System and Method for Using a Separate Device to Facilitate Authentication

1. A method comprising: receiving, by a server comprising a processor, a request from a mobile communication device of a user to allow user access to an application program of a separate device, wherein the request is received by way of a first network; determining, by the server, credentials associated with the request; determining, by the server, that one of the user, the mobile communication device or both is authorized to access the application program based on the credentials; determining, by the server, a token in response to the determining that the one of the user, the mobile communication device or both is authorized to access the application program; forwarding, by the server, the token to the separate device by way of a second network, to obtain a separate device token, and forwarding, by the server, the token to the mobile communication device by way of the first network to obtain a mobile communication device token, wherein the mobile communication device forwards the mobile communication device token to the separate device by way of a third network; determining, by the server, a result of a comparison between the separate device token and the mobile communication device token; confirming, by the server, that the mobile communication device token was received at the separate device, based on the result of the comparison indicating a match between the mobile communication device token and the separate device token; and authorizing, by the server, access to the application program of the separate device in response to the confirming that the mobile device token was received at the separate device.

2. The method of claim 1 , wherein the first network comprises a cellular mobile network and wherein the third network comprises a proximity network comprising one of a near field communications protocol, a mobile personal area network protocol, a Bluetooth personal area network protocol, or a wireless local area network protocol.

3. The method of claim 1 , further comprising determining, by the server, a valid encryption key in response to the confirming that the mobile device token was received at the separate device, wherein the authorizing of the access to the application program is in response to the determining of the valid encryption key and the confirming that the mobile device token was received at the separate device, and wherein the valid encryption key is unknown by the mobile communication device and the separate device, and wherein the valid encryption key is unknown by the server before the receiving of the request from the mobile communications device.

4. The method of claim 3 , wherein the determining of the valid encryption key is based on an execution of a plurality of agent modules on a plurality of processors to obtain a plurality of cryptographic materials that when combined determine the valid encryption key.

5. The method of claim 4 , wherein the executing of the plurality of agent modules comprises determining that one or more of the mobile communication device, the separate device and the server is in a safe state, wherein the plurality of cryptographic materials that when combined determine the valid encryption key responsive to the determining that the one or more of the mobile communication device, the separate device and the server is in the safe state.

6. The method of claim 5 , wherein the determining that the one or more of the mobile communication device, the separate device and the server is in a safe state based on a predetermined state of the one or more of the mobile communication device, the separate device and the server.

7. The method of claim 3 , further comprising forwarding the valid encryption key to the separate device, wherein the valid encryption key is used to encrypt one of data related to the application program or communications between the separate device and one of the mobile communication device, the server or both.

8. A system comprising: a server comprising a processor; and a memory that stores executable instructions that when executed by the processor, facilitate performance of operations comprising: receiving, by way of a first network, a request from a mobile communication device of a user to provide user access to an application program of a another device; determining credentials associated with the request; determining that one or more of the user and the mobile communication device is authorized to access the application program based on the credentials; determining a token in response to the determining that the one or more of the user and the mobile communication device is authorized to access the application program; forwarding the token to the another device by way of a second network, to obtain another device token, and forwarding the token to the mobile communication device by way of the first network to obtain a mobile communication device token, wherein the mobile communication device forwards the mobile communication device token to the another device by way of a third network; determining, by the server, a result of a comparison between the another device token and the mobile communication device token; confirming that the token was received at the mobile communication device, based on the result of the comparison indicating a match between the mobile communication device token and the another device token; and authorizing access to the application program of the another device in response to the confirming that the mobile device token was received at the another device.

9. The system of claim 8 , wherein the first network comprises a cellular mobile network and wherein the third network comprises a proximity network comprising one of a near field communications protocol, a mobile personal area network protocol or a wireless local area network protocol.

10. The system of claim 8 , further comprising identifying a valid encryption key determined in response to the confirming that the mobile device token was received at the another device, wherein the authorizing of the access to the application program is in response to the determining of the valid encryption key and the confirming that the mobile device token was received at the another device, and wherein the valid encryption key is unknown by the mobile communication device and the another device, and wherein the valid encryption key is unknown by the server before the receiving of the request from the mobile communications device.

11. The system of claim 10 , wherein the identifying of the valid encryption key comprises determining the valid encryption key based on an execution of a plurality of agent modules on a plurality of processors to obtain a plurality of cryptographic materials that when combined determine the valid encryption key.

12. The system of claim 11 , wherein the executing of the plurality of agent modules comprises determining that one or more of the mobile communication device, the another device and the server is in a safe state, wherein the plurality of cryptographic materials that when combined determine the valid encryption key responsive to the determining that the one or more of the mobile communication device, the another device and the server is in the safe state.

13. The system of claim 12 , wherein the determining that the one or more of the mobile communication device, the another device and the server is in a safe state based on a predetermined state of the one or more of the mobile communication device, the another device and the server.

14. A non-transitory machine-readable storage medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising: receiving a request from a first device of a user, by way of a first wireless network, to access information content of a second device; determining authorization credentials of one or more of the first device and the user, responsive to the request; determining that the one or more of first device and the user is authorized to access the information content according to authorization credentials; determining a token in response to the determining that the one or more of the first device and the user is authorized to access the information content; forwarding the token to the second device by way of a second wireless network, to obtain a second device token, and forwarding the token to the first device by way of the first network to obtain a first device token, wherein the first device forwards the first device token to the second device by way of a third network; determining a result of a comparison between the second device token and the first device token; confirming that the token was received at the first device based on the result of the comparison indicating a match between the first device token and the second device token; and authorizing access to the information content of the second device in response to confirming that the token was received at the first device.

15. The non-transitory machine-readable storage medium of claim 14 , further comprising identifying a valid encryption key determined in response to the confirming that the first device token was received at the second device, wherein the authorizing of the access to the information content is in response to the determining of the valid encryption key and the confirming that the first device token was received at the second device, and wherein the valid encryption key is unknown by the first device and the second device.

16. The non-transitory machine-readable storage medium of claim 15 , wherein the identifying of the valid encryption key comprises determining the valid encryption key based on an execution of a plurality of agent modules on a plurality of processors to obtain a plurality of cryptographic materials that when combined determine the valid encryption key.

17. The method of claim 5 , further comprising: identifying, by the server, the plurality of agent modules; installing, by the server, the plurality of agent modules on one or more of the mobile communication device, the separate device or the server; and executing, by the server, the plurality of agent modules on the one or more of the mobile communication device, a separate device or the server.

18. The method of claim 5 , further comprising accessing, by the server, a configuration file that specifies the plurality of agent modules and a plurality of conditions identifying the safe state.

19. The method of claim 17 , wherein the identifying of the plurality of agent modules, the installing of the plurality of agent modules, and the executing of the plurality of agent modules are responsive to the receiving of the request.

20. The method of claim 18 , further comprising: encrypting, by the server, the token based on the valid encryption key; transferring, by the server, the valid encryption key to one or more of the mobile communication device, the separate device or the server, wherein a successful decryption of the token on the one or more of the mobile communication device, the separate device or the server based on the valid encryption key indicates that a system of one or more of the mobile communication device, the separate device and the server is in a safe state according to a predetermined safe state of a network definition file.