主权项 |
1. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for authenticating a user requesting access to a computing resource, the operation comprising:
receiving, over a first network connection, a request from a client device to access an application, generating, by operation of the processor, a nonce and a network address to encode in a barcode graphic; sending, over the first network connection, the barcode graphic to the client device; receiving, over a second network connection, a response which includes a digital signature signing the nonce, wherein a mobile device generates the response by:
scanning the barcode graphic to decode the nonce and to recover the network address,accessing a private key from a certificate store on the mobile device, wherein the private key corresponds to a public key identified in a digital certificate associated with the user, wherein the mobile device prompts the user to supply authenticating credentials prior to accessing the private key from the certificate store on the mobile device, andsigning, with the private key, the decoded nonce; and upon determining the digital signature is valid, granting the client device access to the application. |