US 11,811,748 B2
Methods and systems for controlling access to a protected resource
Milos Dunjic, Oakville (CA); Anthony Haituyen Nguyen, Toronto (CA); Yubing Liu, Toronto (CA); Arthur Carroll Chow, Markham (CA); Casey Lyn Doyle, Ajax (CA); Richard John Frederick Thake, Cobourg (CA); Mengfei Wang, Toronto (CA); Aaron Ashish Hudali, Cambridge (CA); Gregory Albert Kliewer, Barrie (CA); Martin Albert Lozon, London (CA); Yusbel Garcia Diaz, Toronto (CA); Gareth Daly, Toronto (CA); Masashi Kobayashi, Toronto (CA); and Randall John Bast, Oakville (CA)
Assigned to The Toronto-Dominion Bank, Toronto (CA)
Filed by The Toronto-Dominion Bank, Toronto (CA)
Filed on Jul. 28, 2021, as Appl. No. 17/386,749.
Application 17/386,749 is a continuation of application No. 16/282,678, filed on Feb. 22, 2019, granted, now 11,108,762.
Application 16/282,678 is a continuation in part of application No. 16/038,640, filed on Jul. 18, 2018, granted, now 10,880,288, issued on Dec. 29, 2020.
Application 16/038,640 is a continuation in part of application No. 16/000,086, filed on Jun. 5, 2018, granted, now 10,834,096, issued on Nov. 10, 2020.
Prior Publication US 2021/0359989 A1, Nov. 18, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 63/0807 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0891 (2013.01); H04L 9/3213 (2013.01); H04L 9/3247 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A network device, comprising:
a communication interface connected to an external network;
a memory;
a processing unit coupled to the communication interface and the memory, the processing unit being configured to:
receive, via the communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including a public key associated with an end user;
validate the request to obtain the access token; and
in response to validating the request:
encrypt an authorization code associated with the request using the public key to generate a first code; and
transmit, via the communication interface to the client application on the first device, a second signal including both the access token for accessing the protected resource and the first code.