PERFORMING CLIENT AUTHENTICATION USING CERTIFICATE STORE ON MOBILE DEVICE
First Claim
1. A method for authenticating a user requesting access to a computing resource, the method comprising:
- receiving, over a first network connection, a request from a client device to access an application;
generating, by operation of a processor, a nonce to encode in a barcode graphic;
sending, over the first network connection, the barcode graphic to the client device;
receiving, over a second network connection, a response which includes a digital signature signing the nonce; and
upon determining the digital signature is valid, granting the client device access to the application.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.
-
Citations
25 Claims
-
1. A method for authenticating a user requesting access to a computing resource, the method comprising:
-
receiving, over a first network connection, a request from a client device to access an application; generating, by operation of a processor, a nonce to encode in a barcode graphic; sending, over the first network connection, the barcode graphic to the client device; receiving, over a second network connection, a response which includes a digital signature signing the nonce; and upon determining the digital signature is valid, granting the client device access to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for authenticating a user requesting access to a computing resource, the operation comprising:
-
receiving, over a first network connection, a request from a client device to access an application, generating, by operation of the processor, a nonce to encode in a barcode graphic; sending, over the first network connection, the barcode graphic to the client device; receiving, over a second network connection, a response which includes a digital signature signing the nonce; and upon determining the digital signature is valid, granting the client device access to the application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a processor and a memory hosting an application, which, when executed on the processor, performs an operation for authenticating a user requesting access to a computing resource, the operation comprising; receiving, over a first network connection, a request from a client device to access the application, generating, by operation of a processor, a nonce to encode in a barcode graphic, sending, over the first network connection, the barcode graphic to the client device, receiving, over a second network connection, a response which includes a digital signature signing the nonce, and upon determining the digital signature is valid, granting the client device access to the application. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for accessing a computing resource hosted by a network accessible computing system, the method comprising:
-
receiving, on a first computing device, an authentication challenge, wherein the authentication challenge is received in response to a request to access the computing resource, and wherein the authentication challenge is encoded in a barcode graphic displayed on the first computing device scanning, with a second computing device, the barcode graphic to recover a nonce and a network address; signing the recovered nonce with the a private key retrieved from a certificate store on the second computing device; and posting, from the second computing device, to the network address, a response to the authentication challenge, wherein the response includes at least a signed copy of the nonce. - View Dependent Claims (23, 24)
-
-
25. A computer-readable storage medium storing instructions, which, when executed on a processor on a mobile device, performs an operation for responding to an authentication challenge, the operation comprising:
-
scanning a barcode graphic displayed on a logon page of an application to recover a nonce and a network address; signing the recovered nonce with the a private key stored on the mobile device; and posting, to the network address, a response to the authentication challenge, wherein the response includes at least a signed copy of the nonce.
-
Specification