Method And System For Forensic Data Tracking

Patent No. US10999300 (titled "Method And System For Forensic Data Tracking") was filed by Quickvault Inc on Nov 26, 2019.

’300 is related to the field of data loss prevention and, more specifically, to systems that track the movement of data elements across authorized and unauthorized devices and users. Traditional security measures like firewalls and encryption often fail to prevent data breaches when data leaks outside the protected environment, for example, via USB drives or unauthorized cloud storage. Existing Data Loss Prevention (DLP) tools are not always effective, leaving sensitive data vulnerable once it escapes the protected environment.

The underlying idea behind ’300 is to embed forensic tracking mechanisms directly into data files, allowing their movement and usage to be monitored even after they have left the control of the originating organization. This is achieved by scanning files, classifying them based on their content, and then encoding them with unique identifiers or watermarks. When these encoded files are accessed, they report back to a central server, providing information about the endpoint, user, and time of access.

The claims of ’300 focus on a cloud-based forensic computing platform that receives metadata logs from endpoints, analyzes the data element tags within those logs, and determines a data classification for the files on those endpoints. The platform then predicts data breaches based on changes in data topology, such as spikes in user activity or data of a specific classification leaking onto unauthorized endpoints. The platform also identifies patterns of data use that constitute rule violations or deviations from normal behavior, such as an endpoint significantly increasing or decreasing its total number of files.

In practice, the invention involves deploying software agents on endpoints that scan files, classify them based on predefined text strings or patterns (e.g., ICD-9 codes for PHI data), and then encode them with forensic information. This encoding can take various forms, including transparent GIFs with embedded URLs, executable components that report back to the server, or printable watermarks. The agents then transmit metadata logs to a central cloud control server, which analyzes the data and generates alerts based on predefined policies and settings.

This approach differs from traditional DLP solutions by focusing on data provenance and providing visibility into data movement even outside the organization's direct control. Unlike encryption-based solutions that become ineffective once the data is decrypted on an unauthorized device, ’300 maintains awareness of the data's location and usage through its embedded tracking mechanisms. By analyzing patterns of data movement and identifying deviations from normal behavior, the platform can proactively predict and prevent data breaches.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2010s when ’300 was filed, data loss prevention (DLP) tools were in use, but were not always effective at preventing all sensitive data from leaking outside of protected environments; at a time when encryption was commonly used to protect data at rest and in transit between authorized systems, but tracking data after it left the authorized environment remained a challenge; when hardware or software constraints made comprehensive data provenance and tracking across various devices and cloud storage systems non-trivial.

Novelty and Inventive Step

Claims were rejected under 35 U.S.C. 112(a) for failing to comply with the enablement requirement. Claims were also rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 103 as being unpatentable over cited prior art. Claims 1-27 were rejected on the ground of nonstatutory double patenting. Claims 18 and 19 were indicated as allowable. The prosecution record does NOT describe the technical reasoning or specific claim changes that led to allowance.

Claims

This patent contains 25 claims, with independent claims 1 and 25. The independent claims are directed to a forensic computing platform deployed as a cloud control server. The dependent claims generally elaborate on and refine the features and functionalities of the forensic computing platform described in the independent claims.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)	Support for Specification	Interpretation
Data classification (Claim 1, Claim 25)	“According to the present invention, data files are scanned and automatically classified at the time of detection according to a data classification policy. The data classification is determined based on matches of one or more of the pre-defined text strings comprised within the file. After the data classification is completed, the file is tagged with the classification and a meta log is sent to a cloud control server with details about the file such as: file name, data classification, date created or modified, user name, and endpoint ID.”	A classification assigned to a file based on the data types it contains, determined by analyzing data element tags.
Data element tags (Claim 1, Claim 25)	“A meta log is created following each scan of a new or modified file and may include specific information about the file such as file name, endpoint ID, date and time, data classification, and meta data tags. Meta logs are also created whenever files are uploaded to the Archive Repository (19) or downloaded to registered internal and external endpoints. Meta logs are also created by various forensic mechanisms which allow additional information to be recorded about the movement of files.”	Indicators that data types are included in a file. These tags are part of the meta log received from an endpoint.
Degree changes in data topology (Claim 1)	“Reports may also include exceptions such as the conditions that would trigger an alert. For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point. Or, if the same end point was found to contain a significantly lower number of files from the previous scan, this could represent an unusual activity compared with the average user. Or, if a number of end points are scanned and each found to contain the same new files, this might be a pattern of activity that falls outside of normal history.”	Changes in the arrangement or relationships of data, used to predict data breaches.
Endpoint Id (Claim 1, Claim 25)	“End point ID may include unique information that describes the computing environment used to create or modify the file such as MAC address, IP address, unique serial number unique software license key, or another unique identifier related to the end point.”	Unique information that describes the computing environment used to create or modify a file. This ID is included in the meta log.
Meta log (Claim 1, Claim 25)	“The Meta Database Table (14) of the Forensic Computing Platform contains the meta logs that are received from end points and stored by the system. A meta log is created following each scan of a new or modified file and may include specific information about the file such as file name, endpoint ID, date and time, data classification, and meta data tags. Meta logs are also created whenever files are uploaded to the Archive Repository (19) or downloaded to registered internal and external endpoints. Meta logs are also created by various forensic mechanisms which allow additional information to be recorded about the movement of files.”	A record containing information about a file, including its name, data element tags, dates, and endpoint ID, stored in the meta database.

Litigation Cases New

US Latest litigation cases involving this patent.

Case Number	Filing Date	Title
4:25-cv-01226	Nov 10, 2025	Quickvault, Inc. v. Musarubra US LLC
1:23-cv-01522	Dec 14, 2023	QuickVault, Inc. v. Oracle Corporation
1:23-cv-01016	Aug 28, 2023	Quickvault, Inc. V. Forcepoint Llc
1:22-cv-10948	Jun 17, 2022	QuickVault, Inc. v. Digital Guardian LLC

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

Date
Description

Get instant alerts for new documents

Aug 28, 2023
Report on the filing or determination of an action regarding a patent
Jun 21, 2022
Report on the filing or determination of an action regarding a patent
Jun 9, 2022
Petition Decision
May 31, 2022
Fee Worksheet (SB06)
May 20, 2022
Petition for review by the Office of Petitions
May 20, 2022
Electronic Filing System Acknowledgment Receipt
May 18, 2022
Petition Decision
Apr 28, 2022
Fee Worksheet (SB06)
Feb 25, 2022
Petition for review by the Office of Petitions
Feb 25, 2022
Fee Worksheet (SB06)
Feb 25, 2022
Electronic Filing System Acknowledgment Receipt
Feb 25, 2022
Maintenance Fee Address Change
Feb 25, 2022
Petition for review/processing depending on status
Apr 14, 2021
Issue Notification
Apr 8, 2021
List of References cited by applicant and considered by examiner
Apr 6, 2021
Issue Fee Payment (PTO-85B)
Apr 6, 2021
Fee Worksheet (SB06)
Apr 6, 2021
Electronic Filing System Acknowledgment Receipt
Feb 9, 2021
Miscellaneous Communication to Applicant - No Action Count
Jan 12, 2021
Notice of Allowance and Fees Due (PTOL-85)
Jan 12, 2021
Search information including classification, databases and other search related notes
Jan 12, 2021
Index of Claims
Jan 12, 2021
Issue Information including classification, examiner, name, claim, renumbering, etc.
Jan 12, 2021
List of References cited by applicant and considered by examiner
Jan 12, 2021
Examiner's search strategy and results
Dec 29, 2020
Communication - Re: Power of Attorney (PTOL-308)
Dec 29, 2020
Terminal Disclaimer review decision
Dec 24, 2020
Fee Worksheet (SB06)
Dec 23, 2020
Terminal Disclaimer Filed in an Application
Dec 23, 2020
Fee Worksheet (SB06)
Dec 23, 2020
Electronic Filing System Acknowledgment Receipt
Dec 23, 2020
Power of Attorney
Dec 23, 2020
Assignee showing of ownership per 37 CFR 3.73
Dec 23, 2020
Amendment/Request for Reconsideration-After Non-Final Rejection
Dec 23, 2020
Claims
Dec 23, 2020
Applicant Arguments/Remarks Made in an Amendment
Nov 13, 2020
Information Disclosure Statement (IDS) Form (SB08)
Nov 13, 2020
Transmittal Letter
Nov 13, 2020
Fee Worksheet (SB06)
Nov 13, 2020
Electronic Filing System Acknowledgment Receipt
Oct 1, 2020
Non-Final Rejection
Oct 1, 2020
List of references cited by examiner
Oct 1, 2020
Index of Claims
Oct 1, 2020
Search information including classification, databases and other search related notes
Oct 1, 2020
Examiner's search strategy and results
Oct 1, 2020
Bibliographic Data Sheet
Oct 1, 2020
Examiner's search strategy and results
Mar 26, 2020
Notice of Publication
Dec 17, 2019
Fee Worksheet (SB06)
Dec 17, 2019
Filing Receipt
Nov 26, 2019
Specification
Nov 26, 2019
Claims
Nov 26, 2019
Abstract
Nov 26, 2019
Application Data Sheet
Nov 26, 2019
Drawings-only black and white line drawings
Nov 26, 2019
Oath or Declaration filed
Nov 26, 2019
Fee Worksheet (SB06)
Nov 26, 2019
Electronic Filing System Acknowledgment Receipt

US10999300

QUICKVAULT INC

Application Number: US16695949
Filing Date: Nov 26, 2019
Status: Granted
Expiry Date: Sep 14, 2035
External Links: Slate, USPTO, Google Patents

IP Verse