Multi-factor authentication is an approach to security authentication, which requires that an on-line user of a network provide more than one form of verification in order to prove his or her identity and allow access to the network. Multi-factor authentication takes advantage of a combination of several factors of authentication. Three major factors include: verification by something the user knows, such as a password, or a personal identification number (PIN); something the user has, such as a smart card, a security fob, a hardware or virtual token, a USB dongle, or a digital certificate; and something the user is, such as a biometric characteristic, e.g., a fingerprint, a facial image, a retinal pattern, a voice print, etc. Due to its increased complexity, a multi-factor authentication is harder to compromise than a single factor authentication.
As advantageous as these multi-factor authentication techniques have been, multi-factor authentication is not supported when a user performs authentication by using a first authentication factor on a first communication device, and performs authentication by using a second authentication factor on a second collaborating communication device. The term “collaborating” or “collaboration” refers to a type of working cooperation among the communication devices, whereby a user can securely leverage the capabilities of a second communication device from a first communication device; for example, the user can sign-on, or login, to a first service from a first communication device, and leverage a set of enhanced identity management procedures to securely access the first service, as well as other services, from the first communication device, as well as from other communication devices, without needing to perform additional manual sign-on procedures. By way of example, a user may be checking his or her email, or using some other application hosted by a service provider, on a personal digital assistant or a smartphone, and then, for whatever reason, may subsequently wish to check his or her email, or even run a different application, e.g., banking services, shopping services, etc., on his or her laptop computer or a desktop computer. Thereafter, the user may wish to check his or her email, or even run a different application, on his or her tablet. The user may, in case of emergency, subsequently wish to run an application, on his or her land mobile radio (LMR). Security Assertion Markup Language (SAML) and Web Authorization Protocol (OAuth) are examples of open standards for exchanging authentication and authorization data between such multiple applications on a single communication device, but not across multiple devices.
However, each of these devices typically has different hardware specifications and often are accessed with different authentication factors. One device might have a real or virtual keyboard to enter a user name and password, but not a biometric scanner, or some other means of factor authentication. Another device might have a biometric scanner, but not a slot/socket for receiving a security card, a dongle, or hardware token, or some other means of factor authentication. Some devices may be configured to enter multiple factors, but the user may be unwilling to repeat a factor previously entered on another device. Some service providers require multi-factor authentication to access their services.
At present, there is no multi-factor authentication process that supports the user across a plurality of collaborating communication devices, whereby the user performs authentication by using a first authentication factor on a first device, and then performs authentication by using a second authentication factor on a second device, and whereby these authentication factors are bound together such that the network recognizes that multi-factor authentication has been performed. Accordingly, there is a need to enable multi-factor authentication across a plurality of collaborating communication devices for greater network security.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions and locations of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.