Patents by Inventor Xianhong Zhang
Xianhong Zhang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10965675Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced pre-authentication techniques. A computing platform may receive, from a local traffic manager, a first enriched access request associated with a first remote computing device. Then, the computing platform may apply a pre-authentication classification model to the first enriched access request associated with the first remote computing device. Thereafter, the computing platform may determine that the first enriched access request associated with the first remote computing device is likely malicious. Then, the computing platform may generate one or more first pre-authentication response commands directing client portal server infrastructure to process the first enriched access request associated with the first remote computing device as a malicious request.Type: GrantFiled: March 14, 2018Date of Patent: March 30, 2021Assignee: Bank of America CorporationInventors: Xianhong Zhang, Kalyan V. Pasumarthi, Jeffrey Jacoby, Hitesh Shah, Archie Agrawal, Michael E. Toth, Yu Fu
-
Patent number: 10803154Abstract: Aspects of the disclosure relate to multicomputer processing and authentication of user data associated with telephone calls. A call security assessment computing platform may receive data associated with a telephone call made from a user computing device. Subsequently, the call security assessment computing platform may parse the received data to identify header information in a Session Initial Protocol (SIP) header. The platform then may analyze the header information to generate a call fingerprint for the telephone call. This call fingerprint may then be transmitted to one or more call authentication computing platforms, which return one or more call security responses that may further characterize security features of the telephone call. The call fingerprint and the call security responses may then be used to determine a call security score, which may be transmitted in a notification to a call handling system in order to adjust how the call is handled.Type: GrantFiled: September 27, 2019Date of Patent: October 13, 2020Assignee: Bank of America CorporationInventors: Dennis M. Osborne, Daniel L. Carpenter, Xianhong Zhang, Michael Toth
-
Patent number: 10749874Abstract: Aspects of the disclosure relate to providing information security and preventing unauthorized access to resources of an information system by injecting device data collectors into pages and/or other interfaces provided by and/or otherwise associated with an information system. A computing platform may intercept a request for a uniform resource locator from a client computing device based on configuration information identifying the uniform resource locator as being protected. The computing platform may request and receive, from an application server, a page associated with the uniform resource locator. Then, the computing platform may generate a modified version of the page associated with the uniform resource locator by injecting collector code into source code defining the page associated with the uniform resource locator. Subsequently, the computing platform may send, to the client computing device, the modified version of the page associated with the uniform resource locator.Type: GrantFiled: August 13, 2019Date of Patent: August 18, 2020Assignee: Bank of America CorporationInventor: Xianhong Zhang
-
Publication number: 20200244661Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.Type: ApplicationFiled: April 17, 2020Publication date: July 30, 2020Inventors: Mark A. Pender, Daniel L. Carpenter, Kapil Pruthi, Xianhong Zhang, Apeksh M. Dave, Elizabeth Votaw, Andrew T. Keys
-
Publication number: 20200226603Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.Type: ApplicationFiled: March 27, 2020Publication date: July 16, 2020Inventors: Mark A. Pender, Daniel L. Carpenter, Kapil Pruthi, Xianhong Zhang, Apeksh M. Dave, Elizabeth Votaw, Andrew T. Keys
-
Publication number: 20200228523Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.Type: ApplicationFiled: March 27, 2020Publication date: July 16, 2020Inventors: Ashish Arora, Muniraju Jayaramaiah, Xianhong Zhang
-
Publication number: 20200184051Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and activity data associated with one or more interactions with one or more non-authenticated pages. Then, the computing platform may evaluate the one or more behavioral parameters and the activity data using a behavioral profile associated with the user account. Based on this evaluation, the computing platform may identify the authentication request as malicious and may generate and send one or more denial-of-access commands to prevent the client computing device from accessing the one or more secured information resources associated with the user account.Type: ApplicationFiled: December 5, 2018Publication date: June 11, 2020Inventors: Michael E. Toth, Xianhong Zhang, Hitesh Shah, Srinivasa Rao Goriparthi
-
Publication number: 20200184050Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and may authenticate the user of the client computing device to the user account based on the one or more behavioral parameters and one or more authentication credentials. The computing platform then may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources. Subsequently, the computing platform may capture activity data associated with one or more interactions in a client portal session and may update a behavioral profile associated with the user account.Type: ApplicationFiled: December 5, 2018Publication date: June 11, 2020Inventors: Michael E. Toth, Xianhong Zhang, Hitesh Shah, Srinivasa Rao Goriparthi
-
Publication number: 20200184048Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned user behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture behavioral parameters associated with the client computing device and may evaluate the behavioral parameters using a behavioral profile associated with the user account to determine a behavioral deviation score. Based on the behavioral deviation score, the computing platform may select an authentication action from a plurality of pre-defined authentication actions. Subsequently, the computing platform may generate commands directing an account portal computing platform to allow access, conditionally allow access, or prevent access based on the selected authentication action.Type: ApplicationFiled: December 5, 2018Publication date: June 11, 2020Inventors: Michael E. Toth, Hitesh Shah, Xianhong Zhang
-
Publication number: 20200184049Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems based on machine-learned event profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account in a client portal session. The computing platform may capture one or more behavioral parameters and may generate one or more authentication prompts. Thereafter, the computing platform may receive one or more authentication prompt responses and may evaluate an event pattern. Based on evaluating the event pattern and validating the one or more authentication prompt responses, the computing platform may generate and send one or more authentication commands directing an account portal computing platform to allow access to the one or more secured information resources associated with the user account in the client portal session.Type: ApplicationFiled: December 5, 2018Publication date: June 11, 2020Inventors: Michael E. Toth, Hitesh Shah, Xianhong Zhang
-
Patent number: 10666654Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.Type: GrantFiled: May 15, 2016Date of Patent: May 26, 2020Assignee: Bank of America CorporationInventors: Mark A. Pender, Daniel L. Carpenter, Kapil Pruthi, Xianhong Zhang, Apeksh M. Dave, Elizabeth S. Votaw, Andrew T. Keys
-
Patent number: 10645079Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.Type: GrantFiled: May 12, 2017Date of Patent: May 5, 2020Assignee: Bank of America CorporationInventors: Ashish Arora, Muniraju Jayaramaiah, Xianhong Zhang
-
Patent number: 10643212Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.Type: GrantFiled: May 15, 2016Date of Patent: May 5, 2020Assignee: Bank of America CorporationInventors: Mark A. Pender, Daniel L. Carpenter, Kapil Pruthi, Xianhong Zhang, Apeksh M. Dave, Elizabeth S. Votaw, Andrew T. Keys
-
Publication number: 20200026828Abstract: Aspects of the disclosure relate to multicomputer processing and authentication of user data associated with telephone calls. A call security assessment computing platform may receive data associated with a telephone call made from a user computing device. Subsequently, the call security assessment computing platform may parse the received data to identify header information in a Session Initial Protocol (SIP) header. The platform then may analyze the header information to generate a call fingerprint for the telephone call. This call fingerprint may then be transmitted to one or more call authentication computing platforms, which return one or more call security responses that may further characterize security features of the telephone call. The call fingerprint and the call security responses may then be used to determine a call security score, which may be transmitted in a notification to a call handling system in order to adjust how the call is handled.Type: ApplicationFiled: September 27, 2019Publication date: January 23, 2020Inventors: Dennis M. Osborne, Daniel L. Carpenter, Xianhong Zhang, Michael Toth
-
Publication number: 20190364050Abstract: Aspects of the disclosure relate to providing information security and preventing unauthorized access to resources of an information system by injecting device data collectors into pages and/or other interfaces provided by and/or otherwise associated with an information system. A computing platform may intercept a request for a uniform resource locator from a client computing device based on configuration information identifying the uniform resource locator as being protected. The computing platform may request and receive, from an application server, a page associated with the uniform resource locator. Then, the computing platform may generate a modified version of the page associated with the uniform resource locator by injecting collector code into source code defining the page associated with the uniform resource locator. Subsequently, the computing platform may send, to the client computing device, the modified version of the page associated with the uniform resource locator.Type: ApplicationFiled: August 13, 2019Publication date: November 28, 2019Inventor: Xianhong Zhang
-
Patent number: 10430569Abstract: Aspects of the disclosure relate to multicomputer processing and authentication of user data associated with telephone calls. A call security assessment computing platform may receive data associated with a telephone call made from a user computing device. Subsequently, the call security assessment computing platform may parse the received data to identify header information in a Session Initial Protocol (SIP) header. The platform then may analyze the header information to generate a call fingerprint for the telephone call. This call fingerprint may then be transmitted to one or more call authentication computing platforms, which return one or more call security responses that may further characterize security features of the telephone call. The call fingerprint and the call security responses may then be used to determine a call security score, which may be transmitted in a notification to a call handling system in order to adjust how the call is handled.Type: GrantFiled: November 8, 2018Date of Patent: October 1, 2019Assignee: Bank of America CorporationInventors: Dennis M. Osborne, Daniel L. Carpenter, Xianhong Zhang, Michael Toth
-
Patent number: 10430578Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.Type: GrantFiled: November 2, 2017Date of Patent: October 1, 2019Assignee: Bank of America CorporationInventors: Xianhong Zhang, Andrew T. Keys, Kapil Pruthi, Daniel Lynn Carpenter, Mark A. Pender, Spencer Yezo, Apeksh M. Dave
-
Publication number: 20190289007Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced pre-authentication techniques. A computing platform may receive, from a local traffic manager, a first enriched access request associated with a first remote computing device. Then, the computing platform may apply a pre-authentication classification model to the first enriched access request associated with the first remote computing device. Thereafter, the computing platform may determine that the first enriched access request associated with the first remote computing device is likely malicious. Then, the computing platform may generate one or more first pre-authentication response commands directing client portal server infrastructure to process the first enriched access request associated with the first remote computing device as a malicious request.Type: ApplicationFiled: March 14, 2018Publication date: September 19, 2019Inventors: Xianhong Zhang, Kalyan V. Pasumarthi, Jeffrey Jacoby, Hitesh Shah, Archie Agrawal, Michael E. Toth, Yu Fu
-
Patent number: 10412093Abstract: Aspects of the disclosure relate to providing information security and preventing unauthorized access to resources of an information system by injecting device data collectors into pages and/or other interfaces provided by and/or otherwise associated with an information system. A computing platform may intercept a request for a uniform resource locator from a client computing device based on configuration information identifying the uniform resource locator as being protected. The computing platform may request and receive, from an application server, a page associated with the uniform resource locator. Then, the computing platform may generate a modified version of the page associated with the uniform resource locator by injecting collector code into source code defining the page associated with the uniform resource locator. Subsequently, the computing platform may send, to the client computing device, the modified version of the page associated with the uniform resource locator.Type: GrantFiled: August 31, 2016Date of Patent: September 10, 2019Assignee: Bank of America CorporationInventor: Xianhong Zhang
-
Patent number: 10404635Abstract: Aspects of the disclosure relate to optimizing data replication across multiple data centers. A computing platform may receive, from an authentication hub computing platform, an event message corresponding to an event associated with the authentication hub computing platform. In response to receiving the event message, the computing platform may transform the event message to produce multiple transformed messages. The multiple transformed messages may include a first transformed message associated with a first topic and a second transformed message associated with a second topic different from the first topic. Subsequently, the computing platform may send, to at least one messaging service computing platform associated with at least one other data center different from a data center associated with the computing platform, the multiple transformed messages.Type: GrantFiled: March 21, 2017Date of Patent: September 3, 2019Assignee: Bank of America CorporationInventors: Tao Huang, Archie Agrawal, Akshay Jain, Xianhong Zhang