Robotic process automation resource insulation system

US 10,659,482 B2
Filed: 10/25/2017
Issued: 05/19/2020
Est. Priority Date: 10/25/2017
Status: Active Grant

First Claim

Patent Images

1. A system for monitoring an unauthorized network intrusion, the system comprising:

a computing platform including a memory and at least one processor in communication with the first memory;

a first robotic process module stored in the memory, executable by the at least one processor and configured to generate a plurality of modified versions of a dataset, wherein each of the plurality of modified versions of the dataset are associated with a different level of severity of an attempt to access the dataset, wherein the different level of security are associated with a type of attempt to access the dataset and a type of unauthorized entity; and

a second robotic process module stored in the memory, executable by the at least one processor, wherein the second robotic module is in distributed network communication with the first robotic process module and configured to;

detect a computer network-based attempt by an unauthorized entity to access the dataset stored at a first storage location,determine a level of the severity of the attempt to access the dataset, wherein determining a level severity of the attempt to access the dataset includes determining a type of the attempt and a type of unauthorized entity,in response to detecting the computer network-based attempt to access the dataset and determining the level of severity of the attempt to access the dataset, create a tunnel connection that provides the unauthorized entity access to a shared storage location that stores one of the plurality of modified versions of the dataset corresponding to the determined level of severity of the attempt to access the dataset, wherein the shared storage location (i) has a same Internet Protocol (IP) address as the first storage location, and (ii) is accessible to one or more authorized third-party entities, wherein the authorized third-party entities access the shared storage to track and record the unauthorized entities accessing of the one of the plurality of modified versions of the dataset,wherein the unauthorized entity is prevented from accessing the dataset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for implementing robotic process automation (RPA) to enhance computer network security. Specifically, RPA is used to detect an unauthorized attempt to access a dataset and, in response, the unauthorized entity is provided access to a bot-generated modified dataset that includes modified data elements that are reasonable facsimiles of the actual data elements and do not expose confidential data. Once access to the modified data set is provided, RPA is implemented to track actions by the unauthorized entity accessing the modified data set and, once copied, RPA is implemented to track usage of the data by the unauthorized entity. Additionally, RPA may be implemented to mitigate damages caused by attempts or actual accessing of the actual datasets by performing actions that prevent further damages, such as deactivating/activating resource storage and authorizing previously configured resource events.

Citations

16 Claims

1. A system for monitoring an unauthorized network intrusion, the system comprising:
- a computing platform including a memory and at least one processor in communication with the first memory;
  
  a first robotic process module stored in the memory, executable by the at least one processor and configured to generate a plurality of modified versions of a dataset, wherein each of the plurality of modified versions of the dataset are associated with a different level of severity of an attempt to access the dataset, wherein the different level of security are associated with a type of attempt to access the dataset and a type of unauthorized entity; and
  
  a second robotic process module stored in the memory, executable by the at least one processor, wherein the second robotic module is in distributed network communication with the first robotic process module and configured to;
  
  detect a computer network-based attempt by an unauthorized entity to access the dataset stored at a first storage location,determine a level of the severity of the attempt to access the dataset, wherein determining a level severity of the attempt to access the dataset includes determining a type of the attempt and a type of unauthorized entity,in response to detecting the computer network-based attempt to access the dataset and determining the level of severity of the attempt to access the dataset, create a tunnel connection that provides the unauthorized entity access to a shared storage location that stores one of the plurality of modified versions of the dataset corresponding to the determined level of severity of the attempt to access the dataset, wherein the shared storage location (i) has a same Internet Protocol (IP) address as the first storage location, and (ii) is accessible to one or more authorized third-party entities, wherein the authorized third-party entities access the shared storage to track and record the unauthorized entities accessing of the one of the plurality of modified versions of the dataset,wherein the unauthorized entity is prevented from accessing the dataset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the second robotic process module is further configured to detect the computer network-based attempt to access the data by:
    - aggregating data from a plurality of nodes within the computer network; and
      
      determining a source of truth based on the aggregated data that indicates detection of the computer network-based attempt to access the data.
  - 3. The system of claim 1, wherein the second robotic process module is further configured to, in response to detecting the computer network-based attempt to access the dataset, check points of entry and nodes within the computer network for other attempts by the unauthorized entity to access one or more other datasets.
  - 4. The system of claim 1, wherein the second robotic process module is further configured to, in response to detecting the computer network-based attempt to access the dataset, determine a first point in time that the unauthorized entity penetrated the computer network.
  - 5. The system of claim 4, wherein the second robotic process module is further configured to recover actions performed on the computer network by the unauthorized entity from at least the first point in time that the unauthorized entity penetrated the computer network until a second point in time that the attempt to access the dataset occurred, wherein the actions include one or more computer network entry points, computer network hardware and software accessed and data accessed.
  - 6. The system of claim 5, further comprising a third robotic process module stored in the memory, executable by the processor, wherein the third robotic process module is in distributed computing network communication with the second robotic process module and configured to:
    - in response to determining an impact on the data accessed based on analyzing tracked actions, perform automated functions that mitigate the impact on the data accessed, wherein the automated functions include deactivating resource storage associated with the data accessed, activating a new resource storage and authorizing preconfigured resource events associated with the data accessed.
  - 7. The system of claim 1, further comprising a neural network module stored in the memory, executable by the at least one processor, configured to learn over time information related to unauthorized attempts to access datasets within the computing network, wherein the information is determined based on the authorized third-party entities monitoring of the unauthorized entities accessing of the one of the plurality of modified versions at the shared storage.
  - 8. The system of claim 1, wherein the first robotic process module is further configured to generate the plurality of modified versions of a dataset, wherein each of the modified versions of the dataset include at least one modified data elements, each modified data element corresponding to a data element in the dataset and comprising metadata that is similar to metadata of a corresponding data element in the data set.
  - 9. The system of claim 1, further comprising a third robotic process module stored in the memory, executable by the at least processor and configured to, in response to the unauthorized entity accessing the one of the plurality of modified versions of the dataset, track access actions performed by the unauthorized entity.
  - 10. The system of claim 9, wherein the third robotic process module is further configured to, in response to the unauthorized entity obtaining at least a portion of the one of the plurality of modified versions of the dataset, monitor use of at least a portion of the one of the plurality of modified versions of the dataset.
  - 11. The system of claim 10, wherein the third robotic process module is further configured to, in response to the unauthorized entity obtaining the at least a portion of the one of the plurality of modified versions of the dataset, aggregate data from a plurality of data sources and determine a source of truth based on the aggregated data, wherein the source of truth indicates use of at least a portion of the one of the plurality of modified versions by one or more of the plurality of data sources.
  - 12. The system of claim 1, wherein the first robotic process module is further configured to generate a plurality of modified versions of a dataset, wherein the plurality of modified versions of the dataset are unusable to the unauthorized entity.
  - 13. The system of claim 1, wherein the first robotic process module is further configured to generate a plurality of modified versions of a dataset, wherein each of the modified versions of the dataset includes logic that provides for, in response to the unauthorized user accessing or obtaining at least a portion of the one of the plurality of modified versions of the data set, at least one of (i) identifying the unauthorized entity, and (ii) identifying use of at least a portion of the one of the plurality of modified versions of the data set in a secondary system.
  - 14. The system of claim 1, wherein the first robotic module is configured to generate the plurality of modified versions of the dataset prior to the second robotic module detecting the computer network-based attempt by the unauthorized entity to access the dataset or in response to detecting the computer network-based attempt by the unauthorized entity to access the dataset.

15. A computer-implemented method for protecting against unauthorized access of a dataset, wherein the computer-implemented method comprising the following steps executed by at least one computer processing device:
- implementing a first robotic process automation to generate a plurality of modified versions of a dataset, wherein each of the plurality of modified versions of the dataset are associated with a different level of severity of an attempt to access the dataset, wherein the different level of security are associated with a type of attempt to access the dataset and a type of unauthorized entity; and
  
  implementing a second robotic process automation to;
  
  detect a computer network-based attempt by an unauthorized entity to access the dataset stored at a first storage location,determine a level of the severity of the attempt to access the dataset wherein determining a level severity of the attempt to access the dataset includes determining a type of the attempt and a type of unauthorized entity, andin response to detecting the computer network-based attempt to access the dataset and determining the level of severity of the attempt to access the dataset, create a tunnel connection that provides the unauthorized entity access to a shared storage location that stores one of the plurality of modified versions of the dataset corresponding to the determined level of severity of the attempt to access the dataset, wherein the shared storage location (i) has a same Internet Protocol (IP) address as the first storage location, and (ii) is accessible to one or more authorized third-party entities, wherein the authorized third-party entities access the shared storage to track and record the unauthorized entities accessing of the one of the plurality of modified versions of the dataset,wherein the unauthorized entity is prevented from accessing the dataset.

16. A computer program product including a non-transitory computer-readable medium, the computer-readable medium comprising:
- a first set of codes for causing a computer to implement a first robotic process automation to generate a plurality of modified versions of a dataset, wherein each of the plurality of modified versions of the dataset are associated with a different level of severity of an attempt to access the dataset, wherein the different level of security are associated with a type of attempt to access the dataset and a type of unauthorized entity;
  
  a second set of codes for causing a computer to implement a second robotic process automation to detect a computer network-based attempt by an unauthorized entity to access the dataset stored at a first storage location;
  
  a third set of codes for causing a computer to implement the second robotic process automation to determine a level of the severity of the attempt to access the dataset, wherein determining a level severity of the attempt to access the dataset includes determining a type of the attempt and a type of unauthorized entity; and
  
  a fourth set of codes for causing a computer to implement the second robotic process automation to, in response to detecting the computer network-based attempt to access the dataset and determining the level of severity of the attempt to access the dataset, create a tunnel connection that provides the unauthorized entity access to a shared storage location that stores one of the plurality of modified versions of the dataset corresponding to the determined level of severity of the attempt to access the dataset, wherein the shared storage location (i) has a same Internet Protocol (IP) address as the first storage location, and (ii) is accessible to one or more authorized third-party entities, wherein the authorized third-party entities access the shared storage to track and record the unauthorized entities accessing of the one of the plurality of modified versions of the dataset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Shannon, Stephen, Kurian, Manu Jacob, Ogrinz, Michael Emil, Kapur, Monika V.
Primary Examiner(s)
Schmidt, Kari L

Application Number

US15/793,708
Publication Number

US 20190124100A1
Time in Patent Office

937 Days
Field of Search
US Class Current
CPC Class Codes

B25J 11/00   Manipulators not otherwise ...

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06N 3/02   Neural networks

G06N 3/04   Architecture, e.g. intercon...

G06N 3/08   Learning methods

H04L 63/101   Access control lists [ACL]

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

Robotic process automation resource insulation system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Robotic process automation resource insulation system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links