Method and system for protecting user identification information

US 8,689,001 B1
Filed: 06/29/2007
Issued: 04/01/2014
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method for protecting identity information comprising:

determining, via at least one computer processor, identity information required by a resource utilized by a user amongst a plurality of resources utilized by the user, wherein the at least one computer processor is separate from the resource utilized by the user, wherein the plurality of resources comprise a plurality of websites, and wherein the identity information comprises at least one of a user name or a password;

determining a strength of the identity information used by the user to access the resource by tracking a plurality of resources accessed by the user and determining the strength as weak if the identity information is common between the plurality of resources accessed by the user or if the identity information is derived from a user'"'"'s personal information, wherein access is achieved via a provision of identity information by the user to the resource to be accessed; and

performing an action in view of the strength, wherein performing an action comprises one or more of preventing the user from providing the identity information to the resource utilized by the user, identifying a stored user preference, notifying the user, generating new identity information for the user, providing new identity information to the user, prompting the user to generate new identity information, performing a change of identity information at the resource utilized by the user, receiving an alert from a subscription service;

wherein determining the identity information is initiated by one or more of;

the user, according to a predetermined time schedule, in response to a subscription invoked message, and in response to an identity threat alert.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting identity information comprises determining identity information required by a resource utilized by a user, determining strength of the identity information used by the user to access the resource, and performing an action in view of the strength.

75 Citations

View as Search Results

20 Claims

1. A method for protecting identity information comprising:
- determining, via at least one computer processor, identity information required by a resource utilized by a user amongst a plurality of resources utilized by the user, wherein the at least one computer processor is separate from the resource utilized by the user, wherein the plurality of resources comprise a plurality of websites, and wherein the identity information comprises at least one of a user name or a password;
  
  determining a strength of the identity information used by the user to access the resource by tracking a plurality of resources accessed by the user and determining the strength as weak if the identity information is common between the plurality of resources accessed by the user or if the identity information is derived from a user'"'"'s personal information, wherein access is achieved via a provision of identity information by the user to the resource to be accessed; and
  
  performing an action in view of the strength, wherein performing an action comprises one or more of preventing the user from providing the identity information to the resource utilized by the user, identifying a stored user preference, notifying the user, generating new identity information for the user, providing new identity information to the user, prompting the user to generate new identity information, performing a change of identity information at the resource utilized by the user, receiving an alert from a subscription service;
  
  wherein determining the identity information is initiated by one or more of;
  
  the user, according to a predetermined time schedule, in response to a subscription invoked message, and in response to an identity threat alert.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the notification comprises an indicia of the strength of the identity information.
  - 3. The method of claim 1, wherein the action comprises:
    - accessing a password change page of the resource having a weak strength;
      
      selecting a new password; and
      
      changing a password to the new password using the password change page.
  - 4. The method of claim 1, wherein the resource is identified by a universal resource locator (URL).
  - 5. The method of claim 1, wherein the resource comprises a computer resource that requires authorization to utilize.
  - 6. The method of claim 1, wherein the new identity information provided to the user includes both alphabetical and numeric characters.
  - 7. The method of claim 1, wherein the new identity information provided to the user excludes user personal information.
  - 8. The method of claim 1, wherein a new encrypting algorithm is used to generate new identity information.
  - 9. The method of claim 1, further comprising testing the new identity information generated by the user for a strength of the new identity information.
  - 10. The method of claim 1, wherein the resource at which a change of identity information is performed is identified by a certificate from a trusted issuer.

11. A system for protecting identity information, the system comprising:
- an information determining entity including instructions for determining, via at least one computer hardware processor, identity information required by a resource utilized by a user amongst a plurality of resources utilized by the user, wherein the at least one computer hardware processor is separate from the resource utilized by the user, wherein the plurality of resources comprise a plurality of websites, and wherein the identity information comprises at least one of a user name or a password;
  
  a strength determining entity including instructions for determining the strength of the identity information used by the user to access the resource by tracking a plurality of resources accessed by the user and determining the strength as weak if the identity information is common between the plurality of resources accessed by the user or if the identity information is derived from a user'"'"'s personal information, wherein access is achieved via a provision of identity information by the user to the resource to be accessed; and
  
  an action performing entity including instructions for performing an action in view of the strength, wherein performing an action comprises one or more of preventing the user from providing the identity information to the resource utilized by the user, identifying a stored user preference, notifying the user, generating new identity information for the user, providing new identity information to the user, prompting the user to generate new identity information, performing a change of identity information at the resource utilized by the user, receiving an alert from a subscription service;
  
  wherein determining the identity information is initiated by one or more of;
  
  the user, according to a predetermined time schedule, in response to a subscription invoked message, and in response to an identity threat alert.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the notification comprises an indicia of the strength of the identity information.
  - 13. The system of claim 11, wherein the action performing entity is configured to perform the steps comprising:
    - accessing a password change page of the resource having weak strength;
      
      selecting a new password; and
      
      changing a password to the new password using the password change page.
  - 14. The system of claim 11, wherein the resource is identified by a universal resource locator (URL).
  - 15. The system of claim 11, wherein the resource comprises a resource that requires authorization to utilize.

16. A non-transitory computer-readable storage medium comprising:
- instructions executable by at least one computer processor to cause the at least one computer processor to;
  
  determine identity information required by a resource utilized by a user amongst a plurality of resources utilized by the user, wherein the at least one computer processor is separate from the resource utilized by the user, wherein the plurality of resources comprise a plurality of websites, and wherein the identity information comprises at least one of a user name or a password;
  
  determine a strength of the identity information used by the user to access the resource by tracking a plurality of resources accessed by the user and determining the strength as weak if the identity information is common between the plurality of resources accessed by the user or if the identity information is derived from a user'"'"'s personal information, wherein access is achieved via a provision of identity information by the user to the resource to be accessed; and
  
  perform an action in view of the strength, wherein performing an action comprises one or more of preventing the user from providing the identity information to the resource utilized by the user, identifying a stored user preference, notifying the user, generating new identity information for the user, providing new identity information to the user, prompting the user to generate new identity information, performing a change of identity information at the resource utilized by the user, receiving an alert from a subscription service;
  
  wherein determining the identity information is initiated by one or more of;
  
  the user, according to a predetermined time schedule, in response to a subscription invoked message, and in response to an identity threat alert.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable storage medium of claim 16, wherein the notification comprises an indicia of the strength of the identity information.
  - 18. The non-transitory computer readable storage medium of claim 16, wherein the action comprises:
    - accessing a password change page of the resource having a weak strength;
      
      selecting a new password; and
      
      changing a password to the new password using the password change page.
  - 19. The non-transitory computer readable storage medium of claim 16, wherein the resource is identified by a universal resource locator (URL).
  - 20. The non-transitory computer readable storage medium of claim 16, wherein the resource comprises a computer resource that requires authorization to utilize.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Hernacki, Brian
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/823,879
Time in Patent Office

2,468 Days
Field of Search

713/182, 713/183, 713/184
US Class Current

713/182
CPC Class Codes

G06F 21/46 by designing passwords or c...

H04L 63/0838 using one-time-passwords

Method and system for protecting user identification information

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting user identification information

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links