Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator collects account information on behalf of the customer. Rather than providing their username, password, or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter the customer's credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.

Abstract: A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.

Abstract: Methods and systems for evaluating customer security preferences are presented. In some embodiments, a computer system may receive, from a security dashboard computing platform, a request for a security score associated with a customer. In response to receiving the request for the security score associated with the customer, the computer system may request, from a customer portal computing platform, one or more security preferences associated with the customer. Subsequently, the computer system may receive, from the customer portal computing platform, the one or more security preferences associated with the customer. The computer system then may determine, based on at least one security score definition file and based on the one or more security preferences associated with the customer, a security score for the customer. Thereafter, the computer system may provide, to the security dashboard computing platform, the determined security score for the customer.

Abstract: Methods and systems for evaluating customer security preferences are presented. In some embodiments, a computer system may receive, from a customer portal computing platform, a request for a security dashboard user interface for a customer. In response to receiving the request for the security dashboard user interface, the computer system may request, from a security score computing platform, a security score for the customer. Subsequently, the computer system may receive, from the security score computing platform, the security score for the customer. The computer system then may generate, based on the security score for the customer, the security dashboard user interface for the customer. Thereafter, the computer system may provide, to the customer portal computing platform, the generated security dashboard user interface for the customer.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for provisioning a mobile device with a code generation key to enable generation of one-time passcodes are presented. In some embodiments, a computer system may receive, from a mobile computing device associated with a customer of a financial institution, a request to register a passcode generator on the mobile computing device. Subsequently, based on receiving the request, the computer system may authenticate a user of the mobile computing device to an online banking user account associated with the customer. Then, based on authenticating the user to the online banking user account, the computer system may generate a code generation key configured to be used by the passcode generator. Next, the computer system may store the code generation key in a key database. Subsequently, the computer system may send, to the mobile computing device, the code generation key to provision the passcode generator.

Abstract: A system for authenticating a customer is disclosed. The customer may attempt to access protected resources located at an authentication server. The customer may log in to the authentication server's website, thereby submitting an authentication request. The authentication request may comprise attributes of the device the customer uses to log in. The authentication server may generate a device ID using the received device attributes and generate an authentication token that is signed with the device ID. The authentication server may transmit the authentication token to the client device. Subsequent requests to access protected resources from the client device may include the authentication token that is signed with the device ID.