Browse Prior Art Database

Method for 2 Factor authentication to facilitate communication between two mobile apps on the same phone in a secured/reliable way. Disclosure Number: IPCOM000254458D
Publication Date: 2018-Jun-29
Document File: 3 page(s) / 97K

Publishing Venue

The Prior Art Database

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Method for 2 Factor authentication to facilitate communication between two mobile apps on the same phone in a secured/reliable way.

Currently, mobile operating systems, such as iOS, Android and others do not allow free

communication between two apps. There are number of customer scenarios where this is a must, two apps have to be tightly linked to each other. In case of operating systems such as iOS, it is even more restricted. This creation aims to provide a unique method by which one mobile app can securely utilize the services provided by another enterprise mobile app without app to app communication on the device.

1. The method of utilizing services provided by one app (e.g. payment app) by another app (e-

commerce app) without direct app to app communication is achieved by incorporating a SDK provided by the payment company into the e-commerce mobile app and Mobile backend server.

2. This achieves 2 factor auth by using a secure registration process and a secure payment process. a. Registration step ) This step authenticates the vendor,s app to the payment app,s

server through the incorporated SDK. The vendor,s server is notified of this b. Transaction step ) The vendor app initiates a transaction through the incorporated SDK.

The vendor server and payment server share transaction and authentication details to complete the transaction.

Note - the below is planned to be in a PoC during the later part of this year with plan to productize it in the upcoming release of MobileFoundation product. There are two steps in this process.

3. Registration Step Assume that the payment app installed on the user,s mobile device has already been authenticated to the server on this particular device. As a result, a unique identifier of the app & device combination is available with the payment server. (A. and B. in the diagram) Also assume that each vendor app has a unique authorization key provided by the payment server beforehand

a. When a user uses the vendor app and chooses to pay using the payment app, the vendor app (first time registration only)invokes the payment client SDK to start the registration process.

b. The payment client SDK sends a reverse OTP to the payment server through an SMS gateway. The payment server maintains a mapping...