IP Verse

Method And System For Forensic Data Tracking

Patent No. US11637840 (titled "Method And System For Forensic Data Tracking") was filed by Quickvault Inc on Apr 29, 2021.

What is this patent about?

’840 is related to the field of data loss prevention and forensic computing. Enterprises face increasing pressure to protect sensitive data due to regulatory requirements and the rising need to understand data provenance. Existing security measures often fail to prevent breaches, especially when data leaks outside protected environments. Data Loss Prevention (DLP) tools can help, but they are not foolproof, leaving a need for systems that can track data movement even after it has left the authorized environment.

The underlying idea behind ’840 is to provide a method and system for tracking data elements as they are shared and moved between authorized and unauthorized devices and users. This involves scanning files, classifying them based on content, and then monitoring their movement even outside the direct control of the responsible organization. The system uses various techniques, including encoding files with hidden tracking mechanisms, to maintain visibility and auditability of sensitive information.

The claims of ’840 focus on a computing system that receives metadata about electronic files detected at an endpoint. This metadata includes the filename, creation/modification dates, data element tags, and an endpoint identifier. The system analyzes this metadata based on configured settings and policies to determine a data classification. Crucially, the system determines if the file is unauthorized due to a deviation from normal behavior , specifically an increase in the total number of files exceeding a user's average. Responsive actions are then performed.

In practice, the invention works by deploying software agents on endpoints that scan files and extract metadata. This metadata is sent to a central server where it is analyzed to identify policy violations or deviations from normal behavior. The system can then take actions such as deleting unauthorized files, moving them to a secure archive, or encoding them with tracking information. The encoding mechanisms , like transparent GIFs with embedded URLs, allow the system to track the file's movement even when it is opened on unregistered devices.

The invention differentiates itself from prior approaches by focusing on post-leakage tracking . While traditional DLP systems aim to prevent data from leaving the authorized environment, ’840 provides a mechanism to monitor and control data even after it has escaped those boundaries. This is achieved through the use of persistent tracking mechanisms embedded within the files themselves, allowing the system to identify unauthorized access and potential data breaches even when the data is in the hands of unauthorized users.

How does this patent fit in bigger picture?

Technical landscape at the time

In the mid-2010s when ’840 was filed, at a time when data security was typically implemented using network infrastructure such as firewalls and VPNs, and when systems commonly relied on encryption for data at rest and in transit. Hardware or software constraints made comprehensive data tracking and provenance non-trivial, especially when data left the protected environment.

Novelty and Inventive Step

The claims were rejected under 35 U.S.C. 103 as being unpatentable over prior art combinations. Claims 1-35 were also rejected on the ground of nonstatutory obviousness-type double patenting. Claim 35 was indicated as allowable over prior art. The prosecution record does NOT describe the technical reasoning or specific claim changes that led to allowance.

Claims

This patent contains 28 claims, with claims 1 and 13 being independent. The independent claims are generally directed to a computing system and a method for computing forensics, both involving analyzing metadata of electronic files to determine unauthorized data use based on deviations from normal behavior. The dependent claims generally elaborate on the specifics of the system components, method steps, and responsive actions taken based on the analysis.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)Support for SpecificationInterpretation
Data element tag
(Claim 1, Claim 13)		“After the data classification is completed, the file is tagged with the classification and a meta log is sent to a cloud control server with details about the file such as: file name, data classification, date created or modified, user name, and endpoint ID.”A tag associated with an electronic file, included in the meta data, that is used in determining the data classification of the file.
Deviation from normal behavior
(Claim 1, Claim 13)		“Reports may also include exceptions such as the conditions that would trigger an alert. For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point. Or, if the same end point was found to contain a significantly lower number of files from the previous scan, this could represent an unusual activity compared with the average user.”A pattern of data use that is determined to be unusual, such as an endpoint increasing the total number of files by a percentage that exceeds an average for a user associated with the endpoint or for an average user.
Endpoint identifier
(Claim 1, Claim 13)		“End point ID may include unique information that describes the computing environment used to create or modify the file such as MAC address, IP address, unique serial number unique software license key, or another unique identifier related to the end point.”Information that identifies the endpoint on which an electronic file is located or detected.

Litigation Cases New

US Latest litigation cases involving this patent.

Case NumberFiling DateTitle
4:25-cv-01226Nov 10, 2025Quickvault, Inc. v. Musarubra US LLC
1:23-cv-01522Dec 14, 2023QuickVault, Inc. v. Oracle Corporation
1:23-cv-01016Aug 28, 2023Quickvault, Inc. V. Forcepoint Llc

Patent Family

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

  • Get instant alerts for new documents

US11637840

QUICKVAULT INC
Application Number
US17244505
Filing Date
Apr 29, 2021
Status
Granted
Expiry Date
Apr 26, 2036
External Links
Slate, USPTO, Google Patents