Systems and methods for data access control and account management
First Claim
Patent Images
1. A data access control system, comprising:
- a server containing a login database storing login credentials, the database including user login credentials for a user having an account; and
a processor, wherein, upon a determination that the user login credentials are potentially compromised, the processor is configured to apply a flag to the user login credentials, wherein the flag precludes the user from accessing the account,wherein, upon submission of user login credentials by a first client device, the server is configured to;
record one or more network identifiers of the first client device in a device identification database, anddirect the first client device to a deflection site, wherein the deflection site has no access to account data associated with the user; and
wherein, upon a submission of the user login credentials by a second client device, the server is configured to;
record one or more network identifiers of the second client device in the device identification database,determine if the one or more network identifiers of the second client device match the one or more network identifiers of the first client device, andupon determining that the one or more network identifiers of the second client device do not match the one or more network identifiers of the first client device, present an authentication procedure via the second client device;
upon successful completion of the authentication procedure, require the user to perform a protective action; and
remove the flag applied to the user login credentials upon completion of the authentication procedure and performance of a protective action.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of systems and methods for data access control and account management are described. In an embodiment, a server can apply flags to user accounts identified as requiring the user to perform an action or, in the case of potentially compromised access credentials, to offer the user the opportunity to authenticate and create new credentials. A user account database and an access report database can store access credentials, flags, and other relevant information for use by the server to perform various administrative, authentication, and protective actions on user accounts.
-
Citations
20 Claims
-
1. A data access control system, comprising:
-
a server containing a login database storing login credentials, the database including user login credentials for a user having an account; and a processor, wherein, upon a determination that the user login credentials are potentially compromised, the processor is configured to apply a flag to the user login credentials, wherein the flag precludes the user from accessing the account, wherein, upon submission of user login credentials by a first client device, the server is configured to; record one or more network identifiers of the first client device in a device identification database, and direct the first client device to a deflection site, wherein the deflection site has no access to account data associated with the user; and wherein, upon a submission of the user login credentials by a second client device, the server is configured to; record one or more network identifiers of the second client device in the device identification database, determine if the one or more network identifiers of the second client device match the one or more network identifiers of the first client device, and upon determining that the one or more network identifiers of the second client device do not match the one or more network identifiers of the first client device, present an authentication procedure via the second client device; upon successful completion of the authentication procedure, require the user to perform a protective action; and remove the flag applied to the user login credentials upon completion of the authentication procedure and performance of a protective action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of data access control upon determining a first client device has submitted potentially compromised login credentials for a user, the method comprising:
-
applying a flag to all login credentials associated with the user in a login credentials database; recording an identifier associated with the first client device into an access report database; directing the first client device to a deflection site having no access to account data associated with the user; receiving a submission of login credentials from a second client device, recording an identifier associated with the second client device into the access report database, determining that the identifier associated with the second client device is different than the identifier associated with the first client device, and removing the flag from all login credentials associated with the user upon completion of an authentication procedure via the second client device and performance of a protective action via the second client device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A data access control application programming interface (API), programmed to:
-
receive login credentials from a first client device, wherein the login credentials are associated with a user having an account; receive a determination that the login credentials were potentially compromised; upon receipt of the determination that the login credentials were fraudulently submitted, the API is programmed to; record an identifier of the first client device and write the identifier of the first client device to an access report database; flag all login credentials associated with the user and copy the login credentials to the access report database; and direct the first client device to a deflection site having no access to account data associated with the user; and upon submission of login credentials associated with the user from a second client device, the API is programmed to; record an identifier of the second client device and write the identifier of the second client device to the access report database; and upon a determination that the identifier of the second client device does not match the identifier of the first client device; present an authentication procedure on the second client device; require the performance of a protective action on the second client device; and upon successful completion of the authentication procedure and successful performance of the protective action, remove the flag from all login credential associated with the user. - View Dependent Claims (20)
-
Specification