Preventing unauthorized access to secured information systems using multi-device authentication techniques

US 10,057,255 B2
Filed: 07/20/2016
Issued: 08/21/2018
Est. Priority Date: 07/20/2016
Status: Active Grant

First Claim

Patent Images

1. A computing platform, comprising:

at least one processor;

a communication interface communicatively coupled to the at least one processor; and

memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;

receive, via the communication interface, and from a client portal server, a request to authenticate a first user to a first user account corresponding to a client portal provided by the client portal server;

identify a requested activity corresponding to the request to authenticate the first user to the first user account as a first activity;

based on identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity, select a multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server;

based on selecting the multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server, generate a first one-time passcode for a first registered device and a second one-time passcode for a second registered device different from the first registered device, wherein the first one-time passcode is different from the second one-time passcode;

send, via the communication interface, the first one-time passcode to the first registered device and the second one-time passcode to the second registered device;

receive, via the communication interface, and from the client portal server, first one-time passcode input;

validate the first one-time passcode input received from the client portal server;

based on validating the first one-time passcode input received from the client portal server, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and

send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform may receive, from a client portal server, a request to authenticate a user to a user account a client portal. Based on identifying an activity the request, the computing platform may select a multi-device authentication method for authenticating the user. The computing platform may generate a first one-time passcode for a first registered device and a second one-time passcode for a second registered device, and may send the one-time passcodes to the registered devices. Thereafter, the computing platform may receive and validate one-time passcode input from the client portal server. Based on validating the one-time passcode input, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, and may send the validation message to the client portal server. In some instances, different authentication methods may be selected for different activities.

100 Citations

View as Search Results

20 Claims

1. A computing platform, comprising:
- at least one processor;
  
  a communication interface communicatively coupled to the at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
  
  receive, via the communication interface, and from a client portal server, a request to authenticate a first user to a first user account corresponding to a client portal provided by the client portal server;
  
  identify a requested activity corresponding to the request to authenticate the first user to the first user account as a first activity;
  
  based on identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity, select a multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server;
  
  based on selecting the multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server, generate a first one-time passcode for a first registered device and a second one-time passcode for a second registered device different from the first registered device, wherein the first one-time passcode is different from the second one-time passcode;
  
  send, via the communication interface, the first one-time passcode to the first registered device and the second one-time passcode to the second registered device;
  
  receive, via the communication interface, and from the client portal server, first one-time passcode input;
  
  validate the first one-time passcode input received from the client portal server;
  
  based on validating the first one-time passcode input received from the client portal server, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to receiving the request to authenticate the first user to the first user account associated corresponding to the client portal provided by the client portal server;
      
      receive first device registration information for the first user account corresponding to the client portal provided by the client portal server; and
      
      store the first device registration information for the first user account corresponding to the client portal provided by the client portal server,wherein the first device registration information identifies the first registered device and the second registered device as authorized passcode recipients for the first user account corresponding to the client portal provided by the client portal server.
  - 3. The computing platform of claim 1, wherein identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity comprises:
    - generating a first activity selection prompt directing the client portal server to prompt the first user to select an activity;
      
      sending, to the client portal server, the first activity selection prompt directing the client portal server to prompt the first user to select an activity; and
      
      receiving, from the client portal server, first activity selection input selecting the first activity.
  - 4. The computing platform of claim 1, wherein identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity comprises identifying the first activity based on a source of the request to authenticate the first user to the first user account.
  - 5. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - receive, via the communication interface, and from a partner gateway server, a request to authenticate a second user to a second user account corresponding to the client portal provided by the client portal server;
      
      identify a requested activity corresponding to the request to authenticate the second user to the second user account as a second activity;
      
      based on identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity, select a single-device authentication method for authenticating the second user to the second user account corresponding to the client portal provided by the client portal server;
      
      based on selecting the single-device authentication method for authenticating the second user to the second user account corresponding to the client portal provided by the client portal server, generate a third one-time passcode for a third registered device;
      
      send, via the communication interface, the third one-time passcode to the third registered device;
      
      receive, via the communication interface, and from the partner gateway server, second one-time passcode input;
      
      validate the second one-time passcode input received from the partner gateway server;
      
      based on validating the second one-time passcode input received from the partner gateway server, generate a second validation message directing the partner gateway server to provide the second user with access to the second user account; and
      
      send, via the communication interface, to the partner gateway server, the second validation message directing the partner gateway server to provide the second user with access to the second user account.
  - 6. The computing platform of claim 5, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to receiving the request to authenticate the second user to the second user account corresponding to the client portal provided by the client portal server;
      
      receive second device registration information for the second user account corresponding to the client portal provided by the client portal server; and
      
      store the second device registration information for the second user account corresponding to the client portal provided by the client portal server,wherein the second device registration information identifies the third registered device as an authorized passcode recipient for the second user account corresponding to the client portal provided by the client portal server.
  - 7. The computing platform of claim 5, wherein identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity comprises:
    - generating a second activity selection prompt directing the partner gateway server to prompt the second user to select an activity;
      
      sending, to the partner gateway server, the second activity selection prompt directing the partner gateway server to prompt the second user to select an activity; and
      
      receiving, from the partner gateway server, second activity selection input selecting the second activity.
  - 8. The computing platform of claim 5, wherein identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity comprises identifying the second activity based on a source of the request to authenticate the second user to the second user account.
  - 9. The computing platform of claim 5, wherein the first activity corresponds to a greater level of access to user account information than the second activity.
  - 10. The computing platform of claim 1, wherein validating the first one-time passcode input received from the client portal server comprises comparing the first one-time passcode input received from the client portal server to the first one-time passcode sent to the first registered device and the second one-time passcode sent to the second registered device to confirm that the first one-time passcode input received from the client portal server matches the first one-time passcode sent to the first registered device and the second one-time passcode sent to the second registered device.

11. A method, comprising:
- at a computing platform comprising at least one processor, memory, and a communication interface;
  
  receiving, by the at least one processor, via the communication interface, and from a client portal server, a request to authenticate a first user to a first user account corresponding to a client portal provided by the client portal server;
  
  identifying, by the at least one processor, a requested activity corresponding to the request to authenticate the first user to the first user account as a first activity;
  
  based on identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity, selecting, by the at least one processor, a multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server;
  
  based on selecting the multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server, generating, by the at least one processor, a first one-time passcode for a first registered device and a second one-time passcode for a second registered device different from the first registered device, wherein the first one-time passcode is different from the second one-time passcode;
  
  sending, by the at least one processor, via the communication interface, the first one-time passcode to the first registered device and the second one-time passcode to the second registered device;
  
  receiving, by the at least one processor, via the communication interface, and from the client portal server, first one-time passcode input;
  
  validating, by the at least one processor, the first one-time passcode input received from the client portal server;
  
  based on validating the first one-time passcode input received from the client portal server, generating, by the at least one processor, a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  sending, by the at least one processor, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, comprising:
    - prior to receiving the request to authenticate the first user to the first user account corresponding to the client portal provided by the client portal server;
      
      receiving, by the at least one processor, first device registration information for the first user account corresponding to the client portal provided by the client portal server; and
      
      storing, by the at least one processor, the first device registration information for the first user account corresponding to the client portal provided by the client portal server,wherein the first device registration information identifies the first registered device and the second registered device as authorized passcode recipients for the first user account corresponding to the client portal provided by the client portal server.
  - 13. The method of claim 11, wherein identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity comprises:
    - generating a first activity selection prompt directing the client portal server to prompt the first user to select an activity;
      
      sending, to the client portal server, the first activity selection prompt directing the client portal server to prompt the first user to select an activity; and
      
      receiving, from the client portal server, first activity selection input selecting the first activity.
  - 14. The method of claim 11, wherein identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity comprises identifying the first activity based on a source of the request to authenticate the first user to the first user account.
  - 15. The method of claim 11, comprising:
    - receiving, by the at least one processor, via the communication interface, and from a partner gateway server, a request to authenticate a second user to a second user account corresponding to the client portal provided by the client portal server;
      
      identifying, by the at least one processor, a requested activity corresponding to the request to authenticate the second user to the second user account as a second activity;
      
      based on identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity, selecting, by the at least one processor, a single-device authentication method for authenticating the second user to the second user account corresponding to the client portal provided by the client portal server;
      
      based on selecting the single-device authentication method for authenticating the second user to the second user account corresponding to the client portal provided by the client portal server, generating, by the at least one processor, a third one-time passcode for a third registered device;
      
      sending, by the at least one processor, via the communication interface, the third one-time passcode to the third registered device;
      
      receiving, by the at least one processor, via the communication interface, and from the partner gateway server, second one-time passcode input;
      
      validating, by the at least one processor, the second one-time passcode input received from the partner gateway server;
      
      based on validating the second one-time passcode input received from the partner gateway server, generating, by the at least one processor, a second validation message directing the partner gateway server to provide the second user with access to the second user account; and
      
      sending, by the at least one processor, via the communication interface, to the partner gateway server, the second validation message directing the partner gateway server to provide the second user with access to the second user account.
  - 16. The method of claim 15, comprising:
    - prior to receiving the request to authenticate the second user to the second user account corresponding to the client portal provided by the client portal server;
      
      receiving, by the at least one processor, second device registration information for the second user account corresponding to the client portal provided by the client portal server; and
      
      storing, by the at least one processor, the second device registration information for the second user account corresponding to the client portal provided by the client portal server,wherein the second device registration information identifies the third registered device as an authorized passcode recipient for the second user account corresponding to the client portal provided by the client portal server.
  - 17. The method of claim 15, wherein identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity comprises:
    - generating a second activity selection prompt directing the partner gateway server to prompt the second user to select an activity;
      
      sending, to the partner gateway server, the second activity selection prompt directing the partner gateway server to prompt the second user to select an activity; and
      
      receiving, from the partner gateway server, second activity selection input selecting the second activity.
  - 18. The method of claim 15, wherein identifying the requested activity corresponding to the request to authenticate the second user to the second user account as the second activity comprises identifying the second activity based on a source of the request to authenticate the second user to the second user account.
  - 19. The method of claim 15, wherein the first activity is corresponds to a greater level of access to user account information than the second activity.

20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
- receive, via the communication interface, and from a client portal server, a request to authenticate a first user to a first user account corresponding to a client portal provided by the client portal server;
  
  identify a requested activity corresponding to the request to authenticate the first user to the first user account as a first activity;
  
  based on identifying the requested activity corresponding to the request to authenticate the first user to the first user account as the first activity, select a multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server;
  
  based on selecting the multi-device authentication method for authenticating the first user to the first user account corresponding to the client portal provided by the client portal server, generate a first one-time passcode for a first registered device and a second one-time passcode for a second registered device different from the first registered device, wherein the first one-time passcode is different from the second one-time passcode;
  
  send, via the communication interface, the first one-time passcode to the first registered device and the second one-time passcode to the second registered device;
  
  receive, via the communication interface, and from the client portal server, first one-time passcode input;
  
  validate the first one-time passcode input received from the client portal server;
  
  based on validating the first one-time passcode input received from the client portal server, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Votaw, Elizabeth S., Keys, Andrew T.
Primary Examiner(s)
Turchen, James R

Application Number

US15/214,795
Publication Number

US 20180026970A1
Time in Patent Office

762 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

Preventing unauthorized access to secured information systems using multi-device authentication techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing unauthorized access to secured information systems using multi-device authentication techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links