Device validation using device fingerprint

US 9,832,193 B2
Filed: 05/09/2014
Issued: 11/28/2017
Est. Priority Date: 05/09/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus for validating a device, the apparatus comprising:

a memory;

a processor; and

a module stored in the memory, executable by the processor, and configured to;

receive an access request from a first device associated with a first-level employee to access an application,create a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device;

determine first device access, wherein determining the first device access further comprises;

receiving authentication credentials associated with the first-level employee associated with the first device; and

validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device;

transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device;

receive, via the second device, authentication credentials associated with the second-level employee;

validate the authentication credentials associated with the second-level employee received from the second device;

receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval;

determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device;

in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device;

in response to registering the first device, create an authenticated session;

wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device;

monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies;

determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and

enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to apparatuses, methods and computer program products for validating a device. An exemplary apparatus is configured to: determine a device accesses an application; determine whether the device is a trusted device based on a device fingerprint associated with the device; in response to determining the device is a trusted device, create an authenticated session; and enable performance of a transaction using the device during the authenticated session.

12 Citations

View as Search Results

17 Claims

1. An apparatus for validating a device, the apparatus comprising:
- a memory;
  
  a processor; and
  
  a module stored in the memory, executable by the processor, and configured to;
  
  receive an access request from a first device associated with a first-level employee to access an application,create a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device;
  
  determine first device access, wherein determining the first device access further comprises;
  
  receiving authentication credentials associated with the first-level employee associated with the first device; and
  
  validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device;
  
  transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device;
  
  receive, via the second device, authentication credentials associated with the second-level employee;
  
  validate the authentication credentials associated with the second-level employee received from the second device;
  
  receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval;
  
  determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device;
  
  in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device;
  
  in response to registering the first device, create an authenticated session;
  
  wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device;
  
  monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies;
  
  determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and
  
  enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the first device comprises a mobile device.
  - 3. The apparatus of claim 1, wherein the first device comprises a tablet computing device.
  - 4. The apparatus of claim 1, wherein the device fingerprint is associated with a device token.
  - 5. The apparatus of claim 1, wherein the device fingerprint is encrypted.
  - 6. The apparatus of claim 1, wherein the application comprises a financial institution application.
  - 7. The system of claim 1, wherein the device fingerprint is further based on a plug-in installed on the first device.

8. A method for validating a device, the method comprising:
- receiving, using a computing device processor, an access request from a first device associated with a first-level employee to access an application;
  
  creating a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device;
  
  determining, using a computing device, first device access, wherein determining the first device access further comprises;
  
  receiving authentication credentials associated with the first-level employee associated with the first device; and
  
  validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device;
  
  transmitting, using a computing device processor, the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device;
  
  receiving via the second device, using a computing device processor, authentication credentials associated with the second-level employee;
  
  validating, using a computing device processor, the authentication credentials associated with the second-level employee received from the second device;
  
  receiving, using a computing device processor, the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval;
  
  determining, using a computing device processor, that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the device is a trusted device;
  
  in response to determining that the device is a trusted device, registering, using a computing device processor, the device based on the device fingerprint associated with the device;
  
  in response to registering the first device, creating, using a computing device processor, an authenticated session;
  
  wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device;
  
  monitoring, using a computing device processor, one or more interactions between the device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine thatthere is a change in the device fingerprint associated with the first device, wherein thechange in the device fingerprint comprises creating or deleting at least one of the cookies;
  
  determining, using a computing device processor, that the change is within a predetermined threshold level of change while monitoring the one ormore interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and
  
  enabling, using a computing device processor, continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the device fingerprint is further based on a plugin installed on the first device.
  - 10. The method of claim 8, wherein the device fingerprint is associated with a device token.
  - 11. The method of claim 8, wherein the device fingerprint is encrypted.
  - 12. The method of claim 8, wherein the application comprises a financial institution application.

13. A computer program product for validating a device, the computer program product comprising:
- a non-transitory computer-readable medium comprising a set of codes for causing a computer to;
  
  receive an access request from a first device associated with a first-level employee to access an application;
  
  create a device fingerprint associated with the first device on a screen resolution of the first device, an operating system of the first device, and a browser on the first device,determine first device access, wherein determining the first device access further comprises;
  
  receiving authentication credentials associated with the first-level employee associated with the first device; and
  
  validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based onat least the device fingerprint associated with the first device;
  
  transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device;
  
  receive, via the second device, authentication credentials associated with the second-level employee;
  
  validate the authentication credentials associated with the second-level employee received from the second device;
  
  receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval;
  
  determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device;
  
  in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device;
  
  in response to registering the first device, create an authenticated session;
  
  wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device;
  
  monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies;
  
  determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and
  
  enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the device fingerprint is further based on a plug-in installed on the first device.
  - 15. The computer program product of claim 13, wherein the device fingerprint is associated with a device token.
  - 16. The computer program product of claim 13, wherein the device fingerprint is encrypted.
  - 17. The computer program product of claim 13, wherein the application comprises a financial institution application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Amaladoss, Vijayanandraj, Saar, Andrew L., Carpenter, Daniel Lynn
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Jones, William B

Application Number

US14/274,115
Publication Number

US 20150326574A1
Time in Patent Office

1,299 Days
Field of Search

726 5, 713182
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/0272   Virtual private networks

H04L 63/0876   based on the identity of th...

H04L 67/14   Session management for real...

Device validation using device fingerprint

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Device validation using device fingerprint

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others