Just in time polymorphic authentication

US 9,619,643 B2
Filed: 05/18/2016
Issued: 04/11/2017
Est. Priority Date: 08/27/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

at a computing platform comprising at least one processor, memory, and a communication interface;

receiving, by the at least one processor, via the communication interface, and from a first computing device, a request to access a first user account associated with a customer portal provided by the computing platform, the customer portal comprising at least one online banking user interface configured to present information associated with one or more bank accounts maintained by a financial institution for a user associated with the first user account;

in response to receiving the request to access the first user account, dynamically selecting, by the at least one processor, based on one or more polymorphic authentication factors, a first authentication method for authenticating a user of the first computing device to the first user account associated with the customer portal, the first authentication method being selected from a plurality of predefined authentication methods comprising a stringent authentication method and a baseline authentication method;

generating, by the at least one processor, one or more authentication prompts based on the first authentication method selected for authenticating the user of the first computing device to the first user account associated with the customer portal; and

providing, by the at least one processor, the one or more authentication prompts to the user of the first computing device,wherein the one or more polymorphic authentication factors comprise one or more external risk factors,wherein the customer portal provided by the computing platform is associated with an online banking channel, andwherein dynamically selecting the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal comprises selecting the stringent authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal based on at least one external risk factor of the one or more external risk factors indicating that an attack has been attempted on another channel different from the online banking channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, apparatuses, and computer-readable media for utilizing just-in-time polymorphic authentication techniques to secure information are presented. In one or more embodiments, a computing platform may receive, from a computing device, a request to access a user account. In response to receiving the request to access the user account, the computing platform may dynamically select, based on one or more polymorphic authentication factors, an authentication method for authenticating a user of the computing device, and the authentication method may be selected from a plurality of predefined authentication methods. Subsequently, the computing platform may generate one or more authentication prompts based on the selected authentication method. The computing platform then may provide the one or more authentication prompts to the user of the computing device. The authentication prompts that are selected for and presented to a particular user during a given access attempt may vary across different attempts.

42 Citations

View as Search Results

20 Claims

1. A method, comprising:
- at a computing platform comprising at least one processor, memory, and a communication interface;
  
  receiving, by the at least one processor, via the communication interface, and from a first computing device, a request to access a first user account associated with a customer portal provided by the computing platform, the customer portal comprising at least one online banking user interface configured to present information associated with one or more bank accounts maintained by a financial institution for a user associated with the first user account;
  
  in response to receiving the request to access the first user account, dynamically selecting, by the at least one processor, based on one or more polymorphic authentication factors, a first authentication method for authenticating a user of the first computing device to the first user account associated with the customer portal, the first authentication method being selected from a plurality of predefined authentication methods comprising a stringent authentication method and a baseline authentication method;
  
  generating, by the at least one processor, one or more authentication prompts based on the first authentication method selected for authenticating the user of the first computing device to the first user account associated with the customer portal; and
  
  providing, by the at least one processor, the one or more authentication prompts to the user of the first computing device,wherein the one or more polymorphic authentication factors comprise one or more external risk factors,wherein the customer portal provided by the computing platform is associated with an online banking channel, andwherein dynamically selecting the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal comprises selecting the stringent authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal based on at least one external risk factor of the one or more external risk factors indicating that an attack has been attempted on another channel different from the online banking channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the one or more polymorphic authentication factors comprise one or more time-based factors.
  - 3. The method of claim 1, wherein the one or more polymorphic authentication factors comprise one or more counter-based factors.
  - 4. The method of claim 1, wherein the one or more polymorphic authentication factors comprise one or more geographic factors.
  - 5. The method of claim 1, wherein the one or more polymorphic authentication factors comprise one or more event-based factors.
  - 6. The method of claim 1, wherein the one or more polymorphic authentication factors comprise one or more user-specific factors.
  - 7. The method of claim 1, wherein providing the one or more authentication prompts to the user of the first computing device comprises:
    - generating at least one user interface configured to receive one or more authentication credentials; and
      
      causing the at least one user interface to be presented by the first computing device.
  - 8. The method of claim 1, wherein providing the one or more authentication prompts to the user of the first computing device comprises requesting the user of the first computing device to provide password input.
  - 9. The method of claim 1, wherein providing the one or more authentication prompts to the user of the first computing device comprises requesting the user of the first computing device to provide one-time passcode input.
  - 10. The method of claim 1, wherein providing the one or more authentication prompts to the user of the first computing device comprises requesting the user of the first computing device to provide biometric input.
  - 11. The method of claim 1, wherein providing the one or more authentication prompts to the user of the first computing device comprises causing at least two authentication prompts to be presented to the user of the first computing device in a specific order determined based on the one or more polymorphic authentication factors.
  - 12. The method of claim 1, comprising:
    - receiving, by the at least one processor, via the communication interface, and from a second computing device different from the first computing device, a request to access a second user account associated with the customer portal provided by the computing platform, the second user account being different from the first user account;
      
      in response to receiving the request to access the second user account, dynamically selecting, by the at least one processor, based on the one or more polymorphic authentication factors, a second authentication method for authenticating a user of the second computing device to the second user account associated with the customer portal, the second authentication method being selected from the plurality of predefined authentication methods;
      
      generating, by the at least one processor, one or more second authentication prompts based on the second authentication method selected for authenticating the user of the second computing device to the second user account associated with the customer portal; and
      
      providing, by the at least one processor, the one or more second authentication prompts to the user of the second computing device.
  - 13. The method of claim 12, wherein the second authentication method for authenticating the user of the second computing device to the second user account associated with the customer portal is different from the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal.
  - 14. The method of claim 13, wherein providing the one or more second authentication prompts to the user of the second computing device comprises providing at least one authentication prompt to the user of the second computing device that was not provided to the user of the first computing device.

15. A system, comprising:
- at least one processor;
  
  a communication interface communicatively coupled to the at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the system to;
  
  receive, via the communication interface, and from a first computing device, a request to access a first user account associated with a customer portal provided by the system, the customer portal comprising at least one online banking user interface configured to present information associated with one or more bank accounts maintained by a financial institution for a user associated with the first user account;
  
  in response to receiving the request to access the first user account, dynamically select, based on one or more polymorphic authentication factors, a first authentication method for authenticating a user of the first computing device to the first user account associated with the customer portal, the first authentication method being selected from a plurality of predefined authentication methods comprising a stringent authentication method and a baseline authentication method;
  
  generate one or more authentication prompts based on the first authentication method selected for authenticating the user of the first computing device to the first user account associated with the customer portal; and
  
  provide the one or more authentication prompts to the user of the first computing device,wherein the one or more polymorphic authentication factors comprise one or more external risk factors,wherein the customer portal provided by the system is associated with an online banking channel, andwherein dynamically selecting the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal comprises selecting the stringent authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal based on at least one external risk factor of the one or more external risk factors indicating that an attack has been attempted on another channel different from the online banking channel.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the system to:
    - receive, via the communication interface, and from a second computing device different from the first computing device, a request to access a second user account associated with the customer portal provided by the system, the second user account being different from the first user account;
      
      in response to receiving the request to access the second user account, dynamically select, based on the one or more polymorphic authentication factors, a second authentication method for authenticating a user of the second computing device to the second user account associated with the customer portal, the second authentication method being selected from the plurality of predefined authentication methods;
      
      generate one or more second authentication prompts based on the second authentication method selected for authenticating the user of the second computing device to the second user account associated with the customer portal; and
      
      provide the one or more second authentication prompts to the user of the second computing device.
  - 17. The system of claim 15, wherein providing the one or more authentication prompts to the user of the first computing device comprises causing at least two authentication prompts to be presented to the user of the first computing device in a specific order determined based on the one or more polymorphic authentication factors.
  - 18. The system of claim 16, wherein the second authentication method for authenticating the user of the second computing device to the second user account associated with the customer portal is different from the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal.
  - 19. The system of claim 18, wherein providing the one or more second authentication prompts to the user of the second computing device comprises providing at least one authentication prompt to the user of the second computing device that was not provided to the user of the first computing device.

20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
- receive, via the communication interface, and from a first computing device, a request to access a first user account associated with a customer portal provided by the computing platform, the customer portal comprising at least one online banking user interface configured to present information associated with one or more bank accounts maintained by a financial institution for a user associated with the first user account;
  
  in response to receiving the request to access the first user account, dynamically select, based on one or more polymorphic authentication factors, a first authentication method for authenticating a user of the first computing device to the first user account associated with the customer portal, the first authentication method being selected from a plurality of predefined authentication methods comprising a stringent authentication method and a baseline authentication method;
  
  generate one or more authentication prompts based on the first authentication method selected for authenticating the user of the first computing device to the first user account associated with the customer portal; and
  
  provide the one or more authentication prompts to the user of the first computing device,wherein the one or more polymorphic authentication factors comprise one or more external risk factors,wherein the customer portal provided by the computing platform is associated with an online banking channel, andwherein dynamically selecting the first authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal comprises selecting the stringent authentication method for authenticating the user of the first computing device to the first user account associated with the customer portal based on at least one external risk factor of the one or more external risk factors indicating that an attack has been attempted on another channel different from the online banking channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Dave, Apeksh M., Jamma, Vijayanand, Doriaraj, Vivekanand
Primary Examiner(s)
Zee, Edward

Application Number

US15/157,506
Publication Number

US 20160259931A1
Time in Patent Office

328 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/36   by graphic or iconic repres...

G06F 21/42   using separate channels for...

G06F 21/45   Structures or tools for the...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/108   when the policy decisions a...

Just in time polymorphic authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Just in time polymorphic authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links