System and method for securing personal data elements

US 9,852,309 B2
Filed: 01/05/2016
Issued: 12/26/2017
Est. Priority Date: 01/05/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of securing data elements, the method comprising:

by a computing device;

obtaining a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;

associating the connection profile with a network connection;

receiving a data unit transmitted over the network connection from an external system, the data unit including at least a portion of the PII data element;

based on the rule, performing at least one of;

blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit;

storing metadata related to a transaction, from a protected system to the external system, of at least a portion of a PII data element included in the protected system; and

presenting to a user a flow of PII between the protected system and the external system;

presenting to a user PII obtained by the external system;

receiving from a user indication of restricted PII;

preventing the restricted PII from being transferred to the external system;

storing metadata related to a transaction, from the external system to a second external system, of at least a portion of the PII data element; and

presenting to a user a flow of PII data across a plurality of external systems.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method may obtain a connection profile, the connection profile including at least one rule related to at least one PII data element; associate the connection profile with a network connection; receive a data unit transmitted over the network connection, the data unit including at least a portion of the PII data element; and, based on the rule, perform at least one of: blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit. A system and method may associate the connection profile with a set of connection. A system and method may automatically modify a set of connection profiles based on an event.

Citations

20 Claims

1. A computer-implemented method of securing data elements, the method comprising:
- by a computing device;
  
  obtaining a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;
  
  associating the connection profile with a network connection;
  
  receiving a data unit transmitted over the network connection from an external system, the data unit including at least a portion of the PII data element;
  
  based on the rule, performing at least one of;
  
  blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit;
  
  storing metadata related to a transaction, from a protected system to the external system, of at least a portion of a PII data element included in the protected system; and
  
  presenting to a user a flow of PII between the protected system and the external system;
  
  presenting to a user PII obtained by the external system;
  
  receiving from a user indication of restricted PII;
  
  preventing the restricted PII from being transferred to the external system;
  
  storing metadata related to a transaction, from the external system to a second external system, of at least a portion of the PII data element; and
  
  presenting to a user a flow of PII data across a plurality of external systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein a PII data element includes at least one of:
    - person-specific data, asset-specific data, personal data, contact info, customer demographics, financial info, purchase info, an opinion, a field of interest, a driving license, a social security number and an image.
  - 3. The method of claim 1, comprising associating the connection profile with a set of connections.
  - 4. The method of claim 1, comprising automatically modifying a set of connection profiles based on an event.
  - 5. The method of claim 1, comprising graphically presenting a map of flows of data elements.
  - 6. The method of claim 1, comprising associating a data element with a token and performing an action based on a token identified in the data unit.
  - 7. The method of claim 1, comprising modifying a data element in the data unit based on the connection profile.
  - 8. The method of claim 1, wherein a data element in the data unit includes un-structured data.
  - 9. The method of claim 1, comprising:
    - obtaining a user profile, the user profile including at least one rule related to at least one data element;
      
      associating the user profile with a set of network connections;
      
      the data unit including a data element related to the user profile; and
      
      based on the rule, related to at least one data element, performing at least one of;
      
      blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
  - 10. The method of claim 1, comprising:
    - defining the at least one rule based on at least one of;
      
      a request related to the PII data element,a response related to the PII data element,a source of a request related to the PII data element,a method or system used for accessing the PII data element,a time when the PII data element was accessed,a frequency of accessing the PII data element,a user accessing the PII data element,an application accessing the PII data element,a storage system or location of the PII data element,a flow that includes accessing the PII data element, anda pattern related to accessing the PII data element.

11. A system comprising:
- a computing device with;
  
  a memory; and
  
  a controller configured to;
  
  obtain a connection profile, the connection profile including at least one rule related to at least one personally identifiable information (PII) data element;
  
  associate the connection profile with a network connection;
  
  receive a data unit transmitted over the network connection from an external system, the data unit including at least a portion of the PII data element; and
  
  based on the rule, perform at least one of;
  
  blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit;
  
  store metadata related to a transaction, from a protected system to the external system, of at least a portion of a PII data element included in the protected system;
  
  present to a user a flow of PII between the protected system and the external system;
  
  present to a user PII obtained by the external system;
  
  receive from a user indication of restricted PII;
  
  prevent the restricted PII from being transferred to the external system;
  
  store metadata related to a transaction, from the external system to a second external system, of at least a portion of the PII data element; and
  
  present to a user a flow of PI I data across a plurality of external systems.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein a PII data element includes at least one of:
    - person-specific data, asset-specific data, personal data, contact info, customer demographics, financial info, purchase info, an opinion, a field of interest, a driving license, a social security number and an image.
  - 13. The system of claim 11, wherein the controller is configured to associate the connection profile with a set of connections.
  - 14. The system of claim 11, wherein the controller is configured to automatically modify a set of connection profiles based on an event.
  - 15. The system of claim 11, wherein the controller is configured to graphically present a map of flows of data elements.
  - 16. The system of claim 11, wherein the controller is configured to associate a data element with a token and perform an action based on a token identified in the data unit.
  - 17. The system of claim 11, wherein the controller is configured to modify a data element in the data unit based on the connection profile.
  - 18. The system of claim 11, wherein a data element in the data unit includes un-structured data.
  - 19. The system of claim 11, wherein the controller is configured to:
    - obtain a user profile, the user profile including at least one rule related to at least one data element;
      
      associate the user profile with a set of network connections;
      
      the data unit including a data element related to the user profile; and
      
      based on the rule related to at least one data element, perform at least one of;
      
      blocking transmission of the data unit, modifying the data unit, forwarding at least a portion of the data unit to a selected destination, storing the data unit, storing metadata related to the data unit, and reporting an event related to the data unit.
  - 20. The system of claim 11, wherein the controller is configured to:
    - define the at least one rule based on at least one of;
      
      a request related to the PII data element,a response related to the PII data element,a source of a request related to the PII data element,a method or system used for accessing the PII data element,a time when the PII data element was accessed,a frequency of accessing the PII data element,a user accessing the PII data element,an application accessing the PII data element,a storage system or location of the PII data element,a flow that includes accessing the PII data element, anda pattern related to accessing the PII data element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intersog
Original Assignee
Prifender Ltd.
Inventors
Luria, Nimrod
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US14/987,793
Publication Number

US 20170193249A1
Time in Patent Office

721 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/04   for providing a confidentia...

H04W 12/02   Protecting privacy or anony...

System and method for securing personal data elements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing personal data elements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links