1. Field
Embodiments of the invention generally relate to techniques for authenticating users in accessing computing applications. More specifically, techniques are disclosed for performing user authentication using a certificate store on a mobile device and using a barcode scanner.
2. Description of the Related Art
Protecting access to computing systems is a well known issue in a broad variety of contexts. For example, it is common for a computing application to require users to provide a username and password. As more computing applications are accessed in a distributed manner, e.g., by accessing applications hosted in a cloud based environments, simple passwords frequently provide inadequate security. That is, passwords suffer from a number of known drawbacks, primarily in that they may be forgotten, guessed, or otherwise disclosed or obtained. For example, users frequently choose insecure passwords that can be broken using a “dictionary” attack.
To improve security, and provide more reliable authentication mechanisms, a variety of cryptographic techniques have been developed. For example, public key infrastructure (PKI) techniques are used to create, distribute, and manage cryptographic keys used to control access to an application. However, PKI approaches are often perceived as being extremely difficult to deploy and use, and this notion has become a deterrent for adopting this technology. Further, the reputation of being very complex to administer and deploy is not unwarranted. PKI provides a number of challenges, particularly for applications that can be accessed from anywhere, e.g., an application deployed on a computing cloud. In such a case, a user may require access to their certificates from different computing devices, but a certificate installed on one computer cannot be used from other devices without copying the private key to each device. This prevents the “on demand from anywhere” access desired for some applications. Installing a certificate (and private key) on a hardware token gives the flexibility to access the certificate store from multiple computers, but the requirements of an available of USB interface and ability to install device drivers on a given machine can limit this flexibility. Further, managing certificate life-cycle is a difficult task because of various combinations of browsers, operating systems, certificate and key stores and device drivers involved (particularly, if hardware tokens are involved).