1. Field of the Invention
The present invention relates to a method and arrangement for remotely accessing password-protected services in a data communication system.
2. Description of Related Art
Reliable identification of the user is an essential prerequisite for permitting access to many services, such for example as bank services, that are commonly provided in a general telecommunication network or other data network. Because the use and consequences of use of such services may involve significant economic ramifications, it is essential that the service provider be able to ascertain and validate a user's identity, and/or the user's right to access and use the service, before making the service available to that user.
Very often, e.g. in conjunction with bank services, the identification of the user is effected and confirmed by means of passwords, and often these passwords are expendable. In commonly-used arrangements, the service provider or an identifying party authorized by the service provider has given the user beforehand a number of single-use passwords (e.g. four-digit numbers), one of which the customer uses each time he or she needs to access or use the service. When the previously-provided list of passwords is or is about to be exhausted, the service provider (or a party authorized by the service provider) sends the user a new list of passwords. In this manner, the user always has a sufficient number of passwords on hand to satisfy his or her near-future needs.
A feature typical of prior-art solutions is that the user or customer is required to manually input an expendable password when logging on to the bank's or service-provider's server. Often the password is entered by selectively depressing the keys of a telephone set, thereby causing the data to be transmitted to the server using tone frequency transmissions employing the so-called DTMF (dual tone multifrequency) codes. In addition, there are many other methods for transmitting a password, such as the short-message service available in GSM (Global System for Mobile Communications) networks; as used herein, the term GSM network is intended to refer to any mobile communication system based on the GSM specifications. In any event, the essential point is that the user is required to manually input the password which is time consuming and, in many cases, may be quite difficult for the user.
Another feature typical of prior art solutions is that the service provider must from time to time provide the user with a new set of passwords by using a relatively unreliable transmission mechanism, most commonly by mail. In such situations the letter containing the passwords may end up in the wrong hands, thus compromising security.