摘要 |
A method for authentication or step-up authentication as part of a login process for a graphical or web-based application comprises a server component and a smartphone application ("app"). The server component generates a random challenge 1 which is displayed in a graphical form to the end user, encoded in a quick response code image. A compatible smartphone which has the smartphone application installed is used to scan the quick response code 2. The smartphone application generates a passcode 3 from the challenge using a unique key, which the user inputs into the form 4. At the same time, the server carries out the same passcode generation using the unique key, and compares the result to the input received from the user 5. A positive comparison results in successful authentication. The method is intended to minimise the impact of keylogging or man-in-the-middle attacks.
|