Preventing unauthorized access to secured information systems using multi-device authentication techniques

US 10,091,194 B2
Filed: 05/12/2016
Issued: 10/02/2018
Est. Priority Date: 05/12/2016
Status: Active Grant

First Claim

Patent Images

1. A computing platform, comprising:

at least one processor;

a communication interface communicatively coupled to the at least one processor; and

memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;

store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device;

receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server;

based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account;

select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account;

based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account;

send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account;

based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account;

send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account;

receive, via the communication interface, from the client portal server, first one-time passcode input;

validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account;

receive, via the communication interface, from the client portal server, second one-time passcode input;

validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account;

based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and

send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform may receive, from a client portal server, a request to authenticate a first user to a first user account. The computing platform may generate a first one-time passcode for a first computing device associated with the first user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a second one-time passcode for a second computing device associated with the first user account and may send, to the second computing device, the second one-time passcode. Thereafter, the computing platform may receive first one-time passcode input and second one-time passcode input, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the first user with access to the first user account, which the computing platform may send to the client portal server.

80 Citations

View as Search Results

17 Claims

1. A computing platform, comprising:
- at least one processor;
  
  a communication interface communicatively coupled to the at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
  
  store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device;
  
  receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server;
  
  based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account;
  
  select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account;
  
  send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account;
  
  send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account;
  
  receive, via the communication interface, from the client portal server, first one-time passcode input;
  
  validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account;
  
  receive, via the communication interface, from the client portal server, second one-time passcode input;
  
  validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account;
  
  based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to receiving the request to authenticate the first user to the first user account;
      
      receive, via the communication interface, from the client portal server, first authentication preferences information for the first user account; and
      
      store the first authentication preferences information for the first user account received from the client portal server.
  - 3. The computing platform of claim 2, wherein the first authentication preferences information for the first user account comprises selection information directing the computing platform to use the multi-device authentication technique when processing authentication requests for the first user account.
  - 4. The computing platform of claim 1, wherein evaluating the authentication state information associated with the first user account comprises evaluating a current time of day.
  - 5. The computing platform of claim 1, wherein evaluating the authentication state information associated with the first user account comprises evaluating location information.
  - 6. The computing platform of claim 1, wherein evaluating the authentication state information associated with the first user account comprises evaluating authentication history information associated with the first user account.
  - 7. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - receive, via the communication interface, and from the client portal server, a request to authenticate a second user to a second user account associated with the client portal provided by the client portal server;
      
      based on receiving the request to authenticate the second user to the second user account, generate a third one-time passcode for a third computing device associated with the second user account;
      
      send, via the communication interface, to the third computing device associated with the second user account, the third one-time passcode generated for the third computing device associated with the second user account;
      
      based on receiving the request to authenticate the second user to the second user account, generate a fourth one-time passcode for a fourth computing device associated with the second user account;
      
      send, via the communication interface, to the fourth computing device associated with the second user account, the fourth one-time passcode generated for the fourth computing device associated with the second user account;
      
      receive, via the communication interface, from the client portal server, third one-time passcode input;
      
      validate the third one-time passcode input based on the third one-time passcode generated for the third computing device associated with the second user account;
      
      receive, via the communication interface, from the client portal server, fourth one-time passcode input;
      
      validate the fourth one-time passcode input based on the fourth one-time passcode generated for the fourth computing device associated with the second user account;
      
      based on validating the third one-time passcode input and the fourth one-time passcode input, generate a second validation message directing the client portal server to provide the second user with access to the second user account; and
      
      send, via the communication interface, to the client portal server, the second validation message directing the client portal server to provide the second user with access to the second user account.
  - 8. The computing platform of claim 7, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to receiving the request to authenticate the second user to the second user account, store second device registration information linking the third computing device and the fourth computing device to the second user account.
  - 9. The computing platform of claim 7, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to receiving the request to authenticate the second user to the second user account;
      
      receive, via the communication interface, from the client portal server, second authentication preferences information for the second user account; and
      
      store the second authentication preferences information for the second user account received from the client portal server.
  - 10. The computing platform of claim 9, wherein the second authentication preferences information for the second user account comprises selection information directing the computing platform to use the multi-device authentication technique when processing authentication requests for the second user account.
  - 11. The computing platform of claim 7, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to generating the third one-time passcode and the fourth one-time passcode;
      
      evaluate authentication state information associated with the second user account; and
      
      select the multi-device authentication technique for authenticating the second user to the second user account based on evaluating the authentication state information associated with the second user account.
  - 12. The computing platform of claim 11, wherein evaluating the authentication state information associated with the second user account comprises evaluating a current time of day.
  - 13. The computing platform of claim 11, wherein evaluating the authentication state information associated with the second user account comprises evaluating location information.
  - 14. The computing platform of claim 11, wherein evaluating the authentication state information associated with the second user account comprises evaluating authentication history information associated with the second user account.

15. A method, comprising:
- at a computing platform comprising at least one processor, memory, and a communication interface;
  
  storing, by the at least one processor, first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device;
  
  receiving, by the at least one processor, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server;
  
  based on receiving the request to authenticate the first user to the first user account, evaluating, by the at least one processor, authentication state information associated with the first user account;
  
  selecting, by the at least one processor, a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generating, by the at least one processor, a first one-time passcode for the first computing device associated with the first user account;
  
  sending, by the at least one processor, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generating, by the at least one processor, a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account;
  
  sending, by the at least one processor, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account;
  
  receiving, by the at least one processor, via the communication interface, from the client portal server, first one-time passcode input;
  
  validating, by the at least one processor, the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account;
  
  receiving, by the at least one processor, via the communication interface, from the client portal server, second one-time passcode input;
  
  validating, by the at least one processor, the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account;
  
  based on validating the first one-time passcode input and the second one-time passcode input, generating, by the at least one processor, a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  sending, by the at least one processor, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
- View Dependent Claims (16)
- - 16. The method of claim 15, comprising:
    - prior to receiving the request to authenticate the first user to the first user account;
      
      receiving, by the at least one processor, via the communication interface, from the client portal server, first authentication preferences information for the first user account; and
      
      storing, by the at least one processor, the first authentication preferences information for the first user account received from the client portal server.

17. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
- store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device;
  
  receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server;
  
  based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account;
  
  select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account;
  
  send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account;
  
  based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account;
  
  send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account;
  
  receive, via the communication interface, from the client portal server, first one-time passcode input;
  
  validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account;
  
  receive, via the communication interface, from the client portal server, second one-time passcode input;
  
  validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account;
  
  based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and
  
  send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Votaw, Elizabeth S., Keys, Andrew T.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US15/152,849
Publication Number

US 20170331817A1
Time in Patent Office

873 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

H04L 2463/082   applying multi-factor authe...

H04L 63/067   using one-time keys cryptog...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

Preventing unauthorized access to secured information systems using multi-device authentication techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Preventing unauthorized access to secured information systems using multi-device authentication techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others