1. Patent Search
  2. Details

Salting Text and Fingerprinting in Database Tables, Text Files, and Data Feeds

20210026598 ยท 2021-01-28

    Inventors

    Cpc classification

    International classification

    Abstract

    A system and method for salting and fingerprinting database tables, text files, data feeds, and the like, first resorts the data according to a field or fields in the data set. A salting recipe is selected and applied to the sorted data. A fingerprint of the data is captured after sorting and salting. The data is then restored to its original order before being sent to a trusted third party. Because the data owner retains information concerning the sorting sorting sonar technique, salting technique, and the fingerprint, the data owner can reconstruct the unsalted file from the salted file, and can determine if a wild file contains data from the data file. The salting is difficult to detect by the bad actor, even if the bad actor is aware that the data has been salted.

    Claims

    1. A method for salting and fingerprinting a data file, wherein the data file comprises a plurality of records, and each of such records comprises at least one field, the method comprising the steps of: a. selecting a sorting technique from a plurality of available sorting techniques; b. sorting the records in the data file according to the selected sorting technique; c. selecting a salting technique from a plurality of available salting techniques; d. applying the selected salting technique to one or more records in the data file after the sorting is performed, wherein the salting technique is based, at least in part, upon the order of the records in the data file after the sorting step, to create a salted data file; e. building a fingerprint of the salted data file after the salting step, wherein the fingerprint comprises at least one field of at least a subset of the records in the plurality of records in the salted data file; f. restoring the sorted and salted data file to its original sort order as it was prior to the sorting step to produce a resorted salted data file; g. associating a file identifier with the data file, and storing in a file data base the file identifier along with an identifier associated with the selected sorting technique, an identifier associated with the selected salting technique, and the fingerprint; and h. delivering the resorted salted data file to a Trusted Third Party (TTP).

    2. The method of claim 1, wherein the selected sorting technique is a multiple-level sorting technique.

    3. The method of claim 1, wherein the selected salting technique is randomly chosen from among the plurality of available salting techniques.

    4. The method of claim 1, wherein the selected salting technique is compliant with the Coding Accuracy Support System (CASS).

    5. The method of claim 1, wherein the salting technique is undetectable by a Bad Actor.

    6. The method of claim 1, wherein the salting technique does not impair the usefulness of the data file.

    7. The method of claim 1, wherein each record of the data file comprises a plurality of fields, and further wherein each record of the data file comprises information pertaining to a consumer.

    8. A method of detecting the presence of one or more records from one of a plurality of data files in a wild file, wherein the plurality of data files and the wild file each comprise a plurality of records each comprising a plurality of fields, the method comprising the steps of: a. applying a plurality of sorting techniques from a set of sorting techniques to the wild file; b. for each application of one of the plurality of sorting techniques to the wild file, retrieving a plurality of salting techniques from a set of salting techniques, and, for each of the plurality of salting techniques, comparing the results of salting at least one of the data files to the wild file to determine if a match occurs; c. if a match occurs after comparing the results of salting the at least one data file to the wild file, comparing at least one field of at least one record in the wild file to at least one of a plurality of fingerprints; d. if the comparison of the at least one field of at least one record in the wild file to at least one of the plurality of fingerprints results in a match, returning a result that the wild file was derived from the data file; and e. if for each application of one of the plurality of sorting techniques and each application of one of the plurality of salting techniques to the wild file does not result in a match with the fingerprint, returning a result that the wild file was not derived from the data file.

    9. The method of claim 8, wherein at least one of the plurality of sorting techniques is a multiple-level sorting technique.

    10. The method of claim 8, wherein at least one of the plurality of salting techniques is compliant with the Coding Accuracy Support System (CASS).

    11. A system for salting and fingerprinting a data file, wherein the data file comprises a plurality of records, and each of such records comprises at least one field, comprising: a. a sorter engine configured to receive a data file, wherein the data file comprises a plurality of records each comprising at least one field, and wherein the sorter engine is configured to sort the records in the data file according to a sorting technique to produce a sorted data file, and to resort the sorted data file back to its original order to produce a resorted data file; b. a sorting technique store in communication with the sorter engine, wherein the sorting technique store comprises a plurality of sorting techniques; c. a salting engine in communication with the sorter engine and configured to receive the sorted data file and apply a salt to the sorted data file according to a salting technique to produce a salted data file; d. a salting technique store in communication with the salting engine, wherein the salting technique store comprises a plurality of salting techniques; e. a fingerprint engine in communication with the salting engine configured to produce a fingerprint from at least one field of at least one record of the salted data file; and f. a file database in communication with the sorter engine, the salting engine, and the fingerprint engine, wherein the file database is configured to store a data file identifier, a selected sorting technique identifier, a selected salting technique identifier, and the fingerprint.

    12. The system of claim 11, wherein at least one of the plurality of sorting techniques at the sorting technique store is a multiple-level sorting technique.

    13. The system of claim 11, wherein the sorter engine is further configured to randomly select the selected salting technique from among the plurality of available salting techniques at the salting technique store.

    14. The system of claim 11, wherein at least one of the plurality of salting techniques at the salting technique store is compliant with the Coding Accuracy Support System (CASS).

    15. The system of claim 11, wherein each record of the data file comprises a plurality of fields, and further wherein each record of the data file comprises information pertaining to a consumer.

    16. The system of claim 11, wherein the sorter engine is further configured to receive a wild file comprising a plurality of records each comprising at least one field, and to apply each of the plurality of sorting techniques from the sorting technique store to the wild file, the salting engine is further configured, for each application of one of the plurality of sorting techniques to the wild file, to retrieve each of the plurality of salting techniques from the salting technique store, further comprising a match engine configured to, for each of the plurality of salting techniques, comparing the results of salting the data file to the wild file to determine if a match occurs, and further wherein the fingerprint engine is further configured to, if a match occurs after comparing the results of salting the data file to the wild file, compare at least one field of at least one record in the wild file to at least one of a plurality of fingerprints, and, if the comparison of the at least one field of at least one record in the wild file to at least one of the plurality of fingerprints results in a match, returning a result that the wild file was derived from the data file, or, if for each application of one of the plurality of sorting techniques and each application of one of the plurality of salting techniques to the wild file does not result in a match with the fingerprint, returning a result that the wild file was not derived from the data file.

    Description

    BRIEF DESCRIPTION OF DRAWINGS

    [0007] FIG. 1 illustrates the process whereby a Salt is added to a new file or data feed according to an embodiment of the invention.

    [0008] FIG. 2 illustrates the process whereby a file or data feed of unknown origin is analyzed for the presence of a Salt according to an embodiment of the invention.

    [0009] FIG. 3 illustrates the infrastructure and architecture of a salting system according to an embodiment of the invention.

    BEST MODE FOR CARRYING OUT THE INVENTION

    [0010] Before the present invention is described in further detail, it should be understood that the invention is not limited to the particular embodiments and implementations described, and that the terms used in describing the particular embodiments and implementations are for the purpose of describing those particular embodiments and implementations only, and are not intended to be limiting, since the scope of the present invention will be limited only by the claims.

    [0011] To begin a discussion of certain implementations of the invention, the precise definition of the associated technical statement is presented as follows. Let D be a database, including but not limited to a flat file or data feed, owned by Company C. D consists of tuples in relational form or structured text (e.g., .csv, XML, JSON, or SQL data). Let S.sub.i be a subset of tuples from D. Let M be a unique method to generate W, a representation of D or S.sub.i that is much smaller than D. The goal then is to generate a W such that: [0012] 1. W contains a watermark for a given M (i.e., M cannot generate the same W for two different Ds or S.sub.is). [0013] 2. W can, with statistical confidence, determine that an Agent A.sub.1 is a Bad Actor distributing or altering D or S.sub.1 versus other Agents A.sub.2, A.sub.3, . . . A.sub.n who receive a copy of D or a different S.sub.1 that partially overlaps S.sub.1. [0014] 3. W would be sufficiently robust to meet evidentiary standards to prove that D, a second copy or subset of D, was created without the consent of C. This means that the probability of a false negative (identifying D as being illegitimate when it is not) or a false positive (identifying D as legitimate when it is not) must be small. [0015] 4. W must cause no loss of information from D or S.sub.i at the time they are generated for a specific A. [0016] 5. If M embeds W in D, recovery of W is blind. That is, W can be obtained from D without knowledge of D if and only if D and D, or exact duplicate S and S taken from D and D respectively, are equivalent. [0017] 6. The process by which W is created must be robust enough to deal with significant differences in tuples (e.g., extra blank spaces, data resorting, tuple deletion, tuple addition) between D and D without generating a false negative. [0018] 7. M must take into account that a D.sub.ifrom C is updated on a regular basis, becoming D.sub.j and allow for the ability to distinguish D.sub.i from D.sub.j. [0019] 8. M must be computationally feasible with readily available computing equipment. [0020] 9. M does not have to identify exactly what changes were made to D or S.sub.i when it becomes D or S.sub.i, although detailed examination of D or S.sub.i can and should provide supporting evidence for W as an indicator of the Bad Actor status of A.

    [0021] By implementing the salting method described herein that meets these requirements, Data Owners can more frequently identify data within a Wild File as having originated from their own data set and even identify to which TTP that data was originally sent. This is done by analyzing certain data elements within the Wild File, to determine if an identifier (the Salt), unique to the recipient and subtly embedded in the Leaked Data Set from which some amount of data in the Wild File originated, can be discovered. This Salt cannot be detected without foreknowledge of the salting mechanism as, to the untrained eye, it is invisible.

    [0022] The workings and output of the system as described above can be illustrated by FIG. 1, showing the method of salting a file according to certain implementations of the system. Suppose that, in a first example, an original data set 10 contains the following elements, as shown in Table 1 (actual data sets are likely to be far larger, but a very small data set is shown for purposes of example):

    TABLE-US-00001 TABLE 1 # Col A Col B Col C Col D Col E Col F Col G Col H 1 Sunny D Very Large 6970 Monday Red TX Orange 2 Rainy G Large 2211 Tuesday Yellow TX Apple 3 Cloudy H Medium 209 Wednesday Green TX Grape 4 Windy E Small 2301 Thursday Blue TX Lemon 5 Calm M Very Small 708 Friday White TX Lime

    [0023] A file identifier is associated with the file in order to distinguish it from other files created by the Data Owner. The file identifier can be, in various implementations, any string of alphanumerics and/or other characters. In a first step, the information is sorted at sorter engine 12. The sorting technique can be any desired sorting method. The sorting technique can be selected from a multitude of possible sorting techniques stored at sorting technique store 14, in communication with sorter engine 12. The sorting technique is then keyed to the file and stored in file data base 16, along with the file identifier, for that file at sorter technique storage 18. The assignment of a particular sorting algorithm to any given data set may in certain embodiments be randomized. The sorting algorithm may be a sort at multiple levels, i.e., sorting by one field as the primary sort and then sorting by a second field as a secondary sort, to as many levels as desired. In a given example for illustration, the data is sorted first by column H, then by column E, and then by column D. Table 2 provides the results of applying this particular sort to the data of Table 1:

    TABLE-US-00002 TABLE 2 # Col A Col B Col C Col D Col E Col F Col G Col H 2 Rainy G Large 2211 Tuesday Yellow TX Apple 3 Cloudy H Medium 209 Wednesday Green TX Grape 4 Windy E Small 2301 Thursday Blue TX Lemon 5 Calm M Very Small 708 Friday White TX Lime 1 Sunny D Very Large 6970 Monday Red TX Orange

    [0024] In the second step, the salting recipe is applied to the sorted data by salting engine 20. The salting recipe is based, at least in part, upon the ordering of the records in the file, and thus the previous sorting step is tied to the results of the salting step. The particular recipe can be chosen from any number of potential recipes stored at salting technique store 22, and, like the sorting technique, can be randomly chosen in certain embodiments. The salting recipe is also keyed to the file, which is stored in file database 16 at salting technique 24. In this particular example, the salting technique is that for every second and third instance of column D starting with the digit 2, the word in column C is abbreviated. Applying this salting recipe to the sorted data of Table 2, the result is shown below in Table 3:

    TABLE-US-00003 TABLE 3 # Col A Col B Col C Col D Col E Col F Col G Col H 2 Rainy G L 2211 Tuesday Yellow TX Apple 3 Cloudy H M 209 Wednesday Green TX Grape 4 Windy E S 2301 Thursday Blue TX Lemon 5 Calm M Very Small 708 Friday White TX Lime 1 Sunny D Very Large 6970 Monday Red TX Orange

    [0025] In the third step, a fingerprint of the salted data set is captured by fingerprint engine 26. Note that the fingerprint can be any single column or a set of two or more columns in the data. If more than one column is used, the columns need not be adjacent. The fingerprint is not necessarily limited to containing the column that contains salted data, nor is it necessarily required to capture the full depth of the file (i.e., every data item in a column). The fingerprinting recipe, like the sorting technique and the salting recipe, is also keyed to the file in file database 16 at fingerprint technique 28. In the case where the fingerprint that is captured is column C from the above example, the fingerprint will be as shown in Table 4 below:

    TABLE-US-00004 Table 4 Fingerprint L M S Very Small Very Large

    [0026] Because the specific sorting technique, the salting recipe, and the fingerprinting recipe are each keyed the file, the data provider can then apply the reverse process (i.e., restore the file to its original order before the application of sorter engine 12) to create a finished salted file as salted data set 30 that can be distributed to TTPs. The result in the finished data file is a salted data file where the salting is disguised from other parties. The result in this particular example is shown in Table 5 below:

    TABLE-US-00005 TABLE 5 # Col A Col B Col C Col D Col E Col F Col G Col H 1 Sunny D Very Large 6970 Monday Red TX Orange 2 Rainy G L 2211 Tuesday Yellow TX Apple 3 Cloudy H M 209 Wednesday Green TX Grape 4 Windy E S 2301 Thursday Blue TX Lemon 5 Calm M Very Small 708 Friday White TX Lime

    [0027] In certain embodiments, subsequent issuance of the same data set sent to other customers, or to the same customer later in time, would be subjected to a different combination of the various sorting techniques, salting recipes, and fingerprinting recipes. Each such instance is maintained as a separate file database 16 in a master database or databases. Optionally, a file date 32 may be also included in some or all file databases 16 as additional identifying information for a particular instance of a salted file.

    [0028] Referring now to FIG. 2, the process applied when a suspicious file is found in the wild as wild file data set 32 to determine if the provider is in fact the source of the file, and if so when the file was created, may be described according to certain implementations. The file is sorted using one of the possible sorting techniques, again with sorter engine 12, and then examined to detect the salt (i.e., the file DNA) and fingerprint signatures using salting engine 20 and fingerprint engine 26. If the salt and/or fingerprint are not detected, the sort is performed with the next possible sorting technique, and the process is repeated in iterative fashion. The process is repeated, for each sorting technique, with respect to each salting technique, and with respect to each of both for each fingerprint. This process continues until the salt/and or fingerprint is detected at match engine 34, or all possibilities have been exhausted. In the former case it can then be known that the provider is the source of the data, and the output of a salt being detected 36 is created. But in the latter case it can be known that the provider is not the source of the data, resulting in output salt not detected 38. Even if the file has been altered in some way, as explained above, it will be evident that for large files this method will still produce a likelihood of data theft because it would be able to recover scraps of the salted data. A score can be determined based on the number of such scraps that are found in the data, at match engine 34, thus leading to a confidence factor for misuse of the provider's data. In any case, the information in file database 16, including the file identifier, can be used to identify the particular data file from which the Wild File was partially or wholly derived.

    [0029] Various salting methods other than the particular examples described herein may be employed in alternative embodiments. In certain implementations used for consumers or that otherwise involve mailing addresses, the salting method may be compliant with the Coding Accuracy Support System (CASS) standards. CASS enables the United States Postal Service (USPS) to evaluate the accuracy of systems that correct and matches street addresses. CASS certification is offered to all mailers, service bureaus, and vendors that would like the USPS to evaluate the quality of their address-matching systems and improve the accuracy of their ZIP+4, carrier route, and five-digit coding. CASS compliant systems will correct and standardize addresses, and will also add missing address information, such as ZIP codes, cities, and states to ensure the address is complete. In addition, CASS certified systems perform delivery point validation to verify whether or not an address is a deliverable address.

    [0030] Referring now to FIG. 3, the physical structure for a computer network system to implement the processes described above may now be described. Network 50 (such as the Internet) is used to access the system. A virtual private network (VPN) 52 can be used to provide a secure connection into the DMZ area, i.e., the area where outside files or data feeds are quarantined prior to entry behind the system's firewalls. Using a secure file transfer protocol (S FTP) system, files may be transferred to SFTP external load balancer 54; FTP is a well-known network protocol used to transfer computer files between a client and server on a computer network. In addition, data feeds are used to continually stream data into the system through a private protocol or standard protocols (HTTP, HTTPS, etc.) by way of APIs or using customized or standard ports. UI/APP external load balancer 56 may be used to receive files sent by a computer application, and AP external load balancer 58 may be used to receive files or data feeds sent according to an application programming interface (API), which is a well-known concept for developing subroutine definitions, protocols, and tools that allow communications between application software. The load balancers of the system ensure that individual servers in the system are not overloaded with file or data feed requests.

    [0031] Moving now to the front-end layer of the system, SFTP server 60, associated with its own SFTP server recoverable storage 62, receives files sent by FTP after they pass from the DMZ area. Likewise, UI/APP internal load balancer 64 receives files from the UI/APP external load balancer 56 after they leave the DMZ area, and passes them to one or more UI/APP virtual machines (VMs) 66 (two are shown in FIG. 3). Moving to the services area, these subsystems pass data to API internal load balancer 70, which them passes information to one or more API VMs 72 (again, two are illustrated in FIG. 3).

    [0032] At the system backend, data from the API VM 72 passes data to processing cluster and datastore 82, which is configured to store data in one or more multi-tenant datastores 84, each of which is associated with a datastore recoverable storage area 86 (three of each are illustrated in FIG. 3). Examples of data stored in multi-tenant datastores 84 include file databases 16, sorting technique store 14, and salting technique store 22.

    [0033] It may be seen that the described implementations of the invention result in a unique method for determining the recipient of a given data file or feed without making the recipient aware or disrupting the usefulness of the data. In addition, the system is scalable, able to identify the uniqueness of a file or data feed and its recipient amongst a set of potentially millions of Wild Files in circulation, while also providing security for the data ingested by the system. In order to be practical, a commercial-grade watermarking system must be able to process hundreds of files per day, meaning that the entire processing infrastructure must be expandable and scalable. In this age of big data, the size of data files or feeds to be processed ranges significantly, from a few megabytes to several terabytes in size, and the way in which these files or feeds flow into the system can be very unpredictable. In order to construct scalable systems, one must build predictive models to estimate maximum processing requirements at any given time to ensure the system is sized to handle this unpredictability.

    [0034] The salting system according to the implementations described herein has the capacity of salting data files, database tables, and data feeds of unlimited size. Processing speed, however, is also important, since customers cannot wait days or weeks for watermarking to occur before files are delivered. They may be releasing updates to their underlying data every day and perhaps even faster. The system must be capable of watermarking a file within the cycle time of production of the next file, or else the system will bottleneck and files will fall into a queue that will cause the entire business model to break down. The processing time to detect the watermark in the baseline release is a few seconds. Computing power in most cases is reduced because it is not necessary to parse the complete file and then match the Wild File to the master database to determine whether the Wild File is stolen, except in the worst-case scenario. In addition the search space is further reduced, thus improving processing time, as the detected watermark related to a particular recipient is only required to match against that recipient's files stored in the database. Note, however, that it may be necessary to parse the entire Wild File to ensure that it is not watermarked with data sent to multiple recipients. Regardless, human interaction and examination is not required as part of salt detection using this system. For this reason, further time and cost savings are realized and errors are reduced.

    [0035] Almost all of the research on data watermarking has been based on algorithms tested for one or two owners of data, and one or two Bad Actors. A commercial-grade system must be able to generate, store and retrieve watermarks for numerous customers and an unknown number of Bad Actors in situations where files with completely unknown sources are recovered. For example, consider that a commercial watermarking company has 5,000 customers for whom it watermarks files. In this example, the watermarking company retrieves a file from a third party who would like to validate that the file contains no stolen data. To determine this, the watermarking company must test the file against each company's watermark until it finds a match. In the worst case, it does not find a match after testing 5,000 times, in which case the only assertion that can be made is that the data has not been stolen from any of the 5,000 owners in the system. The system, according to certain embodiments, does not have limitations to the number of customers and the system is capable of supporting an infinite number of recipients represented in the watermark.

    [0036] The system and method described herein is a robust mechanism that requires very little time to prove data ownership as opposed to parsing and processing millions of records. In the example of a large data provider, a typical file contains hundreds of millions of records. As the salt applied by this mechanism is invisible, it is impractical and impossible for manual salt identification without any advanced signal processing mechanic that can extract signals out of the noise within a timeframe deemed practical and usable by any business.

    [0037] Unless otherwise stated, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Although any methods and materials similar or equivalent to those described herein can also be used in the practice or testing of the present invention, a limited number of the exemplary methods and materials are described herein. It will be apparent to those skilled in the art that many more modifications are possible without departing from the inventive concepts herein.

    [0038] All terms used herein should be interpreted in the broadest possible manner consistent with the context. When a grouping is used herein, all individual members of the group and all combinations and subcombinations possible of the group are intended to be individually included. When a range is stated herein, the range is intended to include all subranges and individual points within the range. All references cited herein are hereby incorporated by reference to the extent that there is no inconsistency with the disclosure of this specification.

    [0039] The present invention has been described with reference to certain preferred and alternative embodiments that are intended to be exemplary only and not limiting to the full scope of the present invention, as set forth in the appended claims.