Mobile banking

US 8,036,638 B2
Filed: 10/25/2010
Issued: 10/11/2011
Est. Priority Date: 02/04/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus for verifying end-to-end secure wireless data transmission from a wireless device comprising a software compliant with a wireless protocol to a server, where the data transmission travels through a gateway configured to receive the data transmission from the wireless device, the apparatus comprising:

a processor; and

memory storing computer-readable instructions that when executed by the processor cause the apparatus to perform a method comprising;

identifying a value of a first identifier, associated with the data transmission, corresponding to the wireless device;

identifying a value of a second identifier, associated with the data transmission, corresponding to the gateway; and

determining whether the data transmission is end-to-end secure from the wireless device to the server, including comparing the value of the first identifier to a first list of approved values, and comparing the value of the second identifier to a second list of approved values;

where the comparing the value of the first identifier includes;

comparing the value of the first identifier with the first list of approved values to determine that an exact match does not exist;

identifying a portion of the value of the first identifier and comparing the portion with the first list of approved values to determine that a loose match does not exist; and

reducing the portion in size by a predetermined amount and comparing the reduced portion of the first identifier with the first list of approved values to determine that a loose match does exist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for identifying circumstances where end-to-end security is not available to a mobile banking customer. The user may be alerted/warned or restricted from accessing some banking services through his/her WAP-enabled mobile device if the server (e.g., bank server) determines that end-to-end security is not available. In some instances, the bank server may access a computer data file containing a list of known end-to-end secure devices and gateways to verify the integrity of the data communication. The server may verify the integrity of the data communication using loose matching.

21 Citations

View as Search Results

16 Claims

1. An apparatus for verifying end-to-end secure wireless data transmission from a wireless device comprising a software compliant with a wireless protocol to a server, where the data transmission travels through a gateway configured to receive the data transmission from the wireless device, the apparatus comprising:
- a processor; and
  
  memory storing computer-readable instructions that when executed by the processor cause the apparatus to perform a method comprising;
  
  identifying a value of a first identifier, associated with the data transmission, corresponding to the wireless device;
  
  identifying a value of a second identifier, associated with the data transmission, corresponding to the gateway; and
  
  determining whether the data transmission is end-to-end secure from the wireless device to the server, including comparing the value of the first identifier to a first list of approved values, and comparing the value of the second identifier to a second list of approved values;
  
  where the comparing the value of the first identifier includes;
  
  comparing the value of the first identifier with the first list of approved values to determine that an exact match does not exist;
  
  identifying a portion of the value of the first identifier and comparing the portion with the first list of approved values to determine that a loose match does not exist; and
  
  reducing the portion in size by a predetermined amount and comparing the reduced portion of the first identifier with the first list of approved values to determine that a loose match does exist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, where the data is not end-to-end secure if the data is decrypted by the gateway, and the gateway is a WAP-compliant gateway, and the first identifier comprises a wireless agent header corresponding to the wireless device comprising WAP-compliant software, and the value of the first identifier comprises an IP address of the gateway, and where the predetermined amount is one character.
  - 3. The apparatus of claim 1, where the first list of approved values comprises a list of wireless agent header values corresponding to wireless devices comprising WAP-compliant software that communicates the data to the server in an end-to-end secure manner.
  - 4. The apparatus of claim 1, where the second list of approved values comprises a list of IP addresses of network devices that do not decrypt the data when the data travels through the network device.
  - 5. The apparatus of claim 1, where the data does not include a header portion of the communication from the wireless device to the server.
  - 6. The apparatus of claim 3, where the user agent header is a wireless agent profile corresponding to the wireless device, and the value of the user agent header comprises:
    - a value of a model attribute corresponding to the wireless agent profile;
      
      a value of a vendor attribute corresponding to the wireless agent profile; and
      
      a value of a version header corresponding to the wireless agent profile.
  - 7. The apparatus of claim 6, where comparing the value of the user agent header to the first list of approved values comprises:
    - comparing at least a part of the value of the model attribute to a list of approved model values; and
      
      comparing at least a part of the value of the vendor attribute to a list of approved vendor values.
  - 8. The apparatus of claim 1, further comprising, transmitting a response to the request, when the data is end-to-end secure, then the response includes an indication that the request for access to the remote computer is granted, else the response includes an indication that the request for access to the remote computer is denied.
  - 9. The apparatus of claim 8, further comprising, when the request for access to the server is granted, then the response to the request comprises information corresponding to a login screen.
  - 10. The apparatus of claim 1, where the wireless protocol is WAP, the gateway is a WAP-compliant gateway, and the first identifier is a user agent header, the system further comprising:
    - a data file accessible to the processor, the data file comprising IP addresses of WAP-compliant gateways that are approved for permitting end-to-end secure communication, and approved model values and approved vendor values that permit end-to-end secure communication.
  - 11. The apparatus of claim 1, wherein the comparing the value of the first identifier includes:
    - for each comparison of the first identifier where a loose match does not exist and the portion is greater than a predetermined threshold size, reducing the portion in size by a predetermined amount and then comparing the reduced portion of the first identifier with the first list of approved values.
  - 12. The apparatus of claim 1, wherein verifying end-to-end secure wireless data transmission includes:
    - determining a value for the second identifier corresponding to the gateway andcomparing the value of the second identifier to a list of approved values.

13. A method for determining whether communication from a wireless device comprising a software compliant with a wireless protocol to a server is end-to-end secure, where the data transmission travels through a gateway configured to receive the data transmission from the wireless device, the method comprising:
- identifying, using a processor, a value of a first identifier, associated with the data transmission, corresponding to the wireless device;
  
  identifying, using the processor, a value of a second identifier, associated with the data transmission, corresponding to the gateway; and
  
  determining, using the processor, whether the data transmission is end-to-end secure from the wireless device to the server, including comparing the value of the first identifier to a first list of approved values, and comparing the value of the second identifier to a second list of approved values;
  
  where the comparing the value of the first identifier includes;
  
  comparing the value of the first identifier with the first list of approved values to determine that an exact match does not exist;
  
  identifying a portion of the value of the first identifier and comparing the portion with the first list of approved values to determine that a loose match does not exist; and
  
  reducing the portion in size by a predetermined amount and comparing the reduced portion of the first identifier with the first list of approved values to determine that a loose match does exist.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, where the first identifier comprises a user agent header, and the value of the second identifier comprises an IP address.
  - 15. The method of claim 13, where the data is not end-to-end secure if at least one of:
    - the data is decrypted by the network device, and a value of a via header is present in a header relating to the data.
  - 16. The method of claim 13, where the first identifier comprises a model attribute of a user agent profile corresponding to the user device and a vendor attribute of the user agent profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Buchhop, Peter K., Bjugan, Ketil, Brown, Douglas Gerard
Primary Examiner(s)
Hu; Jinsong
Assistant Examiner(s)
Shen; Qun

Application Number

US12/911,423
Publication Number

US 20110039519A1
Time in Patent Office

351 Days
Field of Search

455410-411, 463/29, 705/18, 708/135, 713/164, 713/166, 713/170, 902/4
US Class Current

455/410
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/3223   Realising banking transacti...

G06Q 20/325   using wireless networks

G06Q 20/326   Payment applications instal...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

Mobile banking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Mobile banking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others