US 12,013,963 B2
Insight generation using personal identifiable information (PII) footprint modeling
Allison Zimmer, Charlotte, NC (US); Brian H. Corr, Charlotte, NC (US); Charlene L. Ramsue, Statesville, NC (US); Scott Nielsen, Charlotte, NC (US); Thomas G. Frost, Charlotte, NC (US); and Youshika C. Scott, Charlotte, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Apr. 16, 2021, as Appl. No. 17/232,577.
Prior Publication US 2022/0335155 A1, Oct. 20, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); G06N 20/00 (2019.01)
CPC G06F 21/6245 (2013.01) [G06F 21/554 (2013.01); G06F 21/602 (2013.01); G06N 20/00 (2019.01)] 19 Claims
OG exemplary drawing
 
1. A user device comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the user device to:
receive a request to access information that includes personal identifiable information (PII);
retrieve source data comprising the PII;
mask, within the source data and based on at least one enterprise data management policy, the PII, resulting in masked information;
display the masked information in response to the request to access the information;
receive a request to unmask the masked information;
unmask the PII, resulting in unmasked PII;
display the unmasked PII in response to the request to unmask the masked information; and
send unmasking event information to a PII footprint modeling platform, wherein sending the unmasking event information to the PII footprint modeling platform causes the PII footprint modeling platform to:
log the request to unmask the masked information in an unmasking event log,
apply at least one machine learning model to the unmasking event log to identify one or more malicious events, wherein identifying the one or more malicious events comprises:
identifying that a number of requests for the PII by the user device exceeds a median number of requests for the PII by a predetermined standard deviation of the number of requests, wherein the requests are initiated by other user devices corresponding to users associated with a particular job title and wherein a user of the user device may also be associated with the particular job title, and
trigger one or more remediation actions based on identification of the one or more malicious events, wherein triggering the one or more remediation actions comprises:
based on identifying that the number of requests for the PII by the user device exceeds the median number of requests for the PII by a first standard deviation of the number of requests, temporarily suspending network access to the user device, and
based on identifying that the number of requests for the PII by the user device exceeds the median number of requests for the PII by a second standard deviation of the number of requests, greater than the first standard deviation, modifying a network policy to permanently prevent the user device from accessing the PII.