US2023063337A1PendingUtilityA1

Financial account authentication

70
Assignee: YODLEE INCPriority: Feb 21, 2013Filed: Sep 2, 2022Published: Mar 2, 2023
Est. expiryFeb 21, 2033(~6.6 yrs left)· nominal 20-yr term from priority
G06Q 40/00G06Q 40/02
70
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for account authentication. A method includes receiving a user request to include financial data describing a financial account in an interface, the financial account being associated with a financial institution. The method further includes redirecting the user to a first webpage associated with the financial institution, where the user inputs into the first webpage login credentials for accessing the financial account. The method further includes, in response to the user inputting into the first webpage login credentials for accessing the financial account, receiving, from the financial institution, an access token other than the login credentials for accessing the financial account. The method further includes storing the access token for use in accessing and aggregating financial data describing the financial account.

Claims

exact text as granted — not AI-modified
1 - 33 . (canceled) 
     
     
         34 . A computer-implemented method, comprising:
 maintaining, by an account provider system, a plurality of user accounts and stored login credentials the accounts;   receiving, at the account provider system from a user device of a user as redirected by the aggregation server system, a user authorization to provide to the aggregation server system account data associated with an account of the user;   providing, by the account provider system to the user device a first webpage configured for the user to input, into the first webpage, login credentials for accessing the user account;   confirming at the account provider system that the login credentials match the stored login credentials for the user;   in response to the user inputting into the first webpage the login credentials and confirming that the login credentials match the stored login credentials, sending from the account provider to the aggregation server system an access token other than the login credentials for accessing the user account, the access token identifying the user;   receiving, at the account provider system from the aggregation server system, a request to access the user account and provide account data, wherein the request comprises (i) the access token and (ii) a consumer key corresponding to the account provider; and   directing, from the account provider system and in response to the request, the account data to the aggregation server system.   
     
     
         35 . The method of  claim 34 , further comprising:
 in response to receiving at the account provider system the request to access the user account, providing to the aggregation server system a second webpage associated with the financial institution, and   providing the account data in response to input received from the aggregation server system through the second webpage.   
     
     
         36 . The method of  claim 35 , wherein the second webpage is configured to be inaccessible through non-whitelisted network connections. 
     
     
         37 . The method of  claim 36 , wherein the first webpage is configured to be accessible through at least some network connections that are non-whitelisted network connections for second webpage. 
     
     
         38 . The method of  claim 34 , further comprising:
 determining that the specified time period has elapsed;   refusing to direct account data from the account provider system in response to the request in response to determining that the specified time period has elapsed.   
     
     
         39 . The method of  claim 34 , wherein the first webpage is not configured to accept access tokens. 
     
     
         40 . The method of  claim 34 , wherein the access token is invalidated when the user changes the login credentials for accessing the financial account. 
     
     
         41 . The method of  claim 34 , wherein the access token is invalidated when login credentials for accessing the financial account expire. 
     
     
         42 . The method of  claim 34 , wherein the access token is limits a level of access within the financial account. 
     
     
         43 . The method of  claim 34 , wherein the access token restricts types of data that are accessible to the user. 
     
     
         44 . A non-transient computer storage medium encoded with a computer program, the program comprising instructions that when executed by a data processing apparatus cause the data processing apparatus to perform operations comprising:
 maintaining, by an account provider system, a plurality of user accounts and stored login credentials the accounts;   receiving, at the account provider system from a user device of a user as redirected by the aggregation server system, a user authorization to provide to the aggregation server system account data associated with an account of the user;   providing, by the account provider system to the user device a first webpage configured for the user to input, into the first webpage, login credentials for accessing the user account;   confirming at the account provider system that the login credentials match the stored login credentials for the user;   in response to the user inputting into the first webpage the login credentials and confirming that the login credentials match the stored login credentials, sending from the account provider to the aggregation server system an access token other than the login credentials for accessing the user account, the access token identifying the user;   receiving, at the account provider system from the aggregation server system, a request to access the user account and provide account data, wherein the request comprises (i) the access token and (ii) a consumer key corresponding to the account provider; and   directing, from the account provider system and in response to the request, the account data to the aggregation server system.   
     
     
         45 . The non-transient computer storage medium of  claim 44 , further comprising:
 in response to receiving at the account provider system the request to access the user account, providing to the aggregation server system a second webpage associated with the financial institution, and   providing the account data in response to input received from the aggregation server system through the second webpage.   
     
     
         46 . The non-transient computer storage medium of  claim 45 , wherein the second webpage is configured to be inaccessible through non-whitelisted network connections. 
     
     
         47 . The non-transient computer storage medium of  claim 46 , wherein the first webpage is configured to be accessible through at least some network connections that are non-whitelisted network connections for second webpage. 
     
     
         48 . The non-transient computer storage medium of  claim 44 , wherein the operations further comprise:
 determining that the specified time period has elapsed;   refusing to direct account data from the account provider system in response to the request in response to determining that the specified time period has elapsed.   
     
     
         49 . The non-transient computer storage medium of  claim 44 , wherein the first webpage is not configured to accept access tokens. 
     
     
         50 . The non-transient computer storage medium of  claim 44 , wherein the access token is invalidated when the user changes the login credentials for accessing the financial account. 
     
     
         51 . The non-transient computer storage medium of  claim 44 , wherein the access token is invalidated when login credentials for accessing the financial account expire. 
     
     
         52 . The non-transient computer storage medium of  claim 44 , wherein the access token limits a level of access within the financial account. 
     
     
         53 . The non-transient computer storage medium of  claim 44 , wherein the access token restricts types of data that are accessible to the user.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.