System and method of notifying mobile devices to complete transactions

US 10,129,250 B2
Filed: 05/04/2018
Issued: 11/13/2018
Est. Priority Date: 03/03/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method of multi-factor authentication of a digital transaction, the method comprising:

prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction;

at a third-party service provider;

receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;

authenticating the initiator based on the user authentication credentials;

in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service;

preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service;

at the remote authentication service comprising the multi-factor authentication API server;

receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;

using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service;

using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account;

in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;

decrypting the transaction request data only at the registered mobile user device;

receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;

returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider;

completing the digital transaction or denying the digital transaction based on the authentication response data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.

Citations

16 Claims

1. A method of multi-factor authentication of a digital transaction, the method comprising:
- prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction;
  
  at a third-party service provider;
  
  receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
  
  authenticating the initiator based on the user authentication credentials;
  
  in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service;
  
  preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service;
  
  at the remote authentication service comprising the multi-factor authentication API server;
  
  receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
  
  using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service;
  
  using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account;
  
  in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;
  
  decrypting the transaction request data only at the registered mobile user device;
  
  receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;
  
  returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider;
  
  completing the digital transaction or denying the digital transaction based on the authentication response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further at the third-party service provider:
    - in response to receiving the authentication response data, transmitting a response to the transaction request from the third-party service provider to an electronic initiator device distinct from the registered mobile device of the user to the initiator.
  - 3. The method of claim 1, whereinthe multi-factor authentication API server comprises an Internet-accessible server hosted on a distributed computing system.
  - 4. The method of claim 1, whereinthe digital transaction is initiated in an online environment over one or more communication networks.
  - 5. The method of claim 1, whereinif the third-party service provider denies the digital transaction based on the authentication response data, dynamically altering increasing authentication requirements of a multi-factor authentication policy.
  - 6. The method of claim 1, whereinthe persistent connection is provided via a push notification service of the mobile user device.
  - 7. The method of claim 1, further comprising:
    - tracking the mobile user device;
      
      identifying a change in an IP address of the mobile user device when the mobile user device moves from a first network to a second network;
      
      initiating a second persistent connection between the remote multi-factor authentication service and the mobile user device;
      
      updating a state of the mobile user device at the multi-factor authentication account at the remote multi-factor authentication service; and
      
      messaging between the mobile user device and the multi-factor authentication service using the second persistent connection.
  - 8. The method of claim 1, whereinif the user of the mobile user device a denial input denying the transaction request, additionally receiving at the remote multi-factor authentication service a selection input of one of a plurality of available denial responses identifying a reason for the denial input.
  - 9. The method of claim 1, whereincompleting the digital transaction includes if the authentication response from the mobile user device comprises confirmation input that confirms the transaction request, communication to the initiating user device a confirmation of the transaction request to the initiator.
  - 10. The method of claim 1, whereindenying the digital transaction includes if the authentication response from the mobile user device comprises denial input that denies the transaction request, communication to the initiating user device a denial of the transaction request to the initiator.
  - 11. The method of claim 1, whereinthe transaction request comprises a request to access a digital account maintained by the third-party service provider.
  - 12. The method of claim 1, whereinthe transaction request comprises a request to access a digital account through a website.
  - 13. The method of claim 1, whereinthe transaction request comprises a permission request to perform an action on a computer system.
  - 14. The method of claim 1, whereinthe persistent connection comprises a persistent TCP/IP connection between the remote multi-factor authentication service and the mobile device of the user.
  - 15. The method of claim 1, whereinthe authentication message comprises a size-limited message to the mobile user device including a unique identifier of a full message that is larger than the size-limited message, andthe authentication response is received via the full message.

16. A method of multi-factor authentication of a digital transaction, the method comprising:
- prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction;
  
  at a third-party service provider;
  
  receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
  
  authenticating the initiator based on the user authentication credentials;
  
  in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service;
  
  at the remote authentication service comprising the multi-factor authentication API server;
  
  receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
  
  using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service;
  
  using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account;
  
  in response to identifying the registered mobile user device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;
  
  tracking the registered mobile user device;
  
  identifying a change in an IP address of the registered mobile user device when the registered mobile user device moves from a first network to a second network;
  
  initiating a second persistent connection between the remote multi-factor authentication service and the registered mobile user device;
  
  updating a state of the registered mobile user device at the multi-factor authentication account at the remote multi-factor authentication service; and
  
  messaging between the registered mobile user device and the remote authentication service using the second persistent connection;
  
  receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;
  
  returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider;
  
  completing the digital transaction or denying the digital transaction based on the authentication response data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas, Goodman, Adam
Primary Examiner(s)
Schmidt, Karl L

Application Number

US15/971,193
Publication Number

US 20180255054A1
Time in Patent Office

193 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/32   including means for verifyi...

H04L 9/321   involving a third party or ...

H04W 12/06   Authentication

H04W 12/08   Access security

System and method of notifying mobile devices to complete transactions

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of notifying mobile devices to complete transactions

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links