Method and system of providing authentication of user access to a computer resource on a mobile device

摘要

A method and system of authenticating a computer resource such as an application or data on a mobile device uses a contactless token to provide user authentication. User credentials are stored on the token in the form of private keys, and encrypted data and passwords are stored on the device. When application user requires access to the resource an encrypted password is transmitted to and decrypted on the token using a stored private key. An unencrypted data encryption key or password is then transmitted back to the device under the protection of a cryptographic session key which is generated as a result of strong mutual authentication between the device and the token.

主权项

1. A method of authenticating a computer resource comprising an application on a mobile device comprising:
storing an encrypted resource authorization on the mobile device; receiving, from the mobile device, a request for a password wherein the request comprises one or more application credentials for that particular application; validating the application credentials; retrieving the encrypted resource authorization for the application; transmitting the encrypted authorization to a separate portable security token; on the portable security token, using user decryption credentials stored on the portable security token, decrypting the encrypted authorization and generating at least partially therefrom an unlock response; wherein the unlock response comprises a decrypted password for the application; securely transmitting the unlock response to the mobile device; and unlocking the computer resource if the received unlock response is valid.