Abstract: Disclosed is a method and authentication server for authentication of users requesting access to a restricted data resource from a communication device. Communication between the communication device and the authentication server passes via an access server, and the RADIUS protocol is used for the communication between the authentication server and the access server. After validating password and username entered by a user, the authentication server sends a request to the communication device to enter an authentication device ID. When receiving an entered authentication device ID, the authentication server performs authentication of the user based on a second authentication procedure using the received authentication device ID and when the second authentication procedure is successful, the user is granted access to the restricted data resource. The user can therefore decide which of a plurality of different authentication devices to use.

Abstract: Disclosed is a method performed by an authentication server for authentication of users requesting access to a restricted data resource from a communication device, the authentication server being situated in the restricted data resource. After checking that a username and password received from a communication device matches a stored username and password, the authentication server sends, using the RADIUS protocol, a request to the communication device to enter an approver ID. After receiving an approver ID from the communication device in response to the request, via the RADIUS protocol, the authentication server sends an approval request including user ID to an approver device indicated by the approver ID, and if the approver approves the request, the authentication server receives an accept to the approval request and grants the user access to the restricted data resource.

Abstract: The present invention relates to a system for authentication of an end user of a user station arrangement (10) requesting access to protected information, comprising access server means (20) and authentication means (30), the user station arrangement (10) supporting communication with the authentication means (30) over a first communication channel of a radio network (40). It further supports communication with the authentication means (30) over a second communication channel. The authentication means (30) are adapted to, at reception of a request for access to protected information from a user station arrangement (10), establish if the user station arrangement (10) is reachable over the first communication channel.