System and method of notifying mobile devices to complete transactions after additional agent verification

US 10,706,421 B2
Filed: 09/12/2019
Issued: 07/07/2020
Est. Priority Date: 03/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method of multi-factor authentication of a digital transaction, the method comprising:

at a service provider;

receiving a transaction request from an initiator using an initiating user device distinct from a registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the service provider;

authenticating the initiator based on the user authentication credentials;

at a remote authentication service comprising a multi-factor authentication API server;

receiving an API request from the service provider, the API request comprising an authentication request and transaction request data associated with the transaction request to the service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;

identifying a multi-factor authentication account hosted with and maintained by the remote authentication service based on the API request;

using the multi-factor authentication account to identify a multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account;

in response to identifying the multi-factor authentication application of the mobile user device, providing an authentication message to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device;

at the multi-factor authentication application, performing a second factor of authentication by verifying, locally and with an operating system of the mobile user device, that biometric scan data is associated with an authorized user of the mobile user device;

returning to service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and

completing the digital transaction or denying the digital transaction based on the authentication response data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.

468 Citations

13 Claims

1. A method of multi-factor authentication of a digital transaction, the method comprising:
- at a service provider;
  
  receiving a transaction request from an initiator using an initiating user device distinct from a registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the service provider;
  
  authenticating the initiator based on the user authentication credentials;
  
  at a remote authentication service comprising a multi-factor authentication API server;
  
  receiving an API request from the service provider, the API request comprising an authentication request and transaction request data associated with the transaction request to the service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data;
  
  identifying a multi-factor authentication account hosted with and maintained by the remote authentication service based on the API request;
  
  using the multi-factor authentication account to identify a multi-factor authentication application of the mobile user device that is registered in association with the multi-factor authentication account;
  
  in response to identifying the multi-factor authentication application of the mobile user device, providing an authentication message to the multi-factor authentication application hosted on the mobile user device, the authentication message comprising a prompt directing the user of the mobile user device to perform a biometric scan at a biometric scanner of the mobile user device;
  
  at the multi-factor authentication application, performing a second factor of authentication by verifying, locally and with an operating system of the mobile user device, that biometric scan data is associated with an authorized user of the mobile user device;
  
  returning to service provider, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response; and
  
  completing the digital transaction or denying the digital transaction based on the authentication response data.

2. An online method of multi-factor authentication of a transaction, the method comprising:
- receiving, at a service provider, a transaction request data from an initiator using an initiating user device for initiating a transaction, the transaction request data comprising user authentication credentials for performing a first factor of authentication at the service provider;
  
  successfully authenticating the initiator at the service provider based on the transaction request data;
  
  responsive to successful authentication of the initiator, receiving at a remote authentication service authentication request data from the service provider;
  
  identifying, by the remote authentication service, an authentication service account of an authorized user based on the authentication request data;
  
  responsive to identifying the authentication service account, pushing an authentication message to a mobile user device associated with the authentication service account;
  
  wherein the authentication message comprises a prompt requesting that a user of the mobile user device provide a biometric scan of at least one biometric feature of the user using a biometric reading device of the mobile user device;
  
  receiving, from the mobile user device, an authentication response to the authentication message, the authentication response including one of biometric scan data based on the biometric scan and a denial of the transaction; and
  
  completing the transaction or denying the transaction based on the authentication response.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 3. The method of claim 2, wherein the authentication message includes a selectable option that allows an additional authentication to be performed by verifying, locally and with an operating system of the mobile user device, a numerical passcode submitted by the user;
    - selecting the selectable option; and
      
      performing an additional authentication based on a receipt of the numerical passcode.
  - 4. The method of claim 2, wherein the authentication message directs the user of the mobile user device to perform the biometric scan only after a multi-factor authentication application hosted on the mobile user device receives a preliminary approval of the transaction request from the user.
  - 5. The method of claim 2, further comprising:
    - prompting the user to approve or not to approve the transaction request by providing via a multi-factor authentication application hosted on the mobile user device an input to approve or an input not to approve the transaction request after performing the biometric scan.
  - 6. The method of claim 2, further comprising:
    - detecting, at the remote authentication service, that the service provider is associated with a security-sensitive application, wherein the security-sensitive application is an application designated by the service provider as requiring additional authentication for an associated transaction;
      
      and, in response to detecting that the service provider is associated with the security-sensitive application, automatically implementing an authentication policy that specifies that the performing of the biometric scan must be performed to complete the transaction.
  - 7. The method of claim 6, wherein detecting, at the remote authentication service, that the service provider is associated with the security-sensitive application comprises analyzing an identifier of the service provider with regard to a list of security-sensitive applications maintained at the remote authentication service.
  - 8. The method of claim 2, further comprising:
    - detecting, at the authentication service, that the user comprises a security-sensitive user; and
      
      , in response to detecting that the user comprises the security-sensitive user, automatically implementing an authentication policy that specifies that the performance of the biometric scan must be performed to complete the transaction, wherein a security-sensitive user relates to any user that the authentication service designates as needing additional user authentication for completing transactions.
  - 9. The method of claim 2, further comprising:
    - determining a likelihood that the transaction request comprises a suspicious transaction based on the data associated with the transaction request; and
      
      detecting, at the authentication service, that the transaction request comprises a suspicious transaction request, wherein detecting that the transaction request comprises the suspicious transaction includes determining a likelihood that the transaction request was not initiated by the user associated with the mobile user device;
      
      wherein directing the user to perform the biometric scan comprises directing the user to perform the biometric scan only in response to detecting suspicious transaction requests.
  - 10. The method of claim 9, wherein detecting that the transaction request comprises the suspicious transaction request comprises receiving indication from the service provider that the transaction request is suspicious.
  - 11. The method of claim 9, wherein detecting that the transaction request comprises the suspicious transaction request comprises detecting that the transaction request is suspicious based on historical transaction request data stored at the authentication service.
  - 12. The method of claim 2, upon receipt of the transaction request at the service provider, performing by the service provider an initial authentication of the initiator of the transaction request and only a subsequent authentication of the transaction request is performed by the authentication service, the subsequent authentication comprising a biometric authentication for receiving the biometric scan.
  - 13. The method of claim 2, further comprising:
    - preventing the authentication service from inspecting one or more features of the transaction request from the service provider, wherein the preventing includes encrypting at least part of the transaction request at the service provider prior to transmitting the transaction request to the authentication service; and
      
      decrypting the transaction request only at a multi-factor authentication application hosted on the mobile user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Abduljaber, Omar, Zhu, Boyang
Primary Examiner(s)
Borlinghaus, Jason

Application Number

US16/568,655
Publication Number

US 20200005300A1
Time in Patent Office

299 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/32   using wireless devices

G06Q 20/326   Payment applications instal...

G06Q 20/401   Transaction verification

G06Q 20/40145   Biometric identity checks

G06Q 20/425   using two different network...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04W 12/06   Authentication

System and method of notifying mobile devices to complete transactions after additional agent verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

468 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of notifying mobile devices to complete transactions after additional agent verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

468 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links