Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts

US 10,530,761 B2
Filed: 08/27/2018
Issued: 01/07/2020
Est. Priority Date: 09/08/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first computing device; and

a second computing device separate from the first computing device,wherein;

the first computing device is configured to communicate with the second computing device, a third computing device associated with an external application, and a fourth computing device associated with an institution;

the second computing device is configured to communicate with the first computing device, the third computing device, and the fourth computing device;

the first computing device is further configured to;

receive, from the third computing device, an authorization request including an indication of a user account;

retrieve, from the fourth computing device associated with the institution, information associated with the user account held by the institution;

generate at least;

an electronic record of the information, anda token associated with the electronic record;

cause at least one of a unique identifier associated with the token or the token to be provided to the third computing device; and

provide, to the second computing device, at least;

the electronic record of the information, andthe token associated with the electronic record; and

the second computing device is further configured to;

receive, from the first computing device, at least;

the electronic record of the information, andthe token associated with the electronic record;

receive, from the third computing device, at least;

the at least one of the unique identifier associated with the token or the token, anda request to cause a transaction related to the user account to be executed;

verify, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the third computing device to cause the transaction to be executed;

initiate the transaction via communication with the fourth computing device or another institution or transaction processor,whereby the third computing device is enabled to cause transactions related to the user account to be executed without sharing the information with the third computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user'"'"'s account.

257 Citations

20 Claims

1. A system comprising:
- a first computing device; and
  
  a second computing device separate from the first computing device,wherein;
  
  the first computing device is configured to communicate with the second computing device, a third computing device associated with an external application, and a fourth computing device associated with an institution;
  
  the second computing device is configured to communicate with the first computing device, the third computing device, and the fourth computing device;
  
  the first computing device is further configured to;
  
  receive, from the third computing device, an authorization request including an indication of a user account;
  
  retrieve, from the fourth computing device associated with the institution, information associated with the user account held by the institution;
  
  generate at least;
  
  an electronic record of the information, anda token associated with the electronic record;
  
  cause at least one of a unique identifier associated with the token or the token to be provided to the third computing device; and
  
  provide, to the second computing device, at least;
  
  the electronic record of the information, andthe token associated with the electronic record; and
  
  the second computing device is further configured to;
  
  receive, from the first computing device, at least;
  
  the electronic record of the information, andthe token associated with the electronic record;
  
  receive, from the third computing device, at least;
  
  the at least one of the unique identifier associated with the token or the token, anda request to cause a transaction related to the user account to be executed;
  
  verify, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the third computing device to cause the transaction to be executed;
  
  initiate the transaction via communication with the fourth computing device or another institution or transaction processor,whereby the third computing device is enabled to cause transactions related to the user account to be executed without sharing the information with the third computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the second computing device is further configured to:
    - receive a request to deauthorize the third computing device from causing execution of transactions related to the user account; and
      
      in response to the request to deauthorize the third computing device, revoke the at least one of the unique identifier associated with the token or the token,whereby deauthorization of the third computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token.
  - 3. The system of claim 1, wherein:
    - the first computing device is further configured to;
      
      provide, to the second computing device, one or more permissions along with the electronic record of the information; and
      
      the second computing device is further configured to;
      
      in response to receiving the request to cause the transaction related to the user account to be executed, determine, based on the one or more permissions, an authorization of the external application to cause the transaction related to the user account to be executed.
  - 4. The system of claim 3, wherein the second computing device is further configured to:
    - provide an indication to the third computing device whether or not there is an authorization of the external application to cause the transaction related to the user account to be executed.
  - 5. The system of claim 1, wherein the information associated with the user account includes at least one of:
    - an indication of the external application, an indication of the institution, an account number, or a routing number.
  - 6. The system of claim 1, wherein the second computing device is further configured to:
    - provide an indication to the third computing device whether or not execution of the transaction is successful.
  - 7. The system of claim 1, wherein the generating is performed in response to a request received from a computing device associated with the external application.
  - 8. The system of claim 1, wherein the third and fourth computing devices do not directly communicate with one another.

9. A system comprising:
- a first computing device in communication with a second computing device separate from the first computing device, a third computing device associated with an external application, and a fourth computing device associated with an institution, the first computing device configured to;
  
  receive, from the third computing device, an authorization request including an indication of a user account;
  
  retrieve, from the fourth computing device associated with the institution, information associated with the user account held by the institution;
  
  generate at least;
  
  an electronic record of the information, anda token associated with the electronic record;
  
  cause at least one of a unique identifier associated with the token or the token to be provided to the third computing device; and
  
  provide, to the second computing device, at least;
  
  the electronic record of the information, andthe token associated with the electronic record,wherein the token is useable by the second computing device to verify an authorization of the third computing device to request to cause a transaction related to the user account to be executed,whereby the third computing device is enabled to cause transactions related to the user account to be executed without sharing the information with the third computing device.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein the transaction is to be executed via communication between the second computing device and the fourth computing device or another institution or transaction processor.
  - 11. The system of claim 9, wherein the first computing device is further configured to:
    - provide, to the second computing device, one or more permissions along with the electronic record of the information, wherein the one or more permissions are usable by the second computing device to further determine an authorization of the third computing device to cause the transaction related to the user account to be executed.
  - 12. The system of claim 9, wherein the information associated with the user account includes at least one of:
    - an indication of the external application, an indication of the institution, an account number, or a routing number.
  - 13. The system of claim 9, wherein the generating is performed in response to a request received from a computing device associated with the external application.

14. A system comprising:
- a second computing device in communication with a first computing device separate from the second computing device, a third computing device associated with an external application, and a fourth computing device associated with an institution, the second computing device configured to;
  
  receive, from the first computing device, at least;
  
  an electronic record of information associated with the user account held by the institution, the information retrieved from the fourth computing device via the first computing device, anda token associated with the electronic record, the token generated by the first computing device;
  
  receive, from the third computing device, at least;
  
  at least one of a unique identifier associated with the token or the token, anda request to cause a transaction related to the user account to be executed;
  
  verify, based at least in part on the at least one of the unique identifier associated with the token or the token, authorization of the third computing device to cause the transaction to be executed;
  
  initiate the transaction via communication with the fourth computing device or another institution or transaction processor,whereby the third computing device is enabled to cause transactions related to the user account to be executed without sharing the information with the third computing device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the second computing device is further configured to:
    - receive a request to deauthorize the third computing device from causing execution of transactions related to the user account; and
      
      in response to the request to deauthorize the third computing device, revoke the at least one of the unique identifier associated with the token or the token,whereby deauthorization of the third computing device from causing transactions to be executed is efficiently enabled by revocation of the at least one of the unique identifier associated with the token or the token.
  - 16. The system of claim 14, wherein the second computing device is further configured to:
    - in response to receiving the request to cause the transaction related to the user account to be executed, determine, based on one or more permissions provided by the first computing device, an authorization of the external application to cause the transaction related to the user account to be executed.
  - 17. The system of claim 16, wherein the second computing device is further configured to:
    - provide an indication to the third computing device whether or not there is an authorization of the external application to cause the transaction related to the user account to be executed.
  - 18. The system of claim 14, wherein the information associated with the user account includes at least one of:
    - an indication of the external application, an indication of the institution, an account number, or a routing number.
  - 19. The system of claim 14, wherein the second computing device is further configured to:
    - provide an indication to the third computing device whether or not execution of the transaction is successful.
  - 20. The system of claim 14, wherein the third and fourth computing devices do not directly communicate with one another.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Plaid Inc.
Original Assignee
Plaid Technologies Incorporated (Plaid Inc.)
Inventors
Hockey, William, Kelly, Michael
Primary Examiner(s)
Nguyen, Tien C

Application Number

US16/113,323
Publication Number

US 20190182233A1
Time in Patent Office

498 Days
Field of Search

705 35, 705 44, 705 39, 705 37, 705 38, 709203, 709217, 713155, 719317
US Class Current
CPC Class Codes

G06Q 20/385   using an alias or single-us...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0892   by using authentication-aut...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

257 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

257 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links