The invention relates to a mobile device comprising a transceiver for mobile communication and a controller configured to execute an authentication function for authenticating a registered user of the device.
In transactions in which a user communicates with a remote transaction partner via a communication channel such as the Internet, it is important to assure that an individual that identifies itself as an authorised user is actually the person it alleges to be. For example, when a user makes an online bank transaction in which he identifies himself as the owner of a certain account and requests that an amount of money is remitted to some other account, an authentication method is needed for verifying the identity of the requestor. Other examples of transactions where an authentication of the user should be required are transactions in which a user asks for online access to a database or other online services that involve sensitive data. Another example would be a transaction for operating a door opener that provides physical access to a secure area or room.
WO 98/25371 A1 discloses a mobile device of the type indicated above, wherein the authentication function includes prompting the user to confirm the transaction request.
US 2006/288233 A1 discloses a mobile device with a biometric authentication function.
WO 2007/072001 A1 discloses an authentication method and a mobile device wherein an authentication device responds to the transmission of a user identification with sending an authentication token to a terminal from which the transaction has been requested. This token may for example be encoded in a digital image to be displayed on a display of the terminal. The authentication function in the mobile device is configured to capture this digital image and send it back to the authentication device via the mobile communication channel.
In this way, it can be confirmed that the person carrying the mobile device, e.g. a mobile telephone, is actually present at the location of the terminal from which the transaction has been requested. Thus, as long as the user is in control of his mobile device, the authentication method assures that no third party can fake the identification data of this user and perform any transactions in his place.