System and method of notifying mobile devices to complete transactions after additional agent verification
First Claim
1. A method of multi-factor authentication of a digital transaction, the method comprising:
- at a service provider;
receiving a transaction request from an initiator using an initiating user device distinct from a registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the service provider;
authenticating the initiator based on the user authentication credentials;
at a remote authentication service comprising a multi-factor authentication API server;
receiving an API request from the service provider, the API request comprising an authentication request and transaction request data associated with the transaction request to the service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
identifying a multi-factor authentication account hosted with and maintained by the remote authentication service based on the API request;
using the multi-factor authentication account to identify a multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account;
in response to identifying the multi-factor authentication application of the mobile user device, providing an authentication message to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device;
at the multi-factor authentication application, performing a second factor of authentication by verifying, locally and with an operating system of the mobile user device, that biometric scan data is associated with an authorized user of the mobile user device;
returning to service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and
completing the digital transaction or denying the digital transaction based on the authentication response data.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
-
Citations
13 Claims
-
1. A method of multi-factor authentication of a digital transaction, the method comprising:
-
at a service provider; receiving a transaction request from an initiator using an initiating user device distinct from a registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the service provider; authenticating the initiator based on the user authentication credentials; at a remote authentication service comprising a multi-factor authentication API server; receiving an API request from the service provider, the API request comprising an authentication request and transaction request data associated with the transaction request to the service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; identifying a multi-factor authentication account hosted with and maintained by the remote authentication service based on the API request; using the multi-factor authentication account to identify a multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account; in response to identifying the multi-factor authentication application of the mobile user device, providing an authentication message to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device; at the multi-factor authentication application, performing a second factor of authentication by verifying, locally and with an operating system of the mobile user device, that biometric scan data is associated with an authorized user of the mobile user device; returning to service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and completing the digital transaction or denying the digital transaction based on the authentication response data.
-
-
2. An online method of multi-factor authentication of a transaction, the method comprising:
-
receiving, at a service provider, a transaction request data from an initiator using an initiating user device for initiating a transaction, the transaction request data comprising user authentication credentials for performing a first factor of authentication at the service provider; successfully authenticating the initiator at the service provider based on the transaction request data; responsive to successful authentication of the initiator, receiving at a remote authentication service authentication request data from the service provider; identifying, by the remote authentication service, an authentication service account of an authorized user based on the authentication request data; responsive to identifying the authentication service account, pushing an authentication message to a mobile user device associated with the authentication service account; wherein the authentication message comprises a prompt requesting that a user of the mobile user device provide a biometric scan of at least one biometric feature of the user using a biometric reading device of the mobile user device; receiving, from the mobile user device, an authentication response to the authentication message, the authentication response including one of biometric scan data based on the biometric scan and a denial of the transaction; and completing the transaction or denying the transaction based on the authentication response. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification