The present invention is generally directed to performing authentication on a thin client using an independent mobile device. Authentication on a thin client is typically performed using a username and password as is common with most personal computers. Several problems exist with this typical authentication approach. First, when passwords and their corresponding questions are stored online, they are susceptible to hacking. Second, many users write their passwords down near the computers to which the passwords apply making a breach easily obtainable to anyone with physical access to the location of the computers. Third, many people use passwords that can be easily guessed based on information about the user that is available on social networking websites.
In addition to these security issues, it may also be difficult for the user to manage his or her passwords. This is especially true when administrators apply strict security requirements when selecting passwords. For example, if a user is required to include numbers or special characters in the password or change the password frequently, he or she will be more likely write down the password or use a meaningful word or phrase within the password so that it is easier to remember. In short, regardless of the efforts that are made to enhance its security, password-based authentication will remain susceptible to hacking.
To address these concerns, many computers now include biometric scanners that allow biometric-based authentication to be performed. For example, many laptops, tablets, and smart phones include fingerprint sensors that allow a user to login with a fingerprint. Unfortunately, most thin clients do not include fingerprint sensors or other biometric scanners due primarily to the fact that their inclusion would render the thin clients too expensive (or no longer “thin”) thereby defeating their purpose. Therefore, to allow biometric-based authentication in a thin client environment, it would typically be necessary to invest in biometric scanners that could be connected to the thin clients. The same is true for smart card-based authentication or other hardware token-based authentication techniques. Therefore, for cost and management reasons, these approaches will oftentimes not be suitable.
Currently, some solutions exist that allow a user to unlock a computer using another device. For example, the FingerKey app allows Mac users to unlock a Mac using the Touch ID fingerprint sensor of an iPhone. For FingerKey to work, a companion application, FingerLock must be installed on the Mac. During the login process, the FingerKey app will prompt the user to scan his fingerprint on his iPhone and then communicate a successful scan to the FingerLock application which in turn will input the password into the password text box on the Mac. In essence, FingerKey provides a way for the user to input his password into the Mac without actually having to type it on the keyboard. Because FingerKey only automates the password login process, it will not function in a corporate environment (e.g., in an Active Directory environment).