Identity theft and fraud protection system and method

US 9,582,802 B2
Filed: 04/07/2014
Issued: 02/28/2017
Est. Priority Date: 10/07/2005
Status: Active Grant

First Claim

Patent Images

1. A method for protecting against theft of personally identifiable information during online transactions comprising the steps of:

establishing, by an identity protection system using a computer, a user as a member of the identity protection system;

obtaining, by the identity protection system using a computer, personally identifiable information from the member in the form of storable computer data;

encrypting, by the identity protection system using a computer, the obtained personally identifiable information and storing the personally identifiable information as encrypted data;

fragmenting, by the identity protection system using a computer, the encrypted data;

storing portions of the fragmented encrypted data, by the identity protection system using a computer, independently at separate computer storage locations and preventing third party access to the fragmented encrypted data;

allowing by a computer the member to initiate an online transaction, using a computer device, on a third party website on a global computer network;

receiving, by the identity protection system using a computer, at the time of initiating the online transaction, a request from the member for personally identifiable information of the member for use in conducting the online transaction;

temporarily assembling the stored portions of the fragmented encrypted data and decrypting the encrypted data to obtain the personally identifiable information of the member for the limited time needed to complete the transaction and then subsequently repeating the steps of encrypting, fragmenting and storing portions of the fragmented encrypted data; and

generating, by the identity protection system using a computer, virtual personally identifiable information in response to the request when the member is initiating the transaction and providing the virtual personally identifiable information to the third party website, with the use of a computer, without revealing the member'"'"'s real personally identifiable information.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method protects users against theft of personally identifiable information during both online and offline purchase transactions, registration transactions and identity authentication transactions. The system initially obtains a user'"'"'s personally identifiable information as storable computer data, establishes an anonymous email address on behalf of the subscribing user, provides the anonymous email address to an email recipient when the subscribing user sends an email to the recipient, receives email communications from the recipient at the anonymous email address, stores the routing information from the email communications, scrubs the email communications for electronic viruses, forwards the email communications received from the recipient at the anonymous email address to the subscribing user, and forwards email communications to the recipient that are sent from the subscribing user to the anonymous email address by matching the stored routing information without ever revealing the subscribing user'"'"'s real email address to the recipient.

Citations

7 Claims

1. A method for protecting against theft of personally identifiable information during online transactions comprising the steps of:
- establishing, by an identity protection system using a computer, a user as a member of the identity protection system;
  
  obtaining, by the identity protection system using a computer, personally identifiable information from the member in the form of storable computer data;
  
  encrypting, by the identity protection system using a computer, the obtained personally identifiable information and storing the personally identifiable information as encrypted data;
  
  fragmenting, by the identity protection system using a computer, the encrypted data;
  
  storing portions of the fragmented encrypted data, by the identity protection system using a computer, independently at separate computer storage locations and preventing third party access to the fragmented encrypted data;
  
  allowing by a computer the member to initiate an online transaction, using a computer device, on a third party website on a global computer network;
  
  receiving, by the identity protection system using a computer, at the time of initiating the online transaction, a request from the member for personally identifiable information of the member for use in conducting the online transaction;
  
  temporarily assembling the stored portions of the fragmented encrypted data and decrypting the encrypted data to obtain the personally identifiable information of the member for the limited time needed to complete the transaction and then subsequently repeating the steps of encrypting, fragmenting and storing portions of the fragmented encrypted data; and
  
  generating, by the identity protection system using a computer, virtual personally identifiable information in response to the request when the member is initiating the transaction and providing the virtual personally identifiable information to the third party website, with the use of a computer, without revealing the member'"'"'s real personally identifiable information.
- View Dependent Claims (2, 3)
- - 2. The method as recited in claim 1 wherein the online transaction is a registration transaction.
  - 3. The method as recited in claim 1 further comprising the steps of:
    - receiving, by the identity protection system using a computer, a request from the third party web site to provide a trusted credential of the member attempting to access the third party website in order to confirm the true identity of the member for authenticated access to the third party website;
      
      comparing, by the identity protection system using a computer, the virtual personally identifiable information provided to the third party website with the member'"'"'s stored personally identifiable information that has been stored as a member of the identity protection system;
      
      providing, by the identity protection system using a computer, the requested trusted credential of the member to the third party website if the virtual personally identifiable information is successfully matched to the member'"'"'s stored personally identifiable information by the identity protection system; and
      
      denying, by the identity protection system using a computer, the attempted access to the third party website if the virtual personally identifiable information is not successfully matched to the member'"'"'s stored personally identifiable information by the identity protection system.

4. A method for protecting against theft of personally identifiable information, said method comprising the steps of:
- registering, by an identity protection system using a computer, an individual subscriber as a member of the identity protection system and obtaining personally identifiable information from the subscribing member as storable computer data;
  
  encrypting, by the identity protection system using a computer, the obtained personally identifiable information and storing the personally identifiable information as encrypted data;
  
  fragmenting, by the identity protection system using a computer, the encrypted data by a computer;
  
  storing, by the identity protection system, portions of the fragmented encrypted data, by at least one computer, independently at separate computer storage locations;
  
  preventing, by the identity protection system using a computer, third party access to the fragmented encrypted data;
  
  detecting, by the identity protection system using a computer, that the subscribing member is attempting to send an email to a recipient from the subscribing member'"'"'s real email address;
  
  automatically generating, by the identity protection system using a computer, an anonymous email address on behalf of the subscribing member in response to the subscribing member attempting to send an email to the recipient from the subscribing member'"'"'s real email address;
  
  allowing, by the identity protection system using a computer, the subscribing member to send the email communication to the recipient from the subscribing member'"'"'s real email address and directing the subscribing member'"'"'s email communication to the anonymous email address;
  
  forwarding, by the identity protection system using a computer, the subscribing member'"'"'s email communication to the recipient from the subscribing member'"'"'s anonymous email address without ever revealing the subscribing member'"'"'s real email address to the recipient;
  
  receiving, by the identity protection system using a computer, an email communication from the recipient at the anonymous email address;
  
  storing, by the identity protection system using a computer, the routing information from the received email communication;
  
  scrubbing, by the identity protection system using a computer, the received email communication for electronic viruses; and
  
  forwarding, by the identity protection system using a computer, the received email communication from the anonymous email address to the subscribing member'"'"'s real email address.
- View Dependent Claims (5, 6)
- - 5. The method as recited in claim 4 further comprising the step of:
    - alerting, by the identity protection system using a computer, the subscribing member when an email communication having unidentified routing information is received at the anonymous email address.
  - 6. The method as recited in claim 4 wherein the email recipient is a business entity.

7. A method for protecting against theft of personally identifiable information during online transactions comprising the steps of:
- establishing, by an identity protection system using a computer, a user as a member of the identity protection system;
  
  obtaining, by the identity protection system using a computer, personally identifiable information from the member in the form of storable computer data;
  
  encrypting, by the identity protection system using a computer, the obtained personally identifiable information and storing the personally identifiable information as encrypted data;
  
  fragmenting, by the identity protection system using a computer, the encrypted data;
  
  storing portions of the fragmented encrypted data, by the identity protection system using a computer, independently at separate computer storage locations and preventing third party access to the fragmented encrypted data;
  
  assigning codes to the stored portions of the fragmented encrypted data;
  
  allowing by a computer the member to initiate an online transaction, using a computer device, on a third party website on a global computer network;
  
  receiving, by the identity protection system using a computer, at the time of initiating the online transaction, a request from the member for virtual identity information for use in conducting the online transaction;
  
  matching the codes of the stored portions of the fragmented encrypted data for purposes of retrieving and assembling the stored portions of the fragmented encrypted data;
  
  temporarily assembling the stored portions of the fragmented encrypted data and decrypting the encrypted data to obtain the personally identifiable information of the member for the limited time needed to complete the transaction and then subsequently repeating the steps of encrypting, fragmenting and storing portions of the fragmented encrypted data; and
  
  generating, by the identity protection system using a computer, virtual identity information in response to the request when the member is initiating the transaction, matching the generated virtual identity information with the temporarily assembled stored portions of the fragmented encrypted data, and providing the generated virtual identity information to the third party web site, with the use of a computer, without revealing the member'"'"'s real personally identifiable information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aura Sub, LLC
Original Assignee
Kemesa Incorporated
Inventors
Bachenheimer, Steven I., Dowding, Keith, Skipworth, Chris
Primary Examiner(s)
Iwarere, Oluseye
Assistant Examiner(s)
CRAWLEY, TALIA F

Application Number

US14/246,402
Publication Number

US 20140304157A1
Time in Patent Office

1,058 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6263   during internet communicati...

G06Q 10/107   Computer-aided management o...

G06Q 20/02   involving a neutral party, ...

G06Q 20/385   using an alias or single-us...

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 63/145   the attack involving the pr...

H04L 63/18   using different networks or...

Identity theft and fraud protection system and method

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Identity theft and fraud protection system and method

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links