Ensuring Information Security Using One-Time Tokens

US 20160140550A1
Filed: 11/17/2014
Published: 05/19/2016
Est. Priority Date: 11/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a computing platform, and from a user computing device, a request to access an online banking portal using a user account;

based on the request to access the online banking portal, generating, by the computing platform, a notification for a registered mobile device linked to the user account;

sending, by the computing platform, the notification to the registered mobile device;

after sending the notification to the registered mobile device, generating, by the computing platform, a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;

sending, by the computing platform, the one-time token message to the registered mobile device;

receiving, by the computing platform, token response input from the registered mobile device;

if the token response input does not authorize the user computing device to access the online banking portal using the user account, preventing, by the computing platform, the user computing device from accessing the online banking portal using the user account; and

if the token response input does authorize the user computing device to access the online banking portal using the user account, providing, by the computing platform, the user computing device with access to the online banking portal using the user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media for ensuring information security using one-time tokens are presented. In one or more embodiments, a computing platform may receive, from a user device, a request to access an online banking portal using a user account. Based on the request, the computing platform may generate and send a notification to a registered mobile device linked to the user account. After sending the notification, the computing platform may generate a one-time token message that includes a prompt for authorizing the user device to access the online banking portal using the user account. The computing platform then may send the one-time token message to the mobile device and receive token response input from the mobile device. Based on the input, the computing platform may prevent the user device from accessing the online banking portal or, alternatively, may provide the user device with access to the online banking portal.

Citations

20 Claims

1. A method, comprising:
- receiving, by a computing platform, and from a user computing device, a request to access an online banking portal using a user account;
  
  based on the request to access the online banking portal, generating, by the computing platform, a notification for a registered mobile device linked to the user account;
  
  sending, by the computing platform, the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, generating, by the computing platform, a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  sending, by the computing platform, the one-time token message to the registered mobile device;
  
  receiving, by the computing platform, token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, preventing, by the computing platform, the user computing device from accessing the online banking portal using the user account; and
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, providing, by the computing platform, the user computing device with access to the online banking portal using the user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising:
    - prior to generating the one-time token message, receiving, by the computing platform, from the registered mobile device, a message indicating that a user of the registered mobile device has been authenticated by a mobile banking application on the registered mobile device.
  - 3. The method of claim 2, wherein the mobile banking application on the registered mobile device authenticates the user of the registered mobile device based on biometric input received from the user of the registered mobile device.
  - 4. The method of claim 1, wherein the notification is sent to the registered mobile device using a push notification service associated with an operating system of the registered mobile device.
  - 5. The method of claim 4, further comprising:
    - prior to receiving the request to access the online banking portal using the user account;
      
      receiving, by the computing platform, a request to register the registered mobile device as a push notification recipient; and
      
      based on the request to register the registered mobile device, storing, by the computing platform, device information for the registered mobile device.
  - 6. The method of claim 5, further comprising:
    - after receiving the request to register the registered mobile device;
      
      causing, by the computing platform, a certificate to be produced for the registered mobile device; and
      
      causing, by the computing platform, the certificate to be provided to the registered mobile device.
  - 7. The method of claim 6, wherein the one-time token message is encrypted based on the certificate before the one-time token message is sent to the registered mobile device.
  - 8. The method of claim 7, wherein the registered mobile device decrypts the one-time token message based on the certificate to present the prompt for authorizing the user computing device to access the online banking portal using the user account.
  - 9. The method of claim 1, wherein a mobile banking application on the registered mobile device is configured to present the prompt included in the one-time token message to a user of the registered mobile device.
  - 10. The method of claim 1, further comprising:
    - receiving, by the computing platform, via the online banking portal, and from the user computing device, a request to perform a transaction involving at least one financial account linked to the user account;
      
      based on the request to perform the transaction, generating, by the computing platform, a second notification for the registered mobile device linked to the user account;
      
      sending, by the computing platform, the second notification to the registered mobile device;
      
      after sending the second notification to the registered mobile device, generating, by the computing platform, a second one-time token message that includes a prompt for authorizing the transaction;
      
      sending, by the computing platform, the second one-time token message to the registered mobile device;
      
      receiving, by the computing platform, second token response input from the registered mobile device;
      
      if the second token response input does not authorize the transaction, canceling, by the computing platform, the request to perform the transaction; and
      
      if the second token response input does authorize the transaction, causing, by the computing platform, the transaction to be performed.
  - 11. The method of claim 10, wherein the second one-time token message is encrypted based on a certificate associated with the registered mobile device before the second one-time token message is sent to the registered mobile device.
  - 12. The method of claim 11, wherein the registered mobile device decrypts the second one-time token message based on the certificate to present the prompt for authorizing the transaction.
  - 13. The method of claim 10, wherein a mobile banking application on the registered mobile device is configured to present the prompt included in the second one-time token message to a user of the registered mobile device.
  - 14. The method of claim 13, wherein the mobile banking application provides a soft login functionality that causes the mobile banking application to present a user interface that includes a list of pending one-time token requests without requiring user authentication.
  - 15. The method of claim 13, wherein the second notification deep links to the user interface of the mobile banking application that includes the list of pending one-time token requests.
  - 16. The method of claim 13, wherein the second one-time token has a time-to-live parameter that causes the second one-time token to expire after a predetermined amount of time elapses.
  - 17. The method of claim 10, wherein the computing platform is configured to generate an additional one-time token for authorizing a request to register a new device as a push notification recipient.
  - 18. The method of claim 10, wherein the computing platform is configured to generate an additional one-time token for authorizing a request to transfer an amount of funds that exceeds a predetermined threshold amount.

19. A system, comprising:
- at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the system to;
  
  receive, from a user computing device, a request to access an online banking portal using a user account;
  
  based on the request to access the online banking portal, generate a notification for a registered mobile device linked to the user account;
  
  send the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, generate a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  send the one-time token message to the registered mobile device;
  
  receive token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, prevent the user computing device from accessing the online banking portal using the user account; and
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, provide the user computing device with access to the online banking portal using the user account.

20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor and memory, cause the computing platform to:
- receive, from a user computing device, a request to access an online banking portal using a user account;
  
  based on the request to access the online banking portal, generate a notification for a registered mobile device linked to the user account;
  
  send the notification to the registered mobile device;
  
  after sending the notification to the registered mobile device, generate a one-time token message that includes a prompt for authorizing the user computing device to access the online banking portal using the user account;
  
  send the one-time token message to the registered mobile device;
  
  receive token response input from the registered mobile device;
  
  if the token response input does not authorize the user computing device to access the online banking portal using the user account, prevent the user computing device from accessing the online banking portal using the user account; and
  
  if the token response input does authorize the user computing device to access the online banking portal using the user account, provide the user computing device with access to the online banking portal using the user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Keys, Andrew T.

Granted Patent

US 9,692,752 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/385   using an alias or single-us...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

Ensuring Information Security Using One-Time Tokens

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ensuring Information Security Using One-Time Tokens

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links