The use of electronic mail, data networks, and other electronic communications has become widespread over the past several years. More and more businesses and individuals are becoming connected to data networks, such as the internet, in order to communicate information in a paperless manner.
The growth in data network use has recently led to a wide variety of goods and services being offered to consumers who use such data networks. For example, many magazines are now available on line, airline tickets can be booked electronically, etc.
One general category of available online services is consumer transactions. Consumers may purchase items by entering an account number to be billed, credit card, etc. The consumer can thus place an order for an item to be delivered to a specified location.
One issue of concern is security, and more particularly, authentication. Specifically, the widespread use of data networks leaves open the possibility of theft of credit card numbers, passwords, and other information which a dishonest individual can use to charge purchases to the account numbers of others.
While numerous technologies for encryption and cryptographic authentication exist, these technologies include several drawbacks. One such drawback is that the encryption usually involves a cryptographic key, and management and record keeping with respect to all of the different keys is not a simple task. Moreover, some sophisticated mathematical algorithms exist which can decipher the cryptographic information, even without advance knowledge of the cryptographic key. Finally, a clever thief may have a technique to steal the cryptographic key, just as he may have a technique to steal the password previously utilized with a particular user, account number, etc. Accordingly, the encryption technique is not completely reliable.
In view of the above, it can be appreciated that there exists a need in the art for an improved technique of verifying a particular user's identity before accepting payment from that user or dispatching any goods or services to that user, in order to ensure that the payment is not being sent from a stolen credit card number or other account number.