SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY

US 20110040983A1
Filed: 05/07/2010
Published: 02/17/2011
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method of minimizing the risk of theft or disclosure of personally identifiable or other sensitive information comprising the steps of:

identifying data from a data source that may contain sensitive information in a first stage of a search mechanism, said first stage broadly identifying as potentially sensitive any data from said data source that exhibits any attributes relating to sensitive information;

escalating said potentially sensitive data to at least a second more sensitive stage of said search mechanism, said second stage including the step of scoring said potentially sensitive data scale based on minimal information entropy;

evaluating for possible remediation any potentially sensitive data that includes a score beyond a predetermined threshold, said evaluating step utilizing a rule table to determine whether remediation is necessary; and

remediating potentially sensitive data in which remediation is determined to be necessary in said evaluating step.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of providing identity theft security is provided. The system and method utilizes a computer program that identifies, locates, secures, and/or removes from computers, computer systems and/or computer networks personally identifying and/or other sensitive information in different data formats. The computer program utilizes a multi-tiered escalation model of searching/identifying sensitive information. The computer program of the instant invention utilizes a self-learning process for fine-tuning a level of scrutiny for identifying potentially sensitive information.

124 Citations

31 Claims

1. A method of minimizing the risk of theft or disclosure of personally identifiable or other sensitive information comprising the steps of:
- identifying data from a data source that may contain sensitive information in a first stage of a search mechanism, said first stage broadly identifying as potentially sensitive any data from said data source that exhibits any attributes relating to sensitive information;
  
  escalating said potentially sensitive data to at least a second more sensitive stage of said search mechanism, said second stage including the step of scoring said potentially sensitive data scale based on minimal information entropy;
  
  evaluating for possible remediation any potentially sensitive data that includes a score beyond a predetermined threshold, said evaluating step utilizing a rule table to determine whether remediation is necessary; and
  
  remediating potentially sensitive data in which remediation is determined to be necessary in said evaluating step.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method as claimed in claim 1, wherein said remediating step includes the step of encrypting and storing an original copy of said potentially sensitive data in a secure data storage environment.
  - 3. The method as claimed in claim 2, wherein said remediating step further includes the steps of masking said potentially sensitive data and returning said masked data to said data source.
  - 4. The method as claimed in claim 2, wherein said remediating step further includes the steps of wiping said potentially sensitive data from said data source.
  - 5. The method as claimed in claim 1 wherein said evaluating step further includes the steps of:
    - placing said potentially sensitive data in a data log wherein the potentially sensitive information is separated from said data in said data source; and
      
      including contextual information for said potentially sensitive information in said data log, wherein said contextual information is separated from said data in said data source.
  - 6. The method as claimed in claim 5 wherein said contextual data includes data from said data source directly preceding and data directly following said potentially sensitive information.
  - 7. The method as claimed in claim 1 wherein said identifying step utilizes pattern matching via regular expressions to identify said potentially sensitive information in said first stage.
  - 8. The method as claimed in claim 7 wherein said step of escalating comprises the step of verifying whether said potentially sensitive information matches actual personally identifiable or sensitive information.
  - 9. The method as claimed in claim 8 wherein said identifying step identifies said potentially sensitive information as being in the appropriate format to be a credit card number, and wherein said step of escalating includes the steps of:
    - analyzing said potentially sensitive information through the use of a credit card company check digit or other validation mechanisms to confirm the potentially sensitive information meets specifications of a real credit card number; and
      
      querying a bank identification number database containing actual active credit card numbers.
  - 10. The method as claimed in claim 1 wherein said escalating step includes the step of classifying data exhibiting certain attributes as requiring remediation prior to performing said evaluating step.
  - 11. The method of claim 1, wherein said scoring step includes the step of:
    - using an information retrieval tool from the group consisting of Vector Space Models, Latent Semantic Analysis, Latent Dirichlet Allocation and Bayesian Networks to compare attributes of said data to attributes of similar concept data files.
  - 12. The method as claimed in claim 11 wherein said information retrieval tool is Vector Space Models.
  - 13. The method as claimed in claim 12 where said step of using Vector Space Models comprises the step of voting by said similar concept data files to determine a classification for said data file.
  - 14. The method as claimed in claim 13 wherein said concept data files include clean data file and target data file classifications.
  - 15. The method as claimed in claim 14 wherein said voting step further comprises the steps of:
    - determining the N closest concept data files to said data;
      
      calculating a value representative of how close each of said N closest concept data files is relative to said data;
      
      summing separately values calculated for clean data files and for target data files; and
      
      classifying said data as clean or target based upon the relative values of clean data files and target data files obtained in said summing step.
  - 16. The method as claimed in claim 11 wherein said concept data file attributes relate to personally identifiable information.
  - 17. The method as claimed in claim 11 wherein said concept data file attributes relate to custom information.
  - 18. The method as claimed in claim 1 wherein said identifying step identifies data that is located in a file, document or other data file stored on a data storage medium.
  - 19. The method as claimed in claim 1 wherein said identifying step identifies data during a transmission.
  - 20. The method as claimed in claim 1 wherein said identifying step identifies data prior to said data being stored on a data storage medium.
  - 21. The method as claimed in claim 12 said step of using Vector Space Models comprises the steps of:
    - obtaining a corpus of concept data files that have been identified as possibly containing sensitive information;
      
      creating a matrix of attributes for clean concept data files within said corpus; and
      
      creating a matrix of attributes for target concept data files within said corpus.

22. A system for minimizing the risk of theft or disclosure of personally identifiable or other sensitive information on a computer network comprising:
- a scanning engine located on a computer or work station on the network to identify personally identifiable or other sensitive information on said computer or work station;
  
  a user control console in communication with said scanning engine; and
  
  a report engine in communication with said control console;
  
  wherein said user control console provides a configuration profile to said scanning engine, monitors the scanning engine, receives a data log from said scanning engine, and provides remediation instructions to said scanning engine.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The system as claimed in claim 22 further comprising a remediation engine to take action with respect to said personally identifiable or other sensitive information pursuant to said remediation instructions.
  - 24. The system as claimed in claim 23 wherein the action taken by said remediation engine is selected from the group consisting of acquitting, researching, masking, achieving/masking, wiping, achieving/wiping, and restoring.
  - 25. The system as claimed in claim 22 wherein said scanning engine utilizes Vector Space Models to compare attributes of scanned data to attributes of similar concept data files stored in a configuration profile for said scanning engine.
  - 26. The system as claimed in claim 25 wherein said scanning engine receives said concept data files from said user control console via said configuration profile.
  - 27. The system as claimed in claim 22 wherein said data log is provided to said user control console in an encrypted format and is stored in a secure location.
  - 28. The system as claimed in claim 22 wherein a place marker is created in said log file for identifying certain sensitive information is not included in said data log provided to said user control console.
  - 29. The system as claimed in claim 22 wherein said user control console is located at a location on the network that is remote from said computer or work station.
  - 30. The system as claimed in claim 29 wherein said scanning engine comprises a plurality of scanning agents each located on a separate computer or work station on the network.
  - 31. The system as claimed in claim 22 wherein said user control console includes a validation mechanism in connection with a storage location for identifying actual sensitive information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Touchnet Info Sys Incorporated (Global Payments Incorporated)
Original Assignee
Touchnet Info Sys Incorporated (Global Payments Incorporated)
Inventors
Vermeire, Dean R., Toughey, Daniel J., Grzymala-Busse, Withold J.

Granted Patent

US 8,752,181 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G06F 2221/2143 Clearing memory, e.g. to pr...

SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links