The present invention generally relates to user authentication, and more particularly relates to a computer-implemented method for mobile authentication and a corresponding computer system configured for mobile authentication.
Unless otherwise indicated herein, the approaches described in the background section are not admitted to be prior art by being included in the background section and are not admitted prior art to the claims.
With the growth of the number of services available via the Internet and other networks, the trend of users having multiple accounts with multiple service providers is increasing. For example, a typical user may have a business account with a business service that provides business services for the user's business. The service provider of the business service may provide the same business service or similar business services to a number of users. The business service provider may be SAP AG of Walldorf, Germany, for example, or a different service provider. A typical user may also have one or more e-mail accounts with various e-mail service providers, one or more on-line banking accounts for banking services that are provided by the financial institutions that the user does banking with, a gaming account for gaming service provided by a gaming service provider that provides on-line games, an account for accessing services provided by a user's employer, and the like. Each account for each service provided by each service provider typically requires a user to enter a user identification (ID) and a password on a login webpage to access the account for the service. A login webpage on a computer device is one example user interface typically provided by a service and is often an integral part of the service. Users who have multiple accounts with various services typically have to remember multiple user IDs and multiple passwords for the users' accounts. Remembering a number of user IDs and passwords is often a burden on users. Thus, users often re-use passwords and/or choose simple passwords, which threatens security.
FIGS. 1 and 2 are simplified images of an example login webpage that may be displayed on a computer device that a user may use to access an account for a service, which may be offered via the Internet or another network. The login webpage may prompt the user to enter a user ID and a password. See FIG. 1. A user would typically enter her user ID and her password via a keyboard of the computer device. See FIG. 2. If the computer device successfully logs into an account for a service, the service (e.g., via a server) will typically serve a webpage to the computer device indicating that the computer device has successfully logged into the account. FIG. 3 is a simplified image of a webpage that indicates that the computer device has successfully logged into the user's account for the service.
In addition to problems with users not remembering user IDs and passwords for the users' numerous accounts, users and service providers face problems associated with user IDs and passwords being stolen and a fraudulent user gaining access to users' accounts. One relatively recent solution for providing improved security for users' logging into the users' accounts includes “identity providers” that authenticate the identity of a user to the user's accounts on the Internet or the like. Authentication information for a user may include the user's login credentials, which may include the user's user ID and password for the user's account. Via an identity-provider account, the user does not use her computer device to enter the user's user ID and password on the login webpage for the user's account. The user may enter a user ID on the login webpage for the user's account where the user ID uniquely identifies the user to the identity provider, which thereafter authenticates the user's identity for the user's account and logs the user's computer device into the user's account. The user may have an identity-provider account with the identity provider and may use her computer device to login to the identity-provider account with the identity provider to manage the user's user ID and user password for the identity-provider account and connections to the user's other user accounts (e.g., business accounts, banking accounts, gaming accounts, etc.). While the foregoing describes one process by which an identity provider may provide for a user to log her computer device into a user account, similar processes are provided by other identity providers.
As briefly described above, by using an identity-provider account with an identity provider, a user does not have to enter her user ID and password into a login webpage for logging into her user accounts, but enters a user ID that is shared by the account provider with identity provider, which authenticates the user to the account provider for login. Via the use of an identity-provider account, a user is provided with one less opportunity for her user IDs and passwords for her user accounts to be stolen. Identity providers may offer identity-provider accounts that conform to a variety of standards, such as the OpenID® standard provided by the OpenID® Foundation. While identity providers provide for reduced opportunity for having user IDs and passwords stolen, if a user's user ID and password for the user's identity-provider account is stolen, a user's identity on the Internet or other network may still be compromised.
Therefore, new computerized methods and new computer systems are needed to provide additional layers of security for users to log their computer devices into their user accounts via the Internet, an intranet, or the like. Embodiments of the present invention solves these problems as well as other problems by providing a computer-implemented method for mobile authentication and a corresponding computer system configured to execute the computer-implemented method for mobile authentication.