System and method of notifying mobile devices to complete transactions
First Claim
Patent Images
1. A method of multi-factor authentication of a digital transaction, the method comprising:
- prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction;
at a third-party service provider;
receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
authenticating the initiator based on the user authentication credentials;
in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service;
preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service;
at the remote authentication service comprising the multi-factor authentication API server;
receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service;
using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account;
in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;
decrypting the transaction request data only at the registered mobile user device;
receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;
returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider;
completing the digital transaction or denying the digital transaction based on the authentication response data.
4 Assignments
0 Petitions
Accused Products
Abstract
A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.
-
Citations
16 Claims
-
1. A method of multi-factor authentication of a digital transaction, the method comprising:
-
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; at a third-party service provider; receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider; authenticating the initiator based on the user authentication credentials; in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service; preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service; at the remote authentication service comprising the multi-factor authentication API server; receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account; in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request; decrypting the transaction request data only at the registered mobile user device; receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input; returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider; completing the digital transaction or denying the digital transaction based on the authentication response data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of multi-factor authentication of a digital transaction, the method comprising:
-
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; at a third-party service provider; receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider; authenticating the initiator based on the user authentication credentials; in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service; at the remote authentication service comprising the multi-factor authentication API server; receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account; in response to identifying the registered mobile user device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request; tracking the registered mobile user device; identifying a change in an IP address of the registered mobile user device when the registered mobile user device moves from a first network to a second network; initiating a second persistent connection between the remote multi-factor authentication service and the registered mobile user device; updating a state of the registered mobile user device at the multi-factor authentication account at the remote multi-factor authentication service; and messaging between the registered mobile user device and the remote authentication service using the second persistent connection; receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input; returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider; completing the digital transaction or denying the digital transaction based on the authentication response data.
-
Specification