Access codes or passwords are needed for many applications, ranging from bank transactions, to accessing computers, to making transactions over the web. Many of these codes are housed in “smart cards”. There is a serious concern that the codes are not secure. As a result, many approaches have been taken to increase transactions security.
One approach to increasing access security is to generate a one-time password (OTP). In U.S. Patent Application No. 20060242698, a number is provided through a visual and/or audio display on the card to output the OTP to the user. The end user inputs the OTP to access the system on-line, telephonically or otherwise. Existing algorithms are used to generate the numbers. This approach can be inconvenient for users as they have to read or listen to the number and key it in accurately. Anyone can read or listen and copy the number.
In another approach, the user creates a two-factor password whenever the user logs on. The first factor is the user's personal identification number (PIN), which the user enters as the first part of the password. The user obtains the second factor from an electronic token, which displays a 6-digit number. The token is time-synchronized with the authentication server, and the number displayed on the token changes every minute. The user enters the 6-digit number displayed on the token as the second part of the password. This two-factor password improves the security, however, it suffers the same deficiencies as the single OTP.
U.S. patent application No. 20040031856 overcomes some of the deficiencies in the prior art by utilizing sound waves to transmit data between an electronic card and a computing device equipped with a sound card. This, when used as a multifactor authentication system permits data transmission, detection and decoding without a special reader and without human input. Security can be assured by storing identical sets of random numbers both on a memory unit in the card, and on the authentication server. However, this system can be subject to interference because it is an “open system.” Sound waves can easily be intercepted and sabotaged without needing any physical presence in the room.
There remains a need for a simple, secure authentication system. It is an object of the present technology to overcome the deficiencies in the prior art.