Abstract: Methods, systems, and computer-readable media for provisioning a mobile device with a code generation key to enable generation of one-time passcodes are presented. In some embodiments, a computer system may receive, from a mobile computing device associated with a customer of a financial institution, a request to register a passcode generator on the mobile computing device. Subsequently, based on receiving the request, the computer system may authenticate a user of the mobile computing device to an online banking user account associated with the customer. Then, based on authenticating the user to the online banking user account, the computer system may generate a code generation key configured to be used by the passcode generator. Next, the computer system may store the code generation key in a key database. Subsequently, the computer system may send, to the mobile computing device, the code generation key to provision the passcode generator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, apparatuses, and computer-readable media for providing enhanced user authentication functionalities are presented. In one or more embodiments, a server computing device may authenticate a user of a user computing device to a customer portal. Subsequently, the server computing device may receive a click-to-call request from the user computing device. In response to receiving the click-to-call request, the server computing device may generate a one-time passcode for the user. Then, the server computing device may provide the one-time passcode to the user. Thereafter, the server computing device may receive one-time-passcode input from an interactive voice response (IVR) server, and such input may be received from a caller. The server computing device then may validate the one-time-passcode input based on the one-time passcode provided to the user. In response to validating the one-time-passcode input, the server computing device may cause the IVR server to authenticate the caller as the user.

Abstract: A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.

Abstract: Methods, systems, and computer-readable media for ensuring information security using one-time tokens are presented. In one or more embodiments, a computing platform may receive, from a user device, a request to access an online banking portal using a user account. Based on the request, the computing platform may generate and send a notification to a registered mobile device linked to the user account. After sending the notification, the computing platform may generate a one-time token message that includes a prompt for authorizing the user device to access the online banking portal using the user account. The computing platform then may send the one-time token message to the mobile device and receive token response input from the mobile device. Based on the input, the computing platform may prevent the user device from accessing the online banking portal or, alternatively, may provide the user device with access to the online banking portal.

Abstract: Methods, systems, apparatuses, and computer-readable media for providing enhanced user authentication functionalities are presented. In one or more embodiments, a server computing device may authenticate a user of a user computing device to a customer portal. Subsequently, the server computing device may receive a click-to-call request from the user computing device. In response to receiving the click-to-call request, the server computing device may generate a one-time passcode for the user. Then, the server computing device may provide the one-time passcode to the user. Thereafter, the server computing device may receive one-time-passcode input from an interactive voice response (IVR) server, and such input may be received from a caller. The server computing device then may validate the one-time-passcode input based on the one-time passcode provided to the user. In response to validating the one-time-passcode input, the server computing device may cause the IVR server to authenticate the caller as the user.

Abstract: A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.

Abstract: A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.

Abstract: A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.