公开(公告)号：US20200329028A1

公开(公告)日：2020-10-15

申请号：US16915484

申请日：2020-06-29

Applicant: BANK OF AMERICA CORPORATION

Inventor： Dharmender Kumar Satija ,  Eren Kursun ,  Andrew DongHo Kim ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/707

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

公开(公告)号：US20200329027A1

公开(公告)日：2020-10-15

申请号：US16915480

申请日：2020-06-29

Applicant: BANK OF AMERICA CORPORATION

Inventor： Dharmender Kumar Satija ,  Eren Kursun ,  Andrew DongHo Kim ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/707

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

公开(公告)号：US20190373019A1

公开(公告)日：2019-12-05

申请号：US15995837

申请日：2018-06-01

Applicant: BANK OF AMERICA CORPORATION

Inventor： Dharmender Kumar Satija ,  Eren Kursun ,  Andrew DongHo Kim ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/50

Abstract: The invention relates generally to an alternate display generation based on user identification of unauthorized users. When the user is identified as an unauthorized user, the organization may present an alternative interface to the unauthorized user. The organization monitors how the unauthorized user utilizes the alternative interface, such as action requests that the unauthorized user may take through the use of the alternative interface. In response to any action requests from the unauthorized user, the organization may take alternative actions in order to make it seem that the unauthorized user was successful in the action request. In this way, the organization may monitor the use of the alternative interface by the unauthorized user, and capture additional information from the unauthorized user in order to identify, track, and/or prevent access by unauthorized users in the future.

公开(公告)号：US20190132328A1

公开(公告)日：2019-05-02

申请号：US15798163

申请日：2017-10-30

Applicant: BANK OF AMERICA CORPORATION

Inventor： Scott Anderson Sims ,  Kolt Arthur Bell ,  Michael Joseph Carroll ,  Andrew DongHo Kim ,  Elliot Piatetsky ,  Stephen M. Schneeweis ,  Michael E. Toth ,  Craig D. Widmann ,  Dharmender Kumar Satija ,  Sai Kishan Alapati

IPC: H04L29/06 ,  G06N99/00

Abstract: Systems, computer program products, and methods are described herein for elevated authentication model using cross-channel data. The present invention is configured to receive one or more exposure events from a detection system, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in at least one communication channel associated with the detection system; store the one or more exposure events in a centralized repository; determine one or more other communication channels across the one or more detection systems available for access to the user; and increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.

公开(公告)号：US11949686B2

公开(公告)日：2024-04-02

申请号：US18118423

申请日：2023-03-07

Applicant: BANK OF AMERICA CORPORATION

Inventor： Scott Anderson Sims ,  Andrew DongHo Kim ,  Craig Douglas Widmann ,  Jeffrey Brian Bashore

IPC: H04L9/40 ,  G06F21/32 ,  G06F21/62 ,  H04W12/08 ,  H04W12/63

CPC classification number: H04L63/107 ,  G06F21/32 ,  G06F21/6245 ,  H04W12/08 ,  H04W12/63

Abstract: Systems, computer program products, and methods are described herein for intrusion detection using resource activity analysis. The present invention is configured to receive, from a computing device of a user, an indication that the user has accessed a resource allocation portfolio of a customer; determine a geographic information of the user; retrieve a geographic information of the customer; determine that the geographic information of the user does not match the geographic information of the customer; determine an exposure level associated with the user access of the resource allocation portfolio of the customer; determine that the exposure level is greater than a predetermined threshold; and automatically trigger a transmission of a notification to a computing device of an administrator indicating that the exposure level associated with the user access of the resource allocation portfolio of the customer is greater than the predetermined threshold.

公开(公告)号：US20220286476A1

公开(公告)日：2022-09-08

申请号：US17191377

申请日：2021-03-03

Applicant: BANK OF AMERICA CORPORATION

Inventor： Michael Joseph Carroll ,  Jeffrey Brian Bashore ,  Joel Filliben ,  Andrew DongHo Kim ,  Akhilendra Reddy Kotha ,  Pavan Kumar Reddy Kotlo ,  Ronnie Joe Morris, JR. ,  Dharmender Kumar Satija ,  Michael Shih ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel network security with tiered adaptive mitigation operations. In this regard, the invention is structured for dynamic detection of security events associated with network devices and resources, and triggering real-time mitigation operations across a plurality of resource channels. The invention provides a novel method for employing activity data to construct and implement mitigation actions for de-escalating authorization tiers that are adapted to the specific attributes of the activity data, in order to prevent security exposure associated with the activity. Another aspect of the invention is directed to determining whether to continue the tiered adaptive mitigation actions and/or trigger a security proceed signal.

公开(公告)号：US20220272093A1

公开(公告)日：2022-08-25

申请号：US17181608

申请日：2021-02-22

Applicant: BANK OF AMERICA CORPORATION

Inventor： Scott Anderson Sims ,  Jeffrey Brian Bashore ,  Jeffrey David Finocchiaro ,  Craig Douglas Widmann

IPC: H04L29/06 ,  G06K9/62 ,  G06N20/00

Abstract: Systems, computer program products, and methods are described herein for detection and classification of intrusion using machine learning techniques. The present invention is configured to electronically receive, from a computing device of a user, an indication that the user has initiated a first resource interaction; retrieve information associated with the first resource interaction, wherein the information comprises at least one or more parameters associated with the first resource interaction; initiate a machine learning model on the one or more parameters associated with the first resource interaction; and classify, using the machine learning model, the first resource interaction into one or more classes, wherein the one or more classes comprises one or more access types.

公开(公告)号：US11297053B2

公开(公告)日：2022-04-05

申请号：US16915492

申请日：2020-06-29

Applicant: BANK OF AMERICA CORPORATION

Inventor： Dharmender Kumar Satija ,  Eren Kursun ,  Andrew DongHo Kim ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06 ,  H04L45/30 ,  H04L45/00

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

公开(公告)号：US20200329030A1

公开(公告)日：2020-10-15

申请号：US16915496

申请日：2020-06-29

Applicant: BANK OF AMERICA CORPORATION

Inventor： Dharmender Kumar Satija ,  Eren Kursun ,  Andrew DongHo Kim ,  Scott Anderson Sims ,  Craig D. Widmann

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/707

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

公开(公告)号：US10721246B2

公开(公告)日：2020-07-21

申请号：US15798155

申请日：2017-10-30

Applicant: BANK OF AMERICA CORPORATION

Inventor： Scott Anderson Sims ,  Kolt Arthur Bell ,  Michael Joseph Carroll ,  Andrew Dongho Kim ,  Elliot Piatetsky ,  Stephen M. Schneeweis ,  Michael E. Toth ,  Craig D. Widmann ,  Dharmender Kumar Satija ,  Sai Kishan Alapati ,  Hitesh J. Shah

IPC: H04L29/06

Abstract: Systems, computer program products, and methods are described herein for the creation of an exposure identification and distribution system for across silo channel integration. In this way, the system allows team integration of data across rails and silos for exposure identification. As such, the system generates a centralized repository for data and a communication linkage across the various systems used for identifying exposure and manipulated for linkage via a specific taxonomy overlay. Furthermore the system also includes logic that, when identification of a potential exposure indicate occurs, the system may communicate via distribution over the rails for integration and sharing for cross entity exposure identification.