US 9532222 B2 - System And Method Of Notifying Mobile Devices To Complete Transactions After Additional Agent Verification - The Lens

System And Method Of Notifying Mobile Devices To Complete Transactions After Additional Agent Verification

Published: Dec 27, 2016
Earliest Priority: Mar 03 2010
Family: 4
Cited Works: 4
Cited by: 0
Cites: 115
Additional Info: Cited Works Full text

Abstract

A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.

Claims

A method of completing a transaction that requires authorization by an authority agent, the method comprising:
registering, on an authentication platform, an authenticating application of an authority device as associated with the authority agent; wherein the authority agent is recognized as an authorized user of the authority device by an operating system of the authority device;

receiving, at the authentication platform, an authentication policy from an administrator of a service provider; wherein the authentication policy specifies that additional agent verification must be performed to complete the transaction;

receiving, at the authentication platform, a transaction request from the service provider; wherein the transaction request is associated with the transaction;

in response to receiving the transaction request, pushing an authentication notification to the authenticating application of the authority device;

at the authentication application, displaying the authentication notification on the authority device; wherein displaying the authentication notification comprises displaying a prompt directing the authority agent to perform a fingerprint scan at a fingerprint reader of the authority device;

at the authentication application, performing additional agent verification by verifying, locally and with the operating system, that the fingerprint scan is associated with the authorized user of the authority device;

in response to the additional agent verification, transmitting an authority agent response from the authentication application to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and

in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
The method of claim 1, wherein the authentication notification includes a selectable option that allows additional agent verification to be performed in absence of the fingerprint scan by verifying, locally and with the operating system, a numerical passcode submitted by the authority agent.
The method of claim 1, further comprising receiving approval of the transaction request from the authority agent; wherein the authentication notification directs the authority agent to perform the fingerprint scan only after receiving approval of the transaction request from the authority agent; wherein transmitting the authority agent response comprises transmitting the authority agent response in response to both of the additional agent verification and receiving approval of the transaction request from the authority agent.
The method of claim 1, further comprising prompting the authority agent to approve the transaction request after performing the additional agent verification; wherein transmitting the authority agent response comprises transmitting the authority agent response in response to both of the additional agent verification and receiving approval of the transaction request from the authority agent.
A method of completing a transaction that requires authorization by an authority agent, the method comprising:
registering, on an authentication platform, an authority device as associated with the authority agent;

receiving, at the authentication platform, a transaction request from a service provider; wherein the transaction request is associated with the transaction;

in response to receiving the transaction request, pushing an authentication notification to the authenticating application of the authority device;

at the authentication application, displaying the authentication notification on the authority device;

at the authentication application, receiving approval of the transaction request from the authority agent;

at the authentication application, directing the authority agent to perform a fingerprint scan only after receiving approval of the transaction request from the authority agent; wherein the fingerprint scan is performed at a fingerprint reader of the authority device;

at the authentication application, collecting and verifying the fingerprint scan;

in response to verification of the fingerprint scan, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; wherein transmitting the authority agent response comprises transmitting the authority agent response in response to both of performing the fingerprint scan and receiving approval of the transaction request from the authority agent; and

in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
The method of claim 5, further comprising detecting, at the authentication platform, that the service provider is associated with a security-sensitive application; and, in response to detecting that the service provider is associated with the security-sensitive application, automatically implementing an authentication policy that specifies that the fingerprint scan must be performed to complete the transaction.
The method of claim 6, wherein detecting, at the authentication platform, that the service provider is associated with a security-sensitive application comprises analyzing an identifier of the service provider with regard to a list of security-sensitive applications maintained at the authentication platform.
The method of claim 5, further comprising detecting, at the authentication platform, that the authority agent is a security-sensitive user; and, in response to detecting that the authority agent is a security-sensitive user, automatically implementing an authentication policy that specifies that the fingerprint scan must be performed to complete the transaction.
The method of claim 8 wherein detecting, at the authentication platform, that the authority agent is a security-sensitive user comprises receiving identification of the authority agent as a security-sensitive user from the service provider.
The method of claim 5, further comprising detecting, at the authentication platform, that the authority device is a security-sensitive device; and, in response to detecting that the authority device is a security-sensitive device, automatically implementing an authentication policy that specifies that the fingerprint scan must be performed to complete the transaction.
The method of claim 10, wherein detecting, at the authentication platform, that the authority device is a security-sensitive device comprises analyzing an identifier of the authority device with regard to a list of security-sensitive devices maintained at the authentication platform.
The method of claim 5, wherein verifying the fingerprint scan comprises verifying the fingerprint scan locally and without transmitting the fingerprint scan to the authentication platform.
The method of claim 5, wherein verifying the fingerprint scan comprises transmitting the fingerprint scan to the authentication platform and receiving verification of the fingerprint scan from the authentication platform.
The method of claim 13, further comprising encrypting the fingerprint scan prior to transmitting the fingerprint scan.
The method of claim 5, further comprising detecting, at the authentication platform, that the transaction request is a suspicious transaction request; wherein directing the authority agent to perform the fingerprint scan comprises directing the authority agent to perform the fingerprint scan only in response to suspicious transaction requests.
The method of claim 15, wherein detecting that the transaction request is a suspicious transaction request comprises receiving indication from the service provider that the transaction request is a suspicious transaction request.
The method of claim 15, wherein detecting that the transaction request is a suspicious transaction request comprises detecting that the transaction request is a suspicious transaction request based on historical transaction request data stored at the authentication platform.