Method/system for preventing identity theft or misuse by restricting access
First Claim
Patent Images
1. A method of preventing identity theft and other wrongful use of information stored in a computer system of an enterprise engaged in recording financial and other confidential information, said method comprising the steps of:
- (a) providing said computer system including a database having non-image files, said non-image files comprising non-sensitive and sensitive data files, wherein the sensitive data files include sensitive information including customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts, and wherein there are multiple users authorized by the enterprise to access the system;
(b) selecting a special pattern to identify sensitive data files based upon at least one of;
(i) a first keyword string, including an alphanumeric string structured for identifying at least a portion of the numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts;
(ii) a second string structured for identifying one or more of customer names, addresses, zip codes, contact information, dates of birth, and social security numbers;
(c) measuring the average density of said special patterns in said database in said computer system;
(d) multiplying the densities of the special patterns in the database file to produce a product density;
(e) identifying special files on said database having product densities greater than a selected threshold product density, the product densities being determined as a result of non-spectral scanning of said database;
(f) protecting the special files by moving them to a secure location hidden from all users other than specially authorized users;
(g) restricting access to prevent identity theft and other wrongful use of information stored in said special files when the density of the selected pattern in the data file is greater than or equal to the density threshold by at least one of;
(i) activating an alarm to indicate when unauthorized access to the special file is occurring or has occurred;
(ii) password protecting the data file;
(iii) controlling access based on one or more of user type, place of user access, user file authorization, and user privileges authorization;
(iv) executing site specific commands wherein the site specific commands gather evidence of what actions an unauthorized user is undertaking or undertook without exposing the data file to the unauthorized user;
(v) granting at least one identifier to a file opening process for the data file and revoking the identifier when the data file is closed;
(vi) preventing covert code from running in association with the data file by attaching at least one of a crypt checksum and a privilege mask to the data file.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for network file filtering. The file filtering process includes scanning at least one data file for density of a selected pattern. The process may also include restricting access to the file if the density of the selected pattern in the data file is greater than or equal to a threshold density.
214 Citations
5 Claims
-
1. A method of preventing identity theft and other wrongful use of information stored in a computer system of an enterprise engaged in recording financial and other confidential information, said method comprising the steps of:
-
(a) providing said computer system including a database having non-image files, said non-image files comprising non-sensitive and sensitive data files, wherein the sensitive data files include sensitive information including customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts, and wherein there are multiple users authorized by the enterprise to access the system; (b) selecting a special pattern to identify sensitive data files based upon at least one of; (i) a first keyword string, including an alphanumeric string structured for identifying at least a portion of the numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts; (ii) a second string structured for identifying one or more of customer names, addresses, zip codes, contact information, dates of birth, and social security numbers; (c) measuring the average density of said special patterns in said database in said computer system; (d) multiplying the densities of the special patterns in the database file to produce a product density; (e) identifying special files on said database having product densities greater than a selected threshold product density, the product densities being determined as a result of non-spectral scanning of said database; (f) protecting the special files by moving them to a secure location hidden from all users other than specially authorized users; (g) restricting access to prevent identity theft and other wrongful use of information stored in said special files when the density of the selected pattern in the data file is greater than or equal to the density threshold by at least one of; (i) activating an alarm to indicate when unauthorized access to the special file is occurring or has occurred; (ii) password protecting the data file; (iii) controlling access based on one or more of user type, place of user access, user file authorization, and user privileges authorization; (iv) executing site specific commands wherein the site specific commands gather evidence of what actions an unauthorized user is undertaking or undertook without exposing the data file to the unauthorized user; (v) granting at least one identifier to a file opening process for the data file and revoking the identifier when the data file is closed; (vi) preventing covert code from running in association with the data file by attaching at least one of a crypt checksum and a privilege mask to the data file.
-
-
2. A computer system for recording financial and other confidential information wherein multiple users are authorized to access the system, said system comprising:
-
(a) a database having non-image files, said non-image files including non-sensitive and sensitive data files, wherein the sensitive data files include sensitive information including customer names, addresses, zip codes, contact information, dates of birth, social security numbers, and financial account numbers of one or more of bank accounts, credit card accounts, and debit card accounts; (b) a first processor for selecting a special pattern to identify sensitive data files based upon at least one of; (i) a first keyword string, including an alphanumeric string structured for identifying at least a portion of the numeric data identifying a financial account comprising one or more of bank accounts, credit card accounts, and debit card accounts; (ii) a second string structured for identifying one or more of customer names, addresses, zip codes, contact information, dates of birth, and social security numbers; (c) the processor configured to measure the average density of said special patterns in said database; (d) the first processor configured to multiply the densities of the special patterns in the database to produce a product density; (e) the first processor configured to determine whether product densities are greater than or equal to a selected threshold product density, the product densities being determined as a result of non-spectral scanning of said database; (f) a second processor for protecting the special files by moving them to a secure location hidden from all users other than specially authorized users; (g) the second processor configured to restrict access to prevent identity theft and other wrongful use of information stored in said special sensitive data files when the density of the selected pattern in the data file is greater than or equal to the density threshold by one or more of the second processor; (i) activating an alarm to indicate when unauthorized access to the data file is occurring or has occurred; (ii) password protecting the data file; (iii) controlling access based on one or more of user type, place of user access, user file authorization, user privileges authorization; (iv) executing site specific commands wherein the site specific commands which gather evidence of what actions an unauthorized user is undertaking or undertook without exposing the data file to the unauthorized user; (v) granting at least one identifier to a file opening process for the data file and revoking the identifier when the data file is closed; (vi) preventing covert code from running in association with the data file by attaching at least one of a crypt checksum and a privilege mask to the data file. - View Dependent Claims (3, 4, 5)
-
Specification