END-USER AUTHENTICATION INDEPENDENT OF NETWORK SERVICE PROVIDER

摘要

A system and method for verifying the identity of an end-user. The end-user requests to access an external application. The external application sends an authentication request to an authentication server, which generates a random token. The generated token is transmitted to the end-user. The end-user enters the generated token and a personal identification number into a cellular terminal connected to a GSM network. At least the token is encrypted using a secret key stored within the cellular terminal and transmitted through the GSM network to an authentication gateway. The token is decrypted by the authentication gateway using either the same secret key or a key matched to the secret key. The token is then transmitted to the authentication server where the received key is compared to the generated key. The results of the comparison are transmitted to the external application.