US 12,229,758 B1
Server-to-device secure data exchange authorized session management
Anthony Burton, Charlotte, NC (US); Benjamin Soccorsy, Larkspur, CA (US); Jim Stahley, San Francisco, CA (US); and Valeria C. Jones, San Francisco, CA (US)
Assigned to Wells Fargo Bank, N.A., San Francisco, CA (US)
Filed by Wells Fargo Bank, N.A., San Francisco, CA (US)
Filed on Sep. 16, 2022, as Appl. No. 17/946,211.
Application 17/946,211 is a continuation of application No. 17/676,328, filed on Feb. 21, 2022.
Claims priority of provisional application 63/181,861, filed on Apr. 29, 2021.
Claims priority of provisional application 63/152,581, filed on Feb. 23, 2021.
Int. Cl. G06Q 20/38 (2012.01); G06F 21/00 (2013.01); G06F 21/44 (2013.01); G06Q 20/36 (2012.01)
CPC G06Q 20/38215 (2013.01) [G06F 21/00 (2013.01); G06F 21/44 (2013.01); G06Q 20/36 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a smart device via a first software application executing on the smart device, a request to enroll the smart device in a server-to-device secure data exchange ecosystem that allows unrelated applications executing on the smart device to transact with a computing system of a first service provider indirectly via the smart device;
receiving, by the smart device, a first selection of a financial account held by the first service provider, a second selection of a second software application of a second service provider distinct from the first service provider, and an account restriction applicable to the second software application;
generating, by the smart device, a device access token based on (i) a device identifier corresponding to the smart device, (ii) a financial account identifier corresponding to the financial account, and (iii) a user identifier corresponding to a user of the smart device, the device access token generated such that the account restriction for the second software application is encoded as part of the device access token;
receiving, by the smart device, a transaction request from the second software application executing on the smart device;
determining, by the smart device, that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token;
responsive to determining that the transaction request does not violate the account restriction, establishing, by the smart device, a secure authorized session between the smart device and the computing system of the first service provider;
transmitting, to the computing system, via the secure authorized session, the device access token and one of (i) the transaction request, or (ii) a modified transaction request, wherein the computing system of the first service provider determines that the transaction request does not violate the account restriction applicable to the second software application by parsing the account restriction for the second software application encoded as part of the device access token;
receiving, by the smart device from the computing system, via the secure authorized session, an electronic message responsive to the transaction request or to the modified transaction request; and
providing, by the smart device to the second software application, a response to the transaction request based on the electronic message.