Identification of potentially sensitive information in data strings

Abstract

Methods for identifying potentially sensitive information and protecting such potentially sensitive information include scanning systems that collect and/or disseminate such information. Without limitation, systems collect and/or disseminate personal identification numbers (e.g., personal identification numbers, tax identification numbers, etc.), such as merchant systems, bank systems, healthcare systems, and the like, that collect, use, or disseminate sensitive information may be scanned to identify sequences of data that are likely to be sensitive, and may take actions to protect such sequences of data. Scanning and protection systems are also disclosed.

Claims

1. A system for identifying potentially sensitive information, comprising: a scanning device that communicates with a memory device that stores data including potentially sensitive information comprising a unique identifier associated with a specific individual defining a sensitive data string, the scanning device programmed to: determine whether a number of sequential bytes corresponding to decimal numbers and/or dashes corresponds to a length of the sensitive data string; identify a string of sequential enumerated bytes that falls within the length of the sensitive data string as a suspected sensitive data string; and search for a combination of place names within a predetermined number of bytes preceding the suspected sensitive data string and a predetermined number of bytes following the suspected sensitive data string; identifying a plurality of potential place names within the predetermined number of bytes; and confirming that the plurality of potential place names corresponds to a library of acceptable place names, each place name of the plurality of potential place names including a consecutive string of alphabetical characters with optional spaces, dashes, commas, periods, and/or apostrophes.

2. The system of claim 1, wherein the scanning device is programmed to scan every n-th byte of at least a portion of the data.

3. The system of claim 2, wherein n is a possible length of the sensitive data string.

4. The system of claim 3, wherein the sensitive data string comprises a personal identification number.

5. The system of claim 4, wherein n is six, eight, nine, or eleven.

6. The system of claim 1, wherein the scanning device is further programmed to: sequentially evaluate and enumerate bytes preceding and following each suspected sensitive data string until a value of a preceding sequentially evaluated byte and a value of a following sequentially evaluated byte do not correspond to a letter of an alphabet.

7. The system of claim 6, wherein the scanning device is further programmed to: determine whether a number of sequential enumerated bytes corresponding to a letter of the alphabet preceding the suspected sensitive data string and/or following the suspected sensitive data string correspond to: a number of a sequence of letters of the alphabet expected to be a part of the potentially sensitive information; and an expected location of the sequence of letters of the alphabet relative to the suspected sensitive data string; and if the number of sequential enumerated bytes corresponding to a letter of the alphabet preceding the suspected sensitive data string and/or following the suspected sensitive data string correspond to the number of the sequence of letters and the expected location of the sequence of letters of the alphabet, including the number of sequential enumerated bytes corresponding to a letter of the alphabet in the suspected sensitive data string.

8. The system of claim 7, wherein the scanning device is further programmed to: determine whether values of sequential enumerated bytes corresponding to a letter of the alphabet preceding the suspected sensitive data string correspond to acceptable values for letters expected to be at a same location in the suspected sensitive data string; and if the values of sequential enumerated bytes corresponding to a letter of the alphabet preceding the suspected sensitive data string correspond to acceptable values for letters expected to be at a same location in the suspected sensitive data string, including the sequential enumerated bytes corresponding to a letter of the alphabet in the suspected sensitive data string.

9. The system of claim 1, wherein the scanning device is programmed to search for a combination of place names occurring completely within the predetermined number of bytes preceding the suspected sensitive data string or the predetermined number of bytes following the suspected sensitive data string.

10. The system of claim 9, wherein the scanning device is further programmed to: confirm that the place names of the combination of place names correspond to one another.

11. The system of claim 1, wherein the scanning device is programmed to: identify the sequential bytes corresponding to decimal numbers and/or dashes by: evaluating a plurality of intermittently spaced, evaluated bytes of the data; tagging each evaluated byte of the plurality of intermittently spaced, evaluated bytes that corresponds to a decimal number or a dash to provide a tagged byte; sequentially evaluating and enumerating bytes preceding and following each tagged byte until a value of a preceding sequentially evaluated byte and a value of a following sequentially evaluated byte do not correspond to decimal numbers or dashes.

12. A system for identifying potentially sensitive information, comprising: a scanning device that communicates with a memory device that stores data including potentially sensitive information comprising a unique identifier associated with a specific individual defining a sensitive data string, the scanning device programmed to: search for a suspected sensitive data string comprising a series of bytes that correspond to numbers and/or dashes; and upon identifying a suspected sensitive data string, search for a combination of place names within a predetermined number of bytes preceding the suspected sensitive data string and a predetermined number of bytes following the suspected sensitive data string, including identifying a plurality of potential place names within the predetermined number of bytes and confirming that each potential place name of the plurality of potential place names corresponds to an acceptable place name in a library of acceptable place names, each place name of the combination of place names including a consecutive string of alphabetical characters with optional spaces, dashes, commas, periods, and/or apostrophes.

13. The system of claim 12, wherein the scanning device is programmed to search for the combination of place names occurring completely within the predetermined number of bytes preceding the suspected sensitive data string or the predetermined number of bytes following the suspected sensitive data string.

14. The system of claim 13, wherein the scanning device is further programmed to: confirm that the place names of the combination of place names correspond to one another.

15. The system of claim 12, wherein the scanning device is programmed to identify the plurality of potential place names by: identifying a series of bytes, with each byte of the series of bytes corresponding to a letter of an alphabet.

16. The system of claim 15, wherein the scanning device is further programmed to identify the plurality of potential place names by: identifying a series of bytes in which each byte corresponds to a letter of the alphabet and a byte immediately following the series of bytes does not correspond to a number.

17. The system of claim 15, wherein the scanning device is further programmed to identify plurality of potential place names by: identifying a series of bytes in which each byte corresponds to a letter of the alphabet, a space, a dash, a period, or an apostrophe.

18. The system of claim 17, wherein the scanning device is further programmed to identify the plurality of potential place names by: confirming that a number of spaces and/or dashes in the series of bytes does exceed a maximum allowable number of spaces and/or dashes.

19. The system of claim 17, wherein the scanning device is further programmed to identify the plurality of potential place names by: confirming that a period in the series of bytes corresponds to a valid abbreviation; and/or confirming that an apostrophe in the series of bytes corresponds to a valid use for an apostrophe.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) In the drawings:

(2) FIG. 1 is a flowchart showing an embodiment of a process for identifying a potential personal identification number, such as a U.S. Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), a British National Insurance Number (NINO), a Canadian Social Insurance Number (SIN), or an Australian Tax File Number (TFN);

(3) FIG. 2 is a flowchart illustrating an embodiment of process for determining whether or not any potential place names appear in a string of data;

(4) FIG. 3 is a flowchart depicting an embodiment of process flow for determining whether or not any potential place names are associated with and correspond to a particular type of a potential personal identification number;

(5) FIG. 4 is a schematic representation of an embodiment of an evaluation system, which includes a collection system and a scanning device for evaluating the collection system; and

(6) FIG. 5 is a diagram that illustrates an embodiment of a network in which sensitive information, such as identification numbers, may be collected and disseminated, and in which searches for sensitive information may be conducted.

DETAILED DESCRIPTION

(7) Various embodiments of systems for evaluating data to determine whether or not the data includes potentially sensitive information are described herein. FIG. 4 schematically depicts an embodiment of such an evaluation system 10, in which an electronic device, referred to here is a “scanning device 20,” is configured to communicate with and scan data stored by a component of another electronic device that collects sensitive information, which is referred to herein as a “collection system 40.”

(8) The collection system 40 includes a memory device (e.g., a hard drive, etc.), or “memory 42” for the sake of simplicity, that stores data 44, which potentially includes sensitive information. In addition to memory 42, a collection system 40 of an evaluation system 10 of the present invention may include or be associated with a processing element 46, such as a microprocessor, a microcontroller, or the like.

(9) The scanning device 20 is programmed to determine whether the data 44 stored by the memory 42 of the collection system 40 includes any potentially sensitive information. Programming of the scanning device 20, which may be in the form of software or firmware, controls operation of a processing element 22 of the scanning device 20. Some embodiments of processing elements 22 that may be included in a scanning device 20 of an evaluation system 10 of the present invention include, without limitation, microprocessors, microcontrollers, and elements that may be configured to execute a particular program. In embodiments where a scanning device 20 of an evaluation system 10 of the present invention is configured for direct connection to a collection system 40, the scanning device 20 may be portable (e.g., a laptop computer; a hand-held computer, such as a so-called “smart phone,” etc.; a dedicated scanner; etc.). In embodiments where a scanning device 20 is configured to remotely scan one or more collection systems 40, the scanning device 20 may comprise a server, or a device (e.g., a dedicated scanning device, a smart phone, etc.) that may connect remotely to the collection system 40 (e.g., through a cellular telephone data connection, etc.).

(10) Communication between the memory 42 of the collection system 40 and a processing element 22 of the scanning device 20 may be established in any suitable manner known in the art. In embodiments where both the scanning device 20 and the collection system 40 comprise electronic devices, a communication link between the scanning device 20 and the collection system 40 may be direct or indirect. A direct connection may include a physical, or “wired,” coupling between the scanning device 20 and the collection system 40, or it may include a close proximity wireless connection (e.g., a Bluetooth connection, a wireless local area network (WLAN) (e.g., a WiFi network operating in accordance with an IEEE 802.11 standard, etc.). An indirect connection may be established more remotely (e.g., over the Internet, etc.). In some embodiments where an indirect connection is established between the scanning device 20 and the collection system 40, the scanning device 20 of an evaluation system 10 that incorporates teachings of the present invention may be located at a central location, and may be configured to selectively communicate with a plurality of different collection systems 40 at a plurality of different locations.

(11) An evaluation system 10 may be used in a variety of contexts or environments where sensitive information (e.g., account numbers, usernames and associated passwords, Social Security numbers or similar identifiers, etc.) is used. In a specific embodiment, the evaluation system 10 is configured to scan for and identify potential credit card numbers and debit card numbers, which are collectively referred to herein as “payment card numbers.” The scanning device 20 in such an embodiment may comprise a server under control of an approved scanning vendor (ASV), which is a party that has been authorized to access and evaluate the systems (i.e., the collection systems 40, such as card readers, associated computers, etc.) employed by one or more merchants to acquire information from a consumer's payment card.

(12) The relationships between the various parties that may be involved in the collection and/or dissemination of sensitive information are illustrated by the schematic representation of FIG. 5. More specifically, FIG. 5 depicts a network 100 that includes an issuer 120 of sensitive information, a recipient 130 to whom the sensitive information is issued or assigned, and a collector 140 of sensitive information.

(13) The issuer 120 may be a government entity, a healthcare institution (e.g., a hospital, etc.), a financial institution, or the like. As FIG. 5 schematically represents, there is a direct relationship between the issuer 120 and each of its recipients 130: the issuer 120 provides each of its recipients 130 with sensitive information in the form of an identification number 132. In so doing, the issuer 120 may determine whether or not each of its recipients 130 meets certain qualifications, such as citizenship or proper residency status, payment obligations, or other requirements for obtaining an identification number 132 (e.g., which may be printed on an identification card, as illustrated, etc.) or other sensitive information.

(14) The recipient 130 may be an individual, a business, or any other entity. Each recipient 130 should assume responsibility for its identification number 132, as well as the information associated with the identification number 132.

(15) Each collector 140 is a party that uses a recipient 130's identification number 132. A collector 140 may use a recipient 130's identification number 132 for any of a variety of reasons, including, without limitation, to gather information 134 (e.g., credit history, health history, criminal record, etc.) from any of a variety of outside sources about the recipient 130 that has been associated with that recipient 130's identification number 132, to determine whether or not the recipient 130 qualifies for certain services, or for any other suitable purpose.

(16) Each collector 140 within the network 100 (i.e., each collector 140 that accepts an identification number 132 or other sensitive information from a recipient 130) may be liable to the recipients 130 for the misappropriation of their identification number 132 or other sensitive information, including, but not limited to, sensitive information associated with the recipient 130's identification number 132.

(17) In order to ensure that the collector 140 within the network 100 are adequately protecting sensitive information (e.g., identification numbers 132, etc.), the network 100 may also include one or more approved scanning vendors 160 (ASVs). An ASV 160 is an entity that has been authorized and/or certified to evaluate the systems (e.g., collection systems 40) that are used within the network 100 to collect and transmit information 134, and to determine whether or not those systems comply with accepted standards and/or relevant regulations or laws. Each ASV 160 may be employed by a regulatory body or organization, an issuer 120, or one or more collectors 140.

(18) With returned reference to FIG. 4, an ASV 160 (FIG. 5) may use a scanning device 20 to verify whether or not a collector 140's (FIG. 5) collection systems 40 are compliant with accepted standards and/or relevant regulations or laws. Communication may be established between the processing element 22 of the scanning device 20 and various components of a collector 140's collection system 40, including, but not limited to, its memory 42. Communication between the processing element 22 and the collection system 40 may be direct or remote, and may be established by any suitable technique or protocol.

(19) In determining whether or not a collector 140's (FIG. 5) collection system 40 is compliant, the processing element 22 of the ASV 160's (FIG. 5) scanning device 20 operates under control of one or more programs (e.g., computer programs, etc.) to evaluate certain aspects of the collection system 40. Various embodiments of programs that control operation of the processing element 22, as well as the processes that are effected by such programs in accordance with teachings of this disclosure, are described hereinafter.

(20) In a specific embodiment, a process or program of this disclosure may cause the processing element 22 of a scanning device 20 to evaluate data 44 stored by one or more components (e.g., memory 42, etc.) of a collector 140's (FIG. 5) collection system 40 to determine whether the data 44 includes an identification number 132 (FIG. 5) or any information 134 (FIG. 5) that corresponds to an identification number 132. More specifically, a program of this disclosure may be capable of effecting a process in which data 44 is evaluated to determine whether it includes any data strings that are likely to comprise sensitive information such as identification numbers 132 or information 134 associated therewith.

(21) Searches for sensitive information may follow the process flow illustrated by the flowchart of FIG. 1. The search techniques disclosed by International Patent Application Publication WO/2011/150425, published on Dec. 1, 2011, and titled SYSTEMS AND METHODS FOR DETERMINING WHETHER DATA INCLUDES STRINGS THAT CORRESPOND TO SENSITIVE INFORMATION, the entire disclosure of which is hereby incorporated herein by reference, may be used to identify potentially sensitive information.

(22) Such a search for potentially sensitive information may be supplemented with searching for place names. More specifically, once potentially sensitive information, such as a potential, or suspected, personal identification number (e.g., a SSN, an ITIN, a NINO, a SIN, a TFN, etc.) has been identified, a search may be conducted to determine whether or not a string of data includes a place name within a predetermined number of bytes (e.g., 256 bytes, 128 bytes, etc.) of, or in proximity to, the potential personal identification number.

(23) Turning to FIG. 2, an embodiment of the process flow for a search for a place name may include a search for a consecutive string of letters, or alphabetical characters (e.g., English alphabet, optionally with old Gaelic characters; etc.). As indicated at reference 212, such a search may include identifying a series, or “run,” of characters of the same type (e.g., letters, numbers, spaces, etc.). At reference 214, a determination is made as to whether or not the series of characters is alphabetic. If the series of characters is not alphabetic, as indicated at reference 216, the process flows back to reference 212, where another series of characters in the string of data may be evaluated. If, instead, the series of characters is a group of alphabetic characters, process flows to reference 218.

(24) At reference 218, a type (e.g., letter, number, space, dash, apostrophe, etc.) of character of the byte immediately following the series (i.e., the “next” character) is identified. If the next character is numeric, as indicated at reference 220, the process flows back to reference 212, where another series of characters in the string of data may be evaluated. If the next character is not numeric, process flows to reference 222.

(25) At reference 222, a determination is made as to whether or not the next character is a space, a dash, a period, or an apostrophe. If the next character is a space or a dash, process flows to reference character 226. If the next character is a period or an apostrophe, process flows to reference 234. If the next character is not a space, a dash, a period, or an apostrophe, as indicated at reference 224, the process flows back to reference 212, where another series of characters in the string of data may be evaluated.

(26) At reference 226, a determination is made as to whether or not a total number of dashes and/or spaces in a series of groups of alphabetic characters exceeds a maximum allowable number of dashes and/or spaces in a place name. As an example, the maximum total number of dashes and/or spaces in a place name may be three (e.g., in the U.S., Canada, Australia, etc.) or four (e.g., in the United Kingdom, etc.). If the total number of dashes and/or spaces in a series of groups of alphabetic characters does not exceed the maximum allowable number of dashes and/or spaces, the process flows to reference 228, where the dash or space is considered to be a part of the series of alphabetic characters and the subsequent bytes are evaluated until a byte representing a non-alphabetic character is identified. From reference 228, the process may flow back to reference 222.

(27) If, at reference 226, a determination is made that the next character exceeds the maximum allowable number of dashes and/or spaces in a place name, process flows to reference 230, where the sequence of alphabetic characters (and/or dashes, spaces, periods, and/or apostrophes) is tagged as a possible place name.

(28) At reference character 234, a test is conducted to determine whether or not the character or characters represented by the series of bytes preceding the byte that corresponds to a period or apostrophe, along with the period or apostrophe, correspond to a valid abbreviation or name (e.g., St., Ste., No., N., W, S., E., O′, etc.). In some embodiments, the series of alphabetic characters and the next character may be compared with a library of acceptable combinations. If the period or apostrophe is determined, at reference character 234, to be part of the series of alphabetic characters, the subsequent bytes are evaluated until a byte representing a non-alphabetic character is identified. From reference 234, the process may flow back to reference 222. If, instead, the period or apostrophe is not considered to be part of the series of alphabetic characters at reference 234, then process flows to reference character 230, where the series of bytes is considered to represent a possible place name, and may be tagged as such.

(29) As noted at reference 240, when the search for place names extends a predetermined number of bytes (e.g., 256 bytes, 128 bytes, etc.), or a predetermined length, beyond the sequence of bytes that correspond to potentially sensitive information, the search for place names may be terminated.

(30) With reference turned to FIG. 3, the context of the search for place names (at reference 200), such as the embodiment depicted in FIG. 2, is provided, as is an embodiment of the process flow once a possible place name has been identified at reference 230. Once a possible place name has been identified at reference 230, process flows to reference 310, where a determination is made as to whether or not the length (i.e., number of characters) of the possible place name meets a minimum length for a place name. The minimum length for the place name may be locale-specific. For example, a possible place name must have a minimum length of two characters to qualify as the name of or an abbreviation for a country, a state, or a province. As another example, a possible place name must have a minimum length of three characters to qualify as the name of or an abbreviation for a county or shire or for a township, a city, a town, or a village. If the possible place name does not meet the minimum length requirement, process flows back to reference 200, from which another possible place name may be revealed. If, instead, the possible place name does meet the minimum length requirement, process flows to reference 312.

(31) At reference 312, a search for the possible place name in a dictionary, or library, of place names that correspond to the type of potentially sensitive information on which the place name search is based. At reference 314, a determination is made as to whether or not the possible place name matches a place name of the dictionary, or library. If the possible place name does not match a place name of the dictionary, or library, the process for a place name that corresponds to potentially sensitive information may be terminated, as indicated by reference 316. In some embodiments, with the lack of a corresponding place name, the potentially sensitive information may be considered not to comprise actual sensitive information. If the possible place name matches a place name of the dictionary, or library, then the process may flow to reference 318, where the search for a place name that corresponds to the potentially sensitive information may be terminated.

(32) Alternatively, a search for at least one additional place name (e.g., a second place name, a third place name, etc.) may be conducted. The search for an additional place name may occur in situations where the sensitive nature of the potentially sensitive information (e.g., a personal identification number, etc.) cannot be verified, such as by use of a checksum algorithm. The search for an additional place name may be conducted by the same process used to identify the first place name. If an additional place name is identified and determined to be a valid place name for the jurisdiction of interest, a further analysis may be conducted to confirm that the additional place name, which may be referred to as a “secondary” place name, corresponds to the first place name, which may be referred to as a “primary” place name. In embodiments where the place names must correspond to one another, one of the place names may be the name of a locale (e.g., city, town, village, etc.), while the other place name may be the name of a larger geographic area (e.g., county, shire, state, province, country, etc.). In embodiments where no association between multiple place names is required, the place names could be equivalent to one another (e.g., each a locale, each a larger geographic area, etc.).

(33) If a high enough level of confidence exists that potentially sensitive information is actually sensitive information, that information may be tagged. The tagging of such information may be used to notify a party responsible for the memory on which such information is stored of the suspected sensitive nature of such information. Alternatively, the tagging of such information may be used to automatically delete such information from the memory on which it was located.

(34) A search for a personal identification number that comprises a U.S. Social Security Number or a U.S. Individual Taxpayer Identification Number (ITIN) comprises searching for a string of data that corresponds to the format of a Social Security Number or Individual Taxpayer Identification Number; i.e., DDDDDDDDD or DDD-DD-DDDD, where D represents a numeric digit. Accordingly, such a search may include a nine (9) byte interval scan for a numeric digit (i.e., a number from 0 to 9).

(35) Each time a numeric digit is located during the interval scan, a sequential analysis may be made to determine whether or not the numeric digit is part of string of data that may correspond to a Social Security Number or an Individual Taxpayer Identification Number. More specifically, a sequential analysis may be conducted to determine whether or not the numeric digit is part of a sequence that includes nine (9) consecutive digits and/or whether or not the numeric digit is part of a sequence that includes three (3) consecutive digits, followed by a dash, followed by two (2) consecutive digits, followed by another dash, followed by four (4) consecutive digits.

(36) If the numeric digit is part of a sequence that meets the format requirements for a Social Security Number or an International Taxpayer Identification Number, the first three (3) digits may then be evaluated to determine whether or not they correspond to a valid Social Security Number or Individual Taxpayer Identification Number; “000” and “666” do not correspond to valid Social Security Numbers or Individual Taxpayer Identification Numbers.

(37) In some embodiments where a sequence meets the format requirements for a Social Security Number, a filter may be used to compare, or check, the sequence against allocation tables that were used to assign Social Security Numbers through Jun. 24, 2011. With such allocation tables, the first three digits of a Social Security Number were assigned based on a geographic area in which an individual who received the Social Security Number lived and, thus, could be cross-checked against any location information associated with the Social Security Number to determine whether or not the sequence under analysis could be a Social Security Number. Social Security Number allocation tables based the next two digits of a Social Security Number on a group with which the Social Security Number was assigned, or on a year in which the Social Security Number was assigned. Notably, since Jun. 25, 2015, Social Security Numbers have been randomly assigned.

(38) If the sequential analysis and any further examination reveals a sequence that may correspond to a Social Security Number or an Individual Taxpayer Identification Number, a delimiter search may be conducted to confirm that the suspected Social Security Number or Individual Taxpayer Identification Number is preceded and followed by known delimiters.

(39) Interval scanning, sequential analysis, and, optionally, delimiter searching that indicates that a particular series of bytes may comprise a Social Security Number or an Individual Taxpayer Identification Number may be followed by geographic location searching. The geographic location searching may include a search for two place names (e.g., a state name, a city name, etc.) that are located in sufficient proximity to one another in the string of data, that are located in sufficient proximity to the suspected Social Security Number or Individual Taxpayer Identification Number in the string of data, that correspond to each other, and that correspond to a place in the U.S.

(40) A British (United Kingdom) National Insurance Number has the format CCDDDDDDC, where the CC at the beginning is a two letter combination (in which the first letter cannot be D, F, I, Q, U or V, the second letter cannot be O, and the combinations BG, GB, NK, KN, TN, NT and ZZ cannot be used), each D represents a numeric digit between 0 and 9, and the C at the end represents an A, a B, a C or a D. An interval scan for such a number may include a search for a numeric digit (i.e., a number from 0 to 9) conducted at a six (6) byte interval.

(41) When a numeric digit is located during the interval scan, a sequential analysis may be conducted to determine whether or not the numeric digit is part of string of data that may correspond to a National Insurance Number. More specifically, a sequential analysis may be conducted to determine whether or not the numeric digit is part of a sequence that includes six (6) consecutive digits preceded by two alphabetical characters (i.e., A through Z) that correspond to a two letter code for a county or shire in the United Kingdom and followed by single alphabetical character that is an A, a B, a C, or a D.

(42) If the sequential analysis reveals a sequence that may correspond to a National Insurance Number, a delimiter search may be conducted to confirm that the suspected National Insurance Number is preceded and followed by known delimiters.

(43) Interval scanning, sequential analysis, and, optionally, delimiter searching that indicates that a particular series of bytes may comprise a National Insurance Number may be followed by geographic location searching. The geographic location searching may include a search for a place name (e.g., a county or shire name, a city name, etc.) located in sufficient proximity to the suspected National Insurance Number in the string of data and that correspond to a place in the U.K.

(44) In Australia, Tax File Numbers are used as personal identification numbers. A Tax File Number has the format DDD-DDD-DDD, which each D represents a numeric digit (i.e., a number from 0 to 9). Thus, a search for an Australian Tax File Number may begin with a nine (9) byte interval scan, in which every ninth (9.sup.th) byte of data of a string of data is scanned to determine whether or not it represents a numeric digit.

(45) If the interval scan reveals a byte that represents a numeric digit, a sequential analysis may be made to determine whether or not the numeric digit is part of string of data that may correspond to a Tax File Number. More specifically, a sequential analysis may be conducted to determine whether or not the numeric digit is part of a sequence that includes nine (9) consecutive digits and/or whether or not the numeric digit is part of a sequence that includes three (3) consecutive digits, followed by a dash, followed by three (3) consecutive digits, followed by another dash, followed by three (3) consecutive digits.

(46) If the sequential analysis and any further examination reveals a sequence that may correspond to a Tax File Number, a delimiter search may be conducted to confirm that the suspected Tax File Number is preceded and followed by known delimiters.

(47) Interval scanning, sequential analysis, and, optionally, delimiter searching that indicates that a particular series of bytes may comprise a Tax File Number may be followed by an authentication process, in which a checksum algorithm is used to verify whether or not the nine (9) consecutive digits may correspond to an actual Tax Number. An example of a checksum algorithm for suspected Tax Numbers follows. In the example, each digit of a suspected Tax Number is multiplied by a corresponding weighting number:

(48) TABLE-US-00001 1 2 3 4 5 6 7 8 2 (a potential TFN) 1 4 3 7 5 8 6 9 10 (the weighting numbers) 1 8 9 28 25 48 42 72 20.
The results are then added together. If that sum is divisible by 11, as it is in this example (i.e., 1+8+9+28+25+48+42+72+20=253; 253/11=23), then the sequence of digits may be a valid Tax File Number.

(49) Interval scanning, sequential analysis, optional delimiter searching, and optional checksum validation that indicates that a particular series of bytes may comprise a Tax File Number may be followed by geographic location searching. The geographic location searching may include a search for a place name (e.g., a state name, a city name, etc.) located in sufficient proximity to the suspected Tax Number in the string of data and that corresponds to a place in Australia.

(50) The personal identification numbers that are used in Canada—Social Insurance Numbers—have the format DDD-DDD-DDD, which each D represents a numeric digit (i.e., a number from 0 to 9). Thus, a search for a Canadian Social Insurance Number may begin with a nine (9) byte interval scan, in which every ninth (9.sup.th) byte of data of a string of data is scanned to determine whether or not it represents a numeric digit.

(51) If the interval scan reveals a byte that represents a numeric digit, a sequential analysis may be made to determine whether or not the numeric digit is part of string of data that may correspond to a Social Insurance Number. More specifically, a sequential analysis may be conducted to determine whether or not the numeric digit is part of a sequence that includes nine (9) consecutive digits and/or whether or not the numeric digit is part of a sequence that includes three (3) consecutive digits, followed by a dash, followed by three (3) consecutive digits, followed by another dash, followed by three (3) consecutive digits.

(52) If the sequential analysis and any further examination reveals a sequence that may correspond to a Social Insurance Number, a delimiter search may be conducted to confirm that the suspected Social Insurance Number is preceded and followed by known delimiters.

(53) Interval scanning, sequential analysis, and, optionally, delimiter searching that indicates that a particular series of bytes may comprise a Social Insurance Number may be followed by an authentication process, in which a checksum algorithm is used to verify whether or not the nine (9) consecutive digits may correspond to an actual Social Insurance Number. An example of a checksum algorithm for suspected Social Insurance Numbers follows. In the example, each digit of a suspected Social Insurance Number is multiplied by a corresponding weighting number:

(54) TABLE-US-00002 046 454 286 (a potential SIN) 121 212 121 (the weighting numbers) 086 858 276.

(55) If the result, or product, of a particular function is two digits, then the digits are added together. In this example, in the second-to-last digit, since 2×8=16, the 1 and the 6 are added together to provide a 7. The results are then added together. If that sum is divisible by 10, as it is in this example (i.e., 0+8+6+8+5+8+2+7+6=50), then the sequence of digits may be a valid Social Insurance Number.

(56) Interval scanning, sequential analysis, optional delimiter searching, and optional checksum validation that indicates that a particular series of bytes may comprise a Social Insurance Number may be followed by geographic location searching. The geographic location searching may include a search for a place name (e.g., a province name, a city name, etc.) located in sufficient proximity to the suspected Social Insurance Number in the string of data and that corresponds to a place in Canada.

(57) Although the foregoing description provides many specifics, these should not be construed as limiting the scope of the any of the appended claims, but merely as providing information pertinent to some specific embodiments that may fall within the scopes of the appended claims. Features from different embodiments may be employed in combination. Other embodiments may also be devised which lie within the scopes of the appended claims. The scope of each claim is indicated and limited only by its plain language and the full scope of legal equivalents available thereto. All additions, deletions and modifications to the disclosed subject matter that fall within the meanings and scopes of the claims are to be embraced by the claims.

Identification of potentially sensitive information in data strings

Assignee

Inventors

Cpc classification

Classification Explorer

G06F16/90344

PHYSICS

Classification Explorer

G06F9/4493

PHYSICS

Classification Explorer

G06Q20/4012

PHYSICS

Classification Explorer

G06Q20/4016

PHYSICS

Classification Explorer

G06Q20/3224

PHYSICS

Classification Explorer

G06F21/6245

PHYSICS

International classification

Classification Explorer

G06F21/00

PHYSICS

Classification Explorer

G06F16/903

PHYSICS

Classification Explorer

G06Q20/32

PHYSICS

Classification Explorer

G06F21/62

PHYSICS

Classification Explorer

G06Q20/40

PHYSICS

Abstract

Claims

Description