Preventing unauthorized access to secured information systems using authentication tokens and multi-device authentication prompts

US 10,645,079 B2
Filed: 05/12/2017
Issued: 05/05/2020
Est. Priority Date: 05/12/2017
Status: Active Grant

First Claim

Patent Images

1. A computing platform, comprising:

at least one processor;

a communication interface communicatively coupled to the at least one processor; and

memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;

receive, via the communication interface, from an end user desktop computing device, a request to login to a user account associated with a user account portal, wherein the request to login to the user account associated with the user account portal comprises only a username corresponding to the user account associated with the user account portal and does not comprise any other authenticators associated with a user of the end user desktop computing device;

in response to receiving only the username corresponding to the user account associated with the user account portal;

generate an authentication token in an authentication database; and

send a notification to at least one registered device linked to the user account associated with the user account portal;

after sending the notification to the at least one registered device linked to the user account associated with the user account portal, receive, via the communication interface, from the at least one registered device linked to the user account associated with the user account portal, an authentication response message;

if the authentication response message indicates that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal, update the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved; and

after updating the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved, provide, to the end user desktop computing device, access to a portal interface based on the authentication token in the authentication database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

80 Citations

20 Claims

1. A computing platform, comprising:
- at least one processor;
  
  a communication interface communicatively coupled to the at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
  
  receive, via the communication interface, from an end user desktop computing device, a request to login to a user account associated with a user account portal, wherein the request to login to the user account associated with the user account portal comprises only a username corresponding to the user account associated with the user account portal and does not comprise any other authenticators associated with a user of the end user desktop computing device;
  
  in response to receiving only the username corresponding to the user account associated with the user account portal;
  
  generate an authentication token in an authentication database; and
  
  send a notification to at least one registered device linked to the user account associated with the user account portal;
  
  after sending the notification to the at least one registered device linked to the user account associated with the user account portal, receive, via the communication interface, from the at least one registered device linked to the user account associated with the user account portal, an authentication response message;
  
  if the authentication response message indicates that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal, update the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved; and
  
  after updating the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved, provide, to the end user desktop computing device, access to a portal interface based on the authentication token in the authentication database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18, 19, 20)
- - 2. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - if the authentication response message does not indicate that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal;
      
      generate an error message for the end user desktop computing device; and
      
      send, via the communication interface, to the end user desktop computing device, the error message generated for the end user desktop computing device.
  - 3. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to generating the authentication token in the authentication database;
      
      load, from a user account database, user account information corresponding to the user account associated with the user account portal; and
      
      confirm, based on the user account information loaded from the user account database, that the user account associated with the user account portal is enrolled for multi- device authentication prompts.
  - 4. The computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
    - prior to sending the notification to the at least one registered device linked to the user account associated with the user account portal, identify the at least one registered device as being linked to the user account associated with the user account portal based on user account information loaded from a user account database.
  - 5. The computing platform of claim 4, wherein sending the notification to the at least one registered device linked to the user account associated with the user account portal comprises:
    - generating one or more commands directing a notification engine system to push at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal; and
      
      sending, via the communication interface, to the notification engine system, the one or more commands directing the notification engine system to push the at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal.
  - 6. The computing platform of claim 5, wherein the one or more commands directing the notification engine system to push the at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal are configured to cause the at least one registered device linked to the user account associated with the user account portal to present at least one authentication prompt.
  - 7. The computing platform of claim 6, wherein receiving the authentication response message comprises receiving information indicating that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal in response to the at least one authentication prompt.
  - 8. The computing platform of claim 5, wherein the one or more commands directing the notification engine system to push the at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal are configured to cause the at least one registered device linked to the user account associated with the user account portal to present at least one biometric authentication prompt.
  - 9. The computing platform of claim 8, wherein receiving the authentication response message comprises receiving information indicating that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal in response to the at least one biometric authentication prompt.
  - 10. The computing platform of claim 1, wherein providing the access to the portal interface based on the authentication token in the authentication database comprises providing the access to the portal interface after receiving a polling request from the end user desktop computing device.
  - 17. The computing platform of claim 1, wherein providing the access to the portal interface based on the authentication token in the authentication database comprises redirecting the end user desktop computing device to a user account portal computer system.
  - 18. The computing platform of claim 17, wherein redirecting the end user desktop computing device to the user account portal computer system comprises launching an authenticated user account portal session on the user account portal computer system for a web application on the end user desktop computing device.
  - 19. The computing platform of claim 18, wherein launching the authenticated user account portal session on the user account portal computer system for the web application on the end user desktop computing device comprises:
    - generating one or more commands comprising embedded authentication headers; and
      
      sending the one or more commands comprising the embedded authentication headers to the user account portal computer system.
  - 20. The computing platform of claim 1, wherein updating the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved causes a web application on the end user desktop computing device to request an account overview page of an online banking portal associated with the computing platform.

11. A method, comprising:
- at a computing platform comprising at least one processor, memory, and a communication interface;
  
  receiving, by the at least one processor, via the communication interface, from an end user desktop computing device, a request to login to a user account associated with a user account portal, wherein the request to login to the user account associated with the user account portal comprises only a username corresponding to the user account associated with the user account portal and does not comprise any other authenticators associated with a user of the end user desktop computing device;
  
  in response to receiving only the username corresponding to the user account associated with the user account portal;
  
  generating, by the at least one processor, an authentication token in an authentication database; and
  
  sending, by the at least one processor, a notification to at least one registered device linked to the user account associated with the user account portal;
  
  after sending the notification to the at least one registered device linked to the user account associated with the user account portal, receiving, by the at least one processor, via the communication interface, from the at least one registered device linked to the user account associated with the user account portal, an authentication response message;
  
  if the authentication response message indicates that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal, updating, by the at least one processor, the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved; and
  
  after updating the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved, providing, by the at least one processor, to the end user desktop computing device, access to a portal interface based on the authentication token in the authentication database.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, comprising:
    - if the authentication response message does not indicate that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal;
      
      generating, by the at least one processor, an error message for the end user desktop computing device; and
      
      sending, by the at least one processor, via the communication interface, to the end user desktop computing device, the error message generated for the end user desktop computing device.
  - 13. The method of claim 11, comprising:
    - prior to generating the authentication token in the authentication database;
      
      loading, by the at least one processor, from a user account database, user account information corresponding to the user account associated with the user account portal; and
      
      confirming, by the at least one processor, based on the user account information loaded from the user account database, that the user account associated with the user account portal is enrolled for multi-device authentication prompts.
  - 14. The method of claim 11, comprising:
    - prior to sending the notification to the at least one registered device linked to the user account associated with the user account portal, identifying, by the at least one processor, the at least one registered device as being linked to the user account associated with the user account portal based on user account information loaded from a user account database.
  - 15. The method of claim 14, wherein sending the notification to the at least one registered device linked to the user account associated with the user account portal comprises:
    - generating one or more commands directing a notification engine system to push at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal; and
      
      sending, via the communication interface, to the notification engine system, the one or more commands directing the notification engine system to push the at least one authentication notification to the at least one registered device linked to the user account associated with the user account portal.

16. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
- receive, via the communication interface, from an end user desktop computing device, a request to login to a user account associated with a user account portal, wherein the request to login to the user account associated with the user account portal comprises only a username corresponding to the user account associated with the user account portal and does not comprise any other authenticators associated with a user of the end user desktop computing device;
  
  in response to receiving only the username corresponding to the user account associated with the user account portal;
  
  generate an authentication token in an authentication database; and
  
  send a notification to at least one registered device linked to the user account associated with the user account portal;
  
  after sending the notification to the at least one registered device linked to the user account associated with the user account portal, receive, via the communication interface, from the at least one registered device linked to the user account associated with the user account portal, an authentication response message;
  
  if the authentication response message indicates that valid authentication input was received by the at least one registered device linked to the user account associated with the user account portal, update the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved; and
  
  after updating the authentication token in the authentication database to indicate that the request to login to the user account associated with the user account portal has been approved, provide, to the end user desktop computing device, access to a portal interface based on the authentication token in the authentication database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Arora, Ashish, Jayaramaiah, Muniraju, Zhang, Xianhong
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Ahmed, Mahabub S

Application Number

US15/593,483
Publication Number

US 20180332032A1
Time in Patent Office

1,089 Days
Field of Search

726 4, 726 21, 726 79, 726 17
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

Preventing unauthorized access to secured information systems using authentication tokens and multi-device authentication prompts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing unauthorized access to secured information systems using authentication tokens and multi-device authentication prompts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links