Fraudulent transactions, whether executed online by a malicious party who has stolen a user's online banking password or offline by a malicious party entering a restricted building using a forged identification card, are indicators of a lack of authentication in present day security systems. Similarly, authorization (permission to complete a transaction) is limited without a strong notion of authentication. Traditionally, techniques for authentication are classified into several broad classes such as “what you know” (e.g., passwords or a social security number), “what you have” (e.g., physical possessions such as ATM cards or a security dongle), and “what you are” (e.g., biometric information such as a finger print or DNA). These techniques may be used in combination (multi-factor authentication) to increase security.
In particular, possession-factor authentication utilizing smartphones (or other mobile electronic devices) has become a popular technique in multi-factor authentication systems. However, even the most sophisticated of possession-factor authentication techniques require user interaction (e.g., responding to an authentication push notification). This requirement for user interaction can be cumbersome and potentially limit applications for possession-factor based authentication.
Thus, there is a need in the digital security services field to create new and useful methods for automatic possession-factor authentication. This invention provides such new and useful methods.