A number of different procedures as well as various aids are known for activating access in or over a computer network for a user. The access may be for example to certain, in particular fee-based, Internet pages or applications accessible over the Internet, such as Internet banking. Activating such access in many cases requires a correct input for example of a user identification and password in specially provided entry fields of a preceding access page. The input can be effected manually with the help of a terminal connected to the computer network. If a user desires access to different Internet pages or applications, it is required that he has knowledge of a corresponding number of user names and associated passwords and input them into the terminal in each case. Multiple use of the same data might be possible, but is at the expense of security.
Instead of manual password input, it is also possible to equip the user with a portable security data carrier to be used for performing authentications. However, this presupposes that suitable software permitting access to the portable security data carrier is installed on the terminal which is still required. The installation of such software is problematic in particular when access is to be effected via the terminal of a third party. This situation can occur for example during a customer call by a sales representative when the latter wishes to access his company's server. Similar difficulties occur when a computer at an Internet café is to be used for access. In such cases it is as a rule impossible to use a customary security data carrier since software installation by the user is out of the question.
To solve this problem it is known to use a device which indicates a number on a display at the touch of a button. This number is read by the user and entered for example as a one-time password on a protected Internet page by means of the terminal. The user is thereupon given access to the desired server via the terminal for a certain time. A disadvantage of this procedure, however, is that the one-time password must be typed into the terminal in each case. It is further disadvantageous that access to the system can be achieved by anyone who is in possession of the device for password generation. Loss of the device can therefore be extremely critical. If access both via a security data carrier and via a one-time password is to be possible, a separate portal is required for each access method. For example, for Internet banking many banks offer both a portal for access by HBCI card and a portal for the PIN/TAN method. HBCI stands for home banking computer interface, PIN for personal identification number and TAN for transaction number. This two-pronged approach has the consequence of high effort on the part of the provider.
US 2003/0051173 A1 discloses a system for limiting access to a computer which has an authentication gateway through which the user can access the computer. The authentication gateway receives one or more access codes from the user to authenticate the identity of the user. The authentication gateway further provides the computer with one or more authenticated access codes so that the user can access the computer. This does relieve the burden on the user, who need only authenticate himself to the authentication gateway. However, the system is not very flexible, since an availability of the authentication gateway is required in each case. Furthermore, if there is an attack on the authentication gateway a great number of users are as a rule affected, so that effective security measures are required.