CA2471604C - Multiple trust modes for handling data - Google Patents
Multiple trust modes for handling data Download PDFInfo
- Publication number
- CA2471604C CA2471604C CA2471604A CA2471604A CA2471604C CA 2471604 C CA2471604 C CA 2471604C CA 2471604 A CA2471604 A CA 2471604A CA 2471604 A CA2471604 A CA 2471604A CA 2471604 C CA2471604 C CA 2471604C
- Authority
- CA
- Canada
- Prior art keywords
- user
- financial
- mode
- data
- financial institutions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/08—Insurance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
A user is presented with multiple modes of operation, such that the multiple modes of operation define different trust options for handling data (such as login credentials or other sensitive data) associated with the user (306). A selection of one of the multiple modes of operation is received from the user (308). Data associated with the user is handled in accordance with the selected mode of operation (310).
Description
MULTIPLE TRUST MODES FOR HANDLING DATA
TECHNICAL FIELD
TECHNICAL FIELD
2 The present invention relates to the handling data and, more particularly, to 3 the use of multiple trust modes that define the manner in which certain data is 4 handled.
7 Users that interact with online services that involve, for example, financial 8 data or financial transactions (e.g., accessing financial accounts, or buying or 9 selling goods or services) are often required to provide data to the online service.
This data may include bank account numbers, credit card numbers, passwords, and ii the like.
Many existing online services store the data provided by the users of the 12 online services. Some users may not be comfortable with their data being stored 13 by a third party and, as a result, are reluctant to use the online services offered by 14 these third parties. Thus, users are often faced with the decision to allow their data to be stored by a third party or to forego the services offered by the third 16 party.
17 Similar problems occur with other types of online accounts and online relationships where credentials are issued to a user. With these types of accounts, 19 when the user's credentials are stored, for example, on a server associated with the online account or other online service, those credentials are at risk of being 21 accessed by an unauthorized person, thereby compromising the security of the 22 user's account.
23 The systems and methods described herein address these and other 24 problems by providing multiple trust modes that allow a user to determine how the user's data is handled.
3 The system and methods described herein provide users of online services 4 with multiple options regarding how the user's data is handled. A particular option is selected by each user based on that user's level of trust in the system or organization that is handling the user's data. Certain options allow the system or 7 organization to store the data while other options require the system or organization to avoid persistently storing the data when finished processing the 9 user's request or transaction.
A particular embodiment presents a user with multiple modes of operation.
11 The multiple modes of operation define different trust options for handling 12 sensitive data associated with the user. A selection is received from the user, 13 where the selection is one of the multiple modes of operation. The sensitive data 14 associated with the user is handled in accordance with the selected mode of operation.
16 In one embodiment, the multiple modes include a low trust option that 17 retrieves sensitive data from the user each time the user requests a service 18 requiring the sensitive data.
19 In another embodiment, the multiple modes include a moderate trust option that retrieves sensitive data from the user and stores the sensitive data in an 21 encrypted format using a password known only to the user.
22 In a particular embodiment, the multiple modes include a high trust option 23 that retrieves sensitive data from the user and stores the sensitive data in an 24 encrypted format for future use.
In one aspect, the invention provides a method implemented by a financial analysis system, the method comprising: identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions; presenting the user with a plurality of modes, each of which can be associated with one of the plurality of financial institutions, wherein the user has user authentication data for each of the plurality of financial institutions, and wherein each mode directs the financial analysis system to handle user authentication data received from the user in a specified manner, the modes comprising, a low trust mode that directs the financial analysis system to temporarily use the user authentication data received from the user without storing the data;
and a plurality of higher trust modes that each direct the financial analysis system to store the user authentication data; receiving a selection of a respective mode from the user for each of the plurality of financial institutions; associating the selected respective mode with each of the plurality of financial institutions; storing financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with each of the plurality of financial institutions; storing the associated respective mode corresponding with each of the plurality of financial institutions; and handling the user authentication data associated with each of the plurality of financial institutions as directed by the associated respective mode each time the financial analysis system accesses one of the multiple financial institutions on behalf of the user.
In another aspect, the invention provides a method comprising: identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are with at least one financial institution; presenting the user with a low trust mode that can be associated with at least one of the at least one financial institution, wherein the low trust mode comprises retrieving sensitive data from the user each time the user requests a service requiring the sensitive data, wherein the sensitive data is required to access the at least one financial institution as the user; presenting the user with a high trust mode that can be associated with at least one of the at least one financial institution, wherein the high trust mode comprises storing in an encrypted format, remote from the at least one financial institution, sensitive data retrieved from the user; receiving a selection from the user indicating one of the low trust mode or the high trust mode for each of the at least one 2a _ financial institutions; storing, remote from the at least one financial institution, data identifying each of the multiple financial accounts, financial institution data for each of the at least one financial institutions, and a selected one of the low trust mode or the high trust mode associated with each of the multiple financial institutions; receiving a request from the user to access one of the at least one financial institutions; and in response, communicating with the at least one financial institution, and handling the sensitive data received from the user in accordance with the selected one of the low trust mode or the high trust mode associated with the financial institution.
In another aspect, the invention provides a method comprising: identifying multiple financial accounts associated with a user, wherein each of the multiple financial accounts correspond to a respective one of a plurality of financial institutions; presenting the user with a moderate trust mode that can be associated with a first set of at least one of the plurality of financial institutions, wherein the moderate trust mode comprises storing of sensitive data from the user in a one-way encrypted format, remote from the plurality of financial institutions, using a password known to the user; presenting the user with a high trust mode that can be associated with a second set of at least one of the plurality of financial institutions, wherein the high trust mode comprises storing, remote from the plurality of financial institutions, sensitive data from the user in a two-way encrypted format; receiving a selection from the user indicating one of the moderate trust mode or the high trust mode for each of the plurality of financial institutions; and handling sensitive data associated with each financial account of the user at the corresponding respective financial institution in accordance with the mode associated with the financial institution.
In another aspect, the invention provides a method comprising: identifying multiple financial institutions at which a user has financial accounts;
presenting the user with a moderate trust mode that can be associated with at least one of the multiple financial institutions, wherein the moderate trust mode comprises storing, remote from the multiple financial institutions, sensitive data from the user in an encrypted format using a password known to the user; presenting the user with a low trust mode that can be associated with at least one of the multiple financial institutions, wherein the low trust mode comprises the financial analysis system retrieving sensitive data from the user each time the user requests a 2b service requiring the sensitive data; receiving a selection from the user indicating one of the moderate trust mode or the low trust mode for each of the multiple financial institutions;
storing data identifying each of the multiple financial accounts, corresponding financial institution data for each of the multiple financial institutions, and the corresponding selected one of the moderate trust mode or the low trust mode; receiving a request from the user to access one of the multiple financial institutions; and in response, communicating with the one of the multiple financial institutions, and handling sensitive data associated with each financial account of the user at the financial institution in accordance with the corresponding selected one of the moderate trust mode or the low trust mode.
In another aspect, the invention provides one or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to: identify multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions; present the user with a plurality of modes, each of which can be associated with one or more of the plurality of financial institutions, wherein each mode directs a server remote from the plurality of financial institutions to handle sensitive data in a particular manner, and wherein the sensitive data comprises user login data used to access accounts online at one of the plurality of financial institutions; receive a selection of a respective mode from the user for each of the multiple financial institutions associate the selected respective mode with each of the multiple financial institutions; store financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with the plurality of financial institutions, data identifying the multiple financial accounts, and the associated corresponding respective modes with each of the plurality of financial institutions; and handle the sensitive data associated with each of the plurality of financial institutions in accordance with the corresponding associated respective mode each time the user accesses one of the plurality of financial institutions.
2c 2 Fig. 1 illustrates an exemplary network environment in which various 3 servers, computing devices, and a financial analysis system exchange data across a 4 network, such as the Internet.
Fig. 2 is a block diagram showing exemplary components and modules of a 6 financial analysis system.
7 Fig. 3 is a flow diagram illustrating a procedure in which a user registers an 8 account with the financial analysis system.
9 Fig. 4 is a flow diagram illustrating a procedure for automatically updating user accounts having a High Trust Mode of operation.
11 Fig. 5 is a flow diagram illustrating a procedure for updating one or more 12 user accounts.
13 Fig. 6 is a flow diagram illustrating a procedure for allowing financial 14 institutions to select among multiple trust modes that are made available to customers of the financial institutions.
16 Fig. 7 is a block diagram showing pertinent components of a computer in 17 accordance with the invention.
DETAILED DESCRIPTION
21 The systems and methods described herein provide various modes of 22 operation that determine how user data is handled. A particular mode of operation 23 is selected by each user based on the user's level of trust in the system or 24 organization that is handling the data. A high level of trust allows the system or organization to store data, such as user credentials and other sensitive data, for 1 later use. A moderate level of trust allows the system or organization to store 2 sensitive data in an encrypted format using a key derived from the user's password 3 (i.e., the user associated with the sensitive data). A low level of trust does not 4 allow the system or organization to store any sensitive data persistently. A user can change the level of trust associated with a particular account to reflect changes 6 in their attitude toward the system or organization.
7 As used herein, the terms "account holder", "customer", "user", and 8 "client" are interchangeable. "Account holder" refers to any person having access 9 to an account. A particular account may have multiple account holders (e.g., a joint checking account having husband and wife as account holders or a corporate ii account identifying multiple corporate employees as account holders).
Various 12 financial account and financial institution examples are provided herein for 13 purposes of explanation. However, it will be appreciated that the system and 14 procedures described herein can be used with any type of asset account, any type of debt account, and any type of financial institution. Example asset accounts 16 include savings accounts, money market accounts, checking accounts (both 17 interest-bearing and non-interest-bearing), certificates of deposit (CDs), mutual 18 funds, bonds, and equities. Example debt accounts include credit card accounts, 19 mortgage accounts, home equity loans, overdraft protection, margin accounts, personal loans, and other types of loans. Exemplary financial institutions include 21 banks, savings and loans, credit unions, mortgage companies, mutual fund 22 companies, lending companies, and stock brokers.
Various financial account and financial institution examples are provided 24 herein for purposes of explanation. However, the methods and procedures described herein can be applied to any type of transaction involving any type of 1 account. For example, a data aggregation system may aggregate data from 2 multiple sources, such as multiple financial accounts, multiple email accounts, 3 multiple online award (or reward) accounts, multiple news headlines, and the like.
4 Similarly, the data retrieval and data processing systems and methods discussed herein may be applied to collect data from any type of account containing any type 6 of data. Thus, the methods and systems described herein can be applied to a data 7 aggregation system or any other account management system instead of the 8 financial analysis system discussed in the examples provided herein.
Although particular examples discussed herein refer to the handling of a user's "sensitive data", the methods and systems described herein may be applied ii to any type of data associated with a user, an organization or other entity.
12 Fig.
1 illustrates an exemplary network environment 100 in which various 13 servers, computing devices, and a financial analysis system exchange data across a 14 data communication network. The network environment of Fig. 1 includes multiple financial institution servers 102, 104, and 106 coupled to a data 16 communication network 108, such as the Internet. Each of the financial institution 17 servers 102, 104, and 106 are typically associated with a particular financial 18 institution and store data for that financial institution, such as customer account 19 data. As shown in Fig. 1, a client computer 110 and a financial analysis system 112 are also coupled to network 108. A database 114 is coupled to financial 21 analysis system 112 for storing various data used by the financial analysis system.
Network 108 may be any type of data communication network using any 23 communication protocol. Further, network 108 may include one or more sub-24 networks (not shown) which are interconnected with one another. Although only a 1 few devices are shown coupled to network 108 in Fig. 1, a particular network may 2 include any number of devices coupled to one another.
3 The communication links shown between the network 108 and the various 4 devices (102-106 and 110-112) shown in Fig. 1 can use any type of communication medium and any communication protocol. For example, one or 6 more of the communication links shown in Fig. 1 may be a wireless link (e.g., a 7 radio frequency (RF) link or a microwave link) or a wired link accessed via a 8 public telephone system or another communication network. Certain devices, 9 such as servers, may be coupled to a local area network (LAN), which is coupled to network 108. Client computer 110 may access network 108 in different ways.
ii First, client computer 110 may directly access network 108, for example, by using 12 a modem to access a public telephone network (e.g., a public switched telephone 13 network (PSTN)) that is coupled to network 108.
Financial analysis system 112 performs various analysis and data is integration functions with respect to user accounts. These analysis functions are discussed in greater detail below. Client computer 110 allows a user to access information via the network 108. Client computer may be any type of computing device, such as a laptop computer, desktop computer, personal digital assistant (PDA), cellular phone, or set top box. For example, the user can access account information from one of the financial institution servers 102, 104, or 106, or send 21 a request for an analysis or summary of the user's financial accounts to financial 22 analysis system 112.
23 In a particular embodiment, the methods and systems described herein provide an Internet-based server solution where the sensitive data of one or more users is stored on a server, not a client.
1 Fig. 2 is a block diagram showing exemplary components and modules of 2 financial analysis system 112. A communication interface 202 allows the financial 3 analysis system 112 to communicate with other devices, such as one or more 4 financial institution servers and client computers. In one embodiment, communication interface 202 is a network interface to a local area network (LAN), 6 which is coupled to another data communication network, such as the Internet.
7 A database access module 204 allows financial analysis system 112 to store 8 data to database 114 and retrieve data from the database. Financial analysis 9 system 112 also stores various financial institution data 206, which may be used to locate and communicate with various financial institution servers. Financial ii institution data 206 includes, for example, Uniform Resource Locators (URLs) 12 and login parameters.
13 A data extraction module 208 retrieves (or extracts) data from web pages or 14 other data sources. The data extraction module 208 may use one or more data harvesting scripts 212 (also referred to as screen scraping scripts) to retrieve data 16 from a web page or other data source. Data harvesting (or screen scraping) is a 17 process that allows a script to retrieve data from one or more web pages associated 18 with a web site. The retrieved data may be stored in a database, such as database 19 114 (Fig. 1). The data harvesting scripts are capable of navigating web sites and capturing individual HTML pages. Typically, JavaScript and images are removed 21 from the HTML pages or converted into HTML text if it contains account 22 information. A parser then converts the HTML data into a field-delimited XML
23 format. Data is then extracted from the XML format and stored in a database or 24 other storage mechanism.
Financial analysis system 112 also includes user account data 210 and a 2 data handling module 214. User account data 210 typically includes information regarding the types of accounts are maintained by particular users as well as the locations of the accounts (i.e., the financial institution that handles the account) and account balances. The user account data 210 may also indicate the level of 6 trust associated with each user account. User account data 210 may be stored in 7 database 114 coupled to financial analysis system 112. Data handling module 214 determines how account data is handled based on the level of trust associated with 9 the account data and other factors.
Fig. 3 is a flow diagram illustrating a procedure 300 in which a user ii registers an account with the financial analysis system. Initially, a user generates a 12 request to have the financial analysis system monitor one or more of the user's 13 accounts (block 302). The financial analysis system then collects information 14 from the user regarding the user accounts to be monitored (block 304). This is information may include, for example, an account number, password to access the 16 account online, the financial institution associated with the account, and the name 17 or names listed on each account. The financial analysis system then presents the 18 user with three different trust options for handling sensitive data associated with 19 the user (block 306). This sensitive data may include, for example, the account number and password used to access the account online. In a particular 21 embodiment, the sensitive data is the user login data (e.g., the username and 22 password used to access an account). Although various examples discussed herein 23 offer three different trust options for handling sensitive data, alternate embodiments may include fewer trust options or a greater number of trust options 1 depending on the preferences of the users and/or the administrators of the financial 2 analysis system.
3 In a particular embodiment, the three different trust options for handling 4 sensitive data are referred to as "High Trust Option", "Moderate Trust Option", and "Low Trust Option".
7 High Trust Option 8 A user selects the High Trust Option if the user is comfortable with having 9 the financial analysis system store the user's sensitive data. When this option is selected, the financial analysis system stores the user's sensitive data for future ii use, such as automatically updating the user's account balances. The user's 12 sensitive data is stored using a two-way data encryption technique, which allows a 13 user key (derived from the user's password) or a key maintained by the financial 14 analysis system to decrypt the sensitive data. In one embodiment, the user's sensitive data is encrypted using a Triple DES (Data Encryption Standard) 16 algorithm. The Triple DES algorithm is a variation of the DES standard and has 17 been endorsed by the National Institute of Standards and Technology (NIST).
18 Triple DES uses three 64-bit keys, for an overall key length of 192 bits. The 19 encryption procedure is similar to DES, but it is repeated three times.
The data is encrypted with the first key, decrypted with the second key, and encrypted again 21 with the third key.
22 Since the financial analysis system stores the user's account number and 23 password, the system is then able to automatically retrieve the user's account 24 balances using, for example, the data harvesting procedure discussed above.
3 Moderate Trust Option user selects the Moderate Trust Option if they are not comfortable with the High Trust Option, but don't want to have to enter their sensitive information 6 each time they access the financial analysis system. When this option is selected, 7 the financial analysis system stores the user's sensitive information, but the 8 sensitive information is encrypted such that the information can only be decrypted 9 when the user is online (i.e., logged into the financial analysis system).
For example, the data can be encrypted using a key derived from the user's password.
ii This encryption technique is referred to as one-way encryption because only one 12 key (associated with the user's password) can decrypt the sensitive data. A
13 particular embodiment of the one-way encryption uses HMAC-MD5. HMAC
14 (Keyed-Hashing Message Authentication) is a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any 16 iterative cryptographic hash function, such as MD5. This combination is referred 17 to as HMAC-MD5. MD5 is a message digest function, which is a function that 18 takes a variable-length message and produces a fixed-length hash. MD5 is an 19 example of a public one-way hash function.
When the user logs into the financial analysis system, the system 21 automatically decrypts the user's sensitive information, which can then be used to 22 retrieve updated information regarding the user's financial accounts.
24 Low Trust Option user selects the Low Trust Option if they are not comfortable with the financial analysis system storing any of the user's sensitive data. When this option 3 is selected, the user's sensitive data is not persistently stored by the financial analysis system. Thus, the user must re-enter the sensitive data each time the user logs into the financial analysis system.
Referring again to Fig. 3, at block 308 the user selects one of the three trust options for each user account. The user may select a different trust option for different accounts or different financial institutions. For example, the user may 9 assign a High Trust Option to a savings account and assign a Moderate Trust Option to a brokerage account. The financial analysis system then stores the ii selected trust option for each account (block 310). This information is stored, for example, in database 114. The trust option associated with each of the user's institutions can be retrieved from the database each time the user logs into the 14 financial analysis system.
Fig. 4 is a flow diagram illustrating a procedure 400 for automatically 16 updating user accounts having a High Trust Mode of operation. Initially, the procedure 400 determines whether it is time to perform automatic account updates 18 (block 402). For example, High Trust Mode accounts may be updated automatically each business day. Other accounts may be updated hourly, weekly, monthly, or at other time intervals. In one embodiment, the account updates are performed as batch processes at predetermined times. If one or more automatic account updates are due to be performed, the financial analysis system identifies account information associated with High Trust Mode accounts (block 404). The 24 system then retrieves current account information from all High Trust Mode accounts (block 406), e.g., using the data harvesting procedure discussed above.
7 Users that interact with online services that involve, for example, financial 8 data or financial transactions (e.g., accessing financial accounts, or buying or 9 selling goods or services) are often required to provide data to the online service.
This data may include bank account numbers, credit card numbers, passwords, and ii the like.
Many existing online services store the data provided by the users of the 12 online services. Some users may not be comfortable with their data being stored 13 by a third party and, as a result, are reluctant to use the online services offered by 14 these third parties. Thus, users are often faced with the decision to allow their data to be stored by a third party or to forego the services offered by the third 16 party.
17 Similar problems occur with other types of online accounts and online relationships where credentials are issued to a user. With these types of accounts, 19 when the user's credentials are stored, for example, on a server associated with the online account or other online service, those credentials are at risk of being 21 accessed by an unauthorized person, thereby compromising the security of the 22 user's account.
23 The systems and methods described herein address these and other 24 problems by providing multiple trust modes that allow a user to determine how the user's data is handled.
3 The system and methods described herein provide users of online services 4 with multiple options regarding how the user's data is handled. A particular option is selected by each user based on that user's level of trust in the system or organization that is handling the user's data. Certain options allow the system or 7 organization to store the data while other options require the system or organization to avoid persistently storing the data when finished processing the 9 user's request or transaction.
A particular embodiment presents a user with multiple modes of operation.
11 The multiple modes of operation define different trust options for handling 12 sensitive data associated with the user. A selection is received from the user, 13 where the selection is one of the multiple modes of operation. The sensitive data 14 associated with the user is handled in accordance with the selected mode of operation.
16 In one embodiment, the multiple modes include a low trust option that 17 retrieves sensitive data from the user each time the user requests a service 18 requiring the sensitive data.
19 In another embodiment, the multiple modes include a moderate trust option that retrieves sensitive data from the user and stores the sensitive data in an 21 encrypted format using a password known only to the user.
22 In a particular embodiment, the multiple modes include a high trust option 23 that retrieves sensitive data from the user and stores the sensitive data in an 24 encrypted format for future use.
In one aspect, the invention provides a method implemented by a financial analysis system, the method comprising: identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions; presenting the user with a plurality of modes, each of which can be associated with one of the plurality of financial institutions, wherein the user has user authentication data for each of the plurality of financial institutions, and wherein each mode directs the financial analysis system to handle user authentication data received from the user in a specified manner, the modes comprising, a low trust mode that directs the financial analysis system to temporarily use the user authentication data received from the user without storing the data;
and a plurality of higher trust modes that each direct the financial analysis system to store the user authentication data; receiving a selection of a respective mode from the user for each of the plurality of financial institutions; associating the selected respective mode with each of the plurality of financial institutions; storing financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with each of the plurality of financial institutions; storing the associated respective mode corresponding with each of the plurality of financial institutions; and handling the user authentication data associated with each of the plurality of financial institutions as directed by the associated respective mode each time the financial analysis system accesses one of the multiple financial institutions on behalf of the user.
In another aspect, the invention provides a method comprising: identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are with at least one financial institution; presenting the user with a low trust mode that can be associated with at least one of the at least one financial institution, wherein the low trust mode comprises retrieving sensitive data from the user each time the user requests a service requiring the sensitive data, wherein the sensitive data is required to access the at least one financial institution as the user; presenting the user with a high trust mode that can be associated with at least one of the at least one financial institution, wherein the high trust mode comprises storing in an encrypted format, remote from the at least one financial institution, sensitive data retrieved from the user; receiving a selection from the user indicating one of the low trust mode or the high trust mode for each of the at least one 2a _ financial institutions; storing, remote from the at least one financial institution, data identifying each of the multiple financial accounts, financial institution data for each of the at least one financial institutions, and a selected one of the low trust mode or the high trust mode associated with each of the multiple financial institutions; receiving a request from the user to access one of the at least one financial institutions; and in response, communicating with the at least one financial institution, and handling the sensitive data received from the user in accordance with the selected one of the low trust mode or the high trust mode associated with the financial institution.
In another aspect, the invention provides a method comprising: identifying multiple financial accounts associated with a user, wherein each of the multiple financial accounts correspond to a respective one of a plurality of financial institutions; presenting the user with a moderate trust mode that can be associated with a first set of at least one of the plurality of financial institutions, wherein the moderate trust mode comprises storing of sensitive data from the user in a one-way encrypted format, remote from the plurality of financial institutions, using a password known to the user; presenting the user with a high trust mode that can be associated with a second set of at least one of the plurality of financial institutions, wherein the high trust mode comprises storing, remote from the plurality of financial institutions, sensitive data from the user in a two-way encrypted format; receiving a selection from the user indicating one of the moderate trust mode or the high trust mode for each of the plurality of financial institutions; and handling sensitive data associated with each financial account of the user at the corresponding respective financial institution in accordance with the mode associated with the financial institution.
In another aspect, the invention provides a method comprising: identifying multiple financial institutions at which a user has financial accounts;
presenting the user with a moderate trust mode that can be associated with at least one of the multiple financial institutions, wherein the moderate trust mode comprises storing, remote from the multiple financial institutions, sensitive data from the user in an encrypted format using a password known to the user; presenting the user with a low trust mode that can be associated with at least one of the multiple financial institutions, wherein the low trust mode comprises the financial analysis system retrieving sensitive data from the user each time the user requests a 2b service requiring the sensitive data; receiving a selection from the user indicating one of the moderate trust mode or the low trust mode for each of the multiple financial institutions;
storing data identifying each of the multiple financial accounts, corresponding financial institution data for each of the multiple financial institutions, and the corresponding selected one of the moderate trust mode or the low trust mode; receiving a request from the user to access one of the multiple financial institutions; and in response, communicating with the one of the multiple financial institutions, and handling sensitive data associated with each financial account of the user at the financial institution in accordance with the corresponding selected one of the moderate trust mode or the low trust mode.
In another aspect, the invention provides one or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to: identify multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions; present the user with a plurality of modes, each of which can be associated with one or more of the plurality of financial institutions, wherein each mode directs a server remote from the plurality of financial institutions to handle sensitive data in a particular manner, and wherein the sensitive data comprises user login data used to access accounts online at one of the plurality of financial institutions; receive a selection of a respective mode from the user for each of the multiple financial institutions associate the selected respective mode with each of the multiple financial institutions; store financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with the plurality of financial institutions, data identifying the multiple financial accounts, and the associated corresponding respective modes with each of the plurality of financial institutions; and handle the sensitive data associated with each of the plurality of financial institutions in accordance with the corresponding associated respective mode each time the user accesses one of the plurality of financial institutions.
2c 2 Fig. 1 illustrates an exemplary network environment in which various 3 servers, computing devices, and a financial analysis system exchange data across a 4 network, such as the Internet.
Fig. 2 is a block diagram showing exemplary components and modules of a 6 financial analysis system.
7 Fig. 3 is a flow diagram illustrating a procedure in which a user registers an 8 account with the financial analysis system.
9 Fig. 4 is a flow diagram illustrating a procedure for automatically updating user accounts having a High Trust Mode of operation.
11 Fig. 5 is a flow diagram illustrating a procedure for updating one or more 12 user accounts.
13 Fig. 6 is a flow diagram illustrating a procedure for allowing financial 14 institutions to select among multiple trust modes that are made available to customers of the financial institutions.
16 Fig. 7 is a block diagram showing pertinent components of a computer in 17 accordance with the invention.
DETAILED DESCRIPTION
21 The systems and methods described herein provide various modes of 22 operation that determine how user data is handled. A particular mode of operation 23 is selected by each user based on the user's level of trust in the system or 24 organization that is handling the data. A high level of trust allows the system or organization to store data, such as user credentials and other sensitive data, for 1 later use. A moderate level of trust allows the system or organization to store 2 sensitive data in an encrypted format using a key derived from the user's password 3 (i.e., the user associated with the sensitive data). A low level of trust does not 4 allow the system or organization to store any sensitive data persistently. A user can change the level of trust associated with a particular account to reflect changes 6 in their attitude toward the system or organization.
7 As used herein, the terms "account holder", "customer", "user", and 8 "client" are interchangeable. "Account holder" refers to any person having access 9 to an account. A particular account may have multiple account holders (e.g., a joint checking account having husband and wife as account holders or a corporate ii account identifying multiple corporate employees as account holders).
Various 12 financial account and financial institution examples are provided herein for 13 purposes of explanation. However, it will be appreciated that the system and 14 procedures described herein can be used with any type of asset account, any type of debt account, and any type of financial institution. Example asset accounts 16 include savings accounts, money market accounts, checking accounts (both 17 interest-bearing and non-interest-bearing), certificates of deposit (CDs), mutual 18 funds, bonds, and equities. Example debt accounts include credit card accounts, 19 mortgage accounts, home equity loans, overdraft protection, margin accounts, personal loans, and other types of loans. Exemplary financial institutions include 21 banks, savings and loans, credit unions, mortgage companies, mutual fund 22 companies, lending companies, and stock brokers.
Various financial account and financial institution examples are provided 24 herein for purposes of explanation. However, the methods and procedures described herein can be applied to any type of transaction involving any type of 1 account. For example, a data aggregation system may aggregate data from 2 multiple sources, such as multiple financial accounts, multiple email accounts, 3 multiple online award (or reward) accounts, multiple news headlines, and the like.
4 Similarly, the data retrieval and data processing systems and methods discussed herein may be applied to collect data from any type of account containing any type 6 of data. Thus, the methods and systems described herein can be applied to a data 7 aggregation system or any other account management system instead of the 8 financial analysis system discussed in the examples provided herein.
Although particular examples discussed herein refer to the handling of a user's "sensitive data", the methods and systems described herein may be applied ii to any type of data associated with a user, an organization or other entity.
12 Fig.
1 illustrates an exemplary network environment 100 in which various 13 servers, computing devices, and a financial analysis system exchange data across a 14 data communication network. The network environment of Fig. 1 includes multiple financial institution servers 102, 104, and 106 coupled to a data 16 communication network 108, such as the Internet. Each of the financial institution 17 servers 102, 104, and 106 are typically associated with a particular financial 18 institution and store data for that financial institution, such as customer account 19 data. As shown in Fig. 1, a client computer 110 and a financial analysis system 112 are also coupled to network 108. A database 114 is coupled to financial 21 analysis system 112 for storing various data used by the financial analysis system.
Network 108 may be any type of data communication network using any 23 communication protocol. Further, network 108 may include one or more sub-24 networks (not shown) which are interconnected with one another. Although only a 1 few devices are shown coupled to network 108 in Fig. 1, a particular network may 2 include any number of devices coupled to one another.
3 The communication links shown between the network 108 and the various 4 devices (102-106 and 110-112) shown in Fig. 1 can use any type of communication medium and any communication protocol. For example, one or 6 more of the communication links shown in Fig. 1 may be a wireless link (e.g., a 7 radio frequency (RF) link or a microwave link) or a wired link accessed via a 8 public telephone system or another communication network. Certain devices, 9 such as servers, may be coupled to a local area network (LAN), which is coupled to network 108. Client computer 110 may access network 108 in different ways.
ii First, client computer 110 may directly access network 108, for example, by using 12 a modem to access a public telephone network (e.g., a public switched telephone 13 network (PSTN)) that is coupled to network 108.
Financial analysis system 112 performs various analysis and data is integration functions with respect to user accounts. These analysis functions are discussed in greater detail below. Client computer 110 allows a user to access information via the network 108. Client computer may be any type of computing device, such as a laptop computer, desktop computer, personal digital assistant (PDA), cellular phone, or set top box. For example, the user can access account information from one of the financial institution servers 102, 104, or 106, or send 21 a request for an analysis or summary of the user's financial accounts to financial 22 analysis system 112.
23 In a particular embodiment, the methods and systems described herein provide an Internet-based server solution where the sensitive data of one or more users is stored on a server, not a client.
1 Fig. 2 is a block diagram showing exemplary components and modules of 2 financial analysis system 112. A communication interface 202 allows the financial 3 analysis system 112 to communicate with other devices, such as one or more 4 financial institution servers and client computers. In one embodiment, communication interface 202 is a network interface to a local area network (LAN), 6 which is coupled to another data communication network, such as the Internet.
7 A database access module 204 allows financial analysis system 112 to store 8 data to database 114 and retrieve data from the database. Financial analysis 9 system 112 also stores various financial institution data 206, which may be used to locate and communicate with various financial institution servers. Financial ii institution data 206 includes, for example, Uniform Resource Locators (URLs) 12 and login parameters.
13 A data extraction module 208 retrieves (or extracts) data from web pages or 14 other data sources. The data extraction module 208 may use one or more data harvesting scripts 212 (also referred to as screen scraping scripts) to retrieve data 16 from a web page or other data source. Data harvesting (or screen scraping) is a 17 process that allows a script to retrieve data from one or more web pages associated 18 with a web site. The retrieved data may be stored in a database, such as database 19 114 (Fig. 1). The data harvesting scripts are capable of navigating web sites and capturing individual HTML pages. Typically, JavaScript and images are removed 21 from the HTML pages or converted into HTML text if it contains account 22 information. A parser then converts the HTML data into a field-delimited XML
23 format. Data is then extracted from the XML format and stored in a database or 24 other storage mechanism.
Financial analysis system 112 also includes user account data 210 and a 2 data handling module 214. User account data 210 typically includes information regarding the types of accounts are maintained by particular users as well as the locations of the accounts (i.e., the financial institution that handles the account) and account balances. The user account data 210 may also indicate the level of 6 trust associated with each user account. User account data 210 may be stored in 7 database 114 coupled to financial analysis system 112. Data handling module 214 determines how account data is handled based on the level of trust associated with 9 the account data and other factors.
Fig. 3 is a flow diagram illustrating a procedure 300 in which a user ii registers an account with the financial analysis system. Initially, a user generates a 12 request to have the financial analysis system monitor one or more of the user's 13 accounts (block 302). The financial analysis system then collects information 14 from the user regarding the user accounts to be monitored (block 304). This is information may include, for example, an account number, password to access the 16 account online, the financial institution associated with the account, and the name 17 or names listed on each account. The financial analysis system then presents the 18 user with three different trust options for handling sensitive data associated with 19 the user (block 306). This sensitive data may include, for example, the account number and password used to access the account online. In a particular 21 embodiment, the sensitive data is the user login data (e.g., the username and 22 password used to access an account). Although various examples discussed herein 23 offer three different trust options for handling sensitive data, alternate embodiments may include fewer trust options or a greater number of trust options 1 depending on the preferences of the users and/or the administrators of the financial 2 analysis system.
3 In a particular embodiment, the three different trust options for handling 4 sensitive data are referred to as "High Trust Option", "Moderate Trust Option", and "Low Trust Option".
7 High Trust Option 8 A user selects the High Trust Option if the user is comfortable with having 9 the financial analysis system store the user's sensitive data. When this option is selected, the financial analysis system stores the user's sensitive data for future ii use, such as automatically updating the user's account balances. The user's 12 sensitive data is stored using a two-way data encryption technique, which allows a 13 user key (derived from the user's password) or a key maintained by the financial 14 analysis system to decrypt the sensitive data. In one embodiment, the user's sensitive data is encrypted using a Triple DES (Data Encryption Standard) 16 algorithm. The Triple DES algorithm is a variation of the DES standard and has 17 been endorsed by the National Institute of Standards and Technology (NIST).
18 Triple DES uses three 64-bit keys, for an overall key length of 192 bits. The 19 encryption procedure is similar to DES, but it is repeated three times.
The data is encrypted with the first key, decrypted with the second key, and encrypted again 21 with the third key.
22 Since the financial analysis system stores the user's account number and 23 password, the system is then able to automatically retrieve the user's account 24 balances using, for example, the data harvesting procedure discussed above.
3 Moderate Trust Option user selects the Moderate Trust Option if they are not comfortable with the High Trust Option, but don't want to have to enter their sensitive information 6 each time they access the financial analysis system. When this option is selected, 7 the financial analysis system stores the user's sensitive information, but the 8 sensitive information is encrypted such that the information can only be decrypted 9 when the user is online (i.e., logged into the financial analysis system).
For example, the data can be encrypted using a key derived from the user's password.
ii This encryption technique is referred to as one-way encryption because only one 12 key (associated with the user's password) can decrypt the sensitive data. A
13 particular embodiment of the one-way encryption uses HMAC-MD5. HMAC
14 (Keyed-Hashing Message Authentication) is a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any 16 iterative cryptographic hash function, such as MD5. This combination is referred 17 to as HMAC-MD5. MD5 is a message digest function, which is a function that 18 takes a variable-length message and produces a fixed-length hash. MD5 is an 19 example of a public one-way hash function.
When the user logs into the financial analysis system, the system 21 automatically decrypts the user's sensitive information, which can then be used to 22 retrieve updated information regarding the user's financial accounts.
24 Low Trust Option user selects the Low Trust Option if they are not comfortable with the financial analysis system storing any of the user's sensitive data. When this option 3 is selected, the user's sensitive data is not persistently stored by the financial analysis system. Thus, the user must re-enter the sensitive data each time the user logs into the financial analysis system.
Referring again to Fig. 3, at block 308 the user selects one of the three trust options for each user account. The user may select a different trust option for different accounts or different financial institutions. For example, the user may 9 assign a High Trust Option to a savings account and assign a Moderate Trust Option to a brokerage account. The financial analysis system then stores the ii selected trust option for each account (block 310). This information is stored, for example, in database 114. The trust option associated with each of the user's institutions can be retrieved from the database each time the user logs into the 14 financial analysis system.
Fig. 4 is a flow diagram illustrating a procedure 400 for automatically 16 updating user accounts having a High Trust Mode of operation. Initially, the procedure 400 determines whether it is time to perform automatic account updates 18 (block 402). For example, High Trust Mode accounts may be updated automatically each business day. Other accounts may be updated hourly, weekly, monthly, or at other time intervals. In one embodiment, the account updates are performed as batch processes at predetermined times. If one or more automatic account updates are due to be performed, the financial analysis system identifies account information associated with High Trust Mode accounts (block 404). The 24 system then retrieves current account information from all High Trust Mode accounts (block 406), e.g., using the data harvesting procedure discussed above.
1 The system then updates the various account information in the database with the 2 retrieved information (block 408). The procedure then returns to block 402 to 3 await the next automatic account update time. Thus, all user accounts that are 4 designated High Trust Mode are automatically accessed to retrieve current account balances and other information. This retrieved data may be aggregated with data 6 retrieved from other accounts using any data retrieval process.
7 Fig.
5 is a flow diagram illustrating a procedure 500 for updating one or 8 more user accounts. Initially, a user logs on to the financial analysis system (block 9 502). The user then requests to refresh account information (block 504).
The financial analysis system identifies the user's account information, which includes ii decrypting the user's sensitive data (block 506). The procedure 500 then 12 determines whether any of the user's accounts are Low Trust Mode accounts 13 (block 508). If at least one of the user's accounts is a Low Trust Mode account, 14 the financial analysis system asks the user for the missing credential (block 510), such as the user's password. As discussed above, the financial analysis system 16 does not store any of the user's sensitive data related to Low Trust Mode accounts.
17 Therefore, the user must provide the user ID and password, and explicitly request 18 that the financial analysis system retrieve the current account information from the 19 Low Trust Mode accounts. In alternate embodiments, the financial analysis system stores the user ID associated with Low Trust Mode accounts, but requires 21 the user to enter the appropriate password each time the account is accessed.
22 The procedure then retrieves the current account information from all of the 23 user's accounts, including Low Trust Mode accounts, Moderate Trust Mode 24 accounts, and High Trust Mode accounts (block 512). The financial analysis system then updates the account information contained in the database with the retrieved information (block 514). In one embodiment, only Moderate Trust Mode accounts are updated when the user logs on to the financial analysis system.
In 3 other embodiments, the financial analysis system may also update the user's High 4 Trust Mode accounts and/or the user's Low Trust Mode accounts.
Fig. 6 is a flow diagram illustrating a procedure 600 for allowing partners 6 to select among multiple trust modes that are made available to customers of the partners. A partner may be any organization that implements, for example, the systems described herein. Alternatively, a partner may be an organization that has 9 the various services described herein implemented by another on behalf of the organization. Further, a partner may be an organization that provides a portal to ii another web site, such as a web site that implements the systems described herein.
12 An organization that hosts a web site having an online registration requirement 13 may also be a partner.
14 In certain situations, the financial analysis system provides data aggregation functions for one or more partners. These partners may want to limit the number 16 of trust modes that are offered to their customers. Initially, the financial analysis system notifies one or more partners of the multiple trust modes available to users (block 602). Each partner then determines which trust modes should be made available to its customers (block 604). For example, a particular partner might not want to be responsible for storing the user's sensitive data in a two-way encrypted format (High Trust Mode) and doesn't want to offer that option to its customers.
22 Each partner communicates the selected trust modes to the financial analysis 23 system (block 606). The financial analysis system maintains a listing of all partners and their associated trust modes (block 608). This listing may be stored, for example, in database 114 (Fig. 1). Before allowing a user to set up a new account with the financial analysis system, the system first checks to see if the partner associated with the new account (if any) has any restrictions on the types 3 of trust modes available to its customers. If there are restrictions, the customer's 4 choices are limited to those trust modes authorized by the partner.
Fig. 7 is a block diagram showing pertinent components of a computer 700 6 in accordance with the invention. A computer such as that shown in Fig. 7 can be 7 used, for example, to perform various procedures such as those discussed herein.
Computer 700 can also be used to access a web site or other computing facility to access various financial information. The computer shown in Fig. 7 can function as a server, a client computer, or a financial analysis system, of the types discussed ii herein.
Computer 700 includes at least one processor 702 coupled to a bus 704 that couples together various system components. Bus 704 represents one or more of 14 any of several types of bus structures, such as a memory bus or memory controller, a peripheral bus, and a processor or local bus using any of a variety of bus architectures. A random access memory (RAM) 706 and a read only memory 17 (ROM) 708 are coupled to bus 704. Additionally, a network interface 710 and a removable storage device 712, such as a floppy disk or a CD-ROM, are coupled to 19 bus 704. Network interface 710 provides an interface to a data communication network such as a local area network (LAN) or a wide area network (WAN) for exchanging data with other computers and devices. A disk storage 714, such as a 22 hard disk, is coupled to bus 704 and provides for the non-volatile storage of data (e.g., computer-readable instructions, data structures, program modules and other 24 data used by computer 700). Although computer 700 illustrates a removable storage 712 and a disk storage 714, it will be appreciated that other types of 1 computer-readable media which can store data that is accessible by a computer, 2 such as magnetic cassettes, flash memory cards, digital video disks, and the like, 3 may also be used in the exemplary computer.
4 Various peripheral interfaces 716 are coupled to bus 704 and provide an interface between the computer 700 and the individual peripheral devices.
6 Exemplary peripheral devices include a display device 718, a keyboard 720, a 7 mouse 722, a modem 724, and a printer 726. Modem 724 can be used to access 8 other computer systems and devices directly or by connecting to a data 9 communication network such as the Internet.
A variety of program modules can be stored on the disk storage 714, ii removable storage 712, RAM 706, or ROM 708, including an operating system, 12 one or more application programs, and other program modules and program data.
13 A user can enter commands and other information into computer 700 using the 14 keyboard 720, mouse 722, or other input devices (not shown). Other input devices may include a microphone, joystick, game pad, scanner, satellite dish, or the like.
16 Computer 700 may operate in a network environment using logical 17 connections to other remote computers. The remote computers may be personal 18 computers, servers, routers, or peer devices. In a networked environment, some or 19 all of the program modules executed by computer 700 may be retrieved from another computing device coupled to the network.
Typically, the computer 700 is programmed using instructions stored at 22 different times in the various computer-readable media of the computer.
Programs 23 and operating systems are often distributed, for example, on floppy disks or CD-24 ROMs. The programs are installed from the distribution media into a storage device within the computer 700. When a program is executed, the program is at 1 least partially loaded into the computer's primary electronic memory. As 2 described herein, the invention includes these and other types of computer-readable media when the media contains instructions or programs for 4 implementing the steps described below in conjunction with a processor. The invention also includes the computer itself when programmed according to the 6 procedures and techniques described herein.
7 For purposes of illustration, programs and other executable program 8 components are illustrated herein as discrete blocks, although it is understood that 9 such programs and components reside at various times in different storage components of the computer, and are executed by the computer's processor.
11 Alternatively, the systems and procedures described herein can be implemented in 12 hardware or a combination of hardware, software, and/or firmware. For example, 13 one or more application specific integrated circuits (ASICs) can be programmed to 14 carry out the systems and procedures described herein.
Although the description above uses language that is specific to structural 16 features and/or methodological acts, it is to be understood that the invention 17 defined in the appended claims is not limited to the specific features or acts 18 described. Rather, the specific features and acts are disclosed as exemplary forms 19 of implementing the invention.
7 Fig.
5 is a flow diagram illustrating a procedure 500 for updating one or 8 more user accounts. Initially, a user logs on to the financial analysis system (block 9 502). The user then requests to refresh account information (block 504).
The financial analysis system identifies the user's account information, which includes ii decrypting the user's sensitive data (block 506). The procedure 500 then 12 determines whether any of the user's accounts are Low Trust Mode accounts 13 (block 508). If at least one of the user's accounts is a Low Trust Mode account, 14 the financial analysis system asks the user for the missing credential (block 510), such as the user's password. As discussed above, the financial analysis system 16 does not store any of the user's sensitive data related to Low Trust Mode accounts.
17 Therefore, the user must provide the user ID and password, and explicitly request 18 that the financial analysis system retrieve the current account information from the 19 Low Trust Mode accounts. In alternate embodiments, the financial analysis system stores the user ID associated with Low Trust Mode accounts, but requires 21 the user to enter the appropriate password each time the account is accessed.
22 The procedure then retrieves the current account information from all of the 23 user's accounts, including Low Trust Mode accounts, Moderate Trust Mode 24 accounts, and High Trust Mode accounts (block 512). The financial analysis system then updates the account information contained in the database with the retrieved information (block 514). In one embodiment, only Moderate Trust Mode accounts are updated when the user logs on to the financial analysis system.
In 3 other embodiments, the financial analysis system may also update the user's High 4 Trust Mode accounts and/or the user's Low Trust Mode accounts.
Fig. 6 is a flow diagram illustrating a procedure 600 for allowing partners 6 to select among multiple trust modes that are made available to customers of the partners. A partner may be any organization that implements, for example, the systems described herein. Alternatively, a partner may be an organization that has 9 the various services described herein implemented by another on behalf of the organization. Further, a partner may be an organization that provides a portal to ii another web site, such as a web site that implements the systems described herein.
12 An organization that hosts a web site having an online registration requirement 13 may also be a partner.
14 In certain situations, the financial analysis system provides data aggregation functions for one or more partners. These partners may want to limit the number 16 of trust modes that are offered to their customers. Initially, the financial analysis system notifies one or more partners of the multiple trust modes available to users (block 602). Each partner then determines which trust modes should be made available to its customers (block 604). For example, a particular partner might not want to be responsible for storing the user's sensitive data in a two-way encrypted format (High Trust Mode) and doesn't want to offer that option to its customers.
22 Each partner communicates the selected trust modes to the financial analysis 23 system (block 606). The financial analysis system maintains a listing of all partners and their associated trust modes (block 608). This listing may be stored, for example, in database 114 (Fig. 1). Before allowing a user to set up a new account with the financial analysis system, the system first checks to see if the partner associated with the new account (if any) has any restrictions on the types 3 of trust modes available to its customers. If there are restrictions, the customer's 4 choices are limited to those trust modes authorized by the partner.
Fig. 7 is a block diagram showing pertinent components of a computer 700 6 in accordance with the invention. A computer such as that shown in Fig. 7 can be 7 used, for example, to perform various procedures such as those discussed herein.
Computer 700 can also be used to access a web site or other computing facility to access various financial information. The computer shown in Fig. 7 can function as a server, a client computer, or a financial analysis system, of the types discussed ii herein.
Computer 700 includes at least one processor 702 coupled to a bus 704 that couples together various system components. Bus 704 represents one or more of 14 any of several types of bus structures, such as a memory bus or memory controller, a peripheral bus, and a processor or local bus using any of a variety of bus architectures. A random access memory (RAM) 706 and a read only memory 17 (ROM) 708 are coupled to bus 704. Additionally, a network interface 710 and a removable storage device 712, such as a floppy disk or a CD-ROM, are coupled to 19 bus 704. Network interface 710 provides an interface to a data communication network such as a local area network (LAN) or a wide area network (WAN) for exchanging data with other computers and devices. A disk storage 714, such as a 22 hard disk, is coupled to bus 704 and provides for the non-volatile storage of data (e.g., computer-readable instructions, data structures, program modules and other 24 data used by computer 700). Although computer 700 illustrates a removable storage 712 and a disk storage 714, it will be appreciated that other types of 1 computer-readable media which can store data that is accessible by a computer, 2 such as magnetic cassettes, flash memory cards, digital video disks, and the like, 3 may also be used in the exemplary computer.
4 Various peripheral interfaces 716 are coupled to bus 704 and provide an interface between the computer 700 and the individual peripheral devices.
6 Exemplary peripheral devices include a display device 718, a keyboard 720, a 7 mouse 722, a modem 724, and a printer 726. Modem 724 can be used to access 8 other computer systems and devices directly or by connecting to a data 9 communication network such as the Internet.
A variety of program modules can be stored on the disk storage 714, ii removable storage 712, RAM 706, or ROM 708, including an operating system, 12 one or more application programs, and other program modules and program data.
13 A user can enter commands and other information into computer 700 using the 14 keyboard 720, mouse 722, or other input devices (not shown). Other input devices may include a microphone, joystick, game pad, scanner, satellite dish, or the like.
16 Computer 700 may operate in a network environment using logical 17 connections to other remote computers. The remote computers may be personal 18 computers, servers, routers, or peer devices. In a networked environment, some or 19 all of the program modules executed by computer 700 may be retrieved from another computing device coupled to the network.
Typically, the computer 700 is programmed using instructions stored at 22 different times in the various computer-readable media of the computer.
Programs 23 and operating systems are often distributed, for example, on floppy disks or CD-24 ROMs. The programs are installed from the distribution media into a storage device within the computer 700. When a program is executed, the program is at 1 least partially loaded into the computer's primary electronic memory. As 2 described herein, the invention includes these and other types of computer-readable media when the media contains instructions or programs for 4 implementing the steps described below in conjunction with a processor. The invention also includes the computer itself when programmed according to the 6 procedures and techniques described herein.
7 For purposes of illustration, programs and other executable program 8 components are illustrated herein as discrete blocks, although it is understood that 9 such programs and components reside at various times in different storage components of the computer, and are executed by the computer's processor.
11 Alternatively, the systems and procedures described herein can be implemented in 12 hardware or a combination of hardware, software, and/or firmware. For example, 13 one or more application specific integrated circuits (ASICs) can be programmed to 14 carry out the systems and procedures described herein.
Although the description above uses language that is specific to structural 16 features and/or methodological acts, it is to be understood that the invention 17 defined in the appended claims is not limited to the specific features or acts 18 described. Rather, the specific features and acts are disclosed as exemplary forms 19 of implementing the invention.
Claims (18)
1. A
method implemented by a financial analysis system, the method comprising:
identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions;
presenting the user with a plurality of modes, each of which can be associated with one of the plurality of financial institutions, wherein the user has user authentication data for each of the plurality of financial institutions, and wherein each mode directs the financial analysis system to handle user authentication data received from the user in a specified manner, the modes comprising, a low trust mode that directs the financial analysis system to temporarily use the user authentication data received from the user without storing the data;
and a plurality of higher trust modes that each direct the financial analysis system to store the user authentication data;
receiving a selection of a respective mode from the user for each of the plurality of financial institutions;
associating the selected respective mode with each of the plurality of financial institutions;
storing financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with each of the plurality of financial institutions;
storing the associated respective mode corresponding with each of the plurality of financial institutions; and handling the user authentication data associated with each of the plurality of financial institutions as directed by the associated respective mode each time the financial analysis system accesses one of the multiple financial institutions on behalf of the user.
method implemented by a financial analysis system, the method comprising:
identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions;
presenting the user with a plurality of modes, each of which can be associated with one of the plurality of financial institutions, wherein the user has user authentication data for each of the plurality of financial institutions, and wherein each mode directs the financial analysis system to handle user authentication data received from the user in a specified manner, the modes comprising, a low trust mode that directs the financial analysis system to temporarily use the user authentication data received from the user without storing the data;
and a plurality of higher trust modes that each direct the financial analysis system to store the user authentication data;
receiving a selection of a respective mode from the user for each of the plurality of financial institutions;
associating the selected respective mode with each of the plurality of financial institutions;
storing financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with each of the plurality of financial institutions;
storing the associated respective mode corresponding with each of the plurality of financial institutions; and handling the user authentication data associated with each of the plurality of financial institutions as directed by the associated respective mode each time the financial analysis system accesses one of the multiple financial institutions on behalf of the user.
2. The method as recited in claim 1 wherein the plurality of higher trust modes comprises a moderate trust mode that directs the financial analysis system to encrypt the user authentication data, and store the encrypted user authentication data.
3. The method as recited in claim 1 wherein the plurality of higher trust modes comprises a high trust mode that directs the financial analysis system to encrypt the user authentication data using two-way encryption, and store the encrypted user authentication data.
4. The method as recited in claim 2 wherein the moderate trust mode directs the financial analysis system to encrypt the user authentication data using one-way encryption.
5. The method as recited in claim 1 further comprising associating a default mode with each financial account if the user does not select a valid mode.
6. A method comprising:
identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are with at least one financial institution;
presenting the user with a low trust mode that can be associated with at least one of the at least one financial institution, wherein the low trust mode comprises retrieving sensitive data from the user each time the user requests a service requiring the sensitive data, wherein the sensitive data is required to access the at least one financial institution as the user;
presenting the user with a high trust mode that can be associated with at least one of the at least one financial institution, wherein the high trust mode comprises storing in an encrypted format, remote from the at least one financial institution, sensitive data retrieved from the user;
receiving a selection from the user indicating one of the low trust mode or the high trust mode for each of the at least one financial institutions;
storing, remote from the at least one financial institution, data identifying each of the multiple financial accounts, financial institution data for each of the at least one financial institutions, and a selected one of the low trust mode or the high trust mode associated with each of the multiple financial institutions;
receiving a request from the user to access one of the at least one financial institutions; and in response, communicating with the at least one financial institution, and handling the sensitive data received from the user in accordance with the selected one of the low trust mode or the high trust mode associated with the financial institution.
identifying multiple financial accounts associated with a user, wherein the multiple financial accounts are with at least one financial institution;
presenting the user with a low trust mode that can be associated with at least one of the at least one financial institution, wherein the low trust mode comprises retrieving sensitive data from the user each time the user requests a service requiring the sensitive data, wherein the sensitive data is required to access the at least one financial institution as the user;
presenting the user with a high trust mode that can be associated with at least one of the at least one financial institution, wherein the high trust mode comprises storing in an encrypted format, remote from the at least one financial institution, sensitive data retrieved from the user;
receiving a selection from the user indicating one of the low trust mode or the high trust mode for each of the at least one financial institutions;
storing, remote from the at least one financial institution, data identifying each of the multiple financial accounts, financial institution data for each of the at least one financial institutions, and a selected one of the low trust mode or the high trust mode associated with each of the multiple financial institutions;
receiving a request from the user to access one of the at least one financial institutions; and in response, communicating with the at least one financial institution, and handling the sensitive data received from the user in accordance with the selected one of the low trust mode or the high trust mode associated with the financial institution.
7. The method as recited in claim 6 further comprising presenting the user with a moderate trust mode that can be associated with the at least one of the at least one financial institution, wherein the moderate trust mode stores sensitive data from the user in an encrypted format using a password known to the user; and wherein receiving a selection from the user includes receiving a selection indicating one of the low trust mode, the high trust mode, or the moderate trust mode for each of the at least one of the at least one financial institutions.
8. The method as recited in claim 6 further comprising associating a default trust mode with each financial institution for which the user does not select a valid mode.
9. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 6.
10. A method comprising:
identifying multiple financial accounts associated with a user, wherein each of the multiple financial accounts correspond to a respective one of a plurality of financial institutions;
presenting the user with a moderate trust mode that can be associated with a first set of at least one of the plurality of financial institutions, wherein the moderate trust mode comprises storing of sensitive data from the user in a one-way encrypted format, remote from the plurality of financial institutions, using a password known to the user;
presenting the user with a high trust mode that can be associated with a second set of at least one of the plurality of financial institutions, wherein the high trust mode comprises storing, remote from the plurality of financial institutions, sensitive data from the user in a two-way encrypted format;
receiving a selection from the user indicating one of the moderate trust mode or the high trust mode for each of the plurality of financial institutions; and handling sensitive data associated with each financial account of the user at the corresponding respective financial institution in accordance with the mode associated with the financial institution.
identifying multiple financial accounts associated with a user, wherein each of the multiple financial accounts correspond to a respective one of a plurality of financial institutions;
presenting the user with a moderate trust mode that can be associated with a first set of at least one of the plurality of financial institutions, wherein the moderate trust mode comprises storing of sensitive data from the user in a one-way encrypted format, remote from the plurality of financial institutions, using a password known to the user;
presenting the user with a high trust mode that can be associated with a second set of at least one of the plurality of financial institutions, wherein the high trust mode comprises storing, remote from the plurality of financial institutions, sensitive data from the user in a two-way encrypted format;
receiving a selection from the user indicating one of the moderate trust mode or the high trust mode for each of the plurality of financial institutions; and handling sensitive data associated with each financial account of the user at the corresponding respective financial institution in accordance with the mode associated with the financial institution.
11. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 10.
12. A method comprising:
identifying multiple financial institutions at which a user has financial accounts;
presenting the user with a moderate trust mode that can be associated with at least one of the multiple financial institutions, wherein the moderate trust mode comprises storing, remote from the multiple financial institutions, sensitive data from the user in an encrypted format using a password known to the user;
presenting the user with a low trust mode that can be associated with at least one of the multiple financial institutions, wherein the low trust mode comprises the financial analysis system retrieving sensitive data from the user each time the user requests a service requiring the sensitive data;
receiving a selection from the user indicating one of the moderate trust mode or the low trust mode for each of the multiple financial institutions;
storing data identifying each of the multiple financial accounts, corresponding financial institution data for each of the multiple financial institutions, and the corresponding selected one of the moderate trust mode or the low trust mode;
receiving a request from the user to access one of the multiple financial institutions; and in response, communicating with the one of the multiple financial institutions, and handling sensitive data associated with each financial account of the user at the financial institution in accordance with the corresponding selected one of the moderate trust mode or the low trust mode.
identifying multiple financial institutions at which a user has financial accounts;
presenting the user with a moderate trust mode that can be associated with at least one of the multiple financial institutions, wherein the moderate trust mode comprises storing, remote from the multiple financial institutions, sensitive data from the user in an encrypted format using a password known to the user;
presenting the user with a low trust mode that can be associated with at least one of the multiple financial institutions, wherein the low trust mode comprises the financial analysis system retrieving sensitive data from the user each time the user requests a service requiring the sensitive data;
receiving a selection from the user indicating one of the moderate trust mode or the low trust mode for each of the multiple financial institutions;
storing data identifying each of the multiple financial accounts, corresponding financial institution data for each of the multiple financial institutions, and the corresponding selected one of the moderate trust mode or the low trust mode;
receiving a request from the user to access one of the multiple financial institutions; and in response, communicating with the one of the multiple financial institutions, and handling sensitive data associated with each financial account of the user at the financial institution in accordance with the corresponding selected one of the moderate trust mode or the low trust mode.
13. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 12.
14. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to:
identify multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions;
present the user with a plurality of modes, each of which can be associated with one or more of the plurality of financial institutions, wherein each mode directs a server remote from the plurality of financial institutions to handle sensitive data in a particular manner, and wherein the sensitive data comprises user login data used to access accounts online at one of the plurality of financial institutions;
receive a selection of a respective mode from the user for each of the multiple financial institutions associate the selected respective mode with each of the multiple financial institutions;
store financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with the plurality of financial institutions, data identifying the multiple financial accounts, and the associated corresponding respective modes with each of the plurality of financial institutions; and handle the sensitive data associated with each of the plurality of financial institutions in accordance with the corresponding associated respective mode each time the user accesses one of the plurality of financial institutions.
identify multiple financial accounts associated with a user, wherein the multiple financial accounts are associated with a plurality of financial institutions;
present the user with a plurality of modes, each of which can be associated with one or more of the plurality of financial institutions, wherein each mode directs a server remote from the plurality of financial institutions to handle sensitive data in a particular manner, and wherein the sensitive data comprises user login data used to access accounts online at one of the plurality of financial institutions;
receive a selection of a respective mode from the user for each of the multiple financial institutions associate the selected respective mode with each of the multiple financial institutions;
store financial institution data for each of the plurality of financial institutions, comprising data which may be used to locate and communicate with the plurality of financial institutions, data identifying the multiple financial accounts, and the associated corresponding respective modes with each of the plurality of financial institutions; and handle the sensitive data associated with each of the plurality of financial institutions in accordance with the corresponding associated respective mode each time the user accesses one of the plurality of financial institutions.
15. The one or more computer-readable media as recited in claim 14 wherein the plurality of respective modes include a low trust mode for handling sensitive data associated with the user, the low trust mode configured to retrieve the sensitive data from the user each time the user requests a service requiring the sensitive data.
16. The one or more computer-readable media as recited in claim 15 wherein the low trust mode does not persistently store the sensitive data after the requested service requiring the sensitive data is complete.
17. The one or more computer-readable media as recited in claim 14 wherein the plurality of respective modes include a high trust mode for handling the sensitive data associated with the user, the high trust mode comprising retrieving the sensitive data from the user and storing the sensitive data in a two-way encrypted format.
18. The one or more computer-readable media as recited in claim 14 wherein the plurality of respective modes include a moderate trust mode for handling the sensitive data associated with the user, the moderate trust mode configured to retrieve the sensitive data from the user and store the sensitive data in a one-way encrypted format using a password known only to the user.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/044,289 US7203845B2 (en) | 2002-01-11 | 2002-01-11 | Multiple trust modes for handling data |
| US10/044,289 | 2002-01-11 | ||
| PCT/US2003/000664 WO2003061187A1 (en) | 2002-01-11 | 2003-01-08 | Multiple trust modes for handling data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2471604A1 CA2471604A1 (en) | 2003-07-24 |
| CA2471604C true CA2471604C (en) | 2013-09-03 |
Family
ID=21931535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2471604A Expired - Fee Related CA2471604C (en) | 2002-01-11 | 2003-01-08 | Multiple trust modes for handling data |
Country Status (5)
| Country | Link |
|---|---|
| US (2) | US7203845B2 (en) |
| AU (1) | AU2003235662A1 (en) |
| CA (1) | CA2471604C (en) |
| GB (1) | GB2399437B (en) |
| WO (1) | WO2003061187A1 (en) |
Families Citing this family (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9038193B2 (en) * | 1998-08-14 | 2015-05-19 | Azos Al, Llc | System and method of data cognition incorporating autonomous security protection |
| US7668772B1 (en) | 1998-10-21 | 2010-02-23 | Island Intellectual Property Llc | Systems and methods for money fund banking with flexible interest allocation |
| US7752129B2 (en) | 1998-10-21 | 2010-07-06 | Island Intellectual Property Llc | Systems and methods for managing client accounts |
| US7536350B1 (en) | 1998-10-21 | 2009-05-19 | Island Intellectual Property Llc | Systems and methods for providing enhanced account management services for multiple banks |
| US8719562B2 (en) * | 2002-10-25 | 2014-05-06 | William M. Randle | Secure service network and user gateway |
| US7640200B2 (en) | 2000-07-10 | 2009-12-29 | Byallaccounts, Inc. | Financial portfolio management system and method |
| US7797207B1 (en) * | 2000-07-24 | 2010-09-14 | Cashedge, Inc. | Method and apparatus for analyzing financial data |
| US7383223B1 (en) * | 2000-09-20 | 2008-06-03 | Cashedge, Inc. | Method and apparatus for managing multiple accounts |
| US7203845B2 (en) * | 2002-01-11 | 2007-04-10 | Cashedge, Inc. | Multiple trust modes for handling data |
| US7979348B2 (en) | 2002-04-23 | 2011-07-12 | Clearing House Payments Co Llc | Payment identification code and payment system using the same |
| US8150766B1 (en) | 2003-01-27 | 2012-04-03 | Island Intellectual Property Llc | System and method for investing public deposits |
| EP1654850B1 (en) * | 2003-08-12 | 2009-12-02 | Research In Motion Limited | System and method of indicating the strength of encryption |
| US20050055296A1 (en) * | 2003-09-08 | 2005-03-10 | Michael Hattersley | Method and system for underwriting and servicing financial accounts |
| US8725607B2 (en) | 2004-01-30 | 2014-05-13 | The Clearing House Payments Company LLC | Electronic payment clearing and check image exchange systems and methods |
| GB2410113A (en) * | 2004-11-29 | 2005-07-20 | Morse Group Ltd | A system and method of accessing banking services via a mobile telephone |
| US9466048B2 (en) * | 2005-05-16 | 2016-10-11 | Thomson Reuters Global Resources | Systems, methods, software and interfaces for integration of online research tasks into law firm workflow |
| US11200302B2 (en) * | 2005-11-16 | 2021-12-14 | Azos Ai, Llc | System and method of data cognition incorporating autonomous security protection |
| US8775214B2 (en) | 2006-07-19 | 2014-07-08 | Thompson Reuters (Market) LLC | Management method and system for a user |
| US8260705B1 (en) | 2007-02-28 | 2012-09-04 | Island Intellectual Property Llc | Systems, methods and program products for deposit and withdrawal processing |
| US7752107B1 (en) | 2007-02-28 | 2010-07-06 | Island Intellectual Property Llc | System and method for managing aggregated accounts |
| US8380621B1 (en) | 2007-02-28 | 2013-02-19 | Island Intellectual Property Llc | Systems, methods and program products for swap processing for uninsured accounts |
| US20080301022A1 (en) * | 2007-04-30 | 2008-12-04 | Cashedge, Inc. | Real-Time Core Integration Method and System |
| DE102007025262A1 (en) * | 2007-05-30 | 2007-10-25 | Meiko Maschinenbau Gmbh & Co. Kg | Cleaning device e.g. cycle dishwasher, for e.g. plate, has microwave drying device for partial drying of cleaning goods, where cooling blower of drying device guides air into source of microwave and air is warmed up and applied to goods |
| US8295486B2 (en) | 2007-09-28 | 2012-10-23 | Research In Motion Limited | Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function |
| US20090202081A1 (en) * | 2008-02-08 | 2009-08-13 | Ayman Hammad | Key delivery system and method |
| US8225106B2 (en) * | 2008-04-02 | 2012-07-17 | Protegrity Corporation | Differential encryption utilizing trust modes |
| US20090320089A1 (en) * | 2008-06-20 | 2009-12-24 | Microsoft Corporation | Policy-based user brokered authorization |
| US10108432B1 (en) * | 2009-04-16 | 2018-10-23 | Intuit Inc. | Generating a script based on user actions |
| US8781931B1 (en) | 2009-05-26 | 2014-07-15 | Island Intellectual Property Llc | Method and system for allocating deposits over a plurality of depository institutions |
| US8352342B1 (en) | 2009-06-19 | 2013-01-08 | Island Intellectual Property Llc | Method and system for determining fees for deposits allocated over a plurality of deposit institutions |
| US8756705B2 (en) | 2009-07-01 | 2014-06-17 | Fiserv, Inc. | Personalized security management |
| US8370236B1 (en) | 2009-11-24 | 2013-02-05 | Island Intellectual Property Llc | Method and system for allocating funds over a plurality of time deposit instruments in depository institutions |
| US9026803B2 (en) * | 2009-11-30 | 2015-05-05 | Hewlett-Packard Development Company, L.P. | Computing entities, platforms and methods operable to perform operations selectively using different cryptographic algorithms |
| US9275360B2 (en) | 2010-05-21 | 2016-03-01 | Hsbc Technology & Services (Usa) Inc. | Account opening flow configuration computer system and process for implementing same |
| US8589213B2 (en) | 2010-10-21 | 2013-11-19 | Hsbc Technology & Services (Usa) Inc. | Computer metrics system and process for implementing same |
| WO2011146711A1 (en) | 2010-05-21 | 2011-11-24 | Hsbc Technologies Inc. | Account opening computer system architecture and process for implementing same |
| US8458089B1 (en) | 2010-06-14 | 2013-06-04 | Island Intellectual Property Llc | System, method and program product for administering fund movements using depository institution groups |
| US8583545B1 (en) | 2010-09-20 | 2013-11-12 | Island Intellectual Property Llc | Systems and methods for money fund banking with flexible interest allocation |
| WO2012051180A1 (en) | 2010-10-11 | 2012-04-19 | Hsbc Technologies Inc. | Computer architecture and process for application processing engine |
| EP2633480A4 (en) | 2010-10-27 | 2016-08-17 | Hsbc Technology & Services Usa Inc | Integrated customer communications computer system and process for implementing same |
| US8452702B1 (en) | 2011-09-08 | 2013-05-28 | Island Intellectual Property Llc | System, method and program product for minimizing fund movements |
| US8655689B1 (en) | 2011-10-13 | 2014-02-18 | Island Intellectual Property Llc | System, method and program product for modeling fund movements |
| US11295308B1 (en) | 2014-10-29 | 2022-04-05 | The Clearing House Payments Company, L.L.C. | Secure payment processing |
| US9374370B1 (en) | 2015-01-23 | 2016-06-21 | Island Intellectual Property, Llc | Invariant biohash security system and method |
| US11042882B2 (en) | 2015-07-01 | 2021-06-22 | The Clearing House Payments Company, L.L.C. | Real-time payment system, method, apparatus, and computer program |
| US11694168B2 (en) | 2015-07-01 | 2023-07-04 | The Clearing House Payments Company L.L.C. | Real-time payment system, method, apparatus, and computer program |
| US20190132323A1 (en) * | 2017-10-27 | 2019-05-02 | Mastercard International Incorporated | Systems and methods for dynamically adjusting a password attempt threshold |
| US11436577B2 (en) | 2018-05-03 | 2022-09-06 | The Clearing House Payments Company L.L.C. | Bill pay service with federated directory model support |
Family Cites Families (52)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4346442A (en) | 1980-07-29 | 1982-08-24 | Merrill Lynch, Pierce, Fenner & Smith Incorporated | Securities brokerage-cash management system |
| US4694397A (en) * | 1984-12-27 | 1987-09-15 | The Advest Group, Inc. | Banking/brokerage computer interface system |
| US4953085A (en) | 1987-04-15 | 1990-08-28 | Proprietary Financial Products, Inc. | System for the operation of a financial account |
| US5644727A (en) | 1987-04-15 | 1997-07-01 | Proprietary Financial Products, Inc. | System for the operation and management of one or more financial accounts through the use of a digital communication and computation system for exchange, investment and borrowing |
| DE69029759T2 (en) | 1989-05-15 | 1997-07-17 | Ibm | Flexible interface for authentication services in a distributed data processing system |
| US5826243A (en) | 1994-01-03 | 1998-10-20 | Merrill Lynch & Co., Inc. | Integrated system for controlling master account and nested subaccount(s) |
| US6108641A (en) | 1994-01-03 | 2000-08-22 | Merrill Lynch, Pierce, Fenner & Smith | Integrated nested account financial system with medical savings subaccount |
| US6018722A (en) | 1994-04-18 | 2000-01-25 | Aexpert Advisory, Inc. | S.E.C. registered individual account investment advisor expert system |
| US5805719A (en) | 1994-11-28 | 1998-09-08 | Smarttouch | Tokenless identification of individuals |
| US5745706A (en) | 1994-12-30 | 1998-04-28 | Wolfberg; Larry | Computer system and related equipment for spending and investment account management |
| US5710889A (en) | 1995-02-22 | 1998-01-20 | Citibank, N.A. | Interface device for electronically integrating global financial services |
| FI101864B (en) | 1995-07-07 | 1998-09-15 | Biohit Oy | Method for correcting liquid dosing errors, and liquid dosing device |
| US5812883A (en) | 1995-11-22 | 1998-09-22 | Mitsubishi Chemical America, Inc. | System for reading and storing formatting information after formatting a first storage medium and using the stored formatting information to format a second storage medium |
| US5787427A (en) | 1996-01-03 | 1998-07-28 | International Business Machines Corporation | Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies |
| US5855020A (en) | 1996-02-21 | 1998-12-29 | Infoseek Corporation | Web scan process |
| EP0979459A4 (en) | 1996-05-23 | 2005-04-06 | Citibank Na | Global financial services integration system and process |
| US5940809A (en) | 1996-08-19 | 1999-08-17 | Merrill Lynch & Co. | Securities brokerage-asset management system |
| JPH10149404A (en) | 1996-11-15 | 1998-06-02 | D & B Technol Asia Kk | Fixed assets management device and open type accounting processing network system |
| US6038603A (en) | 1997-03-25 | 2000-03-14 | Oracle Corporation | Processing customized uniform resource locators |
| US5893078A (en) | 1997-03-26 | 1999-04-06 | Carreker-Antinori, Inc. | System and method for determining optimal sweep threshold parameters for demand deposit accounts |
| US6012048A (en) | 1997-05-30 | 2000-01-04 | Capital Security Systems, Inc. | Automated banking system for dispensing money orders, wire transfer and bill payment |
| US6324523B1 (en) | 1997-09-30 | 2001-11-27 | Merrill Lynch & Co., Inc. | Integrated client relationship management processor |
| US6381592B1 (en) | 1997-12-03 | 2002-04-30 | Stephen Michael Reuning | Candidate chaser |
| US6108788A (en) | 1997-12-08 | 2000-08-22 | Entrust Technologies Limited | Certificate management system and method for a communication security system |
| US6321334B1 (en) | 1998-07-15 | 2001-11-20 | Microsoft Corporation | Administering permissions associated with a security zone in a computer system security model |
| US6473800B1 (en) * | 1998-07-15 | 2002-10-29 | Microsoft Corporation | Declarative permission requests in a computer system |
| US6792082B1 (en) | 1998-09-11 | 2004-09-14 | Comverse Ltd. | Voice mail system with personal assistant provisioning |
| US6374231B1 (en) | 1998-10-21 | 2002-04-16 | Bruce Bent | Money fund banking system |
| US7765279B1 (en) | 1998-10-28 | 2010-07-27 | Verticalone Corporation | System and method for scheduling harvesting of personal information |
| US6606606B2 (en) * | 1998-11-09 | 2003-08-12 | Onecore Financial Network, Inc. | Systems and methods for performing integrated financial transaction |
| US6802042B2 (en) | 1999-06-01 | 2004-10-05 | Yodlee.Com, Inc. | Method and apparatus for providing calculated and solution-oriented personalized summary-reports to a user through a single user-interface |
| US6412073B1 (en) | 1998-12-08 | 2002-06-25 | Yodiee.Com, Inc | Method and apparatus for providing and maintaining a user-interactive portal system accessible via internet or other switched-packet-network |
| US6199077B1 (en) | 1998-12-08 | 2001-03-06 | Yodlee.Com, Inc. | Server-side web summary generation and presentation |
| US20020010768A1 (en) | 1998-12-17 | 2002-01-24 | Joshua K. Marks | An entity model that enables privilege tracking across multiple treminals |
| US6240399B1 (en) | 1998-12-24 | 2001-05-29 | Glenn Frank | System and method for optimizing investment location |
| US6513019B2 (en) | 1999-02-16 | 2003-01-28 | Financial Technologies International, Inc. | Financial consolidation and communication platform |
| US6477565B1 (en) | 1999-06-01 | 2002-11-05 | Yodlee.Com, Inc. | Method and apparatus for restructuring of personalized data for transmission from a data network to connected and portable network appliances |
| JP2003530619A (en) | 1999-06-17 | 2003-10-14 | モビウス・マネージメント・システムズ・インコーポレイテッド | Electronic statement, invoice presentation and settlement system and method |
| US6609128B1 (en) | 1999-07-30 | 2003-08-19 | Accenture Llp | Codes table framework design in an E-commerce architecture |
| US6598028B1 (en) | 1999-09-03 | 2003-07-22 | Lynn Sullivan | Computer-implemented universal financial management/translation system and method |
| US6510451B2 (en) | 1999-10-14 | 2003-01-21 | Yodlee.Com, Inc. | System for completing a multi-component task initiated by a client involving Web sites without requiring interaction from the client |
| US6799167B1 (en) * | 1999-10-22 | 2004-09-28 | Decision Analytics, Inc. | Dynamic portfolio benchmarking |
| US6986046B1 (en) | 2000-05-12 | 2006-01-10 | Groove Networks, Incorporated | Method and apparatus for managing secure collaborative transactions |
| US6639910B1 (en) * | 2000-05-20 | 2003-10-28 | Equipe Communications Corporation | Functional separation of internal and external controls in network devices |
| US7013310B2 (en) | 2002-01-03 | 2006-03-14 | Cashedge, Inc. | Method and apparatus for retrieving and processing data |
| US20020019753A1 (en) | 2000-08-07 | 2002-02-14 | Boden John B. | System, method, and computer program product for assisting caregivers |
| US7031939B1 (en) | 2000-08-15 | 2006-04-18 | Yahoo! Inc. | Systems and methods for implementing person-to-person money exchange |
| US6697860B1 (en) | 2000-08-28 | 2004-02-24 | Viagold Direct Network Limited | System and method for linking web sites |
| US7203845B2 (en) * | 2002-01-11 | 2007-04-10 | Cashedge, Inc. | Multiple trust modes for handling data |
| GB2392262A (en) | 2002-08-23 | 2004-02-25 | Hewlett Packard Co | A method of controlling the processing of data |
| US20060015450A1 (en) | 2004-07-13 | 2006-01-19 | Wells Fargo Bank, N.A. | Financial services network and associated processes |
| JP4471761B2 (en) * | 2004-07-26 | 2010-06-02 | 任天堂株式会社 | GAME PROGRAM, GAME DEVICE, AND INPUT DEVICE |
-
2002
- 2002-01-11 US US10/044,289 patent/US7203845B2/en not_active Expired - Lifetime
-
2003
- 2003-01-08 GB GB0414223A patent/GB2399437B/en not_active Expired - Fee Related
- 2003-01-08 WO PCT/US2003/000664 patent/WO2003061187A1/en not_active Application Discontinuation
- 2003-01-08 CA CA2471604A patent/CA2471604C/en not_active Expired - Fee Related
- 2003-01-08 AU AU2003235662A patent/AU2003235662A1/en not_active Abandoned
-
2007
- 2007-03-05 US US11/714,627 patent/US7657761B2/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| GB0414223D0 (en) | 2004-07-28 |
| GB2399437B (en) | 2006-05-03 |
| WO2003061187A1 (en) | 2003-07-24 |
| AU2003235662A1 (en) | 2003-07-30 |
| US20070162769A1 (en) | 2007-07-12 |
| CA2471604A1 (en) | 2003-07-24 |
| US7657761B2 (en) | 2010-02-02 |
| US7203845B2 (en) | 2007-04-10 |
| US20030135752A1 (en) | 2003-07-17 |
| GB2399437A (en) | 2004-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2471604C (en) | Multiple trust modes for handling data | |
| US11423475B2 (en) | Distributed electronic record and transaction history | |
| US8086508B2 (en) | Method and apparatus for delegating authority | |
| US6886101B2 (en) | Privacy service | |
| US7788499B2 (en) | Security tokens including displayable claims | |
| US20140046820A1 (en) | Method and apparatus for managing a financial transaction system | |
| US8521627B2 (en) | Systems and methods for facilitating electronic securities transactions | |
| KR20180113084A (en) | Method for managing Digital Identity based on Blockchain | |
| AU2018241201A1 (en) | Regulation compliant data integration for financial institutions | |
| US7013388B2 (en) | Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system | |
| CA3056277A1 (en) | System for managing transactional data | |
| US8694423B2 (en) | Systems and methods for brokering data in a transactional gateway | |
| KR20080094000A (en) | Method and apparatus for establishing peer-to-peer karma and trust | |
| US20020138447A1 (en) | System and method for updating personal financial information | |
| US8554872B2 (en) | Integration of different mobile device types with a business infrastructure | |
| US20230135685A1 (en) | Access controller for secure transactions | |
| EP1033854B1 (en) | System and method for anonymous access to the internet | |
| JP2002163234A (en) | User authentication system and processing method therefor, and recording medium recorded with the program therefor | |
| US11244314B2 (en) | Dual controls for processing electronic transactions | |
| US8280785B1 (en) | Financial account manager | |
| US20040236941A1 (en) | Method for secure transfer of information | |
| WO2006036699A2 (en) | Concept based message security system | |
| JP7113883B2 (en) | Identity verification system, method and computer program | |
| US7093281B2 (en) | Casual access application with context sensitive pin authentication | |
| US11962577B2 (en) | Resource transfer setup and verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20180108 |