Systems and methods of identity protection and management

US 9,106,691 B1
Filed: 09/16/2011
Issued: 08/11/2015
Est. Priority Date: 09/16/2011
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring and handling potential identity theft threats, the method being performed by a monitoring computer having one or more computer processors, the method comprising:

receiving a request, by the monitoring computer, from a user to monitor a third party account of the user with an online service provider, the request including personal information associated with the user and a plurality of user preferences, each user preference specifying one or more protective actions to be taken in response to detection, by the monitoring computer, of a change or attempted change to personal information associated with the account;

periodically monitoring the third party account of the user for indications of changes or attempted changes to personal information associated with the account;

detecting a change or attempted change to personal information associated with the account;

determining a risk level associated with the detected change or attempted change to personal information associated with the account;

identifying, from the user preferences, a user preference associated with the determined risk level;

transmitting, via a communication channel, a notification to the user, wherein the communication channel is specified by the user preference; and

initiating one or more protective actions included in the identified user preference.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a computing system, such as a monitoring computer, receives a request from a user to monitor an account of the user with an online service provider. The request may include personal information and user preferences for one or more protective actions. The system periodically monitors external data sources for indications of changes to personal information associated with the account, and detects changes or attempted changes to personal information associated with the account. The system may determine risk levels associated with detected changes or attempted changes, and transmit a notification to the user via a communication channel selected based on the determined risk level and/or the user preferences. The system may also initiate protective actions, so that further unauthorized access to the account may be prevented.

733 Citations

20 Claims

1. A method of monitoring and handling potential identity theft threats, the method being performed by a monitoring computer having one or more computer processors, the method comprising:
- receiving a request, by the monitoring computer, from a user to monitor a third party account of the user with an online service provider, the request including personal information associated with the user and a plurality of user preferences, each user preference specifying one or more protective actions to be taken in response to detection, by the monitoring computer, of a change or attempted change to personal information associated with the account;
  
  periodically monitoring the third party account of the user for indications of changes or attempted changes to personal information associated with the account;
  
  detecting a change or attempted change to personal information associated with the account;
  
  determining a risk level associated with the detected change or attempted change to personal information associated with the account;
  
  identifying, from the user preferences, a user preference associated with the determined risk level;
  
  transmitting, via a communication channel, a notification to the user, wherein the communication channel is specified by the user preference; and
  
  initiating one or more protective actions included in the identified user preference.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein periodically monitoring the third party account of the user for indications of changes to personal information comprises periodically connecting to the online service provider associated with the third party account of the user, providing the online service provider with login credentials associated with the user, and determining whether the online service provider accepts the provided login credentials.
  - 3. The method of claim 1, wherein periodically monitoring the third party account of the user for indications of changes to personal information comprises periodically retrieving electronic messages associated with the user and analyzing content of the retrieved messages to determine whether any of the messages indicates a change to personal information.
  - 4. The method of claim 1, wherein the risk level is determined at least in part based on whether a preauthorization for the change or attempted change to personal information was received.
  - 5. The method of claim 1, wherein the one or more protective actions are initiated subsequent to receiving user approval for initiating the one or more protective actions.
  - 6. The method of claim 1, wherein the one or more protective actions are initiated without requiring user approval for initiating the one or more protective actions.

7. A computing system configured to monitor and handle potential identity theft threats, comprising:
- a non-transitory computer-readable storage medium having stored thereon a plurality of executable software modules;
  
  one or more computer hardware processors configured to execute the plurality of software modules stored on the computer-readable storage medium;
  
  a network interface;
  
  a message monitoring module configured to access an electronic message received in an electronic mail account of a user and determine whether the electronic message indicates a change, a possible change, or an attempted change to personal information associated with an external account of the user;
  
  an event notification module configured to determine a risk level associated with the indicated change, possible change, or attempted change to personal information associated with the external account of the user and identify a user preference associated with the determined risk level in response to the message monitoring module determining that the electronic message indicates a change, a possible change, or an attempted change to personal information associated with the external account of the user, wherein the user preference specifies one or more user-customizable responsive actions to execute in response to determining that the electronic message indicates a change, a possible change, or an attempted change to personal information; and
  
  the event notification module further configured to execute at least one of the one or more user-customizable responsive actions based upon the user preference.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computing system of claim 7, wherein the message monitoring module is configured to retrieve the electronic message by automatically logging into one or more email accounts and gathering messages from the one or more email accounts.
  - 9. The computing system of claim 7, wherein the message monitoring module is configured to retrieve the electronic message by receiving messages sent to the computing system.
  - 10. The computing system of claim 7, wherein at least one of the user-customizable responsive actions is sending an electronic notification identifying the change or possible change to personal information.
  - 11. The computing system of claim 7, wherein the event notification module is configured to execute at least a portion of the user-customizable responsive actions only in response to receiving a user confirmation message.
  - 12. The computing system of claim 7, wherein the event notification module is further configured to determine whether the change, the possible change, or the attempted change to personal information was preauthorized, and further configured to execute different user-customizable responsive actions if the possible change to personal information was preauthorized.
  - 13. The computing system of claim 7, wherein the event notification module is configured to execute at least a portion of the user-customizable responsive actions without requiring user approval to execute the portion of the one or more user-customizable responsive actions.

14. Non-transitory physical computer storage comprising computer-executable instructions stored thereon that, when executed by a hardware processor, are configured to perform operations comprising:
- receiving a request from a user to monitor a third party account of the user with an online service provider, the request including personal information associated with the user and a plurality of user preferences, each user preference specifying one or more protective actions to be taken in response to detection of a change or attempted change to personal information associated with the account;
  
  periodically monitoring the third party account of the user for indications of changes or attempted changes to personal information associated with the account;
  
  detecting a change or attempted change to personal information associated with the account;
  
  determining a risk level associated with the detected change or attempted change to personal information associated with the account;
  
  identifying, from the user preferences, a user preference associated with the determined risk level;
  
  transmitting, via a communication channel, a notification to the user, wherein the communication channel is specified by the user preference; and
  
  initiating one or more protective actions included in the identified user preference.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory physical computer storage of claim 14, wherein periodically monitoring the third party account of the user for indications of changes to personal information comprises periodically connecting to the online service provider associated with the third party account of the user, providing the online service provider with login credentials associated with the user, and determining whether the online service provider accepts the provided login credentials.
  - 16. The non-transitory physical computer storage of claim 14, wherein periodically monitoring the third party account of the user for indications of changes to personal information comprises periodically retrieving electronic messages associated with the user and analyzing content of the retrieved messages to determine whether any of the messages indicates a change to personal information.
  - 17. The non-transitory physical computer storage of claim 16, wherein the electronic messages are retrieved by automatically logging into one or more email accounts and gathering messages from the one or more email accounts.
  - 18. The non-transitory physical computer storage of claim 14, wherein the risk level is determined at least in part based on whether a preauthorization for the change or attempted change to personal information was received.
  - 19. The non-transitory physical computer storage of claim 14, wherein the one or more protective actions are initiated subsequent to receiving user approval for initiating the one or more protective actions.
  - 20. The non-transitory physical computer storage of claim 14, wherein the one or more protective actions are initiated without requiring user approval for initiating the one or more protective actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Consumerinfo.com Incorporated (Experian plc)
Original Assignee
Consumerinfo.com Incorporated (Experian plc)
Inventors
Burger, Michael, Kapczynski, Mark Joseph
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Giddins, Nelson

Application Number

US13/234,637
Time in Patent Office

1,425 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/6245   Protecting personal data, e...

G06F 2221/032   Protect output to user by s...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 67/025   for remote control or remot...

H04L 67/306   User profiles

H04L 67/53   using third party service p...

H04L 67/535   Tracking the activity of th...

Systems and methods of identity protection and management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

733 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of identity protection and management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

733 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links