| 摘要 |
<p>A computer implemented multi-factor authentication method for authenticating a user of a secured component (21, 31;216; 217; 218; 219), comprises the user requesting access to the secured component (21, 31; 216; 217; 218; 219) via a client device (2);the client device (2) providing a first authentication factor (22; 226; 227, 237; 228; 229) to the user;the user providing the first authentication factor (22; 226; 227, 237; 228; 229) to a personal device (5; 56; 7; 58; 59) which is associated to the user at an authentication component (51, 61; 526, 527, 528, 529), wherein the client device (2) and the personal device (5; 56; 57; 58; 59) are physically distinct units; the user providing a second authentication factor to the personal device;the personal device (5; 56; 57; 58; 59) forwarding the first authentication factor (22; 226; 227, 237; 228; 229) and the second identification factor to the authentication component (51, 61; 526, 27, 528, 529); the authentication component (51, 61; 526, 527, 528, 529) verifying identity of the user and providing an access token (62) to the secured component (21, 31; 216; 217; 218; 219); and the secured component (21, 31; 216; 217; 218; 219) providing the user access to the secured component (21, 31; 216; 217; 218; 219) on the client device (2) in accordance with the access token (62).The method according to the invention allows for completely separating the authentication process from the application or usage of the secured component. Thereby, it can be prevented that any user credentials or authentication information of the user are to be inputted or provided to the client device. Such a separation of the authentication process allows for increasing security of the authentication process. Also, blocking the system, e.g. by applying a brute force attack, can be prevented.</p> |
