The present invention relates to an authentication method and apparatus for providing secure access to a network device or online resource for the purpose of communicating with or controlling the device or resource. More particularly the present invention relates to a method and apparatus that allows a user to securely access network devices and online resources, even when communicating through an insecure intermediate device.
Most online services and resources (e.g., Internet sites, network servers, appliances accessible through wireless techniques) use some form of user authentication to provide a secure link between the user and the site and to restrict access by unauthorized users. It is known, however, that there are certain limitations and vulnerabilities associated with the each of the security techniques currently in use.
The most common form of authentication is the entry of a user-chosen password when logging onto a computer, accessing resources on a local area network (LAN), communicating with a controlled appliance or connecting to an online service such as a store or bank via the Internet. This process is known to have security vulnerabilities because users choose easily-guessed passwords, reuse them for multiple accounts, change them infrequently, and are easily tricked into divulging them when prompted. The passwords are visible to others looking over the user""s shoulders, and to a password-collecting virus residing on the user""s personal computer (PC). Further, the operator of the online site has access to all the users"" passwords, and if in fact the same password is employed by the user at multiple sites, which is generally the case, the site operator can access other sites, spoofing the user.
Another common form of authentication is a card with a magnetic stripe, protected by a 4-digit personal identification number (PIN), as commonly used in automatic teller machines (ATM). This security has been defeated by locating a phony ATM in a public place. The unknowing user enters the card and PIN number into an apparently legitimate automatic teller machine, but while dispensing money or appearing to perform the requested instruction, in fact the ATM reads enough information from the card to duplicate it and also captures the PIN associated with the card.
The smart card or smart ring is another authentication device that is gaining popularity. In one computer-based application, while accessing a stock trading service through a Web browser, for example, the user inserts the smart card into a reader mounted on the PC. When the user makes a trade, the smart card communicates with the service to authorize the trade. Unfortunately, this process is no more secure than the PC alone. If the PC is infected with a virus, the virus can change the user""s keyboard commands before sending them to the stock trading service, and change the service""s replies before displaying them on the screen. In this way, the smart card authorizes the transactions that the virus chooses, rather than the transactions that the user has initiated and secured with the smart card.
A more sophisticated smart card includes a small screen that displays a different pseudorandom number at a given frequency, once every minute, for instance. The user reads the number from the smart card and types it into the device to which access is desired. The number serves as a password, albeit one that is changed frequently, to the device. The password is based on the current date and time, and the device and the smart card are date/time synchronized. Further, both employ the same complex algorithm to calculate the pseudorandom number from the current date and time. The device therefore permits access if the correct number was entered. Other devices and smart cards require biometric matches to gain access, such as by way of a fingerprint or iris reader. If there is not a biometric match, the user cannot gain access to the device or service. However, even when a biometrics or pseudorandom number match is secured, the PC itself can present an insecure environment if an unknown virus resides on the PC. As discussed above with respect to the smart card, the virus can unknowingly alter the transaction.
Further, when a user purchases a smart card and an complementary PC, that alone does not allow the user to access existing online services. The software for each online service must be tailored for the specific smart card purchased. The typical smart card does not require a user-provided password, but the card carries on a conversation with an on-line service or resource according to the process embodied in the smart card by it""s manufacturer. Thus a typical smart card cannot be used with any on-line resource. Instead, the operator of the on-line resource must incorporate a complementary process to allow users of the card to gain access to the resource. Today, most on-line resources or websites use passwords for access, but are not equipped to interface with smart cards for access control. By contrast, the teachings of the present invention provide additional access security using the existing infrastructure.
There is a need for an apparatus and method that can securely authenticate a user to existing online services, without requiring modifications to the current access process in use by those services, including especially the process for logging on to the site. Further the user should be able to conduct the transaction in a secure environment to ensure that transaction is in fact executed as desired.
The present invention overcomes the limitations of the prior art by providing an apparatus that allows secure authentication using the existing security infrastructure common on local area networks and the Internet, and using existing portable computing devices. It does this by requiring the user to authenticate to the device using three different types of authentication: what you know (a passphrase or password), what you have (a particular device), and what you are (your biometrics). Once the user has successfully authenticated to the device, the device then authenticates to a site using the site""s existing access infrastructure and methodology. However, in accessing the site, the device uses strong (i.e., not easily discovered) passwords for the user, changing them frequently, and not allowing the user to see them or to be tricked into revealing them. This process provides secure site access without requiring changes to the present ubiquitous site log-in processes. But, the security of the current password-based infrastructure is significantly enhanced, because the passwords are strong passwords generated by the apparatus of the present invention (not short words from a dictionary that a user would likely choose), the passwords are different for every account (not reused on multiple accounts as many users do), the passwords are changed frequently by the device (which users rarely do), and the password may not even be known by the user (so the user cannot be tricked into revealing it through a so-called xe2x80x9csocial engineeringxe2x80x9d attack).
In one embodiment the device of the present invention is operative in conjunction with a personal computer. The transaction is displayed to the user on the device, it is not displayed on the insecure PC. Further, the device accepts PINs and passwords directly from the user, rather than through the insecure PC.