Technical Field
Embodiments of the present invention generally relate to authenticating a user and a consumer electronic device for purposes of communications needing security, such as purchases and financial transactions and, more particularly, to enhancing authentication of the device using methods of machine identification based on clock timing and network latency.
Related Art
Using online financial transactions, customers may search for and purchase products and services from merchants. For online shopping, transactions may be conducted through electronic communications with online merchants over electronic networks. A variety of electronic devices and various electronic techniques may be used to conduct such electronic transactions. Methods of initiating or making financial transactions from an electronic device include, for example, SMS (Short Message Service), radio frequency identification (RFID) or near field communication (NFC) at a point-of-sale (POS), and mobile Internet-based payments, by which customers search for and purchase products and services through electronic communications with online merchants over electronic networks such as the Internet.
When conducting secure communications, such as financial transactions, via any kind of consumer electronic device (CED), security is generally an issue in that the data transferred may typically include credit card and financial instrument information such as a user name, account number, a PIN, or a password, for example, that are susceptible to abuse such as theft or malicious attack. Thus, a central issue with consumer electronic devices—such as a personal computer (PC), a laptop, mobile phone, NFC enabled mobile device, for example, or other CEDs—is the need for authentication of the device and its user for secure communications. Authentication is a fundamentally difficult and important problem to solve. Authentication is based, first, on identification. Identification may be based on identifying materials that an entity presents to establish who an entity is (e.g., an identification (ID) card with a picture or other device for identifying the entity). In the case of a consumer electronic device, identification may be aided by various attributes of the device such as a unique subscriber identity module (SIM) card ID or international mobile equipment identity (IMEI) number embedded in the device, for example.
Such presenting of identifying materials to establish identity is usually called an “identity claim.” Subsequent to identification comes authentication. Authentication usually includes a process of proving whether the identity claim asserted by the identified entity is true or not. For comparison, identification may include the “presentation” of identification material, whereas authentication is the assertion—the act that happens—usually in the form of verification. For the ID card picture example, the authenticator may compare the ID card picture to the appearance of the person presenting the ID card, and if the appearance matches the picture to the authenticator's satisfaction, authentication may be granted and otherwise either not granted or alternative authentication required.