Patent Issued for System for securing electronic personal user data (USPTO 11200339): United Services Automobile Association

2022 JAN 04 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Alexandria, Virginia, NewsRx journalists report that a patent by the inventors Hawes, Brian Christopher (San Antonio, TX, US), Jonak, Sumita T. (San Antonio, TX, US), Richard, Shane Elliot (San Antonio, TX, US), Szentes, Michael Jay (San Antonio, TX, US), filed on August 13, 2019, was published online on December 14, 2021.

The patent’s assignee for patent number 11200339 is United Services Automobile Association (San Antonio, Texas, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Many well-known password and user account management systems are known in the art of personal digital security. Designed to address the problem of “too many logins to remember”, these systems unusually store login and user account information so that a user need not remember such information themselves-or need to resort to low-tech solutions like a password written on a sticky note. Due to the ever increasing number of websites, apps, and other portals that require login information, some users may repeat usernames and passwords. Many websites also require personal identifying information to be submitted as part of the sign up process. As a result, critical digital personal information is subject to breach-either at the individual account level, or a data beach of an entire system as has frequently been reported in the news. Users may be subject to identity theft, or other unfortunate consequences, as a result of a data breach.

“Known user account management systems seek to alleviate these problems in several ways. For example, some such systems can automatically generate very strong passwords for each separate website or other login portal. This helps to avoid the situation where a user repeats the same password on two different websites. Other known user account management system may store personal information, such as name, address, telephone, and credit card number-so that these pieces of data are accurate recalled and inputted when creating a new user account on a website.

“Known password and user account management systems include software such as LastPass, RoboForm, KeePass, and similar features built into some web browsers such as Google Chrome, Firefox, and Opera.

“However, existing systems do not currently seek to minimize the personal information submitted to a third-party website or other login portal. Generally, they merely recall a set of accurate personal identifying information that a user has previously entered and then generate a unique password. However, data breaches may happen for a variety of reasons beyond merely failing to pick a strong password. These existing system therefore may allow personal identifying information to be unnecessarily disseminated.

“There is a need in the art for systems, devices, and methods that addresses the shortcomings of the prior art discussed above.”

As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “In one aspect, the disclosure provides a system for securing electronic user account data, comprising: at least one computing device, the computing device including a processor, and wherein the computing device is configured to perform the steps of: (1) prompting a user to input accurate personal identifying information; (2) receiving the accurate personal identifying information and generating a first personal information profile consisting of the accurate personal identifying information; (4) receiving placeholder information, the placeholder information being of the same data format as the accurate personal identifying information; (5) generating a second personal information profile including a mixture of the accurate personal identifying information and the placeholder information; (6) generating a third personal information profile, consisting of the placeholder information; (7) receiving an input regarding creation of a user account associated with a login portal; (8) prompting the user to select one of the first personal information profile, the second personal information profile, and the third personal information profile; (9) associating the selected personal information profile with the user account; (10) storing the user account, associated personal information profile, and the relation between the user account and the login portal, in an electronic database; and (11) recalling the user account and associated personal information profile from the electronic database upon a subsequent interaction with the login portal.

“In another aspect, the disclosure provides a method of operating a plug-in for a web browser, comprising the steps of: (1) receiving an input regarding creation of a user account, the user account being associated with a login portal, the login portal including one or more input fields requesting personal identifying information; (2) comparing the login portal with the database, the database including information regarding known login portals; (3) providing to the user a recommendation regarding each of the one or more input fields requesting personal identifying information, the recommendation including whether accurate personal identifying information or placeholder data should be associated with the user account for the login portal at that input field; the recommendation being based on information in the database of known login portals describing each of the one or more input fields associated with the login portal as either essential to the functioning of the login portal or nonessential to the functioning of the login portal; (5) receiving a request for placeholder data from the user with respect to at least one of the one or more input fields; (6) generating placeholder data for each input field for which the user initiates the request for placeholder data, the placeholder data being of the same format as the personal identifying information requested by the input field; and (6) sending the placeholder data to the login portal.

“In another aspect, this disclosure provides a mobile computing device configured to: (a) receive an input regarding creation of a user account, the user account being associated with a login portal, the login portal including one or more input fields requesting personal identifying information; (b) compare the login portal with a database of known login portals, the database including information classifying each of the one or more input fields as (1) essential input fields that require accurate personal identifying information in order for the login portal to function correctly, and (2) non-essential input fields that do not require accurate personal identifying information in order for the login portal to function correctly; © generate placeholder data for each of the one or more input fields that is classified as a non-essential input field; (d) send the placeholder data to the login portal as associated with each of the non-essential input fields; (e) allow the user to generate and submit accurate personal identifying information to the login portal for all essential input fields; (f) record the placeholder data and accurate personal identifying information as associated with the user account in an user account database.

“Finally, in another aspect, this disclosure provides a non-transitory computer readable storage medium including instructions which, when executed by one or more computing devices, carry out a method for operating an electronic user account management system; the method comprising: (1) prompting the user to enter a variety of accurate personal identifying information; (2) generating a variety of placeholder data, the placeholder data being of the same data format as the accurate personal identifying information; (3) receiving an input regarding creation of a user account associated with a login portal, the login portal including one or more input fields requesting personal identifying information; (4) comparing the login portal with a database of known logins, the database of known logins including information describing each of the one or more input fields associated with the login portal as either essential to the functioning of the login portal or nonessential to the functioning of the login portal; (5) prompting the user to select one or more types of personal identifying information for which the user is willing to send accurate personal identifying information to the login portal even when the associated input field is non-essential; (6) generating a personal information profile, the personal information profile including: (a) accurate personal identifying information for each of the one or more essential input fields, (b) accurate personal identifying information for at least one non-essential input field selected by the user; and © placeholder data for one or more non-essential input fields; and (7) associating the personal information profile with the user account.

“Other systems, methods, features, and advantages of the invention will be, or will become, apparent to one of ordinary skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description and this summary, be within the scope of the invention, and be protected by the following claims.”

The claims supplied by the inventors are:

“1. A system for securing electronic user account data, comprising: at least one computing device, the computing device including a processor, and wherein the computing device is configured to perform the steps of: prompting a user to input accurate personal identifying information; receiving the accurate personal identifying information and generating a first personal information profile consisting of the accurate personal identifying information; receiving placeholder information, the placeholder information being of the same data format as the accurate personal identifying information; generating a second personal information profile including a mixture of the accurate personal identifying information and the placeholder information; generating a third personal information profile, consisting of the placeholder information; receiving an input regarding creation of a user account associated with a login portal; prompting the user to select one of the first personal information profile, the second personal information profile, and the third personal information profile; associating the selected personal information profile with the user account; storing the user account, associated personal information profile, and the relation between the user account and the login portal, in an electronic database; and recalling the user account and associated personal information profile from the electronic database upon a subsequent interaction with the login portal.

“2. The system of claim 1, wherein the computing device is configured to receive placeholder information through at least one of generating the placeholder information, and prompting the user to input placeholder information.

“3. The system of claim 1, wherein the system is configured to, when generating the second personal information profile, include accurate personal identifying information only to the extent necessary to the functioning of the login portal, and include placeholder information otherwise.

“4. The system of claim 1, wherein the system is configured to, when generating the second personal information profile, include at least some accurate personal identifying information that is not essential to the functioning of the login portal, as determined by a user input in response to a prompt.

“5. The system of claim 1, wherein the system further comprises a database of known login portals in communication with the at least one computing device; the database of known login portals including information regarding what personal identifying information is requested by each known login portal, what requested personal identifying information is essential to the functioning of each known login portal, and what requested personal identifying information is nonessential to the functioning of each known login portal; and the system is further configured to compare the login portal to the database of known login portals, and generate the placeholder information corresponding to the requested personal identifying information that is nonessential to the functioning of the login portal.

“6. The system of claim 1, wherein the system further comprises a database of known login portals in communication with the at least one computing device; the system is configured to compare the login portal to the database of known login portals; and the computing device is configured to perform the further step of: providing to the user a personal information profile recommendation, the personal information profile recommendation including which of the first personal information profile, the second personal information profile, and the third personal information profile should be associated with the user account.

“7. The system of claim 1, wherein the computing device is configured to receive placeholder information through generating the placeholder information, and the placeholder data is a randomized string of characters having the same data format as the corresponding accurate personal identifying information.

“8. The system of claim 1, wherein the system further comprises a database of known login portals in communication with the at least one computing device; the database of known login portals including information regarding what personal identifying information is requested by each known login portal, what requested personal identifying information is essential to the functioning of each known login portal, and what requested personal identifying information is nonessential to the functioning of each known login portal; and the system is further configured to compare the login portal to the database of known login portals, and generate the second personal information profile based on the information in the database of known login portals.

“9. The system of claim 1, wherein the computing device is configured to perform the step of generating the second personal information profile by: accessing a database of known login portals in communication with the at least one computing device; receiving from the database of known login portals data regarding what requested personal identifying information is essential to the functioning of the login portal; and generating the second personal information profile such that the second personal information profile includes accurate personal identifying information in only one or more fields identified in the database of known login portal as being essential to the function of the login portal.

“10. The system of claim 1, wherein the computing device is configured to perform the step of generating the second personal information profile by: accessing a database of known login portals in communication with the at least one computing device; receiving from the database of known login portals data regarding what requested personal identifying information is nonessential to the functioning of the login portal; and generating the second personal information profile such that the second personal information profile includes placeholder information in all of one or more fields identified in the database of known login portal as being nonessential to the function of the login portal.”

For additional information on this patent, see: Hawes, Brian Christopher. System for securing electronic personal user data. U.S. Patent Number 11200339, filed August 13, 2019, and published online on December 14, 2021. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11200339.PN.&OS=PN/11200339RS=PN/11200339

(Our reports deliver fact-based news of research and discoveries from around the world.)