SECURE PERMISSIONING OF ACCESS TO USER ACCOUNTS, INCLUDING SECURE DEAUTHORIZATION OF ACCESS TO USER ACCOUNTS

US 20170070500A1
Filed: 09/07/2016
Published: 03/09/2017
Est. Priority Date: 09/08/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing user account data, the computer-implemented method comprising:

by one or more hardware processors executing program instructions;

receiving, from a first computing device, information associated with an authorization request, wherein the information includes at least;

account credentials associated with one or more user accounts;

generating at least;

an electronic record of the information, anda token associated with the electronic record;

providing the token to the first computing device;

receiving, from a second computing device, at least;

the token, anda request for user account data associated with at least one of the one or more user accounts; and

providing, to the second computing device and based on the account credentials, user account data associated with the at least one of the one or more user accounts.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user'"'"'s account.

70 Citations

View as Search Results

29 Claims

1. A computer-implemented method of providing user account data, the computer-implemented method comprising:
- by one or more hardware processors executing program instructions;
  
  receiving, from a first computing device, information associated with an authorization request, wherein the information includes at least;
  
  account credentials associated with one or more user accounts;
  
  generating at least;
  
  an electronic record of the information, anda token associated with the electronic record;
  
  providing the token to the first computing device;
  
  receiving, from a second computing device, at least;
  
  the token, anda request for user account data associated with at least one of the one or more user accounts; and
  
  providing, to the second computing device and based on the account credentials, user account data associated with the at least one of the one or more user accounts.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      verifying authorization to access the user account data based on the token.
  - 3. The computer-implemented method of claim 1 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      providing, to the first computing device, a request for additional information.
  - 4. The computer-implemented method of claim 3, wherein the additional information includes at least one of:
    - multi-factor authentication information, a selection of a user account of a plurality of user accounts, or an indication of agreement to a document.
  - 5. The computer-implemented method of claim 3 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      receiving, from the first computing device, a response to the request for additional information, wherein the user account data is not provided to the second computing device until after the response is received.
  - 6. The computer-implemented method of claim 1, wherein the information further includes at least one of:
    - an indication of an external application, or an indication of an entity associated with the second computing device.
  - 7. The computer-implemented method of claim 6, wherein the second computing device is configured to provide the user account data to a computing device associated with the external application.
  - 8. The computer-implemented method of claim 6 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      receiving a request to deauthorize access to the user account data by the external application; and
      
      in response to the request to deauthorize access, revoking the token or access to the user account associated with the token.
  - 9. The computer-implemented method of claim 1, wherein the information further includes one or more permissions.
  - 10. The computer-implemented method of claim 9 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      in response to receiving the request for user account data, determining, based on the one or more permissions, an authorization of an external application to access the user account data.
  - 11. The computer-implemented method of claim 1, wherein the first computing device includes program instructions that, when executed by a processor of the first computing device, cause the first computing device to provide the token to the second computing device.

12. A computer-implemented method of providing user account data, the computer-implemented method comprising:
- by one or more hardware processors executing program instructions;
  
  receiving, from a first computing device, a token associated with an authorization request, wherein the token is further associated with an institution, an external application, and a user account held by the institution;
  
  receiving a request for user account data from a second computing device, wherein the second computing device is associated with the external application;
  
  providing, to a computing device associated with the institution;
  
  the token, anda request for user account data associated with the user account; and
  
  receiving user account data from a computing device associated with the institution.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 13. The computer-implemented method of claim 12, wherein the token is received from a computing device associated with the institution.
  - 14. The computer-implemented method of claim 12, wherein the token is received from the first computing device.
  - 15. The computer-implemented method of claim 12, wherein the token is generated by a computing device of the institution based on account credentials provided via the first computing device to a computing device associated with the institution.
  - 16. The computer-implemented method of claim 15 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      providing, to the first computing device, instructions to provide the account credentials to a computing device associated with the institution.
  - 17. The computer-implemented method of claim 15, wherein the token is used by the institution to authorize access to the user account data based on account credentials associated with the token.
  - 18. The computer-implemented method of claim 12 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      providing a unique identifier associated with the token to a computing device associated with the external application, wherein the request for user account data includes the unique identifier.
  - 19. The computer-implemented method of claim 18, wherein the unique identifier associated with the token is provided to the computing device associated with the external application by at least:
    - providing a public token or key to the computing device associated with the external application;
      
      receiving, from the computing device associated with the external application, authentication information including the public token or key, a secret key, and an identifier associated with the external application; and
      
      verifying the validity of the authentication information.
  - 20. The computer-implemented method of claim 12, wherein the second computing device is configured to provide the user account data to the first computing device.
  - 21. The computer-implemented method of claim 12 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      receiving a request to deauthorize access to the user account data by the external application; and
      
      in response to the request to deauthorize access, revoke the token or access to the user account data associated with the token.
  - 22. The computer-implemented method of claim 12, wherein the information further includes one or more permissions.
  - 23. The computer-implemented method of claim 22 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      in response to receiving the request for user account data, determining, based on the one or more permissions, an authorization of the external application to access the user account data.
  - 24. The computer-implemented method of claim 12 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      providing the user account data to at least one of;
      
      the second computing device, or a computing device associated with a trusted third-party transaction processor.

25. A computer-implemented method of authorizing access to user account data, the computer-implemented method comprising:
- by one or more hardware processors executing program instructions;
  
  providing, to a first computing device associated with an institution, information associated with an authorization request, wherein the information includes at least;
  
  account credentials associated with one or more user accounts;
  
  receiving, from the first computing device, a request for additional information, wherein the additional information includes at least one of;
  
  multi-factor authentication information, a selection of a user account of a plurality of user accounts, or an indication of agreement to a document;
  
  receiving, from a computing device associated with the institution, a token associated with the institution, an external application, and at least one of the one or more user accounts; and
  
  providing the token to a second computing device.
- View Dependent Claims (26, 27, 28, 29)
- - 26. A computer-implemented method of claim 25 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      rendering a graphical user interface; and
      
      receiving, via the graphical user interface, the account credentials,wherein the account credentials are securely received and provided to the first computing device and are not accessible by the second computing device or the third computing device.
  - 27. The computer-implemented method of claim 25, wherein the information further includes at least one of:
    - an indication of an external application, or an indication of an entity associated with the second computing device.
  - 28. The computer-implemented method of claim 25 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      receiving, from a third computing device associated with the external application, user account data associated with the at least one of the one or more user accounts.
  - 29. The computer-implemented method of claim 25 further comprising:
    - by the one or more hardware processors executing program instructions;
      
      receiving, from a computing device associated with a trusted third-party transaction processor, user account data associated with the at least one of the one or more user accounts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Plaid Inc.
Original Assignee
Plaid Technologies Incorporated (Plaid Inc.)
Inventors
Hockey, William, Kelly, Michael

Granted Patent

US 10,003,591 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/385   using an alias or single-us...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0892   by using authentication-aut...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

SECURE PERMISSIONING OF ACCESS TO USER ACCOUNTS, INCLUDING SECURE DEAUTHORIZATION OF ACCESS TO USER ACCOUNTS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PERMISSIONING OF ACCESS TO USER ACCOUNTS, INCLUDING SECURE DEAUTHORIZATION OF ACCESS TO USER ACCOUNTS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links