Multiple profile authentication

US 9,361,436 B2
Filed: 09/05/2012
Issued: 06/07/2016
Est. Priority Date: 09/05/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

requesting by an financial institution'"'"'s computer, a first profile ID and a second profile ID from a central registry using the computer system in communication with the central registry, wherein the request does not include information identifying the first or second users;

registering by the central registry, the first profile ID and the second profile ID;

storing by the central registry the registered first and second profile IDs, wherein the central registry does not store information identifying the first or second users;

transmitting by the central registry the first profile ID and the second profile ID to the financial institution'"'"'s computer in communication with the central registry;

receiving the first and second profile IDs by the computer system, from the central registry;

providing by the institution'"'"'s computer system the registered first and second profile IDs to entities doing business with the financial institution, wherein the registered first and second profile IDs are utilized by the entities for authentication of first and second users at the entity, respectively, authorized to act on behalf of the entities, wherein the first profile ID corresponds to a user established first authentication information template for the first user and the second profile ID corresponds to a user established second authentication information template for the second user;

transmitting the first and second user authentication information templates to the central registry by the financial institution'"'"'s computer system and linked to the first and second profile IDs in memory of the central registry, wherein the first and second authentication information templates transmitted to the central registry do not include information identifying the first and second user;

receiving, at the financial institution'"'"'s computer system an encrypted electronic communication to conduct electronic transaction or exchange data electronically from the first user including a first authentication information and an indication of the first profile ID from the first user;

requesting by the financial institution from the central registry the first authorization information template linked to the first profile ID;

receiving the first authentication information template from the central registry at the financial institution'"'"'s computer system; and

matching the first authentication information to the first authentication information template, using the financial institution'"'"'s computer system, wherein actions taken with respect to the electronic communication from the user are limited by entitlement setting on actions associated with the first user'"'"'s profile ID after successful matching.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method includes a service provider registering a plurality of profile IDs with a central authority and providing the profile IDs to an institution where the profile IDs are utilized by the institution for authentication of individual users, authorized to act on behalf of the institution. Each profile ID corresponds to an authentication template for the respective user, and the authentication templates are stored by the central authority. A first user transmits an electronic communication, first authentication information, and an indication of a first profile ID, which is received by the service provider. The service provider then receives the first authentication template from the central authority, which may be requested. The first authentication information is then matched to the first authentication template, and additional actions can be taken with respect to the communication after successful matching.

15 Citations

View as Search Results

29 Claims

1. A computer implemented method comprising:
- requesting by an financial institution'"'"'s computer, a first profile ID and a second profile ID from a central registry using the computer system in communication with the central registry, wherein the request does not include information identifying the first or second users;
  
  registering by the central registry, the first profile ID and the second profile ID;
  
  storing by the central registry the registered first and second profile IDs, wherein the central registry does not store information identifying the first or second users;
  
  transmitting by the central registry the first profile ID and the second profile ID to the financial institution'"'"'s computer in communication with the central registry;
  
  receiving the first and second profile IDs by the computer system, from the central registry;
  
  providing by the institution'"'"'s computer system the registered first and second profile IDs to entities doing business with the financial institution, wherein the registered first and second profile IDs are utilized by the entities for authentication of first and second users at the entity, respectively, authorized to act on behalf of the entities, wherein the first profile ID corresponds to a user established first authentication information template for the first user and the second profile ID corresponds to a user established second authentication information template for the second user;
  
  transmitting the first and second user authentication information templates to the central registry by the financial institution'"'"'s computer system and linked to the first and second profile IDs in memory of the central registry, wherein the first and second authentication information templates transmitted to the central registry do not include information identifying the first and second user;
  
  receiving, at the financial institution'"'"'s computer system an encrypted electronic communication to conduct electronic transaction or exchange data electronically from the first user including a first authentication information and an indication of the first profile ID from the first user;
  
  requesting by the financial institution from the central registry the first authorization information template linked to the first profile ID;
  
  receiving the first authentication information template from the central registry at the financial institution'"'"'s computer system; and
  
  matching the first authentication information to the first authentication information template, using the financial institution'"'"'s computer system, wherein actions taken with respect to the electronic communication from the user are limited by entitlement setting on actions associated with the first user'"'"'s profile ID after successful matching.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the electronic communication relates to a transaction with the entity involving the first user, further comprising conducting the transaction with the entity involving the first user, using the financial institution'"'"'s computer system, wherein matching of the first authentication information to the first authentication template corresponding to the first profile ID is required for completion of the transaction.
  - 3. The method of claim 1, wherein the method is performed by the financial institution doing business with the client and utilizing the financial institution'"'"'s computer system, further comprising exchanging information about the first and second profile IDs with a second financial institution doing business with the entity, to enable the second financial institution'"'"'s computer to authenticate the first and second users using the first and second profile IDs.
  - 4. The method of claim 1, wherein the first profile ID is associated with first entitlements, further comprising taking additional actions with respect to the communication that are limited by the first entitlements.
  - 5. The method of claim 4, wherein the second profile ID is associated with second entitlements that are different from the first entitlements, further comprising taking second additional actions with respect to a second electronic communication received from the second user that are limited by the second entitlements.
  - 6. The method of claim 1, wherein the indication of the first profile ID and the first authentication information are included within the electronic communication.
  - 7. The method of claim 1, further comprising requesting the first authentication information template from the central registry, by the financial institution'"'"'s computer system, after receiving the indication of the first profile ID.
  - 8. The method of claim 1, wherein the encrypted electronic communication, further comprising:
    - receiving, at the financial institution'"'"'s computer system, a first encryption key from the first user in connection with the electronic communication;
      
      receiving, at the financial institution'"'"'s computer system, a second encryption key from the central registry; and
      
      decrypting the electronic communication using the first and second encryption keys.

9. A non-transitory computer-readable medium comprising computer-executable instructions configured to cause a computer device to:
- request by a financial institution'"'"'s computer, a first profile ID and a second profile ID from a central registry, wherein the request does not include information identifying the first or second users;
  
  register the first profile ID and the second profile ID with the central registry, wherein the central registry does not store information identifying the first or second users;
  
  receive the first and second profile IDs from the central registry;
  
  provide the first and second profile IDs to entities doing business with the financial institution, wherein the registered first and second profile IDs are utilized by the entities for authentication of first and second users, respectively, authorized to act on behalf of the entities, wherein the first profile ID corresponds to a user at the entity established first authentication information template for the first user and the second profile ID corresponds to a user at the entity established second authentication information template for the second user, and wherein the first and second authentication information templates are provided to the central registry by the financial institution and stored by the central registry, wherein the first and second authentication information templates transmitted to the central registry do not include information identifying the first and second user;
  
  receive an encrypted electronic communication to conduct electronic transaction or exchange data electronically from the first user including a first authentication information and an indication of the first profile ID from the first user;
  
  request by the financial institution from the central registry the first authorization template information linked to the first profile ID;
  
  receive the first authentication information template from the central registry; and
  
  match the first authentication information to the first authentication information template by the financial institution'"'"'s computer, wherein actions taken with respect to the electronic communication from the user are limited by entitlement setting on actions associated with the first user'"'"'s profile ID after successful matching.
- View Dependent Claims (10, 11)
- - 10. The non-transitory computer readable medium of claim 9, wherein the electronic communication relates to a transaction with the entity involving the first user, and wherein the instructions are further configured to cause the computer device to:
    - conduct the transaction with the entity involving the first user, wherein matching of the first authentication information to the first authentication template corresponding to the first profile ID is required for completion of the transaction.
  - 11. The non-transitory computer readable medium of claim 9, wherein the indication of the first profile ID and the first authentication information are included within the electronic communication.

12. A computer system comprising:
- a memory configured for storing information; and
  
  a processor in communication with the memory, the processor being configured to;
  
  request by a financial institution'"'"'s computer, a first profile ID and a second profile ID from a central registry, wherein the request does not include information identifying the first or second users;
  
  register the first profile ID and a second profile ID with the central registry, wherein the central registry does not store information identifying the first or second users;
  
  transmit by the central registry the first profile ID and the second profile ID to the financial institution'"'"'s computer in communication with the central registry;
  
  receive the first and second profile IDs from the central registry;
  
  provide the first and second profile IDs to entities doing business with the financial institution, wherein the registered first and second profile IDs are utilized by the financial institution'"'"'s computer for authentication of first and second users, respectively, authorized to act on behalf of the entity, wherein the first profile ID corresponds to a first authentication information template for the first user and the second profile ID corresponds to a second authentication information template for the second user, and wherein the first and second authentication information templates provided to the central registry by the financial institution'"'"'s computer and are stored by the central registry, wherein the first and second authentication information templates transmitted to the central registry do not include information identifying the first and second user;
  
  receive at the financial institution'"'"'s computer an encrypted electronic communication to conduct electronic transaction or exchange data electronically from the first user including a first authentication information and an indication of the first profile ID from the first user;
  
  request by the financial institution'"'"'s computer from the central registry the first authorization template information linked to the first profile ID;
  
  receive the first authentication information template from the central registry; and
  
  match the first authentication information to the first authentication information template, wherein actions taken with respect to the encrypted electronic communication from the user are limited by entitlement setting on actions associated with the first user'"'"'s profile ID after successful matching.
- View Dependent Claims (13, 14)
- - 13. The computer system of claim 12, wherein the encrypted electronic communication relates to a transaction with the entity involving the first user, and wherein the processor is further configured to:
    - conduct the transaction with the entity involving the first user, wherein matching of the first authentication information to the first authentication information template corresponding to the first profile ID is required for completion of the transaction.
  - 14. The computer system of claim 12, wherein the indication of the first profile ID and the first authentication information are included within the electronic communication.

15. A computer implemented method comprising:
- receiving by a central registry, at a computer system, a request to register first and second profile IDs from a financial institution'"'"'s doing business with an entity, wherein the first and second profile IDs are associated with first and second users, respectively, authorized to act on behalf of the entity, wherein the first profile ID corresponds to a user established first authentication information template for the first user and the second profile ID corresponds to a user established second authentication information template for the second user, and wherein the request does not include information identifying the first or second users;
  
  transmitting a notice of registration by the central authority of the first and second profile IDs to the financial institution, using the computer system;
  
  storing by the central authority the first and second profile IDs and the first and second authentication information templates in memory in communication with the computer system, wherein the central registry does not store information identifying the first or second users, wherein the first profile ID is associated with the first authentication information template and the second profile ID is associated with the second authentication information template in the memory, wherein the first and second authentication information templates stored by the central registry do not include information identifying the first and second user;
  
  receiving, at the computer system, an indication of the first profile ID from the financial institution; and
  
  transmitting by the central authority the first authentication information template, from the computer system to the institution'"'"'s after receiving the indication of the first profile ID.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, further comprising receiving by the central registry a request for the first authentication information template, at the computer system from the financial institution.
  - 17. The method of claim 15, further comprising:
    - receiving by the central registry, at the computer system, an indication of the second profile ID from the financial institution; and
      
      transmitting by the central registry the second authentication information template, from the computer system to the financial institution after receiving the indication of the second profile ID.
  - 18. The method of claim 15, wherein the entity established authentication template comprises one or more types of information selected from a group consisting of:
    - a passcode, a barcode or other graphic information, RFID information, biometric information, a signature, and a stored file.
  - 19. The method of claim 15, further comprising:
    - receiving by the central registry, at the computer system, a second request to register third and fourth profile IDs from the financial institution doing business with a second financial institution, wherein the third and fourth profile IDs are associated with third and fourth users, respectively, authorized to act on behalf of the second financial institution, wherein the third profile ID corresponds to a third authentication information template for the third user and the fourth profile ID corresponds to a fourth authentication information template for the fourth user, and wherein the request does not include information identifying the third or fourth users;
      
      transmitting by the central registry a notice of registration of the third and fourth profile IDs to the financial institution, using the computer system;
      
      storing by the central registry the third and fourth profile IDs and the third and fourth authentication information templates in memory in communication with the computer system, wherein the third profile ID is associated with the third authentication information template and the fourth profile ID is associated with the fourth authentication information template in the memory, wherein the first and second authentication information templates stored by the central registry do not include information identifying the third and fourth user;
      
      receiving, at the computer system, an indication of the third profile ID from the financial institution; and
      
      transmitting by the central registry the third authentication information template, from the computer system to the financial institution after receiving the indication of the third profile ID.
  - 20. The method of claim 15, further comprising:
    - receiving by the central registry, at the computer system, a request from the financial institution for an encryption key; and
      
      transmitting by the central registry the encryption key, from the computer system to the financial institution.
  - 21. The method of claim 15, wherein the first and second profile IDs each have limited lifespans, further comprising:
    - receiving by the central registry, at the computer system, a first refreshment of the first profile ID from the financial institution prior to expiration of the limited lifespan of the first profile ID; and
      
      receiving by the central registry at the computer system, a second refreshment of the second profile ID from the financial institution prior to expiration of the limited lifespan of the second profile ID.

22. A non-transitory computer-readable medium comprising computer-executable instructions configured to cause a computer device to:
- receive by a central registry a request to register first and second profile IDs from a financial institution'"'"'s doing business with an entity, wherein the first and second profile IDs are associated with first and second users, respectively, authorized to act on behalf of the entity, wherein the first profile ID corresponds to a entity established first authentication information template for the first user and the second profile ID corresponds to a entity established second authentication information template for the second user, and wherein the request does not include information identifying the first or second users;
  
  transmit by the central registry a notice of registration of the first and second profile IDs to the financial institution;
  
  store by the central registry the central authority the first and second profile IDs and the first and second authentication information templates in memory, wherein the central registry does not store information identifying the first or second users, wherein the first profile ID is associated with the first authentication information template and the second profile ID is associated with the second authentication information template in the memory, wherein the first and second authentication information templates stored by the central registry do not include information identifying the first and second user;
  
  receive an indication of the first profile ID from the financial institution; and
  
  transmit by the central registry the first authentication information template to the financial institution after receiving the indication of the first profile ID.
- View Dependent Claims (23, 24, 25)
- - 23. The non-transitory computer readable medium of claim 22, wherein the instructions are further configured to cause the computer device to:
    - receive a request for the first authentication information template, at the computer system from the financial institution.
  - 24. The non-transitory computer readable medium of claim 22, wherein the instructions are further configured to cause the computer device to:
    - receive by the central registry a second request to register third and fourth profile IDs from the financial institution doing business with a second financial institution, wherein the third and fourth profile IDs are associated with third and fourth users, respectively, authorized to act on behalf of the second financial institution, wherein the third profile ID corresponds to a third authentication information template for the third user and the fourth profile ID corresponds to a fourth authentication information template for the fourth user, and wherein the request does not include information identifying the third or fourth users;
      
      transmit by the central registry a notice of registration of the third and fourth profile IDs to the financial institution;
      
      store by the central registry the third and fourth profile IDs and the third and fourth authentication information templates in memory, wherein the third profile ID is associated with the third authentication information template and the fourth profile ID is associated with the fourth authentication information template in the memory, wherein the third and fourth authentication templates transmitted to the central registry do not include information identifying the third and fourth users;
      
      receive an indication of the third profile ID from the financial institution; and
      
      transmit by the central registry the third authentication information template to the financial institution after receiving the indication of the third profile ID.
  - 25. The non-transitory computer readable medium of claim 22, wherein the first and second profile IDs each have limited lifespans, and wherein the instructions are further configured to cause the computer device to:
    - receive by the central registry a first refreshment of the first profile ID from the financial institution prior to expiration of the limited lifespan of the first profile ID; and
      
      receive by the central registry a second refreshment of the second profile ID from the financial institution prior to expiration of the limited lifespan of the second profile ID.

26. A computer system comprising:
- a memory configured for storing information; and
  
  a processor in communication with the memory, the processor being configured to;
  
  receive by a central registry a request to register first and second profile IDs from a financial institution'"'"'s doing business with an entity, wherein the first and second profile IDs are associated with first and second users, respectively, authorized to act on behalf of the entity, wherein the first profile ID corresponds to a user established first authentication information template for the first user and the second profile ID corresponds to a user established second authentication information template for the second user, and wherein the request does not include information identifying the first or second users;
  
  transmit by the central registry a notice of registration of the first and second profile IDs to the financial institution;
  
  store by the central registry the first and second profile IDs and the first and second authentication information templates in memory, wherein the central registry does not store information identifying the first or second users, wherein the first profile ID is associated with the first authentication information template and the second profile ID is associated with the second authentication information template in the memory, wherein the first and second authentication information templates stored by the central registry do not include information identifying the first and second user;
  
  receive an indication of the first profile ID from the financial institution; and
  
  transmit by the central registry the first authentication template to the financial institution after receiving the indication of the first profile ID.
- View Dependent Claims (27, 28, 29)
- - 27. The computer system of claim 26, wherein the processor is further configured to:
    - receive by the central registry a request for the first authentication information template, at the computer system from the financial institution.
  - 28. The computer system of claim 26, wherein the processor is further configured to:
    - receive by the central registry a second request to register third and fourth profile IDs from the financial institution doing business with a second financial institution, wherein the third and fourth profile IDs are associated with third and fourth users, respectively, authorized to act on behalf of the second financial institution, wherein the third profile ID corresponds to a third authentication information template for the third user and the fourth profile ID corresponds to a fourth authentication information template for the fourth user, and wherein the request does not include information identifying the third or fourth users;
      
      transmit by the central registry a notice of registration of the third and fourth profile IDs to the financial institution;
      
      store by the central registry the third and fourth profile IDs and the third and fourth authentication information templates in memory, wherein the third profile ID is associated with the third authentication information template and the fourth profile ID is associated with the fourth authentication information template in the memory, wherein the third and fourth authentication templates transmitted to the central registry do not include information identifying the third or fourth users;
      
      receive an indication of the third profile ID from the financial institution; and
      
      transmit by the central registry the third authentication information template to the financial institution after receiving the indication of the third profile ID.
  - 29. The computer system of claim 26, wherein the first and second profile IDs each have limited lifespans, and wherein the processor is further configured to:
    - receive by the central registry a first refreshment of the first profile ID from the financial institution prior to expiration of the limited lifespan of the first profile ID; and
      
      receive by the central registry a second refreshment of the second profile ID from the financial institution prior to expiration of the limited lifespan of the second profile ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Cismas, Sorin
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US13/604,189
Publication Number

US 20140068266A1
Time in Patent Office

1,371 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 9/321   involving a third party or ...

Multiple profile authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple profile authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links