Authentication engine for enrollment into a computer environment

US 8,141,134 B2
Filed: 10/30/2009
Issued: 03/20/2012
Est. Priority Date: 06/08/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a communication interface configured to receive a request from a computing terminal to continue an enrollment process;

a memory having information stored therein defining a computer environment, wherein the information stored in the memory comprises a list of identifiers; and

a computer processor operatively coupled to the communication interface and the memory, wherein the computer processor is configured to;

receive an identifier associated with the computing terminal, anddetermine whether the computing terminal is within the computer environment by comparing the identifier associated with the computing terminal to the list of identifiers stored in the memory; and

permit or deny the request from the computing terminal to continue the enrollment process based at least partially on whether the computing terminal is within the computer environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are generally directed to a system and method for enrolling a user into an authentication system. In some embodiments of the invention, a user completes a first portion of the enrollment or setup process using a first computer environment, but is not permitted to complete the enrollment or setup process from the first computer environment. The system permits the user to complete the enrollment or setup process only from a second computer environment different from the first computer environment. In one embodiment, the second computer environment is any computer environment outside of the first computer environment.

22 Citations

View as Search Results

30 Claims

1. An apparatus comprising:
- a communication interface configured to receive a request from a computing terminal to continue an enrollment process;
  
  a memory having information stored therein defining a computer environment, wherein the information stored in the memory comprises a list of identifiers; and
  
  a computer processor operatively coupled to the communication interface and the memory, wherein the computer processor is configured to;
  
  receive an identifier associated with the computing terminal, anddetermine whether the computing terminal is within the computer environment by comparing the identifier associated with the computing terminal to the list of identifiers stored in the memory; and
  
  permit or deny the request from the computing terminal to continue the enrollment process based at least partially on whether the computing terminal is within the computer environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the computer processor is configured to deny the request to continue the enrollment process if the computing terminal is within the computer environment.
  - 3. The apparatus of claim 1, wherein the identifier comprises an Internet Protocol (IP) address.
  - 4. The apparatus of claim 1, wherein the list of identifiers stored in the memory comprises a list of communication channels, wherein the computer processor is configured to:
    - determine an identity of a communication channel through which the request from the computing terminal is received; and
      
      determine whether the computing terminal is within the computer environment by comparing the identity of the communication channel to the list of communication channels stored in the memory.
  - 5. The apparatus of claim 1, wherein the communication interface is configured to communicate with a first computing terminal to perform a first portion of the enrollment process, wherein the first terminal exists in a first computer environment, and wherein the information stored in the memory defining a computer environment defines the first computer environment.
  - 6. The apparatus of claim 5, wherein the computer processor is configured to deny the request to continue the enrollment process if the computing terminal is within the first computer environment.
  - 7. The apparatus of claim 5, wherein the first portion of the enrollment process comprises establishing a temporary password for a user, and wherein the request to continue the enrollment process comprises a request to establish a permanent password.
  - 8. The apparatus of claim 5, wherein the enrollment process comprises establishing one or more authenticators to be used to authenticate a user, wherein the first portion of the enrollment process comprises establishing a first authenticator, and wherein the request to continue the enrollment process comprises a request to change the first authenticator or establish a second authenticator.
  - 9. The apparatus of claim 1, wherein the communication interface is configured to communicate with a first computing terminal to perform a first portion of the enrollment process, and wherein the computer processor is configured to determine whether the computing terminal is within the computer environment based at least partially on a determination of whether the computing terminal is the first terminal.
  - 10. The apparatus of claim 9, wherein the computer processor is configured to deny the request to continue the enrollment process if the computing terminal comprises the first computing terminal.
  - 11. The apparatus of claim 1, wherein the enrollment process comprises enrolling in an online system associated with an institution, wherein the computer environment comprises a computer system associated with the institution, wherein a portion of the enrollment process is completed from within the computer system associated with the institution, and wherein the computer processor is configured to deny the request to continue the enrollment process if the computing terminal is within the computer system associated with the institution.

12. A method of establishing authenticators for an authentication system, the method comprising:
- establishing an authenticator for a user based on communication received through a first computer environment;
  
  receiving a request from a computing terminal to change the authenticator or create a new authenticator, wherein the request comprise an identifier;
  
  using a computer processor to determine if the computing terminal is within the first computer environment, wherein by comparing the identifier associated with the computing terminal to a list of identifiers stored in a memory; and
  
  hindering the request to change the authenticator or create a new authenticator if the processor determines that the computing terminal is within the first computer environment.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising:
    - determining that the computing terminal is within the first computer environment if the identifier received from the computing terminal matches an identifier on the list of one or more identifiers.
  - 14. The method of claim 12, wherein the list of identifiers stored in the memory comprises a list of communication channelsidentifying a communication channel through which the request from the computing terminal is received;
    - anddetermining that the computing terminal is within the first computer environment if the identified communication channel matches a communication channel on the list of identifiers.
  - 15. The method of claim 12, wherein establishing the authenticator for the user based on communication received through the first computer environment comprises establishing a temporary passcode.
  - 16. The method of claim 12, wherein the authentication system is configured to authenticate a user accessing an online system associated with an institution, and wherein the first computer environment comprises a computer system associated with the institution.

17. An apparatus comprising:
- a memory having information stored therein defining a computer environment, wherein the information stored in the memory comprises a list of identifiers;
  
  a communication interface configured to receive a first communication from a first computer environment and a second communication from a computing terminal in a second computer environment, wherein the first communication comprises information used for completing a first portion of an enrollment process, and wherein the second communication comprises a request to complete a second portion of the enrollment process; and
  
  a processor operatively coupled to the communication interface and configured to;
  
  determine whether the second computer environment is different than the first computer environment by receiving an identifier from the computing terminal, and determining whether the computing terminal is within the second computer environment by comparing the identifier received from the computing terminal to the list of identifiers stored in the memory; and
  
  use the communication interface to communicate with the computing terminal to complete the second portion of the enrollment process if the processor determines that the second computer environment is different than the first computer environment.

18. An authentication system comprising:
- a communication interface configured to receive a request from computing terminals to perform an enrollment process;
  
  a memory having information stored therein defining a computer environment, wherein the information stored in the memory comprises a list of identifiers; and
  
  a computer processor operatively coupled to the communication interface and the memory, wherein the processor is configured to;
  
  use the communication interface to provide a temporary passcode to a first computing terminal in a computer environment;
  
  receive from a second computing terminal an electronic communication comprising a request to create a permanent passcode to replace the temporary passcode;
  
  determine whether the second computing terminal is within the computer environment by comparing an identifier received from the second computing terminal to the list of identifiers stored in the memory; and
  
  permit creation of the permanent passcode via the second computing terminal if the second computing terminal is not within the computer environment.
- View Dependent Claims (19, 20)
- - 19. The authentication system of claim 18, wherein the communication interface provides the temporary passcode using at least a portion of the defined computer environment.
  - 20. The authentication system of claim 18, wherein the computer environment defines a first location, and wherein the computer processor permits the creation of a permanent passcode if the second computing terminal is at a location different from the first location.

21. A method for enrollment in an authentication system, the method comprising:
- receiving customer enrollment information for creating an online account from a first computing terminal in a first computer environment;
  
  providing a customer identification name and temporary passcode for creating the online account;
  
  receiving an electronic communication from a second computing terminal comprising a request to complete creation of an online account using the customer identification name and temporary passcode, wherein the request comprise an identifier;
  
  using a computer to determine whether or not the second computing terminal is within the first computer environment, wherein the second computing terminal is within the first computer environment if the identifier received from the second computing terminal matches an identifier from a list of one or more identifiers; and
  
  providing a permanent passcode to the second computing terminal for the online account if the second computing terminal is not in the first computer environment.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21 wherein receiving customer enrollment information for creating the online account comprises verifying the customer enrollment information.
  - 23. The method of claim 21 wherein the temporary passcode is configured to expire after a predefined number of uses.
  - 24. The method of claim 21 wherein the temporary passcode is configured to expire after a predefined number of days.
  - 25. The method of claim 21 further comprising authenticating the customer using the customer identification name and the permanent passcode.
  - 26. The method of claim 25, wherein authenticating the customer comprises providing out-of-wallet questions to authenticate the customer.
  - 27. The method of claim 25, wherein authenticating the customer comprises using a website image identification security system to authenticate the customer.
  - 28. The method of claim 25, wherein authenticating the customer further comprises:
    - sending an authorization code to the customer'"'"'s account; and
      
      receiving the customer'"'"'s input of the authorization code.
  - 29. The method of claim 21, wherein the identifier received from the second computing terminal comprises an IP address.
  - 30. The method of claim 21, wherein the identifier received from the second computing terminal comprises a telephone area code, an ATM address, a zip code, a physical address, or a geocode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Brandt, Jessica Lynn, Dziedzic, Linda Marie, Lewis, Aaron Daniel, Morrell, Duncan Converse, Pruthi, Kapil, Shah, Nishant H., McCord, Justin, Dolan, Heather, Bridges, Michael Dean, Johnson, Craig T., Zhang, Xianhong, Melkani, Tanuja, Lewis, Debra Jean, Davis, Gail R., Choy, Karen, Shroyer, David, Hollmann, Joseph M., Tullos, Kris, Grant, William Larry Jr., Mitchell, Ronald C. Jr., Winchester, Sidney A. Jr.
Primary Examiner(s)
Chea, Philip

Application Number

US12/609,659
Publication Number

US 20100313245A1
Time in Patent Office

872 Days
Field of Search

726/4, 705/70, 713/155
US Class Current

726/4
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/108   Remote banking, e.g. home b...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

Authentication engine for enrollment into a computer environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Authentication engine for enrollment into a computer environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others