I. Field of Invention
The invention generally relates to authentication systems and more particularly, authentication systems using a modifiable apparatus.
II. Description of the Related Art
Access to the Internet and use of electronic data systems have grown steadily among the general public. Electronic commerce has been eagerly embraced by both consumers and businesses due to the relative ease with which one party can purchase or sell to another party without the inherent complications involved with running a “bricks and mortar” establishment. For example, users may gain access to banks (online or by automatic teller machines (ATM)), a private network such as an intranet, a secure server or database, and/or other virtual private network (VPN) over a public communication network or infrastructure by digital authentication.
However, with the introduction of a system of communication wherein face-to-face contact is eliminated or greatly reduced, opportunities for fraudulent activity have increased. A stolen credit card in the hands of a wrong-doer can cause damage to the credit rating of the named credit card holder and cause damage for the credit card issuer who must absorb the loss resulting from unauthorized purchases. In a worst-case scenario, a wrong-doer may actually purloin a party's identity in order to exploit the credit-worthiness and financial accounts of that party. Such an activity leaves the wronged party in the untenable position of defending himself or herself against any criminal activity perpetrated in his or her name, denying activities conducted at the businesses of deceived creditors, or re-establishing a new identity with the authorities.
To prevent unauthorized access, various security schemes have been developed to verify user or entity identification such that only authorized entities are given access. One technique for user authentication and access control can be implemented by a access code generating device, such as a token. Generally, a user is provided with a token having a unique secure information. The token displays a unique access code that is periodically generated. Also, the access code may be registered and/or associated with the user in one or more network(s) to establish an identity. Typically, the access code is generated from an algorithm that is based on the secure information and the current time. The user is then required to input the currently displayed access code to gain access to the one or more network(s).
While a token as described above may prevent unauthorized access, it is simple with limited functions. Accordingly, in other tokens, different function(s) may be implemented. For example, another layer of security may be provided by implementing a user interface such that the user must enter a correct password or a personal identification number (PIN) to activate the token. However, if a user wishes to exchange and/or add different functions on a token, such as for example a user interface, the user must acquire a whole new token with the desired functions.
A new token generates a different access code that corresponds to secure information in the new token. Therefore, the access code must be re-registered and/or re-associated with the user in each of the one or more network(s). This can be cumbersome and create inconvenience to users, thereby discouraging users to upgrade and/or exchange a token. Accordingly, there is a need for a more efficient, more convenient and/or user friendly way to implement a device for authentication.