Before a user is permitted to access a network resource or service provided on a network computer or server through a remote terminal, a network security program or application running on that computer or server, or on a separate computer or server, will generally first determine whether the user is a person who is entitled to access that resource or service. If he is, the network security program or application will attempt to authenticate that person as being the authorized person. Most commonly, the identity aspect is determined through a comparison of a user-inputted account name or identity with the account names or identities of those who are entitled to access the resource or service. If the user-inputted identity or account name is valid, authentication is then generally performed by requiring the user to input a PIN or password that is associated with that identified user and known only to the user and to network security program or application. In many instances, the user will enter both his identity or account name and his PIN or password in two separate fields of a dialog box of a graphical user interface page, for example a WWW page, in order to access a resource or service available on the Internet or some other data network. The network security program or application will allow access to the network resource or service only if the user is able to provide the PIN or password that is uniquely associated with his identity or account name; otherwise, access is denied. This type of interaction is common through terminals such as ATMs (Automatic Teller Machines), laptops, workstations, as well as any other type of landline wired or wireless terminal in which network access is attempted.
As long as a user's PIN or password remains secure, prior art methods of maintaining security using IDs or account names and PINs or passwords have been found to be for the most part satisfactory. A user's PIN or password, however, may be compromised by carelessness on the user's part. For example, a user might notate his ATM card with his PIN number or keep that PIN in his wallet with the ATM card. If the user looses that card or wallet, or if the user's card or wallet is stolen, the finder or thief could have ready access the user's bank account. Similarly, a careless user might leave his PIN or password in plain view near his office terminal, allowing unfettered access by an “eavesdropper” to confidential network resources.
An additional mechanism for authenticating a user would thus be useful to protect access to a restricted network resource or service in order to reduce the likelihood of an unauthorized access by an illegitimate user.