Would I sue you for putting up a fence, maybe not the fence but surely the wire! Putting up a fence is not what I'd take you to court for, it would be for using my Intellectual Property (IP) without compensating me. Build your fence but don't use my patented wire.
The 1882 barbed wire patent and a dispute about it still is used today to define first to file and novelty. "This case largely established precedent for future patent law, specifically in questions of first-to-file, or scope of novelty." See: https://en.wikipedia.org/wiki/The_Barbed_Wire_Patent
As to if they are trolls or not I cannot say, but they may have already negotiated with other infringers or are using Apple as the first case.
Double authentication would make no difference to NSA or other security agency as they would have the data stream. Actually it would confirm who was sending the message. And as an analyst I may only care who sent the message.
"Glidden held sole rights to sell the product and thus established the Barb Fence Company, in Dekalb, Illinois. The invention made him extremely wealthy and by the time of his death he was one of the richest men in the United States." op.sit.
We have decided that software innovations are patentable as defined in the laws. "Section 101 of Title 35 U.S.C. sets out the subject matter that can be patented:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title." From: https://en.wikipedia.org/wiki/Patentable_subject_matter
Since we are a country of laws and we respect property rights it is important for people to defend their ownership and let the court decide who is right or wronged.
So you have to ask yourself "Do I really want to build this fence with someone else's property?"
This invention uses separate, parallel communication channels to authorise and authenticate a transaction. A primary data channel (PSTN, radio or the like) is used to communicate between the merchant terminal and the bank, and a parallel data channel (a mobile phone network for instance) is used for the authentication process. In the example, the transaction is initiated (on a primary data channel), using a POS terminal as a transaction processing client. The transaction processing server and financial services provider fulfill their normal functions. At this point, the process loops into a transaction authorisation component using the parallel data channel, that requires authentication of the transaction initiator (the card holder). In the example, communications on the parallel data channel are by way of SMS. In the authorisation process, the card holder receives an SMS requesting authorisation of the transaction. If the card holder is not the transaction initiator, the card holder can cancel the transaction. If the transaction can be authorised, an authentication process is initiated in which the mobile phone is programmed to require the entry of a normally secret code (such as a personal identification number (PIN)) that serves to authenticate the card holder and to give final authorisation of the transaction.
Similarly, the next one up, more prior art, application # 20070034685:
A transaction-enabling instrument, such as a credit card, a debit card, or a check, has encoded thereon in machine-readable form a telephone number of a portable wireless communications device, such as a cell phone or a PDA, of the instrument's owner, who is typically the holder of the instrument, and a transaction-authentication code. When the holder presents the instrument to enable a transaction, a reader reads the phone number and code, and an authentication server causes the phone number to be dialed and the owner to be prompted for the authentication code. If the owner provides the code, the server allows the transaction to proceed. If the owner cannot be reached or does not provide the code, the server denies the transaction.
Then half-way up the list of references, application #20030061163:
A method and apparatus for protecting against the unauthorized use of a credit card called CardSafe.TM. allows the credit card holder to finally approve any credit card transaction. When a credit card is used at a remote merchant's terminal, the credit card company is notified of the transaction amount and the credit card account number. The named card holder is concurrently notified of the transaction by a wireless device, such as a telephone call, pager notification, or the like. Upon notification, the card holder can approve or disapprove of the credit card transaction. Unless approved or denied by the credit card holder, the transaction remains uncompleted. The approval or disapproval by the credit card holder can be accomplished in real time or on a pre-selected basis. An unauthorized person would not be able to complete a transaction The credit card owner can also deactivate the CardSafe.TM. system.
There are lots more. I think that shows that this patent is void based on prior art on its face and obviousness by extension of the prior art.