System and method for preventing identity theft or misuse by restricting access

US 10,380,374 B2
Filed: 09/29/2014
Issued: 08/13/2019
Est. Priority Date: 04/20/2001
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of preventing wrongful use of information stored in a computer system of an enterprise, the method comprising:

providing a computer system including a database comprising data files, wherein the data files contains restricting criteria comprising one or more of customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts, wherein multiple users are authorized by the enterprise to access the system;

selecting a key word string, by at least one or more computer processors, comprising an alphanumeric string including at least a portion of numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts;

scanning, by the at least one or more computer processors, a plurality of files for instances of the key word string;

determining, by the at least one or more computer processors, for each of the plurality of files, a density of the selected key word string by dividing a number of occurrences of the key word string by a size of the respective one of file of the plurality of files;

calculating, by the at least one or more computer processors and based on the determined density, a check digit from the numeric data in the plurality of files that correspond to the key word string;

validating, by the at least one or more computer processors, the files by comparing the calculated check digit to the numeric data in the files that correspond to the key word string;

identifying, based on the results of the validation, special files by the at least one or more computer processors; and

restricting access to the identified special files by performing, by the at least one or more computer processors, at least one of the steps comprising;

(1) activating an alarm to indicate when unauthorized access to one or more of the special files is occurring or has occurred;

(2) password protecting one or more of the special files;

(3) controlling access to one or more of the identified special files based on one or more of user type, place of user access, user file authorization, and user privileges authorization;

(4) executing site specific commands wherein the site specific commands gather evidence of what actions an unauthorized user is undertaking or undertook without exposing one or more of the special files to the unauthorized user;

(5) granting at least one identifier to a file opening process for one or more of the special files and revoking the identifier when one or more of the special files are closed;

(6) preventing covert code from running in association with one or more of the special files by attaching at least one of a crypt checksum and a privilege mask to one or more of the special files; and

(7) encrypting one or more of the special files.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for network file filtering to prevent identity theft or misuse by restricting access to files likely to contain sensitive data is disclosed. The file filtering process includes scanning at least one data file for density of a selected pattern. Files identified as containing the selected pattern may be further analyzed to determine the likelihood of the presence of sensitive information. The process may also include restricting access to files that are identified as likely to contain sensitive information.

1330 Citations

18 Claims

1. A computer implemented method of preventing wrongful use of information stored in a computer system of an enterprise, the method comprising:
- providing a computer system including a database comprising data files, wherein the data files contains restricting criteria comprising one or more of customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts, wherein multiple users are authorized by the enterprise to access the system;
  
  selecting a key word string, by at least one or more computer processors, comprising an alphanumeric string including at least a portion of numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts;
  
  scanning, by the at least one or more computer processors, a plurality of files for instances of the key word string;
  
  determining, by the at least one or more computer processors, for each of the plurality of files, a density of the selected key word string by dividing a number of occurrences of the key word string by a size of the respective one of file of the plurality of files;
  
  calculating, by the at least one or more computer processors and based on the determined density, a check digit from the numeric data in the plurality of files that correspond to the key word string;
  
  validating, by the at least one or more computer processors, the files by comparing the calculated check digit to the numeric data in the files that correspond to the key word string;
  
  identifying, based on the results of the validation, special files by the at least one or more computer processors; and
  
  restricting access to the identified special files by performing, by the at least one or more computer processors, at least one of the steps comprising;
  
  (1) activating an alarm to indicate when unauthorized access to one or more of the special files is occurring or has occurred;
  
  (2) password protecting one or more of the special files;
  
  (3) controlling access to one or more of the identified special files based on one or more of user type, place of user access, user file authorization, and user privileges authorization;
  
  (4) executing site specific commands wherein the site specific commands gather evidence of what actions an unauthorized user is undertaking or undertook without exposing one or more of the special files to the unauthorized user;
  
  (5) granting at least one identifier to a file opening process for one or more of the special files and revoking the identifier when one or more of the special files are closed;
  
  (6) preventing covert code from running in association with one or more of the special files by attaching at least one of a crypt checksum and a privilege mask to one or more of the special files; and
  
  (7) encrypting one or more of the special files.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the validating further includes determining, by the at least one or more computer processors, whether a density of occurrence of the key word string in files that comprise the key word string is greater than a threshold density.
  - 3. The method of claim 1, further including protecting the special files by moving the identified special files to a secure location.
  - 4. The method of claim 1, wherein the key word string comprises a credit card number.
  - 5. The method of claim 1, wherein access to the special files is restricted only in the event a ratio of special files having a valid check digit to the identified files having no valid check digit exceeds a predetermined ratio.
  - 6. The method of claim 1, wherein access to the special files is restricted only in the event a percentage of special files having a valid check digit exceeds a percentage that would be found in a random collection of data.

7. A computer implemented method of preventing wrongful use of information stored in a computer system of an enterprise, the method comprising:
- providing a computer system including a database comprising data files, wherein the data files contain restricting criteria comprising one or more of customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts, wherein multiple users are authorized by the enterprise to access the system;
  
  selecting, by at least one or more computer processors a special pattern comprising;
  
  a key word string comprising an alphanumeric string including at least a portion of the numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts; and
  
  a second string structured for identifying one or more of customer names, addresses, zip codes, contact information, dates of birth, and social security numbers;
  
  scanning, by the at least one or more computer processors, a plurality of files for instances of the key word string;
  
  determining, by the at least one or more computer processors, for each of the plurality of files, a density of the selected key word string by dividing a number of occurrences of the key word string by a size of the respective one of file of the plurality of files;
  
  calculating, by the at least one or more computer processors and based on the determined density, a check digit from the numeric data in the plurality of files that correspond to the key word string;
  
  validating, by the at least one or more computer processors, the files by comparing the calculated check digit to the numeric data in the determined files that correspond to one or both of the first keyword string and the second string;
  
  identifying, based on the results of the validation, special files, by the at least one or more computer processors; and
  
  restricting access to the identified special files by performing, by the at least one or more computer processors, at least one of the steps comprising;
  
  (1) activating an alarm to indicate when unauthorized access to one or more of the special files is occurring or has occurred;
  
  (2) password protecting one or more of the special files;
  
  (3) controlling access to one or more of the identified special files based on one or more of user type, place of user access, user file authorization, and user privileges authorization;
  
  (4) executing site specific commands wherein the site specific commands gather evidence of what actions an unauthorized user is undertaking or undertook without exposing one or more of the special files to the unauthorized user;
  
  (5) granting at least one identifier to a file opening process for one or more of the special files and revoking the identifier when one or more of the special files are closed;
  
  (6) preventing covert code from running in association with one or more of the special files by attaching at least one of a crypt checksum and a privilege mask to one or more of the special files; and
  
  (7) encrypting one or more of the special files.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, further comprising determining a selected threshold density by averaging the density of the occurrence of the key word string for all the data files in the database.
  - 9. The method of claim 7, further comprising wherein access to the special files is restricted only in the event the ratio of special files having a valid check digit to the identified files having no valid check digit exceeds a predetermined ratio.
  - 10. The method of claim 7, wherein access to the special files is restricted only in the event the percentage of special files having a valid check digit exceeds the percentage that would be found in a random collection of data.

11. A computer system for confidential information wherein multiple users are authorized to access the system, the system comprising:
- a database comprising data files, wherein the data files contains restricting criteria comprising one or more of customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts;
  
  at least one computer processor; and
  
  a memory device storing computer executable instructions, when executed by the at least one computer processor, cause the at least one computer to perform the method comprising;
  
  selecting a key word string comprising an alphanumeric string including at least a portion of the numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts;
  
  scanning a plurality of files for instances of the occurrence of the key word string;
  
  determining for each of the plurality of files, a density of the selected key word string by dividing a number of occurrences of the key word string by a size of the respective one of file of the plurality of files;
  
  calculating, based on the determined density, a check digit from the numeric data in the plurality of files that correspond to the keyword string;
  
  validating the files by comparing the calculated check digit to the numeric data in the determined files that correspond to the keyword string; and
  
  identifying, based on the results of the validation, special files; and
  
  restricting access to the identified special files by performing at least one of the steps comprising;
  
  (1) activating an alarm to indicate when unauthorized access to one or more of the special files is occurring or has occurred;
  
  (2) password protecting one or more of the special files;
  
  (3) controlling access to one or more of the identified special files based on one or more of user type, place of user access, user file authorization, user privileges authorization;
  
  (4) executing site specific commands wherein the site specific commands which gather evidence of what actions an unauthorized user is undertaking or undertook without exposing one or more of the special files to the unauthorized user;
  
  (5) granting at least one identifier to a file opening process for one or more of the special files and revoking the identifier when one or more of the special files are closed;
  
  (6) preventing covert code from running in association with one or more of the special files by attaching at least one of a crypt checksum and a privilege mask to one or more of the special files; and
  
  (7) encrypting one or more of the special files.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer system of claim 11, wherein the at least one computer processor for selecting a key word string and the at least one computer processor for restricting access to the identified special files are separate processors.
  - 13. The computer system of claim 11, wherein the at least one computer processor for selecting a key word string and the at least one computer processor for restricting access to the identified special files are the same processor.
  - 14. The computer system of claim 11, wherein the first keyword string comprises a credit card number.
  - 15. The computer system of claim 11, wherein encrypting the special files comprises public key encryption.
  - 16. The computer system of claim 11, wherein the at least one processor is further for determining the density of identified files in the database and for calculating the check digit for each identified file only in the event the number of identified files in the database exceeds a predetermined threshold density.
  - 17. The computer system of claim 11, wherein the at least one processor is further for restricting access to the identified special files only in the event a ratio of special files having a valid check digit to the identified files having no valid check digit exceeds a predetermined ratio.
  - 18. The computer system of claim 11, wherein the at least one processor is further for restricting access to the identified special files only in the event a percentage of special files having a valid check digit exceeds a percentage that would be found in a random collection of data, such percentage constituted by a predetermined value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Everhart, Glenn C.
Primary Examiner(s)
Kim, Steven S

Application Number

US14/499,781
Publication Number

US 20150052059A1
Time in Patent Office

1,779 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 2220/10   Usage protection of distrib...

G06Q 50/265   Personal security, identity...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04N 7/173   with two-way working, e.g. ...

System and method for preventing identity theft or misuse by restricting access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1330 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System and method for preventing identity theft or misuse by restricting access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1330 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others