Using tokens from silent push notifications during application sessions to develop device confidence

What is claimed is: 1. A computer implemented method for authenticating a client device, the method comprising: transmitting, by one or more computing devices, a silent push notification to an application installed on the client device, wherein the silent push notification includes a push token provided by a push service and an embedded secret, and wherein the push token is a unique key linking the client device to the application; receiving, by the one or more computing devices and from the application and without user input, a response to the silent push notification with a further embedded secret; comparing, by the one or more computing devices, the embedded secret and the further embedded secret to determine if they match; determining, by the one or more computing devices, if the application had an active session at a time the silent push notification was transmitted to the application by reviewing a log file indicating whether the application has an active session or by receiving an indication that the application does not have an active session, the indication comprising a bounce back message or no response; if the application did not have the active session, determining, by the one or more computing devices, not to authenticate the client device, and transmit a notification to a user to perform an action for an account accessed via the application; and if the embedded secret and the further embedded secret match and the application had the active session at the time the silent push notification was sent, authenticating the client device. 2. The method of claim 1 , further comprising performing, by the one or more computing devices, an operation on the further embedded secret, wherein the operation includes a hashing or a reordering of bytes of data. 3. The method of claim 1 , further comprising: measuring, by the one or more computing devices, a response time between when the silent push notification is transmitted to the application and when the response to the silent push notification is received from the application; authenticating, by the one or more computing devices, the client device if the response time is less than or equal to a predetermined time period. 4. The method of claim 1 , wherein the application is a banking application. 5. The method of claim 1 , further comprising: receiving, by the one or more computing devices, historic responses to previous silent push notifications to the client device; analyzing, by the one or more computing devices and using a machine learning model, the historic responses to generate a client device risk score; authenticating, by the one or more computing devices, the client device based on the client device risk score. 6. The method of claim 1 , further comprising: encrypting, by the one or more computing devices, the silent push notification; and transmitting, by the one or more computing devices, a public key with the encrypted silent push notification to the client device, wherein the public key is to be used by the application to decrypt the silent push notification. 7. The method of claim 1 , further comprising transmitting the embedded secret in more than one transmission. 8. A non-transitory computer readable medium including instructions for authenticating a client device, with operations comprising: transmitting a silent push notification to an application installed on the client device, wherein the silent push notification includes a push token provided by a push service and an embedded secret, and wherein the push token is a unique key linking the client device to the application; receiving, from the application and without user input, a response to the silent push notification with a further embedded secret; comparing the embedded secret and the further embedded secret to determine if they match; determining if the application had an active session at a time the silent push notification was transmitted to the application by reviewing a log file indicating whether the application has an active session or by receiving an indication that the application does not have an active session, the indication comprising a bounce back message or no response; if the application did not have the active session, determining not to authenticate the client device, and transmit a notification to a user to perform an action for an account accessed via the application; and if the embedded secret and the further embedded secret match and the application had the active session at the time the silent push notification was sent, authenticating the client device. 9. The non-transitory computer readable medium of claim 8 , the operations further comprising performing an operation on the further embedded secret, wherein the operation includes a hashing or a reordering of bytes of data. 10. The non-transitory computer readable medium of claim 8 , the operations further comprising: measuring a response time between when the silent push notification is transmitted to the application and when the response to the silent push notification is received from the application; authenticating the client device if the response time is less than or equal to a predetermined time period. 11. The non-transitory computer readable medium of claim 8 , wherein the application is a banking application. 12. The non-transitory computer readable medium of claim 8 , the operations further comprising: receiving historic responses to previous silent push notifications to the client device; and analyzing, using a machine learning model, the historic responses to generate a client device risk score; authenticating the client device based on the client device risk score. 13. The non-transitory computer readable medium of claim 8 , the operations further comprising: encrypting the silent push notification; and transmitting a public key with the encrypted silent push notification to the client device, wherein the public key is to be used by the application to decrypt the silent push notification. 14. The non-transitory computer readable medium of claim 8 , further comprising transmitting the embedded secret in more than one transmission. 15. A computing system for authenticating a client device comprising: memory configured to store instructions; a communications unit including microelectronics, coupled to the memory, configured to process the stored instructions to: transmit a silent push notification to an application installed on the client device, wherein the silent push notification includes a push token provided by a push service and an embedded secret, and wherein the push token is a unique key linking the client device to the application, receive, from the application and without user input, a response to the silent push notification with a further embedded secret; and one or more processors, coupled to the memory, configured to process the stored instructions to: compare the embedded secret and the further embedded secret to determine if they match, determine if the application had an active session at a time the silent push notification was transmitted to the application by reviewing a log file indicating whether the application has an active session or by receiving an indication that the application does not have an active session, the indication comprising a bounce back message or no response; if the application did not have the active session, determine not to authenticate the client device, and transmit a notification to a user to perform an action for an account accessed via the application; and if the embedded secret and the further embedded secret matc