Securely integrating third-party applications with banking systems

US 9,525,690 B2
Filed: 05/27/2014
Issued: 12/20/2016
Est. Priority Date: 05/27/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of interfacing with a computer network comprising the steps of:

(a) providing an interface computing device connected to a provider computer network;

(b) transmitting, by the interface computing device, a registration request message to a custodian, wherein the registration request comprises and enrollment token and at least one hardware identifier;

(c) receiving by the interface computing device, a registration request response message transmitted by the custodian indicating whether the registration request was approved or denied, wherein the registration request response message comprises a challenge token;

(d) transmitting by the interface computing device, a signed response token to the custodian;

(e) receiving by the interface computing device, a working certificate transmitted by the custodian;

(f) receiving by the interface computing device, a data request message requesting data stored on the provider computer network;

(g) determining by the interface computing device, whether the data request message is high risk or low risk;

(h) gathering by the interface computing device, data stored on the provider computer network;

(i) sanitizing by the interface computing device, data gathered from the provider computer network;

(j) generating by the interface computing device, a response communication using the sanitized data, and(k) in response to the interface computing device determining that the data request message is high risk, encrypting the response communication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods enable third-party applications and devices to interface with financial service provider computer networks in a secure, compliant manner. In one embodiment, an interface computing device connected to a provider computer network transmits a registration request message to a custodian. The interface computing device receives a registration request response message from the custodian indicating whether the registration request was approved or denied. The interface computing device receives a data request message requesting data stored on the provider computer network. The interface competing device gathers data stored on the provider computer network, sanitizes the data, and generates a response communication using the sanitized data.

Citations

15 Claims

1. A computer-implemented method of interfacing with a computer network comprising the steps of:
- (a) providing an interface computing device connected to a provider computer network;
  
  (b) transmitting, by the interface computing device, a registration request message to a custodian, wherein the registration request comprises and enrollment token and at least one hardware identifier;
  
  (c) receiving by the interface computing device, a registration request response message transmitted by the custodian indicating whether the registration request was approved or denied, wherein the registration request response message comprises a challenge token;
  
  (d) transmitting by the interface computing device, a signed response token to the custodian;
  
  (e) receiving by the interface computing device, a working certificate transmitted by the custodian;
  
  (f) receiving by the interface computing device, a data request message requesting data stored on the provider computer network;
  
  (g) determining by the interface computing device, whether the data request message is high risk or low risk;
  
  (h) gathering by the interface computing device, data stored on the provider computer network;
  
  (i) sanitizing by the interface computing device, data gathered from the provider computer network;
  
  (j) generating by the interface computing device, a response communication using the sanitized data, and(k) in response to the interface computing device determining that the data request message is high risk, encrypting the response communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - communications transmitted to and from the custodian are routed through an external API; and
      
      communications transmitted to and from the interface computing device are routed through the external API.
  - 3. The method of claim 1, wherein the data request message is transmitted by a third-party application or a second interface computing device.
  - 4. The method of claim 1 further comprising the step of storing by the interface computing device, API call data to an API call data storage device.
  - 5. The method of claim 1 wherein:
    - the interface computing device comprises at least one hardware identifier; and
      
      the method further comprises the step of periodically transmitting the at least one hardware identifier to the custodian.
  - 6. The method of claim 1 further comprising the step of gathering by the interface computing device, compliance data from the provider computer network.
  - 7. The method of claim 6, wherein the compliance data comprises user logon data, group policy operation data, and file access data.

8. A computer-implemented method of interfacing with a computer network comprising the steps of:
- (a) providing a custodian and an external API, wherein communications transmitted to and from the custodian are routed through the external API;
  
  (b) receiving by the custodian, a registration request message transmitted by an interface computing device, wherein the registration request message comprises an enrollment token and at least one hardware identifier;
  
  (c) transmitting by the custodian, a registration request response message to the interface computing device indicating approval or denial of the registration request, wherein the registration request response message comprises a challenge token;
  
  (d) receiving by the custodian, a signed response token transmitted by the interface computing device;
  
  (e) transmitting by the custodian, a working certificate to the interface computing device;
  
  (f) receiving by the external API, a data request message having verification data;
  
  (g) receiving by the custodian, a verification request message having verification data transmitted by the external API;
  
  (h) transmitting by the custodian, a verification response message to the external API indicating approval or denial of the verification request; and
  
  (i) in response to the verification request being approved by the custodian, transmitting by the external API, the data request message to the interface computing device.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein:
    - the data request message is transmitted by a third-party application; and
      
      the verification data comprises a third-party application identification.
  - 10. The method of claim 8, wherein:
    - the data request message is transmitted by a second interface computing device; and
      
      the verification data comprises a working certificate.
  - 11. The method of claim 8, wherein the registration request message comprises at least one hardware identifier identifying a source computing device, and wherein the method further comprises the steps of:
    - authenticating by the custodian, the hardware identifier; and
      
      disabling communications between the interface computing device and the source computing device if the hardware identifier cannot be authenticated.

12. A system for interfacing with a computer network comprising:
- a first processor associated with a custodian;
  
  a second processor associated with an interface computing device, the second processor connected to a provider computer network; and
  
  a data storage device including a non-transitory computer-readable medium having computer readable code for instructing the processors, and when executed by the processors, the processors perform operations comprising;
  
  (a) transmitting, by the second processor, a registration request message to the first processor, wherein the registration request message comprises an enrollment token and at least one hardware identifier;
  
  (b) receiving by the second processor, a registration request response message transmitted by the first processor indicating whether the registration request was approved or denied, wherein the registration request response message comprises a challenge token;
  
  (c) receiving by the custodian, a signed response token transmitted by the interface computing device;
  
  (d) transmitting by the custodian, a working certificate to the interface computing device;
  
  (e) receiving by the second processor, a data request message requesting data stored on the provider computer network;
  
  (f) determining by the second processor, whether the data request message is high risk or low risk;
  
  (g) gathering by the second processor, data stored on the provider computer network;
  
  (h) sanitizing by the second processor, data gathered from pre provider computer network;
  
  (i) generating by the second processor, a response communication using the sanitized data; and
  
  (j) in response to the second processor determining that the data request message is high risk, encrypting the response communication.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein:
    - communications transmitted to and from the first processor are routed through an external API associated with the first processor; and
      
      communications transmitted to and from the second processor are routed through the external API.
  - 14. The system of claim 12, wherein the data request message is transmitted by a third processor associated with a third-party application or a fourth processor associated with a second interface computing device.

15. A system for interfacing with a computer network comprising:
- a first processor associated with a custodian and an external APIs, wherein communications transmitted to and from the custodian are routed through the external API;
  
  a second processor associated with an interface computing device, the second processor connected to a provider computer network;
  
  and a data storage device including a non-transitory computer-readable medium having computer readable code for instructing the processors, and when executed by the processors, the processors perform operations comprising;
  
  (a) receiving by the first processor, a registration request message transmitted by the second processor, wherein the registration request message comprises an enrollment token and at least one hardware identifier;
  
  (b) transmitting by the first processor, a registration request response message to the second processor indicating approval or denial of the registration request, wherein the registration request response message comprises a challenge token;
  
  (c) receiving by the first processor, a response token transmitted by the second processor;
  
  (d) transmitting by the first processor, a working certificate to the second processor;
  
  (e) receiving by the first processor, a data request message having verification data;
  
  (f) receiving by the custodian, a verification request message having verification data transmitted, by the external API;
  
  (g) transmitting by the custodian, a verification response message to the external API indicating approval or denial of the verification request; and
  
  (h) in response to the verification request being approved by the custodian, transmitting by the first processor, the data request message to the second processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of the Ozarks
Original Assignee
Bank of the Ozarks
Inventors
Burgess, Trevor, deOliveira, Marcio, Claffey, Michael
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
MURPHY, JOSEPH B

Application Number

US14/288,108
Publication Number

US 20150350211A1
Time in Patent Office

938 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 40/02   Banking, e.g. interest calc...

H04L 2463/102   applying security measure f...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

H04L 67/53   using third party service p...

Securely integrating third-party applications with banking systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Securely integrating third-party applications with banking systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links