Systems and methods for data access control and account management

US 10,567,375 B1
Filed: 10/02/2018
Issued: 02/18/2020
Est. Priority Date: 10/02/2018
Status: Active Grant

First Claim

Patent Images

1. A data access control system, comprising:

a server containing a login database storing login credentials, the database including user login credentials for a user having an account; and

a processor, wherein, upon a determination that the user login credentials are potentially compromised, the processor is configured to apply a flag to the user login credentials, wherein the flag precludes the user from accessing the account,wherein, upon submission of user login credentials by a first client device, the server is configured to;

record one or more network identifiers of the first client device in a device identification database, anddirect the first client device to a deflection site, wherein the deflection site has no access to account data associated with the user; and

wherein, upon a submission of the user login credentials by a second client device, the server is configured to;

record one or more network identifiers of the second client device in the device identification database,determine if the one or more network identifiers of the second client device match the one or more network identifiers of the first client device, andupon determining that the one or more network identifiers of the second client device do not match the one or more network identifiers of the first client device, present an authentication procedure via the second client device;

upon successful completion of the authentication procedure, require the user to perform a protective action; and

remove the flag applied to the user login credentials upon completion of the authentication procedure and performance of a protective action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of systems and methods for data access control and account management are described. In an embodiment, a server can apply flags to user accounts identified as requiring the user to perform an action or, in the case of potentially compromised access credentials, to offer the user the opportunity to authenticate and create new credentials. A user account database and an access report database can store access credentials, flags, and other relevant information for use by the server to perform various administrative, authentication, and protective actions on user accounts.

Citations

20 Claims

1. A data access control system, comprising:
- a server containing a login database storing login credentials, the database including user login credentials for a user having an account; and
  
  a processor, wherein, upon a determination that the user login credentials are potentially compromised, the processor is configured to apply a flag to the user login credentials, wherein the flag precludes the user from accessing the account,wherein, upon submission of user login credentials by a first client device, the server is configured to;
  
  record one or more network identifiers of the first client device in a device identification database, anddirect the first client device to a deflection site, wherein the deflection site has no access to account data associated with the user; and
  
  wherein, upon a submission of the user login credentials by a second client device, the server is configured to;
  
  record one or more network identifiers of the second client device in the device identification database,determine if the one or more network identifiers of the second client device match the one or more network identifiers of the first client device, andupon determining that the one or more network identifiers of the second client device do not match the one or more network identifiers of the first client device, present an authentication procedure via the second client device;
  
  upon successful completion of the authentication procedure, require the user to perform a protective action; and
  
  remove the flag applied to the user login credentials upon completion of the authentication procedure and performance of a protective action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data access control system of claim 1, wherein the server communicates with one or more remote servers through an application programming interface (API), and wherein the API is configured to apply the flag to the user login credentials and remove the flag from the user login credentials.
  - 3. The data access control system of claim 1, wherein the protective action is at least one of changing a password, changing a user name, changing an access code, changing a swipe pattern, and changing a security question.
  - 4. The data access control system of claim 1, wherein the protective action is establishing a form of biometric authentication.
  - 5. The data access control system of claim 1, wherein the protective action is establishing two-factor authentication.
  - 6. The data access control system of claim 5, wherein establishing two-factor authentication requires associating with the account at least one selected from the group of a telephone number, an email address, and a client device, wherein the at least one selected from the group of a telephone number, an email address, and a client device was not previously associated with the account.
  - 7. The data access control system of claim 1, wherein the application of the flag to the user login credentials results in the transfer of the user login credentials from the login database to an access report database.
  - 8. The data access control system of claim 7, wherein the one or more network identifiers of the first client device recorded in the device identification database include at least one selected from the group of an internet protocol address, a media access control address, a hardware address, an internet packet exchange address, and a netmask.
  - 9. The data access control system of claim 7, wherein removal of the flag from the user login credentials results in the transfer of the user login credentials from the access report database to the login database.
  - 10. The data access control system of claim 7, wherein the access report database contains a first table and a second table,the first table contains fields for a category code, a category name, a category priority code, a category active status indicator, a user identifier, a time stamp, and a last update time stamp, andthe second table contains fields for a customer identifier, a category code, a user identifier, a time stamp, a last updating user identifier, and a last update time stamp.
  - 11. The data access control system of claim 1, wherein upon determining that the one or more network identifiers of the second client device match the one or more network identifiers of the first client device, the server is further configured to direct the next submission of user login credentials by the second client device to the deflection site.

12. A method of data access control upon determining a first client device has submitted potentially compromised login credentials for a user, the method comprising:
- applying a flag to all login credentials associated with the user in a login credentials database;
  
  recording an identifier associated with the first client device into an access report database;
  
  directing the first client device to a deflection site having no access to account data associated with the user;
  
  receiving a submission of login credentials from a second client device,recording an identifier associated with the second client device into the access report database,determining that the identifier associated with the second client device is different than the identifier associated with the first client device, andremoving the flag from all login credentials associated with the user upon completion of an authentication procedure via the second client device and performance of a protective action via the second client device.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of data access control of claim 12, further comprising, prior to the removal of the flag and upon receipt of login credentials from a third client device associated with the user, directing the third client device to the deflection site.
  - 14. The method of data access control of claim 12, further comprising, prior to the removal of the flag, presenting an authentication procedure to any client device that submits login credentials associated with the user.
  - 15. The method of data access control of claim 12, wherein the protective action includes establishing multi-factor authentication by associating at least one of a telephone number, an email address, and a third client device with the account.
  - 16. The method of data access control of claim 12, further comprising storing a copy of the potentially compromised login credentials in the access report database and associating the potentially compromised login credentials with the identifier associated with the first client device.
  - 17. The method of data access control of claim 12, further comprising sending a notification to at least one of a telephone number and an email address associated with the account.
  - 18. The method of data access control of claim 17, wherein the authentication procedure requires the submission of information relating to the notification by a second client device.

19. A data access control application programming interface (API), programmed to:
- receive login credentials from a first client device, wherein the login credentials are associated with a user having an account;
  
  receive a determination that the login credentials were potentially compromised;
  
  upon receipt of the determination that the login credentials were fraudulently submitted, the API is programmed to;
  
  record an identifier of the first client device and write the identifier of the first client device to an access report database;
  
  flag all login credentials associated with the user and copy the login credentials to the access report database; and
  
  direct the first client device to a deflection site having no access to account data associated with the user; and
  
  upon submission of login credentials associated with the user from a second client device, the API is programmed to;
  
  record an identifier of the second client device and write the identifier of the second client device to the access report database; and
  
  upon a determination that the identifier of the second client device does not match the identifier of the first client device;
  
  present an authentication procedure on the second client device;
  
  require the performance of a protective action on the second client device; and
  
  upon successful completion of the authentication procedure and successful performance of the protective action, remove the flag from all login credential associated with the user.
- View Dependent Claims (20)
- - 20. The data access control application programming interface of claim 19, wherein prior to the presentation of the authentication procedure, the API is further programmed to determine whether the second client device was previously associated with the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Mossler, Lara, Dilli, Baskar, Heng, Melissa, Manivannan, Aravindhan
Primary Examiner(s)
Powers, William S

Application Number

US16/150,202
Time in Patent Office

504 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1491   using deception as counterm...

Systems and methods for data access control and account management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for data access control and account management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links