1. Field of the Subject Disclosure
The present subject disclosure relates to authenticating users. In particular, the present subject disclosure relates to authenticating a user of a service by generating a Personal Identification Number (PIN) code on the user's mobile device.
2. Background of the Subject Disclosure
As more people access more information online or across networks, there is a greater chance that sensitive information can come into the wrong hands. Increasingly, banks, insurance companies, and other service providers are enabling people to access services online, such as account downloads, payments, etc. The service is typically accessed via a web-site hosted on a web server or a host server. Further, other types of access systems are being provided with network connectivity. For instance, security systems, building access systems, etc., have network interfaces to connect to a remote server across the internet, to provide status reports, raise alarms, etc. These security systems have control panels that enable users to change the settings, or allow access to a secure resource.
Security is an increasing concern as the internetworking capabilities of these systems converge. Without proper layers of authentication, unauthorized users can gain access to sensitive information and secure services stored online to which they should not have access. Although a name and password are typically used to authenticate users, this system relies on only a single layer of authentication and can be bypassed or “hacked” by a remote user having the right set of tools.
Present-day solutions to overcome these security concerns are limited in their efficacy and ease of use. Some secure web-sites use RSA cryptography, such as implementing an RSA secure ID token for authenticating a user. IP addresses of terminals and computers can be recorded and stored so as to properly identify a user. However, these methods do not ensure that the appropriate user is accessing the service, as this information is typically static and can be “forged” by experienced hackers. Moreover, adding higher-level layers of security, such as biometric identifiers, etc., is expensive as it requires implementing additional scanners and processing units to a network and to the users of these services.
What is therefore needed is the ability to authenticate a user of a service that makes optimal use of existing system infrastructure and that is easy for a user to use.