Person-to-person network architecture for secure authorization and approval

US 10,454,941 B2
Filed: 05/05/2017
Issued: 10/22/2019
Est. Priority Date: 05/05/2017
Status: Active Grant

First Claim

Patent Images

1. A system for configuring and executing a secure communication network for authorizing access to safeguarded resources, the system comprising:

a memory device; and

one or more processing devices operatively coupled to the memory device, wherein the one or more processing devices are configured to execute computer-readable program code to;

receive a request from a first user to grant a second user access to an account associated with the first user;

in response to receiving the request to grant the second user the access to the account associated with the first user, configure a secure dedicated communication channel between a computing device of the first user and a computing device of the second user;

transmit, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user;

receive, from the computing device of the second user, an acceptance of the request to grant the second user the access to the account associated with the first user;

in response to receiving the acceptance, transmit control signals configured to cause the computing device of the second user to display notification of an authentication challenge and a request for an input of an authentication challenge response, wherein the authentication challenge is configured to query memory of the computing device of the second user to retrieve data that identifies the second user and the input is authorization by the second user to query the memory of the computing device of the second user;

in response to the second user providing the input that authorizes querying of the memory of the computing device of the second user, receive, from the computing device of the second user, the authentication challenge response including the data that identifies the second user;

compare the received data that identifies the second user with authentication data of the second user stored in a database to determine that the received authentication challenge response is acceptable; and

in response to determining that the received authentication challenge response is acceptable, grant the second user with access rights to the account associated with the first user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for configuring and executing a secure communication network for authorizing access to safeguarded resources is provided. In particular, the system uses person-to-person (P2P) authentication technology to securely transmit resources between users. In this way, an efficient way to for users to manage resources is provided.

65 Citations

20 Claims

1. A system for configuring and executing a secure communication network for authorizing access to safeguarded resources, the system comprising:
- a memory device; and
  
  one or more processing devices operatively coupled to the memory device, wherein the one or more processing devices are configured to execute computer-readable program code to;
  
  receive a request from a first user to grant a second user access to an account associated with the first user;
  
  in response to receiving the request to grant the second user the access to the account associated with the first user, configure a secure dedicated communication channel between a computing device of the first user and a computing device of the second user;
  
  transmit, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user;
  
  receive, from the computing device of the second user, an acceptance of the request to grant the second user the access to the account associated with the first user;
  
  in response to receiving the acceptance, transmit control signals configured to cause the computing device of the second user to display notification of an authentication challenge and a request for an input of an authentication challenge response, wherein the authentication challenge is configured to query memory of the computing device of the second user to retrieve data that identifies the second user and the input is authorization by the second user to query the memory of the computing device of the second user;
  
  in response to the second user providing the input that authorizes querying of the memory of the computing device of the second user, receive, from the computing device of the second user, the authentication challenge response including the data that identifies the second user;
  
  compare the received data that identifies the second user with authentication data of the second user stored in a database to determine that the received authentication challenge response is acceptable; and
  
  in response to determining that the received authentication challenge response is acceptable, grant the second user with access rights to the account associated with the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the one or more processing devices are further configured to execute computer-readable program code to:
    - receive the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user comprises an electronic authorization document associated with the access to the account associated with the first user;
      
      in response to determining that the received authentication challenge response is acceptable, transmit the electronic authorization document, via the secure dedicated communication channel, from the computing device of the first use to the computing device of the second user;
      
      receive, from the computing device of the second user, the electronic authorization document;
      
      determine that the electronic authorization document received from the computing device of the second user has successfully been completed; and
      
      in response to determining that the electronic authorization document has successfully been completed, grant the second user the access rights to the account associated with the first user.
  - 3. The system of claim 1, wherein the one or more processing devices are further configured to execute computer-readable program code to:
    - receive the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user is conditioned on an occurrence of a triggering event;
      
      receive an indication of the occurrence of the triggering event; and
      
      in response to receiving the indication of the occurrence of the triggering event, transmit, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user.
  - 4. The system of claim 1, wherein the one or more processing devices are further configured to execute computer-readable program code to:
    - receive a request from the first user to grant a third user limited access to the account associated with the first user;
      
      in response to receiving the request to grant the third user the limited access to the account associated with the first user, configure a new secure dedicated communication channel between the computing device of the first user and a computing device of the third user;
      
      transmit, via the new secure dedicated communication channel, to the computing device of the third user, the request to grant the second user the limited access to the account associated with the first user;
      
      receive, from the computing device of the third user, an acceptance of the request to grant the third user the limited access to the account associated with the first user;
      
      in response to receiving the acceptance, transmit control signals configured to cause the computing device of the third user to display notification of a limited authentication challenge and a request for an input of a limited authentication challenge response, wherein the limited authentication challenge is configured to query memory of the computing device of the third user to retrieve data that identifies the third user and the input is authorization by the third user to query the memory of the computing device of the third user;
      
      in response to the third user providing the input that authorizes querying of the memory of the computing device of the third user, receive, from the computing device of the third user, the limited authentication challenge response including the data that identifies the third user;
      
      compare the received data that identifies the third user with authentication data of the third user stored in the database to determine that the received limited authentication challenge response is acceptable; and
      
      in response to determining that the received limited authentication challenge response is acceptable, grant the third user with limited access rights to the account associated with the first user.
  - 5. The system of claim 1, wherein the one or more processing devices are further configured to execute computer-readable program code to:
    - terminate the access rights of the second user to the account associated with the first user after a predetermined period of time or in response to receiving a request from the first user to terminate the access rights of the second user.
  - 6. The system of claim 1, wherein the request from the first user to grant the second user access to an account associated with the first user is associated with a request to grant the second user a power of attorney right with respect to at least the account associated with the first user.
  - 7. The system of claim 1, wherein the request from the first user to grant the second user access to an account associated with the first user is associated with a request to grant the second user a legal right to perform an action on behalf of the first user that the second user would otherwise not have the legal right to perform.

8. A computer program product for configuring and executing a secure communication network for authorizing access to safeguarded resources, the computer program product comprising at least one non-transitory computer readable medium comprising computer readable instructions, the instructions comprising instructions for:
- receiving a request from a first user to grant a second user access to an account associated with the first user;
  
  in response to receiving the request to grant the second user the access to the account associated with the first user, configuring a secure dedicated communication channel between a computing device of the first user and a computing device of the second user;
  
  transmitting, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user;
  
  receiving, from the computing device of the second user, an acceptance of the request to grant the second user the access to the account associated with the first user;
  
  in response to receiving the acceptance, transmitting control signals configured to cause the computing device of the second user to display notification of an authentication challenge and a request for an input of an authentication challenge response, wherein the authentication challenge is configured to query memory of the computing device of the second user to retrieve data that identifies the second user and the input is authorization by the second user to query the memory of the computing device of the second user;
  
  in response to the second user providing the input that authorizes querying of the memory of the computing device of the second user, receiving, from the computing device of the second user, the authentication challenge response including the data that identifies the second user;
  
  comparing the received data that identifies the second user with authentication data of the second user stored in a database to determine that the received authentication challenge response is acceptable; and
  
  in response to determining that the received authentication challenge response is acceptable, granting the second user with access rights to the account associated with the first user.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the computer readable instructions further comprise instructions for:
    - receiving the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user comprises an electronic authorization document associated with the access to the account associated with the first user;
      
      in response to determining that the received authentication challenge response is acceptable, transmitting the electronic authorization document, via the secure dedicated communication channel, from the computing device of the first use to the computing device of the second user;
      
      receiving, from the computing device of the second user, the electronic authorization document;
      
      determining that the electronic authorization document received from the computing device of the second user has successfully been completed; and
      
      in response to determining that the electronic authorization document has successfully been completed, granting the second user the access rights to the account associated with the first user.
  - 10. The computer program product of claim 8, wherein the computer readable instructions further comprise instructions for:
    - receiving the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user is conditioned on an occurrence of a triggering event;
      
      receiving an indication of the occurrence of the triggering event; and
      
      in response to receiving the indication of the occurrence of the triggering event, transmitting, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user.
  - 11. The computer program product of claim 8, wherein the computer readable instructions further comprise instructions for:
    - receiving a request from the first user to grant a third user limited access to the account associated with the first user;
      
      in response to receiving the request to grant the third user the limited access to the account associated with the first user, configuring a new secure dedicated communication channel between the computing device of the first user and a computing device of the third user;
      
      transmitting, via the new secure dedicated communication channel, to the computing device of the third user, the request to grant the second user the limited access to the account associated with the first user;
      
      receiving, from the computing device of the third user, an acceptance of the request to grant the third user the limited access to the account associated with the first user;
      
      in response to receiving the acceptance, transmitting control signals configured to cause the computing device of the third user to display notification of a limited authentication challenge and a request for an input of a limited authentication challenge response, wherein the limited authentication challenge is configured to query memory of the computing device of the third user to retrieve data that identifies the third user and the input is authorization by the third user to query the memory of the computing device of the third user;
      
      in response to the third user providing the input that authorizes querying of the memory of the computing device of the third user, receiving, from the computing device of the third user, the limited authentication challenge response including the data that identifies the third user;
      
      comparing the received data that identifies the third user with authentication data of the third user stored in the database to determine that the received limited authentication challenge response is acceptable; and
      
      in response to determining that the received limited authentication challenge response is acceptable, granting the third user with limited access rights to the account associated with the first user.
  - 12. The computer program product of claim 8, wherein the computer readable instructions further comprise instructions for:
    - terminating the access rights of the second user to the account associated with the first user after a predetermined period of time or in response to receiving a request from the first user to terminate the access rights of the second user.
  - 13. The computer program product of claim 8, wherein the request from the first user to grant the second user access to an account associated with the first user is associated with a request to grant the second user a power of attorney right with respect to at least the account associated with the first user.
  - 14. The computer program product of claim 8, wherein the request from the first user to grant the second user access to an account associated with the first user is associated with a request to grant the second user a legal right to perform an action on behalf of the first user that the second user would otherwise not have the legal right to perform.

15. A computer implemented method for configuring and executing a secure communication network for authorizing access to safeguarded resources, said computer implemented method comprising:
- providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs the following operations;
  
  receiving a request from a first user to grant a second user access to an account associated with the first user;
  
  in response to receiving the request to grant the second user the access to the account associated with the first user, configuring a secure dedicated communication channel between a computing device of the first user and a computing device of the second user;
  
  transmitting, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user;
  
  receiving, from the computing device of the second user, an acceptance of the request to grant the second user the access to the account associated with the first user;
  
  in response to receiving the acceptance, transmitting control signals configured to cause the computing device of the second user to display notification of an authentication challenge and a request for an input of an authentication challenge response, wherein the authentication challenge is configured to query memory of the computing device of the second user to retrieve data that identifies the second user and the input is authorization by the second user to query the memory of the computing device of the second user;
  
  in response to the second user providing the input that authorizes querying of the memory of the computing device of the second user, receiving, from the computing device of the second user, the authentication challenge response including the data that identifies the second user;
  
  comparing the received data that identifies the second user with authentication data of the second user stored in a database to determine that the received authentication challenge response is acceptable; and
  
  in response to determining that the received authentication challenge response is acceptable, granting the second user with access rights to the account associated with the first user.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer implemented method of claim 15, further comprising:
    - receiving the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user comprises an electronic authorization document associated with the access to the account associated with the first user;
      
      in response to determining that the received authentication challenge response is acceptable, transmitting the electronic authorization document, via the secure dedicated communication channel, from the computing device of the first use to the computing device of the second user;
      
      receiving, from the computing device of the second user, the electronic authorization document;
      
      determining that the electronic authorization document received from the computing device of the second user has successfully been completed; and
      
      in response to determining that the electronic authorization document has successfully been completed, granting the second user the access rights to the account associated with the first user.
  - 17. The computer implemented method of claim 15, further comprising:
    - receiving the request from the first user to grant the second user the access to the account associated with the first user, wherein the request to grant the second user the access to the account associated with the first user is conditioned on an occurrence of a triggering event;
      
      receiving an indication of the occurrence of the triggering event; and
      
      in response to receiving the indication of the occurrence of the triggering event, transmitting, via the secure dedicated communication channel, to the computing device of the second user, the request to grant the second user the access to the account associated with the first user.
  - 18. The computer implemented method of claim 15, further comprising:
    - receiving a request from the first user to grant a third user limited access to the account associated with the first user;
      
      in response to receiving the request to grant the third user the limited access to the account associated with the first user, configuring a new secure dedicated communication channel between the computing device of the first user and a computing device of the third user;
      
      transmitting, via the new secure dedicated communication channel, to the computing device of the third user, the request to grant the second user the limited access to the account associated with the first user;
      
      receiving, from the computing device of the third user, an acceptance of the request to grant the third user the limited access to the account associated with the first user;
      
      in response to receiving the acceptance, transmitting control signals configured to cause the computing device of the third user to display notification of a limited authentication challenge and a request for an input of a limited authentication challenge response, wherein the limited authentication challenge is configured to query memory of the computing device of the third user to retrieve data that identifies the third user and the input is authorization by the third user to query the memory of the computing device of the third user;
      
      in response to the third user providing the input that authorizes querying of the memory of the computing device of the third user, receiving, from the computing device of the third user, the limited authentication challenge response including the data that identifies the third user;
      
      comparing the received data that identifies the third user with authentication data of the third user stored in the database to determine that the received limited authentication challenge response is acceptable; and
      
      in response to determining that the received limited authentication challenge response is acceptable, granting the third user with limited access rights to the account associated with the first user.
  - 19. The computer implemented method of claim 15, further comprising:
    - terminating the access rights of the second user to the account associated with the first user after a predetermined period of time or in response to receiving a request from the first user to terminate the access rights of the second user.
  - 20. The computer implemented method of claim 15, wherein the request from the first user to grant the second user access to an account associated with the first user is associated with a request to grant the second user a power of attorney right with respect to at least the account associated with the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Dintenfass, Katherine, Votaw, Elizabeth S., Wadley, Cameron Darnell
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/588,353
Publication Number

US 20180324186A1
Time in Patent Office

900 Days
Field of Search

726 26- 30
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/604   Tools and structures for ma...

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04W 12/02   Protecting privacy or anony...

Person-to-person network architecture for secure authorization and approval

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Person-to-person network architecture for secure authorization and approval

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links