The invention relates generally to security authentication systems and more particularly to a combination one-time password generator and credit/debit card.
Methods and apparatuses for authenticating users to control access to secured systems are well known. One such authentication system assigns a user ID and a user password to a user. When the user desires access to the secured system, the user inputs the ID and password to a system authentication node. The authentication node confirms that the input user ID and password correspond to the stored user ID and password and enables user access to the system. While such static security systems are widely used, they are subject to security breaches caused in part by the static nature of the user ID and password. Because these security codes do not change frequently over time they are susceptible to being discovered through unauthorized means. Once a User ID and password are discovered by an unauthorized individual, the system security is compromised and the system is susceptible to unauthorized access. Such security breaches are a concern for all secured systems including financial systems where unauthorized access may compromise confidential information and/or result in asset misappropriation. Thus, security authentication systems are continuously upgraded in order to prevent such security breaches.
One such enhanced security technology is known as one-time password (OTP) authentication. OTP authentication uses a password that is transitory and only valid for a single use such that once used, the OTP is not valid for later access. The OTP may be time-based or event-based. Thus, even if the OTP is obtained by unauthorized means, the possibility that it can be used to gain access to the system is very limited. OTP authentication systems generate the OTP as a function of secret information such as a user password or encryption key, time dependent information such as time of day or time/date and non-secret information such as user ID. The OTP is generated by a token possessed by the user and is input to an authentication node. The input OTP is compared to an OTP generated at the authentication node using the same information and encryption algorithm. If the input OTP matches the OTP generated at the authentication node, the user is allowed access to the system.
One problem with existing systems is that the user tokens for generating the OTP are bulky, single function, stand alone devices that must be available to the end user every time the user wants to access the secured system. Because the token must be readily available to the individual, the token must be carried by the individual in addition to other personal effects such as keys, credit cards and the like. People are resistant to carrying the OTP tokens because of the inconvenience of having to carry a separate, bulky single-function device. As a result, wide spread adoption of OTP for authentication has been slow.
Thus, an improved OTP generator for user authentication is desired.