User authentication method and device for credentials back-up service to mobile devices

1 . A method comprising: storing back-up credentials data in a back-up services computer; establishing a communication channel between a mobile device and the back-up service computer, said mobile device configured to engage in mobile telecommunications via a mobile telecommunications network, said communication channel constituted at least in part by said mobile telecommunications network; exchanging short-range wireless data communications between an authentication device and the mobile device; entering user authentication data into the mobile device; transmitting the user authentication data from the mobile device to the authentication device; receiving the user authentication data in the authentication device; verifying the received user authentication data in the authentication device; in response to a result of the verifying step, generating a cryptogram in the authentication device; transmitting the cryptogram from the authentication device to the mobile device; receiving the cryptogram in the mobile device; transmitting the cryptogram from the mobile device to the back-up services computer; receiving the cryptogram in the back-up services computer; verifying the cryptogram in the back-up services computer; and in response to a result of the second verifying step, making the stored back-up credentials data accessible to the mobile device. 2 . The method of claim 1 , wherein the back-up services computer is remote from the mobile device. 3 . The method of claim 1 , wherein the mobile device is a smartphone. 4 . The method of claim 1 , wherein the stored back-up credentials data is made accessible to the mobile device by downloading the stored back-up credentials data from the back-up services computer to the mobile device. 5 . The method of claim 1 , wherein the stored back-up credentials data includes payment account credentials. 6 . The method of claim 5 , wherein the payment account credentials include at least one of: (a) a PAN (primary account number); and (b) a payment token. 7 . The method of claim 5 , wherein the payment account credentials include credentials for a plurality of payment accounts. 8 . The method of claim 7 , where the plurality of payment accounts include a first payment account issued by a first account issuer and a second payment account issued by a second account issuer different from the first account issuer. 9 . The method of claim 1 , wherein the user authentication data includes a PIN (personal identification number). 10 . The method of claim 1 , wherein the user authentication data includes user biometric data. 11 . The method of claim 1 , wherein the user biometric data represents a scan of the user's fingerprint. 12 . An authentication device, comprising: a support shaped and sized to be held in a user's hand; a processor supported by the support; a memory supported by the support and in communication with the processor; and a short-range data communication transceiver supported by the support and controlled by the processor; the memory storing program instructions, the processor operative with the program instructions to perform functions as follows: receiving user authentication data via the transceiver from a mobile device in proximity to the authentication device; verifying the received user authentication data; receiving challenge data from the mobile device; in response to a result of the verifying function, generating a cryptogram by digitally signing the challenge data with a cryptographic key; and transmitting the cryptogram via the transceiver to the mobile device. 13 . The authentication device of claim 12 , wherein the received user authentication data includes a PIN (personal identification number). 14 . The authentication device of claim 12 , wherein the received user authentication data includes user biometric data. 15 . The authentication device of claim 14 , wherein the user biometric data represents a scan of the user's fingerprint. 16 . The authentication device of claim 12 , wherein the support is card-shaped. 17 . A method comprising: storing back-up credentials data for a user; establishing a communications channel with a mobile device; receiving a cryptogram and challenge data from the mobile device, the cryptogram relayed by the mobile device from an authentication device that interacted with the mobile device, the authentication device associated with the user, the challenge data randomly or pseudo-randomly generated by the mobile device; verifying the cryptogram by using the challenge data to verify data obtained by decrypting the cryptogram; and in response to a result of the step of verifying the cryptogram, making the stored back-up credentials data accessible to the mobile device. 18 . The method of claim 17 , wherein the communications channel is at least partially constituted by a mobile communications network. 19 . The method of claim 17 , wherein the stored back-up credential data is made accessible to the mobile device by downloading the stored back-up credentials data to the mobile device. 20 . The method of claim 19 , wherein the downloaded back-up credentials data includes credentials for a plurality of payment accounts. 21 . The method of claim 1 , further comprising: prior to said generating step, randomly or pseudo-randomly generating challenge data in the mobile device and transmitting the challenge data to the authentication device; and wherein the step of generating the cryptogram in the authentication device includes digitally signing the challenge data with a cryptographic key.