Bank of America Corporation

At&t Mobility II LLC

At&t Wireless Services, Inc.

Cingular Wireless Ii, LLC

Hitesh Shah

Michael E Toth

Xianhong Zhang

David W Holmes

Srinivasa Rao Goriparthi

Patrick Nicholas Lawrence

Victoria Lynn Dravneek

Umesh J Amin

John Christopher Checco

Jesse Strickland Newsom, Iii

Glenn Blumstein

Ketan Kamdar

Craig Douglas Widmann

Scott Anderson Sims

Andrew DongHo Kim

Dharmender Kumar Satija

Michael Joseph Carroll

Kolt Bell

Elliot Piatetsky

Sai Kishan Alapati

Kalyan V Pasumarthi

Stephen M Schneeweis

Archie Agrawal

Yu Fu

Matthew M Choiniere

Jeffrey Jacoby

Methods, apparatus, and systems for two-factor authentication leveraging graphical passwords and behavioral data are provided. Methods may include creating a two-factor authentication model for logging into a user account. The two-factor authentication model may include a first graphical password and first behavioral data corresponding to biometric characteristics of the creating of the graphical password. Methods may include receiving a login request from the user. Methods may include receiving, from the user, a second graphical password and second behavioral data. Methods may include identifying first comparison points between the second graphical password and the first graphical password. In parallel, methods may include identifying second comparison points between the second behavioral data and the first behavioral data. Methods may include logging the user into the account in response to a determination that a sum of the first and second comparison points is greater than a threshold value.

Enhanced authentication leveraging graphical passwords and behavioral data

Aspects of the disclosure relate to utilizing federated user identifiers to enable secure information sharing. A computing platform may receive, from an external application host platform, a federated login request comprising user identification information associated with a user account. Based on receiving the federated login request, the computing platform may send, to a client computing device linked to the user account, a push notification prompting a user of the client computing device to authenticate. Then, the computing platform may authenticate the user of the client computing device to the user account. Based on authenticating the user, the computing platform may generate an orchestration message directing a data hub platform to initiate a validated data transfer with the external application host platform and may send the orchestration message to the data hub platform to initiate a transfer of external information associated with the user of the client computing device.

Utilizing federated user identifiers to enable secure information sharing

Aspects of the disclosure relate to dynamically generating activity prompts to build and refine machine learning authentication models. A computing platform may process a first set of login events associated with a first user account and may build a first user-specific authentication model for the first user account. Then, the computing platform may process a second set of login events associated with a second user account and may build a second user-specific authentication model for the second user account. The computing platform also may build a population-level authentication model for a plurality of user accounts. Thereafter, the computing platform may identify one or more activity parameters associated with at least one authentication model for refinement. Subsequently, the computing platform may generate and send one or more activity prompts to one or more client computing devices to request at least one user response.

Dynamically generating activity prompts to build and refine machine learning authentication models

Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned user behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture behavioral parameters associated with the client computing device and may evaluate the behavioral parameters using a behavioral profile associated with the user account to determine a behavioral deviation score. Based on the behavioral deviation score, the computing platform may select an authentication action from a plurality of pre-defined authentication actions. Subsequently, the computing platform may generate commands directing an account portal computing platform to allow access, conditionally allow access, or prevent access based on the selected authentication action. Then, the computing platform may send the commands to the account portal computing platform.

Processing authentication requests to secured information systems based on machine-learned user behavior profiles

Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and activity data associated with one or more interactions with one or more non-authenticated pages. Then, the computing platform may evaluate the one or more behavioral parameters and the activity data using a behavioral profile associated with the user account. Based on this evaluation, the computing platform may identify the authentication request as malicious and may generate and send one or more denial-of-access commands to prevent the client computing device from accessing the one or more secured information resources associated with the user account.

Processing authentication requests to secured information systems using machine-learned user-account behavior profiles

Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced biometric authentication techniques. A computing device may receive input requesting to login to a user account associated with a mobile banking application installed on the computing device. The computing device may send, to a client authentication computing platform, a first authentication request and receive, from the client authentication computing platform, one or more authentication prompt commands. The computing device then may present one or more authentication prompts and collect, from one or more linked wearable devices, one or more advanced biometrics. After validating the one or more advanced biometrics, the computing device may send, to the client authentication computing platform, authentication response data. Thereafter, the computing device may receive mobile banking user interface information and present one or more mobile banking user interfaces.

Preventing unauthorized access to secure information systems using advanced biometric authentication techniques

A method for authenticating to a network comprising a plurality of Internet of Things ('IoT') devices is provided. The method may include using a mobile telephone apparatus, a wrist-worn apparatus and a head-worn apparatus to monitor the level of at least one of a wearer's pulse, body temperature, voice, gait and/or other biorhythmic indicator. One of the aforementioned apparatus may operate as a hub apparatus. The method may further include using the hub apparatus to assign a federated biometric marker based at least in part on the first, second and third biometric markers. The method may also include using artificial intelligence to monitor for one or more outliers with respect to historical monitoring. Each of the one or more outliers may include a magnitude that exceeds a security threshold difference between the current magnitude and the historically monitored magnitude. When the difference in magnitude exceeds a security threshold difference between the current magnitude and the historically monitored magnitude the method may quarantine apparatus associated with the outlier.

Multi-biometric-factor, internet of things (IoT), secured network

Processing authentication requests to secured information systems based on user behavior profiles

Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned event profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account in a client portal session. The computing platform may capture one or more behavioral parameters and may generate one or more authentication prompts. Thereafter, the computing platform may receive one or more authentication prompt responses and may evaluate an event pattern. Based on evaluating the event pattern and validating the one or more authentication prompt responses, the computing platform may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources associated with the user account in the client portal session.

Processing authentication requests to secured information systems based on machine-learned event profiles

Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and may authenticate the user of the client computing device to the user account based on the one or more behavioral parameters and one or more authentication credentials. The computing platform then may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources. Subsequently, the computing platform may capture activity data associated with one or more interactions in a client portal session and may update a behavioral profile associated with the user account.

Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced pre-authentication techniques. A computing platform may receive, from a local traffic manager, a first enriched access request associated with a first remote computing device. Then, the computing platform may apply a pre-authentication classification model to the first enriched access request associated with the first remote computing device. Thereafter, the computing platform may determine that the first enriched access request associated with the first remote computing device is likely malicious. Then, the computing platform may generate one or more first pre-authentication response commands directing client portal server infrastructure to process the first enriched access request associated with the first remote computing device as a malicious request. Subsequently, the computing platform may send the one or more first pre-authentication response commands to the client portal server infrastructure.

Preventing unauthorized access to secure information systems using advanced pre-authentication techniques

Systems for providing secure access to systems are provided. A computing device may receive a request to access functionality which may include login credentials of a user. Upon receiving the request to access functionality, the computing device may execute a scan of an area surrounding the computing device to detect any wearable devices within proximity of the computing device that are linked to the computing device. The authenticating information and, in some examples, detected, linked wearable device, may be validated. Based on the validation, authentication response data may be generated and transmitted to an authentication computing platform which may cause the authentication computing platform to validate the authentication response data and cause the computing device to connect to a client interface computing platform. After a connection between the computing device and client interface computing platform is established, interface data may be transmitted from the client interface computing platform to the computing device and one or more interfaces may be displayed on the computing device.

Growing community of inventors

Seattle, WA, United States of America

Hitesh Shah