US2023080415A1PendingUtilityA1

Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts

79
Assignee: PLAID INCPriority: Sep 8, 2015Filed: Oct 28, 2022Published: Mar 16, 2023
Est. expirySep 8, 2035(~9.2 yrs left)· nominal 20-yr term from priority
H04L 9/3213H04L 63/0892H04L 63/0807H04W 12/082H04L 2463/102H04L 9/3228H04W 12/06G06Q 20/385
79
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user's account.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A computer-implemented method comprising:
 by one or more computer processors executing program instructions:
 generating user interface data useable for rendering an interactive graphical user interface on a computing device; 
 receiving, via the interactive graphical user interface, a user selection of an institution; 
 initiating a further interactive graphical user interface configured to receive account credentials associated with one or more user accounts at the institution; 
 receiving an indication of an authorization of the user to access data of the one or more user accounts, wherein the authorization is determined based, at least in part, on the account credentials; and 
 linking at least a first user account of the one or more user accounts with an external application. 
   
     
     
         3 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 transmitting the user interface data to the computing device wherein the computing device is operated by and/or associated with the user. 
 
 
     
     
         4 . The computer-implemented method of  claim 2 , wherein the user interface data is generated, at least in part, in response to the user indicating a request to link the external application to at least one user account. 
     
     
         5 . The computer-implemented method of  claim 2 , wherein the account credentials are not accessible to the computing device or to a computing device of a permissions management system. 
     
     
         6 . The computer-implemented method of  claim 2 , wherein the account credentials are not accessible to the external application. 
     
     
         7 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 transmitting at least a portion of a plug-in to the computing device, wherein the user interface data is generated, at least in part, in response to a request received from the plug-in executing on the computing device, wherein the plug-in executing on the computing device causes, at least in part, the interactive graphical user interface to be rendered on the computing device. 
 
 
     
     
         8 . The computer-implemented method of  claim 7 , wherein the received account credentials are transmitted via secure communication provided and/or initiated, at least in part, by the plug-in. 
     
     
         9 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 providing, to the computing device, a request for multi-factor authentication information; 
 receiving, via the interactive graphical user interface, multi-factor authentication information; and 
 further determining, using the multi-factor authentication information, the authorization of the user to access data of the one or more user accounts. 
 
 
     
     
         10 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions: 
 receiving, via the interactive graphical user interface, an indication of agreement to a document. 
 
     
     
         11 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 providing, to the computing device, a request for selection of a user account of the one or more user accounts for linking with the external application; and 
 receiving, via the interactive graphical user interface, a selection of the first user account. 
 
 
     
     
         12 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 receiving, via the interactive graphical user interface, a granting of one or more permissions related to the external application receiving data associated with the first user account. 
 
 
     
     
         13 . The computer-implemented method of  claim 2 , wherein linking the first user account with the external application comprises authorizing the external application to receive data of the first user account. 
     
     
         14 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 accessing data of the first user account; and 
 in response to receiving a request, from a computing device of the external application, for data of the first user account:
 determining an authorization and/or permission of the external application to receive data of the first user account; and 
 providing the data of the first user account to the computing device of the external application. 
 
 
 
     
     
         15 . The computer-implemented method of  claim 2 , wherein linking the first user account with the external application comprises generating an electronic record of an authorization of the external application to receive data of the first user account, wherein the electronic record includes one or more permissions provided by the user, wherein the one or more permissions indicate constraints on authorization of the external application to receive data of the first user account. 
     
     
         16 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 receiving, from the computing device or another computing device associated with the user, a request to deauthorize the external application from receiving data of the first user account; and 
 in response to receiving the request to deauthorize, unlinking the first user account from the external application. 
 
 
     
     
         17 . The computer-implemented method of  claim 16 , wherein unlinking comprises deleting or updating an electronic record of an authorization of the external application to receive data of the first user account. 
     
     
         18 . The computer-implemented method of  claim 16 , wherein unlinking comprises revoking a token associated with an authorization of the external application to receive data of the first user account. 
     
     
         19 . The computer-implemented method of  claim 2  further comprising:
 by the one or more computer processors executing program instructions:
 in response to linking the first user account with the external application, generating a token associated with an authorization of the external application to receive data of the first user account; and 
 providing the token and/or a unique identifier associated with the token to a computing device of the external application. 
 
 
     
     
         20 . A computer system comprising:
 one or more computer processors configured to execute a plurality of computer executable instructions to cause the computer system to execute the computer-implemented method of  claim 2 .   
     
     
         21 . A computer program product comprising one or more non-transitory computer readable storage mediums having program instructions embodied therewith, the program instructions executable by one or more computer processors to execute the computer-implemented method of  claim 2 .

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.