Automated Two Factor Authentication
Spriv’s patented technology allows you to automate second factor authentication only if the phone location and the computer from which the user entered his username and password match in geographical location. For privacy reasons Spriv will not share the mobile phone location, but only verify that the computer and the mobile phone location match. If both locations match, then Spriv will automatically approve the transaction. If the locations mismatch, then the user would be able to decide whether he would like to approve or deny the transaction. As a developer, you would be required to provide to Spriv’s API the end user’s browser agent. Example: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36
Pairing
The pairing process will link the user’s mobile phone with his username. Simply send the user’s username to Spriv and Spriv replies with the paring number to your website as an HTTP POST. Once you receive the pairing number, you should send it to the user via SMS or present it over the web and ask the user to enter the paring number in Spriv’s application/add account.The paring number is a six digit unique number with 20 minutes Time To Live [TTL]. If user doesn’t complete pairing within 20 minutes a new pairing number would have to be requested from Spriv. Once the user completes the pairing process, Spriv will push a notification back to your website.
Allow | Deny. Multi Factor Authentication
In addition to automated two-factor authentication, Spriv’s platform provides an additional optional two-factor authentication that requires the user to allow/deny specific transactions. Example: when the user makes a high risk transaction such as changing his address or transferring a large amount of money.Simply send the transaction informationto Spriv and Spriv would provide the user’s allow/deny determination.
Two-factor authentication via SMS
Spriv supports two factor authentications via SMS in two forms:
One way SMS– sending SMS to the user, Send passcode via SMS. Example: “your one time passcode is E45U673Q”; Using one way SMS: send Spriv’s pairing code to the user sending a unique code to the user via SMS and asking him to enter that code in your web site; and
Two way SMS | Multi Factor Authentication
sending SMS to the user and getting the user’s reply via SMS. Spriv will push the user’s reply via HTTP POST once the user replies to Spriv. Send an SMS to user such as: Did you buy a laptop from ‘examplecompany’ for $476? If yes, please reply with “yes” and we will ship your order. If not, please reply “no” and we will cancel the order. Send Passcode via SMS to your users in more than 200 countries.
TOTP ‘Time-Based One-Time Password‘
as defined in RFC 4226 Spriv’s TOTP would provide a six digit number generated using the mobile phone internal clock with TTL 30 Seconds. Spriv’s TOTP second factor authentication allows you to authenticate the user even when the user is traveling and has no internet reception.
SMS Passcode
Please send your feedback
Spriv is constantly improving and adding new features to our patented technology. Spriv’s team highly appreciates your input and we would love to get your opinion/feedback and suggestions for adding new features. Please feel free to contact us via our feedback page below and we will promptly respond to your inquiry.