In business, government and academia, there are many applications where it is desired that only a select group of identified individuals have access to a particular facility. Examples are obtaining classified or other sensitive data from a computer data base, placing orders or transacting other business with a bank, brokerage or other financial institution and the like. In such applications, each user is normally assigned a secret code number which the individual provides to the system to verify his identity.
While such code responsive systems provide some measure of security, this security is limited in that hackers can normally break a fixed code within a limited period of time. Sophisticated devices are also available for tapping phone lines to gain access to fixed authorization codes and such codes may also be obtained from or misused by people in an organization who have rightly or wrongly obtained such numbers.
Therefore, more sophisticated techniques for providing secure access in these various applications have been developed. Some of these techniques involve two-factor security, where the user has both a token and a number so that knowing the number alone will not provide access. The token is frequently a "smart-card" which may operate in a query-response mode with a host computer to assure verification. Alternatively, such smart-card may provide an authorization number which dynamically varies with time, with number of uses or the like to prevent successful hacking of a user ID number. However, most such systems are relatively complex, and therefore expensive. Some of the systems, particularly query and response systems, are also cumbersome to use.
A need therefore exists for a simple, relatively inexpensive, easy to use personal security system for providing a dynamically varying, non-predictable number for an individual.