View All Documents & Correspondence
System And Method For Dynamic Client Registration And Open Application Programming Interface Request Flow
Abstract: A system (100) for dynamic client registration and open application programming interface request flow is disclosed. A registration module (110) enables a consumer developer to register an organisation on an API portal. A process setup module (120) receives a certificate signing request uploaded by the consumer developer, generates digital identification regulation certificates corresponding to a predefined requirement of the open banking, generates SSA for registering a consumer application, uploads a private key and select the digital identification regulation certificates on the API portal. A dynamic client registration module (130) creates a dynamic client registration request form to capture request fields needed for a DCR request from the API portal to the API, create a DCR request body for the API based on the request fields, generate and add a web token to make API calls using mTLS process using the private key and the one or more digital identification regulation certificates. FIG. 1
Notices, Deadlines & Correspondence
Patent Information
Applicants
DIGITALAPICRAFT PRIVATE LIMITED
Inventors
1. MANISH KUMAR SINGH
2. CHANDRAHAS D
3. KAUSHAL SHRIYAN
Specification
Description:BACKGROUND
[0001] Embodiments of the present disclosure relate to secure transaction management and more particularly to, a system and a method for dynamic client registration and securing open banking application programming interface in a financial transaction.
[0002] Open banking describes a new financial ecosystem that is governed by a set of security profiles, application interfaces, and guidelines for customer experiences and operations. Open banking ecosystems are intended to provide new choices and more information to consumers, which should allow for easier interaction with and movement of money between financial institutions and any other entity that participates in the financial ecosystem. By relying on networks instead of centralization, the open banking can help financial services consumers to securely share their financial data with other financial institutions. In order to secure the financial data various approaches are available in the open banking APIs which ensures security.
[0003] Currently known approaches for securing the opening banking APIs include security practices such as protecting the APIs from malicious bots by implementing rate limiting, allowing only necessary HTTP methods at each end point, performing intent based deep behavioural analysis of bot traffic and the like. Also, other approaches available includes strengthening authorization and authentication protocols, adopting API testing solutions and the like. For the approaches like strengthening the authorization and the authentication protocols, security standards such as mutual authentication over transport layer security (mTLS), HTTPS, OAuth 2.0, OpenID Connect, financial grade API (FAPI) are utilised. Even, many APIs also requires API calls secured through mTLS to ensure highest level of security. As a result, dynamic client registration (DCR) is the utmost necessity in the mTLS for ensuring security.
[0004] The Dynamic Client Registration (DCR) API provides a mechanism to dynamically register OAuth 2.0 consumers with authorization servers. The consumers need to develop and publish their applications on the API portal. Indian Patent Application 202241032376 discloses about API portals providing catalogue and documentation of APIs so that consumers can go through them and integrate their applications. As of now, the system is lacking the DCR process from portal and making calls to APIs secured via Mutual TLS. Such portals just display the documentation and present a hardcoded response when it comes to DCR APIs or any API which is secured via Mutual TLS. Moreover, it does not provide the mechanism to try out and test the end-to-end flow and API portals have no way to provide interaction with APIs which are secured using Mutual TLS.
[0005] Hence, there is a need for an improved system and method for dynamic client registration and open application programming interface request flow in order to address the aforementioned issues.
BRIEF DESCRIPTION
[0006] In accordance with an embodiment, of the present disclosure, a system for dynamic client registration and open application programming interface request flow is disclosed. The system includes a hardware processor and a memory coupled to the hardware processor. The memory includes a set of program instructions in the form of a processing subsystem and configured to be executed by the hardware processor. The processing subsystem is hosted on a server and configured to execute on a network to control bidirectional communications among a plurality of modules. The processing unit includes a registration module configured to register an organisation associated with a consumer developer on an application programming interface portal. The processing subsystem includes a process setup module operatively coupled to the registration module. The process setup module is configured to receive a certificate signing request uploaded by the consumer developer upon registration of the organisation. The process setup module is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of an open banking specification based on the certificate signing request. The process setup module is further configured to generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The process setup module is further configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The processing subsystem further includes a dynamic client registration module operatively coupled to the setup module. The dynamic client registration module is configured to create a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates. The dynamic client registration module is also configured to create a dynamic client registration request body for the application programming interface based on the one or more request fields captured. The dynamic client registration module is further configured to generate and add a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates.
[0007] In accordance with another embodiment of the present disclosure, a method for dynamic client registration and open application programming interface request flow is disclosed. The method includes registering, by a registration module of a processing subsystem, an organisation associated with a consumer developer on an application programming interface portal. The method also includes receiving, by a process setup module of the processing subsystem, a certificate signing request uploaded by the consumer developer upon registration of the organisation. The method further includes generating, by the process setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of an open banking specification based on the certificate signing request. The method further includes generating, by the process setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The method further includes uploading, by the process setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The method includes creating, by a dynamic client registration module of the processing subsystem, a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates. The method also includes creating, by the dynamic client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface based on the one or more request fields captured. The method further includes generating and adding, by the dynamic client registration module of the processing subsystem, a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates.
[0008] To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
BRIEF DESCRIPTION OF THE DRAWINGS
The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
[0009] FIG. 1 is a block diagram of a system for dynamic client registration and open application programming interface request flow in accordance with an embodiment of the present disclosure;
[0010] FIG. 2 is a schematic representation of an exemplary embodiment of a system for dynamic client registration and open application programming interface request flow of FIG. 1 in accordance with an embodiment of the present disclosure;
[0011] FIG. 2(a) is flow chart representing organisation setup in directory of the system of FIG. 2 in accordance with an embodiment of the present disclosure;
[0012] FIG. 2(b) is a flow chart representing generation and upload of digital certificates of system of FIG. 2 in accordance with an embodiment of the present disclosure;
[0013] FIG. 2(c) is a flow chart representing generation of software statement assertion for dynamic client registration of system of FIG. 2 in accordance with an embodiment of the present disclosure;
[0014] FIG. 2(d) is a flow chart representing dynamic client registration from API portal using mutual TLS of system of FIG. 2 in accordance with an embodiment of the present disclosure;
[0015] FIG. 2(e) represents flow charts depicting API flow from API portal using mutual TLS of system of FIG. 2 in accordance with an embodiment of the present disclosure;
[0016] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure;
[0017] FIG. 4(a) is a flow chart representing the steps involved in a method for dynamic client registration and open application programming interface request flow of FIG.1 in accordance with an embodiment of the present disclosure; and
[0018] FIG. 4(b) is a flow chart representing the continued steps of method of FIG. 4(a) in a financial transaction in accordance with an embodiment of the present disclosure.
[0019] Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAILED DESCRIPTION
[0020] For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
[0021] The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or sub-systems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
[0022] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
[0023] In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
[0024] Embodiments of the present disclosure relate to a system and a method for dynamic client registration and open application programming interface request flow. As used herein, “dynamic client registration is a protocol that allows OAuth client applications to register with an OAuth server. Here, OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. Moreover, a flow for the open application programming interface (API) includes a request, one or more target application actions, and a response for an application programming interface (API) operation. The flow is triggered by calling the API operation such as from mobile and web applications. The detailed operation, features and embodiments of the system and method are described from FIG. 1 onwards.
[0025] FIG. 1 is a block diagram of a system (100) for dynamic client registration and open application programming interface request flow in accordance with an embodiment of the present disclosure. The system (100) includes a hardware processor (101) and a memory (102) coupled to the hardware processor (101). The memory (102) includes a set of program instructions in the form of a processing subsystem (105) and configured to be executed by the hardware processor (101). As used herein, the hardware processor performs data processing, decision making, and all general computing tasks and coordinates tasks done by memory, disk storage, and other system components. The processing subsystem (105) is hosted on a sever (108). In one embodiment, the server (108) may include a cloud server. In another embodiment, the server (108) may include a local server. The processing subsystem (105) is configured to execute on a network (not shown in FIG. 1) to control bidirectional communications among a plurality of modules. In one embodiment, the network may include a wired network such as local area network (LAN). In another embodiment, the network may include a wireless network such as Wi-Fi, Bluetooth, Zigbee, near field communication (NFC), infra-red communication (RFID) or the like.
[0026] The processing subsystem (105) includes a registration module (110) configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. As used herein, the consumer developer is an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the open application programming interface portal. In one embodiment, the consumer developer may register the corresponding organization using one or more registration details including, but not limited to, name, contact details, email id, date of birth, address, organization name, reason of registration and the like. As used herein the term ‘application programming interface (API) portal’ is defined as a single place to display and provide API catalogue, API specification through Open API specification and interactive model with actual API backend so that API consumers can get a feel of it which are offered by an enterprise. In one embodiment, the API portals also enable API consumers to register themselves and their organization. Currently existing, API portals have no way to provide interaction with APIs which are secured using Mutual TLS.
[0027] In one embodiment, the API portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security. As used herein, API portal (also known as developer portal) is a single place to display all the APIs which are offered by an enterprise. Most of the time the API portals provide API catalogue, API specification through open API Specification (also known as Swagger) and interactive model with actual API backend so that API consumers may get a feel of it. API portals also allow API consumers to register themselves and their organization.
[0028] The API portal also provides an application programming interface sandbox including a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer. In addition, the API portal provides an application programming interface sandbox including a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
[0029] The processing subsystem (105) also includes a process setup module (120) configured to receive a certificate signing request (CSR) uploaded by the consumer developer upon registration of the corresponding organisation. As used herein, “certificate signing request (CSR)” is an encoded file containing information about website, service, organization, and domain name. This information is used by a certificate authority (CA) to create secure sockets layer and transport layer security (SSL/TLS) certificate for website to encrypt traffic to website. In a specific embodiment, the organisation associated with the consumer developer is registered in a directory application programming interface (Directory API). As used herein, the term ‘directory API’ is defined as a directory to register all API consumers used for open banking registration. Any API provider which implements the open banking APIs, needs to provide a directory to register all the API consumers (Third Party Providers) in its database. All the certificates generated for the API consumer are also stored in the directory through its API. The API portal provides the interface for API consumer to register in the open banking directory. The portal interacts with the directory API for registering/updating the API consumers and their respective certificates.
[0030] The process setup module (120) is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request. In one embodiment, the one or more digital identification regulation certificates may include at least one of electronic identification and trust services (eIDAS), quality website authentication certificate (QWAC), qualified certificates for electronic seals (QSeal) or a combination thereof. In such embodiment, the QWAC and the QSeal are specifically prescribed by the regulatory technical standards for authentication purposes, especially because they meet the data integrity and encryption requirements.
[0031] The process setup module (120) is also configured to generate software statement assertion (SSA) for registering a consumer application upon generation of the one or more digital identification regulation certificates. As used herein, SSA is a JSON Web Token (JWT) containing client metadata about an instance of client software. The JWT is issued and signed by the open banking directory. This needs to be done every time a consumer needs to register a consumer application. In one embodiment, the process setup module is configured to obtain and upload the one or more digital identification regulation certificates by the consumer developer on the application programming interface portal. More specifically, a user may obtain the EIDAS certificates generated via a trusted certification authority (CA) through a separate process and upload certificates on the portal.
[0032] Furthermore, the process setup module (120) is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. Here, private key is used to encrypt data stored or transmitted between two parties. Uploading of the private key and selecting the one or more digital identification regulation certificates also is done once per consumer logs in. As used herein, mutual transport layer security (mTLS) is a process that establishes an encrypted TLS connection in which two parties use X digital certificates to authenticate each other. MTLS may help mitigate the risk of moving services to the cloud and may help prevent malicious third parties from imitating genuine applications.
[0033] The processing subsystem (105) also includes a dynamic client registration module (130) configured to create a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates. As used herein, dynamic client registration is a protocol that allows OAuth client applications to register with an OAuth server. These specifications define how a client may submit a request to register itself and the response that the OAuth server should provide.
[0034] The dynamic client registration module (130) is also configured to create a dynamic client registration request body for the application programming interface based on the one or more request fields captured. Furthermore, the dynamic client registration module (130) is also configured to generate and add a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates. In one embodiment, the API portal generates a JWT (JSON Web Token) as per the open banking specification.
[0035] For DCR, the dynamic client registration module (130) is configured to enable the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal. The dynamic client registration module (130) also redirects the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded. Further, based on open API specifications, the dynamic client registration module (130) is also configured to enable the consumer developer in making of the application programming interface call using the mutual transport layer security. The dynamic client registration module (130) also enables the consumer developer to test end to end application programming interface flow from the application programming interface portal.
[0036] The DCR API is part of Open ID Connect as well as Open Banking standard. The DCR API provides a mechanism to register client apps of API consumer developers in a secure way. Once the applications are registered, a pair of consumer key and secret is generated for them by the system. These credentials can be then used to authenticate applications when they make a call to test APIs from portal or from the servers of the consumer developer. As per the Open Banking specifications, DCR APIs are protected using Mutual TLS. Due to this, the existing portals cannot make the DCR API call and register the client apps. Thus, using the mTLS for protecting the DCR APIs makes any API consumer register the client applications from the API portal in seamless manner while complying with open banking protocols. In detail, the application registers its profile with a software statement. The software statement is a JSON Web Token (JWT) that holds registration claims about the client, such as its issuer and redirection URIs. The software statement is issued by a software publisher. The software publisher encrypts and signs the claims in the software statement. Software publisher details are saved in a software publisher profile and the software publisher profile identifies the issuer included in software statements. It provides access to the secret or the keys to decrypt software statement JWTs and to verify their signatures. When the client registers dynamically with a software statement, identity cloud uses the software publisher profile to determine whether it can trust the software statement. The protocol specification does not describe how the client obtains the software statement JWT. Identity cloud expects the software publisher to construct the JWT according to the settings in its profile.
[0037] FIG. 2 is a schematic representation of an exemplary embodiment of a system (100) for dynamic client registration and open application programming interface request flow of FIG. 1 in accordance with an embodiment of the present disclosure. Considering a non-limiting example, wherein the system (100) is utilised by mobile application instances register to get an installation-specific credential. In such a scenario, when a native application is installed on a user's device. At that time, it will register itself to get a client ID and secret that is unique to that installation. This is important because any such credential that is compiled into and distributed with the application is not truly secret. It can be extracted from the application with relative ease.
[0038] By registering for an installation-specific client ID and secret instead, the app can be treated as a confidential client. Being able to keep a credential secret is a requirement imposed by the OAuth standard to issue a refresh token. Without this, the mobile app needs the user to re-authenticate every time its access token expired resulting in a very poor user experience (UX). Consequently, non-confidential mobile clients are usually given a refresh token despite the security risks. By using dynamic client registration, this compromise does not need to be made. In another example, a registration module (110) of the system (100) enables a consumer developer such as the payment aggregator Y (104) to register corresponding organisation on an application programming interface portal of the financial institution X (103) as shown in FIG. 2(a). In the example used herein, the consumer developer registers either as an individual or on behalf of the corresponding organization using one or more registration details including, but not limited to, name, contact details, email id, date of birth, address, organization name, reason of registration and the like on the application programming interface portal and communicating via communication network (115).
[0039] As shown in FIG. 2(b), the process setup module uploads the certificate signing request (CSR) and generate the eIDAS certificates as per the requirement of open banking specification. The eIDAS regulation is regulation on electronic identification and trust services for electronic transactions in the internal market. Qualified certificates for website authentication (QWAC) and qualified certificates for electronic seals (QSeal) are specifically prescribed by the regulatory technical standards for authentication purposes, especially because they meet the data integrity and encryption requirements. The process setup module generates QSeal (for signing requests) and QWAC (for Mutual TLS based authentication). This needs to be done minimum one time. Alternatively, the user may get the eIDAS certificates generated via a trusted Certification Authority (CA) through a separate process and upload certificates on the portal.
[0040] Here, the API portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security. The API portal also provides an application programming interface sandbox including a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
[0041] Furthermore, the process setup module (120) generates software statement assertion (SSA) for registering a consumer application upon generation of one or more digital identification regulation certificates. This needs to be done every time a consumer needs to register a consumer application. The process setup module (120) uploads a private key and select the QWAC certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. Uploading of the private key and selecting the one or more digital identification regulation certificates also is done once per consumer logs in as shown in FIG. 2(c).
[0042] Consequently, a dynamic client registration module (130) creates a dynamic client registration request body form required for a dynamic client registration (DCR) request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The dynamic client registration module (130) creates the dynamic client registration request body for application programming interface and makes the call. As per the open banking specification, the application programming interface portal generates a JWT (JSON Web Token) and makes the API call over the Mutual TLS as shown in FIG. 2(d). The dynamic client registration module uses the private key and QWAC certificate to make the API calls to all the relevant APIs which needs mutual TLS connection from the API portal. This needs to be done every time a consumer needs to register a client application for open banking as well as other financial APIs as shown in FIG. 2(e).
[0043] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure. The server (200) includes processor(s) (230), and memory (210) operatively coupled to the bus (220). The processor(s) (230), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
[0044] The memory (210) includes several subsystems stored in the form of executable program which instructs the processor (230) to perform the method steps illustrated in FIG. 1. The memory (210) includes a processing subsystem (105) of FIG. 1. The processing subsystem (105) further has following modules: a registration module (110), a process setup module (120) and a dynamic client registration module (130).
[0045] The registration module (110) configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. The process setup module (120) is configured to receive a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation. The process setup module (120) is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. The process setup module (120) is also configured to generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The process setup module (120) is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The dynamic client registration module (130) configured to create a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates. The dynamic client registration module is also configured to create a dynamic client registration request body for the application programming interface based on the one or more request fields captured. The dynamic client registration module is further configured to generate and add a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates.
[0046] The bus (220) as used herein refers to be internal memory channels or computer network that is used to connect computer components and transfer data between them. The bus (220) includes a serial bus or a parallel bus, wherein the serial bus transmits data in bit-serial format and the parallel bus transmits data across multiple wires. The bus (220) as used herein, may include but not limited to, a system bus, an internal bus, an external bus, an expansion bus, a frontside bus, a backside bus and the like.
[0047] FIG. 4(a) is a flow chart representing the steps involved in a method (300) for dynamic client registration and open application programming interface request flow of FIG.1 in accordance with an embodiment of the present disclosure. FIG. 4(b) is a flow chart representing the continued steps of method for dynamic client registration and open application programming interface request flow of FIG. 4(a) in accordance with an embodiment of the present disclosure. The method (300) includes enabling, by a registration module of a processing subsystem, a consumer developer to register a corresponding organisation on an application programming interface (API) portal in step 310. In one embodiment, enabling the consumer developer to register the corresponding organisation on the API portal may include registering an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal.
[0048] The method (300) also includes receiving, by a process setup module of the processing subsystem, a certificate signing request (CSR) uploaded by the consumer developer upon registration of the corresponding organisation in step 320. In some embodiment, receiving the CSR uploaded by the consumer developer upon registration of the corresponding organisation may include receiving the CSR upon registration of the corresponding organisation in a directory API by the consumer developer. The API portal provides the interface for API consumer to register in the open banking directory. The portal interacts with the Directory API for registering/updating the API consumers and their respective certificates.
[0049] The method (300) also includes generating, by the process setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received in step 330. In one embodiment, generating the one or more digital identification regulation certificates corresponding to the predefined requirement of the open banking may include generating the one or more one or more digital identification regulation certificates which includes at least one of electronic identification and trust services (eIDAS), quality website authentication certificate (QWAC), qualified certificates for electronic seals (QSeal) or a combination thereof.
[0050] The method (300) also includes generating, by the process setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates in step 340. The method (300) also includes uploading, by the process setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process in step 350.
[0051] The method (300) includes creating, by a dynamic client registration module of the processing subsystem, a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates in step 360. The method (300) also includes creating, by the dynamic client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface based on the one or more request fields captured in step 370. The method further includes generating and adding, by the dynamic client registration module of the processing subsystem, a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates in step 380.
[0052] In a specific embodiment, the method for registering the client further includes enabling the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal. In some embodiment, the method further includes redirecting the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded. Also, based on open API specifications, the method includes enabling the consumer developer in making of the application programming interface call using the mutual transport layer security. The method also includes enabling the consumer developer to test end to end application programming interface flow from the application programming interface portal.
[0053] Various embodiments of the present disclosure provide a system for dynamic client registration and open application programming interface request flow by providing an interface and implementing code changes for generating certificates, uploading private key to make sure the calls sent via portal to APIs are secured via Mutual TLS.
[0054] Moreover, the present disclosed system provides the API portal to provide interaction with APIs which are secured using Mutual TLS and has an ability to generate client certificate for Mutual TLS in requests. The present disclosed system provides an interface to upload private keys and use the same with client certificate. For security reason, the private key is not stored on the portal. It is just stored in the session so once the API consumer logs out, the private key is destroyed. Also, the system allows adding a proxy page in portal to add consumer private key and certificate in the API calls which are made over Mutual TLS. From the Open API Specs of the APIs, the system redirects the API code to the proxy page of the API portal and after adding the key/certificates the request is forwarded to the actual API. Thus, the API portal interacts with various APIs for authentication/authorization flow and then calls API sandbox to provide a feel of the API for the consumer developer.
[0055] Existing portals cannot make the DCR API call and register the client apps. Thus, using the mTLS for protecting the DCR APIs makes any API consumer register the client applications from the API portal in seamless manner while complying with open banking protocols.
[0056] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the disclosure and are not intended to be restrictive thereof.
[0057] While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
[0058] The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, the order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples.
, Claims:1. A computer implemented system (100) for dynamic client registration and open application programming interface request flow comprising:
a hardware processor (101); and
a memory (102) coupled to the hardware processor (101), wherein the memory (102) comprises a set of program instructions in the form of a processing subsystem (105), configured to be executed by the hardware processor (101), wherein the processing subsystem (105) is hosted on a server (108) and configured to execute on a network to control bidirectional communications among a plurality of modules comprising:
a registration module (110) configured to register an organisation associated with a consumer developer on an application programming interface portal;
characterized by
a process setup module (120) operatively coupled to the registration module (110), wherein the process setup module (120) is configured to:
receive a certificate signing request uploaded by the consumer developer upon registration of the organisation; and
generate one or more digital identification regulation certificates corresponding to a predefined requirement of an open banking specification based on the certificate signing request;
generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates;
upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process;
a dynamic client registration module (130) operatively coupled to the setup module (120), wherein the dynamic client registration module (130) is configured to:
create a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates;
create a dynamic client registration request body for the application programming interface based on the one or more request fields captured; and
generate and add a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates.
2. The system (100) as claimed in claim 1, wherein the organisation associated with the consumer developer is registered in a directory application programming interface.
3. The system (100) as claimed in claim 1, wherein the consumer developer is an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal.
4. The system (100) as claimed in claim 1, wherein the registration module (110) is configured to:
enable the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal;
redirect the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded;
enable the consumer developer in making of the application programming interface call using the mutual transport layer security based on open application programming interface specifications; and
enable the consumer developer to test end to end application programming interface flow from the application programming interface portal.
5. The system (100) as claimed in claim 1, wherein the one or more digital identification regulation certificates comprises at least one of electronic identification and trust services, quality website authentication certificate, qualified certificates for electronic seals or a combination thereof.
6. The system (100) as claimed in claim 1, wherein the process setup module (120) is configured to obtain and upload the one or more digital identification regulation certificates by the consumer developer on the application programming interface portal.
7. The system (100) as claimed in claim 1, wherein the application programming interface portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security.
8. The system (100) as claimed in claim 1, wherein the application programming interface portal provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
9. The system (100) as claimed in claim 1, wherein the application programming interface portal generates a JavaScript object notation web token corresponding to open banking specification and makes the application programming interface call over the mutual transport layer security for creating the dynamic client registration request body.
10. A method (300) comprising:
registering, by a registration module of a processing subsystem, an organisation associated with a consumer developer on an application programming interface portal (310);
receiving, by a process setup module of the processing subsystem, a certificate signing request uploaded by the consumer developer upon registration of the organisation (320);
generating, by the process setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of an open banking specification based on the certificate signing request (330);
generating, by the organisation setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates (340);
uploading, by the process setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process (350);
creating, by the dynamic client registration module of the processing subsystem, a dynamic client registration request form to capture one or more request fields needed for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates (360);
creating, by the dynamic client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface based on the one or more request fields captured (370); and
generating and adding, by the dynamic client registration module of the processing subsystem, a web token as per the open banking specification and make one or more application programming interface calls using mutual transport layer security process using the private key and the one or more digital identification regulation certificates (380).
Dated this 05th day of October 2023
Signature
Jinsu Abraham
Patent Agent (IN/PA-3267)
Agent for the Applicant
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202341066959-STATEMENT OF UNDERTAKING (FORM 3) [05-10-2023(online)].pdf | 2023-10-05 |
| 2 | 202341066959-REQUEST FOR EARLY PUBLICATION(FORM-9) [05-10-2023(online)].pdf | 2023-10-05 |
| 3 | 202341066959-PROOF OF RIGHT [05-10-2023(online)].pdf | 2023-10-05 |
| 4 | 202341066959-POWER OF AUTHORITY [05-10-2023(online)].pdf | 2023-10-05 |
| 5 | 202341066959-FORM-9 [05-10-2023(online)].pdf | 2023-10-05 |
| 6 | 202341066959-FORM FOR STARTUP [05-10-2023(online)].pdf | 2023-10-05 |
| 7 | 202341066959-FORM FOR SMALL ENTITY(FORM-28) [05-10-2023(online)].pdf | 2023-10-05 |
| 8 | 202341066959-FORM 1 [05-10-2023(online)].pdf | 2023-10-05 |
| 9 | 202341066959-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [05-10-2023(online)].pdf | 2023-10-05 |
| 10 | 202341066959-EVIDENCE FOR REGISTRATION UNDER SSI [05-10-2023(online)].pdf | 2023-10-05 |
| 11 | 202341066959-DRAWINGS [05-10-2023(online)].pdf | 2023-10-05 |
| 12 | 202341066959-DECLARATION OF INVENTORSHIP (FORM 5) [05-10-2023(online)].pdf | 2023-10-05 |
| 13 | 202341066959-COMPLETE SPECIFICATION [05-10-2023(online)].pdf | 2023-10-05 |
| 14 | 202341066959-STARTUP [06-10-2023(online)].pdf | 2023-10-06 |
| 15 | 202341066959-FORM28 [06-10-2023(online)].pdf | 2023-10-06 |
| 16 | 202341066959-FORM 18A [06-10-2023(online)].pdf | 2023-10-06 |
| 17 | 202341066959-FORM-26 [13-10-2023(online)].pdf | 2023-10-13 |
| 18 | 202341066959-FER.pdf | 2023-11-16 |
| 19 | 202341066959-OTHERS [10-01-2024(online)].pdf | 2024-01-10 |
| 20 | 202341066959-FORM 3 [10-01-2024(online)].pdf | 2024-01-10 |
| 21 | 202341066959-FER_SER_REPLY [10-01-2024(online)].pdf | 2024-01-10 |
| 22 | 202341066959-ENDORSEMENT BY INVENTORS [10-01-2024(online)].pdf | 2024-01-10 |
| 23 | 202341066959-DRAWING [10-01-2024(online)].pdf | 2024-01-10 |
| 24 | 202341066959-US(14)-HearingNotice-(HearingDate-06-06-2024).pdf | 2024-05-01 |
| 25 | 202341066959-FORM-26 [24-05-2024(online)].pdf | 2024-05-24 |
| 26 | 202341066959-Correspondence to notify the Controller [24-05-2024(online)].pdf | 2024-05-24 |
| 27 | 202341066959-Written submissions and relevant documents [19-06-2024(online)].pdf | 2024-06-19 |
| 28 | 202341066959-Response to office action [28-11-2024(online)].pdf | 2024-11-28 |
| 29 | 202341066959-PatentCertificate13-01-2025.pdf | 2025-01-13 |
| 30 | 202341066959-IntimationOfGrant13-01-2025.pdf | 2025-01-13 |
Search Strategy
| 1 | 202341066959E_15-11-2023.pdf |