1. Field of the Invention
The present invention relates to cryptographic authentication. More specifically, the present invention relates to the evaluation of an authentication event based upon the context of that event.
2. Description of the Related Art
With the continued increase in commercial and other transactions taking place across linked computer systems, it has become desirable to secure these transactions and the information related to these transactions. One form of security is to prevent access to systems which perform certain functions, for instance by requiring a password or PIN number in order to use an ATM. Another form of security is to protect data from being intercepted and used by those other than the intended recipients, for instance, when sending a credit card number electronically. Another form of security involves allowing someone to undeniably sign a document or otherwise assent to a transaction electronically.
All of these functions are related to the concept of authentication, or proof of identity. Authentication of electronic systems, particularly digital systems, is generally carried out using cryptographic techniques and protocols. Cryptography is the scrambling of information in such a specific way that it can only be unscrambled by someone who holds the appropriate unscrambling key. By exchanging messages which can only be decrypted by those with access to the proper key, cryptographic protocols can be used as a means to authenticate individuals.
Techniques of authentication vary in their ease of use and their reliability. For instance, a classical authentication technique in both electronic and non-electronic systems is the password. Anyone who knows the password for the club is assumed to be a member and is admitted. Anyone who doesn't know the password is prohibited. Similarly, someone who knows a particular individual's password is assumed to be that individual, while someone who doesn't is assumed to be someone else.
This technique is fairly simple to implement, and fairly simple to use. The individuals being authenticated need merely remember the password, and they can be authenticated by anyone else who knows the password. However, such a technique is also fairly unreliable; people may be forget their own password or overhear someone else's password.
Other techniques for authentication involve the use or control of a particular token, such as a particular key, either physical or electronic. Still other techniques are based upon some immutable physical characteristic of a user, such as a fingerprint or the sound of their voice. Some of these techniques are more reliable than others. For instance, fingerprints are more effective authenticators than passwords in most cases. However, analyzing a fingerprint to determine if someone is who they claim to be is much more complex than simply comparing passwords. Generally, the more reliable a technique of authentication is, the more cumbersome it is to use.
Therefore, there is a continued need for improved systems that provide appropriate levels of reliable authentication and security with the improved ease of use and reduced inconvenience to the users.