Abstract: Techniques are disclosed for authenticating users accessing computing applications, e.g., applications hosted in a cloud environment accessed using a variety of computing systems. As disclosed, an authentication process is performed using a certificate and private key installed on a mobile device and a nonce generated on the server. To authenticate a user, a server generates a nonce, encrypts the nonce with a public key associated with the user, and encodes the encrypted nonce in a barcode graphic (e.g., a QR code). The resulting barcode graphic is displayed to the user, and a mobile device scans the barcode graphic to recover the encrypted nonce. The encrypted nonce is decrypted using a private key stored on the mobile device. The clear text nonce is then displayed on the screen of the mobile device and used as a one-time password (OTP) for authentication.

Abstract: Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.

Abstract: Techniques are disclosed for authenticating users accessing computing applications, e.g., applications hosted in a cloud environment accessed using a variety of computing systems. As disclosed, an authentication process is performed using a certificate and private key installed on a mobile device and a nonce generated on the server. To authenticate a user, a server generates a nonce, encrypts the nonce with a public key associated with the user, and encodes the encrypted nonce in a barcode graphic (e.g., a QR code). The resulting barcode graphic is displayed to the user, and a mobile device scans the barcode graphic to recover the encrypted nonce. The encrypted nonce is decrypted using a private key stored on the mobile device. The clear text nonce is then displayed on the screen of the mobile device and used as a one-time password (OTP) for authentication.

Abstract: Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.

Abstract: A computer-implemented method for transferring authentication credentials may include 1) identifying a request to receive an authentication credential that is stored on a first computing device onto a second computing device, 2) identifying an asymmetric key pair on the second computing device, 3) generating an identifier of the asymmetric key pair on the second computing device, 4) transmitting an encryption key of the asymmetric key pair and the identifier of the asymmetric key pair to a credential repository, 5) displaying the identifier of the asymmetric key pair to facilitate retrieval of the authentication credential from the credential repository based on the identifier, and 6) retrieving the authentication credential, encrypted with the encryption key of the asymmetric key pair, from the credential repository. Various other methods and systems are also disclosed.