Secure electronic communication is important for many types of application. The operator of a remote server may agree at least one unique credential with a user, which the user then uses to provide inputs to an application operating on a local electronic device. These can then be used to authenticate and register the user and the application with the remote server, thereby confirming that the user's identity. This registration then allows them to use the application for further secure communication with the server, so that the server can provide a secure service, such as banking. The registration process captures information about the user, thus allowing any existing user records to be identified and identity checks to be performed. Eligibility for the use of the application can be determined and authentication credentials established for the service's ongoing use. This secure registration is a particular difficulty when the electronic device is portable, such as a smartphone or tablet.
Typically, the user is provided with a credential (such as a password or passcode) by the server operator. When the user first launches an application operating on their electronic device for communicating with the server, a registration process confirms that the registration credential is correct in a secure way. The credential itself may not be communicated between the electronic device and the server directly.
Once this initial process is complete, the user can then provide further details via a secure link as part of the registration, which can be complex and time-intensive. This part of registration process involves capturing data from the user. This is seen by some to be a laborious task on a portable device due to device's more limited data input, display size and connectivity when compared to personal computers.
In certain circumstances, the user may wish to use a second application on the same electronic device, in which the second application is also designed to communicate with a server so as to provide another secure service. To save time and avoid duplication of effort, it is advantageous that the user is able to make use of the existing registration in respect of the first application, when registering the second application. Moreover, it would be beneficial for the same credential to be used for authentication in respect of both applications. For example, this may be especially useful when the two applications are used to provide services from the same operator (although it is not necessary for them to access the same server).
However, this presents a significant challenge. Information passed between the two applications represents a security risk. The server or servers should also be able to detect fraudulent activity. Achieving this remains is a difficult issue.