Method And System For Forensic Data Tracking

Patent No. US12363134 (titled "Method And System For Forensic Data Tracking") was filed by Quickvault Inc on Jan 22, 2024.

’134 is related to the field of data loss prevention and forensic computing. Enterprises face increasing challenges in protecting sensitive data due to regulatory requirements and the ease with which data can leak outside authorized environments. Existing security measures like encryption and DLP tools are often insufficient, leaving a need for methods to track data movement even after it has left the protected environment.

The underlying idea behind ’134 is to embed forensic tracking mechanisms into data files, allowing their movement to be monitored across authorized and unauthorized devices and users. This involves classifying data, encoding files with tracking information, and then logging and analyzing the data's movement to identify potential breaches or policy violations. The system aims to provide visibility and control over sensitive information even after it has left the direct control of the responsible organization.

The claims of ’134 focus on receiving metadata associated with an endpoint, analyzing this metadata based on configured settings and policies, determining if the data activity deviates from normal behavior, and performing responsive actions. The deviation is determined by detecting a significant volume of metadata, relative to historical behavior, associated with a user, set of users, endpoint, or set of endpoints. The metadata includes an endpoint identifier, file name, user identifier, and data tags.

In practice, the system scans files on endpoints, classifies them based on content (e.g., presence of sensitive data patterns), and encodes them with tracking information. This encoding can involve embedding a transparent GIF with a unique URL , inserting an executable component, or encrypting the file. When the file is opened, the embedded code reports back to a central server, logging information about the endpoint and user.

This approach differs from traditional DLP solutions by focusing on post-leakage tracking . Instead of solely preventing data from leaving the protected environment, ’134 provides a mechanism to understand where the data has gone, who has accessed it, and whether any policy violations have occurred. By analyzing the logged data, the system can identify suspicious activities, generate alerts, and provide reports on data movement, enabling organizations to respond effectively to potential data breaches.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2020s when ’134 was filed, data loss prevention was typically implemented using network-based appliances at a time when systems commonly relied on perimeter security rather than zero-trust architectures and when hardware or software constraints made comprehensive data tracking across diverse environments non-trivial.

Novelty and Inventive Step

Claims 1-30 were pending. Claims 1-4 and 6-30 were rejected for obviousness over prior art. Claims 1-30 were also rejected for nonstatutory obviousness-type double patenting. Claim 5 was indicated as allowable.

Claims

This patent contains 32 claims, of which claims 1, 19, and 32 are independent. The independent claims focus on a computing system and method for detecting deviations from normal data activity based on metadata analysis. The dependent claims generally elaborate on specific aspects, implementations, and variations of the system and method defined in the independent claims.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)	Support for Specification	Interpretation
Configured setting (Claim 1, Claim 19)	“The Settings Table (16) of the Forensic Computing Platform includes options selected by the Authorized System Administrator (2) to control key aspects of processing. For example, alert thresholds can be configured in the Settings Table. The Settings Table can also determine the default value for how many end points each user can register and the default values which determine if a user is authorized to download or share data.”	A user-defined parameter that influences how metadata is analyzed and deviations are detected.
Data tags (Claim 1, Claim 19)	“After the data classification is completed, the file is tagged with the classification and a meta log is sent to a cloud control server with details about the file such as: file name, data classification, date created or modified, user name, and endpoint ID.”	Labels or classifications applied to data, potentially based on content or policy.
Deviation from normal behavior (Claim 1, Claim 32)	“For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point. Or, if the same end point was found to contain a significantly lower number of files from the previous scan, this could represent an unusual activity compared with the average user.”	A statistically significant change in data activity compared to a baseline, indicating a potential security issue.
Endpoint identifier (Claim 1, Claim 19, Claim 32)	“End point ID may include unique information that describes the computing environment used to create or modify the file such as MAC address, IP address, unique serial number unique software license key, or another unique identifier related to the end point.”	A value that uniquely identifies the endpoint (device) from which the metadata originates.
Significant volume of the meta data (Claim 1, Claim 19, Claim 32)	“Reports may also include exceptions such as the conditions that would trigger an alert. For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point.”	A substantial amount of metadata, when compared to past activity, that triggers the system to recognize a deviation from normal behavior.

Litigation Cases New

US Latest litigation cases involving this patent.

Case Number	Filing Date	Title
4:25-cv-01226	Nov 10, 2025	Quickvault, Inc. v. Musarubra US LLC

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

Date
Description

Get instant alerts for new documents

Jul 15, 2025
Digitally signed official patent eGrant document
Jul 15, 2025
eGrant day-of Notification
Jul 2, 2025
Issue Notification
Jun 9, 2025
Electronic Fee Payment
Jun 9, 2025
Electronic Filing System Acknowledgment Receipt
Jun 9, 2025
Issue Fee Payment (PTO-85B)
May 9, 2025
Response to Amendment under Rule 312
May 9, 2025
Amendment After Final or under 37CFR 1.312, initialed by the examiner.
May 1, 2025
Electronic Filing System Acknowledgment Receipt
May 1, 2025
Amendment after Notice of Allowance (Rule 312)
Apr 28, 2025
Notice of Allowance and Fees Due (PTOL-85)
Apr 28, 2025
Issue Information including classification, examiner, name, claim, renumbering, etc.
Apr 28, 2025
Search information including classification, databases and other search related notes
Apr 28, 2025
Index of Claims
Apr 28, 2025
Examiner's search strategy and results
Apr 9, 2025
Communication - Re: Power of Attorney (PTOL-308)
Apr 7, 2025
Terminal Disclaimer review decision
Apr 4, 2025
Power of Attorney
Apr 4, 2025
Electronic Filing System Acknowledgment Receipt
Apr 4, 2025
Electronic Fee Payment
Apr 4, 2025
Terminal Disclaimer Filed in an Application
Apr 4, 2025
Assignee showing of ownership per 37 CFR 3.73
Apr 4, 2025
Assignee showing of ownership per 37 CFR 3.73
Apr 4, 2025
Amendment/Request for Reconsideration-After Non-Final Rejection
Apr 4, 2025
Claims
Apr 4, 2025
Applicant Arguments/Remarks Made in an Amendment
Apr 4, 2025
Fee Worksheet (SB06)
Feb 3, 2025
Non-Final Rejection
Feb 3, 2025
List of references cited by examiner
Feb 3, 2025
Search information including classification, databases and other search related notes
Feb 3, 2025
Index of Claims
Feb 3, 2025
Examiner's search strategy and results
Feb 3, 2025
Bibliographic Data Sheet
Feb 3, 2025
List of References cited by applicant and considered by examiner
May 24, 2024
Notice of Publication
Feb 29, 2024
Notice of New or Revised Publication Date
Feb 14, 2024
Fee Worksheet (SB06)
Feb 14, 2024
Filing Receipt
Feb 14, 2024
Welcome Letter from USPTO Director and Deputy Director
Jan 23, 2024
Application body structured text document
Jan 23, 2024
Application Data Sheet
Jan 23, 2024
Specification
Jan 23, 2024
Claims
Jan 23, 2024
Abstract
Jan 23, 2024
Electronic Fee Payment
Jan 23, 2024
Electronic Filing System Acknowledgment Receipt
Jan 23, 2024
Transmittal Letter
Jan 23, 2024
Drawings-only black and white line drawings
Jan 23, 2024
Power of Attorney
Jan 23, 2024
Oath or Declaration filed
Jan 23, 2024
Information Disclosure Statement (IDS) Form (SB08)

US12363134

QUICKVAULT INC

Application Number: US18419534
Filing Date: Jan 22, 2024
Status: Granted
Expiry Date: Sep 14, 2035
External Links: Slate, USPTO, Google Patents

IP Verse