System and method of notifying mobile devices to complete transactions after additional agent verification

US 10,445,732 B2
Filed: 11/18/2016
Issued: 10/15/2019
Est. Priority Date: 03/03/2010
Status: Active Grant

First Claim

Patent Images

1. An online method of multi-factor authentication of a digital transaction, the method comprising:

prior to initiating a digital transaction, registering a multi-factor authentication application of a mobile user device of a user in association with a multi-factor authentication account of the user hosted at a remote authentication service for performing a second factor of authentication for the digital transaction;

at a third-party service provider;

receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;

authenticating the initiator based on the user authentication credentials;

in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the third-party service provider;

at the remote authentication service comprising the multi-factor authentication API server;

receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;

using the multi-factor authentication account identification data to identify the multi-factor authentication account hosted with and maintained by the remote authentication service;

using the multi-factor authentication account to identify the multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account;

in response to identifying the multi-factor authentication application of the mobile user device, pushing an authentication message via a persistent connection from the multi-factor authentication API to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;

at the multi-factor authentication application, displaying the authentication message on the mobile user device, wherein displaying the authentication message comprises displaying a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device;

at the multi-factor authentication application, performing the second factor of authentication by verifying, locally and with an operating system of the mobile user device, that the biometric scan is associated with an authorized user of the mobile user device;

receiving, from the multi-factor authentication application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;

returning to the third-party service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and

completing the digital transaction or denying the digital transaction based on the authentication response data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.

239 Citations

13 Claims

1. An online method of multi-factor authentication of a digital transaction, the method comprising:
- prior to initiating a digital transaction, registering a multi-factor authentication application of a mobile user device of a user in association with a multi-factor authentication account of the user hosted at a remote authentication service for performing a second factor of authentication for the digital transaction;
  
  at a third-party service provider;
  
  receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
  
  authenticating the initiator based on the user authentication credentials;
  
  in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the third-party service provider;
  
  at the remote authentication service comprising the multi-factor authentication API server;
  
  receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
  
  using the multi-factor authentication account identification data to identify the multi-factor authentication account hosted with and maintained by the remote authentication service;
  
  using the multi-factor authentication account to identify the multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account;
  
  in response to identifying the multi-factor authentication application of the mobile user device, pushing an authentication message via a persistent connection from the multi-factor authentication API to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;
  
  at the multi-factor authentication application, displaying the authentication message on the mobile user device, wherein displaying the authentication message comprises displaying a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device;
  
  at the multi-factor authentication application, performing the second factor of authentication by verifying, locally and with an operating system of the mobile user device, that the biometric scan is associated with an authorized user of the mobile user device;
  
  receiving, from the multi-factor authentication application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input;
  
  returning to the third-party service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and
  
  completing the digital transaction or denying the digital transaction based on the authentication response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the authentication message includes a selectable option that allows an additional authentication to be performed by verifying, locally and with the operating system, a numerical passcode submitted by the authority agent;
    - selecting the selectable option; and
      
      performing the additional authentication based on a receipt of the numerical passcode.
  - 3. The method of claim 1,wherein the authentication message directs the authority agent to perform the biometric scan only after the multi-factor authentication application receives a preliminary approval of the transaction request from the user.
  - 4. The method of claim 1, further comprising prompting the user to approve or not to approve the transaction request by providing via the multi-factor authentication application an input to approve or an input not to approve the transaction request after performing the biometric scan.
  - 5. The method of claim 1, further comprising:
    - detecting, at the remote authentication service, that the third-party service provider is associated with a security-sensitive application, wherein the security-sensitive application is an application designated by the third-party service provider as requiring additional authentication for an associated digital transaction; and
      
      , in response to detecting that the third-party service provider is associated with the security-sensitive application, automatically implementing an authentication policy that specifies that the performing of the biometric data input scan must be performed to complete the digital transaction.
  - 6. The method of claim 5, wherein detecting, at the remote authentication service, that the third-party service provider is associated with the security-sensitive application comprises analyzing an identifier of the third-party service provider with regard to a list of security-sensitive applications maintained at the remote authentication service.
  - 7. The method of claim 1, further comprising detecting, at the remote authentication service, that the user comprises a security-sensitive user;
    - and, in response to detecting that the user comprises the security-sensitive user, automatically implementing an authentication policy that specifies that the performance of the biometric data input must be performed to complete the digital transaction, wherein a security-sensitive user relates to any user that the remote authentication service designates as needing additional user authentication for completing digital transactions.
  - 8. The method of claim 1, further comprising:
    - determining a likelihood that the transaction request comprises a suspicious transaction based on the data associated with the transaction request; and
      
      detecting, at the remote authentication service, that the transaction request comprises a suspicious transaction request, wherein detecting that the transaction request comprises the suspicious transaction includes determining a likelihood that the transaction request was not initiated by the user associated with the registered mobile device;
      
      wherein directing the user to perform the biometric data input comprises directing the user to perform the biometric data input only in response to detecting suspicious transaction requests.
  - 9. The method of claim 8, wherein detecting that the transaction request comprises the suspicious transaction request comprises receiving indication from the third-party service provider that the transaction request is suspicious.
  - 10. The method of claim 8, wherein detecting that the transaction request comprises the suspicious transaction request comprises detecting that the transaction request is suspicious based on historical transaction request data stored at the remote authentication service.
  - 11. The method of claim 1, upon receipt of the transaction request at the service provider, performing by the service provider an initial authentication of an initiator of the transaction request and only a subsequent authentication of the transaction request is performed by the remote authentication platform, the subsequent authentication comprising a biometric authentication for receiving the biometric input.
  - 12. The method of claim 1, further comprising:
    - preventing the remote authentication service from inspecting one or more features of the transaction request from the third-party service provider, wherein the preventing includes encrypting the transaction request at the third-party service provider prior to transmitting the transaction request to the remote authentication service; and
      
      decrypting the transaction request only at the multi-factor authentication application of the mobile user device.

13. A method of multi-factor authentication of a digital transaction, the method comprising:
- prior to initiating a digital transaction, registering a multi-factor authentication application of a mobile user device of a user in association with a multi-factor authentication account at a remote authentication service for performing a second factor of authentication for the digital transaction;
  
  at a third-party service provider;
  
  receiving a transaction request from an initiator for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
  
  authenticating the initiator based on the user authentication credentials;
  
  in response to a successful authentication of the initiator, transmitting, via one or more networks, transaction request data associated with the transaction request to the remote authentication service;
  
  at the remote authentication service;
  
  receiving, via the one or more networks, the transaction request data from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
  
  using the multi-factor authentication account identification data to identify the multi-factor authentication account of the user that is maintained by the remote authentication service;
  
  using the multi-factor authentication account to identify the multi-factor authentication application hosted on the mobile user device that is registered in association with the multi-factor authentication account;
  
  in response to identifying the multi-factor authentication application associated with the multi-factor authentication account, transmitting from the remote authentication service an authentication message to the multi-factor authentication application, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request;
  
  at the multi-factor authentication application, displaying the authentication message on the mobile user device, wherein displaying the authentication message comprises displaying a prompt directing the user of the mobile user device to perform a fingerprint scan at a fingerprint scanner of the mobile user device;
  
  at the multi-factor authentication application, performing the second factor of authentication by verifying, locally and with an operating system of the mobile user device, that the fingerprint scan is associated with an authorized user of the mobile user device;
  
  receiving, from the registered mobile device, an authentication response to the authentication message, the authentication response comprising data of the confirmation input or data of the denial input;
  
  transmitting, via the one or more networks, authentication response data relating to the authentication response to the third-party service provider; and
  
  completing the digital transaction or denying the digital transaction based on the authentication response data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Abduljaber, Omar, Zhu, Boyang
Primary Examiner(s)
Borlinghaus, Jason

Application Number

US15/355,377
Publication Number

US 20170068958A1
Time in Patent Office

1,061 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/32   using wireless devices

G06Q 20/326   Payment applications instal...

G06Q 20/401   Transaction verification

G06Q 20/40145   Biometric identity checks

G06Q 20/425   using two different network...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04W 12/06   Authentication

System and method of notifying mobile devices to complete transactions after additional agent verification

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of notifying mobile devices to complete transactions after additional agent verification

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links