User authentication by operating system-level token

US 9,424,575 B2
Filed: 04/11/2014
Issued: 08/23/2016
Est. Priority Date: 04/11/2014
Status: Active Grant

First Claim

Patent Images

1. A mobile device for communicating an operating system-level token for user identification and/or authentication, the mobile device comprising:

a single memory device comprising an operating system-level accessible by an operating system running on the mobile device and an application-level accessible by applications running on the mobile device, wherein the application-level is different from the operating system-level and the operating system-level is inaccessible by the applications;

a processor; and

a module stored in the memory device, executable by the processor, and configured to;

store a token at the operating system-level of the memory device, wherein the token is accessible by the operating system running on the mobile device and inaccessible by the applications running on the mobile device and wherein the token comprises at least one authentication credential, for at least partial authentication of the user;

store an operating system-level instruction set configured to be executed by the operating system of the mobile device, the operating system-level instruction set stored only at the operating system-level;

initiate execution of the operating system-level instruction set, comprising initiation of an operation system-level instruction set for periodically or continuously initiating communication of the token;

in response to an initiating event, initiate communication of the token to a second apparatus, associated with a financial institution location, external to the mobile device using the executing operating system-level instruction set, wherein initiating communication of the token does not require launching or running an application stored at the application-level of the mobile device;

detect an external stimulus received from the second apparatus external to the mobile device, wherein the external stimulus comprises a request for the at least one authentication credential for enabling a user activity, wherein the user activity requires a standard level of authentication;

initiate communication of the at least one authentication credential, to the second apparatus, whereby the user may be authenticated at the financial institution location at (i) a first level of authentication lower than the standard level of authentication, (ii) the standard level of authentication required for performing the user activity, or (iii) a second level of authentication higher than the standard level of authentication based on validation of the at least one authentication credential; and

receive one or more user authentication credentials from the user, wherein successful validation of the one or more user authentication credentials and the transmitted at least one authentication credential is configured to authenticate the user with at least the standard level of authentication required for performing the user activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to communicating an operating system-level token for user identification and/or authentication. Embodiments store a token at an operating system-level, wherein the token is accessible by an operating system running on the apparatus, and wherein the token comprises user identification information and/or user authentication information; and in response to an initiating event, initiate communication of the token to a second apparatus external to the apparatus. Some embodiments include initiation of an operation system-level instruction set for periodically, continuously, or in response to detecting a request, initiating communication of the token.

26 Citations

View as Search Results

17 Claims

1. A mobile device for communicating an operating system-level token for user identification and/or authentication, the mobile device comprising:
- a single memory device comprising an operating system-level accessible by an operating system running on the mobile device and an application-level accessible by applications running on the mobile device, wherein the application-level is different from the operating system-level and the operating system-level is inaccessible by the applications;
  
  a processor; and
  
  a module stored in the memory device, executable by the processor, and configured to;
  
  store a token at the operating system-level of the memory device, wherein the token is accessible by the operating system running on the mobile device and inaccessible by the applications running on the mobile device and wherein the token comprises at least one authentication credential, for at least partial authentication of the user;
  
  store an operating system-level instruction set configured to be executed by the operating system of the mobile device, the operating system-level instruction set stored only at the operating system-level;
  
  initiate execution of the operating system-level instruction set, comprising initiation of an operation system-level instruction set for periodically or continuously initiating communication of the token;
  
  in response to an initiating event, initiate communication of the token to a second apparatus, associated with a financial institution location, external to the mobile device using the executing operating system-level instruction set, wherein initiating communication of the token does not require launching or running an application stored at the application-level of the mobile device;
  
  detect an external stimulus received from the second apparatus external to the mobile device, wherein the external stimulus comprises a request for the at least one authentication credential for enabling a user activity, wherein the user activity requires a standard level of authentication;
  
  initiate communication of the at least one authentication credential, to the second apparatus, whereby the user may be authenticated at the financial institution location at (i) a first level of authentication lower than the standard level of authentication, (ii) the standard level of authentication required for performing the user activity, or (iii) a second level of authentication higher than the standard level of authentication based on validation of the at least one authentication credential; and
  
  receive one or more user authentication credentials from the user, wherein successful validation of the one or more user authentication credentials and the transmitted at least one authentication credential is configured to authenticate the user with at least the standard level of authentication required for performing the user activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The mobile device of claim 1, wherein the initiating event comprises detecting a request communication comprising a request for user identification information and/or user authentication information.
  - 3. The mobile device of claim 1, wherein the initiating event comprises detecting at least one stimulus external to the mobile device.
  - 4. The mobile device of claim 1, wherein initiating communication comprises initiating communication over a short range wireless communication protocol.
  - 5. The mobile device of claim 1, wherein the token comprises user identification information comprising information identifying the user of the mobile device;
    - and wherein initiating communication comprises initiating communication to the second apparatus associated with a greeter station or teller station of the financial institution location.
  - 6. The mobile device of claim 5, wherein the user identification information comprises a photograph of the user and a customer status of the user.
  - 7. The mobile device of claim 1, wherein receiving the one or more user authentication credentials from the user further comprises:
    - determining one or more authentication types from a plurality of authentication types associated with the standard level of authentication required for performing the user activity;
      
      requesting one or more user authentication credentials from the user corresponding to the determined one or more authentication types;
      
      receiving one or more user authentication credentials from the user;
      
      validating the one or more user authentication credentials, thereby resulting in a successful validation of the one or more authentication credentials; and
      
      in response to the successful validation of the one or more authentication credentials and the transmitted at least one authentication credential, enabling the user to perform the user activity.
  - 8. The mobile device of claim 7, wherein the one or more user authentication credentials comprise biometrics, key fob-based alphanumeric codes, and/or authentication of an overarching application.

9. A method for communicating an operating system-level token for user identification and/or authentication, the method comprising:
- storing a token at an operating system-level of a single memory device comprising an operating system-level accessible by an operating system running on the a mobile device and an application-level accessible by applications running on the mobile device, wherein the application-level is different from the operating system-level and the operating system-level is inaccessible by the applications, wherein the token is accessible by the operating system running on the mobile device and inaccessible by the applications running on the mobile device, and wherein the token comprises at least one authentication credential, for at least partial authentication of the user;
  
  storing an operating system-level instruction set configured to be executed by the operating system of the mobile device, the operating system-level instruction set stored at the operating system-level;
  
  initiating execution of the operating system-level instruction set, comprising initiation of an operation system-level instruction set for periodically or continuously initiating communication of the token;
  
  in response to an initiating event, initiating communication of the token to a second apparatus, associated with a financial institution location, external to the mobile device using the executing operating system-level instruction set, wherein initiating communication of the token does not require launching or running an application stored at the application-level of the mobile device;
  
  detecting an external stimulus received from the second apparatus external to the mobile device, wherein the external stimulus comprises a request for the at least one authentication credential for enabling a user activity, wherein the user activity requires a standard level of authentication;
  
  initiating communication of the at least one authentication credential, to the second apparatus, whereby the user may be authenticated at the financial institution location at (i) a first level of authentication lower than the standard level of authentication, (ii) the standard level of authentication required for performing the user activity, or (iii) a second level of authentication higher than the standard level of authentication based on validation of the at least one authentication credential; and
  
  receiving one or more user authentication credentials from the user, wherein successful validation of the one or more user authentication credentials and the transmitted at least one authentication credential is configured to authenticate the user with at least the standard level of authentication required for performing the user activity.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the initiating event comprises detecting a request communication comprising a request for user identification information and/or user authentication information.
  - 11. The method of claim 9, wherein the initiating event comprises detecting at least one stimulus external to the mobile device.
  - 12. The method of claim 9, wherein initiating communication comprises initiating communication over a short range wireless communication protocol.
  - 13. The method of claim 9, wherein receiving the one or more user authentication credentials from the user further comprises:
    - determining one or more authentication types from a plurality of authentication types associated with the standard level of authentication required for performing the user activity;
      
      requesting one or more user authentication credentials from the user corresponding to the determined one or more authentication types;
      
      receiving one or more user authentication credentials from the user;
      
      validating the one or more user authentication credentials, thereby resulting in a successful validation of the one or more authentication credentials; and
      
      in response to the successful validation of the one or more authentication credentials and the transmitted at least one authentication credential, enabling the user to perform the user activity.
  - 14. The method of claim 13, wherein the one or more user authentication credentials comprise biometrics, key fob-based alphanumeric codes, and/or authentication of an overarching application.

15. A computer program product for communicating an operating system-level token for user identification and/or authentication, the computer program product comprising a non-transitory computer-readable medium comprising code causing a mobile device to:
- store a token at an operating system-level of a single memory device comprising the operating system-level accessible by an operating system running on the mobile device and an application-level accessible by applications running on the mobile device, wherein the application-level is different from the operating system-level and the operating system-level is inaccessible by the applications, wherein the token is accessible by the operating system running on the apparatus and inaccessible by the applications running on the mobile device, and wherein the token comprises at least one authentication credential, for at least partial authentication of the user;
  
  store an operating system-level instruction set configured to be executed by the operating system of the mobile device, the operating system-level instruction set stored at the operating system-level;
  
  initiate execution of the operating system-level instruction set, comprising initiation of an operation system-level instruction set for periodically or continuously initiating communication of the token;
  
  in response to an initiating event, initiate communication of the token to a second apparatus, associated with a financial institution location, external to the mobile device using the executing operating system-level instruction set, wherein initiating communication of the token does not require launching or running an application stored at the application-level of the mobile device;
  
  detect an external stimulus received from the second apparatus external to the mobile device, wherein the external stimulus comprises a request for the at least one authentication credential for enabling a user activity, wherein the user activity requires a standard level of authentication;
  
  initiate communication of the at least one authentication credential, to the second apparatus, whereby the user may be authenticated at the financial institution location at (i) a first level of authentication lower than the standard level of authentication, (ii) the standard level of authentication required for performing the user activity, or (iii) a second level of authentication higher than the standard level of authentication based on validation of the at least one authentication credential; and
  
  receive one or more user authentication credentials from the user, wherein successful validation of the one or more user authentication credentials and the transmitted at least one authentication credential is configured to authenticate the user with at least the standard level of authentication required for performing the user activity.
- View Dependent Claims (16, 17)
- - 16. The computer program product of claim 15, wherein receiving the one or more user authentication credentials from the user further comprises:
    - determining one or more authentication types from a plurality of authentication types associated with the standard level of authentication required for performing the user activity;
      
      requesting one or more user authentication credentials from the user corresponding to the determined one or more authentication types;
      
      receiving one or more user authentication credentials from the user;
      
      validating the one or more user authentication credentials, thereby resulting in a successful validation of the one or more authentication credentials; and
      
      in response to the successful validation of the one or more authentication credentials and the transmitted at least one authentication credential, enabling the user to perform the user activity.
  - 17. The computer program product of claim 16, wherein the one or more user authentication credentials comprise biometrics, key fob-based alphanumeric codes, and/or authentication of an overarching application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Grigg, David M., Starbuck, Richard Andrew, Hanson, Carrie Anne, Jones, Alicia C.
Primary Examiner(s)
POTRATZ, DANIEL B

Application Number

US14/251,351
Publication Number

US 20150294307A1
Time in Patent Office

865 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/321   using wearable devices

G06Q 20/326   Payment applications instal...

G06Q 20/363   with the personal data of a...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/08   for authentication of entit...

H04W 12/065   Continuous authentication

User authentication by operating system-level token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication by operating system-level token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links