Ensuring information security using one-time tokens

US 9,692,752 B2
Filed: 11/17/2014
Issued: 06/27/2017
Est. Priority Date: 11/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a computing platform, a request to register a mobile device as a push notification recipient;

based on receiving the request to register the mobile device as the push notification recipient, storing, by the computing platform, device information for the mobile device to register the mobile device as a registered mobile device linked to a user account;

generating, by the computing platform, a certificate for the registered mobile device based on the device information stored for the mobile device and a private key maintained by the registered mobile device;

sending, by the computing platform, to the registered mobile device, the certificate generated by computing platform for the registered mobile device;

receiving, by the computing platform, and from a user computing device, a request to access an online banking portal using the user account, wherein the online banking portal comprises a customer-facing online banking website that is provided by a financial institution operating the computing platform, the customer-facing online banking website comprising a plurality of interactive user interfaces configured to allow one or more users of the customer-facing online banking website to access financial account information maintained by the financial institution operating the computing platform, transfer funds between financial accounts maintained by the financial institution operating the computing platform, and request and perform transactions using financial accounts maintained by the financial institution operating the computing platform;

based on receiving the request to access the online banking portal, generating, by the computing platform, a notification for the registered mobile device linked to the user account;

sending, by the computing platform, the notification to the registered mobile device;

after sending the notification to the registered mobile device, receiving, by the computing platform, from the registered mobile device, a message indicating that a user of the registered mobile device has been authenticated by a mobile banking application on the registered mobile device, wherein the mobile banking application on the registered mobile device authenticates the user of the registered mobile device based on biometric input received from the user of the registered mobile device;

generating, by the computing platform, a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;

encrypting, by the computing platform, the one-time token message based on the certificate generated by computing platform for the registered mobile device;

sending, by the computing platform, the one-time token message to the registered mobile device;

receiving, by the computing platform, token response input from the registered mobile device;

if the token response input does not authorize the user computing device to access the online banking portal using the user account, preventing, by the computing platform, the user computing device from accessing the online banking portal using the user account;

if the token response input does authorize the user computing device to access the online banking portal using the user account, providing, by the computing platform, the user computing device with access to the online banking portal using the user account;

receiving, by the computing platform, via the online banking portal, and from the user computing device, a request to perform a transaction involving at least one financial account linked to the user account, the request to perform the transaction involving the at least one financial account linked to the user account being created on the online banking portal via at least one user interface of the customer-facing online banking web site that is provided by the financial institution operating the computing platform, wherein the request to perform the transaction involving the at least one financial account linked to the user account comprises a request to register a new device as a push notification recipient with the financial institution operating the computing platform;

based on receiving the request to perform the transaction, generating, by the computing platform, a second notification for the registered mobile device linked to the user account;

sending, by the computing platform, the second notification to the registered mobile device;

after sending the second notification to the registered mobile device, generating, by the computing platform, a second one-time token message that includes a prompt for authorizing the transaction;

encrypting, by the computing platform, the second one-time token message based on the certificate generated by computing platform for the registered mobile device;

sending, by the computing platform, the second one-time token message to the registered mobile device;

receiving, by the computing platform, second token response input from the registered mobile device;

if the second token response input does not authorize the transaction, canceling, by the computing platform, the request to perform the transaction; and

if the second token response input does authorize the transaction, causing, by the computing platform, the transaction to be performed,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the one-time token message to the user of the registered mobile device, the mobile banking application being associated with the financial institution operating the computing platform,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the second one-time token message to the user of the registered mobile device, andwherein the second notification deep links to a user interface of the mobile banking application that includes a list of pending one-time token requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media for ensuring information security using one-time tokens are presented. In one or more embodiments, a computing platform may receive, from a user device, a request to access an online banking portal using a user account. Based on the request, the computing platform may generate and send a notification to a registered mobile device linked to the user account. After sending the notification, the computing platform may generate a one-time token message that includes a prompt for authorizing the user device to access the online banking portal using the user account. The computing platform then may send the one-time token message to the mobile device and receive token response input from the mobile device. Based on the input, the computing platform may prevent the user device from accessing the online banking portal or, alternatively, may provide the user device with access to the online banking portal.

86 Citations

View as Search Results

15 Claims

1. A method, comprising:
- receiving, by a computing platform, a request to register a mobile device as a push notification recipient;
  
  based on receiving the request to register the mobile device as the push notification recipient, storing, by the computing platform, device information for the mobile device to register the mobile device as a registered mobile device linked to a user account;
  
  generating, by the computing platform, a certificate for the registered mobile device based on the device information stored for the mobile device and a private key maintained by the registered mobile device;
  
  sending, by the computing platform, to the registered mobile device, the certificate generated by computing platform for the registered mobile device;
  
  receiving, by the computing platform, and from a user computing device, a request to access an online banking portal using the user account, wherein the online banking portal comprises a customer-facing online banking website that is provided by a financial institution operating the computing platform, the customer-facing online banking website comprising a plurality of interactive user interfaces configured to allow one or more users of the customer-facing online banking website to access financial account information maintained by the financial institution operating the computing platform, transfer funds between financial accounts maintained by the financial institution operating the computing platform, and request and perform transactions using financial accounts maintained by the financial institution operating the computing platform;
  
  based on receiving the request to access the online banking portal, generating, by the computing platform, a notification for the registered mobile device linked to the user account;
  
  sending, by the computing platform, the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, receiving, by the computing platform, from the registered mobile device, a message indicating that a user of the registered mobile device has been authenticated by a mobile banking application on the registered mobile device, wherein the mobile banking application on the registered mobile device authenticates the user of the registered mobile device based on biometric input received from the user of the registered mobile device;
  
  generating, by the computing platform, a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  encrypting, by the computing platform, the one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  sending, by the computing platform, the one-time token message to the registered mobile device;
  
  receiving, by the computing platform, token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, preventing, by the computing platform, the user computing device from accessing the online banking portal using the user account;
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, providing, by the computing platform, the user computing device with access to the online banking portal using the user account;
  
  receiving, by the computing platform, via the online banking portal, and from the user computing device, a request to perform a transaction involving at least one financial account linked to the user account, the request to perform the transaction involving the at least one financial account linked to the user account being created on the online banking portal via at least one user interface of the customer-facing online banking web site that is provided by the financial institution operating the computing platform, wherein the request to perform the transaction involving the at least one financial account linked to the user account comprises a request to register a new device as a push notification recipient with the financial institution operating the computing platform;
  
  based on receiving the request to perform the transaction, generating, by the computing platform, a second notification for the registered mobile device linked to the user account;
  
  sending, by the computing platform, the second notification to the registered mobile device;
  
  after sending the second notification to the registered mobile device, generating, by the computing platform, a second one-time token message that includes a prompt for authorizing the transaction;
  
  encrypting, by the computing platform, the second one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  sending, by the computing platform, the second one-time token message to the registered mobile device;
  
  receiving, by the computing platform, second token response input from the registered mobile device;
  
  if the second token response input does not authorize the transaction, canceling, by the computing platform, the request to perform the transaction; and
  
  if the second token response input does authorize the transaction, causing, by the computing platform, the transaction to be performed,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the one-time token message to the user of the registered mobile device, the mobile banking application being associated with the financial institution operating the computing platform,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the second one-time token message to the user of the registered mobile device, andwherein the second notification deep links to a user interface of the mobile banking application that includes a list of pending one-time token requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the notification is sent to the registered mobile device using a push notification service associated with an operating system of the registered mobile device.
  - 3. The method of claim 1, wherein the registered mobile device decrypts the one-time token message based on the certificate to present the prompt for authorizing the user computing device to access the online banking portal using the user account.
  - 4. The method of claim 1, wherein the registered mobile device decrypts the second one-time token message based on the certificate to present the prompt for authorizing the transaction.
  - 5. The method of claim 1, wherein the mobile banking application provides a soft login functionality that causes the mobile banking application to present a user interface that includes the list of pending one-time token requests without requiring user authentication.
  - 6. The method of claim 1, wherein the second one-time token has a time-to-live parameter that causes the second one-time token to expire after a predetermined amount of time elapses.
  - 7. The method of claim 1, wherein the computing platform is configured to generate an additional one-time token for authorizing a request to register a new device as a push notification recipient.
  - 8. The method of claim 1, wherein the computing platform is configured to generate an additional one-time token for authorizing a request to transfer an amount of funds that exceeds a predetermined threshold amount.
  - 9. The method of claim 1, wherein the request to perform the transaction involving the at least one financial account linked to the user account further comprises one or more of:
    - a request to execute a particular transaction involving one or more financial accounts maintained by the financial institution operating the computing platform, a request to pay one or more bills via an online bill pay interface provided by the financial institution operating the computing platform, a request to transfer funds to another account using at least one financial account maintained by the financial institution operating the computing platform, a request to execute a brokerage transaction using at least one financial account maintained by the financial institution operating the computing platform, or a request to perform a transaction involving a home equity line of credit using at least one financial account maintained by the financial institution operating the computing platform.
  - 10. The method of claim 1,wherein the one-time token message has a first time-to-live parameter that causes the one-time token to expire after a first predetermined amount of time elapses,wherein the second one-time token has a second time-to-live parameter that causes the second one-time token to expire after a second predetermined amount of time elapses, andwherein the first time-to-live parameter that causes the one-time token to expire after the first predetermined amount of time elapses is different from the second time-to-live parameter that causes the second one-time token to expire after the second predetermined amount of time elapses.
  - 11. The method of claim 10, wherein the second time-to-live parameter that causes the second one-time token to expire after the second predetermined amount of time elapses is selected based on a type of request corresponding to the second one-time token.
  - 12. The method of claim 10, comprising:
    - canceling, by the computing platform, the request to perform the transaction based on the second one-time token expiring.
  - 13. The method of claim 1, comprising:
    - after registering the new device as a push notification recipient with the financial institution operating the computing platform;
      
      sending, by the computing platform, to the registered mobile device, one or more one-time token messages corresponding to one or more tokenized requests associated with the user account; and
      
      sending, by the computing platform, to the new device, the one or more one-time token messages corresponding to the one or more tokenized requests associated with the user account.

14. A computing platform, comprising:
- at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
  
  receive a request to register a mobile device as a push notification recipient;
  
  based on receiving the request to register the mobile device as the push notification recipient, store device information for the mobile device to register the mobile device as a registered mobile device linked to a user account;
  
  generate a certificate for the registered mobile device based on the device information stored for the mobile device and a private key maintained by the registered mobile device;
  
  send, to the registered mobile device, the certificate generated by computing platform for the registered mobile device;
  
  receive, from a user computing device, a request to access an online banking portal using the user account, wherein the online banking portal comprises a customer-facing online banking website that is provided by a financial institution operating the computing platform, the customer-facing online banking website comprising a plurality of interactive user interfaces configured to allow one or more users of the customer-facing online banking website to access financial account information maintained by the financial institution operating the computing platform, transfer funds between financial accounts maintained by the financial institution operating the computing platform, and request and perform transactions using financial accounts maintained by the financial institution operating the computing platform;
  
  based on receiving the request to access the online banking portal, generate a notification for the registered mobile device linked to the user account;
  
  send the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, receive, from the registered mobile device, a message indicating that a user of the registered mobile device has been authenticated by a mobile banking application on the registered mobile device, wherein the mobile banking application on the registered mobile device authenticates the user of the registered mobile device based on biometric input received from the user of the registered mobile device;
  
  generate a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  encrypt the one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  send the one-time token message to the registered mobile device;
  
  receive token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, prevent the user computing device from accessing the online banking portal using the user account;
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, provide the user computing device with access to the online banking portal using the user account;
  
  receive, via the online banking portal, and from the user computing device, a request to perform a transaction involving at least one financial account linked to the user account, the request to perform the transaction involving the at least one financial account linked to the user account being created on the online banking portal via at least one user interface of the customer-facing online banking web site that is provided by the financial institution operating the computing platform, wherein the request to perform the transaction involving the at least one financial account linked to the user account comprises a request to register a new device as a push notification recipient with the financial institution operating the computing platform;
  
  based on receiving the request to perform the transaction, generate a second notification for the registered mobile device linked to the user account;
  
  send the second notification to the registered mobile device;
  
  after sending the second notification to the registered mobile device, generate a second one-time token message that includes a prompt for authorizing the transaction;
  
  encrypt the second one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  send the second one-time token message to the registered mobile device;
  
  receive second token response input from the registered mobile device;
  
  if the second token response input does not authorize the transaction, cancel the request to perform the transaction; and
  
  if the second token response input does authorize the transaction, cause the transaction to be performed,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the one-time token message to the user of the registered mobile device, the mobile banking application being associated with the financial institution operating the computing platform,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the second one-time token message to the user of the registered mobile device, andwherein the second notification deep links to a user interface of the mobile banking application that includes a list of pending one-time token requests.

15. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor and memory, cause the computing platform to:
- receive a request to register a mobile device as a push notification recipient;
  
  based on receiving the request to register the mobile device as the push notification recipient, store device information for the mobile device to register the mobile device as a registered mobile device linked to a user account;
  
  generate a certificate for the registered mobile device based on the device information stored for the mobile device and a private key maintained by the registered mobile device;
  
  send, to the registered mobile device, the certificate generated by computing platform for the registered mobile device;
  
  receive, from a user computing device, a request to access an online banking portal using the user account, wherein the online banking portal comprises a customer-facing online banking website that is provided by a financial institution operating the computing platform, the customer-facing online banking website comprising a plurality of interactive user interfaces configured to allow one or more users of the customer-facing online banking website to access financial account information maintained by the financial institution operating the computing platform, transfer funds between financial accounts maintained by the financial institution operating the computing platform, and request and perform transactions using financial accounts maintained by the financial institution operating the computing platform;
  
  based on receiving the request to access the online banking portal, generate a notification for the registered mobile device linked to the user account;
  
  send the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, receive, from the registered mobile device, a message indicating that a user of the registered mobile device has been authenticated by a mobile banking application on the registered mobile device, wherein the mobile banking application on the registered mobile device authenticates the user of the registered mobile device based on biometric input received from the user of the registered mobile device;
  
  generate a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  encrypt the one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  send the one-time token message to the registered mobile device;
  
  receive token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, prevent the user computing device from accessing the online banking portal using the user account;
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, provide the user computing device with access to the online banking portal using the user account;
  
  receive, via the online banking portal, and from the user computing device, a request to perform a transaction involving at least one financial account linked to the user account, the request to perform the transaction involving the at least one financial account linked to the user account being created on the online banking portal via at least one user interface of the customer-facing online banking website that is provided by the financial institution operating the computing platform, wherein the request to perform the transaction involving the at least one financial account linked to the user account comprises a request to register a new device as a push notification recipient with the financial institution operating the computing platform;
  
  based on receiving the request to perform the transaction, generate a second notification for the registered mobile device linked to the user account;
  
  send the second notification to the registered mobile device;
  
  after sending the second notification to the registered mobile device, generate a second one-time token message that includes a prompt for authorizing the transaction;
  
  encrypt the second one-time token message based on the certificate generated by computing platform for the registered mobile device;
  
  send the second one-time token message to the registered mobile device;
  
  receive second token response input from the registered mobile device;
  
  if the second token response input does not authorize the transaction, cancel the request to perform the transaction; and
  
  if the second token response input does authorize the transaction, cause the transaction to be performed,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the one-time token message to the user of the registered mobile device, the mobile banking application being associated with the financial institution operating the computing platform,wherein the mobile banking application on the registered mobile device is configured to present the prompt included in the second one-time token message to the user of the registered mobile device, andwherein the second notification deep links to a user interface of the mobile banking application that includes a list of pending one-time token requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Keys, Andrew T.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US14/542,935
Publication Number

US 20160140550A1
Time in Patent Office

953 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/385   using an alias or single-us...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

Ensuring information security using one-time tokens

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

86 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Ensuring information security using one-time tokens

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links