Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: Methods, systems, and computer-readable media for selectively enabling and disabling biometric authentication are presented. In some embodiments, a computing platform may receive, from a device monitoring and management computer system, a device state indicator message comprising device state information associated with a mobile computing device. Subsequently, the computing platform may set a biometric authentication flag for the mobile computing device based on the device state indicator message received from the device monitoring and management computer system. Then, the computing platform may generate an authentication functionality message for the mobile computing device based on the biometric authentication flag set for the mobile computing device, and the authentication functionality message may be configured to selectively enable or disable one or more biometric authentication functions provided by the mobile computing device.

Abstract: A computing platform may receive, from a social messaging server, a request to authenticate a user to a user account associated with a client portal. In response to receiving the request, the computing platform may send, to the social messaging server, an authentication token request message. Thereafter, the computing platform may receive, from the social messaging server, an authentication token. The computing platform may validate the authentication token received from the social messaging server. Based on validating the authentication token received from the social messaging server, the computing platform may generate a validation message directing a client support server to provide the user with access to the user account. Subsequently, the computing platform may send the validation message to the client support server, which may cause the client support server to initiate a client support session with the user via the social messaging service provided by the social messaging server.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account associated with a client portal provided by the client portal server. Based on receiving the request to authenticate, the computing platform may send, to a social messaging server, an authentication token request message. Subsequently, the computing platform may receive, from the social messaging server, an authentication token. Thereafter, the computing platform may validate the authentication token received from the social messaging server. Based on validating the authentication token received from the social messaging server, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account. Subsequently, the computing platform may send, to the client portal server, the validation message directing the client portal server to provide the user with access to the user account.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account associated with a client portal. Based on identifying an activity associated with the request, the computing platform may select a multi-device authentication method for authenticating the user. The computing platform may generate a first one-time passcode for a first registered device and a second one-time passcode for a second registered device, and may send the one-time passcodes to the registered devices. Thereafter, the computing platform may receive and validate one-time passcode input from the client portal server. Based on validating the one-time passcode input, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, and may send the validation message to the client portal server. In some instances, different authentication methods may be selected for different activities.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account associated with a client portal provided by the client portal server, as well as device selection input selecting a first registered device and a second registered device to receive one-time passcodes. The computing platform may generate a first one-time passcode for the first registered device and a second one-time passcode for the second registered device, and may send the first one-time passcode to the first registered device and the second one-time passcode to the second registered device. The computing platform may receive and validate one-time passcode input. Based on validating the one-time passcode input, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, and may send the validation message to the client portal server.

Abstract: A computing platform may receive, from a client server, a request to authenticate a user to a user account, as well as device selection input selecting a registered device to receive a one-time passcode. The computing platform may evaluate the device selection input based on contextual login information associated with the user account, determine that the registered device selected to receive the one-time passcode is out of context, and execute a security procedure. Based on validating a response to the security procedure, the computing platform may generate a one-time passcode and may send the one-time passcode to the registered device selected to receive the one-time passcode. Thereafter, the computing platform may receive one-time passcode input, validate the one-time passcode input, generate a validation message directing the client server to provide the user with access to the user account, and send the validation message to the client server.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator collects account information on behalf of the customer. Rather than providing their username, password, or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter the customer's credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a telephone agent support computer system associated with a telephone agent channel, an authentication request for a user account. The computing platform may generate a set of one or more authentication prompts based on a set of authentication rules defined for the telephone agent channel and may provide the set of one or more authentication prompts generated based on the set of authentication rules defined for the telephone agent channel. Subsequently, the computing platform may validate one or more responses to the set of one or more authentication prompts. Based on validating the one or more responses, the computing platform may provide user account information associated with the user account to the telephone agent support computer system associated with the telephone agent channel.

Abstract: Aspects of the disclosure relate to linking channel-specific systems with a user authentication hub. In some embodiments, a computing platform may receive, from a mobile device, an authentication request for a user account and may generate one or more authentication prompts. Subsequently, the computing platform may provide the one or more authentication prompts and may validate responses to the authentication prompts. Based on validating the responses to the authentication prompts, the computing platform may generate one or more security questions based on historical information associated with the user account. Subsequently, the computing platform may provide the one or more security questions and may validate one or more responses to the one or more security questions. Based on validating the one or more responses to the one or more security questions, the computing platform may provide user account information associated with the user account to the mobile device.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account. The computing platform may generate a first one-time passcode for a first computing device associated with the user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a first registered-device authentication prompt for a second computing device associated with the user account and may send, to the second computing device, the first registered-device authentication prompt. Thereafter, the computing platform may receive first one-time passcode input and a first response to the first registered-device authentication prompt, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, which the computing platform may send to the client portal server.

Abstract: Aspects of the disclosure relate to recognizing and authenticating mobile devices based on unique cross-channel bindings. In some embodiments, a computing platform may receive, from a telephone agent support computer system, call information associated with a telephone call. Subsequently, the computing platform may identify a source device that placed the telephone call, based on binding information maintained by the computing platform for the source device. Based on identifying the source device that placed the telephone call, the computing platform may load user information associated with a user account linked to the source device. Next, the computing platform may set one or more authentication flags for the user account based on the binding information. Then, the computing platform may send, to the telephone agent support computer system, the user information and authentication information based on the one or more authentication flags set for the user account linked to the source device.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a first user to a first user account. The computing platform may generate a first one-time passcode for a first computing device associated with the first user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a second one-time passcode for a second computing device associated with the first user account and may send, to the second computing device, the second one-time passcode. Thereafter, the computing platform may receive first one-time passcode input and second one-time passcode input, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the first user with access to the first user account, which the computing platform may send to the client portal server.

Abstract: A computing platform may receive, from a client communication server, a first token request requesting a token for a first client. The computing platform may generate a first token linked to a first record associated with the first client. Subsequently, the computing platform may send, to the client communication server, the first token linked to the first record associated with the first client. Thereafter, the computing platform may receive, from a client portal server, a first token validation request comprising the first token linked to the first record associated with the first client, and may validate the first token linked to the first record associated with the first client. Based on validating the first token, the computing platform may send, to the client portal server, a first token validation message directing the client portal server to provide the first record associated with the first client to the first client.

Abstract: Methods, systems, and computer-readable media for ensuring information security using one-time tokens are presented. In one or more embodiments, a computing platform may receive, from a user device, a request to access an online banking portal using a user account. Based on the request, the computing platform may generate and send a notification to a registered mobile device linked to the user account. After sending the notification, the computing platform may generate a one-time token message that includes a prompt for authorizing the user device to access the online banking portal using the user account. The computing platform then may send the one-time token message to the mobile device and receive token response input from the mobile device. Based on the input, the computing platform may prevent the user device from accessing the online banking portal or, alternatively, may provide the user device with access to the online banking portal.

Abstract: Methods, systems, and computer-readable media for selectively enabling and disabling biometric authentication are presented. In some embodiments, a computing platform may receive, from a device monitoring and management computer system, a device state indicator message comprising device state information associated with a mobile computing device. Subsequently, the computing platform may set a biometric authentication flag for the mobile computing device based on the device state indicator message received from the device monitoring and management computer system. Then, the computing platform may generate an authentication functionality message for the mobile computing device based on the biometric authentication flag set for the mobile computing device, and the authentication functionality message may be configured to selectively enable or disable one or more biometric authentication functions provided by the mobile computing device.

Abstract: A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.

Abstract: Methods, systems, and computer-readable media for processing cardless transactions at automated teller devices are presented. In some embodiments, a computer system may receive, from an automated teller device associated with a financial institution, login input comprising one or more online banking credentials associated with a customer of the financial institution. Subsequently, the computer system may validate the login input. If the login input is valid, the computer system may generate a one-time passcode. Then, the computer system may send, to a customer mobile device associated with the customer, the one-time passcode. Thereafter, the computer system may receive, from the automated teller device, passcode input. Subsequently, the computer system may validate the passcode input. If the passcode input is valid, the computer system may generate a customer authentication message. Then, the computer system may send, to the automated teller device, the customer authentication message.