the stored username.
Additionally, many financial transactions involving debit or bank cards require the user to not only swipe the card, but also enter a PIN number into a terminal at a grocery store or ATM. The rise in use of portable devices such as cell-phones and PDAs has increased the need for authentication as a cellular provider verifies a user's identity before allowing access to voicemail, instant messaging, or web-browsing from a portable device.
Another typical role of authentication is security systems. Many facilities are protected by electronic key systems which identify an entrant by a chip or a card. For example, an employee at an electronics manufacturer may use his key card to gain access to his office building, or a secured room inside the building.
Common systems use an authentication server which may perform the authentication for one or more computer systems. For example, one authentication server may perform the authentication for several e-commerce websites hosted in different locations. However, authentication may also be performed at a local level. For example, a user may need to enter a username and password to have access to the files and operating system of his personal computer.
Regardless of whether the authentication is performed at the local level or system level, the quality of an authentication system is its ability to ensure that the person attempting access to an account is the account's owner or rightful user.