MOBILE DEVICE AUTHENTICATION IN HETEROGENEOUS COMMUNICATION NETWORKS SCENARIO

摘要

A method for authenticating a user of a communication device (120) accessing an online service (105) is proposed. The online service is accessible over a data network (133) and is provided through a service platform (115). The communication device is connected to a mobile phone network (125) and to the data network. The communication device comprises an interface software application (205) adapted to interact with the service platform through the data network for the fruition of the online service, and a messaging function (210) adapted to send messages (245) through the mobile phone network (125). A user-side authentication application (215) is provided at the communication device (120), a provider-side authentication application (225) is provided at the service platform (115), and an authentication control function (220) is provided in communication relationship with the provider-side authentication application (225) and with the mobile phone network. The method comprises generating (310; 410), by means of the user-side authentication application, a digital token (245) at the communication device, generating (310; 410), by means of the user-side authentication application, a message (250;251), including the digital token, at the communication device, sending (315; 415), by means of the messaging function, the message from the communication device to the authentication control function connected to the mobile phone network, generating (310; 410), by means of the user-side authentication application, a resource code (260) at the communication device including the digital token and identifying the online service for which access is requested at the service platform, sending (330; 420), by means of the interface software application, the resource code from the communication device to the service platform via the data network for the user authentication, extracting, by means of the provider-side authentication application, the digital token from the resource code received at the service platform,generating, by means of the provider-side authentication application, at least one authentication request message (265) comprising the received digital token at the service platform, sending (340; 425), by means of the provider-side authentication application, the authentication request message from the service platform to the authentication control function via a high-security communication link (240), extracting (325; 435), at the authentication control function, the digital token comprised in the message sent from the communication device via the mobile phone network and forwarded to the authentication control function, extracting (345; 430), at the authentication control function, the digital token from the authentication request message sent from the service platform to the authentication control function, comparing (345; 430), at the authentication control function, the digital tokens received from the communication device and from the service platform at the authentication control function, and sending (350; 445) a successful authentication message (275) from the authentication control function to the service platform indicating a successful user authentication in case the two digital tokens match, whereby the service platform grants to the user access to the online service. Corresponding mobile device (120), authentication control function (220), and service platform (115) for implementing the authentication method are also proposed.