Many service or application providers require a user to present authentication information in order to gain access to a specific service or application. For example, an employer may require an employee to enter a one-time password to access computer resources remotely. In a further example, the provider of on-line financial services may require users to enter authentication data to gain access to financial information or perform transactions. In addition, a token may be required to gain physical access to a building or a location within a building.
Authentication factors for individuals are generally categorized in three classes: something the user is (e.g., a biometric such as a fingerprint), something the user has (e.g., a security token), and something the user knows (e.g., a password). Many sensitive services and applications require multi-factor authentication. That is, a user must provide multiple authenticators in order to gain access to a resource, service, and/or application.
A typical security token uses a symmetric cryptography algorithm to provide authentication credentials. For example, the token and the verifying entity (e.g., a network server or building access controller) may both maintain or generate the same value (e.g., using a particular algorithm and seed).
Because of the need for strong security, an individual may have multiple security tokens. For example, a user may have a security token which generates a code to enable the individual to gain access to a building via an entry security system. The same individual may have a separate token to generate passwords that enable the individual to access his company's computer resources and another token to generate security credentials to enable the access to on-line financial account information.
Requiring a separate token for multiple services is inconvenient for users and increases the likelihood that a user will not fully utilize a service or application. In addition, increasing the security burden on a user often results in the user handling the one or more tokens in an insecure manner or developing mechanisms to avoid or bypass security all together.
What is therefore needed is a universal authentication token which can import and store authentication data from other authentication tokens.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers can indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number may identify the drawing in which the reference number first appears.