US 12,093,375 B2
Generating and monitoring fictitious data entries to detect breaches
David Endler, Austin, TX (US); Alen Puzic, Austin, TX (US); and Edward Ross, Austin, TX (US)
Assigned to SpyCloud, Inc., Austin, TX (US)
Filed by SpyCloud, Inc., Austin, TX (US)
Filed on Jan. 30, 2020, as Appl. No. 16/776,877.
Claims priority of provisional application 62/812,205, filed on Feb. 28, 2019.
Prior Publication US 2020/0279050 A1, Sep. 3, 2020
Int. Cl. G06F 21/55 (2013.01); G06F 9/54 (2006.01); G06F 16/14 (2019.01); G06F 18/214 (2023.01); G06F 21/31 (2013.01); G06F 21/62 (2013.01); G06N 20/00 (2019.01); H04L 9/06 (2006.01)
CPC G06F 21/554 (2013.01) [G06F 9/542 (2013.01); G06F 16/144 (2019.01); G06F 18/214 (2023.01); G06F 21/31 (2013.01); G06F 21/6218 (2013.01); G06N 20/00 (2019.01); H04L 9/0643 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
obtaining, with one or more processors, a fictitious data entry associated with a field present in a plurality of records associated with an online resource, wherein:
the fictitious data entry is generated based on a criteria used to generate non-fictitious data entries associated with the field in at least some records of the plurality of records,
the fictitious data entry is caused to be stored in at least some records of the plurality of records in association with the field in a first set of one or more repositories to be monitored for breaches,
the fictitious data entry is different from the non-fictitious data entries,
the fictitious data entry complies with a syntax of the non-fictitious data entries, and
the fictitious data entry includes at least one character that embeds information associated with the generation of the fictitious data entry into the fictitious data entry;
sending, with one or more processors, a query to a monitoring application, the query specifying the fictitious data entry and a request to determine whether a second repository of compromised data includes the fictitious data entry, wherein the compromised data of the second repository of compromised data includes cleansed data that is periodically collected from a plurality of data sources, wherein the cleansed data includes for each fictitious data entry and each non-fictitious data entry includes metadata indicating a number of duplicates of that data entry that were discarded and that were retrieved from a unique data source of the plurality of data sources;
in response to the query, receiving, with one or more processors, query results indicating that the second repository of compromised data includes the fictitious data entry;
in response to the received indication that the second repository of compromised data includes the fictitious data entry, identifying, with one or more processors, at least some of the first set of one or more repositories that store the fictitious data entry;
designating, with one or more processors, other data entries within the at least some of the first set of one or more repositories as potentially having been breached; and
storing, with one or more processors, the designation in memory.