| CPC H04L 63/0838 (2013.01) [H04L 63/0435 (2013.01); H04L 63/166 (2013.01); H04W 4/14 (2013.01); H04W 12/0431 (2021.01); H04W 12/069 (2021.01); H04L 2463/082 (2013.01)] | 15 Claims |
|
1. An apparatus comprising at least one processor and at least one non-transitory memory including computer program code instructions, the computer program code instructions configured to, when executed, cause the apparatus to at least:
receive a request for registration for two-factor authentication from a client;
receive a username and password;
provide a request for a mobile device number in response to the username and password corresponding to an account;
receive the mobile device number and a pre-shared key;
send, to a mobile device corresponding to the mobile device number, an identity of the client and a server key share;
receive, from the mobile device, a device key share;
send information corresponding to an exchange with the mobile device and a challenge derived from the pre-shared key to the client in response to the device key share corresponding to the server key share;
receive, from the client, confirmation of registration with the mobile device;
establish a shared key in response to verification of the confirmation;
receive an access request including the username and password;
select a random string;
transmit the random string to the mobile device via short message service (SMS);
receive a one-time password from the mobile device derived from the random string, wherein the one-time password is derived by computing a Media Access Control (MAC) address and truncating the MAC address to obtain the one-time password; and
allow the access request in response to the one-time password corresponding to the random string based on the shared key.
|