Password-less authentication service

摘要

A device may receive an authentication request generated based on a request to access a service. The authentication request may include a user identifier. The device may identify a mobile device associated with the user identifier. The device may authenticate the mobile device, and may generate an access notification based on authenticating the mobile device. The access notification may include information relating to the request to access the service. The device may provide the access notification to the mobile device, and may receive an access response from the mobile device. The access response may indicate whether to permit access to the service. The device may cause access to the service to be permitted when the access response indicates to permit access to the service, or may cause access to the service to be denied when the access response indicates to deny access to the service.

主权项

1. An authentication device, comprising:
one or more memories storing instructions; and one or more processors to execute the instructions to:
receive a user identifier, a personal identification number, and a device identifier associated with a user;send a first verification code to an email address associated with the user identifier;send a second verification code to a first device identified by the device identifier;receive a verification response from the user;verify the user based on the verification response including the first verification code, the second verification code, and the personal identification number;cause the first device to generate or obtain a digital certificate based on verifying the user,
the digital certificate being uniquely associated with the user identifier and the device identifier;store user registration information based on verifying the user,
the user registration information including the user identifier and the device identifier;receive an authentication request generated based on a request to access a service via a second device that is different from the first device,
the authentication request including the user identifier, andthe request to access the service being generated by the second device;identify the first device using the user identifier included in the authentication request;authenticate the first device, using the digital certificate, based on identifying the first device;generate an access notification based on authenticating the first device,
the access notification including information relating to the request to access the service;provide the access notification to the first device using the device identifier;receive an access response from the first device,
the access response indicating whether to allow or deny access to the service via the second device, andthe access response including the personal identification number when access to the service is to be allowed; andselectively perform a first action or a second action based on the access response,
the first action including providing a first instruction to allow access to the service via the second device when the access response indicates to allow access to the service, andthe second action including providing a second instruction to deny access to the service via the second device when the access response indicates to deny access to the service.