Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts
First Claim
1. A computer-implemented method of facilitating transactions while minimizing sharing of sensitive account information, the computer-implemented method comprising:
- determining a plurality of computing devices including at least;
a first computing device;
a second computing device associated with an external application;
a third computing device associated with an institution; and
a fourth computing device,wherein;
the first computing device is in two-way communication with all of the second, third, and fourth computing devices, andthe fourth computing device is in two-way communication with all of the first, third, and fourth computing devices;
by the first computing device executing program instructions;
receiving, from the second computing device, an authorization request including an indication of a user account;
retrieving, from the third computing device associated with the institution, information associated with the user account held by the institution; and
providing, to the fourth computing device, at least a portion of the information associated with the user account; and
by the fourth computing device executing program instructions;
receiving, from the first computing device, the information associated with the user account, wherein the information includes at least;
account information associated with the user account that is associated with the institution, andan identifier associated with an external application;
generating at least;
an electronic record of the information, anda token associated with the electronic record;
causing at least one of a unique identifier associated with the token or the token to be provided to the second computing device;
receiving, from the second computing device, at least;
the at least one of the unique identifier associated with the token or the token, anda request to cause a transaction related to the user account to be executed;
verifying, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the second computing device to cause the transaction to be executed;
initiating the transaction via communication with the third computing device or another institution or transaction processor;
receiving a request to deauthorize the second computing device from causing execution of transactions related to the user account; and
in response to the request to deauthorize the second computing device, revoking the at least one of the unique identifier associated with the token or the token,whereby the second computing device is enabled to cause transactions related to the user account to be executed without sharing account information with the second computing device, andwhereby deauthorization of the second computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token.
3 Assignments
0 Petitions
Accused Products
Abstract
A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user'"'"'s account.
-
Citations
30 Claims
-
1. A computer-implemented method of facilitating transactions while minimizing sharing of sensitive account information, the computer-implemented method comprising:
-
determining a plurality of computing devices including at least; a first computing device; a second computing device associated with an external application; a third computing device associated with an institution; and a fourth computing device, wherein; the first computing device is in two-way communication with all of the second, third, and fourth computing devices, and the fourth computing device is in two-way communication with all of the first, third, and fourth computing devices; by the first computing device executing program instructions; receiving, from the second computing device, an authorization request including an indication of a user account; retrieving, from the third computing device associated with the institution, information associated with the user account held by the institution; and providing, to the fourth computing device, at least a portion of the information associated with the user account; and by the fourth computing device executing program instructions; receiving, from the first computing device, the information associated with the user account, wherein the information includes at least; account information associated with the user account that is associated with the institution, and an identifier associated with an external application; generating at least; an electronic record of the information, and a token associated with the electronic record; causing at least one of a unique identifier associated with the token or the token to be provided to the second computing device; receiving, from the second computing device, at least; the at least one of the unique identifier associated with the token or the token, and a request to cause a transaction related to the user account to be executed; verifying, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the second computing device to cause the transaction to be executed; initiating the transaction via communication with the third computing device or another institution or transaction processor; receiving a request to deauthorize the second computing device from causing execution of transactions related to the user account; and in response to the request to deauthorize the second computing device, revoking the at least one of the unique identifier associated with the token or the token, whereby the second computing device is enabled to cause transactions related to the user account to be executed without sharing account information with the second computing device, and whereby deauthorization of the second computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system configured to facilitate transactions while minimizing sharing of sensitive account information, the system comprising:
-
a plurality of computing devices including at least; a first computing device; a second computing device associated with an external application; a third computing device associated with an institution; and a fourth computing device, wherein; the first computing device is in two-way communication with all of the second, third, and fourth computing devices, the fourth computing device is in two-way communication with all of the first, third, and fourth computing devices, the first computing device is configured to execute program instructions to cause the first computing device to; receive, from the second computing device, an authorization request including an indication of a user account; retrieve, from the third computing device associated with the institution, information associated with the user account held by the institution; and provide, to the fourth computing device, at least a portion of the information associated with the user account, and the fourth computing device is configured to execute program instructions to cause the fourth computing device to; receive, from the first computing device, the information associated with the user account, wherein the information includes at least; account information associated with the user account that is associated with the institution, and an identifier associated with an external application; generating at least; an electronic record of the information, and a token associated with the electronic record; cause at least one of a unique identifier associated with the token or the token to be provided to the second computing device; receive, from the second computing device, at least; the at least one of the unique identifier associated with the token or the token, and a request to cause a transaction related to the user account to be executed; verify, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the second computing device to cause the transaction to be executed; initiate the transaction via communication with the third computing device or another institution or transaction processor; receive a request to deauthorize the second computing device from causing execution of transactions related to the user account; and in response to the request to deauthorize the second computing device, revoke the at least one of the unique identifier associated with the token or the token, whereby the second computing device is enabled to cause transactions related to the user account to be executed without sharing account information with the second computing device, and whereby deauthorization of the second computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product for facilitating transactions while minimizing sharing of sensitive account information, the computer program product comprising one or more non-transitory computer readable storage mediums having program instructions embodied therewith, the program instructions executable by one or more computing devices to:
-
determine a plurality of computing devices including at least; a first computing device; a second computing device associated with an external application; a third computing device associated with an institution; and a fourth computing device, wherein; the first computing device is in two-way communication with all of the second, third, and fourth computing devices, and the fourth computing device is in two-way communication with all of the first, third, and fourth computing devices; by the first computing device executing program instructions; receive, from the second computing device, an authorization request including an indication of a user account; retrieve, from the third computing device associated with the institution, information associated with the user account held by the institution; and provide, to the fourth computing device, at least a portion of the information associated with the user account; and by the fourth computing device executing program instructions ; receive, from the first computing device, the information associated with the user account, wherein the information includes at least; account information associated with the user account that is associated with the institution, and an identifier associated with an external application; generating at least; an electronic record of the information, and a token associated with the electronic record; cause at least one of a unique identifier associated with the token or the token to be provided to the second computing device; receive, from the second computing device, at least; the at least one of the unique identifier associated with the token or the token, and a request to cause a transaction related to the user account to be executed; verify, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the second computing device to cause the transaction to be executed; initiate the transaction via communication with the third computing device or another institution or transaction processor; receive a request to deauthorize the second computing device from causing execution of transactions related to the user account; and in response to the request to deauthorize the second computing device, revoke the at least one of the unique identifier associated with the token or the token, whereby the second computing device is enabled to cause transactions related to the user account to be executed without sharing account information with the second computing device, and whereby deauthorization of the second computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification