Authentication systems are used in a wide range of applications, ranging from Automatic Teller Machines (ATM), web-login to services, authorization for opening of doors, gates and the like, to identification of persons allowed to operate a certain machine. These systems include one-step authorization systems and two-stage authorization systems.
An existing one-step authorization system comprises a first device that controls opening/closing of a door. The first device allows a person, who wishes to enter the door, to enter a one-time password into a keypad of the first device.
The one-time password can be retrieved from a scratch-card, which includes hidden one-time passwords. By scratching off a surface hiding the one-time password, a one-time password to be used can be scratched visible. There also exist known electronic devices that can provide these one-time passwords. With such electronic devices, the one-time password is displayed on a screen of the electronic device.
If the one-time password is correct, the door will be allowed to be operated according to the desire of the user. This means that the first device has authorized the user to operate the door in only one step, i.e., the verification of the one-time password.
In an existing two-stage authorization system, there is a further authentication means in addition to the one-time password mentioned above for the one-step authentication system. In case the two-stage authorization system includes an ATM, the further authentication means is usually provided by means of possession of a credit card. Thus, in addition to the one-time password, a second authentication step is performed, i.e., the two-stage authorization system further checks that a user, that e.g., wishes to withdraw money, also has possession of the credit card by allowing the user to insert the card into the machine.
With both one-step and two-stage authorization systems, a problem may be that it is cumbersome for the user to enter the one-time password.
In order to solve this problem, it has been proposed to provide a Universal Serial Bus (USB)-stick that can generate a one-time password. The USB-stick is inserted into a Personal Computer (PC), which recognizes the USB-stick as a USB-keyboard. The USB-stick further includes a button that may be pressed by a user of the PC. Upon authentication at a web-site, the user will thus ensure that the USB-stick is inserted into the PC and that username is entered at the web-site's login screen. Moreover, the user ensures that the cursor is active at a password field of the login screen. Then, the user presses the button, whereby a one-time password, generated by the USB-stick, is automatically entered, i.e., the user does not type the one-time password using a regular keyboard, into the password field thanks to that the USB-stick simulates the keyboard. A disadvantage with this USB-stick is that the user needs activate the correct field at the login screen of the web-site. A further disadvantage is that the user needs to bring an additional unit, i.e., the USB-stick, in addition to a PC or similar client equipped with a USB port. The process is non-automated as it requires a number of manual actions on behalf of the user, including attaching the USB drive to the USB port and pressing the button. This limits the applicability of this solution to manual authentication scenarios.