Field of the Invention
The present invention relates to methods, apparatus and computer programs for authentication of an entity.
Description of the Related Technology
It is often necessary for a relying party to authenticate an entity with which they are interacting. For example, an online merchant may need to authenticate a user before allowing the user access to certain services offered by the online merchant. As another example, a user may need to logon to a remote network, such as a corporate network for the user's employer or the like. As another example, a user may need to be authenticated even when personally present in front of the relying party and the communications between the user and the relying party do not take place over a network.
There are various ways in which the relying party can authenticate the user. One way is to request the user to provide a username and password. If the provided username and password match a username and password combination associated with an existing account or the like held with the relying party, the relying party allows access to services associated with the existing account.
Although it is important to perform authentication in such circumstances, communicating a username and password from the user to the relying party can have serious security implications, for example if the username and password are intercepted while being communicated. In any event, it is possible for the username and password to be “stolen” or even guessed by a third party, and may be subject to “brute force” attacks where a third party simply tries many different possible combinations of username and password (typically using a computer for this purpose).