US 12,216,796 B2
Insight generation using personal identifiable information (PII) footprint modeling
Allison Zimmer, Charlotte, NC (US); Brian H. Corr, Charlotte, NC (US); Charlene L. Ramsue, Statesville, NC (US); Scott Nielsen, Charlotte, NC (US); Thomas G. Frost, Charlotte, NC (US); and Youshika C. Scott, Charlotte, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Apr. 30, 2024, as Appl. No. 18/650,200.
Application 18/650,200 is a continuation of application No. 17/232,577, filed on Apr. 16, 2021, granted, now 12,013,963.
Prior Publication US 2024/0281563 A1, Aug. 22, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); G06N 20/00 (2019.01)
CPC G06F 21/6245 (2013.01) [G06F 21/554 (2013.01); G06F 21/602 (2013.01); G06N 20/00 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A user device comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the user device to:
receive a request to unmask masked information, wherein the masked information includes personal identifiable information (PII);
unmask the PII, resulting in unmasked PII;
display the unmasked PII in response to the request to unmask the masked information; and
send unmasking event information to a PII footprint modeling platform, wherein sending the unmasking event information to the PII footprint modeling platform causes the PII footprint modeling platform to:
log the request to unmask the masked information in an unmasking event log,
apply at least one machine learning model to the unmasking event log to identify one or more malicious events, wherein identifying the one or more malicious events comprises:
identifying that a number of requests for the PII by the user device exceeds a median number of requests for the PII by a predetermined standard deviation of the number of requests, wherein the requests are initiated by other user devices corresponding to users associated with a particular job title and wherein a user of the user device may also be associated with the particular job title, and
trigger one or more remediation actions based on identification of the one or more malicious events, wherein triggering the one or more remediation actions comprises:
based on identifying that the number of requests for the PII by the user device exceeds the median number of requests for the PII by a first standard deviation of the number of requests, temporarily suspending network access to the user device, and
based on identifying that the number of requests for the PII by the user device exceeds the median number of requests for the PII by a second standard deviation of the number of requests, greater than the first standard deviation, modifying a network policy to permanently prevent the user device from accessing the PII.