Transaction Verification Through Enhanced Authentication

US 20170214531A1
Filed: 05/19/2016
Published: 07/27/2017
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

a non-transitory memory storing instructions; and

one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;

receiving an application programming interface (API) request from a client;

detecting a change associated with the API request as compared to a prior use of the API by the client;

generating an encrypted challenge to authenticate the API request based on detecting the change; and

issuing the encrypted challenge to the client to authenticate the API request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products for providing transaction verification through enhanced authentication are provided. A method performed by a computer system may include receiving an application programming interface (API) request from a client, detecting a change associated with the API request as compared to a prior use of the API by the client, generating an encrypted challenge to authenticate the API request based on detecting the change, and issuing the encrypted challenge to the client to authenticate the API request.

Citations

20 Claims

1. A computer system, comprising:
- a non-transitory memory storing instructions; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  receiving an application programming interface (API) request from a client;
  
  detecting a change associated with the API request as compared to a prior use of the API by the client;
  
  generating an encrypted challenge to authenticate the API request based on detecting the change; and
  
  issuing the encrypted challenge to the client to authenticate the API request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein the encrypted challenge is encrypted using a key received prior to the API request from a party authorized to use the API.
  - 3. The computer system of claim 1, wherein the encrypted challenge is an additional challenge issued to the client.
  - 4. The computer system of claim 1, wherein the detecting is based on determining that information known about an authorized user associated with the API request differs from information associated with the client.
  - 5. The computer system of claim 1, wherein the operations further comprise:
    - processing the API request based on a result of issuing the encrypted challenge to the client.
  - 6. The computer system of claim 1, wherein the change is detected based on a change in use of the API by the client when compared to the prior use of the API by the client.
  - 7. The computer system of claim 1, wherein the change is detected based on a deviation from a baseline pattern of activity associated with the API.

8. A computer-implemented method, comprising:
- receiving, by one or more processing devices, an application programming interface (API) request from a client;
  
  detecting, by one or more of the processing devices, a change associated with the API request as compared to a prior use of the API by the client;
  
  generating, by one or more of the processing devices, an encrypted challenge to authenticate the API request based on detecting the change; and
  
  issuing, by one or more of the processing devices, the encrypted challenge to the client to authenticate the API request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, wherein the encrypted challenge is encrypted using a key received prior to the API request from a party authorized to use the API.
  - 10. The computer-implemented method of claim 8, wherein the encrypted challenge is an additional challenge issued to the client.
  - 11. The computer-implemented method of claim 8, wherein the detecting comprises determining that information known about an authorized user associated with the API request differs from information associated with the client.
  - 12. The computer-implemented method of claim 8, further comprising:
    - processing the API request based on a result of issuing the encrypted challenge to the client.
  - 13. The computer-implemented method of claim 8, wherein the change is detected based on a change in behavior of the client when compared to the prior use of the API by the client.
  - 14. The computer-implemented method of claim 8, wherein the change is detected based on a deviation from a baseline pattern of activity associated with the API.

15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- receiving an application programming interface (API) request from a client;
  
  detecting a change associated with the API request as compared to a prior use of the API by the client;
  
  generating an encrypted challenge to authenticate the API request based on detecting the change; and
  
  issuing the encrypted challenge to the client to authenticate the API request.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the encrypted challenge is encrypted using a key received prior to the API request from a party authorized to use the API.
  - 17. The non-transitory machine-readable medium of claim 15, wherein the encrypted challenge is an additional challenge issued to the client.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the detecting comprises determining that information known about an authorized user associated with the API request differs from information associated with the client.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the operations further comprise:
    - processing the API request based on a result of issuing the encrypted challenge to the client.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the change is detected based on a change in use of the API by the client when compared to the prior use of the API by the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Wardman, Bradley, Sugihara, Kevin

Granted Patent

US 11,075,767 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/10   for controlling access to d...

H04L 63/1466   Active attacks involving in...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3271   using challenge-response

Transaction Verification Through Enhanced Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction Verification Through Enhanced Authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links