Authentication of a user accessing a protected resource using multi-channel protocol

摘要

A user accessing a protected resource is authenticated using multiple channels, including a mobile device of the user. A user attempting to access a protected resource is authenticated by receiving a request from a mobile device of the user to access the protected resource; receiving a public key from the mobile device of the user; providing a provision token to the mobile device, wherein the provision token is used by the user to access the protected resource using a second device; and confirming the provision token to a provider of the protected resource to authorize the user to access the protected resource. The user then communicates with the provider using a second device to authorize the provisioning token. A transaction signing protocol is also provided.

主权项

1. A method for authentication of a user attempting to access a protected resource, comprising:
receiving a request from a mobile device of said user to access said protected resource; receiving a public key from said mobile device of said user; providing a provision token to said mobile device, wherein said provision token is used by said user to access said protected resource using a second device; confirming said provision token to a provider of said protected resource to authorize said user to access said protected resource; receiving encoded transaction data from a provider of said protected resource, wherein said transaction data is encoded using a private key of said provider and a public key of said user; providing said encoded transaction data to a mobile device of said user, wherein said mobile device decodes said encoded transaction data using a public key of said provider and a private key of said user; receiving from a second device of said user a signed concatenation of said transaction data and a personal identification number of said user; and providing confirmation to one or more of said user and said provider that said signed concatenation is for said transaction data received from said provider and is signed by said user of said mobile device.