Online account access control by mobile device
First Claim
1. A method for initiating an action for an online account, the method comprising:
- receiving an access control message from a mobile device that includes at least a request to perform an action with respect to an online account, the access control message having been generated by a signed application on the mobile device and including a digital signature generated using a private key stored on the mobile device, wherein the action comprises preventing login access to the online account such that the account cannot be accessed even using the correct login information for the online account;
establishing, in response to receiving the access control message, a network connection by communicatively coupling the server with the mobile device;
receiving, via the network connection, identifying information associated with the mobile device;
identifying the online account based at least in part on the identifying information associated with the mobile device, wherein the identifying the online account includes comparing the identifier of the mobile device to a plurality of stored identifiers, wherein the online account is associated with an accessibility status indicating whether the account can or cannot be accessed via a login using correct login credentials, such that a “
locked”
accessibility status indicates that the account cannot be accessed using correct login credentials, wherein the action comprises a command to update the accessibility status in a specified manner;
verifying the authenticity of the digital signature using a public key associated with the mobile device;
upon verifying the authenticity of the digital signature using the public key, determining, based on the access control message, that the mobile device is authorized to initiate the action with respect to the account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; and
upon determining that the mobile device is authorized to initiate the action with respect to the online account, initiating the action such that the accessibility status of the account is updated based on the access control message without further interaction with the mobile device; and
providing, to the mobile device, a notification indicating that the action has been initiated;
receiving a second access control message from the mobile device including a request to reactivate login access to the online account;
determining that the mobile device is authorized to initiate reactivation of login access to the online account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; and
upon determining that the mobile device is authorized initiate reactivation of login access to the online account, reactivating login access to the online account.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. The server may identify the mobile device based on identifying information in the access control message. Upon identifying the mobile device, the server may determine whether the user has authority to initiate the action to be performed on the online account. Upon determining that a user of the mobile device does have authority to initiate the indicated action, the action indicated in the access control message may be taken with respect to the online account.
79 Citations
15 Claims
-
1. A method for initiating an action for an online account, the method comprising:
-
receiving an access control message from a mobile device that includes at least a request to perform an action with respect to an online account, the access control message having been generated by a signed application on the mobile device and including a digital signature generated using a private key stored on the mobile device, wherein the action comprises preventing login access to the online account such that the account cannot be accessed even using the correct login information for the online account; establishing, in response to receiving the access control message, a network connection by communicatively coupling the server with the mobile device; receiving, via the network connection, identifying information associated with the mobile device; identifying the online account based at least in part on the identifying information associated with the mobile device, wherein the identifying the online account includes comparing the identifier of the mobile device to a plurality of stored identifiers, wherein the online account is associated with an accessibility status indicating whether the account can or cannot be accessed via a login using correct login credentials, such that a “
locked”
accessibility status indicates that the account cannot be accessed using correct login credentials, wherein the action comprises a command to update the accessibility status in a specified manner;verifying the authenticity of the digital signature using a public key associated with the mobile device; upon verifying the authenticity of the digital signature using the public key, determining, based on the access control message, that the mobile device is authorized to initiate the action with respect to the account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; and upon determining that the mobile device is authorized to initiate the action with respect to the online account, initiating the action such that the accessibility status of the account is updated based on the access control message without further interaction with the mobile device; and providing, to the mobile device, a notification indicating that the action has been initiated; receiving a second access control message from the mobile device including a request to reactivate login access to the online account; determining that the mobile device is authorized to initiate reactivation of login access to the online account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; and upon determining that the mobile device is authorized initiate reactivation of login access to the online account, reactivating login access to the online account. - View Dependent Claims (2, 3, 4)
-
-
5. A system for controlling access to an online account, comprising:
-
a processor; and a non-transitory computer readable medium coupled to the processor, wherein the computer readable medium includes code executable by the processor, the code operative to; receive an access control message from a mobile device, the access control message including an action to be performed on an online account, wherein the online account is associated with an accessibility status indicating whether the account can or cannot be accessed via a login using correct login credentials, such that a “
locked”
accessibility status indicates that the account cannot be accessed using correct login credentials for the online account, the access control message having been generated by a signed application on the mobile device and including a digital signature generated using a private key stored on the mobile device, wherein the action comprises preventing login access to the online account by updating the accessibility status to the “
locked”
accessibility status;establish, in response to receiving the access control message, a short message service communication session with the mobile device; receive, via the short message service communication session, identifying information associated with the mobile device; identify the online account based at least in part on the identifying information associated with the mobile device wherein identifying the online account comprises comparing the identifying information associated with the mobile device to stored mobile device identifiers; verify the authenticity of the digital signature using a public key associated with the mobile device; upon verifying the authenticity of the digital signature using the public key, determine, based at least in part on information associated with the identified online account, that the mobile device is authorized to initiate the action to be performed on the online account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; cause the action to be performed on the online account to be initiated such that the accessibility status of the account is updated based on the access control message without further interaction with the mobile device; and cause a notification to be provided to the mobile device indicating that the action has been performed; receive a second access control message from the mobile device including a request to reactivate login access to the online account; determine that the mobile device is authorized to initiate reactivation of login access to the online account by comparing the identifying information associated with the mobile device to verification information stored in association with the online account; and upon determining that the mobile device is authorized initiate reactivation of login access to the online account, reactivate login access to the online account. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A mobile device, comprising:
-
a processor; and a non-transitory computer readable medium coupled to the processor, wherein the computer readable medium includes code executable by the processor, the code operative to; receive, from a user of the mobile device, an indication of an action to be performed with respect to an online account associated with the user, wherein the action effects a change to an accessibility status of the online account, the indication of the action having been generated by a signed application on the mobile device and including a digital signature generated using a private key stored on the mobile device; verify the authenticity of the digital signature using a public key associated with the mobile device; upon verifying the authenticity of the digital signature using the public key, determine that the user has authority to initiate the action to be performed with respect to the online account; establish, by transmitting an access control message to a server, a short message service communication session with the server, the access control message including; the action to be performed with respect to an online account, and a device identifier used by the server to identify the online account; wherein the online account is identified based at least in part on the device identifier and the action to be performed with respect to an online account is initiated by the server such that the accessibility status of the online account is updated based on the action without further interaction with the mobile device, wherein the action to be performed with respect to the online account is an action to “
lock”
the online account, and wherein the action to “
lock”
the online account prevents login access to the online account even upon entering a correct username and password combination; andreceive, in response to the access control message, a notification indicating that the action has been performed; receive, from the user of the mobile device, an indication of a second action to be performed with respect to the online account, wherein the second action to be performed with respect to the online account is an action to “
unlock”
the online account, and wherein the action to “
unlock”
the online account enables login access to the online account upon entering a correct username and password combination; andtransmit a second access control message to the server that includes a request to complete the second action. - View Dependent Claims (12, 13, 14, 15)
-
Specification