×

System and method of notifying mobile devices to complete transactions

  • US 10,129,250 B2
  • Filed: 05/04/2018
  • Issued: 11/13/2018
  • Est. Priority Date: 03/03/2010
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of multi-factor authentication of a digital transaction, the method comprising:

  • prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction;

    at a third-party service provider;

    receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;

    authenticating the initiator based on the user authentication credentials;

    in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service;

    preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service;

    at the remote authentication service comprising the multi-factor authentication API server;

    receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;

    using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service;

    using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account;

    in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;

    decrypting the transaction request data only at the registered mobile user device;

    receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;

    returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider;

    completing the digital transaction or denying the digital transaction based on the authentication response data.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×