The electronic commerce industry has a need to provide authentication of users before providing access to the processing capabilities of a computer or before performing electronic interactions while logged onto the computer. Prior to allowing access to computer resources, the computer needs to determine when a user which is attempting to gain access is an authorized user. Additionally, when transacting business over the Internet, authenticating the identity of a user is critically important when money and valuable data are transferred. Regardless of the activity, it is important to allow only authorized users to perform operations on a computer.
Prior to the availability of electronic tokens, typical systems used simple passwords to authenticate a user and to allow access to a computer. The password method of providing access control has been found to be inadequate when protecting business data having valuable data stored on the computer. Passwords of four to six characters in length can easily be discovered and improperly used. When passwords are sent over telephone lines, they may be intercepted and used for unauthorized purposes. Many businesses are currently using a one-time pass code which changes every few seconds to determine access to computer systems. For even greater security, a smart card has been proposed which contains certified account numbers which are difficult to counterfeit.
A smart card is a plastic card that holds electronic tokens (e.g., digital signatures, user identification and information, encryption and decryption keys, security tokens, biometrics information, etc.) which are read into a computer via a card reader. Smart cards typically contain large coded messages which are difficult to counterfeit. Currently, the electronic commerce industry is attempting to provide simple methods of promoting electronic commerce using smart cards. One problem with using smart cards is the difficulty in retrieving the electronic tokens from the cards without dedicating limited computer resources (e.g., input/output ports) to retrieving the electronic tokens.
Additionally, information describing users may be stored as electronic tokens on cards. An electronic token may be used in a procedure for granting access to a user of a computer system via an access control program. A computer system would grant access to the user when the user is identified as an authorized user of the system. A computer system would deny access to the user when the user fails to be identified as an authorized user of the system.
Thus, what is needed is a system and method providing an efficient way of receiving electronic tokens in computers systems for use in electronic commerce. Also, what is needed is a system and method of providing access control to a computer. What is also needed is a simple, cost effective system and method of using an existing interface port of a computer to receive electronic tokens in a computer.