This invention relates to an authentication device for use over a telephone line.
There are a number of situations where a person may be required to authenticate his or her identity to a remote service over a telephone line. For example, authentication is required when a customer calls a bank to obtain account details, or when a person calls a government department in connection with a benefit claim. Conventional methods, such as asking for date of birth or mother""s maiden name, provide only a minimal degree of security.
U.S. Pat. No. 5,406,619 describes a universal authentication device which is the size and shape of a credit card, and contains a microprocessor, keypad, LCD display, and audio interface for receiving and transmitting signals over a telephone line when the device is held close to the telephone earpiece or mouthpiece. In operation, the remote service sends a random challenge over the telephone line to the device. The device generates a response, e.g. by encrypting the challenge, and returns the response over the telephone line to the remote service. The remote service compares the response with the expected response, and if they match, authenticates the user.
PCT Patent Application No. 95/04328 describes a portable hand-held device containing a microprocessor, keypad, LCD display, and audio interface for connection to a telephone line. The device also contains a receptor for an integrated circuit card (smart card). The device may be used for a large number of functions, controlled by program modules stored internally or on the smart card. One function provides identification of the user via the telephone, using a challenge and response mechanism.
A problem with both of these prior proposals is that they are relatively complex, and hence would be relatively expensive to implement. The object of the present invention is to provide an improved authentication device, which does not have these disadvantages.
According to the invention an authentication device comprises a hand-held unit having a receptacle for a smart card and an audio interface for communication with a telephone line to permit a challenge-and-response authentication procedure between the smart card and a remote service, the device being dedicated solely to said authentication procedure and having no display.
It will be seen that, because the device is dedicated solely to the authentication procedure and has no display, it can be implemented very simply and cheaply. In a preferred form of the invention, the device also has no keypad, allowing it to be implemented even more cheaply.