Transaction verification through enhanced authentication

摘要

Methods, systems, and computer program products for providing transaction verification through enhanced authentication are provided. A method performed by a computer system may include receiving one or more credentials to authenticate an application programming interface request received from a second computer system based on a first level of authentication, generating an additional authentication challenge to further authenticate the application programming interface request in response to detecting a change associated with the second computer system, issuing the additional authentication challenge to the second computer system, and processing the application programming interface request based on a result of the additional authentication challenge.;In some examples, the additional authentication challenge may be encrypted using a key associated with the second computer system before issuance the additional authentication challenge. For example, the key may be a public key corresponding to a private key stored in a highly secure area on the second computer system.

主权项

1. A computer system, comprising:
a non-transitory memory storing instructions; and one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising: receiving, by a computer system providing access to an application programming interface, a public key provided by a user for encrypting an additional authentication challenge, the public key being provided by the user in advance of a request to use the application programming interface from a client device claiming to be associated with the user; receiving, by the computer system, one or more credentials to authenticate the application programming interface request from the client device based on a first level of authentication; encrypting, by the computer system, the additional authentication challenge that is to be issued to the client device requesting access to the application programming interface using the public key provided in advance by the user; issuing the encrypted additional authentication challenge to the client device to further authenticate the application programming interface request based on detecting that information known about the user differs from information associated with the client device; processing the application programming interface request based on a result of issuing the encrypted additional authentication challenge to the client device; and detecting, by the computer system, abnormal use of the application programming interface associated with the client device based on a deviation from baseline usage of the application programming interface.