Abstract: A system for authorizing respective initiation of a plurality of remote services by or for mobile device users. The system comprises a processor, and storage devices, at an authorization service (AS). A storage device stores public key portions of authentication tokens for mobile device users and remote service identifiers. Stored program code executable by the AS processor receives only public key portions of authentication tokens created on mobile devices. For actions to initiate a remote service, the program code is for receiving a remote service identifier and challenge information from a remote service server, transmitting at least a portion of the challenge information to a user's mobile device, receiving messages from the user's mobile device, validating at least one of the received messages using the stored public key portion of the authentication token for the user, and if validated, initiating the remote service.

Abstract: A system for authorizing respective initiation of a plurality of remote services by or for mobile device users. The system comprises a processor, and storage devices, at an authorization service (AS). A storage device stores public key portions of authentication tokens for mobile device users and remote service identifiers. Stored program code executable by the AS processor receives only public key portions of authentication tokens created on mobile devices. For actions to initiate a remote service, the program code is for receiving a remote service identifier and challenge information from a remote service server, transmitting at least a portion of the challenge information to a user's mobile device, receiving messages from the user's mobile device, validating at least one of the received messages using the stored public key portion of the authentication token for the user, and if validated, initiating the remote service.