1. Field of the Invention
The invention relates to identity authentication systems and methods. More specifically, the field of the invention is that of server based software for verification and authentication of the client user.
2. Description of the Related Art
The growth of the Internet and the wide availability of broadband and other high-speed access to the Internet have made it more feasible for applications to be offered as web-based services instead of software that must be purchased and installed on individual client computing devices. Many of these web based applications use development techniques that make the applications feel more responsive by exchanging only small amounts of data between the user's interface and the server. These techniques make it possible to increase an application's interactivity, usability, and speed without requiring installation of software on the user's machine.
The use of web-based services as replacements of installed software makes it necessary for the application to be able to authenticate the user of the application. Authentication verifies that the user is allowed to use the application and verifies that the user is only able to access authorized data. As the need for security increases, traditional password systems are no longer able to provide sufficient security. Identity authentication is more frequently being provided through a variety of methods, including the use of personal trusted devices and identity tokens such as smart cards or biometric scanners.
Personal trusted devices and identity tokens have many varied methods for authenticating a user's identity and allowing access to secure applications or data. However, because of the very nature of security requirements, the operating systems and software algorithms that drive these devices cannot be open. The application providers and the makers of personal trusted devices and identity tokens must create integrations between their systems to allow an application to be able to “understand” the authentication provided by the device or token.
The non-dynamic nature of communication between the applications and the devices or tokens means that a person who has such a device or token is only able to use it for authentication with previously enabled applications. The design and programming necessary to integrate a particular application with a particular device or token is platform—and browser—specific and often requires the installation of software on the user's machine. This often requires specific hardware and software modifications to the user's machine in order to install a new device or token significant work is required. Management of current identity and verification devices and tokens is a difficult task which consumes significant information technology resources.