System and method for second factor authentication services

摘要

A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.

主权项

1. A method for selectively granting access to data by a user, the method comprising:
providing a plurality of second-factor authentication options for selection by a first user and a second user, the plurality of second-factor authentication comprising a one-time passcode option and a security question option; receiving, by a processing device, a first request for access to first data from a first user computer via a first type of communication channel and a second request for access to second data from a second user computer via the first type of communication channel; providing first factor authentication of the first user and the second user, wherein the first factor authentication for the first user comprises determining that a first user name and a first password received from the first user computer via the first type of communication channel are valid and the first factor authentication for the second user comprises determining that a second user name and a second password received from the second user computer via the first type of communication channel are valid; performing, by the processing device, second factor authentication of the first user responsive to determining that the first user name and the first password are valid, the second factor authentication of the first user comprising:
determining that the first user has selected the one-time passcode option, andbased on determining that the first user has selected the one-time passcode option, identifying a second type of communication channel for providing a one-time passcode in a human-readable language to the first user, determining that the second type of communication channel is unavailable, providing the one-time passcode over a third type of communication channel in response to determining that the second type of communication channel is unavailable, and granting access to the data to the first user computer in response to receiving the one-time passcode over the first type of communication channel; and performing, by the processing device, second factor authentication of the second user responsive to determining that the second user name and the second password are valid, the second factor authentication of the second user comprising:
determining that the second user has selected the security question option, andbased on determining that the second user has selected the security question option, providing a plurality of security questions to the second user and granting access to the data to the second user computer in response to receiving correct answers to the plurality of security questions.