Mobile Banking

US 20110039519A1
Filed: 10/25/2010
Published: 02/17/2011
Est. Priority Date: 02/04/2007
Status: Active Grant

First Claim

Patent Images

1. A method involving end-to-end secure communication from a wireless device to a remote computer, comprising:

receiving data from the wireless device comprising software compliant with a wireless protocol, the data relating to a request for access to the remote computer;

identifying a value of a user agent header corresponding to the wireless device;

determining whether the data is end-to-end secure from the wireless device to the remote computer, where the data travels through a network device before arriving at the remote computer;

where the determining whether the data is end-to-end secure includes comparing the value of the user agent header to a first list of approved values to determine if an exact match exists;

when the exact match does not exist, then identifying a portion of the value of the user agent header and comparing the portion with the first list of approved values to determine if a loose match exists; and

for each determination where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for identifying circumstances where end-to-end security is not available to a mobile banking customer. The user may be alerted/warned or restricted from accessing some banking services through his/her WAP-enabled mobile device if the server (e.g., bank server) determines that end-to-end security is not available. In some instances, the bank server may access a computer data file containing a list of known end-to-end secure devices and gateways to verify the integrity of the data communication. The server may verify the integrity of the data communication using loose matching.

19 Citations

20 Claims

1. A method involving end-to-end secure communication from a wireless device to a remote computer, comprising:
- receiving data from the wireless device comprising software compliant with a wireless protocol, the data relating to a request for access to the remote computer;
  
  identifying a value of a user agent header corresponding to the wireless device;
  
  determining whether the data is end-to-end secure from the wireless device to the remote computer, where the data travels through a network device before arriving at the remote computer;
  
  where the determining whether the data is end-to-end secure includes comparing the value of the user agent header to a first list of approved values to determine if an exact match exists;
  
  when the exact match does not exist, then identifying a portion of the value of the user agent header and comparing the portion with the first list of approved values to determine if a loose match exists; and
  
  for each determination where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, where the value of an identifier corresponding to a network device is identified and compared to a second list of approved values.
  - 3. The method of claim 2, where the data is not end-to-end secure if the data is decrypted by the network device, and the network device is a WAP-compliant gateway, and the user agent header comprises a wireless agent header corresponding to the wireless device comprising WAP-compliant software, and the value of the identifier comprises an IP address of the network device, and where the predetermined amount is one character, and the predetermined threshold size is five characters.
  - 4. The method of claim 1, where the determining whether the data is end-to-end secure includes determining whether a value of a via header is present in the request for access to the remote computer.
  - 5. The method of claim 1, where the first list of approved values comprises a list of wireless agent header values corresponding to wireless devices comprising WAP-compliant software that communicates the data to the remote computer in an end-to-end secure manner.
  - 6. The method of claim 3, where the second list of approved values comprises a list of IP addresses of network devices that do not decrypt the data when the data travels through the network device.
  - 7. The method of claim 6, where the data does not include a header portion of the communication from the wireless device to the remote computer.
  - 8. The method of claim 1, where the user agent header is a wireless agent profile corresponding to the wireless device, and the value of the user agent header comprises:
    - a value of a model attribute corresponding to the wireless agent profile;
      
      a value of a vendor attribute corresponding to the wireless agent profile; and
      
      a value of a version header corresponding to the wireless agent profile.
  - 9. The method of claim 8, where comparing the value of the user agent header to the first list of approved values comprises:
    - comparing at least a part of the value of the model attribute to a list of approved model values; and
      
      comparing at least a part of the value of the vendor attribute to a list of approved vendor values.
  - 10. The method of claim 1, further comprising, transmitting a response to the request, when the data is end-to-end secure, then the response includes an indication that the request for access to the remote computer is granted, else the response includes an indication that the request for access to the remote computer is denied;
  - 11. The method of claim 10, further comprising, when the request for access to the remote computer is granted, then the response to the request comprises information corresponding to a login screen.

12. An apparatus for verifying end-to-end secure wireless data transmission from a wireless device comprising a software compliant with a wireless protocol to a server, where the data transmission travels through a gateway configured to receive the data transmission from the wireless device, the apparatus comprising:
- a processor; and
  
  memory storing computer-readable instructions that when executed by a processor cause the apparatus to perform a method comprising;
  
  identifying a value of a first identifier, associated with the data transmission, corresponding to the wireless device;
  
  identifying a value of a second identifier, associated with the data transmission, corresponding to the gateway; and
  
  determining whether the data transmission is end-to-end secure from the wireless device to the server, including comparing the value of the first identifier to a first list of approved values, and comparing the value of the second identifier to a second list of approved values;
  
  where the comparing the value of the first identifier includes;
  
  comparing the value of the first identifier with the first list of approved values to determine that an exact match does not exist;
  
  identifying a portion of the value of the first identifier and comparing the portion with the first list of approved values to determine that a loose match does not exist; and
  
  reducing the portion in size by a predetermined amount and comparing the reduced portion of the first identifier with the first list of approved values to determine that a loose match does exist.
- View Dependent Claims (13, 14, 15)
- - 13. The apparatus of claim 12, where the wireless protocol is WAP, the gateway is a WAP-compliant gateway, and the first identifier is a user agent header, the system further comprising:
    - a data file accessible to the processor, the data file comprising IP addresses of WAP-compliant gateways that are approved for permitting end-to-end secure communication, and approved model values and approved vendor values that permit end-to-end secure communication.
  - 14. The apparatus of claim 12, wherein the comparing the value of the first identifier includes:
    - for each comparison of the first identifier where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount and then comparing the reduced portion of the first identifier with the first list of approved values.
  - 15. The apparatus of claim 12, wherein verifying end-to-end secure wireless data transmission includes:
    - determining a value for the second identifier corresponding to the gateway and comparing the value of the second identifier to a list of approved values.

16. A method for determining whether communication from a user device to a server is end-to-end secure, comprising:
- identifying a user device comprising a first WAP-compliant software;
  
  identifying a network device comprising a second WAP-compliant software;
  
  determining whether a data originating from the user device to the network device and then to the server is end-to-end secure;
  
  if the data is end-to-end secure, recording a value of a first identifier corresponding to the user device in a first computer file; and
  
  if the data is end-to-end secure, recording a value of a second identifier corresponding to the network device in a second computer file,
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, where the first identifier comprises a user agent header, and the value of the second identifier comprises an IP address.
  - 18. The method of claim 16, where the data is not end-to-end secure if at least one of:
    - the data is decrypted by the network device, and a value of a via header is present in a header relating to the data.
  - 19. The method of claim 16, where the first identifier comprises a model attribute of a user agent profile corresponding to the user device and a vendor attribute of the user agent profile.
  - 20. The method of claim 16, where the first computer file and the second computer file are part of a single file in XML format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Buchhop, Peter K., Bjugan, Ketil, Brown, Douglas Gerard

Granted Patent

US 8,036,638 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/3223   Realising banking transacti...

G06Q 20/325   using wireless networks

G06Q 20/326   Payment applications instal...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

Mobile Banking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile Banking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links