US 12,074,880 B2
Secure authorization of access to user accounts by one or more authorization mechanisms
Jason Pate, San Francisco, CA (US); Paolo Bernasconi, San Francisco, CA (US); Jan Dudek, San Francisco, CA (US); Riley Avron, San Francisco, CA (US); Maxwell Johnson, San Francisco, CA (US); Sattvik Kansal, San Francisco, CA (US); William Hockey, San Francisco, CA (US); and Alexis Hidebrandt, Berlin (DE)
Assigned to Plaid Inc., San Francisco, CA (US)
Filed by Plaid Inc., San Francisco, CA (US)
Filed on Mar. 25, 2022, as Appl. No. 17/656,528.
Application 17/656,528 is a continuation of application No. 16/570,630, filed on Sep. 13, 2019, granted, now 11,316,862.
Claims priority of provisional application 62/731,778, filed on Sep. 14, 2018.
Prior Publication US 2022/0217147 A1, Jul. 7, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 9/455 (2018.01); G06F 21/44 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/102 (2013.01) [G06F 9/455 (2013.01); G06F 21/44 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A computer system comprising:
a computer readable storage medium having program instructions embodied therewith; and
one or more hardware processors configured to execute the program instructions to cause the computer system to:
provide permissions code to a computing device operated by a user, wherein the permissions code is configured to generate one or more user interfaces configured to receive, from the user, at least a first account identifier associated with a user account;
receive, from the computing device operated by the user, at least the first account identifier and account credentials associated with the user account;
access a second account identifier associated with the user account through at least an application programming interface (“API”) associated with an institution and using the account credentials;
in response to determining that the first account identifier and the second account identifier match, generate a token usable to authorize access to user account data associated with the user account or initiate transactions related to the user account,
wherein the permissions code is configured provide secure communications, to the computer system, of the first account identifier and the account credentials, and
wherein the first account identifier and the account credentials are not stored by the computing device operated by the user;
in response to determining that at least one of: the institution does not support a first fallback authorization mechanism, or the first fallback authorization mechanism failed:
initiate a second fallback authorization mechanism;
initiate one or more authorization transactions to the user account using the first account identifier and an institution identifier associated with the institution; and
verify the one or more authorization transactions; and
in response to verifying the one or more authorization transactions, generate a token usable to authorize access to the user account data associated with the user account or initiate transactions related to the user account.