Method And System For Forensic Data Tracking

Patent No. US12363134 (titled "Method And System For Forensic Data Tracking") was filed by Quickvault Inc on Jan 22, 2024.

’134 is related to the field of data loss prevention and forensic computing. Enterprises face increasing challenges in protecting sensitive data due to regulatory requirements and the ease with which data can leak outside authorized environments. Existing security measures like encryption and DLP tools are often insufficient, leaving a need for methods to track data movement even after it has left the protected environment.

The underlying idea behind ’134 is to embed forensic tracking mechanisms into data files, allowing their movement to be monitored across authorized and unauthorized devices and users. This involves classifying data, encoding files with tracking information, and then logging and analyzing the data's movement to identify potential breaches or policy violations. The system aims to provide visibility and control over sensitive information even after it has left the direct control of the responsible organization.

The claims of ’134 focus on receiving metadata associated with an endpoint, analyzing this metadata based on configured settings and policies, determining if the data activity deviates from normal behavior, and performing responsive actions. The deviation is determined by detecting a significant volume of metadata, relative to historical behavior, associated with a user, set of users, endpoint, or set of endpoints. The metadata includes an endpoint identifier, file name, user identifier, and data tags.

In practice, the system scans files on endpoints, classifies them based on content (e.g., presence of sensitive data patterns), and encodes them with tracking information. This encoding can involve embedding a transparent GIF with a unique URL , inserting an executable component, or encrypting the file. When the file is opened, the embedded code reports back to a central server, logging information about the endpoint and user.

This approach differs from traditional DLP solutions by focusing on post-leakage tracking . Instead of solely preventing data from leaving the protected environment, ’134 provides a mechanism to understand where the data has gone, who has accessed it, and whether any policy violations have occurred. By analyzing the logged data, the system can identify suspicious activities, generate alerts, and provide reports on data movement, enabling organizations to respond effectively to potential data breaches.

How does this patent fit in bigger picture?

Technical landscape at the time

In the early 2020s when ’134 was filed, data loss prevention was typically implemented using network-based appliances at a time when systems commonly relied on perimeter security rather than zero-trust architectures and when hardware or software constraints made comprehensive data tracking across diverse environments non-trivial.

Novelty and Inventive Step

Claims 1-30 were pending. Claims 1-4 and 6-30 were rejected for obviousness over prior art. Claims 1-30 were also rejected for nonstatutory obviousness-type double patenting. Claim 5 was indicated as allowable.

Claims

This patent contains 32 claims, of which claims 1, 19, and 32 are independent. The independent claims focus on a computing system and method for detecting deviations from normal data activity based on metadata analysis. The dependent claims generally elaborate on specific aspects, implementations, and variations of the system and method defined in the independent claims.

Key Claim Terms New

Definitions of key terms used in the patent claims.

Term (Source)	Support for Specification	Interpretation
Configured setting (Claim 1, Claim 19)	“The Settings Table (16) of the Forensic Computing Platform includes options selected by the Authorized System Administrator (2) to control key aspects of processing. For example, alert thresholds can be configured in the Settings Table. The Settings Table can also determine the default value for how many end points each user can register and the default values which determine if a user is authorized to download or share data.”	A user-defined parameter that influences how metadata is analyzed and deviations are detected.
Data tags (Claim 1, Claim 19)	“After the data classification is completed, the file is tagged with the classification and a meta log is sent to a cloud control server with details about the file such as: file name, data classification, date created or modified, user name, and endpoint ID.”	Labels or classifications applied to data, potentially based on content or policy.
Deviation from normal behavior (Claim 1, Claim 32)	“For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point. Or, if the same end point was found to contain a significantly lower number of files from the previous scan, this could represent an unusual activity compared with the average user.”	A statistically significant change in data activity compared to a baseline, indicating a potential security issue.
Endpoint identifier (Claim 1, Claim 19, Claim 32)	“End point ID may include unique information that describes the computing environment used to create or modify the file such as MAC address, IP address, unique serial number unique software license key, or another unique identifier related to the end point.”	A value that uniquely identifies the endpoint (device) from which the metadata originates.
Significant volume of the meta data (Claim 1, Claim 19, Claim 32)	“Reports may also include exceptions such as the conditions that would trigger an alert. For example, if a scanned end point was found to contain a significant number of new files from the previous scan, this could represent a spike in activity related the historical behavior of this end point.”	A substantial amount of metadata, when compared to past activity, that triggers the system to recognize a deviation from normal behavior.

Litigation Cases New

US Latest litigation cases involving this patent.

Case Number	Filing Date	Title
4:25-cv-01226	Nov 10, 2025	Quickvault, Inc. v. Musarubra US LLC

Patent Family

File Wrapper

The dossier documents provide a comprehensive record of the patent's prosecution history - including filings, correspondence, and decisions made by patent offices - and are crucial for understanding the patent's legal journey and any challenges it may have faced during examination.

Get instant alerts for new documents

US12363134

QUICKVAULT INC

Application Number: US18419534
Filing Date: Jan 22, 2024
Status: Granted
Expiry Date: Sep 14, 2035
External Links: Slate, USPTO, Google Patents

IP Verse