| 摘要 |
Techniques are disclosed for authenticating users accessing computing applications, e.g., applications hosted in a cloud environment accessed using a variety of computing systems. As disclosed, an authentication process is performed using a certificate and private key installed on a mobile device and a nonce generated on the server. To authenticate a user, a server generates a nonce, encrypts the nonce with a public key associated with the user, and encodes the encrypted nonce in a barcode graphic (e.g., a QR code). The resulting barcode graphic is displayed to the user, and a mobile device scans the barcode graphic to recover the encrypted nonce. The encrypted nonce is decrypted using a private key stored on the mobile device. The clear text nonce is then displayed on the screen of the mobile device and used as a one-time password (OTP) for authentication. |
| 主权项 |
1. A method for authenticating a client device requesting access to a computing application, the method comprising:
in response to receiving a request to access the computing application:
encrypting a first nonce using a public key associated with the user, andencoding the encrypted nonce in a barcode graphic; sending the barcode graphic to the client device as a second factor authentication challenge; receiving, from the client device, a response to the challenge which includes a second nonce; and upon determining the second nonce matches the first nonce, granting the client device access to the computing application. |
