Consumer Threat Intelligence Service
US-2019132337-A1 · May 2, 2019 · US
Early data breach detection
US12229306B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12229306-B2 |
| Application number | US-202217589654-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 31, 2022 |
| Priority date | Oct 11, 2017 |
| Publication date | Feb 18, 2025 |
| Grant date | Feb 18, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a user's one or more online accounts. An apparatus includes an action module configured to trigger a security action related to a user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that user credential data matches the user's credentials at the user's one or more online accounts.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus, comprising: a data module configured to receive user data from a darknet, the user data comprising user credential information that has been misappropriated, wherein the data module is further configured to emulate a buyer of misappropriated user credential information to receive the user data from the darknet; a match module configured to: interface with a data aggregation server that securely stores the user's credentials for one or more online accounts for the user; access the user's credentials from the data aggregation server; determine whether the user credential information from the darknet that has been misappropriated matches the user's credentials accessed from the data aggregation server; and determine whether the user has one or more different online accounts that use the same user credential information to login; and an action module configured to: trigger a security action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential information from the darknet that has been misappropriated matches the user's credentials accessed from the data aggregation server, the action module interfacing with the data aggregation server to trigger the security action, the data aggregation server communicatively coupled to a plurality of third-party service providers where the user's one or more online accounts are located to access the user's one or more online accounts using the user's credentials and perform the security action related to the user's one or more online accounts without input from the user; and trigger a second security action at third-party service providers associated with the user's one or more different online accounts. 2. The apparatus of claim 1 , wherein the security action comprises one or more of: logging in to the user's one or more online accounts and changing the user's credential information; initiating a reset of the user's credential information at third-party service providers for the user's one or more online accounts; communicating with the third-party service providers for the user's one or more online accounts using an out-of-band communication network; initiating use of two-factor authentication to securely login to the user's one or more online accounts; and locking the user's one or more online accounts. 3. The apparatus of claim 1 , wherein the action module is further configured to notify third-party service providers associated with the user's one or more online accounts that the user's credential information was misappropriated. 4. The apparatus of claim 1 , further comprising a breach module configured to detect a data breach at one or more third-party service providers associated with the user's one or more online accounts. 5. The apparatus of claim 4 , wherein the breach module detects a data breach by: determining that the user data received from the darknet comprises a plurality of user credential information for a plurality of different users from a third-party service provider; and determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider. 6. The apparatus of claim 4 , wherein the breach module is further configured to determine a type of the data breach based on metadata associated with the received user data. 7. The apparatus of claim 6 , wherein the metadata comprises information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach. 8. The apparatus of claim 1 , wherein the data module is further configured to constantly monitor the darknet for user credential information for the user at periodic intervals. 9. The apparatus of claim 1 , wherein the user's one or more online accounts comprise one or more of a financial account, a social media account, a photo-sharing account, a video-sharing account, an ecommerce account, and a work account. 10. A method, comprising: receiving user data from a darknet, the user data comprising user credential information that has been misappropriated, wherein the data module is further configured to emulate a buyer of misappropriated user credential information to receive the user data from the darknet; interfacing with a data aggregation server that securely stores the user's credentials for one or more online accounts for the user; accessing the user's credentials from the data aggregation server; determining whether the user credential information from the darknet that has been misappropriated matches the user's credentials accessed from the data aggregation server; determining whether the user has one or more different online accounts that use the same user credential information to login; triggering a security action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential information from the darknet that has been misappropriated matches the user's credentials accessed from the data aggregation server, the action module interfacing with the data aggregation server to trigger the security action, the data aggregation server communicatively coupled to a plurality of third-party service providers where the user's one or more online accounts are located to access the user's one or more online accounts using the user's credentials and perform the security action related to the user's one or more online accounts without input from the user; and triggering a second security action at third-party service providers associated with the user's one or more different online accounts. 11. The method of claim 10 , wherein the security action further comprises one or more of: logging in to the user's one or more online accounts and changing the user's credential information; initiating a reset of the user's credential information at third-party service providers for the user's one or more online accounts; communicating with the third-party service providers for the user's one or more online accounts using an out-of-band communication network; initiating use of two-factor authentication to securely login to the user's one or more online accounts; and locking the user's one or more online accounts. 12. The method of claim 10 , further comprising notifying third-party service providers associated with the user's one or more online accounts that the user's credential information was misappropriated. 13. The method of claim 10 , further comprising detecting a data breach at one or more third-party service providers associated with the user's one or more online accounts by: determining that the user data received from the darknet comprises a plurality of user credential information for a plurality of different users from a third-party service provider; and determining that the number of different users satisfies a breach threshold that indicates a data breach at the third-party service provider. 14. The method of claim 13 , further comprising determining a type of the data breach based on a metadata associated with the received user data, the metadata comprising information that indicates that the type of the data breach comprises one or more of a keylogging breach, a rootkit breach, and a botnet breach. 15. The method of claim 13 , further comprising emulating a buyer of misappropriated user credential information to receive the user data from the darknet. 16. The method of claim 10 , further
Assignees
Inventors
Classifications
applying multi-factor authentication · CPC title
Event detection, e.g. attack signature detection · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
by designing passwords or checking the strength of passwords · CPC title
involving event detection and direct action · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12229306B2 cover?
- Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a u…
- Who is the assignee on this patent?
- Mx Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 18 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).