SYSTEM AND METHOD FOR SECURING PERSONAL DATA ELEMENTS

US 20170193249A1
Filed: 01/05/2016
Published: 07/06/2017
Est. Priority Date: 01/05/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of securing data elements, the method comprising:

obtaining a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;

associating the connection profile with a network connection;

receiving a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and

based on the rule, performing at least one of;

blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method may obtain a connection profile, the connection profile including at least one rule related to at least one PII data element; associate the connection profile with a network connection; receive a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and, based on the rule, perform at least one of: blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit. A system and method may associate the connection profile with a set of connection. A system and method may automatically modify a set of connection profiles based on an event.

25 Citations

View as Search Results

27 Claims

1. A computer-implemented method of securing data elements, the method comprising:
- obtaining a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;
  
  associating the connection profile with a network connection;
  
  receiving a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and
  
  based on the rule, performing at least one of;
  
  blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein a PII data element includes at least one of:
    - person-specific data, asset-specific data, personal data, contact info, customer demographics, financial info, purchase info, an opinion, a field of interest, a driving license, a social security number and an image.
  - 3. The method of claim 1, comprising associating the connection profile with a set of connections.
  - 4. The method of claim 1, comprising automatically modifying a set of connection profiles based on an event.
  - 5. The method of claim 1, comprising graphically presenting a map of flows of data elements.
  - 6. The method of claim 1, comprising associating a data element with a token and performing an action based on a token identified in the data unit.
  - 7. The method of claim 1, comprising modifying a data element in the data unit based on the connection profile.
  - 8. The method of claim 1, wherein a data element in the data unit includes un-structured data.
  - 9. The method of claim 1, comprising:
    - obtaining a user profile, the user profile including at least one rule related to at least one data element;
      
      associating the user profile with a set of network connections;
      
      receiving a data unit transmitted over one of the network connections, the data unit including a data element related to the user; and
      
      based on the rule, performing at least one of;
      
      blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
  - 10. The method of claim 1, comprising:
    - defining the at least one rule based on at least one of;
      
      a request related to the PII data element,a response related to the PII data element,a source of a request related to the PII data element,a method or system used for accessing the PII data element,a time when the PII data element was accessed,a frequency of accessing the PII data element,a user accessing the PII data element,an application accessing the PII data element,a storage system or location of the PII data element,a flow that includes accessing the PII data element, anda pattern related to accessing the PII data element.
  - 11. The method of claim 1, the method comprising:
    - storing metadata related to a transaction, from a protected system to an external system, of at least a portion a PII data element included in the protected system; and
      
      presenting to a user a flow of PII between the protected system and the external system.
  - 12. The method of claim 11, the method comprising:
    - presenting to a user PII obtained by the external system;
      
      receiving from a user indication of restricted PII; and
      
      preventing the restricted PII from being transferred to the external system.
  - 13. The method of claim 11, comprising:
    - storing metadata related to a transaction, from the external system to a second external system, of at least a portion the PII data element; and
      
      presenting to a user a flow of PII data across a plurality of external systems.

14. A system comprising:
- a memory; and
  
  a controller configured to;
  
  obtain a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;
  
  associate the connection profile with a network connection;
  
  receive a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and
  
  based on the rule, perform at least one of;
  
  blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, wherein a PII data element includes at least one of:
    - person-specific data, asset-specific data, personal data, contact info, customer demographics, financial info, purchase info, an opinion, a field of interest, a driving license, a social security number and an image.
  - 16. The system of claim 14, wherein the controller is configured to associate the connection profile with a set of connection.
  - 17. The system of claim 14, wherein the controller is configured to automatically modify a set of connection profiles based on an event.
  - 18. The system of claim 14, wherein the controller is configured to graphically present a map of flows of data elements.
  - 19. The system of claim 14, wherein the controller is configured to associate a data element with a token and perform an action based on a token identified in the data unit.
  - 20. The system of claim 14, wherein the controller is configured to modify a data element in the data unit based on the connection profile.
  - 21. The system of claim 14, wherein a data element in the data unit includes un-structured data.
  - 22. The system of claim 14, wherein the controller is configured to:
    - obtain a user profile, the user profile including at least one rule related to at least one data element;
      
      associate the user profile with a set of network connections;
      
      receive a data unit transmitted over one of the network connections, the data unit including a data element related to the user; and
      
      based on the rule, perform at least one of;
      
      blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
  - 23. The system of claim 14, wherein the controller is configured to:
    - define the at least one rule based on at least one of;
      
      a request related to the PII data element,a response related to the PII data element,a source of a request related to the PII data element,a method or system used for accessing the PII data element,a time when the PII data element was accessed,a frequency of accessing the PII data element,a user accessing the PII data element,an application accessing the PII data element,a storage system or location of the PII data element,a flow that includes accessing the PII data element, anda pattern related to accessing the PII data element.
  - 24. The system of claim 14, wherein the controller is configured to:
    - store metadata related to a transaction, from a protected system to an external system, of at least a portion a PII data element included in the protected system; and
      
      present to a user a flow of PII between the protected system and the external system.
  - 25. The system of claim 24, wherein the controller is configured to:
    - present to a user PII obtained by the external system;
      
      receive from a user indication of restricted PII; and
      
      prevent the restricted PII from being transferred to the external system.
  - 26. The system of claim 24, wherein the controller is configured to:
    - store metadata related to a transaction, from the external system to a second external system, of at least a portion the PII data element; and
      
      present to a user a flow of PII data across a plurality of external systems.

27. A method of managing sharing of personally identifiable information (PII) data elements, the method comprising:
- associating a connection profile with a network connection, the network connection enabling sharing of PII data elements between a protected system and an external system;
  
  intercepting transmission of a PII data element transmitted over the network connection; and
  
  based on data in the connection profile, performing at least one of;
  
  blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intersog
Original Assignee
Prifender Ltd.
Inventors
Luria, Nimrod

Granted Patent

US 9,852,309 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/04   for providing a confidentia...

H04W 12/02   Protecting privacy or anony...

SYSTEM AND METHOD FOR SECURING PERSONAL DATA ELEMENTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURING PERSONAL DATA ELEMENTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links