View All Documents & Correspondence
System And Method For Securing Open Banking Application Programming Interface In A Financial Transaction
Abstract: A system (100) for securing open banking application programming interface is disclosed. An organisation registration module (110) enables a consumer developer to register a corresponding organisation on an application programming interface portal. An organisation setup module (120) receives a certificate signing request uploaded by the consumer developer, generates one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking, generates software statement assessment for registering a consumer application, uploads a private key and select the one or more digital identification regulation certificates on the API portal. A client registration module (130) creates a dynamic client registration form required for a dynamic client registration request, captures one or more inputs corresponding to one or more request fields of the dynamic client registration form, creates a dynamic client registration request body for the API and enable making of the API call using mutual transport layer security. FIG. 1
Notices, Deadlines & Correspondence
Patent Information
Applicants
DIGITALAPICRAFT PRIVATE LIMITED
Inventors
1. MANISH KUMAR SINGH
2. VINAY NANDEESH
3. CHANDRAHAS D
4. KAUSHAL SHRIYAN
Specification
Description:BACKGROUND
[0001] Embodiments of the present disclosure relate to a system for secure transaction management and more particularly to, a system and a method for securing open banking application programming interface in a financial transaction.
[0002] Financial institutions face a wide range of technical challenges of securing access to open banking application programming interface (APIs). Open banking is a banking practice that provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs). The open banking allows networking of accounts and data across institutions for use by consumers, financial institutions, and third-party service providers. The open banking raises the potential for both promising gains and grave risks to consumers as more of their data is shared more widely. By relying on networks instead of centralization, the open banking can help financial services consumers to securely share their financial data with other financial institutions. In order to secure the financial data various approaches are available in the open banking APIs which ensures security.
[0003] Conventionally, the approaches available for securing the opening banking APIs include practicing some of the best security practices such as protecting the APIs from malicious bots by implementing rate limiting, allowing only necessary HTTP methods at each end point, performing intent based deep behavioural analysis of bot traffic and the like. Also, other approaches available includes strengthening authorization and authentication protocols, adopting API testing solutions and the like. For the approaches like strengthening the authorization and the authentication protocols, security standards such as mutual authentication over transport layer security (mTLS), HTTPS, OAuth 2.0, OpenID Connect, financial grade API (FAPI) are utilised. Even, many APIs also requires API calls secured through mTLS to ensure highest level of security. As a result, dynamic client registration (DCR) is the utmost necessity in the mTLS for ensuring security.
[0004] In the DCR process, the consumers need to develop and publish their applications on the API portal. However, most of the API portals provide catalogue and documentation of APIs so that consumers can go through them and integrate their applications. As of now, there are limitations on the portal when it comes to following the DCR process from portal and making calls to APIs secured via Mutual TLS. All the portals just display the documentation and present a hardcoded response when it comes to DCR APIs or any API which is secured via Mutual TLS. Moreover, they do not provide the mechanism to try out and test the end-to-end flow.
[0005] Hence, there is a need for an improved system and a method to for securing open banking application programming interface in a financial transaction in order to address the aforementioned issues.
BRIEF DESCRIPTION
[0006] In accordance with an embodiment, of the present disclosure, a system for securing open banking application programming interface in a financial transaction is disclosed. The system includes a processing subsystem hosted on a sever. The processing subsystem includes an organisation registration module. The organisation registration module is configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. The processing subsystem also includes an organisation setup module configured to receive a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation. The organisation setup module is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. The organisation setup module is also configured to generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The organisation setup module is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The processing subsystem also includes a client registration module configured to create a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The client registration module is also configured to capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. The client registration module is also configured to create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
[0007] In accordance with another embodiment of the present disclosure, a method for securing open banking application programming interface in a financial transaction is disclosed. The method includes enabling, by an organisation registration module of a processing subsystem, a consumer developer to register a corresponding organisation on an application programming interface portal. The method also includes receiving, by an organisation setup module of the processing subsystem, a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation. The method also includes generating, by the organisation setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. The method also includes generating, by the organisation setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The method also includes uploading, by the organisation setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The method also includes creating, by a client registration module of the processing subsystem, a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The method also includes capturing, by the client registration module of the processing subsystem, one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. The method also includes creating, by the client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
[0008] To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
BRIEF DESCRIPTION OF THE DRAWINGS
The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
[0009] FIG. 1 is a block diagram of a system for securing open banking application programming interface in a financial transaction in accordance with an embodiment of the present disclosure.
[0010] FIG. 2 is a schematic representation of an exemplary embodiment of a system for securing open banking application programming interface in a financial transaction of FIG. 1 in accordance with an embodiment of the present disclosure;
[0011] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure;
[0012] FIG. 4(a) is a flow chart representing the steps involved in a method for securing open banking application programming interface in a financial transaction of FIG.1 in accordance with an embodiment of the present disclosure; and
[0013] FIG. 4(b) is a flow chart representing the continued steps of method for securing open banking application programming interface of FIG. 4(a) in a financial transaction in accordance with an embodiment of the present disclosure.
[0014] Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAILED DESCRIPTION
[0015] For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
[0016] The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or sub-systems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
[0017] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
[0018] In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
[0019] Embodiments of the present disclosure relate to a system and a method for securing open banking application programming interface in a financial transaction. The system includes a processing subsystem hosted on a sever. The processing subsystem includes an organisation registration module. The organisation registration module is configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. The processing subsystem also includes an organisation setup module configured to receive a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation. The organisation setup module is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. The organisation setup module is also configured to generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The organisation setup module is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The processing subsystem also includes a client registration module configured to create a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The client registration module is also configured to capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. The client registration module is also configured to create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
[0020] FIG. 1 is a block diagram of a system (100) for securing open banking application programming interface in a financial transaction in accordance with an embodiment of the present disclosure. The system (100) includes a processing subsystem (105) hosted on a sever (108). In one embodiment, the server (108) may include a cloud server. In another embodiment, the server (108) may include a local server. The processing subsystem (105) is configured to execute on a network (not shown in FIG. 1) to control bidirectional communications among a plurality of modules. In one embodiment, the network may include a wired network such as local area network (LAN). In another embodiment, the network may include a wireless network such as Wi-Fi, Bluetooth, Zigbee, near field communication (NFC), infra-red communication (RFID) or the like.
[0021] The processing subsystem (105) includes an organisation registration module (110) configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. In one embodiment, the consumer developer is an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal. In such embodiment, the consumer developer may register the corresponding organization using one or more registration details including, but not limited to, name, contact details, email id, date of birth, address, organization name, reason of registration and the like. As used herein the term ‘application programming interface (API) portal’ is defined as a single place to display and provide API Catalogue, API Specification through Open API Specs and interactive model with actual API backend so that API consumers can get a feel of it which are offered by an enterprise. The API portals also allows API consumers to register themselves and their organization. At present, API portals have no way to provide interaction with APIs which are secured using Mutual TLS. In one embodiment, the API portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security.
[0022] The API portal also provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer. In addition, the API portal provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
[0023] The processing subsystem (105) also includes an organisation setup module (120) configured to receive a certificate signing request (CSR) uploaded by the consumer developer upon registration of the corresponding organisation. In a specific embodiment, the corresponding organisation of the consumer developer is registered in a directory application programming interface (Directory API). As used herein, the term ‘directory API’ is defined as a directory to register all API consumers used for open banking registration. Any API provider which implements the open banking APIs, needs to provide a directory to register all the API consumers (Third Party Providers) in its database. All the certificates generated for the API consumer are also stored in the directory through its API. The API portal provides the interface for API consumer to register in the open banking directory. The portal interacts with the Directory API for registering/updating the API consumers and their respective certificates.
[0024] The organisation setup module (120) is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. In one embodiment, the one or more digital identification regulation certificates may include at least one of electronic identification and trust services (eIDAS), quality website authentication certificate (QWAC), qualified certificates for electronic seals (QSeal) or a combination thereof. In such embodiment, the QWAC and the QSeal are specifically prescribed by the regulatory technical standards for authentication purposes, especially because they meet the data integrity and encryption requirements.
[0025] The organisation setup module (120) is also configured to generate software statement assertion (SSA) for registering a consumer application upon generation of the one or more digital identification regulation certificates. This needs to be done every time a consumer needs to register a consumer application. The organisation setup module (120) is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. Uploading of the private key and selecting the one or more digital identification regulation certificates also is done once per consumer logs in.
[0026] The processing subsystem (105) also includes a client registration module (130) configured to create a dynamic client registration form required for a dynamic client registration (DCR) request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The client registration module (130) is also configured to capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. The client registration module (130) is also configured to create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured. In one embodiment, the API portal generates a JWT (JSON Web Token) as per the open banking specification.
[0027] For DCR, the client registration module is configured to enable the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal. The client registration module (130) also redirects the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded. Further, based on open API specifications, the client registration module (130) is also configured to enable the consumer developer in making of the application programming interface call using the mutual transport layer security. The client registration module (130) also enables the consumer developer to test end to end application programming interface flow from the application programming interface portal.
[0028] The DCR API is part of Open ID Connect as well as Open Banking standard. The DCR API provides a mechanism to register client apps of API consumer developers in a secure way. Once the applications are registered, a pair of consumer key and secret is generated for them by the system. These credentials can be then used to authenticate applications when they make call to test APIs from portal or from the servers of the consumer developer. As per the Open Banking specifications, DCR APIs are protected using the Mutual TLS. Due to this, the existing portals cannot make the DCR API call and register the client apps. Thus, using the mTLS for protecting the DCR APIs makes any API consumer register the client applications from the API portal in seamless manner while complying with open banking protocols.
[0029] FIG. 2 is a schematic representation of an exemplary embodiment of a system for securing open banking application programming interface in a financial transaction of FIG. 1 in accordance with an embodiment of the present disclosure. Considering a non-limiting example, wherein the system (100) is utilised by a financial organisation X (102) for securing its open banking API accessed by several other clients or consumers such as let’s assume a payment aggregator Y (104). In such a scenario, if the payment aggregator Y wants to access the open banking API associated with one or more features, the financial institution X needs to allow access of the payment aggregator Y by authenticating its identity. For authentication of the payment aggregator Y, a client registration process is essential. An organisation registration module (110) of the system (100) enable a consumer developer such as the payment aggregator Y to register its corresponding organisation on an application programming interface portal of the financial institution X. In the example used herein, the consumer developer is an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal. In such an example, the consumer developer may register the corresponding organization using one or more registration details including, but not limited to, name, contact details, email id, date of birth, address, organization name, reason of registration and the like.
[0030] Here, the API portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security.
[0031] The API portal also provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer. In addition, the API portal provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
[0032] Once, the registration process is completed, an organisation setup module (120) receives a certificate signing request (CSR) uploaded by the consumer developer The organisation setup module (120) is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. For example, the one or more digital identification regulation certificates may include at least one of electronic identification and trust services (eIDAS), quality website authentication certificate (QWAC), qualified certificates for electronic seals (QSeal) or a combination thereof. In such example, the QWAC and the QSeal are specifically prescribed by the regulatory technical standards for authentication purposes, especially because they meet the data integrity and encryption requirements.
[0033] The organisation setup module (120) is also configured to generate software statement assertion (SSA) for registering a consumer application upon generation of the one or more digital identification regulation certificates. This needs to be done every time a consumer needs to register a consumer application. The organisation setup module (120) is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. Uploading of the private key and selecting the one or more digital identification regulation certificates also is done once per consumer logs in.
[0034] Further, a client registration module (130) creates a dynamic client registration form required for a dynamic client registration (DCR) request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The client registration module (130) is also configured to capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. Not only this, the client registration module (130) is also configured to create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
[0035] For DCR, the client registration module (130) is configured to enable the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal. The client registration module (130) also redirects the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded. Further, based on open API specifications, the client registration module (130) is also configured to enable the consumer developer in making of the application programming interface call using the mutual transport layer security. The client registration module (130) also enables the consumer developer to test end to end application programming interface flow from the application programming interface portal. Hence, as per open banking specifications, the DCR APIs are secured using mTLS and any API consumer can register the client applications from the API portal in seamless manner while complying with open banking protocols.
[0036] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure. The server (200) includes processor(s) (230), and memory (210) operatively coupled to the bus (220). The processor(s) (230), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
[0037] The memory (210) includes several subsystems stored in the form of executable program which instructs the processor (230) to perform the method steps illustrated in FIG. 1. The memory (210) includes a processing subsystem (105) of FIG. 1. The processing subsystem (105) further has following modules: an organisation registration module (110), an organisation setup module (120) and a client registration module (130).
[0038] The organisation registration module (110) configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal. The organisation setup module (120) is configured to receive a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation. The organisation setup module (120) is also configured to generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received. The organisation setup module (120) is also configured to generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates. The organisation setup module (120) is also configured to upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process. The client registration module (130) configured to create a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded. The client registration module (130) is also configured to capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation. The client registration module (130) is also configured to create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
[0039] The bus (220) as used herein refers to be internal memory channels or computer network that is used to connect computer components and transfer data between them. The bus (220) includes a serial bus or a parallel bus, wherein the serial bus transmits data in bit-serial format and the parallel bus transmits data across multiple wires. The bus (220) as used herein, may include but not limited to, a system bus, an internal bus, an external bus, an expansion bus, a frontside bus, a backside bus and the like.
[0040] FIG. 4(a) is a flow chart representing the steps involved in a method (300) for securing open banking application programming interface in a financial transaction of FIG.1 in accordance with an embodiment of the present disclosure. FIG. 4(b) is a flow chart representing the continued steps of method for securing open banking application programming interface in a financial transaction of FIG. 4(a) in accordance with an embodiment of the present disclosure. The method (300) includes enabling, by an organisation registration module of a processing subsystem, a consumer developer to register a corresponding organisation on an application programming interface (API) portal in step 310. In one embodiment, enabling the consumer developer to register the corresponding organisation on the API portal may include registering an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal.
[0041] The method (300) also includes receiving, by an organisation setup module of the processing subsystem, a certificate signing request (CSR) uploaded by the consumer developer upon registration of the corresponding organisation in step 320. In some embodiment, receiving the CSR uploaded by the consumer developer upon registration of the corresponding organisation may include receiving the CSR upon registration of the corresponding organisation in a directory API by the consumer developer. The API portal provides the interface for API consumer to register in the open banking directory. The portal interacts with the Directory API for registering/updating the API consumers and their respective certificates.
[0042] The method (300) also includes generating, by the organisation setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received in step 330. In one embodiment, generating the one or more digital identification regulation certificates corresponding to the predefined requirement of the open banking may include generating the one or more one or more digital identification regulation certificates which includes at least one of electronic identification and trust services (eIDAS), quality website authentication certificate (QWAC), qualified certificates for electronic seals (QSeal) or a combination thereof.
[0043] The method (300) also includes generating, by the organisation setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates in step 340. The method (300) also includes uploading, by the organisation setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process in step 350.
[0044] The method (300) also includes creating, by a client registration module of the processing subsystem, a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded in step 360. The method (300) also includes capturing, by the client registration module of the processing subsystem, one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation in step 370.
[0045] The method (300) also includes creating, by the client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured in step 380. In a specific embodiment, the method for registering the client further includes enabling the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal. In some embodiment, the method further includes redirecting the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded. Also, based on open API specifications, the method includes enabling the consumer developer in making of the application programming interface call using the mutual transport layer security. The method also includes enabling the consumer developer to test end to end application programming interface flow from the application programming interface portal.
[0046] Various embodiments of the present disclosure provide a system of securing the open banking APIs by providing an interface and implementing code changes for generating certificates, uploading private key to make sure the calls sent via portal to APIs are secured via Mutual TLS.
[0047] Moreover, the present disclosed system provides the API portal to provide interaction with APIs which are secured using Mutual TLS and has an ability to generate client certificate for Mutual TLS in requests. The present disclosed system provides an interface to upload private keys and use the same with client certificate. For security reason, the private key is not stored on the portal. It is just stored in the session so once the API consumer logs out, the private key is destroyed. Also, the system allows adding a proxy page in portal to add consumer private key and certificate in the API calls which are made over Mutual TLS. From the Open API Specs of the APIs, the system redirects the API code to the proxy page of the API portal and after adding the key/certificates the request is forwarded to the actual API. Thus, the API portal interacts with various APIs for authentication/authorization flow and then calls API sandbox to provide a feel of the API for the consumer developer.
[0048] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the disclosure and are not intended to be restrictive thereof.
[0049] While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
[0050] The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, the order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. , Claims:1. A system (100) for securing open banking application programming interface in a financial transaction comprising:
a processing subsystem (105) hosted on a sever (108), wherein the processing subsystem (105) is configured to execute on a network to control bidirectional communications among a plurality of modules comprising:
an organisation registration module (110) configured to enable a consumer developer to register a corresponding organisation on an application programming interface portal;
an organisation setup module (120) operatively coupled to the organisation registration module (110), wherein the organisation setup module (120) is configured to:
receive a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation; and
generate one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received;
generate software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates;
upload a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process;
a client registration module (130) operatively coupled to the organisation setup module (120), wherein the client registration module (130) is configured to:
create a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded;
capture one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation; and
create a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured.
2. The system (100) as claimed in claim 1, wherein the corresponding organisation of the consumer developer is registered in a directory application programming interface.
3. The system (100) as claimed in claim 1, wherein the consumer developer is an application developer intended to register either as an individual or on behalf of the corresponding organization for making one or more applications using application programming interfaces available on the application programming interface portal.
4. The system (100) as claimed in claim 1, wherein the one or more digital identification regulation certificates comprises at least one of electronic identification and trust services, quality website authentication certificate, qualified certificates for electronic seals or a combination thereof.
5. The system (100) as claimed in claim 1, wherein the application programming interface portal provides an interface to upload consumer private keys by the consumer developer, wherein the application programming interface provides a proxy page to enable addition of the consumer private keys and the one or more digital identification regulation certificates in the application programming interface calls made over the mutual transport layer security.
6. The system (100) as claimed in claim 1, wherein the application programming interface portal provides an application programming interface sandbox comprising a set of application programming interfaces available as a test mode for testing from the application programming interface portal before an actual production application programming interface call is made by the consumer developer.
7. The system (100) as claimed in claim 1, wherein the application programming interface portal generates a JavaScript object notation web token corresponding to open banking specification and makes the application programming interface call over the mutual transport layer security for creating the dynamic client registration request body.
8. The system (100) as claimed in claim 1, wherein the client registration module (130) is configured to:
enable the consumer developer, upon logging in, to upload the private key and select the one or more digital identification regulation certificates on the application programming interface portal;
redirect the consumer developer to an application programming interface specification page on the application programming interface portal based on the private key and the one or more digital identification regulation certificates uploaded;
enable the consumer developer in making of the application programming interface call using the mutual transport layer security based on open application programming interface specifications; and
enable the consumer developer to test end to end application programming interface flow from the application programming interface portal.
9. A method (300) comprising:
enabling, by an organisation registration module of a processing subsystem, a consumer developer to register a corresponding organisation on an application programming interface portal (310);
receiving, by an organisation setup module of the processing subsystem, a certificate signing request uploaded by the consumer developer upon registration of the corresponding organisation (320);
generating, by the organisation setup module of the processing subsystem, one or more digital identification regulation certificates corresponding to a predefined requirement of the open banking based on the certificate signing request received (330);
generating, by the organisation setup module of the processing subsystem, software statement assessment for registering a consumer application upon generation of the one or more digital identification regulation certificates (340);
uploading, by the organisation setup module of the processing subsystem, a private key and select the one or more digital identification regulation certificates on the application programming interface portal to enable making one or more calls using mutual transport layer security process (350);
creating, by a client registration module of the processing subsystem, a dynamic client registration form required for a dynamic client registration request from the application programming interface portal to the application programming interface based on the private key and the one or more digital identification regulation certificates uploaded (360);
capturing, by the client registration module of the processing subsystem, one or more inputs corresponding to one or more request fields of the dynamic client registration form filled by the consumer developer for registration of one or more clients upon creation (370); and
creating, by the client registration module of the processing subsystem, a dynamic client registration request body for the application programming interface and enable making of the application programming interface call using mutual transport layer security based on the one or more inputs captured (380).
Dated this 6th day of June 2022
Signature
Jinsu Abraham
Patent Agent (IN/PA-3267)
Agent for the Applicant
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202241032376-FER.pdf | 2022-07-08 |
| 1 | 202241032376-STATEMENT OF UNDERTAKING (FORM 3) [06-06-2022(online)].pdf | 2022-06-06 |
| 2 | 202241032376-PROOF OF RIGHT [06-06-2022(online)].pdf | 2022-06-06 |
| 2 | 202241032376-FORM 18A [08-06-2022(online)].pdf | 2022-06-08 |
| 3 | 202241032376-POWER OF AUTHORITY [06-06-2022(online)].pdf | 2022-06-06 |
| 3 | 202241032376-FORM28 [08-06-2022(online)].pdf | 2022-06-08 |
| 4 | 202241032376-STARTUP [08-06-2022(online)].pdf | 2022-06-08 |
| 4 | 202241032376-FORM FOR STARTUP [06-06-2022(online)].pdf | 2022-06-06 |
| 5 | 202241032376-FORM-9 [07-06-2022(online)].pdf | 2022-06-07 |
| 5 | 202241032376-FORM FOR SMALL ENTITY(FORM-28) [06-06-2022(online)].pdf | 2022-06-06 |
| 6 | 202241032376-FORM 1 [06-06-2022(online)].pdf | 2022-06-06 |
| 6 | 202241032376-COMPLETE SPECIFICATION [06-06-2022(online)].pdf | 2022-06-06 |
| 7 | 202241032376-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [06-06-2022(online)].pdf | 2022-06-06 |
| 7 | 202241032376-DECLARATION OF INVENTORSHIP (FORM 5) [06-06-2022(online)].pdf | 2022-06-06 |
| 8 | 202241032376-EVIDENCE FOR REGISTRATION UNDER SSI [06-06-2022(online)].pdf | 2022-06-06 |
| 8 | 202241032376-DRAWINGS [06-06-2022(online)].pdf | 2022-06-06 |
| 9 | 202241032376-EVIDENCE FOR REGISTRATION UNDER SSI [06-06-2022(online)].pdf | 2022-06-06 |
| 9 | 202241032376-DRAWINGS [06-06-2022(online)].pdf | 2022-06-06 |
| 10 | 202241032376-DECLARATION OF INVENTORSHIP (FORM 5) [06-06-2022(online)].pdf | 2022-06-06 |
| 10 | 202241032376-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [06-06-2022(online)].pdf | 2022-06-06 |
| 11 | 202241032376-FORM 1 [06-06-2022(online)].pdf | 2022-06-06 |
| 11 | 202241032376-COMPLETE SPECIFICATION [06-06-2022(online)].pdf | 2022-06-06 |
| 12 | 202241032376-FORM-9 [07-06-2022(online)].pdf | 2022-06-07 |
| 12 | 202241032376-FORM FOR SMALL ENTITY(FORM-28) [06-06-2022(online)].pdf | 2022-06-06 |
| 13 | 202241032376-STARTUP [08-06-2022(online)].pdf | 2022-06-08 |
| 13 | 202241032376-FORM FOR STARTUP [06-06-2022(online)].pdf | 2022-06-06 |
| 14 | 202241032376-POWER OF AUTHORITY [06-06-2022(online)].pdf | 2022-06-06 |
| 14 | 202241032376-FORM28 [08-06-2022(online)].pdf | 2022-06-08 |
| 15 | 202241032376-PROOF OF RIGHT [06-06-2022(online)].pdf | 2022-06-06 |
| 15 | 202241032376-FORM 18A [08-06-2022(online)].pdf | 2022-06-08 |
| 16 | 202241032376-STATEMENT OF UNDERTAKING (FORM 3) [06-06-2022(online)].pdf | 2022-06-06 |
| 16 | 202241032376-FER.pdf | 2022-07-08 |
Search Strategy
| 1 | SearchStrategyE_08-07-2022.pdf |