公开(公告)号：US20200184051A1

公开(公告)日：2020-06-11

申请号：US16210062

申请日：2018-12-05

Applicant: Bank of America Corporation

Inventor： Michael E. Toth ,  Xianhong Zhang ,  Hitesh Shah ,  Srinivasa Rao Goriparthi

IPC: G06F21/31 ,  G06F21/41 ,  H04L29/06 ,  G06N20/00

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and activity data associated with one or more interactions with one or more non-authenticated pages. Then, the computing platform may evaluate the one or more behavioral parameters and the activity data using a behavioral profile associated with the user account. Based on this evaluation, the computing platform may identify the authentication request as malicious and may generate and send one or more denial-of-access commands to prevent the client computing device from accessing the one or more secured information resources associated with the user account.

公开(公告)号：US20190258786A1

公开(公告)日：2019-08-22

申请号：US15898827

申请日：2018-02-19

Applicant: Bank of America Corporation

Inventor： Hitesh Shah ,  Michael Toth

IPC: G06F21/32 ,  G06Q20/10 ,  H04L29/06 ,  G06Q20/36

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced biometric authentication techniques. A computing device may receive input requesting to login to a user account associated with a mobile banking application installed on the computing device. The computing device may send, to a client authentication computing platform, a first authentication request and receive, from the client authentication computing platform, one or more authentication prompt commands. The computing device then may present one or more authentication prompts and collect, from one or more linked wearable devices, one or more advanced biometrics. After validating the one or more advanced biometrics, the computing device may send, to the client authentication computing platform, authentication response data. Thereafter, the computing device may receive mobile banking user interface information and present one or more mobile banking user interfaces.

公开(公告)号：US11176230B2

公开(公告)日：2021-11-16

申请号：US16210010

申请日：2018-12-05

Applicant: Bank of America Corporation

Inventor： Michael E. Toth ,  Hitesh Shah ,  Xianhong Zhang

IPC: G06F21/31 ,  G06F21/62 ,  H04L29/08 ,  G06N20/00

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned user behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture behavioral parameters associated with the client computing device and may evaluate the behavioral parameters using a behavioral profile associated with the user account to determine a behavioral deviation score. Based on the behavioral deviation score, the computing platform may select an authentication action from a plurality of pre-defined authentication actions. Subsequently, the computing platform may generate commands directing an account portal computing platform to allow access, conditionally allow access, or prevent access based on the selected authentication action. Then, the computing platform may send the commands to the account portal computing platform.

公开(公告)号：US20210286872A1

公开(公告)日：2021-09-16

申请号：US17332557

申请日：2021-05-27

Applicant: Bank of America Corporation

Inventor： Michael E. Toth ,  Hitesh Shah

IPC: G06F21/45 ,  G06N20/00 ,  G06F21/31

Abstract: Aspects of the disclosure relate to dynamically generating activity prompts to build and refine machine learning authentication models. A computing platform may process a first set of login events associated with a first user account and may build a first user-specific authentication model for the first user account. Then, the computing platform may process a second set of login events associated with a second user account and may build a second user-specific authentication model for the second user account. The computing platform also may build a population-level authentication model for a plurality of user accounts. Thereafter, the computing platform may identify one or more activity parameters associated with at least one authentication model for refinement. Subsequently, the computing platform may generate and send one or more activity prompts to one or more client computing devices to request at least one user response.

公开(公告)号：US11113370B2

公开(公告)日：2021-09-07

申请号：US16210042

申请日：2018-12-05

Applicant: Bank of America Corporation

Inventor： Michael E. Toth ,  Xianhong Zhang ,  Hitesh Shah ,  Srinivasa Rao Goriparthi

IPC: G06F21/31 ,  G06F21/41 ,  H04L29/06 ,  G06N20/00

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and may authenticate the user of the client computing device to the user account based on the one or more behavioral parameters and one or more authentication credentials. The computing platform then may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources. Subsequently, the computing platform may capture activity data associated with one or more interactions in a client portal session and may update a behavioral profile associated with the user account.

公开(公告)号：US11048793B2

公开(公告)日：2021-06-29

申请号：US16210092

申请日：2018-12-05

Applicant: Bank of America Corporation

Inventor： Michael E. Toth ,  Hitesh Shah

IPC: G06F21/31 ,  G06F21/45 ,  G06N20/00

Abstract: Aspects of the disclosure relate to dynamically generating activity prompts to build and refine machine learning authentication models. A computing platform may process a first set of login events associated with a first user account and may build a first user-specific authentication model for the first user account. Then, the computing platform may process a second set of login events associated with a second user account and may build a second user-specific authentication model for the second user account. The computing platform also may build a population-level authentication model for a plurality of user accounts. Thereafter, the computing platform may identify one or more activity parameters associated with at least one authentication model for refinement. Subsequently, the computing platform may generate and send one or more activity prompts to one or more client computing devices to request at least one user response.

公开(公告)号：US10855686B2

公开(公告)日：2020-12-01

申请号：US15948245

申请日：2018-04-09

Applicant: Bank of America Corporation

Inventor： Hitesh Shah

IPC: H04L29/06

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using multi-push authentication techniques. A computing platform may receive an event request associated with a group of enrolled devices. The computing platform may load multi-push settings and identify one or more user devices linked to the group of enrolled devices. Then, the computing platform may generate one or more notifications for the one or more user devices, and each notification may be generated for a corresponding user device based on device-specific user account state information. After sending the one or more notifications, the computing platform may generate one or more event execution commands based on prompt response information received from the one or more user devices and may send the one or more event execution commands to an event management computer system, which may execute an event corresponding to the event request.

公开(公告)号：US20200279033A1

公开(公告)日：2020-09-03

申请号：US16875321

申请日：2020-05-15

Applicant: Bank of America Corporation

Inventor： Hitesh Shah ,  Michael Toth

IPC: G06F21/32 ,  G06Q20/36 ,  H04L29/06 ,  G06Q20/10

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced biometric authentication techniques. A computing device may receive input requesting to login to a user account associated with a mobile banking application installed on the computing device. The computing device may send, to a client authentication computing platform, a first authentication request and receive, from the client authentication computing platform, one or more authentication prompt commands. The computing device then may present one or more authentication prompts and collect, from one or more linked wearable devices, one or more advanced biometrics. After validating the one or more advanced biometrics, the computing device may send, to the client authentication computing platform, authentication response data. Thereafter, the computing device may receive mobile banking user interface information and present one or more mobile banking user interfaces.

公开(公告)号：US20190312880A1

公开(公告)日：2019-10-10

申请号：US15948245

申请日：2018-04-09

Applicant: Bank of America Corporation

Inventor： Hitesh Shah

IPC: H04L29/06

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using multi-push authentication techniques. A computing platform may receive an event request associated with a group of enrolled devices. The computing platform may load multi-push settings and identify one or more user devices linked to the group of enrolled devices. Then, the computing platform may generate one or more notifications for the one or more user devices, and each notification may be generated for a corresponding user device based on device-specific user account state information. After sending the one or more notifications, the computing platform may generate one or more event execution commands based on prompt response information received from the one or more user devices and may send the one or more event execution commands to an event management computer system, which may execute an event corresponding to the event request.

公开(公告)号：US20190289007A1

公开(公告)日：2019-09-19

申请号：US15920549

申请日：2018-03-14

Applicant: Bank of America Corporation

Inventor： Xianhong Zhang ,  Kalyan V. Pasumarthi ,  Jeffrey Jacoby ,  Hitesh Shah ,  Archie Agrawal ,  Michael E. Toth ,  Yu Fu

IPC: H04L29/06

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced pre-authentication techniques. A computing platform may receive, from a local traffic manager, a first enriched access request associated with a first remote computing device. Then, the computing platform may apply a pre-authentication classification model to the first enriched access request associated with the first remote computing device. Thereafter, the computing platform may determine that the first enriched access request associated with the first remote computing device is likely malicious. Then, the computing platform may generate one or more first pre-authentication response commands directing client portal server infrastructure to process the first enriched access request associated with the first remote computing device as a malicious request. Subsequently, the computing platform may send the one or more first pre-authentication response commands to the client portal server infrastructure.