Search

US-12619758-B1 - Digital security and access control for credit information

US12619758B1US 12619758 B1US12619758 B1US 12619758B1US-12619758-B1

Abstract

Methods and systems described herein are directed to controlling access to and the distribution of credit information. A credit information access manager can maintain accounts for users and third party accessors wishing to access user credit information. The credit information access manager to generate an identifier to authorize a third party's access to a user's credit information, which can be associated with one or more deauthorization conditions. When the third party requests access to a user's credit information with the identifier, the credit information access manager can determine whether the identifier is valid or expired based on the one or more deauthorization conditions. The credit information access manager can automatically and dynamically revoke identifier to limit a user's exposure to identity theft and financial crimes.

Inventors

  • Janelle Denice Dziuk
  • Jon D. McEachron
  • Steven Michael Bernstein

Assignees

  • UIPCO, LLC

Dates

Publication Date
20260505
Application Date
20220628

Claims (19)

  1. 1 . A method for controlling access to credit information, the method comprising: receiving, from a first device associated with a first user, a first request to provide temporary access, to credit information associated with the first user, to a third party; generating an identifier associated with the first request, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party; providing, in response to the first request, the identifier to the first device, wherein, the first device, in response to the providing, displays a matrix barcode that encodes the identifier, and a second device, associated with the third party, scans the displayed matrix barcode to obtain the identifier; receiving, from the second device, a second request with the identifier, the second request comprising a request type and a role of the third party with respect to the credit information; in response to the second request retrieving, from one or more credit information systems, the credit information; selectin a predefined standardized structure by: analyzing the request type and the role of the third party with respect to the credit information; and resolvin a level of detail for the predefined standardized structure based on the analyzing; converting the retrieved credit information into a data structure comprising the predefined standardized structure, wherein the converting selectively populates the data structure based on the predefined standardized structure and the resolved level of detail by a) transforming one or more first data elements of the retrieved credit information, and b) omitting one or more second data elements of the retrieved credit information; transmitting the data structure to the second device associated with the third party; and after transmitting the data structure, automatically invalidating the identifier to deauthorize subsequent requests with the identifier from transmitting credit information associated with the first user to the third party.
  2. 2 . The method of claim 1 , wherein generating the identifier further comprises generating an expiration time for the identifier, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party before the expiration time, and wherein the retrieving the credit information as user is further in response to second request with the identifier having been received before the expiration time.
  3. 3 . The method of claim 2 , further comprising: determining that a current time is after the expiration time, wherein the automatically invalidating the identifier is based on the determination that the current time is after the expiration time.
  4. 4 . The method of claim 1 , wherein the identifier is configured to be deauthorized after a single use in a request for credit information, and wherein the automatically invalidating the identifier is in response to transmitting the data structure to the second device associated with the third party.
  5. 5 . The method of claim 1 , wherein the request type comprises a credit check type indicating a reason for the second request by the third party for credit information.
  6. 6 . The method of claim 1 , wherein the identifier is further associated with the third party, wherein the method further comprises: receiving, from the second device, credentials associated with the third party; and determining that the credentials and the identifier are both associated with the third party, wherein the data structure is transmitted to the second device after determining that the credentials and the identifier are both associated with the third party.
  7. 7 . The method of claim 1 , wherein a monetary value is associated with the first request and/or the second request, and wherein the level of detail defined for the predefined standardized structure is based on the request type, the role of the third party with respect to the credit information, and the monetary value.
  8. 8 . The method of claim 1 , wherein the transforming retains at least a portion of the one or more first data elements of the retrieved credit information.
  9. 9 . The method of claim 1 , wherein an application is configured to display user interface (UI) elements that correspond to the data elements selectively populated to the data structure.
  10. 10 . A computing system for controlling access to credit information, the computing system comprising: one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to perform a process comprising: receiving, from a first device associated with a first user, a first request to provide temporary access, to credit information associated with the first user, to a third party; generating an identifier associated with the first request, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party; providing, in response to the first request, the identifier to the first device, wherein, the first device, in response to the providing, displays a matrix barcode that encodes the identifier, and a second device, associated with the third party, scans the displayed matrix barcode to obtain the identifier; receiving, from the second device, a second request with the identifier, the second request comprising a request type and a role of the third party with respect to the credit information; in response to the second request retrieving, from one or more credit information systems, the credit information; selecting a predefined standardized structure by: analyzing the request type and the role of the third party with respect to the credit information; and resolving a level of detail for the predefined standardized structure based on the analyzing; converting the retrieved credit information into a data structure comprising the predefined standardized structure, wherein the converting selectively populates the data structure based on the predefined standardized structure and the resolved level of detail by a) transforming one or more first data elements of the retrieved credit information, and b) omitting one or more second data elements of the retrieved credit information; transmitting the data structure to the second device associated with the third party; and after transmitting the data structure, automatically invalidating the identifier to deauthorize subsequent requests with the identifier from transmitting credit information associated with the first user to the third party.
  11. 11 . The computing system of claim 10 , wherein generating the identifier further comprises generating an expiration time for the identifier, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party before the expiration time, and wherein the retrieving the credit information is further in response to second request with the identifier having been received before the expiration time.
  12. 12 . The computing system of claim 11 , wherein the process further comprises: determining that a current time is after the expiration time, wherein the automatically invalidating the identifier is based on the determination that the current time is after the expiration time.
  13. 13 . The computing system of claim 10 , wherein the identifier is further associated with the third party, wherein the process further comprises: receiving, from the second device, credentials associated with the third party; and determining that the credentials and the identifier are both associated with the third party, wherein the data structure is transmitted to the second device after determining that the credentials and the identifier are both associated with the third party.
  14. 14 . A computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to perform a process for controlling access to credit information, the process comprising: receiving, from a first device associated with a first user, a first request to provide temporary access, to credit information associated with the first user, to a third party; generating an identifier associated with the first request, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party; providing, in response to the first request, the identifier to the first device, wherein, the first device, in response to the providing, displays a matrix barcode that encodes the identifier, and a second device, associated with the third party, scans the displayed matrix barcode to obtain the identifier; receiving, from the second device, a second request with the identifier, the second request comprising a request type and a role of the third party with respect to the credit information; in response to the second request retrieving, from one or more credit information systems, the credit information; selecting a predefined standardized structure by: analyzing the request type and the role of the third party with respect to the credit information; and resolving a level of detail for the predefined standardized structure based on the analyzing; converting the retrieved credit information into a data structure comprising the predefined standardized structure, wherein the converting selectively populates the data structure based on the predefined standardized structure and the resolved level of detail by a) transforming one or more first data elements of the retrieved credit information, and b) omitting one or more second data elements of the retrieved credit information; transmitting the data structure to the second device associated with the third party; and after transmitting the data structure, automatically invalidating the identifier to deauthorize subsequent requests with the identifier from transmitting credit information associated with the first user to the third party.
  15. 15 . The computer-readable storage medium of claim 14 , wherein generating the identifier further comprises generating an expiration time for the identifier, wherein the identifier authorizes the transfer of at least a portion of the credit information to the third party before the expiration time, wherein the retrieving the credit information is further in response to second request with the identifier having been received before the expiration time.
  16. 16 . The computer-readable storage medium of claim 15 , wherein the process further comprises: determining that a current time is after the expiration time, wherein the automatically invalidating the identifier is based on the determination that the current time is after the expiration time.
  17. 17 . The computer-readable storage medium of claim 14 , wherein the identifier is configured to be deauthorized after a single use in a request for credit information, and wherein the automatically invalidating the identifier is in response to transmitting the data structure to the second device associated with the third party.
  18. 18 . The computer-readable storage medium of claim 14 , wherein the identifier is further associated with the third party, wherein the process further comprises: receiving, from the second device, credentials associated with the third party; and determining that the credentials and the identifier are both associated with the third party, wherein the data structure is transmitted to the second device after determining that the credentials and the identifier are both associated with the third party.
  19. 19 . The computer-readable storage medium of claim 14 , wherein the process further comprises: transmitting a notification to at least one of the first device and the second device indicating that the identifier has been automatically invalidated.

Description

TECHNICAL FIELD The present disclosure is directed to methods and systems for improving security, digital control, and access to credit information. BACKGROUND Individuals and organizations today face increasingly complex and expansive cybersecurity threats. A user's sensitive information is often stored by a variety of businesses and organizations, the cybersecurity practices of which users have little to no control. This reality has led to a rise in people with malicious intent that attempt to steal sensitive information by compromising a data custodian's computer systems, and/or by engaging in social engineering to deceive people into volunteering information that is later used to authenticate a third party's access to sensitive information by an unsuspecting data custodian. With respect to credit information, users have limited means for controlling access to data such as credit reports and credit scores from credit bureaus. However, these credit bureaus have historically been the target of cybersecurity attacks, which have resulted in some of the largest data breaches in modern history. In effect, individuals—who are the victims of these financial crimes—have previously been unable to control the access to and distribution of sensitive information such as credit data. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram illustrating an overview of devices on which some implementations can operate. FIG. 2 is a block diagram illustrating an overview of an environment in which some implementations can operate. FIG. 3 is a block diagram illustrating components which, in some implementations, can be used in a system employing the disclosed technology. FIG. 4 is a flow diagram illustrating a process used in some implementations for providing limited access to a user's credit information. FIG. 5 is a flow diagram illustrating a process used in some implementations for automatically deauthorizing a third party's access to a user's credit information. FIG. 6 is a conceptual diagram illustrating an example system for controlling the distribution of credit information to third party accessors. FIG. 7A is a sequence diagram of operations performed by devices for authorizing the transmission of credit information to a third party accessor. FIG. 7B is a sequence diagram of operations performed by devices for denying the transmission of credit information to a third party accessor. FIG. 8 is a sequence diagram of operations performed by devices for authorizing a third party delegate to grant a third party accessor access to credit information. FIG. 9A is a diagram illustrating an example user interface for managing access to a user's credit information. FIG. 9B is a diagram illustrating an example user interface for authorizing a third party accessor access to a user's credit information. FIG. 9C is a diagram illustrating an example user interface for a third party accessor to access a user's credit information. FIG. 9D is a diagram illustrating an example user interface for controlling access to credit information from credit information sources. The techniques introduced here may be better understood by referring to the following Detailed Description in conjunction with the accompanying drawings, in which like reference numerals indicate identical or functionally similar elements. DETAILED DESCRIPTION Aspects of the present disclosure are directed systems and methods for securing sensitive information by controlling access to and the distribution of the sensitive information using short-term third party authentication and automated third party deauthorization. For example, a trusted financial service provider may provide an access control and distribution system that connects with one or more credit information sources, such as credit bureau information systems. The system can authenticate users and third parties who wish to access credit information associated with those users (e.g., lenders, credit card companies, landlords, etc.). An authenticated user may grant to a third party limited access to their credit information, with the system restricting the contents of the credit information and/or the duration of the third party's access to the credit information. The third party's access to the user's credit information can be automatically revoked (e.g., after accessing the information, after a specified period of time has elapsed, and/or other condition(s) are met), such that the user's information is automatically secured. In this manner, the user's sensitive information is significantly less vulnerable to cybersecurity threats. Historically, credit bureaus have authenticated individuals to access their credit information by asking a series of questions that only the authenticating person should know the answers to. Before the era of personal computers and smartphones, these questions were often delivered by credit bureau representatives over the phone. Today, this means of authentication is frequently d